From d5df8a33a501b1ad3253eb613edc06b88c166c44 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Mon, 10 Nov 2003 14:18:54 +0000 Subject: [PATCH] Note that these changes are as yet untested git-svn-id: file:///svn/phpbb/trunk@4657 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/ucp/ucp_profile.php | 84 ++++++++++++++++++++++++++--- phpBB/includes/ucp/ucp_register.php | 76 ++++++++++++++------------ phpBB/includes/ucp/ucp_zebra.php | 10 ++-- 3 files changed, 121 insertions(+), 49 deletions(-) diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index f78ae8c5db..eb4bf1ccc5 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -17,9 +17,9 @@ class ucp_profile extends module { global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; - $preview = (!empty($_POST['preview'])) ? true : false; - $submit = (!empty($_POST['submit'])) ? true : false; - $delete = (!empty($_POST['delete'])) ? true : false; + $preview = (!empty($_POST['preview'])) ? true : false; + $submit = (!empty($_POST['submit'])) ? true : false; + $delete = (!empty($_POST['delete'])) ? true : false; $error = $data = array(); switch ($mode) @@ -80,6 +80,79 @@ class ucp_profile extends module 'user_password' => ($auth->acl_get('u_chgpasswd') && $new_password) ? md5($new_password) : $user->data['user_password'] ); + if ($config['email_enable'] && $email != $user->data['user_email'] && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN)) + { + include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); + + $server_url = generate_board_url(); + + $user_actkey = gen_rand_string(10); + $key_len = 54 - (strlen($server_url)); + $key_len = ($key_len > 6) ? $key_len : 6; + $user_actkey = substr($user_actkey, 0, $key_len); + + $messenger = new messenger(); + + $messenger->template($email_template, $lang); + $messenger->subject($subject); + + $messenger->replyto($user->data['board_contact']); + $messenger->to($email, $username); + + $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); + $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); + $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); + $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + + $messenger->assign_vars(array( + 'SITENAME' => $config['sitename'], + 'WELCOME_MSG' => sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), + 'USERNAME' => $username, + 'PASSWORD' => $password_confirm, + 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']), + + 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&k=$user_actkey") + ); + + $messenger->send(NOTIFY_EMAIL); + + if ($config['require_activation'] == USER_ACTIVATION_ADMIN) + { + // Grab an array of user_id's with a_user permissions + $admin_ary = discover_auth(false, 'a_user', false); + + $sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type + FROM ' . USERS_TABLE . ' + WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $messenger->use_template('admin_activate', $row['user_lang']); + $messenger->replyto($config['board_contact']); + $messenger->to($row['user_email'], $row['username']); + $messenger->im($row['user_jabber'], $row['username']); + + $messenger->assign_vars(array( + 'USERNAME' => $row['username'], + 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']), + + 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&k=$user_actkey") + ); + + $messenger->send($row['user_notify_type']); + } + $db->sql_freeresult($result); + } + + $messenger->queue->save(); + + $sql_ary += array( + 'user_type' => USER_INACTIVE, + 'user_actkey' => $user_actkey + ); + } + $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user->data['user_id']; @@ -91,9 +164,6 @@ class ucp_profile extends module update_username($user->data['username'], $username); } - // TODO - // If email changed and email activation enabled, deactivate and notify - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); $message = $user->lang['PROFILE_UPDATED'] . '

' . sprintf($user->lang['RETURN_UCP'], "", ''); trigger_error($message); @@ -432,7 +502,7 @@ class ucp_profile extends module // Delete old avatar if present if ($user->data['user_avatar'] != '' && $data['filename'] != $user->data['user_avatar']) { - avatar_delete(); + avatar_delete($user->data['user_avatar']); } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index c6be2e8b05..71289be0b0 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -23,11 +23,11 @@ class ucp_register extends module trigger_error($user->lang['UCP_REGISTER_DISABLE']); } + // Do not alter this first one to use request_var! $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false; + $confirm_id = request_var('confirm_id', 0); $agreed = (!empty($_POST['agreed'])) ? 