From 52045ff2631cdfa14efd3379b64843cafd00df8f Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 19 Jun 2006 21:30:32 +0000 Subject: some bugfixes git-svn-id: file:///svn/phpbb/trunk@6104 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index c246e98396..0eab7d8a6f 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -472,6 +472,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $ban_end = 0; } + $founder = array(); + + if (!$ban_exclude) + { + // Create a list of founder... + $sql = 'SELECT user_id, user_email + FROM ' . USERS_TABLE . ' + WHERE user_type = ' . USER_FOUNDER; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $founder[$row['user_id']] = $row['user_email']; + } + $db->sql_freeresult($result); + } + $banlist_ary = array(); switch ($mode) @@ -502,6 +519,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE username IN (' . $sql_usernames . ')'; + + if (sizeof($founder)) + { + $sql .= ' AND user_id NOT IN (' . implode(', ', array_keys($founder)) . ')'; + } + $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) @@ -618,9 +641,14 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas foreach ($ban_list as $ban_item) { - if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item))) + $ban_item = trim($ban_item); + + if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item)) { - $banlist_ary[] = trim($ban_item); + if (!sizeof($founder) || !in_array($ban_item, $founder)) + { + $banlist_ary[] = $ban_item; + } } } @@ -764,6 +792,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas // Update log $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_'; add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log); + return true; } -- cgit v1.2.1 From 725b21f2d206efb4b34eb95ec3329bc81f66b805 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 22 Jun 2006 15:14:03 +0000 Subject: time to squash some bugs git-svn-id: file:///svn/phpbb/trunk@6114 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0eab7d8a6f..1b4dc37cd2 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -37,6 +37,8 @@ function user_get_id_name(&$user_id_ary, &$username_ary) $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary); unset($$which_ary); + $user_id_ary = $username_ary = array(); + // Grab the user id/username records $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username'; $sql = 'SELECT user_id, username @@ -50,7 +52,6 @@ function user_get_id_name(&$user_id_ary, &$username_ary) return 'NO_USERS'; } - $user_id_ary = $username_ary = array(); do { $username_ary[$row['user_id']] = $row['username']; @@ -234,6 +235,9 @@ function user_add($user_row, $cp_data = false) $db->sql_transaction('commit'); + // Now make it the users default group... + group_set_user_default($user_row['group_id'], array($user_id)); + return $user_id; } @@ -1092,7 +1096,7 @@ function validate_email($email) return 'EMAIL_INVALID'; } - if ($user->check_ban('', '', $email, true) == true) + if ($user->check_ban(false, false, $email, true) == true) { return 'EMAIL_BANNED'; } @@ -1513,6 +1517,9 @@ function group_delete($group_id, $group_name = false) WHERE group_id = $group_id"; $db->sql_query($sql); + // Re-cache moderators + cache_moderators(); + add_log('admin', 'LOG_GROUP_DELETE', $group_name); return 'GROUP_DELETED'; @@ -1526,9 +1533,9 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, global $db, $auth; // We need both username and user_id info - user_get_id_name($user_id_ary, $username_ary); + $result = user_get_id_name($user_id_ary, $username_ary); - if (!sizeof($user_id_ary)) + if (!sizeof($user_id_ary) || $result !== false) { return 'NO_USER'; } @@ -1629,9 +1636,9 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS'); // We need both username and user_id info - user_get_id_name($user_id_ary, $username_ary); + $result = user_get_id_name($user_id_ary, $username_ary); - if (!sizeof($user_id_ary)) + if (!sizeof($user_id_ary) || $result !== false) { return 'NO_USER'; } @@ -1762,9 +1769,9 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna global $db, $auth, $phpbb_root_path, $phpEx, $config; // We need both username and user_id info - user_get_id_name($user_id_ary, $username_ary); + $result = user_get_id_name($user_id_ary, $username_ary); - if (!sizeof($user_id_ary)) + if (!sizeof($user_id_ary) || $result !== false) { return false; } @@ -1869,7 +1876,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal { global $db; - if (!$user_id_ary) + if (empty($user_id_ary)) { return; } -- cgit v1.2.1 From 9c31a05b1c1fba2b1704996f0ed33cb451f13aa7 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Fri, 23 Jun 2006 14:04:41 +0000 Subject: make sure set_config is called with the correct is_dynamic value git-svn-id: file:///svn/phpbb/trunk@6117 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 1b4dc37cd2..736e626793 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -116,7 +116,7 @@ function user_update_name($old_name, $new_name) if ($config['newest_username'] == $old_name) { - set_config('newest_username', $new_name); + set_config('newest_username', $new_name, true); } } -- cgit v1.2.1 From 3439d0f96e4deeecc2e681e08bf66b7c70f01930 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 24 Jun 2006 13:27:04 +0000 Subject: ok, first attempt at