diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/functions_user.php | 635 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_main.php | 29 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_prefs.php | 34 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 17 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 6 |
5 files changed, 276 insertions, 445 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 8fa26793b2..f1874a03a2 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -19,519 +19,330 @@ * ***************************************************************************/ -// Handles manipulation of user data. Primary used in registration -// and user profile manipulation -class ucp extends user -{ - var $modules = array(); - var $error = array(); - // Loads a given module (if it isn't already available), instantiates - // a new object, and where appropriate calls the modules init method - function load_module($module_name) - { - if (!class_exists('ucp_' . $module_name)) - { - global $phpbb_root_path, $phpEx; - - require_once($phpbb_root_path . 'includes/ucp/ucp_' . $module_name . '.'.$phpEx); - eval('$this->module[' . $module_name . '] = new ucp_' . $module_name . '();'); +// Generates an alphanumeric random string of given length +function gen_rand_string($num_chars) +{ + $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); - if (method_exists($this->module[$module_name], 'init')) - { - $this->module[$module_name]->init(); - } - } - } + list($usec, $sec) = explode(' ', microtime()); + mt_srand($sec * $usec); - // This is replaced by the loaded module - function main($module_id = false) + $max_chars = count($chars) - 1; + $rand_str = ''; + for ($i = 0; $i < $num_chars; $i++) { - return false; + $rand_str .= $chars[mt_rand(0, $max_chars)]; } - // This generates the block template variable for outputting the list - // of submodules, should be called with an associative array of modules - // in the form 'LANG_STRING' => 'LINK' - function subsection(&$module_ary, &$selected_module) - { - global $template, $user, $phpEx, $SID; - - foreach($module_ary as $section_title => $module_link) - { - $template->assign_block_vars('ucp_subsection', array( - 'L_TITLE' => $user->lang['UCP_' . $section_title], + return $rand_str; +} - 'S_SELECTED'=> ($section_title == strtoupper($selected_module)) ? true : false, +// Check to see if the username has been taken, or if it is disallowed. +// Also checks if it includes the " character, which we don't allow in usernames. +// Used for registering, changing names, and posting anonymously with a username +function validate_username($username) +{ + global $db, $user; - 'U_TITLE' => "ucp.$phpEx$SID&$module_link") - ); - } - } + $sql = 'SELECT username + FROM ' . USERS_TABLE . " + WHERE LOWER(username) = '" . strtolower($db->sql_escape($username)) . "'"; + $result = $db->sql_query($sql); - // Displays the appropriate template with the given title - function display(&$page_title, $tpl_name) + if ($row = $db->sql_fetchrow($result)) { - global $template, $phpEx; - - page_header($page_title); - - $template->set_filenames(array( - 'body' => $tpl_name) - ); - make_jumpbox('viewforum.'.$phpEx); - - page_footer(); + return 'USERNAME_TAKEN'; } + $db->sql_freeresult($result); - // Generates list of additional fields, their type, appropriate data - // etc. for admin defined fields - function extra_fields($page) - { - return false; - } + $sql = 'SELECT group_name + FROM ' . GROUPS_TABLE . " + WHERE LOWER(group_name) = '" . strtolower($db->sql_escape($username)) . "'"; + $result = $db->sql_query($sql); - // Generates an alphanumeric random string of given length - function gen_rand_string($num_chars) + if ($row = $db->sql_fetchrow($result)) { - $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); + return 'USERNAME_TAKEN'; + } + $db->sql_freeresult($result); - list($usec, $sec) = explode(' ', microtime()); - mt_srand($sec * $usec); + $sql = 'SELECT disallow_username + FROM ' . DISALLOW_TABLE; + $result = $db->sql_query($sql); - $max_chars = count($chars) - 1; - $rand_str = ''; - for ($i = 0; $i < $num_chars; $i++) + while ($row = $db->sql_fetchrow($result)) + { + if (preg_match('#' . str_replace('*', '.