aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions_user.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions_user.php')
-rw-r--r--phpBB/includes/functions_user.php455
1 files changed, 225 insertions, 230 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 4aecbff6ba..e0b6a9d0c6 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -26,8 +26,10 @@ if (!defined('IN_PHPBB'))
* @param array &$user_id_ary The user ids to check or empty if usernames used
* @param array &$username_ary The usernames to check or empty if user ids used
* @param mixed $user_type Array of user types to check, false if not restricting by user type
+* @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called
+* @return boolean|string Returns false on success, error string on failure
*/
-function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
+function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false)
{
global $db;
@@ -50,7 +52,13 @@ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
}
$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary});
- unset(${$which_ary});
+
+ // By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained.
+ // Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below.
+ if ($update_references === false)
+ {
+ unset(${$which_ary});
+ }
$user_id_ary = $username_ary = array();
@@ -89,7 +97,7 @@ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
*/
function update_last_username()
{
- global $db;
+ global $config, $db;
// Get latest username
$sql = 'SELECT user_id, username, user_colour
@@ -102,9 +110,9 @@ function update_last_username()
if ($row)
{
- set_config('newest_user_id', $row['user_id'], true);
- set_config('newest_username', $row['username'], true);
- set_config('newest_user_colour', $row['user_colour'], true);
+ $config->set('newest_user_id', $row['user_id'], false);
+ $config->set('newest_username', $row['username'], false);
+ $config->set('newest_user_colour', $row['user_colour'], false);
}
}
@@ -148,7 +156,7 @@ function user_update_name($old_name, $new_name)
if ($config['newest_username'] == $old_name)
{
- set_config('newest_username', $new_name, true);
+ $config->set('newest_username', $new_name, false);
}
/**
@@ -170,13 +178,13 @@ function user_update_name($old_name, $new_name)
* Adds an user
*
* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
-* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
+* @param array $cp_data custom profile fields, see custom_profile::build_insert_sql_array
* @param array $notifications_data The notifications settings for the new user
* @return the new user's ID.
*/
function user_add($user_row, $cp_data = false, $notifications_data = null)
{
- global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
+ global $db, $config;
global $phpbb_dispatcher, $phpbb_container;
if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
@@ -260,7 +268,7 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
$remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
// Now fill our sql array with the remaining vars
- if (sizeof($remaining_vars))
+ if (count($remaining_vars))
{
foreach ($remaining_vars as $key)
{
@@ -272,8 +280,8 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
* Use this event to modify the values to be inserted when a user is added
*
* @event core.user_add_modify_data
- * @var array user_row Array of user details submited to user_add
- * @var array cp_data Array of Custom profile fields submited to user_add
+ * @var array user_row Array of user details submitted to user_add
+ * @var array cp_data Array of Custom profile fields submitted to user_add
* @var array sql_ary Array of data to be inserted when a user is added
* @var array notifications_data Array of notification data to be inserted when a user is added
* @since 3.1.0-a1
@@ -289,10 +297,11 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
$user_id = $db->sql_nextid();
// Insert Custom Profile Fields
- if ($cp_data !== false && sizeof($cp_data))
+ if ($cp_data !== false && count($cp_data))
{
$cp_data['user_id'] = (int) $user_id;
+ /* @var $cp \phpbb\profilefields\manager */
$cp = $phpbb_container->get('profilefields.manager');
$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
$db->sql_build_array('INSERT', $cp->build_insert_sql_array($cp_data));
@@ -325,7 +334,7 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
{
global $phpbb_log;
- // Because these actions only fill the log unneccessarily we skip the add_log() entry.
+ // Because these actions only fill the log unnecessarily, we disable it
$phpbb_log->disable('admin');
// Add user to "newly registered users" group and set to default group if admin specified so.
