aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/functions.php29
-rw-r--r--phpBB/includes/functions_user.php135
-rw-r--r--phpBB/includes/session.php13
-rw-r--r--phpBB/includes/ucp/ucp_main.php4
-rw-r--r--phpBB/includes/ucp/ucp_prefs.php28
-rw-r--r--phpBB/includes/ucp/ucp_profile.php43
-rw-r--r--phpBB/includes/ucp/ucp_register.php16
7 files changed, 206 insertions, 62 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 8f53c55e8d..c322c58779 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -11,6 +11,7 @@
//
// -------------------------------------------------------------
+
function set_config($config_name, $config_value, $is_dynamic = FALSE)
{
global $db, $cache, $config;
@@ -215,7 +216,7 @@ function make_jumpbox($action, $forum_id = false, $select_all = false)
$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
FROM ' . FORUMS_TABLE . '
ORDER BY left_id ASC';
- $result = $db->sql_query($sql, 600);
+ $result = $db->sql_query($sql);
$right = $cat_right = $padding_inc = 0;
$padding = $forum_list = $holding = '';
@@ -236,7 +237,7 @@ function make_jumpbox($action, $forum_id = false, $select_all = false)
if ($row['left_id'] < $right)
{
- $padding .= '&nbsp; &nbsp; &nbsp;';
+ $padding .= '&nbsp; &nbsp;';
$padding_store[$row['parent_id']] = $padding;
}
else if ($row['left_id'] > $right + 1)
@@ -376,7 +377,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
{
$is_watching = 0;
- $sql = "DELETE FROM " . $table_sql . "
+ $sql = 'DELETE FROM ' . $table_sql . "
WHERE $where_sql = $match_id
AND user_id = $user_id";
$db->sql_query($sql);
@@ -393,7 +394,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
if ($notify_status)
{
- $sql = "UPDATE " . $table_sql . "
+ $sql = 'UPDATE ' . $table_sql . "
SET notify_status = 0
WHERE $where_sql = $match_id
AND user_id = $user_id";
@@ -409,7 +410,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
{
$is_watching = TRUE;
- $sql = "INSERT INTO " . $table_sql . " (user_id, $where_sql, notify_status)
+ $sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status)
VALUES ($user_id, $match_id, 0)";
$db->sql_query($sql);
}
@@ -691,11 +692,11 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
$page_string .= ($on_page == $total_pages) ? '<b>' . $total_pages . '</b>' : '<a href="' . $base_url . '&amp;start=' . (($total_pages - 1) * $per_page) . '">' . $total_pages . '</a>&nbsp;&nbsp;<a href="' . $base_url . "&amp;start=" . ($on_page * $per_page) . '">' . $user->lang['NEXT'] . '</a>';
- $page_string = $user->lang['GOTO_PAGE'] . ' ' . $page_string;
-// $page_string = '<a href="javascript:goto();">' . $user->lang['GOTO_PAGE'] . '</a> ' . $page_string;
+// $page_string = $user->lang['GOTO_PAGE'] . ' ' . $page_string;
+ $page_string = '<a href="javascript:jumpto();">' . $user->lang['GOTO_PAGE'] . '</a> ' . $page_string;
-// $template->assign_var('BASE_URL', $base_url);
-// $template->assign_var('PER_PAGE', $per_page);
+ $template->assign_var('BASE_URL', $base_url);
+ $template->assign_var('PER_PAGE', $per_page);
return $page_string;
}
@@ -706,7 +707,7 @@ function on_page($num_items, $per_page, $start)
$on_page = floor($start / $per_page) + 1;
-// $template->assign_var('ON_PAGE', $on_page);
+ $template->assign_var('ON_PAGE', $on_page);
return sprintf($user->lang['PAGE_OF'], $on_page, max(ceil($num_items / $per_page), 1));
}
@@ -961,16 +962,13 @@ function login_box($s_action, $s_hidden_fields = '', $login_explain = '')
page_footer();
}
-// TODO
-// If forum has parents, check to see if password has been entered
-// for those (if it/they are the same as this forums).? If they are
-// different then we ignore them as if they were blank
+// Generate forum login box
function login_forum_box(&$forum_data)
{
global $db, $config, $user, $template, $phpEx;
$sql = 'SELECT forum_id
- FROM phpbb_forum_access
+ FROM ' . FORUMS_ACCESS_TABLE . '
WHERE forum_id = ' . $forum_data['forum_id'] . '
AND user_id = ' . $user->data['user_id'] . "
AND session_id = '$user->session_id'";
@@ -987,6 +985,7 @@ function login_forum_box(&$forum_data)
{
// TODO
// Remove old valid sessions
+ $sql = '';
if ($_POST['password'] == $forum_data['forum_password'])
{
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index a352a3987c..001e03b268 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -15,6 +15,141 @@
// User functions
//
+function normalise_data(&$data, &$normalise)
+{
+
+ $valid_data = array();
+ foreach ($normalise as $var_type => $var_ary)
+ {
+ foreach ($var_ary as $var_name => $var_limits)
+ {
+ $var_name = (is_string($var_name)) ? $var_name : $var_limits;
+ $l_prefix = strtoupper($var_name);
+
+ if (isset($data[$var_name]))
+ {
+ switch ($var_type)
+ {
+ case 'i':
+ $valid_data[$var_name] = (int) $data[$var_name];
+ break;
+
+ case 'f':
+ $valid_data[$var_name] = (double) $data[$var_name];
+ break;
+
+ case 'b':
+ $valid_data[$var_name] = ($data[$var_name] <= 0) ? 0 : 1;
+ break;
+
+ case 's':
+ // Cleanup data, remove excess spaces, convert entity forms
+ $valid_data[$var_name] = trim(preg_replace('#\s{2,}#s', ' ', strtr((string) $data[$var_name], array_flip(get_html_translation_table(HTML_ENTITIES)))));
+
+ // How should we check this data?
