* @license GNU General Public License, version 2 (GPL-2.0) * * For full copyright and license information, please see * the docs/CREDITS.txt file. * */ namespace phpbb; /** * Base user class * * This is the overarching class which contains (through session extend) * all methods utilised for user functionality during a session. */ class user extends \phpbb\session { /** * @var \phpbb\language\language */ protected $language; var $style = array(); var $date_format; /** * DateTimeZone object holding the timezone of the user */ public $timezone; /** * @var string Class name of datetime object */ protected $datetime; var $lang_name = false; var $lang_id = false; var $lang_path; var $img_lang; var $img_array = array(); /** @var bool */ protected $is_setup_flag; // Able to add new options (up to id 31) var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'sig_bbcode' => 15, 'sig_smilies' => 16, 'sig_links' => 17); /** * Constructor to set the lang path * * @param \phpbb\language\language $lang phpBB's Language loader * @param string $datetime_class Class name of datetime class */ function __construct(\phpbb\language\language $lang, $datetime_class) { global $phpbb_root_path; $this->lang_path = $phpbb_root_path . 'language/'; $this->language = $lang; $this->datetime = $datetime_class; $this->is_setup_flag = false; } /** * Returns whether user::setup was called * * @return bool */ public function is_setup() { return $this->is_setup_flag; } /** * Magic getter for BC compatibility * * Implement array access for user::lang. * * @param string $param_name Name of the BC component the user want to access * * @return array The appropriate array * * @deprecated 3.2.0-dev (To be removed: 4.0.0) */ public function __get($param_name) { if ($param_name === 'lang') { return $this->language->get_lang_array(); } else if ($param_name === 'help') { $help_array = $this->language->get_lang_array(); return $help_array['__help']; } return array(); } /** * Setup basic user-specific items (style, language, ...) */ function setup($lang_set = false, $style_id = false) { global $db, $request, $template, $config, $auth, $phpEx, $phpbb_root_path, $cache; global $phpbb_dispatcher; $this->language->set_default_language($config['default_lang']); if ($this->data['user_id'] != ANONYMOUS) { $user_lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); $user_date_format = $this->data['user_dateformat']; $user_timezone = $this->data['user_timezone']; } else { $lang_override = $request->variable('language', ''); if ($lang_override) { $this->set_cookie('lang', $lang_override, 0, false); } else { $lang_override = $request->variable($config['cookie_name'] . '_lang', '', true, \phpbb\request\request_interface::COOKIE); } if ($lang_override) { $use_lang = basename($lang_override); $user_lang_name = (file_exists($this->lang_path . $use_lang . "/common.$phpEx")) ? $use_lang : basename($config['default_lang']); $this->data['user_lang'] = $user_lang_name; } else { $user_lang_name = basename($config['default_lang']); } $user_date_format = $config['default_dateformat']; $user_timezone = $config['board_timezone']; /** * If a guest user is surfing, we try to guess his/her language first by obtaining the browser language * If re-enabled we need to make sure only those languages installed are checked * Commented out so we do not loose the code. if ($request->header('Accept-Language')) { $accept_lang_ary = explode(',', $request->header('Accept-Language')); foreach ($accept_lang_ary as $accept_lang) { // Set correct format ... guess full xx_YY form $accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2)); $accept_lang = basename($accept_lang); if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx")) { $user_lang_name = $config['default_lang'] = $accept_lang; break; } else { // No match on xx_YY so try xx $accept_lang = substr($accept_lang, 0, 2); $accept_lang = basename($accept_lang); if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx")) { $user_lang_name = $config['default_lang'] = $accept_lang; break; } } } } */ } $user_data = $this->data; $lang_set_ext = array(); /** * Event to load language files and modify user data on every page * * @event core.user_setup * @var array user_data Array with user's data row * @var string user_lang_name Basename of the user's langauge * @var string user_date_format User's date/time format * @var string user_timezone User's timezone, should be one of * http://www.php.net/manual/en/timezones.php * @var mixed lang_set String or array of language files * @var array lang_set_ext Array containing entries of format * array( * 'ext_name' => (string) [extension name], * 'lang_set' => (string|array) [language files], * ) * For performance reasons, only load translations * that are absolutely needed globally using this * event. Use local events otherwise. * @var mixed style_id Style we are going to display * @since 3.1.0-a1 */ $vars = array( 'user_data', 'user_lang_name', 'user_date_format', 'user_timezone', 'lang_set', 'lang_set_ext', 'style_id', ); extract($phpbb_dispatcher->trigger_event('core.user_setup', compact($vars))); $this->data = $user_data; $this->lang_name = $user_lang_name; $this->date_format = $user_date_format; $this->language->set_user_language($user_lang_name); try { $this->timezone = new \DateTimeZone($user_timezone); } catch (\Exception $e) { // If the timezone the user has selected is invalid, we fall back to UTC. $this->timezone = new \DateTimeZone('UTC'); } $this->add_lang($lang_set); unset($lang_set); foreach ($lang_set_ext as $ext_lang_pair) { $this->add_lang_ext($ext_lang_pair['ext_name'], $ext_lang_pair['lang_set']); } unset($lang_set_ext); $style_request = $request->variable('style', 0); if ($style_request && (!