@@ -346,9 +355,9 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER)
{
- set_config('newest_user_id', $user_id, true);
- set_config('newest_username', $user_row['username'], true);
- set_config_count('num_users', 1, true);
+ $config->set('newest_user_id', $user_id, false);
+ $config->set('newest_username', $user_row['username'], false);
+ $config->increment('num_users', 1, false);
$sql = 'SELECT group_colour
FROM ' . GROUPS_TABLE . '
@@ -357,7 +366,7 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
- set_config('newest_user_colour', $row['group_colour'], true);
+ $config->set('newest_user_colour', $row['group_colour'], false);
}
// Use default notifications settings if notifications_data is not set
@@ -375,9 +384,23 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
);
}
+ /**
+ * Modify the notifications data to be inserted in the database when a user is added
+ *
+ * @event core.user_add_modify_notifications_data
+ * @var array user_row Array of user details submitted to user_add
+ * @var array cp_data Array of Custom profile fields submitted to user_add
+ * @var array sql_ary Array of data to be inserted when a user is added
+ * @var array notifications_data Array of notification data to be inserted when a user is added
+ * @since 3.2.2-RC1
+ */
+ $vars = array('user_row', 'cp_data', 'sql_ary', 'notifications_data');
+ extract($phpbb_dispatcher->trigger_event('core.user_add_modify_notifications_data', compact($vars)));
+
// Subscribe user to notifications if necessary
if (!empty($notifications_data))
{
+ /* @var $phpbb_notifications \phpbb\notification\manager */
$phpbb_notifications = $phpbb_container->get('notification_manager');
foreach ($notifications_data as $subscription)
{
@@ -386,12 +409,12 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
}
/**
- * Event that returns user id, user detals and user CPF of newly registared user
+ * Event that returns user id, user details and user CPF of newly registered user
*
* @event core.user_add_after
- * @var int user_id User id of newly registared user
- * @var array user_row Array of user details submited to user_add
- * @var array cp_data Array of Custom profile fields submited to user_add
+ * @var int user_id User id of newly registered user
+ * @var array user_row Array of user details submitted to user_add
+ * @var array cp_data Array of Custom profile fields submitted to user_add
* @since 3.1.0-b5
*/
$vars = array('user_id', 'user_row', 'cp_data');
@@ -446,9 +469,11 @@ function user_delete($mode, $user_ids, $retain_username = true)
* @var array user_ids IDs of the deleted user
* @var mixed retain_username True if username should be retained
* or false if not
+ * @var array user_rows Array containing data of the deleted users
* @since 3.1.0-a1
+ * @changed 3.2.4-RC1 Added user_rows
*/
- $vars = array('mode', 'user_ids', 'retain_username');
+ $vars = array('mode', 'user_ids', 'retain_username', 'user_rows');
extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars)));
// Before we begin, we will remove the reports the user issued.
@@ -466,7 +491,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
}
$db->sql_freeresult($result);
- if (sizeof($report_posts))
+ if (count($report_posts))
{
$report_posts = array_unique($report_posts);
$report_topics = array_unique($report_topics);
@@ -486,7 +511,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
}
$db->sql_freeresult($result);
- if (sizeof($keep_report_topics))
+ if (count($keep_report_topics))
{
$report_topics = array_diff($report_topics, $keep_report_topics);
}
@@ -498,7 +523,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
WHERE ' . $db->sql_in_set('post_id', $report_posts);
$db->sql_query($sql);
- if (sizeof($report_topics))
+ if (count($report_topics))
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 0
@@ -618,7 +643,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
if ($num_users_delta != 0)
{
- set_config_count('num_users', $num_users_delta, true);
+ $config->increment('num_users', $num_users_delta, false);
}
// Now do the invariant tasks
@@ -649,8 +674,30 @@ function user_delete($mode, $user_ids, $retain_username = true)
delete_posts('poster_id', $user_ids);
}
- $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);
-
+ $table_ary = [
+ USERS_TABLE,
+ USER_GROUP_TABLE,
+ TOPICS_WATCH_TABLE,
+ FORUMS_WATCH_TABLE,
+ ACL_USERS_TABLE,
+ TOPICS_TRACK_TABLE,
+ TOPICS_POSTED_TABLE,
+ FORUMS_TRACK_TABLE,
+ PROFILE_FIELDS_DATA_TABLE,
+ MODERATOR_CACHE_TABLE,
