From fd629c7a9ff83de74635b403de31c42c65860ab1 Mon Sep 17 00:00:00 2001 From: James Atkinson Date: Tue, 4 Mar 2003 17:52:50 +0000 Subject: [PATCH] Tons of work on the UCP, see my topic in the development forum for more info on the bigger changes. Registration should still work, the basic layout of the UCP is also done with the start on the profile settings area. git-svn-id: file:///svn/phpbb/trunk@3591 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/common.php | 1 + phpBB/config.php | 21 ++ phpBB/includes/functions.php | 99 ------ phpBB/includes/session.php | 475 +++++++++++++++++++++++++ phpBB/includes/ucp/usercp_modules.php | 28 +- phpBB/install/schemas/mysql_basic.sql | 5 +- phpBB/install/schemas/mysql_schema.sql | 13 + phpBB/language/en/lang_main.php | 12 +- phpBB/ucp.php | 41 ++- phpBB/ucp/usercp_activate.php | 67 ++-- phpBB/ucp/usercp_register.php | 51 +-- 11 files changed, 638 insertions(+), 175 deletions(-) diff --git a/phpBB/common.php b/phpBB/common.php index c332e35e61..4ae0e2fc9c 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -142,6 +142,7 @@ define('STYLES_IMAGE_TABLE', $table_prefix.'styles_imageset'); define('TOPICS_TABLE', $table_prefix.'topics'); define('TOPICS_PREFETCH_TABLE', $table_prefix.'topics_prefetch'); define('TOPICS_WATCH_TABLE', $table_prefix.'topics_watch'); +define('UCP_MODULES_TABLE', $table_prefix.'ucp_modules'); define('USER_GROUP_TABLE', $table_prefix.'user_group'); define('USERS_TABLE', $table_prefix.'users'); define('WORDS_TABLE', $table_prefix.'words'); diff --git a/phpBB/config.php b/phpBB/config.php index e69de29bb2..3e98be6eb0 100644 --- a/phpBB/config.php +++ b/phpBB/config.php @@ -0,0 +1,21 @@ + \ No newline at end of file diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index cb8da7e8c0..5123ab78c7 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -799,105 +799,6 @@ function redirect($url) exit; } -// Check to see if the username has been taken, or if it is disallowed. -// Also checks if it includes the " character, which we don't allow in usernames. -// Used for registering, changing names, and posting anonymously with a username -function validate_username($username) -{ - global $db, $user; - - $username = $db->sql_escape($username); - - $sql = "SELECT username - FROM " . USERS_TABLE . " - WHERE LOWER(username) = '" . strtolower($username) . "'"; - $result = $db->sql_query($sql); - - if (($row = $db->sql_fetchrow($result)) && $row['username'] != $user->data['username']) - { - return $user->lang['Username_taken']; - } - - $sql = "SELECT group_name - FROM " . GROUPS_TABLE . " - WHERE LOWER(group_name) = '" . strtolower($username) . "'"; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - return $user->lang['Username_taken']; - } - - $sql = "SELECT disallow_username - FROM " . DISALLOW_TABLE; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - if (preg_match('#\b(' . str_replace('\*', '.*?', preg_quote($row['disallow_username'], '#')) . ')\b#i', $username)) - { - return $user->lang['Username_disallowed']; - } - } - - $sql = "SELECT word - FROM " . WORDS_TABLE; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - if (preg_match('#\b(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')\b#i', $username)) - { - return $user->lang['Username_disallowed']; - } - } - - // Don't allow " in username. - if (strstr($username, '"')) - { - return $user->lang['Username_invalid']; - } - - return false; -} - -// Check to see if email address is banned or already present in the DB -function validate_email($email) -{ - global $db, $user; - - if ($email != '') - { - if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) - { - $sql = "SELECT ban_email - FROM " . BANLIST_TABLE; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#is', $email)) - { - return $user->lang['Email_banned']; - } - } - - $sql = "SELECT user_email - FROM " . USERS_TABLE . " - WHERE user_email = '" . $db->sql_escape($email) . "'"; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - return $user->lang['Email_taken']; - } - - return false; - } - } - - return $user->lang['Email_invalid']; -} // Does supplementary validation of optional profile fields. This // expects common stuff like trim() and strip_tags() to have already diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 373c3e13c0..55155c2087 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -496,6 +496,481 @@ class user extends session } } +// Handles manipulation of user data. Primary used in registration +// and user profile manipulation +class userdata extends user +{ + var $error = false; + var $error_msg; + + function add_new_user($userdata, $coppa) + { + global $config, $db, $user; + + $userdata = $this->prepare_data($userdata, TRUE); + + if (!$this->error) + { + if (($coppa) && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN)) + { + $user_actkey = $this->gen_png_string(10); + $key_len = 54 - (strlen($server_url)); + $key_len = ($key_len > 6) ? $key_len : 6; + + $user_actkey = substr($user_actkey, 0, $key_len); + $user_active = 0; + + if ($user->data['user_id'] != ANONYMOUS) + { + $user->destroy(); + } + } + else + { + $user_active = 1; + $user_actkey = ''; + } + + // Begin transaction ... should this screw up we can rollback + $db->sql_transaction(); + + $sql_ary = array( + 'user_ip' => $user->ip, + 'user_regdate' => time(), + 'username' => $userdata['username'], + 'user_password' => $userdata['password'], + 'user_email' => $userdata['email'], + 'user_viewemail' => $userdata['viewemail'], + 'user_attachsig' => $userdata['attachsig'], + 'user_allowsmile' => $userdata['allowsmilies'], + 'user_allowhtml' => $userdata['allowhtml'], + 'user_allowbbcode' => $userdata['allowbbcode'], + 'user_allow_viewonline' => $userdata['allowviewonline'], + 'user_allow_pm' => 1, + 'user_notify' => $userdata['notifyreply'], + 'user_allow_viewonline' => $userdata['hideonline'], + 'user_notify_pm'=> $userdata['notifypm'], + 'user_popup_pm' => $userdata['popup_pm'], + 'user_timezone' => (float) $userdata['timezone'], + 'user_dateformat' => $userdata['dateformat'], + 'user_lang' => $userdata['language'], + 'user_style' => $userdata['style'], + 'user_active' => $user_active, + 'user_actkey' => $user_actkey + ); + // 'user_avatar' => $avatar_sql['data'], + // 'user_avatar_type' => $avatar_sql['type'], + + $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $db->sql_query($sql); + + $user_id = $db->sql_nextid(); + + // Place into appropriate group, either REGISTERED or INACTIVE depending on config + $group_name = ($config['require_activation'] == USER_ACTIVATION_NONE) ? 'REGISTERED' : 'INACTIVE'; + $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending) + SELECT $user_id, group_id, 0 + FROM " . GROUPS_TABLE . " + WHERE group_name = '$group_name' + AND group_type = " . GROUP_SPECIAL; + $result = $db->sql_query($sql); + + $db->sql_transaction('commit'); + + + if ($coppa) + { + $message = $user->lang['COPPA']; + $email_template = 'coppa_welcome_inactive'; + } + else if ($config['require_activation'] == USER_ACTIVATION_SELF) + { + $message = $user->lang['Account_inactive']; + $email_template = 'user_welcome_inactive'; + } + else if ($config['require_activation'] == USER_ACTIVATION_ADMIN) + { + $message = $user->lang['Account_inactive_admin']; + $email_template = 'admin_welcome_inactive'; + } + else + { + $message = $user->lang['Account_added']; + $email_template = 'user_welcome'; + } + + /* + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($config['smtp_delivery']); + + // Should we just define this within the email class? + $email_headers = "From: " . $config['board_email'] . "\nReturn-Path: " . $config['board_email'] . "\r\n"; + + $emailer->use_template($email_template, $user->data['user_lang']); + $emailer->email_address($email); + $emailer->set_subject();//sprintf($user->lang['Welcome_subject'], $config['sitename']) + $emailer->extra_headers($email_headers); + + if ($coppa) + { + $emailer->assign_vars(array( + 'SITENAME' => $config['sitename'], + 'WELCOME_MSG' => sprintf($user->lang['Welcome_subject'], $config['sitename']), + 'USERNAME' => $username, + 'PASSWORD' => $password_confirm, + 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']), + + 'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey, + 'FAX_INFO' => $config['coppa_fax'], + 'MAIL_INFO' => $config['coppa_mail'], + 'EMAIL_ADDRESS' => $email, + 'SITENAME' => $config['sitename'])); + } + else + { + $emailer->assign_vars(array( + 'SITENAME' => $config['sitename'], + 'WELCOME_MSG' => sprintf($user->lang['Welcome_subject'], $config['sitename']), + 'USERNAME' => $username, + 'PASSWORD' => $password_confirm, + 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']), + 'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey) + ); + } + + $emailer->send(); + $emailer->reset(); + + if ($config['require_activation'] == USER_ACTIVATION_ADMIN) + { + $emailer->use_template('admin_activate', stripslashes($user_lang)); + $emailer->email_address($config['board_email']); + $emailer->set_subject(); //$user->lang['New_account_subject'] + $emailer->extra_headers($email_headers); + + $emailer->assign_vars(array( + 'USERNAME' => $username, + 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']), + + 'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey) + ); + $emailer->send(); + $emailer->reset(); + } + */ + $message = $message . '

' . sprintf($user->lang['RETURN_INDEX'], '', ''); + + $return = array('user_id' => $user_id, + 'username' => $userdata['username'], + 'message' => $message); + + return($return); + + + } + else + { + return(array('user_id' => 0, + 'username' => NULL, + 'message' => $this->error_msg)); + } + + } + + function prepare_data($userdata, $registration = FALSE) + { + global $db, $user, $config; + + $strip_var_list = array('username' => 'username', 'email' => 'email'); + + foreach ($strip_var_list as $var => $param) + { + if (!empty($userdata[$param])) + { + $userdata[$var] = trim(strip_tags($userdata[$param])); + } + } + + $trim_var_list = array('password_current' => 'cur_password', 'password' => 'new_password', 'password_confirm' => 'password_confirm'); + + foreach ($trim_var_list as $var => $param) + { + if (!empty($userdata[$param])) + { + $userdata[$var] = trim($userdata[$param]); + } + } + + $userdata['username'] = str_replace(' ', '', $userdata['username']); + $userdata['email'] = htmlspecialchars($userdata['email']); + + // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to + // empty strings if they fail. + //validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature); + + $userdata['viewemail'] = (isset($userdata['viewemail'])) ? (($userdata['viewemail']) ? TRUE : 0) : 0; + $userdata['hideonline'] = (isset($userdata['hideonline'])) ? (($userdata['hideonline']) ? 0 : TRUE) : TRUE; + $userdata['notifyreply'] = (isset($userdata['notifyreply'])) ? (($userdata['notifyreply']) ? TRUE : 0) : 0; + $userdata['notifypm'] = (isset($userdata['notifypm'])) ? (($userdata['notifypm']) ? TRUE : 0) : TRUE; + $userdata['popup_pm'] = (isset($userdata['popup_pm'])) ? (($userdata['popup_pm']) ? TRUE : 0) : TRUE; + + $userdata['attachsig'] = (isset($userdata['attachsig'])) ? (($userdata['attachsig']) ? TRUE : 0) : $config['allow_sig']; + + $userdata['allowhtml'] = (isset($userdata['allowhtml'])) ? (($userdata['allowhtml']) ? TRUE : 0) : $config['allow_html']; + $userdata['allowbbcode'] = (isset($userdata['allowbbcode'])) ? (($userdata['allowbbcode']) ? TRUE : 0) : $config['allow_bbcode']; + $userdata['allowsmilies'] = (isset($userdata['allowsmilies'])) ? (($userdata['allowsmilies']) ? TRUE : 0) : $config['allow_smilies']; + + $userdata['style'] = (isset($userdata['style'])) ? intval($userdata['style']) : $config['default_style']; + + if (!empty($userdata['language'])) + { + if (preg_match('/^[a-z_]+$/i', $userdata['language'])) + { + $userdata['language'] = $userdata['language']; + } + else + { + $this->error = true; + $this->error_msg = $user->lang['Fields_empty']; + } + } + else + { + $userdata['language'] = $config['default_lang']; + } + + $userdata['timezone'] = (isset($userdata['timezone'])) ? doubleval($userdata['timezone']) : $config['board_timezone']; + $userdata['dateformat'] = (!empty($userdata['dateformat'])) ? trim($userdata['dateformat']) : $config['default_dateformat']; + + if (empty($userdata['username']) || empty($userdata['password']) || empty($userdata['password_confirm']) || empty($userdata['email'])) + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $user->lang['Fields_empty']; + } + + if (!empty($userdata['password']) && !empty($userdata['password_confirm'])) + { + if ($userdata['password'] != $userdata['password_confirm']) + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $user->lang['Password_mismatch']; + } + else if (strlen($userdata['password']) > 32) + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $user->lang['Password_long']; + } + else + { + if (!$this->error) + { + $userdata['password'] = md5($userdata['password']); + $passwd_sql = "user_password = '$password', "; + } + } + } + else if ((empty($userdata['password']) && !empty($userdata['password_confirm'])) || (!empty($userdata['password']) && empty($userdata['password_confirm']))) + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $user->lang['Password_mismatch']; + } + else + { + $userdata['password'] = $user->data['user_password']; + } + + // Do a ban check on this email address + if ($userdata['email'] != $user->data['user_email'] || $registration) + { + if (($result = $this->validate_email($userdata['email'])) != false) + { + $userdata['email'] = $user->data['user_email']; + + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $result; + } + } + + if (empty($userdata['username'])) + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $user->lang['Username_disallowed']; + } + else + { + if (($result = $this->validate_username($userdata['username'])) != false) + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $result; + } + } + + // Visual Confirmation handling + if ($config['enable_confirm'] && $registration) + { + if (empty($userdata['confirm_id'])) + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $user->lang['Confirm_code_wrong']; + } + else + { + $sql = "SELECT code + FROM " . CONFIRM_TABLE . " + WHERE confirm_id = '" . $userdata['confirm_id'] . "' + AND session_id = '" . $user->data['session_id'] . "'"; + + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + if ($row['code'] != $userdata['confirm_code']) + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $user->lang['Confirm_code_wrong']; + } + } + else + { + $this->error = TRUE; + $this->error_msg .= ((isset($this->error_msg)) ? '
' : '') . $user->lang['Confirm_code_wrong']; + } + + $sql = "DELETE FROM " . CONFIRM_TABLE . " + WHERE confirm_id = '" . $userdata['confirm_id'] . "' + AND session_id = '" . $user->data['session_id'] . "'"; + $db->sql_query($sql); + } + } + return($userdata); + } + + function modify_userdata($userdata) + { + + + } + + function gen_png_string($num_chars) + { + $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); + + list($usec, $sec) = explode(' ', microtime()); + mt_srand($sec * $usec); + + $max_chars = count($chars) - 1; + $rand_str = ''; + for ($i = 0; $i < $num_chars; $i++) + { + $rand_str .= $chars[mt_rand(0, $max_chars)]; + } + + return $rand_str; + } + + // Check to see if the username has been taken, or if it is disallowed. + // Also checks if it includes the " character, which we don't allow in usernames. + // Used for registering, changing names, and posting anonymously with a username + function validate_username($username) + { + global $db, $user; + + $username = $db->sql_escape($username); + + $sql = "SELECT username + FROM " . USERS_TABLE . " + WHERE LOWER(username) = '" . strtolower($username) . "'"; + $result = $db->sql_query($sql); + + if (($row = $db->sql_fetchrow($result)) && $row['username'] != $user->data['username']) + { + return $user->lang['Username_taken']; + } + + $sql = "SELECT group_name + FROM " . GROUPS_TABLE . " + WHERE LOWER(group_name) = '" . strtolower($username) . "'"; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + return $user->lang['Username_taken']; + } + + $sql = "SELECT disallow_username + FROM " . DISALLOW_TABLE; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (preg_match('#\b(' . str_replace('\*', '.