aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions_user.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions_user.php')
-rw-r--r--phpBB/includes/functions_user.php339
1 files changed, 243 insertions, 96 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 9b102b7387..0e347fe477 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -112,7 +112,7 @@ function update_last_username()
*/
function user_update_name($old_name, $new_name)
{
- global $config, $db, $cache;
+ global $config, $db, $cache, $phpbb_dispatcher;
$update_ary = array(
FORUMS_TABLE => array('forum_last_poster_name'),
@@ -137,6 +137,17 @@ function user_update_name($old_name, $new_name)
set_config('newest_username', $new_name, true);
}
+ /**
+ * Update a username when it is changed
+ *
+ * @event core.update_username
+ * @var string old_name The old username that is replaced
+ * @var string new_name The new username
+ * @since 3.1-A1
+ */
+ $vars = array('old_name', 'new_name');
+ extract($phpbb_dispatcher->trigger_event('core.update_username', compact($vars)));
+
// Because some tables/caches use username-specific data we need to purge this here.
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
}
@@ -151,6 +162,7 @@ function user_update_name($old_name, $new_name)
function user_add($user_row, $cp_data = false)
{
global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
+ global $phpbb_dispatcher;
if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
{
@@ -197,7 +209,6 @@ function user_add($user_row, $cp_data = false)
'user_lastpost_time' => 0,
'user_lastpage' => '',
'user_posts' => 0,
- 'user_dst' => (int) $config['board_dst'],
'user_colour' => '',
'user_occ' => '',
'user_interests' => '',
@@ -245,6 +256,16 @@ function user_add($user_row, $cp_data = false)
}
}
+ /**
+ * Use this event to modify the values to be inserted when a user is added
+ *
+ * @event core.user_add_modify_data
+ * @var array sql_ary Array of data to be inserted when a user is added
+ * @since 3.1-A1
+ */
+ $vars = array('sql_ary');
+ extract($phpbb_dispatcher->trigger_event('core.user_add_modify_data', compact($vars)));
+
$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
@@ -329,28 +350,54 @@ function user_add($user_row, $cp_data = false)
/**
* Remove User
+* @param $mode Either 'retain' or 'remove'
*/
-function user_delete($mode, $user_id, $post_username = false)
+function user_delete($mode, $user_ids, $retain_username = true)
{
- global $cache, $config, $db, $user, $auth;
+ global $cache, $config, $db, $user, $auth, $phpbb_dispatcher;
global $phpbb_root_path, $phpEx;
+ $db->sql_transaction('begin');
+
+ $user_rows = array();
+ if (!is_array($user_ids))
+ {
+ $user_ids = array($user_ids);
+ }
+
+ $user_id_sql = $db->sql_in_set('user_id', $user_ids);
+
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
- WHERE user_id = ' . $user_id;
+ WHERE ' . $user_id_sql;
$result = $db->sql_query($sql);
- $user_row = $db->sql_fetchrow($result);
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $user_rows[(int) $row['user_id']] = $row;
+ }
$db->sql_freeresult($result);
- if (!$user_row)
+ if (empty($user_rows))
{
return false;
}
+ /**
+ * Event before a user is deleted
+ *
+ * @event core.delete_user_before
+ * @var string mode Mode of deletion (retain/delete posts)
+ * @var int user_id ID of the deleted user
+ * @var mixed post_username Guest username that is being used or false
+ * @since 3.1-A1
+ */
+ $vars = array('mode', 'user_id', 'post_username');
+ extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars)));
+
// Before we begin, we will remove the reports the user issued.
$sql = 'SELECT r.post_id, p.topic_id
FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
- WHERE r.user_id = ' . $user_id . '
+ WHERE ' . $db->sql_in_set('r.user_id', $user_ids) . '
AND p.post_id = r.post_id';
$result = $db->sql_query($sql);
@@ -404,97 +451,124 @@ function user_delete($mode, $user_id, $post_username = false)
}
// Remove reports
- $db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);
+ $db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE ' . $user_id_sql);
- if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
- {
- avatar_delete('user', $user_row);
- }
+ $num_users_delta = 0;
- switch ($mode)
+ // Some things need to be done in the loop (if the query changes based
+ // on which user is currently being deleted)
+ $added_guest_posts = 0;
+ foreach ($user_rows as $user_id => $user_row)
{
- case 'retain':
-
- $db->sql_transaction('begin');
-
- if ($post_username === false)
- {
- $post_username = $user->lang['GUEST'];
- }
+ if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
+ {
+ avatar_delete('user', $user_row);
+ }
- // If the user is inactive and newly registered we assume no posts from this user being there...