+ DRAFTS_TABLE,
+ BOOKMARKS_TABLE,
+ SESSIONS_KEYS_TABLE,
+ PRIVMSGS_FOLDER_TABLE,
+ PRIVMSGS_RULES_TABLE,
+ $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'),
+ $phpbb_container->getParameter('tables.auth_provider_oauth_states'),
+ $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'),
+ $phpbb_container->getParameter('tables.user_notifications')
+ ];
+
+ // Ignore errors on deleting from non-existent tables, e.g. when migrating
+ $db->sql_return_on_error(true);
// Delete the miscellaneous (non-post) data for the user
foreach ($table_ary as $table)
{
@@ -658,6 +705,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
WHERE " . $user_id_sql;
$db->sql_query($sql);
}
+ $db->sql_return_on_error();
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
@@ -732,9 +780,11 @@ function user_delete($mode, $user_ids, $retain_username = true)
* @var array user_ids IDs of the deleted user
* @var mixed retain_username True if username should be retained
* or false if not
+ * @var array user_rows Array containing data of the deleted users
* @since 3.1.0-a1
+ * @changed 3.2.2-RC1 Added user_rows
*/
- $vars = array('mode', 'user_ids', 'retain_username');
+ $vars = array('mode', 'user_ids', 'retain_username', 'user_rows');
extract($phpbb_dispatcher->trigger_event('core.delete_user_after', compact($vars)));
// Reset newest user info if appropriate
@@ -763,7 +813,7 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
$user_id_ary = array($user_id_ary);
}
- if (!sizeof($user_id_ary))
+ if (!count($user_id_ary))
{
return;
}
@@ -821,7 +871,7 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
$vars = array('mode', 'reason', 'activated', 'deactivated', 'user_id_ary', 'sql_statements');
extract($phpbb_dispatcher->trigger_event('core.user_active_flip_before', compact($vars)));
- if (sizeof($sql_statements))
+ if (count($sql_statements))
{
foreach ($sql_statements as $user_id => $sql_ary)
{
@@ -851,12 +901,12 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
if ($deactivated)
{
- set_config_count('num_users', $deactivated * (-1), true);
+ $config->increment('num_users', $deactivated * (-1), false);
}
if ($activated)
{
- set_config_count('num_users', $activated, true);
+ $config->increment('num_users', $activated, false);
}
// Update latest username
@@ -876,7 +926,7 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
*/
function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
{
- global $db, $user, $auth, $cache;
+ global $db, $user, $cache, $phpbb_log;
// Delete stale bans
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
@@ -899,7 +949,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
else
{
$ban_other = explode('-', $ban_len_other);
- if (sizeof($ban_other) == 3 && ((int) $ban_other[0] < 9999) &&
+ if (count($ban_other) == 3 && ((int) $ban_other[0] < 9999) &&
(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
{
$ban_end = max($current_time, $user->create_datetime()
@@ -967,7 +1017,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
}
// Make sure we have been given someone to ban
- if (!sizeof($sql_usernames))
+ if (!count($sql_usernames))
{
trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);
}
@@ -978,7 +1028,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
// Do not allow banning yourself, the guest account, or founders.
$non_bannable = array($user->data['user_id'], ANONYMOUS);
- if (sizeof($founder))
+ if (count($founder))
{
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
}
@@ -1025,7 +1075,6 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if ($ip_2_counter == 0 && $ip_2_end == 254)
{
$ip_2_counter = 256;
- $ip_2_fragment = 256;
$banlist_ary[] = "$ip_1_counter.*";
}
@@ -1038,7 +1087,6 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if ($ip_3_counter == 0 && $ip_3_end == 254)
{
$ip_3_counter = 256;
- $ip_3_fragment = 256;
$banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
}
@@ -1051,7 +1099,6 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if ($ip_4_counter == 0 && $ip_4_end == 254)
{
$ip_4_counter = 256;
- $ip_4_fragment = 256;
$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
}
@@ -1121,14 +1168,14 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
continue;
}
- if (!sizeof($founder) || !in_array($ban_item, $founder))
+ if (!count($founder) || !in_array($ban_item, $founder))
{
$banlist_ary[] = $ban_item;
}
}
}
- if (sizeof($ban_list) == 0)
+ if (count($ban_list) == 0)
{
trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);
