mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 20:30:39 +02:00
Code Issues Releases Wiki Activity

Tidy up a few lurking bugs

Browse Source
This commit is contained in:
e107steved
2008-12-17 20:26:57 +00:00
parent 60bd309051
commit 5e6fde13c2
4 changed files with 160 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
e107_files/shortcode/user_extended.sc
View File

@@ -93,27 +93,28 @@ if ($parms[1] == 'value')
$uVal = str_replace(chr(1), "", $udata['user_'.$parms[0]]); $uVal = str_replace(chr(1), "", $udata['user_'.$parms[0]]);
switch ($ueStruct["user_".$parms[0]]['user_extended_struct_type']) switch ($ueStruct["user_".$parms[0]]['user_extended_struct_type'])
{ {
// check for db_lookup type case EUF_DB_FIELD : // check for db_lookup type
case EUF_DB_FIELD : $tmp = explode(",",$ueStruct["user_".$parms[0]]['user_extended_struct_values']);
$tmp = explode(",",$ueStruct["user_".$parms[0]]['user_extended_struct_values']); $sql_ue = new db; // Use our own DB object to avoid conflicts
$sql_ue = new db; // Use our own DB object to avoid conflicts if($sql_ue->db_Select($tmp[0],"{$tmp[1]}, {$tmp[2]}","{$tmp[1]} = '{$uVal}'"))
if($sql_ue->db_Select($tmp[0],"{$tmp[1]}, {$tmp[2]}","{$tmp[1]} = '{$uVal}'")) {
{ $row = $sql_ue->db_Fetch();
$row = $sql_ue->db_Fetch(); $ret_data = $row[$tmp[2]];
$ret_data = $row[$tmp[2]]; }
} else
else {
{ $ret_data = FALSE;
$ret_data = FALSE; }
} break;
break; case EUF_DATE : //check for 0000-00-00 in date field
case EUF_DATE : //check for 0000-00-00 in date field if($uVal == "0000-00-00") { $uVal = ""; }
if($uVal == "0000-00-00") { $uVal = ""; } $ret_data = $uVal;
$ret_data = $uVal; break;
break; case EUF_PREDEFINED : // Predefined field - have to look up display string in relevant file
case EUF_PREDEFINED : // Predefined field - have to look up display string in relevant file $ret_data = e107_user_extended::user_extended_display_text($ueStruct["user_".$parms[0]]['user_extended_struct_values'],$uVal);
$ret_data = e107_user_extended::user_extended_display_text($ueStruct["user_".$parms[0]]['user_extended_struct_values'],$uVal); break;
break; default :
$ret_data = $uVal;
} }
if($ret_data != "") if($ret_data != "")
{ {

38
e107_plugins/links_page/e_userprofile.php
View File

@@ -1,10 +1,13 @@
<?php <?php
if(!function_exists('e_userprofile_links_page')){ if(!function_exists('e_userprofile_links_page'))
function e_userprofile_links_page(){ {
function e_userprofile_links_page()
{
global $qs, $sql, $tp; global $qs, $sql, $tp;
$id=intval($qs[1]); $id=intval($qs[1]);
include_lan(e_PLUGIN."links_page/languages/".e_LANGUAGE.".php"); // Need the LAN file in some places even if no links found
$qry = " $qry = "
SELECT l.*, lc.* SELECT l.*, lc.*
@@ -18,23 +21,32 @@ if(!function_exists('e_userprofile_links_page')){
$text = ''; $text = '';
$total = $sql -> db_Select_gen($qry); $total = $sql -> db_Select_gen($qry);
if($sql -> db_Select_gen($qry1)){ if ($sql -> db_Select_gen($qry1))
include_lan(e_PLUGIN."links_page/languages/".e_LANGUAGE.".php"); {
while($row = $sql -> db_Fetch()){ while ($row = $sql -> db_Fetch())
{
$LINK_APPEND = "<a class='linkspage_url' href='".$row['link_url']."' onclick=\"open_window('".e_PLUGIN."links_page/links.php?view.".$row['link_id']."','full');return false;\" >"; $LINK_APPEND = "<a class='linkspage_url' href='".$row['link_url']."' onclick=\"open_window('".e_PLUGIN."links_page/links.php?view.".$row['link_id']."','full');return false;\" >";