- if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
- {
- }
- else
- {
- $sql = 'UPDATE ' . FORUMS_TABLE . '
- SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
- WHERE forum_last_poster_id = $user_id";
- $db->sql_query($sql);
+ // Decrement number of users if this user is active
+ if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
+ {
+ --$num_users_delta;
+ }
- $sql = 'UPDATE ' . POSTS_TABLE . '
- SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
- WHERE poster_id = $user_id";
- $db->sql_query($sql);
+ switch ($mode)
+ {
+ case 'retain':
+ if ($retain_username === false)
+ {
+ $post_username = $user->lang['GUEST'];
+ }
+ else
+ {
+ $post_username = $user_row['username'];
+ }
- $sql = 'UPDATE ' . POSTS_TABLE . '
- SET post_edit_user = ' . ANONYMOUS . "
- WHERE post_edit_user = $user_id";
- $db->sql_query($sql);
+ // If the user is inactive and newly registered
+ // we assume no posts from the user, and save
+ // the queries
+ if ($user_row['user_type'] != USER_INACTIVE || $user_row['user_inactive_reason'] != INACTIVE_REGISTER || $user_row['user_posts'])
+ {
+ // When we delete these users and retain the posts, we must assign all the data to the guest user
+ $sql = 'UPDATE ' . FORUMS_TABLE . '
+ SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
+ WHERE forum_last_poster_id = $user_id";
+ $db->sql_query($sql);
- $sql = 'UPDATE ' . TOPICS_TABLE . '
- SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
- WHERE topic_poster = $user_id";
- $db->sql_query($sql);
+ $sql = 'UPDATE ' . POSTS_TABLE . '
+ SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
+ WHERE poster_id = $user_id";
+ $db->sql_query($sql);
- $sql = 'UPDATE ' . TOPICS_TABLE . '
- SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
- WHERE topic_last_poster_id = $user_id";
- $db->sql_query($sql);
+ $sql = 'UPDATE ' . TOPICS_TABLE . '
+ SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
+ WHERE topic_poster = $user_id";
+ $db->sql_query($sql);
- $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
- SET poster_id = ' . ANONYMOUS . "
- WHERE poster_id = $user_id";
- $db->sql_query($sql);
+ $sql = 'UPDATE ' . TOPICS_TABLE . '
+ SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
+ WHERE topic_last_poster_id = $user_id";
+ $db->sql_query($sql);
- // Since we change every post by this author, we need to count this amount towards the anonymous user
+ // Since we change every post by this author, we need to count this amount towards the anonymous user
- // Update the post count for the anonymous user
- if ($user_row['user_posts'])
- {
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET user_posts = user_posts + ' . $user_row['user_posts'] . '
- WHERE user_id = ' . ANONYMOUS;
- $db->sql_query($sql);
+ if ($user_row['user_posts'])
+ {
+ $added_guest_posts += $user_row['user_posts'];
+ }
}
- }
-
- $db->sql_transaction('commit');
+ break;
- break;
+ case 'remove':
+ // there is nothing variant specific to deleting posts
+ break;
+ }
+ }
- case 'remove':
+ if ($num_users_delta != 0)
+ {
+ set_config_count('num_users', $num_users_delta, true);
+ }
- if (!function_exists('delete_posts'))
- {
- include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
- }
+ // Now do the invariant tasks
+ // all queries performed in one call of this function are in a single transaction
+ // so this is kosher
+ if ($mode == 'retain')
+ {
+ // Assign more data to the Anonymous user
+ $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
+ SET poster_id = ' . ANONYMOUS . '
+ WHERE ' . $db->sql_in_set('poster_id', $user_ids);
+ $db->sql_query($sql);
- // Delete posts, attachments, etc.