solving some compatibility issues. - dropping in replacement for realpath git-svn-id: file:///svn/phpbb/trunk@6122 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 736e626793..efc352f259 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -141,6 +141,10 @@ function user_add($user_row, $cp_data = false) 'user_type' => $user_row['user_type'], ); + /** + * @todo user_allow_email is not used anywhere. Think about removing it. + */ + // These are the additional vars able to be specified $additional_vars = array( 'user_permissions' => '', -- cgit v1.2.1 From 6df6eb0e601d459544b0cbcee063cf19c01bb37d Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 1 Jul 2006 19:11:52 +0000 Subject: - add additional auth check to the permission roles modules - added new function to return globally used expressions (get_preg_expression($mode)). This should be very helpful in getting wide spread similar checks (regular expressions) to one place reducing the risk of forgetting to change every location if you fix one. ;) We will add additional ones later, at the moment only the email check is retrieved... - added "active module" var to the module class returning the current active module - changed call to image magick - add administrator to global moderators group by default - extend auth_option column a little bit - other bugfixes git-svn-id: file:///svn/phpbb/trunk@6135 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index efc352f259..3fb79ed5bb 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1095,7 +1095,7 @@ function validate_email($email) return false; } - if (!preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email)) + if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email)) { return 'EMAIL_INVALID'; } -- cgit v1.2.1 From 6a1f1f57213c69219850785cbca3b67e782a2cca Mon Sep 17 00:00:00 2001 From: David M Date: Tue, 4 Jul 2006 03:54:41 +0000 Subject: - CAPTCHA: removed the extra slash More backup stuff - Made some things nicer for some of the DBs - Made postgreSQL work on non empty databases - Made SQLite ultra fast on restore - Properly escaped (as far as I know) the profile data fields so that one may now use reserved words as column names git-svn-id: file:///svn/phpbb/trunk@6144 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 3fb79ed5bb..4e943a2028 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -219,6 +219,34 @@ function user_add($user_row, $cp_data = false) { $cp_data['user_id'] = (int) $user_id; + switch (SQL_LAYER) + { + case 'oracle': + case 'firebird': + case 'postgres': + $right_delim = $left_delim = '"'; + break; + + case 'sqlite': + case 'mssql': + case 'mssql_odbc': + $right_delim = ']'; + $left_delim = '['; + break; + + case 'mysql': + case 'mysql4': + case 'mysqli': + $right_delim = $left_delim = '`'; + break; + } + + foreach ($cp_data as $key => $value) + { + $cp_data[$right_delim . $key . $left_delim] = $value; + unset($cp_data[$key]); + } + if (!class_exists('custom_profile')) { include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx); -- cgit v1.2.1 From 462dc69b8e8568f4656675b31b99a31ad98e1331 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 6 Jul 2006 16:46:53 +0000 Subject: some bugfixes git-svn-id: file:///svn/phpbb/trunk@6149 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 33 ++++----------------------------- 1 file changed, 4 insertions(+), 29 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 4e943a2028..6bccea43ea 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -219,34 +219,6 @@ function user_add($user_row, $cp_data = false) { $cp_data['user_id'] = (int) $user_id; - switch (SQL_LAYER) - { - case 'oracle': - case 'firebird': - case 'postgres': - $right_delim = $left_delim = '"'; - break; - - case 'sqlite': - case 'mssql': - case 'mssql_odbc': - $right_delim = ']'; - $left_delim = '['; - break; - - case 'mysql': - case 'mysql4': - case 'mysqli': - $right_delim = $left_delim = '`'; - break; - } - - foreach ($cp_data as $key => $value) - { - $cp_data[$right_delim . $key . $left_delim] = $value; - unset($cp_data[$key]); - } - if (!class_exists('custom_profile')) { include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx); @@ -375,6 +347,9 @@ function user_delete($mode, $user_id, $post_username = false) set_config('num_users', $config['num_users'] - 1, true); + // Adjust last post info... + + $db->sql_transaction('commit'); return false; @@ -1187,7 +1162,7 @@ function avatar_remote($data, &$error) // Make sure getimagesize works... if (($image_data = @getimagesize($data['remotelink'])) === false) { - $error[] = $user->lang['AVATAR_URL_INVALID']; + $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; return false; } -- cgit v1.2.1 From a5c23243c7a0a86ccd749b7733b11d30a6c349e1 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Fri, 7 Jul 2006 12:36:44 +0000 Subject: - display age in user profile and make it available on viewtopic - various tiny bugfixes including [Bug #2351] [Bug #2549] [Bug #2681] [Bug #3015] - strip first, then change newlines [Bug #2403] - added support for creating user profiles to the login function (makes use of user_add), triggered by LOGIN_SUCCESS_CREATE_PROFILE constant - moved newest user updating from ucp_register to user_add function - renamed the admin_ auth module function to acp_ - added initialisation code to auth_apache which checks whether it will work - added user_add support to both auth_ldap and auth_apache - some auth_ldap tweaks, should work with users deeper in the organisation structure too now - adjusted global topics in mcp_report to work like mcp_queue git-svn-id: file:///svn/phpbb/trunk@6151 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 6bccea43ea..7ae4b1a588 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -148,7 +148,7 @@ function user_add($user_row, $cp_data = false) // These are the additional vars able to be specified $additional_vars = array( 'user_permissions' => '', - 'user_timezone' => 0, + 'user_timezone' => $config['board_timezone'], 'user_dateformat' => $config['default_dateformat'], 'user_lang' => $config['default_lang'], 'user_style' => $config['default_style'], @@ -242,6 +242,14 @@ function user_add($user_row, $cp_data = false) // Now make it the users default group... group_set_user_default($user_row['group_id'], array($user_id)); + // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent + if ($user_row['user_type'] == USER_NORMAL || !$config['email_enable']) + { + set_config('newest_user_id', $user_id, true); + set_config('newest_username', $user_row['username'], true); + set_config('num_users', $config['num_users'] + 1, true); + } + return $user_id; } -- cgit v1.2.1 From 811b63baab82bab6e47c9f3d8e7db99ad1d1fbd6 Mon Sep 17 00:00:00 2001 From: Graham Eames Date: Sat, 8 Jul 2006 16:53:42 +0000 Subject: Fix installation and user registration bugs git-svn-id: file:///svn/phpbb/trunk@6156 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 7ae4b1a588..937d4f7791 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -243,7 +243,7 @@ function user_add($user_row, $cp_data = false) group_set_user_default($user_row['group_id'], array($user_id)); // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent - if ($user_row['user_type'] == USER_NORMAL || !$config['email_enable']) + if ($user_row['user_type'] == USER_NORMAL && !$config['require_activation']) { set_config('newest_user_id', $user_id, true); set_config('newest_username', $user_row['username'], true); -- cgit v1.2.1 From 46af817cb058e2eecd89081af4a40075426a32ef Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 9 Jul 2006 16:23:57 +0000 Subject: - tackle some usability issues - fix bug #3147 - added the lock-images made by SHS` - fixed MSSQL errors (adding the correct ESCAPE sequence) git-svn-id: file:///svn/phpbb/trunk@6161 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 937d4f7791..0f3cb7ccfc 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -207,8 +207,6 @@ function user_add($user_row, $cp_data = false) } } - $db->sql_transaction('begin'); - $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); @@ -237,13 +235,11 @@ function user_add($user_row, $cp_data = false) ); $db->sql_query($sql); - $db->sql_transaction('commit'); - // Now make it the users default group... group_set_user_default($user_row['group_id'], array($user_id)); // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent - if ($user_row['user_type'] == USER_NORMAL && !$config['require_activation']) + if ($user_row['user_type'] == USER_NORMAL) { set_config('newest_user_id', $user_id, true); set_config('newest_username', $user_row['username'], true); -- cgit v1.2.1 From 4f7c52e9e385041320179dcb7d27a9217a353c71 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 10 Jul 2006 15:55:10 +0000 Subject: fix some bugs... again. :) git-svn-id: file:///svn/phpbb/trunk@6165 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0f3cb7ccfc..14ff15c1b2 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -384,10 +384,12 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username WHERE user_id = $user_id"; $result = $db->sql_query($sql); + $group_name = ($user_type == USER_NORMAL) ? 'REGISTERED' : 'INACTIVE'; while ($row = $db->sql_fetchrow($result)) { - if ($group_name = array_search($row['group_id'], $group_id_ary)) + if ($name = array_search($row['group_id'], $group_id_ary)) { + $group_name = $name; break; } } -- cgit v1.2.1 From fa205b922dcfa09bab26b6cf9d406d2afe1a0518 Mon Sep 17 00:00:00 2001 From: David M Date: Mon, 17 Jul 2006 03:23:31 +0000 Subject: hmm... This commit does not increase the number of BBCodes. However, this does other things that we need to do first. This splits the usage of allow_* from the BBCode bitfield in forum descriptions, forum rules and group descriptions. This also fixes a tiny, tiny severe issue that nobody found :D I hope it works :P git-svn-id: file:///svn/phpbb/trunk@6188 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 14ff15c1b2..ead2834a5f 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1389,7 +1389,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow // Parse description if ($desc) { - generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies); + generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies); } if (sizeof($group_attributes)) -- cgit v1.2.1 From 5879c1c5c1e7b0860a76a0fc62f62d171c2488f0 Mon Sep 17 00:00:00 2001 From: Graham Eames Date: Fri, 21 Jul 2006 20:44:27 +0000 Subject: * Error handling on bans * Missing language