From c077b90f8ba87749d0139d8389157acfe8ba3f15 Mon Sep 17 00:00:00 2001 From: rxu Date: Tue, 19 Dec 2017 00:05:58 +0700 Subject: [ticket/15486] Add core event to the user_add() to modify notifications data Additionally, fix some typos in two other events docblocks. PHPBB3-15486 --- phpBB/includes/functions_user.php | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index c746bd0e4c..175cdeeda8 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -272,8 +272,8 @@ function user_add($user_row, $cp_data = false, $notifications_data = null) * Use this event to modify the values to be inserted when a user is added * * @event core.user_add_modify_data - * @var array user_row Array of user details submited to user_add - * @var array cp_data Array of Custom profile fields submited to user_add + * @var array user_row Array of user details submitted to user_add + * @var array cp_data Array of Custom profile fields submitted to user_add * @var array sql_ary Array of data to be inserted when a user is added * @var array notifications_data Array of notification data to be inserted when a user is added * @since 3.1.0-a1 @@ -376,6 +376,19 @@ function user_add($user_row, $cp_data = false, $notifications_data = null) ); } + /** + * Modify the notifications data to be inserted in the database when a user is added + * + * @event core.user_add_modify_notifications_data + * @var array user_row Array of user details submitted to user_add + * @var array cp_data Array of Custom profile fields submitted to user_add + * @var array sql_ary Array of data to be inserted when a user is added + * @var array notifications_data Array of notification data to be inserted when a user is added + * @since 3.2.2-RC1 + */ + $vars = array('user_row', 'cp_data', 'sql_ary', 'notifications_data'); + extract($phpbb_dispatcher->trigger_event('core.user_add_modify_notifications_data', compact($vars))); + // Subscribe user to notifications if necessary if (!empty($notifications_data)) { @@ -388,12 +401,12 @@ function user_add($user_row, $cp_data = false, $notifications_data = null) } /** - * Event that returns user id, user detals and user CPF of newly registared user + * Event that returns user id, user details and user CPF of newly registered user * * @event core.user_add_after - * @var int user_id User id of newly registared user - * @var array user_row Array of user details submited to user_add - * @var array cp_data Array of Custom profile fields submited to user_add + * @var int user_id User id of newly registered user + * @var array user_row Array of user details submitted to user_add + * @var array cp_data Array of Custom profile fields submitted to user_add * @since 3.1.0-b5 */ $vars = array('user_id', 'user_row', 'cp_data'); -- cgit v1.2.1 From 8c3808e9e7db09531154b2520cbfcc7529a5c752 Mon Sep 17 00:00:00 2001 From: rxu Date: Mon, 9 Jan 2017 00:23:08 +0700 Subject: [ticket/14972] Fix sizeof calls As of PHP 7.2, only arrays and objects implementing the Countable interface should be passed as a count() or sizeof() parameter. See https://github.com/php/php-src/blob/php-7.2.0alpha2/UPGRADING#L197-L198 Also, sizeof() seems to be sheduled for deprecation, see https://wiki.php.net/rfc/deprecations_php_7_2#suggested_deprecations PHPBB3-14972 --- phpBB/includes/functions_user.php | 68 +++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 34 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 175cdeeda8..245d263720 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -170,7 +170,7 @@ function user_update_name($old_name, $new_name) * Adds an user * * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded. -* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array +* @param array $cp_data custom profile fields, see custom_profile::build_insert_sql_array * @param array $notifications_data The notifications settings for the new user * @return the new user's ID. */ @@ -260,7 +260,7 @@ function user_add($user_row, $cp_data = false, $notifications_data = null) $remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary)); // Now fill our sql array with the remaining vars - if (sizeof($remaining_vars)) + if (count($remaining_vars)) { foreach ($remaining_vars as $key) { @@ -289,7 +289,7 @@ function user_add($user_row, $cp_data = false, $notifications_data = null) $user_id = $db->sql_nextid(); // Insert Custom Profile Fields - if ($cp_data !== false && sizeof($cp_data)) + if ($cp_data !