+ if (!is_array($var_limits))
+ {
+ // Is the match a string? If it is, process it further, else we'll
+ // assume it's a maximum length
+ if (is_string($var_limits))
+ {
+ if (strstr($var_limits, ','))
+ {
+ list($min_value, $max_value) = explode(',', $var_limits);
+ if (!empty($valid_data[$var_name]) && strlen($valid_data[$var_name]) < $min_value)
+ {
+ $this->error[] = $l_prefix . '_TOO_SHORT';
+ }
+
+ if (strlen($valid_data[$var_name]) > $max_value)
+ {
+ $this->error[] = $l_prefix . '_TOO_LONG';
+ }
+ }
+ }
+ else
+ {
+ if (strlen($valid_data[$var_name]) > $var_limits)
+ {
+ $this->error[] = $l_prefix . '_TOO_LONG';
+ }
+ }
+ }
+ break;
+ }
+ }
+ }
+ }
+
+ return $valid_data;
+}
+
+// Validates data subject to supplied requirements, errors appropriately
+function validate_data(&$data, &$validate)
+{
+ global $db, $user, $config;
+
+ foreach ($validate as $operation => $var_ary)
+ {
+ foreach ($var_ary as $var_name => $compare)
+ {
+ $l_prefix = strtoupper($var_name);
+
+ if (!empty($compare))
+ {
+ switch ($operation)
+ {
+ case 'm':
+ if (is_array($compare))
+ {
+ foreach ($compare as $match)
+ {
+ if (!preg_match($match, $data[$var_name]))
+ {
+ $this->error[] = $l_prefix . '_WRONG_DATA';
+ }
+ }
+ }
+ else if (!preg_match($compare, $data[$var_name]))
+ {
+ $this->error[] = $l_prefix . '_WRONG_DATA';
+ }
+ break;
+
+ case 'c':
+ if (is_array($compare))
+ {
+ if (!in_array($data[$var_name], $compare))
+ {
+ $this->error[] = $l_prefix . '_MISMATCH';
+ }
+ }
+ else if ($data[$var_name] != $compare)
+ {
+ $this->error[] = $l_prefix . '_MISMATCH';
+ }
+ break;
+
+ case 'f':
+ if ($result = $compare($data[$var_name]))
+ {
+ $this->error[] = $result;
+ }
+
+ break;
+
+ case 'r':
+ if (!isset($data[$compare]) || (is_string($data[$compare]) && $data[$compare] === ''))
+ {
+ $this->error[] = strtoupper($compare) . '_MISSING_DATA';
+ }
+ break;
+ }
+ }
+ }
+ }
+}
+
// Generates an alphanumeric random string of given length
function gen_rand_string($num_chars)
{
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index d321c06a37..0a2c1ca6cb 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -258,7 +258,8 @@ class session
$sql_ary = array(
'session_id' => (string) $this->session_id,
'session_user_id' => (int) $user_id,
- 'session_start' => (int) $this->data['session_last_visit'],
+ 'session_start' => (int) $current_time,
+ 'session_last_visit' => (int) $this->data['session_last_visit'],
'session_time' => (int) $current_time,
'session_ip' => (string) $this->ip,
'session_browser' => (string) $this->browser,
@@ -282,7 +283,7 @@ class session
if ($this->data['user_id'] != ANONYMOUS)
{
- // Trigger EVENT_NEW_SESSION
+ // Trigger EVT_NEW_SESSION
}
return true;
@@ -312,6 +313,11 @@ class session
$this->session_id = '';
+ if ($this->data['user_id'] != ANONYMOUS)
+ {
+ // Trigger EVT_END_SESSION
+ }
+
return true;
}
@@ -467,6 +473,7 @@ class user extends session
if (!empty($_GET['style']) && $auth->acl_get('a_styles'))
{
global $SID;
+
$style = intval($_GET['style']);
$SID .= '&amp;style=' . $style;
}
@@ -482,7 +489,7 @@ class user extends session
AND t.template_id = s.template_id
AND c.theme_id = s.theme_id
AND i.imageset_id = s.imageset_id';
- $result = $db->sql_query($sql, 600);
+ $result = $db->sql_query($sql, 3600);
if (!($row = $db->sql_fetchrow($result)))
{
diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php
index 30dd590f9f..ddf5b907b9 100644
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@@ -4,8 +4,8 @@
// $Id$
//
// FILENAME : ucp_main.php
-// STARTED : Sat Feb 21, 2003
-// COPYRIGHT : © 2003 phpBB Group
+// STARTED : Mon May 19, 2003
+// COPYRIGHT : © 2001, 2003 phpBB Group