}
@@ -1175,7 +1222,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);
- if (sizeof($banlist_ary_tmp))
+ if (count($banlist_ary_tmp))
{
// One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
@@ -1189,7 +1236,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$db->sql_freeresult($result);
// We have some entities to ban
- if (sizeof($banlist_ary))
+ if (count($banlist_ary))
{
$sql_ary = array();
@@ -1267,13 +1314,22 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
// Add to admin log, moderator log and user notes
- add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
- add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
+ $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_entry . strtoupper($mode), false, array($ban_reason, $ban_list_log));
+ $phpbb_log->add('mod', $user->data['user_id'], $user->ip, $log_entry . strtoupper($mode), false, array(
+ 'forum_id' => 0,
+ 'topic_id' => 0,
+ $ban_reason,
+ $ban_list_log
+ ));
if ($mode == 'user')
{
foreach ($banlist_ary as $user_id)
{
- add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
+ $phpbb_log->add('user', $user->data['user_id'], $user->ip, $log_entry . strtoupper($mode), false, array(
+ 'reportee_id' => $user_id,
+ $ban_reason,
+ $ban_list_log
+ ));
}
}
@@ -1293,7 +1349,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
*/
function user_unban($mode, $ban)
{
- global $db, $user, $auth, $cache, $phpbb_dispatcher;
+ global $db, $user, $cache, $phpbb_log, $phpbb_dispatcher;
// Delete stale bans
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
@@ -1308,7 +1364,7 @@ function user_unban($mode, $ban)
$unban_sql = array_map('intval', $ban);
- if (sizeof($unban_sql))
+ if (count($unban_sql))
{
// Grab details of bans for logging information later
switch ($mode)
@@ -1351,13 +1407,20 @@ function user_unban($mode, $ban)
$db->sql_query($sql);
// Add to moderator log, admin log and user notes
- add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
- add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
+ $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_UNBAN_' . strtoupper($mode), false, array($l_unban_list));
+ $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_UNBAN_' . strtoupper($mode), false, array(
+ 'forum_id' => 0,
+ 'topic_id' => 0,
+ $l_unban_list
+ ));
if ($mode == 'user')
{
foreach ($user_ids_ary as $user_id)
{
- add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
+ $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_UNBAN_' . strtoupper($mode), false, array(
+ 'reportee_id' => $user_id,
+ $l_unban_list
+ ));
}
}
@@ -1397,21 +1460,14 @@ function user_ipwhois($ip)
return '';
}
- if (preg_match(get_preg_expression('ipv4'), $ip))
- {
- // IPv4 address
- $whois_host = 'whois.arin.net.';
- }
- else if (preg_match(get_preg_expression('ipv6'), $ip))
- {
- // IPv6 address
- $whois_host = 'whois.sixxs.net.';
- }
- else
+ if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
{
return '';
}
+ // IPv4 & IPv6 addresses
+ $whois_host = 'whois.arin.net.';
+
$ipwhois = '';
if (($fsk = @fsockopen($whois_host, 43)))
@@ -1565,7 +1621,7 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
function validate_date($date_string, $optional = false)
{
$date = explode('-', $date_string);
- if ((empty($date) || sizeof($date) != 3) && $optional)
+ if ((empty($date) || count($date) != 3) && $optional)
{
return false;
}
@@ -1587,7 +1643,7 @@ function validate_date($date_string, $optional = false)
}
}
- if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
+ if (count($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
{
return 'INVALID';
}
@@ -1662,17 +1718,21 @@ function phpbb_validate_timezone($timezone)
return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
}
-/**
-* Check to see if the username has been taken, or if it is disallowed.
-* Also checks if it includes the " character, which we don't allow in usernames.
-* Used for registering, changing names, and posting anonymously with a username
-*
-* @param string $username The username to check
-* @param string $allowed_username An allowed username, default being $user->data['username']
-*
-* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-*/
-function validate_username($username, $allowed_username = false)
+/***
+ * Validate Username
+ *
+ * Check to see if the username has been taken, or if it is disallowed.
+ * Also checks if it includes the " character or the 4-bytes Unicode ones
+ * (aka emojis) which we don't allow in usernames.