*?', preg_quote($row['disallow_username'], '#')) . ')\b#i', $username)) + { + return $user->lang['Username_disallowed']; + } + } + + $sql = "SELECT word + FROM " . WORDS_TABLE; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (preg_match('#\b(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')\b#i', $username)) + { + return $user->lang['Username_disallowed']; + } + } + + // Don't allow " in username. + if (strstr($username, '"')) + { + return $user->lang['Username_invalid']; + } + + return false; + } + + // Check to see if email address is banned or already present in the DB + function validate_email($email) + { + global $db, $user; + + if ($email != '') + { + if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) + { + $sql = "SELECT ban_email + FROM " . BANLIST_TABLE; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#is', $email)) + { + return $user->lang['Email_banned']; + } + } + + $sql = "SELECT user_email + FROM " . USERS_TABLE . " + WHERE user_email = '" . $db->sql_escape($email) . "'"; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + return $user->lang['Email_taken']; + } + + return false; + } + } + + return $user->lang['Email_invalid']; + } + + +} + // Will be keeping my eye of 'other products' to ensure these things don't // mysteriously appear elsewhere, think up your own solutions! class auth diff --git a/phpBB/includes/ucp/usercp_modules.php b/phpBB/includes/ucp/usercp_modules.php index 0146cb1d4e..6994e7de59 100755 --- a/phpBB/includes/ucp/usercp_modules.php +++ b/phpBB/includes/ucp/usercp_modules.php @@ -26,22 +26,22 @@ // show up in the UCP menu. // -$ucp_modules['UCP_Main']['UCP_Main'] = 'ucp.' . $phpEx . "$SID"; -$ucp_modules['UCP_Main']['Default'] = 'ucp.' . $phpEx . "$SID"; +$ucp_modules['UCP_Main']['UCP_Main'] = ''; +$ucp_modules['UCP_Main']['Default'] = ''; -$ucp_modules['UCP_Profile']['Default'] = 'ucp/usercp_register.' . $phpEx . "?$SID&mode=editprofile&u=" . $user->data['user_id']; -$ucp_modules['UCP_Profile']['Registration_information'] = 'ucp/usercp_register.' . $phpEx . "?$SID&mode=editprofilee&u=" . $user->data['user_id']; -$ucp_modules['UCP_Profile']['Preferances'] = 'ucp/usercp_register.' . $phpEx . "?$SID&mode=preferancese&u=" . $user->data['user_id']; -$ucp_modules['UCP_Profile']['Avatar_settings'] = 'ucp/usercp_avatar.' . $phpEx . "$SIDe&u=" . $user->data['user_id']; -$ucp_modules['UCP_Profile']['Signature_settings'] = 'ucp/usercp_register.' . $phpEx . "?$SID&mode=signaturee&u=" . $user->data['user_id']; +$ucp_modules['UCP_Profile']['Default'] = 'inc=ucp/usercp_profile.' . $phpEx . "&mode=editprofile&u=" . $user->data['user_id']; +$ucp_modules['UCP_Profile']['Registration_information'] = 'inc=ucp/usercp_profile.' . $phpEx . "&mode=editprofile&u=" . $user->data['user_id']; +$ucp_modules['UCP_Profile']['Preferances'] = 'inc=ucp/usercp_profile.' . $phpEx . "&mode=preferancese&u=" . $user->data['user_id']; +$ucp_modules['UCP_Profile']['Avatar_settings'] = 'inc=ucp/usercp_avatar.' . $phpEx . "&u=" . $user->data['user_id']; +$ucp_modules['UCP_Profile']['Signature_settings'] = 'inc=ucp/usercp_profile.' . $phpEx . "&mode=signaturee&u=" . $user->data['user_id']; -$ucp_modules['UCP_Lists']['Default'] = 'ucp/usercp_lists.' . $phpEx . "?$SID&mode=settings"; -$ucp_modules['UCP_Lists']['Lists_settings'] = 'ucp/usercp_lists.' . $phpEx . "?$SID&mode=settings"; -$ucp_modules['UCP_Lists']['While_list'] = 'ucp/usercp_lists.' . $phpEx . "?