// WWW : http://www.phpbb.com/
// LICENCE : GPL vs2.0 [ see /docs/COPYING ]
//
diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php
index c6e2e52328..78fc12c06e 100644
--- a/phpBB/includes/ucp/ucp_prefs.php
+++ b/phpBB/includes/ucp/ucp_prefs.php
@@ -43,23 +43,23 @@ class ucp_prefs extends ucp
{
$data = array();
$normalise = array(
- 'string' => array(
+ 's' => array(
'dateformat'=> '3,15',
'lang' => '2,5',
),
- 'int' => array('dst', 'style'),
- 'float' => array('tz'),
- 'bool' => array('viewemail', 'massemail', 'hideonline', 'notifypm', 'popuppm')
+ 'i' => array('dst', 'style'),
+ 'f' => array('tz'),
+ 'b' => array('viewemail', 'massemail', 'hideonline', 'notifypm', 'popuppm')
);
- $data = $this->normalise_data($_POST, $normalise);
+ $data = normalise_data($_POST, $normalise);
$validate = array(
- 'reqd' => array('lang', 'tz', 'dateformat', 'style'),
- 'match' => array(
+ 'r' => array('lang', 'tz', 'dateformat', 'style'),
+ 'm' => array(
'lang' => ($data['lang']) ? '#^[a-z_]+$#i' : '',
),
);
- $this->validate_data($data, $validate);
+ validate_data($data, $validate);
if (!sizeof($this->error))
{
@@ -147,14 +147,14 @@ class ucp_prefs extends ucp
{
$data = array();
$normalise = array(
- 'string' => array(
+ 's' => array(
'sk' => '1,1',
'sd' => '1,1',
),
- 'int' => array('st', 'minkarma'),
- 'bool' => array('images', 'flash', 'smilies', 'sigs', 'avatars', 'wordcensor'),
+ 'i' => array('st', 'minkarma'),
+ 'b' => array('images', 'flash', 'smilies', 'sigs', 'avatars', 'wordcensor'),
);
- $data = $this->normalise_data($_POST, $normalise);
+ $data = normalise_data($_POST, $normalise);
if (!sizeof($this->error))
{
@@ -257,9 +257,9 @@ class ucp_prefs extends ucp
{
$data = array();
$normalise = array(
- 'bool' => array('bbcode', 'html', 'smilies', 'sig', 'notify'),
+ 'b' => array('bbcode', 'html', 'smilies', 'sig', 'notify'),
);
- $data = $this->normalise_data($_POST, $normalise);
+ $data = normalise_data($_POST, $normalise);
if (!sizeof($this->error))
{
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 21d18ae338..8db52ed593 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -37,11 +37,12 @@ class ucp_profile extends ucp
{
case 'reg_details':
- if (isset($_POST['submit']))
+ if ($submit)
{
- $data = array();
+
+
$normalise = array(
- 'string' => array(
+ 's' => array(
'username' => $config['min_name_chars'] . ',' . $config['max_name_chars'],
'password_confirm' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'],
'new_password' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'],
@@ -50,27 +51,29 @@ class ucp_profile extends ucp
'email_confirm' => '7,60',
)
);
- $data = $this->normalise_data($_POST, $normalise);
+ $data = normalise_data($_POST, $normalise);
// md5 current password for checking
$data['cur_password'] = md5($data['cur_password']);
$validate = array(
- 'reqd' => array('username', 'email'),
- 'compare' => array(
+ 'r' => array('username', 'email'),
+ 'c' => array(
'password_confirm' => ($data['new_password']) ? $data['new_password'] : '',
'cur_password' => ($data['new_password'] || $data['email'] != $user->data['user_email'] || $data['username'] != $user->data['username']) ? $user->data['user_password'] : '',
'email_confirm' => ($data['email'] != $user->data['user_email']) ? $data['email'] : '',
),
- 'match' => array(
+ 'm' => array(
'username' => ($data['username'] != $user->data['username']) ? '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu' : '',
),
- 'function' => array(
+ 'f' => array(
'username' => ($data['username'] != $user->data['username']) ? 'validate_username' : '',
'email' => ($data['email'] != $user->data['user_email']) ? 'validate_email' : '',
),
);
- $this->validate_data($data, $validate);
