aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--phpBB/adm/admin_groups.php153
-rw-r--r--phpBB/docs/coding-guidelines.html2
-rw-r--r--phpBB/includes/functions_user.php400
3 files changed, 236 insertions, 319 deletions
diff --git a/phpBB/adm/admin_groups.php b/phpBB/adm/admin_groups.php
index 4c0e546670..22dd3a725e 100644
--- a/phpBB/adm/admin_groups.php
+++ b/phpBB/adm/admin_groups.php
@@ -52,8 +52,7 @@ $cancel = (isset($_POST['cancel'])) ? true : false;
// Clear some vars
$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
-
-$group_type = $group_name = $group_desc = $group_colour = $group_rank = $group_avatar = false;
+$group_row = array();
// Grab basic data for group, if group_id is set and exists
if ($group_id)
@@ -62,12 +61,13 @@ if ($group_id)
FROM ' . GROUPS_TABLE . "
WHERE group_id = $group_id";
$result = $db->sql_query($sql);
+ $group_row = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
- if (!extract($db->sql_fetchrow($result)))
+ if (!$group_row)
{
trigger_error($user->lang['NO_GROUP']);
}
- $db->sql_freeresult($result);
}
switch ($mode)
@@ -79,7 +79,7 @@ switch ($mode)
// Common javascript
?>
-<script language="Javascript" type="text/javascript">
+<script language="javascript" type="text/javascript">
<!--
function marklist(match, status)
{
@@ -105,23 +105,26 @@ function marklist(match, status)
{
trigger_error($user->lang['NO_GROUP']);
}
-
- group_user_attributes($action, $group_id, $mark_ary, false, $group_name);
+
+ group_user_attributes($action, $group_id, $mark_ary, false, ($group_id) ? $group_row['group_name'] : false);
switch ($action)
{
case 'demote':
$message = 'GROUP_MODS_DEMOTED';
- break;
+ break;
+
case 'promote':
$message = 'GROUP_MODS_PROMOTED';
- break;
+ break;
+
case 'approve':
$message = 'USERS_APPROVED';
- break;
+ break;
}
+
trigger_error($user->lang[$message]);
- break;
+ break;
case 'default':
if (!$group_id)
@@ -137,9 +140,8 @@ function marklist(match, status)
$sql = 'SELECT user_id
FROM ' . USER_GROUP_TABLE . "
WHERE group_id = $group_id
- ORDER BY user_id
- LIMIT $start, 200";
- $result = $db->sql_query($sql);
+ ORDER BY user_id";
+ $result = $db->sql_query_limit($sql, 200, $start);
$mark_ary = array();
if ($row = $db->sql_fetchrow($result))
@@ -150,7 +152,7 @@ function marklist(match, status)
}
while ($row = $db->sql_fetchrow($result));
- group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_colour, $group_rank, $group_avatar, $group_avatar_type, $group_avatar_width, $group_avatar_height);
+ group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
$start = (sizeof($user_id_ary) < 200) ? 0 : $start + 200;
}
@@ -164,11 +166,11 @@ function marklist(match, status)
}
else
{
- group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_colour, $group_rank, $group_avatar, $group_avatar_type, $group_avatar_width, $group_avatar_height);
+ group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
}
trigger_error($user->lang['GROUP_DEFS_UPDATED']);
- break;
+ break;
case 'deleteusers':
case 'delete':
@@ -186,12 +188,12 @@ function marklist(match, status)
switch ($action)
{
case 'delete':
- $error = group_delete($group_id, $group_name);
- break;
+ $error = group_delete($group_id, $group_row['group_name']);
+ break;
case 'deleteusers':
- $error = group_user_del($group_id, $mark_ary, false, $group_name);
- break;
+ $error = group_user_del($group_id, $mark_ary, false, $group_row['group_name']);
+ break;
}
if ($error)
@@ -202,7 +204,7 @@ function marklist(match, status)
$message = ($action == 'delete') ? 'GROUP_DELETED' : 'GROUP_USERS_REMOVE';
trigger_error($user->lang[$message]);
}
- break;
+ break;
case 'addusers':
if (!$group_id)
@@ -218,18 +220,20 @@ function marklist(match, status)
$name_ary = array_unique(explode("\n", $name_ary));
// Add user/s to group
- if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, $leader, $group_colour, $group_rank, $group_avatar, $group_avatar_type, $group_avatar_width, $group_avatar_height))
+ if ($error = group_user_add($group_id, false, $name_ary, $group_row['group_name'], $default, $leader, $group_row))
{
trigger_error($user->lang[$error]);
}
$message = ($action == 'addleaders') ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED';
trigger_error($user->lang[$message]);
- break;
+ break;
case 'edit':
case 'add':
+ $data = $submit_ary = array();
+
if ($action == 'edit' && !$group_id)