- delete_posts('poster_id', $user_id);
+ $sql = 'UPDATE ' . POSTS_TABLE . '
+ SET post_edit_user = ' . ANONYMOUS . '
+ WHERE ' . $db->sql_in_set('post_edit_user', $user_ids);
+ $db->sql_query($sql);
- break;
+ $sql = 'UPDATE ' . USERS_TABLE . '
+ SET user_posts = user_posts + ' . $added_guest_posts . '
+ WHERE user_id = ' . ANONYMOUS;
+ $db->sql_query($sql);
}
+ else if ($mode == 'remove')
+ {
+ if (!function_exists('delete_posts'))
+ {
+ include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
+ }
- $db->sql_transaction('begin');
+ // Delete posts, attachments, etc.
+ // delete_posts can handle any number of IDs in its second argument
+ delete_posts('poster_id', $user_ids);
+ }
$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);
+ // Delete the miscellaneous (non-post) data for the user
foreach ($table_ary as $table)
{
$sql = "DELETE FROM $table
- WHERE user_id = $user_id";
+ WHERE " . $user_id_sql;
$db->sql_query($sql);
}
@@ -502,29 +576,29 @@ function user_delete($mode, $user_id, $post_username = false)
// Delete user log entries about this user
$sql = 'DELETE FROM ' . LOG_TABLE . '
- WHERE reportee_id = ' . $user_id;
+ WHERE ' . $db->sql_in_set('reportee_id', $user_ids);
$db->sql_query($sql);
// Change user_id to anonymous for this users triggered events
$sql = 'UPDATE ' . LOG_TABLE . '
SET user_id = ' . ANONYMOUS . '
- WHERE user_id = ' . $user_id;
+ WHERE ' . $user_id_sql;
$db->sql_query($sql);
// Delete the user_id from the zebra table
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
- WHERE user_id = ' . $user_id . '
- OR zebra_id = ' . $user_id;
+ WHERE ' . $user_id_sql . '
+ OR ' . $db->sql_in_set('zebra_id', $user_ids);
$db->sql_query($sql);
// Delete the user_id from the banlist
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
- WHERE ban_userid = ' . $user_id;
+ WHERE ' . $db->sql_in_set('ban_userid', $user_ids);
$db->sql_query($sql);
// Delete the user_id from the session table
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
- WHERE session_user_id = ' . $user_id;
+ WHERE ' . $db->sql_in_set('session_user_id', $user_ids);
$db->sql_query($sql);
// Clean the private messages tables from the user
@@ -532,22 +606,28 @@ function user_delete($mode, $user_id, $post_username = false)
{
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}
- phpbb_delete_user_pms($user_id);
+ phpbb_delete_users_pms($user_ids);
$db->sql_transaction('commit');
+ /**
+ * Event after a user is deleted
+ *
+ * @event core.delete_user_after
+ * @var string mode Mode of deletion (retain/delete posts)
+ * @var int user_id ID of the deleted user
+ * @var mixed post_username Guest username that is being used or false
+ * @since 3.1-A1
+ */
+ $vars = array('mode', 'user_id', 'post_username');
+ extract($phpbb_dispatcher->trigger_event('core.delete_user_after', compact($vars)));
+
// Reset newest user info if appropriate
- if ($config['newest_user_id'] == $user_id)
+ if (in_array($config['newest_user_id'], $user_ids))
{
update_last_username();
}
- // Decrement number of users if this user is active
- if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
- {
- set_config_count('num_users', -1, true);
- }
-
return false;
}
@@ -677,8 +757,10 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
{
- $time_offset = (isset($user->timezone) && isset($user->dst)) ? (int) $user->timezone + (int) $user->dst : 0;
- $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]) - $time_offset);
+ $ban_end = max($current_time, $user->create_datetime()
+ ->setDate((int) $ban_other[0], (int) $ban_other[1], (int) $ban_other[2])
+ ->setTime(0, 0, 0)
+ ->getTimestamp() + $user->timezone->getOffset(new DateTime('UTC')));
}
else
{
@@ -1247,10 +1329,21 @@ function validate_data($data, $val_ary)
$function = array_shift($validate);
array_unshift($validate, $data[$var]);
- if ($result = call_user_func_array('validate_' . $function, $validate))
+ if (function_exists('phpbb_validate_' . $function))
{
- // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
- $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
+ if ($result = call_user_func_array('phpbb_validate_' . $function, $validate))
+ {
+ // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
+ $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
+ }
+ }
+ else
+ {
+ if ($result = call_user_func_array('validate_' . $function, $validate))
+ {
+ // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
+ $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
+ }
}
}
}
@@ -1396,6 +1489,22 @@ function validate_language_iso_name($lang_iso)
}
/**
+* Validate Timezone Name
+*
+* Tests whether a timezone name is valid
+*
+* @param string $timezone The timezone string to test
+*
+* @return bool|string Either false if validation succeeded or
+* a string which will be used as the error message
+* (with the variable name appended)
+*/
+function phpbb_validate_timezone($timezone)
+{
+ return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
+}
+
+/**
* Check to see if the username has been taken, or if it is disallowed.