$icon = $LINK_APPEND."<img class='linkspage_button' style='width:50px; height:50px;' src='".e_PLUGIN."links_page/images/blank.gif' alt='' /></a>"; $icon = $LINK_APPEND."<img class='linkspage_button' style='width:50px; height:50px;' src='".e_PLUGIN."links_page/images/blank.gif' alt='' /></a>";
if ($row['link_button']) { if ($row['link_button'])
if (strpos($row['link_button'], "http://") !== FALSE) { {
if (strpos($row['link_button'], "http://") !== FALSE)
{
$icon = $LINK_APPEND."<img class='linkspage_button' src='".$row['link_button']."' alt='' /></a>"; $icon = $LINK_APPEND."<img class='linkspage_button' src='".$row['link_button']."' alt='' /></a>";
} else { }
if(strstr($row['link_button'], "/")){ else
if(is_readable(e_BASE.$row['link_button'])){ {
if(strstr($row['link_button'], "/"))
{
if(is_readable(e_BASE.$row['link_button']))
{
$icon = $LINK_APPEND."<img class='linkspage_button' style='width:50px; height:50px;' src='".e_BASE.$row['link_button']."' alt='' /></a>"; $icon = $LINK_APPEND."<img class='linkspage_button' style='width:50px; height:50px;' src='".e_BASE.$row['link_button']."' alt='' /></a>";
} }
}else{ }
if(is_readable(e_PLUGIN."links_page/link_images/".$row['link_button'])){ else
{
if(is_readable(e_PLUGIN."links_page/link_images/".$row['link_button']))
{
$icon = $LINK_APPEND."<img class='linkspage_button' style='width:50px; height:50px;' src='".e_PLUGIN."links_page/link_images/".$row['link_button']."' alt='' /></a>"; $icon = $LINK_APPEND."<img class='linkspage_button' style='width:50px; height:50px;' src='".e_PLUGIN."links_page/link_images/".$row['link_button']."' alt='' /></a>";
} }
} }

3
e107_plugins/links_page/plugin.xml
View File

@@ -1,12 +1,13 @@
<?xml version="1.0" encoding="iso-8859-1"?> <?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Id: plugin.xml,v 1.1 2008-12-13 16:06:11 e107steved Exp $ --> <!-- $Id: plugin.xml,v 1.2 2008-12-17 20:26:57 e107steved Exp $ -->
<e107Plugin name="LCLAN_PLUGIN_LAN_1" version="1.12" compatibility="0.8" installRequired="true"> <e107Plugin name="LCLAN_PLUGIN_LAN_1" version="1.12" compatibility="0.8" installRequired="true">
<author name="e107devs" url="http://e107.org" /> <author name="e107devs" url="http://e107.org" />
<description>Links Page For Displaying External Web Links</description> <description>Links Page For Displaying External Web Links</description>
<folder>links_page</folder> <folder>links_page</folder>
<copyright>Copyright e107 Inc e107.org, Licensed under GPL (http://www.gnu.org/licenses/gpl.txt)</copyright> <copyright>Copyright e107 Inc e107.org, Licensed under GPL (http://www.gnu.org/licenses/gpl.txt)</copyright>
<logLanguageFile filename="languages/--LAN--_admin_links_page.php" />
<administration> <administration>
<configFile>admin_linkspage_config.php</configFile> <configFile>admin_linkspage_config.php</configFile>
<icon>images/linkspage_32.png</icon> <icon>images/linkspage_32.png</icon>

187
signup.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/signup.php,v $ | $Source: /cvs_backup/e107_0.8/signup.php,v $
| $Revision: 1.25 $ | $Revision: 1.26 $
| $Date: 2008-12-10 18:06:33 $ | $Date: 2008-12-17 20:26:51 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -322,31 +322,31 @@ if (e_QUERY)
$e107cache->clear("online_menu_totals"); $e107cache->clear("online_menu_totals");
if ($sql->db_Select("user", "*", "user_sess='".$tp -> toDB($qs[2], true)."' ")) if ($sql->db_Select("user", "*", "user_sess='".$tp -> toDB($qs[2], true)."' "))
{ {
if ($row = $sql->db_Fetch()) if ($row = $sql->db_Fetch())
{
// Set initial classes, and any which the user can opt to join
$init_classes = '';
if ($pref['init_class_stage'] == '2')
{ {