{
trigger_error($user->lang['NO_GROUP']);
@@ -243,16 +247,18 @@ function marklist(match, status)
{
$group_name = request_var('group_name', '');
$group_desc = request_var('group_description', '');
- $group_type = request_var('group_type', 0);
-
- $colour = request_var('group_colour', '');
- $rank = request_var('group_rank', 0);
+ $group_type = request_var('group_type', GROUP_FREE);
$data['uploadurl'] = request_var('uploadurl', '');
$data['remotelink'] = request_var('remotelink', '');
$delete = request_var('delete', '');
- $receive_pm = isset($_REQUEST['group_receive_pm']) ? 1 : 0;
- $message_limit = request_var('group_message_limit', 0);
+
+ $submit_ary = array(
+ 'colour' => request_var('group_colour', ''),
+ 'rank' => request_var('group_rank', 0),
+ 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
+ 'message_limit' => request_var('group_message_limit', 0)
+ );
$avatar = '';
@@ -275,34 +281,42 @@ function marklist(match, status)
if ((!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl']) && $can_upload)
{
- list($avatar_type, $avatar, $avatar_width, $avatar_height) = avatar_upload($data, $error);
+ list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_upload($data, $error);
}
else if ($data['remotelink'])
{
- list($avatar_type, $avatar, $avatar_width, $avatar_height) = avatar_remote($data, $error);
+ list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_remote($data, $error);
}
}
}
else if ($delete)
{
- $avatar = '';
- $avatar_type = $avatar_width = $avatar_height = 0;
+ $submit_ary['avatar'] = '';
+ $submit_ary['avatar_type'] = $submit_ary['avatar_width'] = $submit_ary['avatar_height'] = 0;
}
- if (($avatar && $group_avatar != $avatar) || $delete)
+ if (($submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete)
{
- avatar_delete($group_avatar);
+ if (isset($group_row['group_avatar']) && $group_row['group_avatar'])
+ {
+ avatar_delete($group_row['group_avatar']);
+ }
}
// Only set the rank, colour, etc. if it's changed or if we're adding a new
// group. This prevents existing group members being updated if no changes
// were made.
+
+ $group_attributes = array();
foreach (array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'message_limit') as $test)
{
- ${'group_' . $test} = ($action == 'add' || (isset($$test) && $$test != ${'group_' . $test})) ? $$test : false;
+ if ($action == 'add' || (isset($group_row['group_' . $test]) && $group_row['group_' . $test] != $submit_ary[$test]))
+ {
+ $group_attributes[$test] = $group_row['group_' . $test] = $submit_ary[$test];
+ }
}
- if (!($error = group_create($group_id, $group_type, $group_name, $group_description, $group_colour, $group_rank, $group_avatar, $group_avatar_type, $group_avatar_width, $group_avatar_height, $group_receive_pm, $group_message_limit)))
+ if (!($error = group_create($group_id, $group_type, $group_name, $group_description, $group_attributes)))
{
$message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
trigger_error($message);
@@ -311,8 +325,14 @@ function marklist(match, status)
else if (!$group_id)
{
$group_name = request_var('group_name', '');
- $group_description = $group_colour = $group_avatar = '';
- $group_type = GROUP_FREE;
+ $group_description = '';
+ $group_type = GROUP_OPEN;
+ }
+ else
+ {
+ $group_name = $group_row['group_name'];
+ $group_description = $group_row['group_description'];
+ $group_type = $group_row['group_type'];
}
?>
@@ -322,7 +342,6 @@ function marklist(match, status)
<p><?php echo $user->lang['GROUP_EDIT_EXPLAIN']; ?></p>
<?php
-
$sql = 'SELECT *
FROM ' . RANKS_TABLE . '
WHERE rank_special = 1
@@ -346,9 +365,9 @@ function marklist(match, status)
$type_closed = ($group_type == GROUP_CLOSED) ? ' checked="checked"' : '';
$type_hidden = ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : '';
- if ($group_avatar)
+ if (isset($group_row['group_avatar']) && $group_row['group_avatar'])
{
- switch ($group_avatar_type)
+ switch ($group_row['group_avatar_type'])
{
case AVATAR_UPLOAD:
$avatar_img = $phpbb_root_path . $config['avatar_path'] . '/';
@@ -357,9 +376,9 @@ function marklist(match, status)
$avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/';
break;
}
- $avatar_img .= $group_avatar;
+ $avatar_img .= $group_row['group_avatar'];
- $avatar_img = '<img src="' . $avatar_img . '" width="' . $group_avatar_width . '" height="' . $group_avatar_height . '" border="0" alt="" />';