1 : 0; - $submit = (isset($_POST['submit'])) ? true : false; - - $confirm_id = (!empty($_POST['confirm_id'])) ? $_POST['confirm_id'] : 0; + $submit = (isset($_POST['submit'])) ? true : false; $error = $data = array(); @@ -254,22 +254,34 @@ class ucp_register extends module $messenger->send(NOTIFY_EMAIL); - // TODO - // Email admins with user management permissions if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { - $messenger->use_template('admin_activate', $config['default_lang']); - $messenger->replyto($config['board_contact']); - $messenger->to($config['board_contact']); + // Grab an array of user_id's with a_user permissions ... these users + // can activate a user + $admin_ary = discover_auth(false, 'a_user', false); - $messenger->assign_vars(array( - 'USERNAME' => $username, - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']), - - 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&k=$user_actkey") - ); + $sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type + FROM ' . USERS_TABLE . ' + WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')'; + $result = $db->sql_query($sql); - $messenger->send(NOTIFY_EMAIL); + while ($row = $db->sql_fetchrow($result)) + { + $messenger->use_template('admin_activate', $row['user_lang']); + $messenger->replyto($config['board_contact']); + $messenger->to($row['user_email'], $row['username']); + $messenger->im($row['user_jabber'], $row['username']); + + $messenger->assign_vars(array( + 'USERNAME' => $row['username'], + 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']), + + 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&k=$user_actkey") + ); + + $messenger->send($row['user_notify_type']); + } + $db->sql_freeresult($result); } $messenger->queue->save(); @@ -288,15 +300,6 @@ class ucp_register extends module } } - // If an error occured we need to stripslashes on returned data - $username = (isset($_POST['username'])) ? stripslashes(htmlspecialchars($_POST['username'])) : ''; - $password = (isset($_POST['new_password'])) ? stripslashes(htmlspecialchars($_POST['new_password'])) : ''; - $password_confirm = (isset($_POST['password_confirm'])) ? stripslashes(htmlspecialchars($_POST['password_confirm'])) : ''; - $email = (isset($_POST['email'])) ? stripslashes(htmlspecialchars($_POST['email'])) : ''; - $email_confirm = (isset($_POST['email_confirm'])) ? stripslashes(htmlspecialchars($_POST['email_confirm'])) : ''; - $lang = (isset($_POST['lang'])) ? htmlspecialchars($_POST['lang']) : ''; - $tz = (isset($_POST['tz'])) ? intval($_POST['tz']) : $config['board_timezone']; - $s_hidden_fields = ''; $confirm_image = ''; @@ -309,15 +312,15 @@ class ucp_register extends module if ($row = $db->sql_fetchrow($result)) { - $confirm_sql = ''; + $sql_in = array(); do { - $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'"; + $sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'"; } while ($row = $db->sql_fetchrow($result)); - $sql = 'DELETE FROM ' . CONFIRM_TABLE . " - WHERE session_id NOT IN ($confirm_sql)"; + $sql = 'DELETE FROM ' . CONFIRM_TABLE . ' + WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')'; $db->sql_query($sql); } $db->sql_freeresult($result); @@ -329,7 +332,7 @@ class ucp_register extends module if ($row = $db->sql_fetchrow($result)) { - if ($row['attempts'] > 3) + if ($row['attempts'] >= 3) { trigger_error($user->lang['TOO_MANY_REGISTERS']); } @@ -362,15 +365,18 @@ class ucp_register extends module $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS'); + $lang = (isset($lang)) ? $lang : $config['default_lang']; + $tz = (isset($tz)) ? $tz : $config['board_timezone']; + // $template->assign_vars(array( - 'USERNAME' => $username, - 'PASSWORD' => $password, - 'PASSWORD_CONFIRM' => $password_confirm, - 'EMAIL' => $email, - 'EMAIL_CONFIRM' => $email_confirm, - 'CONFIRM_IMG' => $confirm_image, 'ERROR' => (sizeof($error)) ? implode('
', $error) : '', + 'USERNAME' => (isset($username)) ? $username : '', + 'PASSWORD' => (isset($password)) ? $password : '', + 'PASSWORD_CONFIRM' => (isset($password_confirm)) ? $password_confirm : '', + 'EMAIL' => (isset($email)) ? $email : '', + 'EMAIL_CONFIRM' => (isset($email_confirm)) ? $email_confirm : '', + 'CONFIRM_IMG' => $confirm_image, 'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '', ''), 'L_ITEMS_REQUIRED' => $l_reg_cond, diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index e0c08cca16..deab382e8e 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -93,15 +93,11 @@ class ucp_zebra extends module if ($mode == 'foes') { $perms = array(); - foreach (discover_auth($user_id_ary, array('a_', 'm_')) as $user_id => $forum_ary) + foreach (discover_auth($user_id_ary, array('a_', 'm_') as $forum_id => $forum_ary) { - foreach ($forum_ary as $forum_id => $option_ary) + foreach ($forum_ary as $auth_option => $user_ary) { - if (array_sum(array_values($option_ary))) - { - $perms[] = $user_id; - break; - } + $perms += $user_ary; } }