strings * Grammatical correction in viewtopic (singular vs plural) git-svn-id: file:///svn/phpbb/trunk@6199 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index ead2834a5f..72383c1501 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -533,6 +533,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas } $sql_usernames = implode(', ', $sql_usernames); + // Make sure we have been given someone to ban + if (empty($sql_usernames)) + { + trigger_error($user->lang['NO_USER_SPECIFIED']); + } + $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE username IN (' . $sql_usernames . ')'; -- cgit v1.2.1 From 9532514c2a566437a9524af1dfca298da58fd40a Mon Sep 17 00:00:00 2001 From: David M Date: Mon, 24 Jul 2006 10:08:36 +0000 Subject: OK... This commit should increase the total number of BBCodes from 31 to 2040. Some things to watch out for: Each database likes to deal with binary data in its own, special way. They are, quite frankly, too cool for school. MySQL, MSSQL and Oracle all allow me to send in a default value for their binary column using a hex number. However, MSSQL forces me to send the specific data as a hex number and thus we must CAST it. PostgreSQL allows me to set a binary column, but with a twist. It demands that the default be in _octal_ and its datatype allows somewhere around a gigabyte's worth of BBCodes ( PGSQL users, we shut you down to 2040 for your own good! ) Firebird has no decent mechanism for allowing me to shuttle in binary data so I must force my way in. By virtue of triggers and a UDF, we ram in our default values. SQLite is the most bizarre of them all. They have no mechanism for turning an ASCII code into a ASCII character. Because of this, we have a trigger and a UDF (just like Firebird!) but with a twist! The UDF is defined on the PHP side of things instead of SQL. SQLite also demands that it's data be encoded before being sent off. Other notes: - SQLite installs again :D - Firebird nearly installs again :P - Database backup is not screwed up :P P.S. I hope nothing broke :D git-svn-id: file:///svn/phpbb/trunk@6209 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 207 +++++++++++++++++++++++++++++++++++++- 1 file changed, 202 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 72383c1501..b0c2d4a2b7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -186,7 +186,7 @@ function user_add($user_row, $cp_data = false) 'user_sig' => '', 'user_sig_bbcode_uid' => '', - 'user_sig_bbcode_bitfield' => 0, + 'user_sig_bbcode_bitfield' => '', ); // Now fill the sql array with not required variables @@ -207,7 +207,75 @@ function user_add($user_row, $cp_data = false) } } - $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $query = ''; + + switch (SQL_LAYER) + { + case 'mssql': + case 'mssql_odbc': + $fields = array(); + foreach ($sql_ary as $key => $var) + { + $fields[] = $key; + + if (is_null($var)) + { + $values[] = 'NULL'; + } + else if (is_string($var)) + { + if ($key !== 'user_sig_bbcode_bitfield') + { + $values[] = "'" . $db->sql_escape($var) . "'"; + } + else + { + $values[] = "CAST('" . $var . "' AS varbinary)"; + } + } + else + { + $values[] = (is_bool($var)) ? intval($var) : $var; + } + } + $query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')'; + break; + + case 'sqlite': + $fields = array(); + foreach ($sql_ary as $key => $var) + { + $fields[] = $key; + + if (is_null($var)) + { + $values[] = 'NULL'; + } + else if (is_string($var)) + { + if ($key !== 'user_sig_bbcode_bitfield') + { + $values[] = "'" . $db->sql_escape($var) . "'"; + } + else + { + $values[] = "'" . sqlite_udf_encode_binary($var) . "'"; + } + } + else + { + $values[] = (is_bool($var)) ? intval($var) : $var; + } + } + $query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')'; + break; + + default: + $query = $db->sql_build_array('INSERT', $sql_ary); + break; + } + + $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $query; $db->sql_query($sql); $user_id = $db->sql_nextid(); @@ -1388,7 +1456,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow 'group_name' => (string) $name, 'group_desc' => (string) $desc, 'group_desc_uid' => '', - 'group_desc_bitfield' => 0, + 'group_desc_bitfield' => '', 'group_type' => (int) $type, ); @@ -1413,15 +1481,144 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow // Setting the log message before we set the group id (if group gets added) $log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED'; + $query = ''; + if ($group_id) { + switch (SQL_LAYER) + { + case 'mssql': + case 'mssql_odbc': + $values = array(); + foreach ($sql_ary as $key => $var) + { + if (is_null($var)) + { + $values[] = "$key = NULL"; + } + else if (is_string($var)) + { + if ($key !== 'group_desc_bitfield') + { + $values[] = "$key = '" . $db->sql_escape($var) . "'"; + } + else + { + $values[] = "$key = CAST('" . $var . "' AS varbinary)"; + } + } + else + { + $values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var"; + } + } + $query = implode(', ', $values); + break; + + case 'sqlite': + $values = array(); + foreach ($sql_ary as $key => $var) + { + if (is_null($var)) + { + $values[] = "$key = NULL"; + } + else if (is_string($var)) + { + if ($key !