+ $avatar_img = '<img src="' . $avatar_img . '" width="' . $group_row['group_avatar_width'] . '" height="' . $group_row['group_avatar_height'] . '" alt="" />';
}
else
{
@@ -409,7 +428,7 @@ function swatch()
if ($group_type != GROUP_SPECIAL)
{
-?><input class="post" type="text" name="group_name" value="<?php echo (!empty($group_name)) ? $group_name : ''; ?>" size="40" maxlength="40" /><?php
+?><input class="post" type="text" name="group_name" value="<?php echo ($group_name) ? $group_name : ''; ?>" size="40" maxlength="40" /><?php
}
else
@@ -423,7 +442,7 @@ function swatch()
</tr>
<tr>
<td class="row2"><b><?php echo $user->lang['GROUP_DESC']; ?>:</b></td>
- <td class="row1"><input class="post" type="text" name="group_description" value="<?php echo (!empty($group_description)) ? $group_description : ''; ?>" size="40" maxlength="255" /></td>
+ <td class="row1"><input class="post" type="text" name="group_description" value="<?php echo ($group_description) ? $group_description : ''; ?>" size="40" maxlength="255" /></td>
</tr>
<?php
@@ -445,15 +464,15 @@ function swatch()
</tr>
<tr>
<td class="row2"><b><?php echo $user->lang['GROUP_RECEIVE_PM']; ?>:</b></td>
- <td class="row1" nowrap="nowrap"><input type="checkbox" name="group_receive_pm"<?php echo ($group_receive_pm) ? ' checked="checked"' : ''; ?> /></td>
+ <td class="row1" nowrap="nowrap"><input type="checkbox" name="group_receive_pm"<?php echo (isset($group_row['group_receive_pm']) && $group_row['group_receive_pm']) ? ' checked="checked"' : ''; ?> /></td>
</tr>
<tr>
<td class="row2"><b><?php echo $user->lang['GROUP_MESSAGE_LIMIT']; ?>:</b><br /><span class="gensmall"><?php echo $user->lang['GROUP_MESSAGE_LIMIT_EXPLAIN']; ?></span></td>
- <td class="row1" nowrap="nowrap"><input class="post" type="text" maxlength="4" size="4" name="group_message_limit" value="<?php echo $group_message_limit; ?>" /></td>
+ <td class="row1" nowrap="nowrap"><input class="post" type="text" maxlength="4" size="4" name="group_message_limit" value="<?php echo (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0; ?>" /></td>
</tr>
<tr>
<td class="row2"><b><?php echo $user->lang['GROUP_COLOR']; ?>:</b><br /><span class="gensmall"><?php echo $user->lang['GROUP_COLOR_EXPLAIN']; ?></span></td>
- <td class="row1" nowrap="nowrap"><input class="post" type="text" name="group_colour" value="<?php echo (!empty($group_colour)) ? $group_colour : ''; ?>" size="6" maxlength="6" /> &nbsp; [ <a href="<?php echo "swatch.$phpEx"; ?>" onclick="swatch();return false" target="_swatch"><?php echo $user->lang['COLOUR_SWATCH']; ?></a> ]</td>
+ <td class="row1" nowrap="nowrap"><input class="post" type="text" name="group_colour" value="<?php echo (isset($group_row['group_colour'])) ? $group_row['group_colour'] : ''; ?>" size="6" maxlength="6" /> &nbsp; [ <a href="<?php echo "swatch.$phpEx"; ?>" onclick="swatch();return false" target="_swatch"><?php echo $user->lang['COLOUR_SWATCH']; ?></a> ]</td>
</tr>
<tr>
<td class="row2"><b><?php echo $user->lang['GROUP_RANK']; ?>:</b></td>
@@ -492,7 +511,7 @@ function swatch()
</tr>
<tr>
<td class="row2" width="35%"><b><?php echo $user->lang['LINK_REMOTE_SIZE']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['LINK_REMOTE_SIZE_EXPLAIN']; ?></span></td>
- <td class="row1"><input class="post" type="text" name="width" size="3" value="<?php echo $group_avatar_width; ?>" /> <span class="gen">px X </span> <input class="post" type="text" name="height" size="3" value="<?php echo $group_avatar_height; ?>" /> <span class="gen">px</span></td>
+ <td class="row1"><input class="post" type="text" name="width" size="3" value="<?php echo (isset($group_row['group_avatar_width'])) ? $group_row['group_avatar_width'] : ''; ?>" /> <span class="gen">px X </span> <input class="post" type="text" name="height" size="3" value="<?php echo (isset($group_row['group_avatar_height'])) ? $group_row['group_avatar_height'] : ''; ?>" /> <span class="gen">px</span></td>
</tr>
<?php
@@ -520,8 +539,9 @@ function swatch()
<td class="cat" colspan="2" align="center" valign="middle"><span class="genmed"><?php echo $user->lang['AVATAR_CATEGORY']; ?>: </span><select name="avatarcat">{S_CAT_OPTIONS}</select>&nbsp; <span class="genmed"><?php echo $user->lang['AVATAR_PAGE']; ?>: </span><select name="avatarpage">{S_PAGE_OPTIONS}</select>&nbsp;<input class="btnlite" type="submit" value="<?php echo $user->lang['GO']; ?>" name="avatargallery" /></td>
