From b4df815547a7b19e6cba72c61b2397baec82858d Mon Sep 17 00:00:00 2001 From: Josh Woody Date: Mon, 31 May 2010 23:41:13 -0500 Subject: [ticket/9633] Newly Registered Group Colour not used in "Our Newest Member" Due to an oversight, the default group was not properly checked in the user_add function. This fix corrects the check. No other changes are needed because they go direct to the database, this one used an array in memory. PHPBB3-9633 --- phpBB/includes/functions_user.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 21e82030ee..271542efdd 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -297,6 +297,7 @@ function user_add($user_row, $cp_data = false) if ($config['new_member_group_default']) { group_user_add($add_group_id, $user_id, false, false, true); + $user_row['group_id'] = $add_group_id; } else { -- cgit v1.2.1 From 24cc3fd0f941ec2ea8a1a75f7b3a811d9438f359 Mon Sep 17 00:00:00 2001 From: Josh Woody Date: Sat, 3 Jul 2010 21:21:22 -0500 Subject: [ticket/9703] Correct database leak where deleting user did not rm some PM data Users' PM rules and PM folders were being left intact when deleting them. PHPBB3-9703 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 271542efdd..93e4e6db07 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -528,7 +528,7 @@ function user_delete($mode, $user_id, $post_username = false) $db->sql_transaction('begin'); - $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE); + $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE); foreach ($table_ary as $table) { -- cgit v1.2.1 From e130a6bad94f534b3e573efcdb2b94332426598e Mon Sep 17 00:00:00 2001 From: Thatbitextra Date: Wed, 28 Apr 2010 16:57:16 -0400 Subject: [ticket/9451] Add optional $can_upload parameter to avatar_process_user(). Avoid unnecessary overhead in avatar_process_user() by optionally passing in the value of $can_upload. PHPBB3-9451 --- phpBB/includes/functions_user.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 271542efdd..d2c3df7c4d 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -2284,7 +2284,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $ /** * Uploading/Changing user avatar */ -function avatar_process_user(&$error, $custom_userdata = false) +function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null) { global $config, $phpbb_root_path, $auth, $user, $db; @@ -2323,7 +2323,10 @@ function avatar_process_user(&$error, $custom_userdata = false) $avatar_select = basename(request_var('avatar_select', '')); // Can we upload? - $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + if (is_null($can_upload)) + { + $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + } if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) { -- cgit v1.2.1 From ae967d16f1ad584d7e03b4466e6cc3d1d067dea6 Mon Sep 17 00:00:00 2001 From: Josh Woody Date: Mon, 5 Jul 2010 22:22:25 -0500 Subject: [ticket/9650] Do not allow banning the anonymous user by username Banning anonymous can result in bad things, like not being able to log in. However, it was possible until now. PHPBB3-9650 --- phpBB/includes/functions_user.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 271542efdd..8d2fa14a4b 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -837,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); - // Do not allow banning yourself + // Do not allow banning yourself, the guest account, or founders. + $non_bannable = array($user->data['user_id'], ANONYMOUS); if (sizeof($founder)) { - $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true); + $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true); } else { - $sql .= ' AND user_id <> ' . $user->data['user_id']; + $sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true); } $result = $db->sql_query($sql); -- cgit v1.2.1 From ed44235d26180c539eaf7af5e5b15c7fcb96ce45 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 27 Jun 2010 21:07:38 +0200 Subject: [ticket/9534] Adding support for IPv6 addresses in user_ipwhois(). whois.arin.net does currently not refer to other servers (using ReferralServer) when queried for an IPv6 address. whois.sixxs.net however works in this case. This also adds '.' to the hostname to make sure we're querying the dns root. PHPBB3-9534 --- phpBB/includes/functions_user.php | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 6f6d7526b7..c2ea8445d1 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1235,16 +1235,29 @@ function user_unban($mode, $ban) */ function