*?', preg_quote($row['disallow_username'], '#')) . '#i', $username)) { - $rand_str .= $chars[mt_rand(0, $max_chars)]; + return 'USERNAME_DISALLOWED'; } + } + $db->sql_freeresult($result); - return $rand_str; - } + $sql = 'SELECT word + FROM ' . WORDS_TABLE; + $result = $db->sql_query($sql); - // Normalises supplied data dependant on required type/length, errors - // on incorrect data - function normalise_data(&$data, &$normalise) + while ($row = $db->sql_fetchrow($result)) { - $valid_data = array(); - foreach ($normalise as $var_type => $var_ary) + if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username)) { - foreach ($var_ary as $var_name => $var_limits) - { - $var_name = (is_string($var_name)) ? $var_name : $var_limits; - - if (isset($data[$var_name])) - { - switch ($var_type) - { - case 'int': - $valid_data[$var_name] = (int) $data[$var_name]; - break; - - case 'float': - $valid_data[$var_name] = (double) $data[$var_name]; - break; - - case 'bool': - $valid_data[$var_name] = ($data[$var_name] <= 0) ? 0 : 1; - break; - - case 'string': - // Cleanup data, remove excess spaces, run entites - $valid_data[$var_name] = htmlentities(trim(preg_replace('#\s{2,}#s', ' ', strtr((string) $data[$var_name], array_flip(get_html_translation_table(HTML_ENTITIES)))))); - - // How should we check this data? - if (!is_array($var_limits)) - { - // Is the match a string? If it is, process it further, else we'll - // assume it's a maximum length - if (is_string($var_limits)) - { - if (strstr($var_limits, ',')) - { - list($min_value, $max_value) = explode(',', $var_limits); - if (!empty($valid_data[$var_name]) && strlen($valid_data[$var_name]) < $min_value) - { - $this->error[] = strtoupper($var_name) . '_TOO_SHORT'; - } - - if (strlen($valid_data[$var_name]) > $max_value) - { - $this->error[] = strtoupper($var_name) . '_TOO_LONG'; - } - } - } - else - { - if (strlen($valid_data[$var_name]) > $var_limits) - { - $this->error[] = strtoupper($var_name) . '_TOO_LONG'; - } - } - } - break; - } - } - } + return 'USERNAME_DISALLOWED'; } - - return $valid_data; } + $db->sql_freeresult($result); - // Validates data subject to supplied requirements, errors appropriately - function validate_data(&$data, &$validate) - { - global $db, $user, $config; + return false; +} - foreach ($validate as $operation => $var_ary) - { - foreach ($var_ary as $var_name => $compare) - { - if (!empty($compare)) - { - switch ($operation) - { - case 'match': - if (is_array($compare)) - { - foreach ($compare as $match) - { - if (!preg_match($match, $data[$var_name])) - { - $this->error[] = strtoupper($var_name) . '_WRONG_DATA'; - } - } - } - else if (!preg_match($compare, $data[$var_name])) - { - $this->error[] = strtoupper($var_name) . '_WRONG_DATA'; - } - break; - - case 'compare': - if (is_array($compare)) - { - if (!in_array($data[$var_name], $compare)) - { - $this->error[] = strtoupper($var_name) . '_MISMATCH'; - } - } - else if ($data[$var_name] != $compare) - { - $this->error[] = strtoupper($var_name) . '_MISMATCH'; - } - break; - - case 'function': - if ($result = $this->$compare($data[$var_name])) - { - $this->error[] = $result; - } - - break; - - case 'reqd': - if (!isset($data[$compare]) || (is_string($data[$compare]) && $data[$compare] === '')) - { - $this->error[] = strtoupper($compare) . '_MISSING_DATA'; - } - break; - } - } - } - } - } - - // Check to see if the username has been taken, or if it is disallowed. - // Also checks if it includes the " character, which we don't allow in usernames. - // Used for registering, changing names, and posting anonymously with a username - function validate_username($username) - { - global $db, $user; +// Check to see if email address is banned or already present in the DB +function validate_email($email) +{ + global $config, $db, $user; - $sql = "SELECT username - FROM " . USERS_TABLE . " - WHERE