diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index f78ae8c5db..eb4bf1ccc5 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -17,9 +17,9 @@ class ucp_profile extends module
{
global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx;
- $preview = (!empty($_POST['preview'])) ? true : false;
- $submit = (!empty($_POST['submit'])) ? true : false;
- $delete = (!empty($_POST['delete'])) ? true : false;
+ $preview = (!empty($_POST['preview'])) ? true : false;
+ $submit = (!empty($_POST['submit'])) ? true : false;
+ $delete = (!empty($_POST['delete'])) ? true : false;
$error = $data = array();
switch ($mode)
@@ -80,6 +80,79 @@ class ucp_profile extends module
'user_password' => ($auth->acl_get('u_chgpasswd') && $new_password) ? md5($new_password) : $user->data['user_password']
);
+ if ($config['email_enable'] && $email != $user->data['user_email'] && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
+ {
+ include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
+
+ $server_url = generate_board_url();
+
+ $user_actkey = gen_rand_string(10);
+ $key_len = 54 - (strlen($server_url));
+ $key_len = ($key_len > 6) ? $key_len : 6;
+ $user_actkey = substr($user_actkey, 0, $key_len);
+
+ $messenger = new messenger();
+
+ $messenger->template($email_template, $lang);
+ $messenger->subject($subject);
+
+ $messenger->replyto($user->data['board_contact']);
+ $messenger->to($email, $username);
+
+ $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
+ $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
+ $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
+ $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
+
+ $messenger->assign_vars(array(
+ 'SITENAME' => $config['sitename'],
+ 'WELCOME_MSG' => sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']),
+ 'USERNAME' => $username,
+ 'PASSWORD' => $password_confirm,
+ 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']),
+
+ 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&k=$user_actkey")
+ );
+
+ $messenger->send(NOTIFY_EMAIL);
+
+ if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
+ {
+ // Grab an array of user_id's with a_user permissions
+ $admin_ary = discover_auth(false, 'a_user', false);
+
+ $sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type
+ FROM ' . USERS_TABLE . '
+ WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')';
+ $result = $db->sql_query($sql);
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $messenger->use_template('admin_activate', $row['user_lang']);
+ $messenger->replyto($config['board_contact']);
+ $messenger->to($row['user_email'], $row['username']);
+ $messenger->im($row['user_jabber'], $row['username']);
+
+ $messenger->assign_vars(array(
+ 'USERNAME' => $row['username'],
+ 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']),
+
+ 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&k=$user_actkey")
+ );
+
+ $messenger->send($row['user_notify_type']);
+ }
+ $db->sql_freeresult($result);
+ }
+
+ $messenger->queue->save();
+
+ $sql_ary += array(
+ 'user_type' => USER_INACTIVE,
+ 'user_actkey' => $user_actkey
+ );
+ }
+
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user->data['user_id'];
@@ -91,9 +164,6 @@ class ucp_profile extends module
update_username($user->data['username'], $username);
}
- // TODO
- // If email changed and email activation enabled, deactivate and notify
-
meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode");
$message = $user->lang['PROFILE_UPDATED'] . '
' . sprintf($user->lang['RETURN_UCP'], "", '');
trigger_error($message);
@@ -432,7 +502,7 @@ class ucp_profile extends module
// Delete old avatar if present
if ($user->data['user_avatar'] != '' && $data['filename'] != $user->data['user_avatar'])
{
- avatar_delete();
+ avatar_delete($user->data['user_avatar']);
}
}
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index c6be2e8b05..71289be0b0 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -23,11 +23,11 @@ class ucp_register extends module
trigger_error($user->lang['UCP_REGISTER_DISABLE']);
}
+ // Do not alter this first one to use request_var!
$coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
+ $confirm_id = request_var('confirm_id', 0);
$agreed = (!empty($_POST['agreed'])) ? 1 : 0;
- $submit = (isset($_POST['submit'])) ? true : false;
-
- $confirm_id = (!empty($_POST['confirm_id'])) ? $_POST['confirm_id'] : 0;
+ $submit = (isset($_POST['submit'])) ? true : false;
$error = $data = array();
@@ -254,22 +254,34 @@ class ucp_register extends module
$messenger->send(NOTIFY_EMAIL);
- // TODO
- // Email admins with user management permissions
if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
{
- $messenger->use_template('admin_activate', $config['default_lang']);
- $messenger->replyto($config['board_contact']);
- $messenger->to($config['board_contact']);
+ // Grab an array of user_id's with a_user permissions ... these users
+ // can activate a user
+ $admin_ary = discover_auth(false, 'a_user', false);
- $messenger->assign_vars(array(
- 'USERNAME' => $username,
- 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']),
-
- 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&k=$user_actkey")
- );
+ $sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type
+ FROM ' . USERS_TABLE . '
+ WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')';
+ $result = $db->sql_query($sql);
- $messenger->send(NOTIFY_EMAIL);
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $messenger->use_template('admin_activate', $row['user_lang']);
+ $messenger->replyto($config['board_contact']);
+ $messenger->to($row['user_email'], $row['username']);
+ $messenger->im($row['user_jabber'], $row['username']);
+
+ $messenger->assign_vars(array(
+ 'USERNAME' => $row['username'],
+ 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']),
+
+ 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&k=$user_actkey")
+ );
+
+ $messenger->send($row['user_notify_type']);
+ }
+ $db->sql_freeresult($result);
}
$messenger->queue->save();
@@ -288,15 +300,6 @@ class ucp_register extends module
}
}
- // If an error occured we need to stripslashes on returned data
- $username = (isset($_POST['username'])) ? stripslashes(htmlspecialchars($_POST['username'])) : '';
- $password = (isset($_POST['new_password'])) ? stripslashes(htmlspecialchars($_POST['new_password'])) : '';
- $password_confirm = (isset($_POST['password_confirm'])) ? stripslashes(htmlspecialchars($_POST['password_confirm'])) : '';
- $email = (isset($_POST['email'])) ? stripslashes(htmlspecialchars($_POST['email'])) : '';
- $email_confirm = (isset($_POST['email_confirm'])) ? stripslashes(htmlspecialchars($_POST['email_confirm'])) : '';
- $lang = (isset($_POST['lang'])) ? htmlspecialchars($_POST['lang']) : '';
- $tz = (isset($_POST['tz'])) ? intval($_POST['tz']) : $config['board_timezone'];
-
$s_hidden_fields = '';
$confirm_image = '';
@@ -309,15 +312,15 @@ class ucp_register extends module
if ($row = $db->sql_fetchrow($result))
{
- $confirm_sql = '';
+ $sql_in = array();
do
{
- $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
+ $sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'";
}
while ($row = $db->sql_fetchrow($result));
- $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
- WHERE session_id NOT IN ($confirm_sql)";
+ $sql = 'DELETE FROM ' . CONFIRM_TABLE . '
+ WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')';
$db->sql_query($sql);
}
$db->sql_freeresult($result);
@@ -329,7 +332,7 @@ class ucp_register extends module
if ($row = $db->sql_fetchrow($result))
{
- if ($row['attempts'] > 3)
+ if ($row['attempts'] >= 3)
{
trigger_error($user->lang['TOO_MANY_REGISTERS']);
}
@@ -362,15 +365,18 @@ class ucp_register extends module
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
+ $lang = (isset($lang)) ? $lang : $config['default_lang'];
+ $tz = (isset($tz)) ? $tz : $config['board_timezone'];
+
//
$template->assign_vars(array(
- 'USERNAME' => $username,
- 'PASSWORD' => $password,
- 'PASSWORD_CONFIRM' => $password_confirm,
- 'EMAIL' => $email,
- 'EMAIL_CONFIRM' => $email_confirm,
- 'CONFIRM_IMG' => $confirm_image,
'ERROR' => (sizeof($error)) ? implode('
', $error) : '',
+ 'USERNAME' => (isset($username)) ? $username : '',
+ 'PASSWORD' => (isset($password)) ? $password : '',
+ 'PASSWORD_CONFIRM' => (isset($password_confirm)) ? $password_confirm : '',
+ 'EMAIL' => (isset($email)) ? $email : '',
+ 'EMAIL_CONFIRM' => (isset($email_confirm)) ? $email_confirm : '',
+ 'CONFIRM_IMG' => $confirm_image,
'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '', ''),
'L_ITEMS_REQUIRED' => $l_reg_cond,
diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php
index e0c08cca16..deab382e8e 100644
--- a/phpBB/includes/ucp/ucp_zebra.php
+++ b/phpBB/includes/ucp/ucp_zebra.php
@@ -93,15 +93,11 @@ class ucp_zebra extends module
if ($mode == 'foes')
{
$perms = array();
- foreach (discover_auth($user_id_ary, array('a_', 'm_')) as $user_id => $forum_ary)
+ foreach (discover_auth($user_id_ary, array('a_', 'm_') as $forum_id => $forum_ary)
{
- foreach ($forum_ary as $forum_id => $option_ary)
+ foreach ($forum_ary as $auth_option => $user_ary)
{
- if (array_sum(array_values($option_ary)))
- {
- $perms[] = $user_id;
- break;
- }
+ $perms += $user_ary;
}
}