+ * Used for registering, changing names, and posting anonymously with a username
+ *
+ * @param string $username The username to check
+ * @param string $allowed_username An allowed username, default being $user->data['username']
+ *
+ * @return mixed Either false if validation succeeded or a string which will be
+ * used as the error message (with the variable name appended)
+ */
+function validate_username($username, $allowed_username = false, $allow_all_names = false)
{
global $config, $db, $user, $cache;
@@ -1684,95 +1744,51 @@ function validate_username($username, $allowed_username = false)
return false;
}
- // ... fast checks first.
- if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
+ // The very first check is for
+ // out-of-bounds characters that are currently
+ // not supported by utf8_bin in MySQL
+ if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
{
- return 'INVALID_CHARS';
+ return 'INVALID_EMOJIS';
}
- $mbstring = $pcre = false;
-
- // generic UTF-8 character types supported?
- if (phpbb_pcre_utf8_support())
- {
- $pcre = true;
- }
- else if (function_exists('mb_ereg_match'))
+ // ... fast checks first.
+ if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
{
- mb_regex_encoding('UTF-8');
- $mbstring = true;
+ return 'INVALID_CHARS';
}
switch ($config['allow_name_chars'])
{
case 'USERNAME_CHARS_ANY':
- $pcre = true;
$regex = '.+';
break;
case 'USERNAME_ALPHA_ONLY':
- $pcre = true;
$regex = '[A-Za-z0-9]+';
break;
case 'USERNAME_ALPHA_SPACERS':
- $pcre = true;
$regex = '[A-Za-z0-9-[\]_+ ]+';
break;
case 'USERNAME_LETTER_NUM':
- if ($pcre)
- {
- $regex = '[\p{Lu}\p{Ll}\p{N}]+';
- }
- else if ($mbstring)
- {
- $regex = '[[:upper:][:lower:][:digit:]]+';
- }
- else
- {
- $pcre = true;
- $regex = '[a-zA-Z0-9]+';
- }
+ $regex = '[\p{Lu}\p{Ll}\p{N}]+';
break;
case 'USERNAME_LETTER_NUM_SPACERS':
- if ($pcre)
- {
- $regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
- }
- else if ($mbstring)
- {
- $regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';
- }
- else
- {
- $pcre = true;
- $regex = '[-\]_+ [a-zA-Z0-9]+';
- }
+ $regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
break;
case 'USERNAME_ASCII':
default:
- $pcre = true;
$regex = '[\x01-\x7F]+';
break;
}
- if ($pcre)
- {
- if (!preg_match('#^' . $regex . '$#u', $username))
- {
- return 'INVALID_CHARS';
- }
- }
- else if ($mbstring)
+ if (!preg_match('#^' . $regex . '$#u', $username))
{
- mb_ereg_search_init($username, '^' . $regex . '$');
- if (!mb_ereg_search())
- {
- return 'INVALID_CHARS';
- }
+ return 'INVALID_CHARS';
}
$sql = 'SELECT username
@@ -1799,13 +1815,16 @@ function validate_username($username, $allowed_username = false)
return 'USERNAME_TAKEN';
}
- $bad_usernames = $cache->obtain_disallowed_usernames();
-
- foreach ($bad_usernames as $bad_username)
+ if (!$allow_all_names)
{
- if (preg_match('#^' . $bad_username . '$#', $clean_username))
+ $bad_usernames = $cache->obtain_disallowed_usernames();
+
+ foreach ($bad_usernames as $bad_username)
{
- return 'USERNAME_DISALLOWED';
+ if (preg_match('#^' . $bad_username . '$#', $clean_username))
+ {
+ return 'USERNAME_DISALLOWED';
+ }
}
}
@@ -1827,35 +1846,10 @@ function validate_password($password)
return false;
}
- $pcre = $mbstring = false;
-
- // generic UTF-8 character types supported?