$init_classes = explode(',',varset($pref['initial_user_classes'],'')); // Set initial classes, and any which the user can opt to join
if ($init_classes) $init_classes = '';
{ // Update the user classes if ($pref['init_class_stage'] == '2')
$row['user_class'] = $tp->toDB(implode(',',array_unique(array_merge($init_classes, explode(',',$row['user_class']))))); {
$init_classes = ", user_class='".$row['user_class']."' "; $init_classes = explode(',',varset($pref['initial_user_classes'],''));
} if ($init_classes)
} { // Update the user classes
$sql->db_Update("user", "user_ban='0', user_sess=''{$init_classes} WHERE user_sess='".$tp -> toDB($qs[2], true)."' "); $row['user_class'] = $tp->toDB(implode(',',array_unique(array_merge($init_classes, explode(',',$row['user_class'])))));
$init_classes = ", user_class='".$row['user_class']."' ";
}
}
$sql->db_Update("user", "user_ban='0', user_sess=''{$init_classes} WHERE user_sess='".$tp -> toDB($qs[2], true)."' ");
// Log to user audit log if enabled // Log to user audit log if enabled
$admin_log->user_audit(USER_AUDIT_EMAILACK,$row); $admin_log->user_audit(USER_AUDIT_EMAILACK,$row);
$e_event->trigger("userveri", $row); $e_event->trigger("userveri", $row);
require_once(HEADERF); require_once(HEADERF);
$text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME; $text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
$ns->tablerender(LAN_402, $text); $ns->tablerender(LAN_402, $text);
require_once(FOOTERF); require_once(FOOTERF);
exit; exit;
} }
} }
else else
{ // Invalid activation code { // Invalid activation code
@@ -630,16 +630,16 @@ global $db_debug;
// Check for Duplicate Email address - but only if previous checks passed. // Check for Duplicate Email address - but only if previous checks passed.
if ($do_email_validate && $email_address_OK && $sql->db_Select("user", "user_email, user_ban, user_sess", "user_email='".$_POST['email']."' ")) if ($do_email_validate && $email_address_OK && $sql->db_Select("user", "user_email, user_ban, user_sess", "user_email='".$_POST['email']."' "))
{ {
$chk = $sql -> db_Fetch(); $chk = $sql -> db_Fetch();
if($chk['user_ban']== 2 && $chk['user_sess']) if($chk['user_ban']== 2 && $chk['user_sess'])
{ // duplicate because unactivated { // duplicate because unactivated
$error = TRUE; $error = TRUE;
header("Location: ".e_BASE."signup.php?resend"); header("Location: ".e_BASE."signup.php?resend");
exit; exit;
} }
else else
{ {
$email_address_OK = FALSE; $email_address_OK = FALSE;
$error_message .= LAN_408."\\n"; $error_message .= LAN_408."\\n";
$error = TRUE; $error = TRUE;
} }
@@ -647,36 +647,43 @@ global $db_debug;
// Extended Field validation // Extended Field validation
$extList = $usere->user_extended_get_fieldList(); $extList = $usere->user_extended_get_fieldList();
$eufVals = array();
foreach($extList as $ext) foreach($extList as $ext)
{ {
if(isset($_POST['ue']['user_'.$ext['user_extended_struct_name']])) $eufName = 'user_'.$ext['user_extended_struct_name'];
if(isset($_POST['ue'][$eufName]))
{ {
$newval = trim($_POST['ue']['user_'.$ext['user_extended_struct_name']]); $newval = trim($_POST['ue'][$eufName]);
// echo "Vetting field ".'user_'.$ext['user_extended_struct_name'].": {$newval} = ".trim($_POST['ue']['user_'.$ext['user_extended_struct_name']])."<br />";
if($ext['user_extended_struct_required'] == 1 && (($newval == "") || (($ext['user_extended_struct_type'] == 7) && ($newval == '0000-00-00')) )) if($ext['user_extended_struct_required'] == 1 && (($newval == "") || (($ext['user_extended_struct_type'] == 7) && ($newval == '0000-00-00')) ))
{ { // Required field not present