LOWER(username) = '" . strtolower($db->sql_escape($username)) . "'"; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - return 'USERNAME_TAKEN'; - } - $db->sql_freeresult($result); - - $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . " - WHERE LOWER(group_name) = '" . strtolower($db->sql_escape($username)) . "'"; + if (preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email)) + { + $sql = 'SELECT ban_email + FROM ' . BANLIST_TABLE; $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - return 'USERNAME_TAKEN'; - } - $db->sql_freeresult($result); - $sql = 'SELECT disallow_username - FROM ' . DISALLOW_TABLE; - $result = $db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) { - if (preg_match('#' . str_replace('*', '.*?', preg_quote($row['disallow_username'], '#')) . '#i', $username)) + if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $email)) { - return 'USERNAME_DISALLOWED'; + return 'EMAIL_BANNED'; } } $db->sql_freeresult($result); - $sql = 'SELECT word - FROM ' . WORDS_TABLE; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) + if (!$config['allow_emailreuse']) { - if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username)) + $sql = 'SELECT user_email + FROM ' . USERS_TABLE . " + WHERE user_email = '" . $db->sql_escape($email) . "'"; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) { - return 'USERNAME_DISALLOWED'; + return 'EMAIL_TAKEN'; } + $db->sql_freeresult($result); } - $db->sql_freeresult($result); return false; } - - // Check to see if email address is banned or already present in the DB - function validate_email($email) - { - global $config, $db, $user; - if (preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email)) - { - $sql = 'SELECT ban_email - FROM ' . BANLIST_TABLE; - $result = $db->sql_query($sql); + return 'EMAIL_INVALID'; +} - while ($row = $db->sql_fetchrow($result)) - { - if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $email)) - { - return 'EMAIL_BANNED'; - } - } - $db->sql_freeresult($result); +function update_username($old_name, $new_name) +{ + global $db; - if (!$config['allow_emailreuse']) - { - $sql = 'SELECT user_email - FROM ' . USERS_TABLE . " - WHERE user_email = '" . $db->sql_escape($email) . "'"; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - return 'EMAIL_TAKEN'; - } - $db->sql_freeresult($result); - } + $update_ary = array( + FORUMS_TABLE => array('forum_last_poster_name'), + MODERATOR_TABLE => array('username'), + POSTS_TABLE => array('poster_username'), + TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'), + ); - return false; + foreach ($update_ary as $table => $field_ary) + { + foreach ($field_ary as $field) + { + $sql = "UPDATE $table + SET $field = '$new_name' + WHERE $field = '$old_name'"; + $db->sql_query($sql); } - - return 'EMAIL_INVALID'; } + $sql = 'UPDATE ' . CONFIG_TABLE . " + SET config_value = '" . $new_name . "' + WHERE config_name = 'newest_username' + AND config_value = '" . $old_name . "'"; + $db->sql_query($sql); +} +function avatar_delete() +{ + global $config, $db, $user; - - - function update_username($old_name, $new_name) + if (@file_exists('./' . $config['avatar_path'] . '/' . $user->data['user_avatar'])) { - global $db; - + @unlink('./' . $config['avatar_path'] . '/' . $user->data['user_avatar']); } +} +function avatar_remote(&$data) +{ + global $config, $db, $user, $phpbb_root_path; - - - function avatar_delete() + if (!preg_match('#^(http[s]*?)|(ftp)://#i', $data['remotelink'])) { - global $config, $db, $user; + $data['remotelink'] = 'http://' . $data['remotelink']; + } - if (@file_exists('./' . $config['avatar_path'] . '/' . $user->data['user_avatar'])) - { - @unlink('./' . $config['avatar_path'] . '/' . $user->data['user_avatar']); - } + if (!preg_match('#^(http[s]?)|(ftp)://(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}:?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink'])) + { + $this->error[] = $user->lang['AVATAR_URL_INVALID']; + return true; } - function avatar_remote(&$data) + if ((!