== false && count($cp_data)) { $cp_data['user_id'] = (int) $user_id; @@ -481,7 +481,7 @@ function user_delete($mode, $user_ids, $retain_username = true) } $db->sql_freeresult($result); - if (sizeof($report_posts)) + if (count($report_posts)) { $report_posts = array_unique($report_posts); $report_topics = array_unique($report_topics); @@ -501,7 +501,7 @@ function user_delete($mode, $user_ids, $retain_username = true) } $db->sql_freeresult($result); - if (sizeof($keep_report_topics)) + if (count($keep_report_topics)) { $report_topics = array_diff($report_topics, $keep_report_topics); } @@ -513,7 +513,7 @@ function user_delete($mode, $user_ids, $retain_username = true) WHERE ' . $db->sql_in_set('post_id', $report_posts); $db->sql_query($sql); - if (sizeof($report_topics)) + if (count($report_topics)) { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_reported = 0 @@ -780,7 +780,7 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL) $user_id_ary = array($user_id_ary); } - if (!sizeof($user_id_ary)) + if (!count($user_id_ary)) { return; } @@ -838,7 +838,7 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL) $vars = array('mode', 'reason', 'activated', 'deactivated', 'user_id_ary', 'sql_statements'); extract($phpbb_dispatcher->trigger_event('core.user_active_flip_before', compact($vars))); - if (sizeof($sql_statements)) + if (count($sql_statements)) { foreach ($sql_statements as $user_id => $sql_ary) { @@ -916,7 +916,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas else { $ban_other = explode('-', $ban_len_other); - if (sizeof($ban_other) == 3 && ((int) $ban_other[0] < 9999) && + if (count($ban_other) == 3 && ((int) $ban_other[0] < 9999) && (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2)) { $ban_end = max($current_time, $user->create_datetime() @@ -984,7 +984,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas } // Make sure we have been given someone to ban - if (!sizeof($sql_usernames)) + if (!count($sql_usernames)) { trigger_error('NO_USER_SPECIFIED', E_USER_WARNING); } @@ -995,7 +995,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas // Do not allow banning yourself, the guest account, or founders. $non_bannable = array($user->data['user_id'], ANONYMOUS); - if (sizeof($founder)) + if (count($founder)) { $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true); } @@ -1135,14 +1135,14 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas continue; } - if (!sizeof($founder) || !in_array($ban_item, $founder)) + if (!count($founder) || !in_array($ban_item, $founder)) { $banlist_ary[] = $ban_item; } } } - if (sizeof($ban_list) == 0) + if (count($ban_list) == 0) { trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING); } @@ -1189,7 +1189,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp); - if (sizeof($banlist_ary_tmp)) + if (count($banlist_ary_tmp)) { // One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length $sql = 'DELETE FROM ' . BANLIST_TABLE . ' @@ -1203,7 +1203,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $db->sql_freeresult($result); // We have some entities to ban - if (sizeof($banlist_ary)) + if (count($banlist_ary)) { $sql_ary = array(); @@ -1331,7 +1331,7 @@ function user_unban($mode, $ban) $unban_sql = array_map('intval', $ban); - if (sizeof($unban_sql)) + if (count($unban_sql)) { // Grab details of bans for logging information later switch ($mode) @@ -1595,7 +1595,7 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99) function validate_date($date_string, $optional = false) { $date = explode('-', $date_string); - if ((empty($date) || sizeof($date) != 3) && $optional) + if ((empty($date) || count($date) != 3) && $optional) { return false; } @@ -1617,7 +1617,7 @@ function validate_date($date_string, $optional = false) } } - if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2])) + if (count($date) != 3 || !checkdate($date[1], $date[0], $date[2])) { return 'INVALID'; } @@ -1957,7 +1957,7 @@ function validate_jabber($jid) $arr = explode('.', $realm); - if (sizeof($arr) == 0) + if (count($arr) == 0) { return 'WRONG_DATA'; } @@ -2281,7 +2281,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow $group_teampage = !empty($group_attributes['group_teampage']); unset($group_attributes['group_teampage']); - if (!sizeof($error)) + if (!count($error)) { $current_legend = \phpbb\groupposition\legend::GROUP_DISABLED; $current_teampage = \phpbb\groupposition\teampage::GROUP_DISABLED; @@ -2354,7 +2354,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies); } - if (sizeof($group_attributes)) + if (count($group_attributes)) { // Merge them with $sql_ary to properly update the group $sql_ary = array_merge($sql_ary, $group_attributes); @@ -2480,7 +2480,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow // Set user attributes $sql_ary = array(); - if (sizeof($group_attributes)) + if (count($group_attributes)) { // Go through the user attributes array, check if a group attribute matches it and then set it. ;) foreach ($user_attribute_ary as $attribute) @@ -2500,7 +2500,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow } } - if (sizeof($sql_ary) && sizeof($user_ary)) + if (count($sql_ary) && count($user_ary)) { group_set_user_default($group_id, $user_ary, $sql_ary); } @@ -2511,7 +2511,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow group_update_listings($group_id); } - return (sizeof($error)) ? $error : false; + return (count($error)) ? $error : false; } @@ -2676,7 +2676,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary); - if (!sizeof($user_id_ary) || $result !