- if (phpbb_pcre_utf8_support())
- {
- $upp = '\p{Lu}';
- $low = '\p{Ll}';
- $num = '\p{N}';
- $sym = '[^\p{Lu}\p{Ll}\p{N}]';
- $pcre = true;
- }
- else if (function_exists('mb_ereg_match'))
- {
- mb_regex_encoding('UTF-8');
- $upp = '[[:upper:]]';
- $low = '[[:lower:]]';
- $num = '[[:digit:]]';
- $sym = '[^[:upper:][:lower:][:digit:]]';
- $mbstring = true;
- }
- else
- {
- $upp = '[A-Z]';
- $low = '[a-z]';
- $num = '[0-9]';
- $sym = '[^A-Za-z0-9]';
- $pcre = true;
- }
-
+ $upp = '\p{Lu}';
+ $low = '\p{Ll}';
+ $num = '\p{N}';
+ $sym = '[^\p{Lu}\p{Ll}\p{N}]';
$chars = array();
switch ($config['pass_complex'])
@@ -1878,24 +1872,11 @@ function validate_password($password)
$chars[] = $upp;
}
- if ($pcre)
+ foreach ($chars as $char)
{
- foreach ($chars as $char)
+ if (!preg_match('#' . $char . '#u', $password))
{
- if (!preg_match('#' . $char . '#u', $password))
- {
- return 'INVALID_CHARS';
- }
- }
- }
- else if ($mbstring)
- {
- foreach ($chars as $char)
- {
- if (mb_ereg($char, $password) === false)
- {
- return 'INVALID_CHARS';
- }
+ return 'INVALID_CHARS';
}
}
@@ -1964,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false)
return $validate_email;
}
- if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
+ $ban = $user->check_ban(false, false, $email, true);
+ if (!empty($ban))
{
- return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
+ return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
}
if (!$config['allow_emailreuse'])
@@ -2017,7 +1999,7 @@ function validate_jabber($jid)
$arr = explode('.', $realm);
- if (sizeof($arr) == 0)
+ if (count($arr) == 0)
{
return 'WRONG_DATA';
}
@@ -2239,7 +2221,7 @@ function phpbb_style_is_active($style_id)
*/
function avatar_delete($mode, $row, $clean_db = false)
{
- global $phpbb_root_path, $config, $db, $user;
+ global $phpbb_root_path, $config;
// Check if the users avatar is actually *not* a group avatar
if ($mode == 'user')
@@ -2311,7 +2293,10 @@ function phpbb_avatar_explanation_string()
*/
function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
{
- global $phpbb_root_path, $config, $db, $user, $file_upload, $phpbb_container;
+ global $db, $user, $phpbb_container, $phpbb_log;
+
+ /** @var \phpbb\group\helper $group_helper */
+ $group_helper = $phpbb_container->get('group_helper');
$error = array();
@@ -2338,13 +2323,17 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
$group_teampage = !empty($group_attributes['group_teampage']);
unset($group_attributes['group_teampage']);
- if (!sizeof($error))
+ if (!count($error))
{
$current_legend = \phpbb\groupposition\legend::GROUP_DISABLED;
$current_teampage = \phpbb\groupposition\teampage::GROUP_DISABLED;
+ /* @var $legend \phpbb\groupposition\legend */
$legend = $phpbb_container->get('groupposition.legend');
+
+ /* @var $teampage \phpbb\groupposition\teampage */
$teampage = $phpbb_container->get('groupposition.teampage');
+
if ($group_id)
{
try
@@ -2407,7 +2396,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
}
- if (sizeof($group_attributes))
+ if (count($group_attributes))
{
// Merge them with $sql_ary to properly update the group
$sql_ary = array_merge($sql_ary, $group_attributes);
@@ -2416,8 +2405,6 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
// Setting the log message before we set the group id (if group gets added)
$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
- $query = '';
-
if ($group_id)
{
$sql = 'SELECT user_id
@@ -2535,7 +2522,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
// Set user attributes
$sql_ary = array();
- if (sizeof($group_attributes))
+ if (count($group_attributes))
{
// Go through the user attributes array, check if a group attribute matches it and then set it. ;)
foreach ($user_attribute_ary as $attribute)
@@ -2555,18 +2542,18 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
}
}
- if (sizeof($sql_ary) && sizeof($user_ary))
+ if (count($sql_ary) && count($user_ary))
{
group_set_user_default($group_id, $user_ary, $sql_ary);
}
- $name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;
- add_log('admin', $log, $name);
+ $name = $group_helper->get_name($name);
+ $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($name));
group_update_listings($group_id);
}
- return (sizeof($error)) ? $error : false;
+ return (count($error)) ? $error : false;
}
@@ -2599,7 +2586,7 @@ function group_correct_avatar($group_id, $old_entry)
*/
function avatar_remove_db($avatar_name)