== 'group_desc_bitfield') + { + $values[] = "$key = '" . $db->sql_escape($var) . "'"; + } + else + { + $values[] = "$key = '" . sqlite_udf_encode_binary($var) . "'"; + } + } + else + { + $values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var"; + } + } + $query = implode(', ', $values); + break; + + default: + $query = $db->sql_build_array('UPDATE', $sql_ary); + break; + } + $sql = 'UPDATE ' . GROUPS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " + SET ' . $query . " WHERE group_id = $group_id"; } else { - $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + switch (SQL_LAYER) + { + case 'mssql': + case 'mssql_odbc': + $fields = array(); + foreach ($sql_ary as $key => $var) + { + $fields[] = $key; + + if (is_null($var)) + { + $values[] = 'NULL'; + } + else if (is_string($var)) + { + if ($key !== 'bbcode_bitfield') + { + $values[] = "'" . $db->sql_escape($var) . "'"; + } + else + { + $values[] = "CAST('" . $var . "' AS varbinary)"; + } + } + else + { + $values[] = (is_bool($var)) ? intval($var) : $var; + } + } + $query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')'; + break; + + case 'sqlite': + $fields = array(); + foreach ($sql_ary as $key => $var) + { + $fields[] = $key; + + if (is_null($var)) + { + $values[] = 'NULL'; + } + else if (is_string($var)) + { + if ($key !== 'bbcode_bitfield') + { + $values[] = "'" . $db->sql_escape($var) . "'"; + } + else + { + $values[] = "'" . sqlite_udf_encode_binary($var) . "'"; + } + } + else + { + $values[] = (is_bool($var)) ? intval($var) : $var; + } + } + $query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')'; + break; + + default: + $query = $db->sql_build_array('INSERT', $sql_ary); + break; + } + $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $query; } $db->sql_query($sql); -- cgit v1.2.1 From 09081e410fc015c71dbd460aeafade42d7070b78 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Tue, 1 Aug 2006 16:14:14 +0000 Subject: - acm_file uses an index pointer to the current row instead of shifting the result array now [Bug #2451] - all dbals adjusted to use the cache in sql_fetchfield, sql_rowseek, sql_numrows and sql_freeresult [Bug #2451] - use include_once for dbal.php to at least theoretically allow connections to multiple databases at once - added a space to an SQL query [Bug #3506] - detailed information on adding friends/foes [Bugs #2509, #2499] - e modifier stands for evil, so I removed it ;-) - corrected progress_bar image filename in imageset.cfg [Bug #3374] git-svn-id: file:///svn/phpbb/trunk@6225 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index b0c2d4a2b7..2c5f3ff89a 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1032,6 +1032,8 @@ function validate_data($data, $val_ary) /** * Validate String +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) */ function validate_string($string, $optional = false, $min = 0, $max = 0) { @@ -1054,6 +1056,8 @@ function validate_string($string, $optional = false, $min = 0, $max = 0) /** * Validate Number +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) */ function validate_num($num, $optional = false, $min = 0, $max = 1E99) { @@ -1076,6 +1080,8 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99) /** * Validate Match +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) */ function validate_match($string, $optional = false, $match) { @@ -1096,6 +1102,8 @@ function validate_match($string, $optional = false, $match) * Check to see if the username has been taken, or if it is disallowed. * Also checks if it includes the " character, which we don't allow in usernames. * Used for registering, changing names, and posting anonymously with a username +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) */ function validate_username($username) { @@ -1168,6 +1176,8 @@ function validate_username($username) /** * Check to see if email address is banned or already present in the DB +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) */ function validate_email($email) { -- cgit v1.2.1 From b15a3111be0c51410e302500df9b4cbce9cd38d3 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Wed, 2 Aug 2006 15:53:19 +0000 Subject: - fixing some bugs - removed file_exists calls for auth plugins since they need to be there once set up git-svn-id: file:///svn/phpbb/trunk@6228 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 2c5f3ff89a..559be6bcaa 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -402,7 +402,7 @@ function user_delete($mode, $user_id, $post_username = false) break; } - $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE); + $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE); foreach ($table_ary as $table) { -- cgit v1.2.1 From 2f901a520326b4d6941ef18fcfce0a9d5ef9cea5 Mon Sep 17 00:00:00 2001 From: David M Date: Sun, 6 Aug 2006 05:52:41 +0000 Subject: This should end some issues we have been having regarding the proper binary encoding of stuff. :D Acyd Burn: quit breaking the schema :P git-svn-id: file:///svn/phpbb/trunk@6238 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 201 +------------------------------------- 1 file changed, 3 insertions(+), 198 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 559be6bcaa..72f240b2e1 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -207,75 +207,7 @@ function user_add($user_row, $cp_data = false) } } - $query = ''; - - switch (SQL_LAYER) - { - case 'mssql': - case 'mssql_odbc': - $fields = array(); - foreach ($sql_ary as $key => $var) - { - $fields[] = $key; - - if (is_null($var)) - { - $values[] = 'NULL'; - } - else if (is_string($var)) - { - if ($key !