== false) + if (empty($user_id_ary) || $result !== false) { return 'NO_USER'; } @@ -2704,7 +2704,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $add_id_ary = array_diff($user_id_ary, $add_id_ary); // If we have no users - if (!sizeof($add_id_ary) && !sizeof($update_id_ary)) + if (!count($add_id_ary) && !count($update_id_ary)) { return 'GROUP_USERS_EXIST'; } @@ -2712,7 +2712,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $db->sql_transaction('begin'); // Insert the new users - if (sizeof($add_id_ary)) + if (count($add_id_ary)) { $sql_ary = array(); @@ -2729,7 +2729,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary); } - if (sizeof($update_id_ary)) + if (count($update_id_ary)) { $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = 1 @@ -2821,7 +2821,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary); - if (!sizeof($user_id_ary) || $result !== false) + if (empty($user_id_ary) || $result !== false) { return 'NO_USER'; } @@ -2897,7 +2897,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, foreach ($special_group_data as $gid => $default_data_ary) { - if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid])) + if (isset($sql_where_ary[$gid]) && count($sql_where_ary[$gid])) { remove_default_rank($group_id, $sql_where_ary[$gid]); remove_default_avatar($group_id, $sql_where_ary[$gid]); @@ -3056,7 +3056,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary); - if (!sizeof($user_id_ary) || $result !== false) + if (empty($user_id_ary) || $result !== false) { return 'NO_USERS'; } @@ -3111,7 +3111,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna } $db->sql_freeresult($result); - if (!sizeof($user_id_ary)) + if (!count($user_id_ary)) { return false; } @@ -3152,7 +3152,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna $db->sql_freeresult($result); $result = user_get_id_name($user_id_ary, $username_ary); - if (!sizeof($user_id_ary) || $result !== false) + if (!count($user_id_ary) || $result !== false) { return 'NO_USERS'; } @@ -3515,7 +3515,7 @@ function group_update_listings($group_id) $hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_')); - if (!sizeof($hold_ary)) + if (empty($hold_ary)) { return; } -- cgit v1.2.1 From 70c28aace5398b2358f9bc157caf8e41f82293ca Mon Sep 17 00:00:00 2001 From: Zoddo Date: Mon, 30 Jul 2018 13:02:06 +0200 Subject: [ticket/15737] Add $user_rows to core.delete_user_before It was added to core.delete_user_after in GH-4905 PHPBB3-15737 --- phpBB/includes/functions_user.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 245d263720..f7be2d2760 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -461,9 +461,11 @@ function user_delete($mode, $user_ids, $retain_username = true) * @var array user_ids IDs of the deleted user * @var mixed retain_username True if username should be retained * or false if not + * @var array user_rows Array containing data of the deleted users * @since 3.1.0-a1 + * @changed 3.2.4-RC1 Added user_rows */ - $vars = array('mode', 'user_ids', 'retain_username'); + $vars = array('mode', 'user_ids', 'retain_username', 'user_rows'); extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars))); // Before we begin, we will remove the reports the user issued. -- cgit v1.2.1 From 0f10c6ff6f0537c9cb00f6007b6bee9944e6587a Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Thu, 6 Sep 2018 14:31:57 +0200 Subject: [ticket/15716] Remove OAuth data upon user deletion PHPBB3-15716 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 245d263720..0e57795eea 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -664,7 +664,7 @@ function user_delete($mode, $user_ids, $retain_username = true) delete_posts('poster_id', $user_ids); } - $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE); + $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE, $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), $phpbb_container->getParameter('tables.auth_provider_oauth_states'), $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc')); // Delete the miscellaneous (non-post) data for the user foreach ($table_ary as $table) -- cgit v1.2.1 From c9df803d3c99ddc513cff85ac7083d25b86e890f Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Mon, 8 Oct 2018 16:00:06 +0200 Subject: [ticket/15494] Allow user to be removed from NEWLY_REGISTERED multiple times PHPBB3-15494 --- phpBB/includes/functions_user.php | 5 ----- 1 file changed, 5 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index f7be2d2760..50cb140d9b 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -3604,11 +3604,6 @@ function remove_newly_registered($user_id, $user_data = false) } } - if (empty($user_data['user_new'])) - { - return false; - } - $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = 'NEWLY_REGISTERED' -- cgit v1.2.1 From 7263f9bebda27707efa5a9960e8b9c63119f7cc2 Mon Sep 17 00:00:00 2001 From: kasimi Date: Sat, 20 Oct 2018 11:05:04 +0200 Subject: [ticket/15852] Fix whois for IPv6 