($data['width'] || $data['height']) || $data['remotelink'] != $user->data['user_avatar']) && ($config['avatar_max_width'] || $config['avatar_max_height'])) { - global $config, $db, $user, $phpbb_root_path; + list($width, $height) = @getimagesize($data['remotelink']); - if (!preg_match('#^(http[s]*?)|(ftp)://#i', $data['remotelink'])) + if (!$width || !$height) { - $data['remotelink'] = 'http://' . $data['remotelink']; + $this->error[] = $user->lang['AVATAR_NO_SIZE']; + return true; } - - if (!preg_match('#^(http[s]?)|(ftp)://(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}:?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink'])) + else if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height']) { - $this->error[] = $user->lang['AVATAR_URL_INVALID']; + $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']); return true; } - if ((!($data['width'] || $data['height']) || $data['remotelink'] != $user->data['user_avatar']) && ($config['avatar_max_width'] || $config['avatar_max_height'])) - { - list($width, $height) = @getimagesize($data['remotelink']); + $data['width'] = &$width; + $data['height'] = &$height; + } + else if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height']) + { + $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']); + return true; + } - if (!$width || !$height) - { - $this->error[] = $user->lang['AVATAR_NO_SIZE']; - return true; - } - else if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height']) - { - $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']); - return true; - } + // Set type + $data['filename'] = &$data['remotelink']; + $data['type'] = AVATAR_REMOTE; + + return false; +} - $data['width'] = &$width; - $data['height'] = &$height; +function avatar_upload(&$data) +{ + global $config, $db, $user; + + if (!empty($_FILES['uploadfile']['tmp_name'])) + { + $filename = $_FILES['uploadfile']['tmp_name']; + $filesize = $_FILES['uploadfile']['size']; + $realname = $_FILES['uploadfile']['name']; + + if (file_exists($filename) && preg_match('#^(.*?)\.(jpg|jpeg|gif|png)$#i', $realname, $match)) + { + $realname = $match[1]; + $filetype = $match[2]; + $php_move = 'move_uploaded_file'; } - else if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height']) + else { - $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']); + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; return true; } - - // Set type - $data['filename'] = &$data['remotelink']; - $data['type'] = AVATAR_REMOTE; - - return false; } - - function avatar_upload(&$data) + else if (preg_match('#^(http://).*?\.(jpg|jpeg|gif|png)$#i', $data['uploadurl'], $match)) { - global $config, $db, $user; - - if (!empty($_FILES['uploadfile']['tmp_name'])) + if (empty($match[2])) { - $filename = $_FILES['uploadfile']['tmp_name']; - $filesize = $_FILES['uploadfile']['size']; - $realname = $_FILES['uploadfile']['name']; - - if (file_exists($filename) && preg_match('#^(.*?)\.(jpg|jpeg|gif|png)$#i', $realname, $match)) - { - $realname = $match[1]; - $filetype = $match[2]; - $php_move = 'move_uploaded_file'; - } - else - { - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } + $this->error[] = $user->lang['AVATAR_URL_INVALID']; + return true; } - else if (preg_match('#^(http://).*?\.(jpg|jpeg|gif|png)$#i', $data['uploadurl'], $match)) - { - if (empty($match[2])) - { - $this->error[] = $user->lang['AVATAR_URL_INVALID']; - return true; - } - - $url = parse_url($data['uploadurl']); - - $host = $url['host']; - $path = dirname($url['path']); - $port = (!empty($url['port'])) ? $url['port'] : 80; - $filetype = array_pop(explode('.', $url['path'])); - $realname = basename($url['path'], '.' . $filetype); - $filename = $url['path']; - $filesize = 0; - if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) - { - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } - - fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n"); - fputs($fsock, "HOST: " . $host . "\r\n"); - fputs($fsock, "Connection: close\r\n\r\n"); - - $avatar_data = ''; - while (!feof($fsock)) - { - $avatar_data .