</tr>
<tr>
- <td class="row1" colspan="2" align="center"><table cellspacing="1" cellpadding="4" border="0">
-
+ <td class="row1" colspan="2" align="center">
+
+ <table cellspacing="1" cellpadding="4" border="0">
<!-- BEGIN avatar_row -->
<tr>
<!-- BEGIN avatar_column -->
@@ -534,8 +554,9 @@ function swatch()
<!-- END avatar_option_column -->
</tr>
<!-- END avatar_row -->
-
- </table></td>
+ </table>
+
+ </td>
</tr>
<?php
@@ -551,7 +572,7 @@ function swatch()
<?php
adm_page_footer();
- break;
+ break;
}
if ($mode == 'list' || $group_id)
@@ -604,9 +625,8 @@ function swatch()
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug
WHERE ug.group_id = $group_id
AND u.user_id = ug.user_id
- ORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username
- LIMIT $start, " . $config['topics_per_page'];
- $result = $db->sql_query($sql);
+ ORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username ";
+ $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
$leader = $member = 0;
$group_data = array();
@@ -629,7 +649,7 @@ function swatch()
}
$db->sql_freeresult($result);
- if ($group_type != GROUP_SPECIAL)
+ if ($group_row['group_type'] != GROUP_SPECIAL)
{
?>
@@ -719,16 +739,19 @@ function swatch()
?>
<tr>
- <td class="cat" colspan="5" align="right"><select name="action"><option class="sep" value=""><?php echo $user->lang['SELECT_OPTION']; ?></option><?php
+ <td class="cat" colspan="5" align="right">
+ <select name="action"><option class="sep" value=""><?php echo $user->lang['SELECT_OPTION']; ?></option><?php
foreach (array('default' => 'DEFAULT', 'approve' => 'APPROVE', 'demote' => 'DEMOTE', 'promote' => 'PROMOTE', 'deleteusers' => 'DELETE') as $option => $lang)
{
echo '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>';
}
-?></select> <input class="btnmain" type="submit" name="update" value="<?php echo $user->lang['SUBMIT']; ?>" />&nbsp;</td>
+?>
+ </select> <input class="btnmain" type="submit" name="update" value="<?php echo $user->lang['SUBMIT']; ?>" />&nbsp;
+ </td>
</tr>
-</table>
+ </table>
<table width="95%" cellspacing="1" cellpadding="1" border="0" align="center">
<tr>
@@ -877,7 +900,7 @@ function swatch()
<?php
adm_page_footer();
- break;
+ break;
// Setting groupwide preferences
case 'prefs':
@@ -922,7 +945,7 @@ function swatch()
<?php
adm_page_footer();
- break;
+ break;
default:
trigger_error($user->lang['NO_MODE']);
diff --git a/phpBB/docs/coding-guidelines.html b/phpBB/docs/coding-guidelines.html
index c6493066d3..ee0b9f4e86 100644
--- a/phpBB/docs/coding-guidelines.html
+++ b/phpBB/docs/coding-guidelines.html
@@ -758,7 +758,7 @@ $start = request_var('start', '0');
<p>Sessions should be initiated on each page, as near the top as possible using the following code:</p>
<blockquote><pre>
-$user->start();
+$user->session_begin();
$auth->acl($user->data);
$user->setup();
</pre></blockquote>
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 74961dcf9e..150a37b6b8 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -145,26 +145,29 @@ function user_delete($mode, $user_id)
}
$db->sql_freeresult($result);
- $sql = 'SELECT topic_id, topic_replies, topic_replies_real
- FROM ' . TOPICS_TABLE . '
- WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
- $result = $db->sql_query($sql);
-
- $del_topic_ary = array();
- while ($row = $db->sql_fetchrow($result))
+ if (sizeof($topic_id_ary))
{
- if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
+ $sql = 'SELECT topic_id, topic_replies, topic_replies_real
+ FROM ' . TOPICS_TABLE . '
+ WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+ $result = $db->sql_query($sql);
+
+ $del_topic_ary = array();
+ while ($row = $db->sql_fetchrow($result))
{
- $del_topic_ary[] = $row['topic_id'];
+ if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
+ {
+ $del_topic_ary[] = $row['topic_id'];
+ }
}
- }
- $db->sql_freeresult($result);
+ $db->sql_freeresult($result);
- if (sizeof($del_topic_ary))
- {
- $sql = 'DELETE FROM ' . TOPICS_TABLE . '
- WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
- $db->sql_query($sql);
+ if (sizeof($del_topic_ary))
+ {
+ $sql = 'DELETE FROM ' . TOPICS_TABLE . '
+ WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
+ $db->sql_query($sql);
+ }
}
// Delete posts, attachments, etc.