$SID&mode=white"; -$ucp_modules['UCP_Lists']['Black_list'] = 'ucp/usercp_lists.' . $phpEx . "?$SID&mode=black"; +$ucp_modules['UCP_Lists']['Default'] = 'inc=ucp/usercp_lists.' . $phpEx . "&mode=settings"; +$ucp_modules['UCP_Lists']['Lists_settings'] = 'inc=ucp/usercp_lists.' . $phpEx . "&mode=settings"; +$ucp_modules['UCP_Lists']['While_list'] = 'inc=ucp/usercp_lists.' . $phpEx . "&mode=white"; +$ucp_modules['UCP_Lists']['Black_list'] = 'inc=ucp/usercp_lists.' . $phpEx . "amp;mode=black"; -$ucp_modules['UCP_Priv_messages']['Default'] = "privmsg.php?$SID&folder=inbox"; -$ucp_modules['UCP_Priv_messages']['Private_messages'] = "privmsg.php?$SID&folder=inbox"; +$ucp_modules['UCP_Priv_messages']['Default'] = ''; +$ucp_modules['UCP_Priv_messages']['Private_messages'] = ''; // @@ -53,6 +53,6 @@ $ucp_modules['UCP_Priv_messages']['Private_messages'] = "privmsg.php?$SID&fo foreach($ucp_modules as $section_title => $sections) { - $template->assign_block_vars('ucp_sections', array('U_SECTION' => $sections['Default'] , + $template->assign_block_vars('ucp_sections', array('U_SECTION' => "ucp.$phpEx$SID&" . $sections['Default'] , 'SECTION' => $user->lang[$section_title])); } diff --git a/phpBB/install/schemas/mysql_basic.sql b/phpBB/install/schemas/mysql_basic.sql index 92fe433e8a..449a6d63fc 100644 --- a/phpBB/install/schemas/mysql_basic.sql +++ b/phpBB/install/schemas/mysql_basic.sql @@ -297,7 +297,10 @@ INSERT INTO phpbb_icons (icons_url, icons_width, icons_height, icons_order, disp INSERT INTO phpbb_icons (icons_url, icons_width, icons_height, icons_order, display_on_posting) VALUES ('smile/question.gif', 19, 19, 6, 1); INSERT INTO phpbb_icons (icons_url, icons_width, icons_height, icons_order, display_on_posting) VALUES ('smile/exclaim.gif', 19, 19, 7, 1); - +# -- ucp modules +INSERT INTO phpbb_ucp_modules (module_id, module_name, module_filename, module_order) VALUES (1, 'Profile Settings', 'ucp/usercp_profile', 1); +INSERT INTO phpbb_ucp_modules (module_id, module_name, module_filename, module_order) VALUES (2, 'Black/While Lists', 'ucp/usercp_lists', 2); + # -- wordlist INSERT INTO phpbb_search_wordlist (word_id, word_text, word_common) VALUES ( 1, 'example', 0 ); INSERT INTO phpbb_search_wordlist (word_id, word_text, word_common) VALUES ( 2, 'post', 0 ); diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index 40417f45f5..9b4adac724 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -654,6 +654,19 @@ CREATE TABLE phpbb_topics_watch ( KEY notify_status (notify_status) ); +# -------------------------------------------------------- +# +# Table structure for table 'phpbb_ucp_modules' +# +CREATE TABLE phpbb_ucp_modules ( + module_id mediumint(8) DEFAULT '0' AUTO_INCREMENT NOT NULL, + module_name varchar(50) NOT NULL, + module_filename varchar(50) NOT NULL, + module_order mediumint(4) DEFAULT '0' NOT NULL, + KEY module_order (module_order), + PRIMARY KEY (module_id) +); + # -------------------------------------------------------- # diff --git a/phpBB/language/en/lang_main.php b/phpBB/language/en/lang_main.php index a31103904c..7ae4197e8d 100644 --- a/phpBB/language/en/lang_main.php +++ b/phpBB/language/en/lang_main.php @@ -421,8 +421,18 @@ $lang = array_merge($lang, array( 'UCP_Profile' => 'Profile Settings', 'UCP_Lists' => 'Black/White Lists', 'UCP_Priv_messages' => 'Private Messages', - 'Subscribed_topics' => 'Subscribed Topics', + 'SUBSCRIBED_TOPICS' => 'Subscribed Topics', + 'SUBSCRIBED_FORUMS' => 'Subscribed Forums', + 'WELCOME_USERCP' => 'Welcome to your User Control Panel', + 'UCP_WELCOME_MESSAGE' => 'This is the UCP welcome message some text should go here that says something usefull, however I can\'t for the life of me think of anything to put so if someone coudl come up with something that would be great. Thanks.', + 'BUDDY_LIST' => 'Buddy List', + 'ONLINE_BUDDIES' => 'Buddies Currently Online', + 'UNREAD_PM' => 'Unread PMs', + 'Registration_information' => 'Registration Information', + 'Preferances' => 'Preferances', + 'Avatar_settings' => 'Avatar Settings', + 'Signature_settings' => 'Signature Settings', 'Private_Messaging' => 'Private Messaging', 'Unread_message' => 'Unread message', diff --git a/phpBB/ucp.php b/phpBB/ucp.php index bb126ae290..898b561f6f 100755 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -1,4 +1,4 @@ -data['user_id'] != ANONYMOUS) @@ -98,10 +102,31 @@ if($_GET['mode'] || $_POST['mode']) } } -// -// Include our module definition file. -// -include($phpbb_root_path . 