= fread($fsock, $config['avatar_filesize']); - } - @fclose($fsock); - $avatar_data = array_pop(explode("\r\n", $avatar_data)); + $url = parse_url($data['uploadurl']); - if (empty($avatar_data)) - { - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } - unset($url_ary); + $host = $url['host']; + $path = dirname($url['path']); + $port = (!empty($url['port'])) ? $url['port'] : 80; + $filetype = array_pop(explode('.', $url['path'])); + $realname = basename($url['path'], '.' . $filetype); + $filename = $url['path']; + $filesize = 0; - $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache/tmp'; - $filename = tempnam($tmp_path, uniqid(rand()) . '-'); - - if (!($fp = @fopen($filename, 'wb'))) - { - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } - $filesize = fwrite($fp, $avatar_data); - fclose($fp); - unset($avatar_data); + if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) + { + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; + return true; + } - if (!$filesize) - { - unlink($filename); - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } + fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n"); + fputs($fsock, "HOST: " . $host . "\r\n"); + fputs($fsock, "Connection: close\r\n\r\n"); - $php_move = 'copy'; + $avatar_data = ''; + while (!feof($fsock)) + { + $avatar_data .= fread($fsock, $config['avatar_filesize']); } + @fclose($fsock); + $avatar_data = array_pop(explode("\r\n", $avatar_data)); - list($width, $height) = getimagesize($filename); - - if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'] || $width < $config['avatar_min_width'] || $height < $config['avatar_min_height'] || !$width || !$height) + if (empty($avatar_data)) { - $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; return true; } + unset($url_ary); - // Replace any chars which may cause us problems with _ - $bad_chars = array(' ', '/', ':', '*', '?', '"', '<', '>', '|'); + $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache/tmp'; + $filename = tempnam($tmp_path, uniqid(rand()) . '-'); - $data['filename'] = $user->data['user_id'] . '_' . str_replace($bad_chars, '_', $realname) . '.' . $filetype; - $data['width'] = &$width; - $data['height'] = &$height; - - if(!$php_move($filename, './' . $config['avatar_path'] . '/' . $data['filename'])) + if (!($fp = @fopen($filename, 'wb'))) { - @unlink($filename); $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; return true; } - @unlink($filename); + $filesize = fwrite($fp, $avatar_data); + fclose($fp); + unset($avatar_data); - $filesize = filesize('./' . $config['avatar_path'] . '/' . $data['filename']); - if (!$filesize || $filesize > $config['avatar_filesize']) + if (!$filesize) { - @unlink('./' . $config['avatar_path'] . '/' . $data['filename']); - $this->error[] = sprintf($user->lang['AVATAR_WRONG_FILESIZE'], $config['avatar_filesize']); + unlink($filename); + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; return true; } - // Set type - $data['type'] = AVATAR_UPLOAD; + $php_move = 'copy'; + } + + list($width, $height) = getimagesize($filename); - return; + if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'] || $width < $config['avatar_min_width'] || $height < $config['avatar_min_height'] || !$width || !$height) + { + $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); + return true; } + + // Replace any chars which may cause us problems with _ + $bad_chars = array(' ', '/', ':', '*', '?', '"', '<', '>', '|'); + + $data['filename'] = $user->data['user_id'] . '_' . str_replace($bad_chars, '_', $realname) . '.' . $filetype; + $data['width'] = &$width; + $data['height'] = &$height; + + if(!$php_move($filename, './' . $config['avatar_path'] . '/' . $data['filename'])) + { + @unlink($filename); + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; + return true; + } + @unlink($filename); + + $filesize = filesize('./' . $config['avatar_path'] . '/' . $data['filename']); + if (!$filesize || $filesize > $config['avatar_filesize']) + { + @unlink('./' . $config['avatar_path'] . '/' . $data['filename']); + $this->error[] = sprintf($user->lang['AVATAR_WRONG_FILESIZE'], $config['avatar_filesize']); + return true; + } + + // Set type + $data['type'] = AVATAR_UPLOAD; + + return; } ?>