@@ -188,9 +191,8 @@ function user_delete($mode, $user_id)
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
- ORDER BY user_id DESC
- LIMIT 1';
- $result = $db->sql_query($sql);
+ ORDER BY user_id DESC';
+ $result = $db->sql_query_limit($sql, 1);
if ($row = $db->sql_fetchrow($result))
{
@@ -284,8 +286,7 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
FROM ' . USERS_TABLE . "
WHERE user_id = $user_id";
$result = $db->sql_query($sql);
-
- extract($db->sql_fetchrow($result));
+ $username = $db->sql_fetchfield('username', 0, $result);
$db->sql_freeresult($result);
}
@@ -303,9 +304,9 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
global $db, $user, $auth;
// Delete stale bans
- $sql = "DELETE FROM " . BANLIST_TABLE . "
- WHERE ban_end < " . time() . "
- AND ban_end <> 0";
+ $sql = 'DELETE FROM ' . BANLIST_TABLE . '
+ WHERE ban_end < ' . time() . '
+ AND ban_end <> 0';
$db->sql_query($sql);
$ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
@@ -497,20 +498,21 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
switch (SQL_LAYER)
{
case 'mysql':
- $sql .= (($sql != '') ? ', ' : '') . "($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')";
+ $sql .= (($sql != '') ? ', ' : '') . "($ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "')";
break;
case 'mysql4':
case 'mysqli':
case 'mssql':
case 'sqlite':
- $sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason'";
+ $sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "'";
break;
default:
$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
- VALUES ($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')";
+ VALUES ($ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "')";
$db->sql_query($sql);
+ $sql = '';
}
}
@@ -541,6 +543,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$result = $db->sql_query($sql);
$sql_in = array();
+ $sql = '';
if ($row = $db->sql_fetchrow($result))
{
do
@@ -551,6 +554,10 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$sql = 'WHERE session_user_id IN (' . str_replace('*', '%', implode(', ', $sql_in)) . ")";
}
+ else
+ {
+ trigger_error('NO_EMAIL_TO_BAN');
+ }
break;
}
@@ -584,9 +591,9 @@ function user_unban($mode, $ban)
global $db, $user, $auth;
// Delete stale bans
- $sql = "DELETE FROM " . BANLIST_TABLE . "
- WHERE ban_end < " . time() . "
- AND ban_end <> 0";
+ $sql = 'DELETE FROM ' . BANLIST_TABLE . '
+ WHERE ban_end < ' . time() . '
+ AND ban_end <> 0';
$db->sql_query($sql);
$unban_sql = implode(', ', $ban);
@@ -594,6 +601,7 @@ function user_unban($mode, $ban)
if ($unban_sql)
{
$l_unban_list = '';
+
// Grab details of bans for logging information later
switch ($mode)
{
@@ -989,7 +997,8 @@ function avatar_upload($data, &$error)
*/
function avatar_gallery($category, &$error)
{
- global $config, $phpbb_root_path, $user;
+ global $user, $cache;
+ global $config, $phpbb_root_path;
$path = $phpbb_root_path . $config['avatar_gallery_path'];
@@ -1042,16 +1051,30 @@ function avatar_gallery($category, &$error)
//
// Usergroup functions
//
-
+
/**
* Add or edit a group. If we're editing a group we only update user
* parameters such as rank, etc. if they are changed
*/
-function group_create($group_id, $type, $name, $desc)
+function group_create($group_id, $type, $name, $desc, $group_attributes)
{
global $phpbb_root_path, $config, $db, $user, $file_upload;
$error = array();
+ $attribute_ary = array(
+ 'group_colour' => 'string',
+ 'group_rank' => 'int',
+ 'group_avatar' => 'string',
+ 'group_avatar_type' => 'int',
+ 'group_avatar_width' => 'int',
+ 'group_avatar_height' => 'int',
+
+ 'group_receive_pm' => 'int',
+ 'group_message_limit' => 'int',
+ );
+
+ // Those are group-only attributes
+ $group_only_ary = array('group_receive_pm', 'group_message_limit');
// Check data
if (!strlen($name) || strlen($name) > 40)
@@ -1077,42 +1100,31 @@ function group_create($group_id, $type, $name, $desc)
'group_type' => (int) $type,
);
- $attribute_ary = array('group_colour' => 'string', 'group_rank' => 'int', 'group_avatar' => 'string', 'group_avatar_type' => 'int', 'group_avatar_width' => 'int', 'group_avatar_height' => 'int');
-
