mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 11:50:30 +02:00
Code Issues Releases Wiki Activity

Start of generic user data validation, kill references to user_realm field

Browse Source
This commit is contained in:
e107steved
2008-12-21 11:07:58 +00:00
parent 04d33ef1d0
commit b7d0b113c3
14 changed files with 1564 additions and 1093 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
class2.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/class2.php,v $
| $Revision: 1.86 $
| $Date: 2008-12-19 22:56:22 $
| $Revision: 1.87 $
| $Date: 2008-12-21 11:07:58 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -1446,7 +1446,6 @@ function init_session()
define('USEREMAIL', $result['user_email']);
define('USER', true);
define('USERCLASS', $result['user_class']);
define('USERREALM', $result['user_realm']);
define('USERVIEWED', $result['user_viewed']);
define('USERIMAGE', $result['user_image']);
define('USERPHOTO', $result['user_sess']);

350
e107_admin/users.php
View File

@@ -1,20 +1,18 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| <20>Steve Dunstan 2001-2002
| http://e107.org
| jalist@e107.org
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $
| $Revision: 1.17 $
| $Date: 2008-07-03 21:23:39 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Administration Area - Users
*
* $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $
* $Revision: 1.18 $
* $Date: 2008-12-21 11:07:58 $
* $Author: e107steved $
*
*/
require_once("../class2.php");
@@ -48,12 +46,14 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == 'userclass')
$e_sub_cat = 'users';
$user = new users;
require_once("auth.php");
require_once('auth.php');
require_once(e_HANDLER."form_handler.php");
require_once(e_HANDLER."userclass_class.php");
require_once(e_HANDLER.'form_handler.php');
require_once(e_HANDLER.'userclass_class.php');
require_once(e_HANDLER.'user_handler.php');
$user_info = new UserHandler;
require_once(e_HANDLER.'validator_class.php');
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php');
$userMethods = new UserHandler;
$user_data = array();
$rs = new form;
@@ -106,7 +106,7 @@ if(isset($_POST['resend_to_all']))
// ------- Test Email. --------------
if (isset($_POST['test_mail']))
{
require_once(e_HANDLER."mail_validation_class.php");
require_once(e_HANDLER.'mail_validation_class.php');
list($adminuser,$adminhost) = split ("@", SITEADMINEMAIL);
$validator = new email_validation_class;
$validator->localuser= $adminuser;
@@ -141,20 +141,27 @@ if (isset($_POST['test_mail']))
// ------- Update Options. --------------
if (isset($_POST['update_options']))
{
$pref['avatar_upload'] = (FILE_UPLOADS ? $_POST['avatar_upload'] : 0);
$pref['im_width'] = $_POST['im_width'];
$pref['im_height'] = $_POST['im_height'];
$pref['photo_upload'] = (FILE_UPLOADS ? $_POST['photo_upload'] : 0);
$pref['del_unv'] = $_POST['del_unv'];
$pref['profile_rate'] = $_POST['profile_rate'];
$pref['profile_comments'] = $_POST['profile_comments'];
$pref['track_online'] = $_POST['track_online'];
$pref['force_userupdate'] = $_POST['force_userupdate'];
$pref['memberlist_access'] = $_POST['memberlist_access'];
save_prefs();
unset($_POST['update_options']); // So we don't log it
$admin_log->log_event('USET_03',$tp->toDB(implode('; ',$_POST)),E_LOG_INFORMATIVE);
$temp = array();
$temp['avatar_upload'] = (FILE_UPLOADS ? $_POST['avatar_upload'] : 0);
$temp['im_width'] = $_POST['im_width'];
$temp['im_height'] = $_POST['im_height'];
$temp['photo_upload'] = (FILE_UPLOADS ? $_POST['photo_upload'] : 0);
$temp['del_unv'] = $_POST['del_unv'];
$temp['profile_rate'] = $_POST['profile_rate'];
$temp['profile_comments'] = $_POST['profile_comments'];
$temp['track_online'] = $_POST['track_online'];
$temp['force_userupdate'] = $_POST['force_userupdate'];
$temp['memberlist_access'] = $_POST['memberlist_access'];
$temp['user_new_period'] = $_POST['user_new_period'];
if ($admin_log->logArrayDiffs($temp, $pref, 'USET_03'))
{
save_prefs(); // Only save if changes
$user->show_message(USRLAN_1);
}
else
{
$user->show_message(USRLAN_193);
}
}
@@ -184,114 +191,64 @@ if (isset($_POST['prune']))
// ------- Quick Add User --------------
if (isset($_POST['adduser']))
{
$e107cache->clear("online_menu_member_total");
$e107cache->clear("online_menu_member_newest");
if (!$_POST['ac'] == md5(ADMINPWCHANGE))
{
exit;
}
$user_data = array(); // Assemble the data into an array
require_once(e_HANDLER."message_handler.php");
$displayname = strip_tags($_POST['name']);
if (($displayname != strip_tags($_POST['name'])) || (strstr($_POST['name'], "#") || strstr($_POST['name'], "=")))
{
message_handler("P_ALERT", USRLAN_92);
$error = TRUE;
}
$displayname = trim(str_replace("&nbsp;", "", $displayname));
if ($displayname == "Anonymous")
{
message_handler("P_ALERT", USRLAN_65);
$error = TRUE;
}
if ((strlen($displayname) > varset($pref['displayname_maxlength'],15)) || (strlen($displayname) < 2))
{
message_handler('P_ALERT',USRLAN_154);
$error = TRUE;
}
if ($sql->db_Count("user", "(*)", "WHERE user_name='".$displayname."' "))
{
message_handler("P_ALERT", USRLAN_66);
$error = TRUE;
}