'includes/ucp/usercp_modules.'.$phpEx); +// Database based module handing +$selected_module = ($_GET['module_id']) ? $_GET['module_id'] : $_POST['module_id']; +$sql = "SELECT module_id, module_name, module_filename FROM " . UCP_MODULES_TABLE . " ORDER BY module_order"; + +$result = $db->sql_query($sql); + +$rowset = $db->sql_fetchrowset($result); + +// Default UCP link +$template->assign_block_vars('ucp_sections', array('U_SECTION' => "ucp.$phpEx$SID", + 'SECTION' => $user->lang['UCP_Main'])); + +foreach($rowset as $section) +{ + $template->assign_block_vars('ucp_sections', array('U_SECTION' => "ucp.$phpEx$SID&module_id=" . $section['module_id'] , + 'SECTION' => $section['module_name'])); + + if($section['module_id'] == $selected_module) + { + $module_to_include = $section['module_filename'] . "." . $phpEx; + include($phpbb_root_path . $module_to_include); + } +} + + $page_title = $user->lang['User_control_panel'] . ' - ' . $this_section; @@ -112,6 +137,12 @@ $orig_word = array(); $replacement_word = array(); obtain_word_list($orig_word, $replacement_word); +$template->assign_vars(array('L_SUBSCRIBED_TOPICS' => $user->lang['SUBSCRIBED_TOPICS'], + 'L_SUBSCRIBED_FORUMS' => $user->lang['SUBSCRIBED_FORUMS'], + 'L_WELCOME_USERCP' => $user->lang['WELCOME_USERCP'], + 'UCP_WELCOME_MSG' => $user->lang['UCP_WELCOME_MESSAGE'], + 'L_ONLINE_BUDDIES' => $user->lang['ONLINE_BUDDIES'], + 'L_UNREAD_PM' => $user->lang['UNREAD_PM'])); // // Subscribed Topics diff --git a/phpBB/ucp/usercp_activate.php b/phpBB/ucp/usercp_activate.php index e8cf61a2aa..f62caee3ed 100755 --- a/phpBB/ucp/usercp_activate.php +++ b/phpBB/ucp/usercp_activate.php @@ -20,55 +20,37 @@ * ***************************************************************************/ -if ( !defined('IN_PHPBB') ) + +if (!defined('IN_PHPBB')) { die('Hacking attempt'); exit; } -// -// The User Control Panel uses Barts 'neat-o-module' system (tm) system to handle the tabs. -// This block specifies the tabs and sub tabs for this section. -// -if( !empty($setmodules) ) -{ - $filename = str_replace(".$phpEx", '', basename(__FILE__)); - - return; -} -// -// End Modules setup -// - -$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey +$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey, username FROM " . USERS_TABLE . " - WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]); -if ( !($result = $db->sql_query($sql)) ) -{ - message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql); -} + WHERE user_id = " . intval($_GET['u']); +$result = $db->sql_query($sql); if ( $row = $db->sql_fetchrow($result) ) { if ( $row['user_active'] && $row['user_actkey'] == '' ) { $template->assign_vars(array( - 'META' => '') + 'META' => '') ); - message_die(GENERAL_MESSAGE, $lang['Already_activated']); + trigger_error($user->lang['Already_activated']); } - else if ( $row['user_actkey'] == $HTTP_GET_VARS['act_key'] ) + else if ( $row['user_actkey'] == $_GET['act_key'] ) { $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql = "UPDATE " . USERS_TABLE . " SET user_active = 1, user_actkey = ''" . $sql_update_pass . " WHERE user_id = " . $row['user_id']; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); - } + + $result = $db->sql_query($sql); if ( $config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) { @@ -92,29 +74,44 @@ if ( $row = $db->sql_fetchrow($result) ) $emailer->reset(); $template->assign_vars(array( - 'META' => '') + 