* Also checks if it includes the " character, which we don't allow in usernames.
* Used for registering, changing names, and posting anonymously with a username
@@ -2731,7 +2840,7 @@ function avatar_remove_db($avatar_name)
*/
function group_delete($group_id, $group_name = false)
{
- global $db, $phpbb_root_path, $phpEx;
+ global $db, $phpbb_root_path, $phpEx, $phpbb_dispatcher;
if (!$group_name)
{
@@ -2790,6 +2899,17 @@ function group_delete($group_id, $group_name = false)
WHERE group_id = $group_id";
$db->sql_query($sql);
+ /**
+ * Event after a group is deleted
+ *
+ * @event core.delete_group_after
+ * @var int group_id ID of the deleted group
+ * @var string group_name Name of the deleted group
+ * @since 3.1-A1
+ */
+ $vars = array('group_id', 'group_name');
+ extract($phpbb_dispatcher->trigger_event('core.delete_group_after', compact($vars)));
+
// Re-cache moderators
if (!function_exists('cache_moderators'))
{
@@ -2912,7 +3032,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
*/
function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
{
- global $db, $auth, $config;
+ global $db, $auth, $config, $phpbb_dispatcher;
if ($config['coppa_enable'])
{
@@ -3011,6 +3131,19 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
}
unset($special_group_data);
+ /**
+ * Event before users are removed from a group
+ *
+ * @event core.group_delete_user_before
+ * @var int group_id ID of the group from which users are deleted
+ * @var string group_name Name of the group
+ * @var array user_id_ary IDs of the users which are removed
+ * @var array username_ary names of the users which are removed
+ * @since 3.1-A1
+ */
+ $vars = array('group_id', 'group_name', 'user_id_ary', 'username_ary');
+ extract($phpbb_dispatcher->trigger_event('core.group_delete_user_before', compact($vars)));
+
$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
WHERE group_id = $group_id
AND " . $db->sql_in_set('user_id', $user_id_ary);
@@ -3328,7 +3461,7 @@ function group_validate_groupname($group_id, $group_name)
*/
function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
{
- global $cache, $db;
+ global $cache, $db, $phpbb_dispatcher;
if (empty($user_id_ary))
{
@@ -3424,6 +3557,20 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
}
}
+ /**
+ * Event when the default group is set for an array of users
+ *
+ * @event core.user_set_default_group
+ * @var int group_id ID of the group
+ * @var array user_id_ary IDs of the users
+ * @var array group_attributes Group attributes which were changed
+ * @var array update_listing Update the list of moderators and foes
+ * @var array sql_ary User attributes which were changed
+ * @since 3.1-A1
+ */
+ $vars = array('group_id', 'user_id_ary', 'group_attributes', 'update_listing', 'sql_ary');
+ extract($phpbb_dispatcher->trigger_event('core.user_set_default_group', compact($vars)));
+
if ($update_listing)
{
group_update_listings($group_id);
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-31 00:05:26 +0000