== 'user_sig_bbcode_bitfield') - { - $values[] = "'" . $db->sql_escape($var) . "'"; - } - else - { - $values[] = "CAST('" . $var . "' AS varbinary)"; - } - } - else - { - $values[] = (is_bool($var)) ? intval($var) : $var; - } - } - $query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')'; - break; - - case 'sqlite': - $fields = array(); - foreach ($sql_ary as $key => $var) - { - $fields[] = $key; - - if (is_null($var)) - { - $values[] = 'NULL'; - } - else if (is_string($var)) - { - if ($key !== 'user_sig_bbcode_bitfield') - { - $values[] = "'" . $db->sql_escape($var) . "'"; - } - else - { - $values[] = "'" . sqlite_udf_encode_binary($var) . "'"; - } - } - else - { - $values[] = (is_bool($var)) ? intval($var) : $var; - } - } - $query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')'; - break; - - default: - $query = $db->sql_build_array('INSERT', $sql_ary); - break; - } - - $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $query; + $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); $user_id = $db->sql_nextid(); @@ -1495,140 +1427,13 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow if ($group_id) { - switch (SQL_LAYER) - { - case 'mssql': - case 'mssql_odbc': - $values = array(); - foreach ($sql_ary as $key => $var) - { - if (is_null($var)) - { - $values[] = "$key = NULL"; - } - else if (is_string($var)) - { - if ($key !== 'group_desc_bitfield') - { - $values[] = "$key = '" . $db->sql_escape($var) . "'"; - } - else - { - $values[] = "$key = CAST('" . $var . "' AS varbinary)"; - } - } - else - { - $values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var"; - } - } - $query = implode(', ', $values); - break; - - case 'sqlite': - $values = array(); - foreach ($sql_ary as $key => $var) - { - if (is_null($var)) - { - $values[] = "$key = NULL"; - } - else if (is_string($var)) - { - if ($key !== 'group_desc_bitfield') - { - $values[] = "$key = '" . $db->sql_escape($var) . "'"; - } - else - { - $values[] = "$key = '" . sqlite_udf_encode_binary($var) . "'"; - } - } - else - { - $values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var"; - } - } - $query = implode(', ', $values); - break; - - default: - $query = $db->sql_build_array('UPDATE', $sql_ary); - break; - } - $sql = 'UPDATE ' . GROUPS_TABLE . ' - SET ' . $query . " + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE group_id = $group_id"; } else { - switch (SQL_LAYER) - { - case 'mssql': - case 'mssql_odbc': - $fields = array(); - foreach ($sql_ary as $key => $var) - { - $fields[] = $key; - - if (is_null($var)) - { - $values[] = 'NULL'; - } - else if (is_string($var)) - { - if ($key !== 'bbcode_bitfield') - { - $values[] = "'" . $db->sql_escape($var) . "'"; - } - else - { - $values[] = "CAST('" . $var . "' AS varbinary)"; - } - } - else - { - $values[] = (is_bool($var)) ? intval($var) : $var; - } - } - $query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')'; - break; - - case 'sqlite': - $fields = array(); - foreach ($sql_ary as $key => $var) - { - $fields[] = $key; - - if (is_null($var)) - { - $values[] = 'NULL'; - } - else if (is_string($var)) - { - if ($key !== 'bbcode_bitfield') - { - $values[] = "'" . $db->sql_escape($var) . "'"; - } - else - { - $values[] = "'" . sqlite_udf_encode_binary($var) . "'"; - } - } - else - { - $values[] = (is_bool($var)) ? intval($var) : $var; - } - } - $query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')'; - break; - - default: - $query = $db->sql_build_array('INSERT', $sql_ary); - break; - } - $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $query; + $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); } $db->sql_query($sql); -- cgit v1.2.1 From 8b079894f3e528c9ffe652f8f3a041599d8cbdc0 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 6 Aug 2006 17:25:29 +0000 Subject: - finally making the age calculation work [Bug #3582] - replacing all occurances of L_NONE with a more specific string [Bug #3494] - a few corrections to html id attributes in the installer - using correct permission in mcp_report [Bug #2471] - allow deleting the avatar, when no upload method is enabled and hide the delete button if no avatar is set git-svn-id: file:///svn/phpbb/trunk@6241 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 72f240b2e1..ef75b85a48 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1264,7 +1264,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var if (!file_exists($path) || !is_dir($path)) { - $avatar_list = array($user->lang['NONE'] => array()); + $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array()); } else { @@ -1304,7 +1304,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var if (!sizeof($avatar_list)) { - $avatar_list = array($user->lang['NONE'] => array()); + $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array()); } @ksort($avatar_list); -- cgit v1.2.1 From 53085a4c78b3004d1e4adf8e06b0617f7f8a288b Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Wed, 