- $i = 4;
- foreach ($attribute_ary as $attribute => $type)
- {
- if (func_num_args() > $i && ($value = func_get_arg($i)) !== false)
- {
- settype($value, $type);
-
- $sql_ary[$attribute] = $$attribute = $value;
- }
- $i++;
- }
-
- $group_only_ary = array('group_receive_pm' => 'int', 'group_message_limit' => 'int');
-
- foreach ($group_only_ary as $attribute => $type)
+ if (sizeof($group_attributes))
{
- if (func_num_args() > $i && ($value = func_get_arg($i)) !== false)
+ foreach ($attribute_ary as $attribute => $type)
{
- settype($value, $type);
-
- $sql_ary[$attribute] = $value;
+ if (isset($group_attributes[$attribute]))
+ {
+ settype($group_attributes[$attribute], $type);
+ $sql_ary[$attribute] = $group_attributes[$attribute];
+ }
}
- $i++;
}
$sql = ($group_id) ? 'UPDATE ' . GROUPS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE group_id = $group_id" : 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
+ // Set user attributes
$sql_ary = array();
- foreach ($attribute_ary as $attribute => $type)
+ if (sizeof($group_attributes))
{
- if (isset($$attribute))
+ foreach ($attribute_ary as $attribute => $type)
{
- $sql_ary[str_replace('group', 'user', $attribute)] = $$attribute;
+ if (isset($group_attributes[$attribute]) && !in_array($attribute, $group_only_ary))
+ {
+ $sql_ary[str_replace('group', 'user', $attribute)] = $group_attributes[$attribute];
+ }
}
}
@@ -1149,11 +1161,7 @@ function group_delete($group_id, $group_name = false)
FROM ' . GROUPS_TABLE . "
WHERE group_id = $group_id";
$result = $db->sql_query($sql);
-
- if (!extract($db->sql_fetchrow($result)))
- {
- trigger_error("Could not obtain name of group $group_id", E_USER_ERROR);
- }
+ $group_name = $db->sql_fetchfield('group_name', 0, $result);
$db->sql_freeresult($result);
}
@@ -1167,9 +1175,8 @@ function group_delete($group_id, $group_name = false)
$sql = 'SELECT u.user_id, u.username
FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u
WHERE ug.group_id = $group_id
- AND u.user_id = ug.user_id
- LIMIT $start, 200";
- $result = $db->sql_query($sql);
+ AND u.user_id = ug.user_id";
+ $result = $db->sql_query_limit($sql, 200, $start);
if ($row = $db->sql_fetchrow($result))
{
@@ -1211,7 +1218,7 @@ function group_delete($group_id, $group_name = false)
/**
* Add user(s) to group
*/
-function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0)
+function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
{
global $db, $auth;
@@ -1300,72 +1307,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
if ($default)
{
- $attribute_ary = array('group_colour' => 'string', 'group_rank' => 'int', 'group_avatar' => 'string', 'group_avatar_type' => 'int', 'group_avatar_width' => 'int', 'group_avatar_height' => 'int');
-
- // Were group attributes passed to the function? If not we need to obtain them
- if (func_num_args() > 6)
- {
- $i = 6;
- foreach ($attribute_ary as $attribute => $type)
- {
- if (func_num_args() > $i && ($value = func_get_arg($i)) !== false)
- {
- settype($value, $type);
-
- $sql_ary[$attribute] = $$attribute = $value;
- }
- $i++;
- }
- }
- else
- {
- $sql = 'SELECT group_colour, group_rank, group_avatar, group_avatar_type, group_avatar_width, group_avatar_height
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
- $result = $db->sql_query($sql);
-
- if (!extract($db->sql_fetchrow($result)))
- {
- trigger_error("Could not obtain group attributes for group_id $group_id", E_USER_ERROR);
- }
- $db->sql_freeresult($result);
-
- if (!$group_avatar_width)
- {
- unset($group_avatar_width);
- }
- if (!$group_avatar_height)
- {
- unset($group_avatar_height);
- }
- }
-
- $sql_set = '';
- foreach ($attribute_ary as $attribute => $type)
- {
- if (isset($$attribute))
- {
- $field = str_replace('group_', 'user_', $attribute);
-
- switch ($type)
- {
- case 'int':
- $sql_set .= ", $field = " . (int) $$attribute;
- break;
- case 'double':
- $sql_set .= ", $field = " . (double) $$attribute;
- break;
- case 'string':
- $sql_set .= ", $field = '" . (string) $db->sql_escape($$attribute) . "'";
- break;
- }
- }
- }
-
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET group_id = $group_id$sql_set