addresses PHPBB3-15852 --- phpBB/includes/functions_user.php | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 2677916a7d..d019b867fa 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1429,21 +1429,14 @@ function user_ipwhois($ip) return ''; } - if (preg_match(get_preg_expression('ipv4'), $ip)) - { - // IPv4 address - $whois_host = 'whois.arin.net.'; - } - else if (preg_match(get_preg_expression('ipv6'), $ip)) - { - // IPv6 address - $whois_host = 'whois.sixxs.net.'; - } - else + if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) { return ''; } + // IPv4 & IPv6 addresses + $whois_host = 'whois.arin.net.'; + $ipwhois = ''; if (($fsk = @fsockopen($whois_host, 43))) -- cgit v1.2.1 From 101829b4dce2874bbe53264c1769bf9699527c2f Mon Sep 17 00:00:00 2001 From: battye Date: Mon, 26 Nov 2018 13:08:57 +0000 Subject: [ticket/15883] Add error for invalid usernames being added to a group Update the ACP and the UCP so that when bulk adding users to a group, if invalid usernames are submitted alongside valid usernames then a message will be displayed to inform the user what the invalid usernames are. PHPBB3-15883 --- phpBB/includes/functions_user.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index d019b867fa..e998ffdab9 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -26,8 +26,9 @@ if (!defined('IN_PHPBB')) * @param array &$user_id_ary The user ids to check or empty if usernames used * @param array &$username_ary The usernames to check or empty if user ids used * @param mixed $user_type Array of user types to check, false if not restricting by user type +* @param bool $update_references If false, the supplied array is unset and appears unchanged from where it was called */ -function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) +function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) { global $db; @@ -50,7 +51,13 @@ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) } $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary}); - unset(${$which_ary}); + + // By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained. + // Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below. + if ($update_references === false) + { + unset(${$which_ary}); + } $user_id_ary = $username_ary = array(); @@ -2676,6 +2683,13 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, return 'NO_USER'; } + // Because the item that gets passed into the previous function is unset, the reference is lost and our original + // array is retained - so we know there's a problem if there's a different number of ids to usernames now. + if (count($user_id_ary) != count($username_ary)) + { + return 'GROUP_USERS_INVALID'; + } + // Remove users who are already members of this group $sql = 'SELECT user_id, group_leader FROM ' . USER_GROUP_TABLE . ' -- cgit v1.2.1 From a2407ce978a5b65deec7be9e701be26ffb367bfd Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 18 Dec 2018 21:06:51 +0100 Subject: [ticket/15911] Prevent errors when trying to delete from non-existent tables This can happen when migrating to the latest version from versions before 3.0.14. PHPBB3-15911 --- phpBB/includes/functions_user.php | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index d019b867fa..26bb987561 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -666,8 +666,29 @@ function user_delete($mode, $user_ids, $retain_username = true) delete_posts('poster_id', $user_ids); } - $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE, $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), $phpbb_container->getParameter('tables.auth_provider_oauth_states'), $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc')); - + $table_ary = [ + USERS_TABLE, + USER_GROUP_TABLE, + TOPICS_WATCH_TABLE, + FORUMS_WATCH_TABLE, + ACL_USERS_TABLE, + TOPICS_TRACK_TABLE, + TOPICS_POSTED_TABLE, + FORUMS_TRACK_TABLE, + PROFILE_FIELDS_DATA_TABLE, + MODERATOR_CACHE_TABLE, + DRAFTS_TABLE, + BOOKMARKS_TABLE, + SESSIONS_KEYS_TABLE, + PRIVMSGS_FOLDER_TABLE, + PRIVMSGS_RULES_TABLE, + $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), + $phpbb_container->getParameter('tables.auth_provider_oauth_states'), + $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc') + ]; + + // Ignore errors on deleting from non-existent tables, e.g. when migrating + $db->sql_return_on_error(true); // Delete the miscellaneous (non-post) data for the user foreach ($table_ary as $table) { @@ -675,6 +696,7 @@ function user_delete($mode, $user_ids, $retain_username = true) WHERE " . $user_id_sql; $db->sql_query($sql); } + $db->sql_return_on_error(); $cache->destroy('sql', MODERATOR_CACHE_TABLE); -- cgit v1.2.1 From 3f19d32f768974454046f744f126515fb3747b99 Mon Sep 17 00:00:00 2001 From: battye Date: Fri, 4 Jan 2019 15:49:15 +0000 Subject: [ticket/15883] Review changes PHPBB3-15883 --- phpBB/includes/functions_user.