$config['override_user_style'] || $auth->acl_get('a_styles')) && !defined('ADMIN_START')) { global $SID, $_EXTRA_URL; $style_id = $style_request; $SID .= '&style=' . $style_id; $_EXTRA_URL = array('style=' . $style_id); } else { // Set up style $style_id = ($style_id) ? $style_id : ((!$config['override_user_style']) ? $this->data['user_style'] : $config['default_style']); } $sql = 'SELECT * FROM ' . STYLES_TABLE . " s WHERE s.style_id = $style_id"; $result = $db->sql_query($sql, 3600); $this->style = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Fallback to user's standard style if (!$this->style && $style_id != $this->data['user_style']) { $style_id = $this->data['user_style']; $sql = 'SELECT * FROM ' . STYLES_TABLE . " s WHERE s.style_id = $style_id"; $result = $db->sql_query($sql, 3600); $this->style = $db->sql_fetchrow($result); $db->sql_freeresult($result); } // User has wrong style if (!$this->style && $style_id == $this->data['user_style']) { $style_id = $this->data['user_style'] = $config['default_style']; $sql = 'UPDATE ' . USERS_TABLE . " SET user_style = $style_id WHERE user_id = {$this->data['user_id']}"; $db->sql_query($sql); $sql = 'SELECT * FROM ' . STYLES_TABLE . " s WHERE s.style_id = $style_id"; $result = $db->sql_query($sql, 3600); $this->style = $db->sql_fetchrow($result); $db->sql_freeresult($result); } if (!$this->style) { trigger_error('NO_STYLE_DATA', E_USER_ERROR); } // Now parse the cfg file and cache it $parsed_items = $cache->obtain_cfg_items($this->style); $check_for = array( 'pagination_sep' => (string) ', ' ); foreach ($check_for as $key => $default_value) { $this->style[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value; settype($this->style[$key], gettype($default_value)); if (is_string($default_value)) { $this->style[$key] = htmlspecialchars($this->style[$key]); } } $template->set_style(); $this->img_lang = $this->lang_name; // Call phpbb_user_session_handler() in case external application want to "bend" some variables or replace classes... // After calling it we continue script execution... phpbb_user_session_handler(); /** * Execute code at the end of user setup * * @event core.user_setup_after * @since 3.1.6-RC1 */ $phpbb_dispatcher->dispatch('core.user_setup_after'); // If this function got called from the error handler we are finished here. if (defined('IN_ERROR_HANDLER')) { return; } // Disable board if the install/ directory is still present // For the brave development army we do not care about this, else we need to comment out this everytime we develop locally if (!defined('DEBUG') && !defined('ADMIN_START') && !defined('IN_INSTALL') && !defined('IN_LOGIN') && file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install')) { // Adjust the message slightly according to the permissions if ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) { $message = 'REMOVE_INSTALL'; } else { $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; } trigger_error($message); } // Is board disabled and user not an admin or moderator? if ($config['board_disable'] && !defined('IN_LOGIN') && !defined('SKIP_CHECK_DISABLED') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { if ($this->data['is_bot']) { send_status_line(503, 'Service Unavailable'); } $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; trigger_error($message); } // Is load exceeded? if ($config['limit_load'] && $this->load !== false) { if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !defined('IN_ADMIN')) { // Set board disabled to true to let the admins/mods get the proper notification $config['board_disable'] = '1'; if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { if ($this->data['is_bot']) { send_status_line(503, 'Service Unavailable'); } trigger_error('BOARD_UNAVAILABLE'); } } } if (isset($this->data['session_viewonline'])) { // Make sure the user is able to hide his session if (!$this->data['session_viewonline']) { // Reset online status if not allowed to hide the session... if (!$auth->acl_get('u_hideonline')) { $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET session_viewonline = 1 WHERE session_user_id = ' . $this->data['user_id']; $db->sql_query($sql); $this->data['session_viewonline'] = 1; } } else if (!