- WHERE user_id IN (" . implode(', ', $user_id_ary) . ')';
- $db->sql_query($sql);
+ group_set_user_default($group_id, $user_id_ary, $group_attributes);
}
// Clear permissions cache of relevant users
@@ -1412,8 +1354,6 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
$group_order = array('ADMINISTRATORS', 'SUPER_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
- $attribute_ary = array('group_colour' => 'string', 'group_rank' => 'int', 'group_avatar' => 'string', 'group_avatar_type' => 'int', 'group_avatar_width' => 'int', 'group_avatar_height' => 'int');
-
// We need both username and user_id info
user_get_id_name($user_id_ary, $username_ary);
@@ -1427,12 +1367,14 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
{
$group_order_id[$row['group_name']] = $row['group_id'];
- $special_group_data[$row['group_id']]['group_colour'] = $row['group_colour'];
- $special_group_data[$row['group_id']]['group_rank'] = $row['group_rank'];
- $special_group_data[$row['group_id']]['group_avatar'] = $row['group_avatar'];
- $special_group_data[$row['group_id']]['group_avatar_type'] = $row['group_avatar_type'];
- $special_group_data[$row['group_id']]['group_avatar_width'] = $row['group_avatar_width'];
- $special_group_data[$row['group_id']]['group_avatar_height'] = $row['group_avatar_height'];
+ $special_group_data[$row['group_id']] = array(
+ 'user_colour' => $row['group_colour'],
+ 'user_rank' => $row['group_rank'],
+ 'user_avatar' => $row['group_avatar'],
+ 'user_avatar_type' => $row['group_avatar_type'],
+ 'user_avatar_width' => $row['group_avatar_width'],
+ 'user_avatar_height'=> $row['group_avatar_height'],
+ );
}
$db->sql_freeresult($result);
@@ -1478,31 +1420,12 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
foreach ($special_group_data as $gid => $default_data_ary)
{
- if (isset($sql_where_ary[$gid]) && $sql_where = implode(', ', $sql_where_ary[$gid]))
+ if (isset($sql_where_ary[$gid]) && sizeof($sql_whery_ary[$gid]))
{
- $sql_set = '';
- foreach ($special_group_data[$gid] as $attribute => $value)
- {
- $field = str_replace('group_', 'user_', $attribute);
+ $special_group_data[$gid]['group_id'] = $gid;
- switch ($attribute_ary[$attribute])
- {
- case 'int':
- $sql_set .= ", $field = " . (int) $value;
- break;
- case 'double':
- $sql_set .= ", $field = " . (double) $value;
- break;
- case 'string':
- $sql_set .= ", $field = '" . $db->sql_escape($value) . "'";
- break;
- }
- }
-
- // Set new default
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET group_id = $gid$sql_set
- WHERE user_id IN (" . implode(', ', $sql_where_ary[$gid]) . ')';
+ $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . '
+ WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')';
$db->sql_query($sql);
}
}
@@ -1512,7 +1435,6 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
WHERE group_id = $group_id
AND user_id IN (" . implode(', ', $user_id_ary) . ')';
$db->sql_query($sql);
- unset($default_ary);
// Clear permissions cache of relevant users
$auth->acl_clear_prefetch($user_id_ary);
@@ -1523,11 +1445,8 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
FROM ' . GROUPS_TABLE . "
WHERE group_id = $group_id";
$result = $db->sql_query($sql);
-
- if (!extract($db->sql_fetchrow($result)))
- {
- trigger_error("Could not obtain name of group $group_id", E_USER_ERROR);
- }
+ $group_name = $db->sql_fetchfield('group_name', 0, $result);
+ $db->sql_freeresult($result);
}
if (!function_exists('add_log'))
@@ -1540,8 +1459,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
add_log('admin', $log, $group_name, implode(', ', $username_ary));
- unset($username_ary);
- unset($user_id_ary);
+ unset($username_ary, $user_id_ary);
return false;
}
@@ -1549,7 +1467,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
/**
* This is used to promote (to leader), demote or set as default a member/s
*/
-function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
+function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
{
global $db, $auth;
@@ -1567,7 +1485,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
$db->sql_query($sql);