$_ftext = (defined($ext['user_extended_struct_text']) ? constant($ext['user_extended_struct_text']) : $ext['user_extended_struct_text']); $_ftext = (defined($ext['user_extended_struct_text']) ? constant($ext['user_extended_struct_text']) : $ext['user_extended_struct_text']);
$error_message .= LAN_SIGNUP_6.$_ftext.LAN_SIGNUP_7."\\n"; $error_message .= LAN_SIGNUP_6.$_ftext.LAN_SIGNUP_7."\\n";
$error = TRUE; $error = TRUE;
} }
$parms = explode("^,^", $ext['user_extended_struct_parms']); else
$regex = (isset($parms[1]) ? $tp->toText($parms[1]) : "");
$regexfail = (isset($parms[2]) ? trim($tp->toText($parms[2])) : "");
if($regexfail == "")
{ {
$regexfail = $ext['user_extended_struct_name']." ".LAN_SIGNUP_53; $parms = explode("^,^", $ext['user_extended_struct_parms']);
} $regex = (isset($parms[1]) ? $tp->toText($parms[1]) : "");
$regexfail = (isset($parms[2]) ? trim($tp->toText($parms[2])) : "");
if(defined($regexfail)) {$regexfail = constant($regexfail);} if($regexfail == "")
{
$regexfail = $ext['user_extended_struct_name']." ".LAN_SIGNUP_53;
}
if($regex != "" && $newval != "") if(defined($regexfail)) {$regexfail = constant($regexfail);}
{
if(!preg_match($regex, $newval)) if($regex != "" && $newval != "" && !preg_match($regex, $newval))
{ {
$error_message .= $regexfail."\\n"; $error_message .= $regexfail."\\n";
$error = TRUE; $error = TRUE;
} }
else
{
$eufVals[$eufName] = $newval;
}
} }
} }
} }
@@ -711,10 +718,10 @@ global $db_debug;
$ip = $e107->getip(); $ip = $e107->getip();
$ue_fields = ""; $ue_fields = "";
foreach($_POST['ue'] as $key => $val) if (count($eufVals))
{
foreach($eufVals as $key => $val) // We've already ensured only valid keys here
{ {
if (isset($extList[$key]))
{ // Only allow valid keys
$key = $tp->toDB($key); $key = $tp->toDB($key);
$val = $tp->toDB($val); $val = $tp->toDB($val);
$ue_fields .= ($ue_fields) ? ", " : ""; $ue_fields .= ($ue_fields) ? ", " : "";
@@ -722,7 +729,7 @@ global $db_debug;
} }
} }
$u_key = md5(uniqid(rand(), 1)); // Key for signup completion $u_key = md5(uniqid(rand(), 1)); // Key for signup completion
// ************* Possible class insert // ************* Possible class insert
// Following array will be logged to both admin log and user's entry // Following array will be logged to both admin log and user's entry
@@ -745,10 +752,10 @@ global $db_debug;
'user_login' => $tp -> toDB($_POST['realname']), 'user_login' => $tp -> toDB($_POST['realname']),
'user_xup' => $tp -> toDB($_POST['xupexist']) 'user_xup' => $tp -> toDB($_POST['xupexist'])
); );
if (varsettrue($pref['allowEmailLogin'])) if (varsettrue($pref['allowEmailLogin']))
{ // Need to create separate password for email login { // Need to create separate password for email login
$new_data['user_prefs'] = serialize(array('email_password' => $user_info->HashPassword($_POST['password1'], $new_data['user_email']))); $new_data['user_prefs'] = serialize(array('email_password' => $user_info->HashPassword($_POST['password1'], $new_data['user_email'])));
} }
$nid = $sql->db_Insert("user", array_merge($signup_data,$new_data)); $nid = $sql->db_Insert("user", array_merge($signup_data,$new_data));
@@ -767,24 +774,38 @@ global $db_debug;
} }
$adviseLoginName = ''; $adviseLoginName = '';
if (varsettrue($pref['predefinedLoginName'])) if (varsettrue($pref['predefinedLoginName']))
{ {
$adviseLoginName = LAN_SIGNUP_65.': '.$loginname.'<br />'.LAN_SIGNUP_66.'<br />'; $adviseLoginName = LAN_SIGNUP_65.': '.$loginname.'<br />'.LAN_SIGNUP_66.'<br />';
} }
if ($pref['user_reg_veri']) if ($pref['user_reg_veri'])