$this->data['user_allow_viewonline']) { // the user wants to hide and is allowed to -> cloaking device on. if ($auth->acl_get('u_hideonline')) { $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET session_viewonline = 0 WHERE session_user_id = ' . $this->data['user_id']; $db->sql_query($sql); $this->data['session_viewonline'] = 0; } } } // Does the user need to change their password? If so, redirect to the // ucp profile reg_details page ... of course do not redirect if we're already in the ucp if (!defined('IN_ADMIN') && !defined('ADMIN_START') && $config['chg_passforce'] && !empty($this->data['is_registered']) && $auth->acl_get('u_chgpasswd') && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) { if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx") { redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&mode=reg_details')); } } $this->is_setup_flag = true; return; } /** * More advanced language substitution * Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms. * Params are the language key and the parameters to be substituted. * This function/functionality is inspired by SHS` and Ashe. * * Example call: $user->lang('NUM_POSTS_IN_QUEUE', 1); * * If the first parameter is an array, the elements are used as keys and subkeys to get the language entry: * Example: $user->lang(array('datetime', 'AGO'), 1) uses $user->lang['datetime']['AGO'] as language entry. * * @deprecated 3.2.0-dev (To be removed 4.0.0) */ function lang() { $args = func_get_args(); return call_user_func_array(array($this->language, 'lang'), $args); } /** * Determine which plural form we should use. * For some languages this is not as simple as for English. * * @param $number int|float The number we want to get the plural case for. Float numbers are floored. * @param $force_rule mixed False to use the plural rule of the language package * or an integer to force a certain plural rule * @return int|bool The plural-case we need to use for the number plural-rule combination, false if $force_rule * was invalid. * * @deprecated: 3.2.0-dev (To be removed: 3.3.0) */ function get_plural_form($number, $force_rule = false) { return $this->language->get_plural_form($number, $force_rule); } /** * Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion) * * @param mixed $lang_set specifies the language entries to include * @param bool $use_db internal variable for recursion, do not use @deprecated 3.2.0-dev (To be removed: 3.3.0) * @param bool $use_help internal variable for recursion, do not use @deprecated 3.2.0-dev (To be removed: 3.3.0) * @param string $ext_name The extension to load language from, or empty for core files * * Examples: * * $lang_set = array('posting', 'help' => 'faq'); * $lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq')) * $lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq')) * $lang_set = 'posting' * $lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting')) * * * Note: $use_db and $use_help should be removed. The old function was kept for BC purposes, * so the BC logic is handled here. * * @deprecated: 3.2.0-dev (To be removed: 3.3.0) */ function add_lang($lang_set, $use_db = false, $use_help = false, $ext_name = '') { if (is_array($lang_set)) { foreach ($lang_set as $key => $lang_file) { // Please do not delete this line. // We have to force the type here, else [array] language inclusion will not work $key = (string) $key; if ($key == 'db') { // This is never used $this->add_lang($lang_file, true, $use_help, $ext_name); } else if ($key == 'help') { $this->add_lang($lang_file, $use_db, true, $ext_name); } else if (!is_array($lang_file)) { $this->set_lang($lang_file, $use_help, $ext_name); } else { $this->add_lang($lang_file, $use_db, $use_help, $ext_name); } } unset($lang_set); } else if ($lang_set) { $this->set_lang($lang_set, $use_help, $ext_name); } } /** * BC function for loading language files * * @deprecated 3.2.0-dev (To be removed: 3.3.0) */ private function set_lang($lang_set, $use_help, $ext_name) { if (empty($ext_name)) { $ext_name = null; } if ($use_help && strpos($lang_set, '/') !== false) { $component = dirname($lang_set) . '/help_' . basename($lang_set); if ($component[0] === '/') { $component = substr($component, 1); } } else { $component = (($use_help) ? 'help_' : '') . $lang_set; } $this->language->add_lang($component, $ext_name); } /** * Add Language Items from an extension - use_db and use_help are assigned where needed (only use them to force inclusion) * * @param string $ext_name The extension to load language from, or empty for core files * @param mixed $lang_set specifies the language entries to include * @param bool $use_db internal variable for recursion, do not use * @param bool $use_help internal variable for recursion, do not use * * Note: $use_db and $use_help should be removed. Kept for BC purposes. * * @deprecated: 3.2.0-dev (To be removed: 3.3.0) */ function add_lang_ext($ext_name, $lang_set, $use_db = false, $use_help = false) { if ($ext_name === '/') { $ext_name = ''; } $this->add_lang($lang_set, $use_db, $use_help, $ext_name); } /** * Format user date * * @param int $gmepoch unix timestamp * @param string $format date format in date() notation. | used to