user_ipwhois($ip) { - $ipwhois = ''; + if (empty($ip)) + { + return ''; + } - // Check IP - // Only supporting IPv4 at the moment... - if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip)) + if (preg_match(get_preg_expression('ipv4'), $ip)) + { + // IPv4 address + $whois_host = 'whois.arin.net.'; + } + else if (preg_match(get_preg_expression('ipv6'), $ip)) + { + // IPv6 address + $whois_host = 'whois.sixxs.net.'; + } + else { return ''; } - if (($fsk = @fsockopen('whois.arin.net', 43))) + $ipwhois = ''; + + if (($fsk = @fsockopen($whois_host, 43))) { // CRLF as per RFC3912 fputs($fsk, "$ip\r\n"); @@ -1257,7 +1270,7 @@ function user_ipwhois($ip) $match = array(); - // Test for referrals from ARIN to other whois databases, roll on rwhois + // Test for referrals from $whois_host to other whois databases, roll on rwhois if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match)) { if (strpos($match[1], ':') !== false) @@ -1285,7 +1298,7 @@ function user_ipwhois($ip) @fclose($fsk); } - // Use the result from ARIN if we don't get any result here + // Use the result from $whois_host if we don't get any result here $ipwhois = (empty($buffer)) ? $ipwhois : $buffer; } -- cgit v1.2.1 From c0183cabd09994839170238fd5e2a87f1b48880b Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 27 Jun 2010 21:25:43 +0200 Subject: [ticket/9534] Update function documentation for user_ipwhois(). PHPBB3-9534 --- phpBB/includes/functions_user.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index c2ea8445d1..467668d3ee 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1229,9 +1229,13 @@ function user_unban($mode, $ban) } /** -* Whois facility +* Internet Protocol Address Whois +* RFC3912: WHOIS Protocol Specification * -* @link http://tools.ietf.org/html/rfc3912 RFC3912: WHOIS Protocol Specification +* @param string $ip Ip address, either IPv4 or IPv6. +* +* @return string Empty string if not a valid ip address. +* Otherwise make_clickable()'ed whois result. */ function user_ipwhois($ip) { -- cgit v1.2.1 From 8690d25b4fab47853bcab46fc07ee577569c6822 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Fri, 2 Jul 2010 13:41:52 +0200 Subject: [ticket/9504] Allow whitespaces in gallery avatars Gallery avatars are discovered on the server filesystem; to allow linking to the images, the filenames are urlencoded before being written to the database. However, getimagesize needs the decoded filename as input. PHPBB3-9504 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 271542efdd..f58e19ddbe 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -2348,7 +2348,7 @@ function avatar_process_user(&$error, $custom_userdata = false) } else { - list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']); + list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . urldecode($sql_ary['user_avatar'])); $sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar']; } } -- cgit v1.2.1 From aca0e024faeca67ba5927b9f9ec495d5f687850d Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 23 Jul 2010 18:39:12 +0200 Subject: [ticket/9702] Take user's timezone settings into account when banning Until -> PHPBB3-9702 --- phpBB/includes/functions_user.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0b26f28864..d9c7d1f2aa 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -766,7 +766,8 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) && (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2)) { - $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0])); + $time_offset = (isset($user->timezone) && isset($user->dst)) ? (int) $user->timezone + (int) $user->dst : 0; + $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]) - $time_offset); } else { -- cgit v1.2.1 From 4c95ed0eeb497d3febe3169614e9385cefa648d2 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 10 Aug 2010 16:11:39 +0200 Subject: [ticket/9519] Replace remaining is_writable() calls with phpbb_is_writable(). acm_memory.php is untested. install/install_convert.php and includes/functions_convert.php are going to be tested and committed afterwards. PHPBB3-9519 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 6f6d7526b7..06e66b2fff 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -2326,7 +2326,7 @@ function avatar_process_user(&$error, $custom_userdata = false, $can_upload = nu // Can we upload? if (is_null($can_upload)) { - $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; } if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) -- cgit v1.2.1