\ No newline at end of file diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 4e5e5bbd58..13921c776d 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -31,7 +31,7 @@ class ucp_main extends ucp $submodules['FRONT'] = "i=$id&mode=front"; $submodules['WATCHED'] = "i=$id&mode=watched"; - $this->subsection($submodules, $submode); + $this->menu($id, $submodules, $submode); unset($submodules); switch ($submode) @@ -152,8 +152,8 @@ class ucp_main extends ucp 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), 'ATTACH_ICON_IMG' => ($auth->acl_get('f_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', '') : '', - 'S_ROW_COUNT' => $i, - 'S_USER_POSTED' => (!empty($row['mark_type'])) ? true : false, + 'S_ROW_COUNT' => $i, + 'S_USER_POSTED' => (!empty($row['mark_type'])) ? true : false, 'U_VIEW_TOPIC' => $view_topic_url) ); @@ -163,7 +163,6 @@ class ucp_main extends ucp $db->sql_freeresult($result); //TODO -/* $sql_and = ''; $sql = 'SELECT COUNT(post_id) AS total_posts FROM ' . POSTS_TABLE . ' @@ -184,7 +183,7 @@ class ucp_main extends ucp $post_count_sql"; $result = $db->sql_query($sql); - $num_real_posts = min($row['user_posts'], $db->sql_fetchfield('num_posts', 0, $result)); + $num_real_posts = min($user->data['user_posts'], $db->sql_fetchfield('num_posts', 0, $result)); $db->sql_freeresult($result); $sql = "SELECT f.forum_id, f.forum_name, COUNT(post_id) AS num_posts @@ -237,9 +236,15 @@ class ucp_main extends ucp } unset($active_t_row); - $template->assign_vars(show_profile($row)); +// $template->assign_vars(show_profile($row)); $template->assign_vars(array( + 'USER_COLOR' => (!empty($user->data['user_colour'])) ? $user->data['user_colour'] : '', + 'RANK_TITLE' => $rank_title, + 'KARMA' => (!empty($row['user_karma'])) ? $user->data['user_karma'] : 0, + 'JOINED' => $user->format_date($user->data['user_regdate'], $user->lang['DATE_FORMAT']), + 'VISITED' => (empty($last_visit)) ? ' - ' : $user->format_date($last_visit, $user->lang['DATE_FORMAT']), + 'POSTS' => ($data['user_posts']) ? $data['user_posts'] : 0, 'POSTS_DAY' => sprintf($user->lang['POST_DAY'], $posts_per_day), 'POSTS_PCT' => sprintf($user->lang['POST_PCT'], $percentage), 'ACTIVE_FORUM' => $active_f_name, @@ -252,13 +257,12 @@ class ucp_main extends ucp 'OCCUPATION' => (!empty($row['user_occ'])) ? $row['user_occ'] : '', 'INTERESTS' => (!empty($row['user_interests'])) ? $row['user_interests'] : '', - 'S_PROFILE_ACTION' => "groupcp.$phpEx$SID", 'S_GROUP_OPTIONS' => $group_options, 'U_ACTIVE_FORUM' => "viewforum.$phpEx$SID&f=$active_f_id", 'U_ACTIVE_TOPIC' => "viewtopic.$phpEx$SID&t=$active_t_id",) ); -*/ + break; case 'watched': @@ -385,15 +389,14 @@ class ucp_main extends ucp // Subscribed Topics - $sql_t_tracking = ($config['load_db_lastread'] || $config['load_db_track']) ? 'LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')' : ''; - $sql_f_tracking = ($config['load_db_lastread']) ? 'LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.forum_id = t.forum_id AND ft.user_id = ' . $user->data['user_id'] . ')' : ''; + $sql_from = ($config['load_db_lastread'] || $config['load_db_track']) ? '(' . TOPICS_TABLE . ' t LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . '))' : TOPICS_TABLE . ' t'; +// $sql_f_tracking = ($config['load_db_lastread']) ? 'LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.forum_id = t.forum_id AND ft.user_id = ' . $user->data['user_id'] . ')' : ''; $sql_t_select = ($config['load_db_lastread'] || $config['load_db_track']) ? ', tt.mark_type, tt.mark_time' : ''; - $sql_f_select = ($config['load_db_lastread']) ? ', ft.mark_time AS forum_mark_time' : ''; +// $sql_f_select = ($config['load_db_lastread']) ? ', ft.mark_time AS forum_mark_time' : ''; $sql = "SELECT t.