indicate relative dates, for example |d m Y|, h:i is translated to Today, h:i. * @param bool $forcedate force non-relative date format. * * @return mixed translated date */ function format_date($gmepoch, $format = false, $forcedate = false) { static $utc; if (!isset($utc)) { $utc = new \DateTimeZone('UTC'); } $time = new $this->datetime($this, "@$gmepoch", $utc); $time->setTimezone($this->timezone); return $time->format($format, $forcedate); } /** * Create a \phpbb\datetime object in the context of the current user * * @since 3.1 * @param string $time String in a format accepted by strtotime(). * @param DateTimeZone $timezone Time zone of the time. * @return \phpbb\datetime Date time object linked to the current users locale */ public function create_datetime($time = 'now', \DateTimeZone $timezone = null) { $timezone = $timezone ?: $this->timezone; return new $this->datetime($this, $time, $timezone); } /** * Get the UNIX timestamp for a datetime in the users timezone, so we can store it in the database. * * @param string $format Format of the entered date/time * @param string $time Date/time with the timezone applied * @param DateTimeZone $timezone Timezone of the date/time, falls back to timezone of current user * @return int Returns the unix timestamp */ public function get_timestamp_from_format($format, $time, \DateTimeZone $timezone = null) { $timezone = $timezone ?: $this->timezone; $date = \DateTime::createFromFormat($format, $time, $timezone); return ($date !== false) ? $date->format('U') : false; } /** * Get language id currently used by the user */ function get_iso_lang_id() { global $config, $db; if (!empty($this->lang_id)) { return $this->lang_id; } if (!$this->lang_name) { $this->lang_name = $config['default_lang']; } $sql = 'SELECT lang_id FROM ' . LANG_TABLE . " WHERE lang_iso = '" . $db->sql_escape($this->lang_name) . "'"; $result = $db->sql_query($sql); $this->lang_id = (int) $db->sql_fetchfield('lang_id'); $db->sql_freeresult($result); return $this->lang_id; } /** * Get users profile fields */ function get_profile_fields($user_id) { global $db; if (isset($this->profile_fields)) { return; } $sql = 'SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query_limit($sql, 1); $this->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row; $db->sql_freeresult($result); } /** * Specify/Get image */ function img($img, $alt = '') { $title = ''; if ($alt) { $alt = $this->language->lang($alt); $title = ' title="' . $alt . '"'; } return '' . $alt . ''; } /** * Get option bit field from user options. * * @param int $key option key, as defined in $keyoptions property. * @param int $data bit field value to use, or false to use $this->data['user_options'] * @return bool true if the option is set in the bit field, false otherwise */ function optionget($key, $data = false) { $var = ($data !== false) ? $data : $this->data['user_options']; return phpbb_optionget($this->keyoptions[$key], $var); } /** * Set option bit field for user options. * * @param int $key Option key, as defined in $keyoptions property. * @param bool $value True to set the option, false to clear the option. * @param int $data Current bit field value, or false to use $this->data['user_options'] * @return int|bool If $data is false, the bit field is modified and * written back to $this->data['user_options'], and * return value is true if the bit field changed and * false otherwise. If $data is not false, the new * bitfield value is returned. */ function optionset($key, $value, $data = false) { $var = ($data !== false) ? $data : $this->data['user_options']; $new_var = phpbb_optionset($this->keyoptions[$key], $value, $var); if ($data === false) { if ($new_var != $var) { $this->data['user_options'] = $new_var; return true; } else { return false; } } else { return $new_var; } } /** * Funtion to make the user leave the NEWLY_REGISTERED system group. * @access public */ function leave_newly_registered() { global $db; if (empty($this->data['user_new'])) { return false; } if (!function_exists('remove_newly_registered')) { global $phpbb_root_path, $phpEx; include($phpbb_root_path . 'includes/functions_user.' . $phpEx); } if ($group = remove_newly_registered($this->data['user_id'], $this->data)) { $this->data['group_id'] = $group; } $this->data['user_permissions'] = ''; $this->data['user_new'] = 0; return true; } /** * Returns all password protected forum ids the user is currently NOT authenticated for. * * @return array Array of forum ids * @access public */ function get_passworded_forums() { global $db; $sql = 'SELECT f.forum_id, fa.user_id FROM ' . FORUMS_TABLE . ' f LEFT JOIN ' . FORUMS_ACCESS_TABLE . " fa ON (fa.forum_id = f.forum_id AND fa.session_id = '" . $db->sql_escape($this->session_id) . "') WHERE f.forum_password <> ''"; $result = $db->sql_query($sql); $forum_ids = array(); while ($row = $db->sql_fetchrow($result)) { $forum_id = (int) $row['forum_id']; if ($row['user_id'] != $this->data['user_id']) { $forum_ids[$forum_id] = $forum_id; } } $db->sql_freeresult($result); return $forum_ids; } }