$e107cache->clear('online_menu_member_total');
$e107cache->clear('online_menu_member_newest');
$error = FALSE;
if (isset($_POST['generateloginname']))
{
$loginname = $user_info->generateUserLogin($pref['predefinedLoginName']);
$_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']);
}
else
{
$loginname = trim(preg_replace('/&nbsp;|\#|\=|\$/', "", strip_tags($_POST['loginname'])));
if ($loginname != $_POST['loginname'])
{
message_handler('P_ALERT',USRLAN_152);
$error = TRUE;
}
}
if ((strlen($loginname) > varset($pref['loginname_maxlength'],30)) || (strlen($loginname) < 3))
{
message_handler('P_ALERT',USRLAN_154);
$error = TRUE;
}
if ($sql->db_Count("user", "(*)", "WHERE user_loginname='".$loginname."' "))
{
message_handler("P_ALERT", USRLAN_153);
$error = TRUE;
}
if (isset($_POST['generatepassword']))
{
$_POST['password1'] = $user_info->generateRandomString('**********'); // 10-char password should be enough
$_POST['password1'] = $userMethods->generateRandomString('**********'); // 10-char password should be enough
$_POST['password2'] = $_POST['password1'];
}
else
// Now validate everything
$allData = validatorClass::validateFields($_POST,$userMethods->userVettingInfo, TRUE); // Do basic validation
validatorClass::checkMandatory('user_name,user_loginname', $allData); // Check for missing fields (email done in userValidation() )
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks
$userMethods->userValidation($allData); // Do user-specific DB checks
if (($_POST['password1'] != $_POST['password2']) && !isset($allData['errors']['user_password']))
{
if ($_POST['password1'] != $_POST['password2'])
$allData['errors']['user_password'] = ERR_PASSWORDS_DIFFERENT;
}
if (!check_class($pref['displayname_class'], $allData['validate']['user_class']))
{
message_handler("P_ALERT", USRLAN_67);
$error = TRUE;
if ($allData['validate']['user_name'] != $allData['validate']['user_loginname'])
{
$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT;
}
}
if ($_POST['name'] == "" || $_POST['password1'] == "" || $_POST['password2'] = "")
if (count($allData['errors']))
{
message_handler("P_ALERT", USRLAN_68);
$error = TRUE;
}
if (!check_email($_POST['email']))
{
message_handler("P_ALERT", USRLAN_69);
$error = TRUE;
}
if ($sql->db_Count("user", "(*)", "WHERE user_email='".$_POST['email']."' AND user_ban='1' "))
{
message_handler("P_ALERT", USRLAN_147);
$error = TRUE;
}
if ($sql->db_Count("banlist", "(*)", "WHERE banlist_ip='".$_POST['email']."'"))
{
message_handler("P_ALERT", USRLAN_148);
require_once(e_HANDLER."message_handler.php");
$temp = validatorClass::makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
message_handler('P_ALERT', $temp);
$error = TRUE;
}
// Always save some of the entered data - then we can redisplay on error
$user_data['user_name'] = $displayname;
$user_data['user_loginname'] = $loginname;
$user_data['user_class'] = implode(",", $_POST['userclass']);
$user_data['user_email'] = $tp->toDB($_POST['email']);
$user_data['user_hideemail'] = 1;
$user_data['user_login'] = $tp->toDB($_POST['realname']);
$user_data = $allData['validate'];
if (!$error)
{
$user_data['user_password'] = $user_info->HashPassword($_POST['password1'],$loginname);
$message = '';
$user_data['user_password'] = $userMethods->HashPassword($_POST['password1'],$loginname);
$user_data['user_join'] = time();
$user_data['user_lastvisit'] = 0;
$user_data['user_currentvisit'] = 0;
$user_data['user_pwchange'] = 0;
if ($userMethods->needEmailPassword())
{ // Save separate password encryption for use with email address
$user_data['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($_POST['password1'], $user_data['user_email'])));
}
$userMethods->addNonDefaulted($user_data);
if (admin_update($sql -> db_Insert("user", $user_data), 'insert', USRLAN_70))
{
// Add to admin log
@@ -304,15 +261,18 @@ if (isset($_POST['adduser']))
$e_message = str_replace(array('--SITE--','--LOGIN--','--PASSWORD--'),array(SITEURL,$loginname,$_POST['password1']),USRLAN_185).USRLAN_186;
if (sendemail($user_data['user_email'],USRLAN_187.SITEURL,$e_message,$user_data['user_login'],'',''))
{
$message = USRLAN_188;
$message = USRLAN_188.'<br /><br />';
}
else
{
$message = USRLAN_189;
$message = USRLAN_189.'<br /><br />';
}
}
$message .= str_replace('--NAME--',$user_data['user_name'], USRLAN_174) ;
if (isset($_POST['generateloginname'])) $message .= '<br /><br />'.USRLAN_173.': '.$loginname;
if (isset($_POST['generatepassword'])) $message .= '<br /><br />'.USRLAN_172.': '.$_POST['password1'];
unset($user_data); // Don't recycle the data once the user's been accepted without error
}
}
if (isset($message)) $user->show_message($message);
@@ -612,6 +572,7 @@ switch ($action)
break;
case "create" :
$userMethods->deleteExpired(); // Remove time-expired users
$user->add_user($user_data);
break;
@@ -631,7 +592,7 @@ class users
function show_existing_users($action, $sub_action, $id, $from, $amount)
{
global $sql, $rs, $ns, $tp, $mySQLdefaultdb,$pref,$unverified;
global $sql, $rs, $ns, $tp, $mySQLdefaultdb,$pref,$unverified, $userMethods;
// save the display choices.