* $sql_f_select $sql_t_select - FROM ((" . TOPICS_TABLE . " t - $sql_f_tracking) $sql_t_tracking), " . TOPICS_WATCH_TABLE . ' tw + FROM $sql_from, " . TOPICS_WATCH_TABLE . ' tw WHERE tw.user_id = ' . $user->data['user_id'] . ' AND t.topic_id = tw.topic_id ORDER BY t.topic_last_post_time DESC'; diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 1df28f80f8..c6e2e52328 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -32,7 +32,7 @@ class ucp_prefs extends ucp $submodules['VIEW'] = "i=$id&mode=view"; $submodules['POST'] = "i=$id&mode=post"; - $this->subsection($submodules, $submode); + $this->menu($id, $submodules, $submode); unset($submodules); switch($submode) @@ -49,7 +49,7 @@ class ucp_prefs extends ucp ), 'int' => array('dst', 'style'), 'float' => array('tz'), - 'bool' => array('viewemail', 'hideonline', 'notifypm', 'popuppm') + 'bool' => array('viewemail', 'massemail', 'hideonline', 'notifypm', 'popuppm') ); $data = $this->normalise_data($_POST, $normalise); @@ -64,8 +64,9 @@ class ucp_prefs extends ucp if (!sizeof($this->error)) { $sql_ary = array( - 'user_allow_viewemail' => $data['viewemail'], - 'user_allow_viewonline' => !$data['hideonline'], + 'user_allow_viewemail' => $data['viewemail'], + 'user_allow_massemail' => $data['massemail'], + 'user_allow_viewonline' => ($auth->acl_get('u_hideonline')) ? !$data['hideonline'] : $user->data['user_allow_viewonline'], 'user_notify_pm' => $data['notifypm'], 'user_popup_pm' => $data['popuppm'], 'user_dst' => $data['dst'], @@ -90,9 +91,12 @@ class ucp_prefs extends ucp unset($data); } - $view_email = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail']; + $viewemail = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail']; $view_email_yes = ($viewemail) ? ' checked="checked"' : ''; $view_email_no = (!$viewemail) ? ' checked="checked"' : ''; + $massemail = (isset($massemail)) ? $massemail : $user->data['user_allow_massemail']; + $mass_email_yes = ($massemail) ? ' checked="checked"' : ''; + $mass_email_no = (!$massemail) ? ' checked="checked"' : ''; $hideonline = (isset($hideonline)) ? $hideonline : !$user->data['user_allow_viewonline']; $hide_online_yes = ($hideonline) ? ' checked="checked"' : ''; $hide_online_no = (!$hideonline) ? ' checked="checked"' : ''; @@ -116,6 +120,8 @@ class ucp_prefs extends ucp 'VIEW_EMAIL_YES' => $view_email_yes, 'VIEW_EMAIL_NO' => $view_email_no, + 'ADMIN_EMAIL_YES' => $mass_email_yes, + 'ADMIN_EMAIL_NO' => $mass_email_no, 'HIDE_ONLINE_YES' => $hide_online_yes, 'HIDE_ONLINE_NO' => $hide_online_no, 'NOTIFY_PM_YES' => $notify_pm_yes, @@ -129,7 +135,9 @@ class ucp_prefs extends ucp 'S_LANG_OPTIONS' => language_select($lang), 'S_STYLE_OPTIONS' => style_select($style), - 'S_TZ_OPTIONS' => tz_select($tz)) + 'S_TZ_OPTIONS' => tz_select($tz), + 'S_CAN_HIDE_ONLINE' => true, + ) ); break; @@ -143,7 +151,7 @@ class ucp_prefs extends ucp 'sk' => '1,1', 'sd' => '1,1', ), - 'int' => array('st'), + 'int' => array('st', 'minkarma'), 'bool' => array('images', 'flash', 'smilies', 'sigs', 'avatars', 'wordcensor'), ); $data = $this->normalise_data($_POST, $normalise); @@ -159,7 +167,8 @@ class ucp_prefs extends ucp 'user_viewcensors' => ($auth->acl_get('u_chgcensors')) ? $data['wordcensor'] : $user->data['user_viewcensors'], 'user_sortby_type' => $data['sk'], 'user_sortby_dir' => $data['sd'], - 'user_show_days' => $data['st'], + 'user_show_days' => $data['st'], + 'user_min_karma' => $data['minkarma'], ); $sql = 'UPDATE ' . USERS_TABLE . ' @@ -190,6 +199,14 @@ class ucp_prefs extends ucp $s_limit_days = $s_sort_key = $s_sort_dir = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, &$s_limit_days, &$s_sort_key, &$s_sort_dir); + $s_min_karma_options = ''; + $minkarma = (isset($minkarma)) ? $minkarma : $user->data['user_min_karma']; + for ($i = -5; $i < 6; $i++) + { + $selected = ($i == $minkarma) ? ' selected="selected"' : ''; + $s_min_karma_options .= "<option value=\"$i\"$selected>$i</option>"; + } + $images = (isset($images)) ? $images : $user->data['user_viewimg']; $images_yes = ($images) ? ' checked="checked"' : ''; $images_no = (!