$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
- break;
+ break;
case 'approve':
$sql = 'UPDATE ' . USER_GROUP_TABLE . "
@@ -1577,80 +1495,10 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
$db->sql_query($sql);
$log = 'LOG_GROUP_APPROVE';
- break;
+ break;
case 'default':
- $attribute_ary = array('group_colour' => 'string', 'group_rank' => 'int', 'group_avatar' => 'string', 'group_avatar_type' => 'int', 'group_avatar_width' => 'int', 'group_avatar_height' => 'int');
-
- // Were group attributes passed to the function? If not we need
- // to obtain them
- if (func_num_args() > 5)
- {
- $i = 5;
- foreach ($attribute_ary as $attribute => $type)
- {
- if (func_num_args() > $i && ($value = func_get_arg($i)) !== false)
- {
- settype($value, $type);
-
- $sql_ary[$attribute] = $$attribute = $value;
- }
- $i++;
- }
- }
- else
- {
- $sql = 'SELECT group_colour, group_rank, group_avatar, group_avatar_type, group_avatar_width, group_avatar_height
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
- $result = $db->sql_query($sql);
-
- if (!extract($db->sql_fetchrow($result)))
- {
- return 'NO_GROUP';
- }
- $db->sql_freeresult($result);
-
- if (!$group_avatar_width)
- {
- unset($group_avatar_width);
- }
- if (!$group_avatar_height)
- {
- unset($group_avatar_height);
- }
- }
-
- // FAILURE HERE when grabbing data from DB and checking "isset" ... will
- // be true for all similar functionality
-
- $sql_set = '';
- foreach ($attribute_ary as $attribute => $type)
- {
- if (isset($$attribute))
- {
- $field = str_replace('group_', 'user_', $attribute);
-
- switch ($type)
- {
- case 'int':
- $sql_set .= ", $field = " . (int) $$attribute;
- break;
- case 'double':
- $sql_set .= ", $field = " . (double) $$attribute;
- break;
- case 'string':
- $sql_set .= ", $field = '" . (string) $db->sql_escape($$attribute) . "'";
- break;
- }
- }
- }
-
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET group_id = $group_id$sql_set
- WHERE user_id IN (" . implode(', ', $user_id_ary) . ')';
- $db->sql_query($sql);
-
+ group_set_user_default($group_id, $user_id_ary, $group_attributes);
$log = 'LOG_GROUP_DEFAULTS';
break;
}
@@ -1670,22 +1518,68 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
FROM ' . GROUPS_TABLE . "
WHERE group_id = $group_id";
$result = $db->sql_query($sql);
-
- if (!extract($db->sql_fetchrow($result)))
- {
- trigger_error("Could not obtain name of group $group_id", E_USER_ERROR);
- }
+ $group_name = $db->sql_fetchfield('group_name', 0, $result);
+ $db->sql_freeresult($result);
}
add_log('admin', $log, $group_name, implode(', ', $username_ary));
- unset($username_ary);
- unset($user_id_ary);
+ unset($username_ary, $user_id_ary);
return false;
}
/**
+* Set users default group
+*/
+function group_set_user_default($group_id, $user_id_ary, $group_attributes = false)
+{
+ global $db;
+
+ if (!$user_id_ary)
+ {
+ return;
+ }
+
+ $attribute_ary = array(
+ 'group_colour' => 'string',
+ 'group_rank' => 'int',
+ 'group_avatar' => 'string',
+ 'group_avatar_type' => 'int',
+ 'group_avatar_width' => 'int',
+ 'group_avatar_height' => 'int',
+ );
+
+ $sql_ary = array(
+ 'group_id' => $group_id
+ );
+
+ // Were group attributes passed to the function? If not we need to obtain them
+ if ($group_attributes === false)
+ {
+ $sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
+ FROM ' . GROUPS_TABLE . "
+ WHERE group_id = $group_id";
+ $result = $db->sql_query($sql);
+ $group_attributes = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
+ }
+
+ foreach ($attribute_ary as $attribute => $type)
+ {
+ if (isset($group_attributes[$attribute]))
+ {
+ settype($group_attributes[$attribute], $type);
+ $sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
+ }
+ }
+
+ $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+ WHERE user_id IN (' . implode(', ', $user_id_ary) . ')';
+ $db->sql_query($sql);
+}
+
+/**
* Obtain either the members of a specified group, the groups the specified user is subscribed to
* or checking if a specified user is in a specified group
*
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-30 20:52:01 +0000