{
- global $config, $db;
+ global $db;
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_avatar = '',
@@ -2614,7 +2601,7 @@ function avatar_remove_db($avatar_name)
*/
function group_delete($group_id, $group_name = false)
{
- global $db, $cache, $auth, $user, $phpbb_root_path, $phpEx, $phpbb_dispatcher, $phpbb_container;
+ global $db, $cache, $auth, $user, $phpbb_root_path, $phpEx, $phpbb_dispatcher, $phpbb_container, $phpbb_log;
if (!$group_name)
{
@@ -2658,6 +2645,7 @@ function group_delete($group_id, $group_name = false)
// Delete group from legend and teampage
try
{
+ /* @var $legend \phpbb\groupposition\legend */
$legend = $phpbb_container->get('groupposition.legend');
$legend->delete_group($group_id);
unset($legend);
@@ -2671,6 +2659,7 @@ function group_delete($group_id, $group_name = false)
try
{
+ /* @var $teampage \phpbb\groupposition\teampage */
$teampage = $phpbb_container->get('groupposition.teampage');
$teampage->delete_group($group_id);
unset($teampage);
@@ -2711,7 +2700,7 @@ function group_delete($group_id, $group_name = false)
phpbb_cache_moderators($db, $cache, $auth);
- add_log('admin', 'LOG_GROUP_DELETE', $group_name);
+ $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_GROUP_DELETE', false, array($group_name));
// Return false - no error
return false;
@@ -2724,16 +2713,23 @@ function group_delete($group_id, $group_name = false)
*/
function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
{
- global $db, $auth, $phpbb_container, $phpbb_dispatcher;
+ global $db, $auth, $user, $phpbb_container, $phpbb_log, $phpbb_dispatcher;
// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);
- if (!sizeof($user_id_ary) || $result !== false)
+ if (empty($user_id_ary) || $result !== false)
{
return 'NO_USER';
}
+ // Because the item that gets passed into the previous function is unset, the reference is lost and our original
+ // array is retained - so we know there's a problem if there's a different number of ids to usernames now.
+ if (count($user_id_ary) != count($username_ary))
+ {
+ return 'GROUP_USERS_INVALID';
+ }
+
// Remove users who are already members of this group
$sql = 'SELECT user_id, group_leader
FROM ' . USER_GROUP_TABLE . '
@@ -2757,7 +2753,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
$add_id_ary = array_diff($user_id_ary, $add_id_ary);
// If we have no users
- if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
+ if (!count($add_id_ary) && !count($update_id_ary))
{
return 'GROUP_USERS_EXIST';
}
@@ -2765,7 +2761,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
$db->sql_transaction('begin');
// Insert the new users
- if (sizeof($add_id_ary))
+ if (count($add_id_ary))
{
$sql_ary = array();
@@ -2782,7 +2778,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
$db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);
}
- if (sizeof($update_id_ary))
+ if (count($update_id_ary))
{
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = 1
@@ -2828,12 +2824,13 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
$log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED');
- add_log('admin', $log, $group_name, implode(', ', $username_ary));
+ $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($group_name, implode(', ', $username_ary)));
group_update_listings($group_id);
if ($pending)
{
+ /* @var $phpbb_notifications \phpbb\notification\manager */
$phpbb_notifications = $phpbb_container->get('notification_manager');
foreach ($add_id_ary as $user_id)
@@ -2859,7 +2856,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
*/
function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $log_action = true)
{
- global $db, $auth, $config, $phpbb_dispatcher, $phpbb_container;
+ global $db, $auth, $config, $user, $phpbb_dispatcher, $phpbb_container, $phpbb_log;
if ($config['coppa_enable'])
{
@@ -2873,7 +2870,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);
- if (!sizeof($user_id_ary) || $result !== false)
+ if (empty($user_id_ary) || $result !== false)
{
return 'NO_USER';
}
@@ -2949,7 +2946,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
foreach ($special_group_data as $gid => $default_data_ary)
{
- if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
+ if (isset($sql_where_ary[$gid]) && count($sql_where_ary[$gid]))
{
remove_default_rank($group_id, $sql_where_ary[$gid]);
remove_default_avatar($group_id, $sql_where_ary[$gid]);