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e998ffdab9..2be9d089a5 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -27,6 +27,7 @@ if (!defined('IN_PHPBB')) * @param array &$username_ary The usernames to check or empty if user ids used * @param mixed $user_type Array of user types to check, false if not restricting by user type * @param bool $update_references If false, the supplied array is unset and appears unchanged from where it was called +* @return null */ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) { -- cgit v1.2.1 From 08968bdb60c9ff286cb71901718500c7720f1da4 Mon Sep 17 00:00:00 2001 From: battye Date: Sat, 5 Jan 2019 08:19:21 +0000 Subject: [ticket/15883] Doc block change PHPBB3-15883 --- phpBB/includes/functions_user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 2be9d089a5..71c4f41817 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -26,8 +26,8 @@ if (!defined('IN_PHPBB')) * @param array &$user_id_ary The user ids to check or empty if usernames used * @param array &$username_ary The usernames to check or empty if user ids used * @param mixed $user_type Array of user types to check, false if not restricting by user type -* @param bool $update_references If false, the supplied array is unset and appears unchanged from where it was called -* @return null +* @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called +* @return boolean|string Returns false on success, error string on failure */ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) { -- cgit v1.2.1 From e315ea90b8f0d5763cd657090cadc99f221e8b44 Mon Sep 17 00:00:00 2001 From: 3D-I Date: Sat, 23 Feb 2019 01:56:03 +0100 Subject: [ticket/15975] Remove user notification data upon user deletion PHPBB3-15975 --- phpBB/includes/functions_user.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 26bb987561..7549ce4d58 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -684,7 +684,8 @@ function user_delete($mode, $user_ids, $retain_username = true) PRIVMSGS_RULES_TABLE, $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), $phpbb_container->getParameter('tables.auth_provider_oauth_states'), - $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc') + $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'), + $phpbb_container->getParameter('tables.user_notifications') ]; // Ignore errors on deleting from non-existent tables, e.g. when migrating -- cgit v1.2.1 From dc80ffdb40472fa9344765162c9d21d57f270de0 Mon Sep 17 00:00:00 2001 From: 3D-I Date: Sun, 31 Mar 2019 07:08:20 +0200 Subject: [ticket/16004] Add check-in for Emojis in Username PHPBB3-16004 --- phpBB/includes/functions_user.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index d019b867fa..5789981429 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1760,6 +1760,13 @@ function validate_username($username, $allowed_username = false) return 'USERNAME_TAKEN'; } + // Check for out-of-bounds characters that are currently + // not supported by utf8_bin in MySQL + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) + { + return 'INVALID_EMOJIS_USERNAME'; + } + $sql = 'SELECT group_name FROM ' . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'"; -- cgit v1.2.1 From 5bd2c067c5540bd68ae3d56c927c9ebb441243ac Mon Sep 17 00:00:00 2001 From: 3D-I Date: Sun, 31 Mar 2019 07:20:59 +0200 Subject: [ticket/16004] Move the check-in to a more appropriated place PHPBB3-16004 --- phpBB/includes/functions_user.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5789981429..99d04d5b2a 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1709,6 +1709,14 @@ function validate_username($username, $allowed_username = false) return false; } + // The very first check is for + // out-of-bounds characters that are currently + // not supported by utf8_bin in MySQL + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) + { + return 'INVALID_EMOJIS_USERNAME'; + } + // ... fast checks first. if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)) { @@ -1760,13 +1768,6 @@ function validate_username($username, $allowed_username = false) return 'USERNAME_TAKEN'; } - // Check for out-of-bounds characters that are currently - // not supported by utf8_bin in MySQL - if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) - { - return 'INVALID_EMOJIS_USERNAME'; - } - $sql = 'SELECT group_name FROM ' . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'"; -- cgit v1.2.1 From dc610b5508a33c2e8932f5d0624a1fa1db4ad732 Mon Sep 17 00:00:00 2001 From: 3D-I Date: Sun, 31 Mar 2019 07:25:27 +0200 Subject: [ticket/16004] Add a line of comment in the docblock PHPBB3-16004 --- phpBB/includes/functions_user.