+ validate_data($data, $validate);
+
+
if (!sizeof($this->error))
{
@@ -128,7 +131,7 @@ class ucp_profile extends ucp
{
$data = array();
$normalise = array(
- 'string' => array(
+ 's' => array(
'icq' => '3,15',
'aim' => '5,255',
'msn' => '5,255',
@@ -139,17 +142,17 @@ class ucp_profile extends ucp
'occupation'=> '2,500',
'interests' => '2,500',
),
- 'int' => array('bday_day', 'bday_month', 'bday_year')
+ 'i' => array('bday_day', 'bday_month', 'bday_year')
);
- $data = $this->normalise_data($_POST, $normalise);
+ $data = normalise_data($_POST, $normalise);
$validate = array(
- 'match' => array(
+ 'm' => array(
'icq' => ($data['icq']) ? '#^[0-9]+$#i' : '',
'website' => ($data['website']) ? '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i' : '',
),
);
- $this->validate_data($data, $validate);
+ validate_data($data, $validate);
if (!sizeof($this->error))
{
@@ -261,7 +264,7 @@ class ucp_profile extends ucp
$message_parser = new parse_message();
$message_parser->message = $signature;
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
- echo ">>" . $signature = $message_parser->message;
+ $signature = $message_parser->message;
$sql_ary = array(
'user_sig' => $signature,
@@ -269,7 +272,7 @@ class ucp_profile extends ucp
'user_sig_bbcode_bitfield' => $message_parser->bbcode_bitfield
);
- echo $sql = 'UPDATE ' . USERS_TABLE . '
+ $sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
@@ -356,24 +359,24 @@ class ucp_profile extends ucp
else if (!empty($_POST['uploadurl']) && $can_upload)
{
$normalise = array(
- 'string' => array(
+ 's' => array(
'uploadurl' => '1,255',
)
);
- $data = $this->normalise_data($_POST, $normalise);
+ $data = normalise_data($_POST, $normalise);
$this->error = avatar_upload($data);
}
else if (!empty($_POST['remotelink']) && $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote'])
{
$normalise = array(
- 'string' => array(
+ 's' => array(
'remotelink' => '1,255',
'width' => '1,3',
'height' => '1,3',
)
);
- $data = $this->normalise_data($_POST, $normalise);
+ $data = normalise_data($_POST, $normalise);
$this->error = avatar_remote($data);
}
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 5ed69cf542..de1d619117 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -72,7 +72,7 @@ class ucp_register extends ucp
if (isset($_POST['submit']))
{
$normalise = array(
- 'string' => array(
+ 's' => array(
'username' => $config['min_name_chars'] . ',' . $config['max_name_chars'],
'password_confirm' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'],
'new_password' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'],
@@ -81,25 +81,25 @@ class ucp_register extends ucp
'email' => '7,60',
'email_confirm' => '7,60',
),
- 'float' => array('tz')
+ 'f' => array('tz')
);
- $data = $this->normalise_data($_POST, $normalise);
+ $data = normalise_data($_POST, $normalise);
$validate = array(
- 'reqd' => array('username', 'email', 'email_confirm', 'new_password', 'password_confirm', 'lang', 'confirm_code', 'tz'),
- 'compare' => array(
+ 'r' => array('username', 'email', 'email_confirm', 'new_password', 'password_confirm', 'lang', 'confirm_code', 'tz'),
+ 'c' => array(
'password_confirm' => $data['new_password'],
'email_confirm' => $data['email'],
),
- 'match' => array(
+ 'm' => array(
'username' => '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu',
),
- 'function' => array(
+ 'f' => array(
'username' => 'validate_username',
'email' => 'validate_email',
),
);
- $this->validate_data($data, $validate);
+ validate_data($data, $validate);
// Visual Confirmation handling
if ($config['enable_confirm'])
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-17 15:31:05 +0000