'META' => '') ); - message_die(GENERAL_MESSAGE, $lang['Account_active_admin']); + trigger_error($user->lang['Account_active_admin']); } else { $template->assign_vars(array( - 'META' => '') + 'META' => '') ); - $message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated']; - message_die(GENERAL_MESSAGE, $message); + $message = ( $sql_update_pass == '' ) ? $user->lang['Account_active'] : $user->lang['Password_activated']; + trigger_error($message); } + + // Sync config + $sql = "UPDATE " . CONFIG_TABLE . " + SET config_value = " . $row['user_id'] . " + WHERE config_name = 'newest_user_id'"; + $db->sql_query($sql); + $sql = "UPDATE " . CONFIG_TABLE . " + SET config_value = '" . $row['username'] . "' + WHERE config_name = 'newest_username'"; + $db->sql_query($sql); + $sql = "UPDATE " . CONFIG_TABLE . " + SET config_value = " . ($config['num_users'] + 1) . " + WHERE config_name = 'num_users'"; + $db->sql_query($sql); + } else { - message_die(GENERAL_MESSAGE, $lang['Wrong_activation']); + trigger_error($user->lang['Wrong_activation']); } } else { - message_die(GENERAL_MESSAGE, $lang['No_such_user']); + trigger_error($user->lang['No_such_user']); } ?> \ No newline at end of file diff --git a/phpBB/ucp/usercp_register.php b/phpBB/ucp/usercp_register.php index d06463fa26..fad0d2ba8a 100755 --- a/phpBB/ucp/usercp_register.php +++ b/phpBB/ucp/usercp_register.php @@ -38,6 +38,9 @@ $error = FALSE; $page_title = $user->lang['Register']; +// class for handling the manipulation of user data +$userdata = new userdata(); + if ($mode == 'register') { if(!isset($_POST['agree']) && !isset($_GET['agree']) && !isset($_POST['coppa_over_13']) && !isset($_GET['coppa_over_13']) && !isset($_POST['coppa_under_13']) && !isset($_GET['coppa_under_13']) && !$_POST['agreed']) @@ -66,8 +69,10 @@ $coppa = (empty($_POST['coppa_under_13']) && empty($_GET['coppa_under_13'])) ? 0 // Check and initialize some variables if needed -if (isset($_POST['submit']) || $mode == 'register') +if (isset($_POST['submit'])) { + +/* $strip_var_list = array('username' => 'username', 'email' => 'email'); foreach ($strip_var_list as $var => $param) @@ -248,7 +253,7 @@ if (isset($_POST['submit'])) { if ((($mode == 'register' || $coppa)) && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN)) { - $user_actkey = gen_rand_string(true); + $user_actkey = gen_png_string(10); $key_len = 54 - (strlen($server_url)); $key_len = ($key_len > 6) ? $key_len : 6; @@ -399,6 +404,7 @@ if (isset($_POST['submit'])) $emailer->reset(); } */ +/* $message = $message . '

' . sprintf($user->lang['RETURN_INDEX'], '', ''); trigger_error($message); @@ -408,10 +414,31 @@ if (isset($_POST['submit'])) { trigger_error($error_msg); } +*/ + + $new_user_data = $userdata->add_new_user($_POST, $coppa); + if($new_user_data['user_id']) + { + if ($config['require_activation'] == USER_ACTIVATION_NONE) + { + set_config('newest_user_id', $new_user_data['user_id'], TRUE); + set_config('newest_username', $new_user_data['username'], TRUE); + set_config('num_users', $config['num_users'] + 1, TRUE); + } + + trigger_error($new_user_data['message']); + } + else + { + trigger_error($new_user_data['message']); + } + } // End of submit -if ($error) + + +if ($userdata->error) { // // If an error occured we need to stripslashes on returned data @@ -502,7 +529,7 @@ if ($error) } $db->sql_freeresult($result); - $code = gen_png_string(6); + $code = $userdata->gen_png_string(6); $confirm_id = md5(uniqid($user_ip)); $sql = "INSERT INTO " . CONFIRM_TABLE . " (confirm_id, session_id, code) @@ -642,22 +669,6 @@ function show_coppa() ); } -function gen_png_string($num_chars) -{ - $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); - - list($usec, $sec) = explode(' ', microtime()); - mt_srand($sec * $usec); - - $max_chars = count($chars) - 1; - $rand_str = ''; - for ($i = 0; $i < $num_chars; $i++) - { - $rand_str .= $chars[mt_rand(0, $max_chars)]; - } - - return $rand_str; -} // // FUNCTIONS // ---------