$images) ? ' checked="checked"' : ''; @@ -225,6 +242,7 @@ class ucp_prefs extends ucp 'DISABLE_CENSORS_YES' => $wordcensor_yes, 'DISABLE_CENSORS_NO' => $wordcensor_no, + 'S_MIN_KARMA_OPTIONS' => $s_min_karma_options, 'S_CHANGE_CENSORS' => ($auth->acl_get('u_chgcensors')) ? true : false, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_SELECT_SORT_KEY' => $s_sort_key, diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index f08f30d947..beafc0ace1 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -25,7 +25,7 @@ class ucp_profile extends ucp { global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; - $submode = ($_REQUEST['mode']) ? htmlspecialchars($_REQUEST['mode']) : 'reg_details'; + $submode = (isset($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : 'reg_details'; $error = ''; $submodules['REG_DETAILS'] = "i=$id&mode=reg_details"; @@ -33,7 +33,7 @@ class ucp_profile extends ucp $submodules['SIGNATURE'] = "i=$id&mode=signature"; $submodules['AVATAR'] = "i=$id&mode=avatar"; - $this->subsection($submodules, $submode); + $this->menu($id, $submodules, $submode); unset($submodules); switch ($submode) @@ -66,7 +66,7 @@ class ucp_profile extends ucp 'email_confirm' => ($data['email'] != $user->data['user_email']) ? $data['email'] : '', ), 'match' => array( - 'username' => ($data['username'] != $user->data['username']) ? '#^' . str_replace('\\\\', '\\', $config['allow_name_chars']) . '$#iu' : '', + 'username' => ($data['username'] != $user->data['username']) ? '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu' : '', ), 'function' => array( 'username' => ($data['username'] != $user->data['username']) ? 'validate_username' : '', @@ -91,7 +91,7 @@ class ucp_profile extends ucp // Need to update config, forum, topic, posting, messages, etc. if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') & $config['allow_namechange']) { - $this->update_username($user->data['username'], $data['username']); + update_username($user->data['username'], $data['username']); } meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$submode"); @@ -349,13 +349,12 @@ class ucp_profile extends ucp // Can we upload? $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || @ini_get('file_uploads') == 'On')) ? true : false; - if (isset($_POST['submit'])) { $data = array(); if (!empty($_FILES['uploadfile']['tmp_name']) && $can_upload) { - $this->avatar_upload($data); + avatar_upload($data); } else if (!empty($_POST['uploadurl']) && $can_upload) { @@ -366,7 +365,7 @@ class ucp_profile extends ucp ); $data = $this->normalise_data($_POST, $normalise); - $this->avatar_upload($data); + avatar_upload($data); } else if (!empty($_POST['remotelink']) && $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote']) { @@ -379,7 +378,7 @@ class ucp_profile extends ucp ); $data = $this->normalise_data($_POST, $normalise); - $this->avatar_remote($data); + avatar_remote($data); } else if (!empty($_POST['delete']) && $auth->acl_get('u_chgavatar')) { @@ -406,7 +405,7 @@ class ucp_profile extends ucp // Delete old avatar if present if ($user->data['user_avatar'] != '' && $data['filename'] != $user->data['user_avatar']) { - $this->avatar_delete(); + avatar_delete(); } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index b217455cb9..f6b9b51330 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -92,7 +92,7 @@ class ucp_register extends ucp 'email_confirm' => $data['email'], ), 'match' => array( - 'username' => '#^' . str_replace('\\\\', '\\', $config['allow_name_chars']) . '$#iu', + 'username' => '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu', ), 'function' => array( 'username' => 'validate_username', @@ -146,7 +146,7 @@ class ucp_register extends ucp $config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) { - $user_actkey = $this->gen_rand_string(10); + $user_actkey = gen_rand_string(10); $key_len = 54 - (strlen($server_url)); $key_len = ($key_len > 6) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); @@ -324,7 +324,7 @@ class ucp_register extends ucp } $db->sql_freeresult($result); - $code = $this->gen_rand_string(6); + $code = gen_rand_string(6); $confirm_id = md5(uniqid($user_ip)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) |