9 Aug 2006 21:03:46 +0000 Subject: - load tracking updates. Need to be tested on a clean installation too - at the moment only tiny quirks are noticed at area51. - reported bugs fixed git-svn-id: file:///svn/phpbb/trunk@6256 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index ef75b85a48..bc1c41b087 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -809,6 +809,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $sql = 'DELETE FROM ' . SESSIONS_TABLE . " $sql_where"; $db->sql_query($sql); + + if ($mode == 'user') + { + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE user_id IN (' . implode(', ', $banlist_ary) . ')'); + $db->sql_query($sql); + } } } -- cgit v1.2.1 From 8405f0d324fd42bec2f775986e69e5d8cf548ebf Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 12 Aug 2006 13:14:39 +0000 Subject: sql_in_set changes git-svn-id: file:///svn/phpbb/trunk@6271 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 110 +++++++++++++++++++------------------- 1 file changed, 55 insertions(+), 55 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index bc1c41b087..c03e92d0b0 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -34,7 +34,7 @@ function user_get_id_name(&$user_id_ary, &$username_ary) $$which_ary = array($$which_ary); } - $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary); + $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : $$which_ary; unset($$which_ary); $user_id_ary = $username_ary = array(); @@ -42,8 +42,8 @@ function user_get_id_name(&$user_id_ary, &$username_ary) // Grab the user id/username records $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username'; $sql = 'SELECT user_id, username - FROM ' . USERS_TABLE . " - WHERE $sql_where IN (" . implode(', ', $sql_in) . ')'; + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set($sql_where, $sql_in); $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) @@ -307,7 +307,7 @@ function user_delete($mode, $user_id, $post_username = false) { $sql = 'SELECT topic_id, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql); $del_topic_ary = array(); @@ -323,7 +323,7 @@ function user_delete($mode, $user_id, $post_username = false) if (sizeof($del_topic_ary)) { $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); $db->sql_query($sql); } } @@ -528,24 +528,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $username = trim($username); if ($username != '') { - $sql_usernames[] = "'" . $db->sql_escape($username) . "'"; + $sql_usernames[] = strtolower($username); } } - $sql_usernames = implode(', ', $sql_usernames); // Make sure we have been given someone to ban - if (empty($sql_usernames)) + if (!sizeof($sql_usernames)) { trigger_error($user->lang['NO_USER_SPECIFIED']); } $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE username IN (' . $sql_usernames . ')'; + WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames); if (sizeof($founder)) { - $sql .= ' AND user_id NOT IN (' . implode(', ', array_keys($founder)) . ')'; + $sql .= ' AND ' . $db->sql_in_set('user_id', array_keys($founder), true); } $result = $db->sql_query($sql); @@ -762,17 +761,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas switch ($mode) { case 'user': - $sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE session_user_id IN (' . implode(', ', $banlist_ary) . ')'; + $sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary); break; case 'ip': - $banlist_ary_sql = array(); - - foreach ($banlist_ary as $ban_entry) - { - $banlist_ary_sql[] = "'" . $db->sql_escape($ban_entry) . "'"; - } - $sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_ary_sql) . ')'; + $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary); break; case 'email': @@ -780,12 +773,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas foreach ($banlist_ary as $ban_entry) { - $banlist_ary_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'"; + $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry); } $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE user_email IN (' . implode(', ', $banlist_ary_sql) . ')'; + WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql); $result = $db->sql_query($sql); $sql_in = array(); @@ -798,7 +791,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas } while ($row = $db->sql_fetchrow($result)); - $sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")"; + $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in); } $db->sql_freeresult($result); break; @@ -812,7 +805,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas if ($mode == 'user') { - $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE user_id IN (' . implode(', ', $banlist_ary) . ')'); + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary)); $db->sql_query($sql); } } @@ -847,30 +840,30 @@ function user_unban($mode, $ban) $ban = array($ban); } - $unban_sql = implode(', ', array_map('intval', $ban)); + $unban_sql = array_map('intval', $ban); - if ($unban_sql) + if (sizeof($unban_sql)) { // Grab details of bans for logging information later switch ($mode) { case 'user': $sql = 'SELECT u.username AS unban_info - FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . " b - WHERE b.ban_id IN ($unban_sql) - AND u.user_id = b.ban_userid"; + FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b + WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . ' + AND u.user_id = b.ban_userid'; break; case 'email': $sql = 'SELECT ban_email AS unban_info - FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); break; case 'ip': $sql = 'SELECT ban_ip AS unban_info - FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); break; } $result = $db->sql_query($sql); @@ -882,8 +875,8 @@ function user_unban($mode, $ban) } $db->sql_freeresult($result); - $sql = 'DELETE FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + $sql = 'DELETE FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); $db->sql_query($sql); add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list); @@ -1580,7 +1573,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, // Remove users who are already members of this group $sql = 'SELECT user_id, group_leader FROM ' . USER_GROUP_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ") + WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . " AND group_id = $group_id"; $result = $db->sql_query($sql); @@ -1636,7 +1629,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, { $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = 1 - WHERE user_id IN (' . implode(', ', $update_id_ary) . ") + WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . " AND group_id = $group_id"; $db->sql_query($sql); } @@ -1682,7 +1675,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $sql = 'SELECT * FROM ' . GROUPS_TABLE . ' - WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')'; + WHERE ' . $db->sql_in_set('group_name', $group_order); $result = $db->sql_query($sql); $group_order_id = $special_group_data = array(); @@ -1711,7 +1704,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ")"; + WHERE ' . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query($sql); $default_groups = array(); @@ -1724,7 +1717,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // What special group memberships exist for these users? $sql = 'SELECT g.group_id, g.group_name, ug.user_id FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g - WHERE ug.user_id IN (' . implode(', ', $user_id_ary) . ") + WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . " AND g.group_id = ug.group_id AND g.group_id <> $group_id AND g.group_type = " . GROUP_SPECIAL . ' @@ -1760,7 +1753,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) $sql = 'SELECT user_id, user_avatar FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ') + WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]) . ' AND user_avatar_type = ' . AVATAR_UPLOAD; $result = $db->sql_query($sql); @@ -1772,7 +1765,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . ' - WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')'; + WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]); $db->sql_query($sql); } } @@ -1780,7 +1773,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); // Clear permissions cache of relevant users @@ -1825,7 +1818,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = ' . (($action == 'promote') ? 1 : 0) . " WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); $log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED'; @@ -1838,7 +1831,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 1 AND ug.user_id = u.user_id - AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')'; + AND ' . $db->sql_in_set('ug.user_id', $user_id_ary); $result = $db->sql_query($sql); $user_id_ary = $email_users = array(); @@ -1857,7 +1850,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna $sql = 'UPDATE ' . USER_GROUP_TABLE . " SET user_pending = 0 WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); // Send approved email to users... @@ -1963,7 +1956,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) $sql = 'SELECT user_id, user_avatar FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ') + WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . ' AND user_avatar_type = ' . AVATAR_UPLOAD; $result = $db->sql_query($sql); @@ -1975,7 +1968,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ')'; + WHERE ' . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); } @@ -2016,22 +2009,29 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_ return true; } + if ($user_id_ary) + { + $user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary; + } + + if ($group_id_ary) + { + $group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary; + } + $sql = 'SELECT ug.*, u.username, u.user_email FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u WHERE ug.user_id = u.user_id AND '; - if ($group_id_ary && $user_id_ary) - { - $sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary") . " - AND ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary"); - } - else if ($group_id_ary) + if ($group_id_ary) { - $sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary"); + $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary); } - else if ($user_id_ary) + + if ($user_id_ary) { - $sql .= " ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary"); + $sql .= ($group_id_ary) ? ' AND ' : ' '; + $sql .= $db->sql_in_set('ug.user_id', $user_id_ary); } $result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql); -- cgit v1.2.1