{ // Verification required (may be by email or by admin) { // Verification required (may be by email or by admin)
// Set initial classes, and any which the user can opt to join // Set initial classes, and any which the user can opt to join
$init_classes = array(); $init_classes = array();
if ($pref['init_class_stage'] == '1') $init_classes = explode(',',varset($pref['initial_user_classes'],'')); if ($pref['init_class_stage'] == '1') { $init_classes = explode(',',varset($pref['initial_user_classes'],'')); }
if (isset($_POST['class'])) $init_classes = array_unique(array_merge($init_classes, $_POST['class'])); if (isset($_POST['class']))
if (count($init_classes)) {
{ foreach ($_POST['class'] as $cl)
$sql->db_Update("user", "user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id='".$nid."' "); {
} if (intval($cl))
{
$init_classes[] = $cl;
}
}
}
if (varsettrue($pref['user_new_period']))
{
$init_classes[] = e_UC_NEWUSER;
}
$init_classes = array_unique($init_classes);
if (count($init_classes))
{
$sql->db_Update("user", "user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id='".$nid."' ");
}
// ========= save extended fields into db table. ===== // ========= save extended fields into db table. =====
@@ -842,19 +863,33 @@ global $db_debug;
require_once(HEADERF); require_once(HEADERF);
if(!$sql -> db_Select("user", "user_id", "user_name='{$username}' AND user_password='".$new_data['user_password']."'")) if(!$sql -> db_Select("user", "user_id", "user_name='{$username}' AND user_password='".$new_data['user_password']."'"))
{ // Error looking up newly created user { // Error looking up newly created user
$ns->tablerender("", LAN_SIGNUP_36); $ns->tablerender("", LAN_SIGNUP_36);
require_once(FOOTERF); require_once(FOOTERF);
exit; exit;
} }
// Set initial classes, and any which the user can opt to join // Set initial classes, and any which the user can opt to join
$init_classes = explode(',',varset($pref['initial_user_classes'],'')); $init_classes = explode(',',varset($pref['initial_user_classes'],''));
if (isset($_POST['class'])) $init_classes = array_unique(array_merge($init_classes, $_POST['class'])); if (isset($_POST['class']))
{
foreach ($_POST['class'] as $cl)
{
if (intval($cl))
{
$init_classes[] = $cl;
}
}
}
if (varsettrue($pref['user_new_period']))
{
$init_classes[] = e_UC_NEWUSER;
}
$init_classes = array_unique($init_classes);
// Set member as registered, update classes // Set member as registered, update classes
$sql->db_Update("user", "user_ban = '".USER_VALIDATED."', user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id = '{$nid}'"); $sql->db_Update("user", "user_ban = '".USER_VALIDATED."', user_class='".implode(',',$init_classes)."' WHERE user_id = '{$nid}'");
// ======== save extended fields to DB table. // ======== save extended fields to DB table.
@@ -865,12 +900,12 @@ global $db_debug;
} }
$_POST['ip'] = $ip; $_POST['ip'] = $ip;
$_POST['user_id'] = $nid; // ID for the user $_POST['user_id'] = $nid; // ID for the user
$e_event->trigger("usersup", $_POST); // send everything in the template, including extended fields. $e_event->trigger("usersup", $_POST); // send everything in the template, including extended fields.
if (isset($pref['signup_text_after']) && (strlen($pref['signup_text_after']) > 2)) if (isset($pref['signup_text_after']) && (strlen($pref['signup_text_after']) > 2))
{ {
$text = $tp->toHTML(str_replace('{NEWLOGINNAME}', $loginname, $pref['signup_text_after']), TRUE, 'parse_sc,defs')."<br />"; $text = $tp->toHTML(str_replace('{NEWLOGINNAME}', $loginname, $pref['signup_text_after']), TRUE, 'parse_sc,defs')."<br />";
} }
else else
{ {