@@ -3003,12 +3000,13 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
if ($group_name)
{
- add_log('admin', $log, $group_name, implode(', ', $username_ary));
+ $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($group_name, implode(', ', $username_ary)));
}
}
group_update_listings($group_id);
+ /* @var $phpbb_notifications \phpbb\notification\manager */
$phpbb_notifications = $phpbb_container->get('notification_manager');
$phpbb_notifications->delete_notifications('notification.type.group_request', $user_id_ary, $group_id);
@@ -3102,12 +3100,12 @@ function remove_default_rank($group_id, $user_ids)
*/
function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
{
- global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container, $phpbb_dispatcher;
+ global $db, $auth, $user, $phpbb_container, $phpbb_log, $phpbb_dispatcher;
// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);
- if (!sizeof($user_id_ary) || $result !== false)
+ if (empty($user_id_ary) || $result !== false)
{
return 'NO_USERS';
}
@@ -3162,7 +3160,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
}
$db->sql_freeresult($result);
- if (!sizeof($user_id_ary))
+ if (!count($user_id_ary))
{
return false;
}
@@ -3173,6 +3171,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
AND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
+ /* @var $phpbb_notifications \phpbb\notification\manager */
$phpbb_notifications = $phpbb_container->get('notification_manager');
$phpbb_notifications->add_notifications('notification.type.group_request_approved', array(
@@ -3202,7 +3201,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
$db->sql_freeresult($result);
$result = user_get_id_name($user_id_ary, $username_ary);
- if (!sizeof($user_id_ary) || $result !== false)
+ if (!count($user_id_ary) || $result !== false)
{
return 'NO_USERS';
}
@@ -3258,7 +3257,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
// Clear permissions cache of relevant users
$auth->acl_clear_prefetch($user_id_ary);
- add_log('admin', $log, $group_name, implode(', ', $username_ary));
+ $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($group_name, implode(', ', $username_ary)));
group_update_listings($group_id);
@@ -3270,7 +3269,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
*/
function group_validate_groupname($group_id, $group_name)
{
- global $config, $db;
+ global $db;
$group_name = utf8_clean_string($group_name);
@@ -3318,7 +3317,7 @@ function group_validate_groupname($group_id, $group_name)
*/
function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
{
- global $phpbb_container, $db, $phpbb_dispatcher;
+ global $config, $phpbb_container, $db, $phpbb_dispatcher;
if (empty($user_id_ary))
{
@@ -3388,8 +3387,8 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
if (isset($sql_ary[$avatar_option]))
{
$avatar_sql_ary[$avatar_option] = $sql_ary[$avatar_option];
- }
}
+ }
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $avatar_sql_ary) . "
@@ -3430,11 +3429,9 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
$db->sql_query($sql);
- global $config;
-
if (in_array($config['newest_user_id'], $user_id_ary))
{
- set_config('newest_user_colour', $sql_ary['user_colour'], true);
+ $config->set('newest_user_colour', $sql_ary['user_colour'], false);
}
}
@@ -3469,7 +3466,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
*/
function get_group_name($group_id)
{
- global $db, $user;
+ global $db, $phpbb_container;
$sql = 'SELECT group_name, group_type
FROM ' . GROUPS_TABLE . '
@@ -3478,12 +3475,15 @@ function get_group_name($group_id)
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
- if (!$row || ($row['group_type'] == GROUP_SPECIAL && empty($user->lang)))
+ if (!$row)
{
return '';
}
- return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
+ /** @var \phpbb\group\helper $group_helper */
+ $group_helper = $phpbb_container->get('group_helper');
+
+ return $group_helper->get_name($row['group_name']);
}
/**
@@ -3564,7 +3564,7 @@ function group_update_listings($group_id)
$hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
- if (!sizeof($hold_ary))
+ if (empty($hold_ary))
{
return;
}
@@ -3651,11 +3651,6 @@ function remove_newly_registered($user_id, $user_data = false)
}
}
- if (empty($user_data['user_new']))
- {
- return false;
- }
-
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = 'NEWLY_REGISTERED'
generated by cgit v1.2.1 (git 2.21.0) at 2024-05-23 05:23:31 +0000