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 99d04d5b2a..dbd260a4e9 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1690,6 +1690,7 @@ function phpbb_validate_timezone($timezone) /** * Check to see if the username has been taken, or if it is disallowed. * Also checks if it includes the " character, which we don't allow in usernames. +* Also checks if it includes the 4-bytes Unicode characters (emojis), which we don't allow in usernames. * Used for registering, changing names, and posting anonymously with a username * * @param string $username The username to check -- cgit v1.2.1 From b89044888275dac3ad7b139d6e9dc27c59cb3135 Mon Sep 17 00:00:00 2001 From: 3D-I Date: Sun, 31 Mar 2019 07:34:27 +0200 Subject: [ticket/16004] Amend the whole docblock PHPBB3-16004 --- phpBB/includes/functions_user.php | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index dbd260a4e9..6ea615ee2f 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1687,17 +1687,20 @@ function phpbb_validate_timezone($timezone) return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID'; } -/** -* Check to see if the username has been taken, or if it is disallowed. -* Also checks if it includes the " character, which we don't allow in usernames. -* Also checks if it includes the 4-bytes Unicode characters (emojis), which we don't allow in usernames. -* Used for registering, changing names, and posting anonymously with a username -* -* @param string $username The username to check -* @param string $allowed_username An allowed username, default being $user->data['username'] -* -* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) -*/ +/*** + * Validate Username + * + * Check to see if the username has been taken, or if it is disallowed. + * Also checks if it includes the " character or the 4-bytes Unicode ones + * (aka emojis) which we don't allow in usernames. + * Used for registering, changing names, and posting anonymously with a username + * + * @param string $username The username to check + * @param string $allowed_username An allowed username, default being $user->data['username'] + * + * @return mixed Either false if validation succeeded or a string which will be + * used as the error message (with the variable name appended) + */ function validate_username($username, $allowed_username = false) { global $config, $db, $user, $cache; @@ -1715,7 +1718,7 @@ function validate_username($username, $allowed_username = false) // not supported by utf8_bin in MySQL if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) { - return 'INVALID_EMOJIS_USERNAME'; + return 'INVALID_EMOJIS'; } // ... fast checks first. -- cgit v1.2.1 From 68434e6dbc1b87f2bacb246b463d86ebc157473f Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 2 Apr 2019 15:12:52 +0200 Subject: [ticket/16007] Show ban message for OAuth login PHPBB3-16007 --- phpBB/includes/functions_user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5f2dea3b94..5307623c8e 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1930,9 +1930,9 @@ function validate_user_email($email, $allowed_email = false) return $validate_email; } - if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false) + if (($ban = $user->check_ban(false, false, $email, true)) !== false) { - return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason; + return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; } if (!$config['allow_emailreuse']) -- cgit v1.2.1 From fc625387332c50bc92253a1822ad0607594af736 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 2 Apr 2019 17:25:00 +0200 Subject: [ticket/16007] No strict comparison against "false" PHPBB3-16007 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5307623c8e..2cb50a5a34 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1932,7 +1932,7 @@ function validate_user_email($email, $allowed_email = false) if (($ban = $user->check_ban(false, false, $email, true)) !== false) { - return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; + return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban); } if (!$config['allow_emailreuse']) -- cgit v1.2.1 From 2b1102e372bae879f6175b178fb387f596c57c35 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Fri, 24 May 2019 15:17:18 +0200 Subject: [ticket/16013] Allow admins to use disallowed username PHPBB3-16013 --- phpBB/includes/functions_user.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index fb9241d4aa..3bf4aa16b7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1732,7 +1732,7 @@ function phpbb_validate_timezone($timezone) * @return mixed Either false if validation succeeded or a string which will be * used as the error message (with the variable name appended) */ -function validate_username($username, $allowed_username = false) +function validate_username($username, $allowed_username = false, $allow_all_names = false) { global $config, $db, $user, $cache; @@ -1815,13 +1815,16 @@ function validate_username($username, $allowed_username = false) return 'USERNAME_TAKEN'; } - $bad_usernames = $cache->obtain_disallowed_usernames(); - - foreach ($bad_usernames as $bad_username) + if (!$allow_all_names) { - if (preg_match('#^' . $bad_username . '$#', $clean_username)) + $bad_usernames = $cache->obtain_disallowed_usernames(); + + foreach ($bad_usernames as $bad_username) { - return 'USERNAME_DISALLOWED'; + if (preg_match('#^' . $bad_username . '$#', $clean_username)) + { + return 'USERNAME_DISALLOWED'; + } } } -- cgit v1.2.1