if(isset($_POST['searchdisp']))
{
@@ -648,7 +609,8 @@ class users
$search_display = explode("|",$pref['admin_user_disp']);
}
if ($sql->db_Select("userclass_classes")) {
if ($sql->db_Select("userclass_classes"))
{
while ($row = $sql->db_Fetch())
{
$class[$row['userclass_id']] = $tp->toHTML($row['userclass_name'],"","defs,emotes_off, no_make_clickable");
@@ -665,7 +627,7 @@ class users
$query .= (strpos($_POST['searchquery'], ".") !== FALSE) ? "user_ip REGEXP('".$_POST['searchquery']."') OR ": "";
foreach($search_display as $disp)
{
$query .= "$disp REGEXP('".$_POST['searchquery']."') OR ";
$query .= $disp." REGEXP('".$_POST['searchquery']."') OR ";
}
$query .= "user_login REGEXP('".$_POST['searchquery']."') OR ";
$query .= "user_name REGEXP('".$_POST['searchquery']."') ";
@@ -674,7 +636,9 @@ class users
$query .= " AND user_ban = 2 ";
}
$query .= " ORDER BY user_id";
} else {
}
else
{
$query = "";
if($action == 'unverified')
{
@@ -686,71 +650,38 @@ class users
// $user_total = db_Count($table, $fields = '(*)',
$qry_insert = "SELECT u.*, ue.* FROM #user AS u LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id ";
if ($user_total = $sql->db_Select_gen($qry_insert. $query)) {
if ($user_total = $sql->db_Select_gen($qry_insert. $query))
{
$text .= "<table class='fborder' style='".ADMIN_WIDTH."'>
<tr>
<td style='width:5%' class='fcaption'><a href='".e_SELF."?main.user_id.".($id == "desc" ? "asc" : "desc").".$from'>ID</a></td>
<td style='width:10%' class='fcaption'><a href='".e_SELF."?main.user_ban.".($id == "desc" ? "asc" : "desc").".$from'>".USRLAN_79."</a></td>";
// Search Display Column header.
$display_lan = array(
'user_id' => DUSRLAN_1,
'user_name' => DUSRLAN_2,
'user_loginname' => DUSRLAN_3,
'user_customtitle' => DUSRLAN_4,
'user_password' => DUSRLAN_5,
'user_sess' => DUSRLAN_6,
'user_email' => DUSRLAN_7,
'user_homepage' => DUSRLAN_8,
'user_icq' => DUSRLAN_9,
'user_aim' => DUSRLAN_10,
'user_msn' => DUSRLAN_11,
'user_location' => DUSRLAN_12,
'user_birthday' => DUSRLAN_13,
'user_signature' => DUSRLAN_14,
'user_image' => DUSRLAN_15,
'user_timezone' => DUSRLAN_16,
'user_hideemail' => DUSRLAN_17,
'user_join' => DUSRLAN_18,
'user_lastvisit' => DUSRLAN_19,
'user_currentvisit' => DUSRLAN_20,
'user_lastpost' => DUSRLAN_21,
'user_chats' => DUSRLAN_22,
'user_comments' => DUSRLAN_23,
'user_forums' => DUSRLAN_24,
'user_ip' => DUSRLAN_25,
'user_ban' => DUSRLAN_26,
'user_prefs' => DUSRLAN_27,
'user_new' => DUSRLAN_28,
'user_viewed' => DUSRLAN_29,
'user_visits' => DUSRLAN_30,
'user_admin' => DUSRLAN_31,
'user_login' => DUSRLAN_32,
'user_class' => DUSRLAN_33,
'user_perms' => DUSRLAN_34,
'user_realm' => DUSRLAN_35,
'user_pwchange' => DUSRLAN_36,
'user_xup' => DUSRLAN_37
);
foreach($search_display as $disp){
if (isset($display_lan[$disp])) {
// Search Display Column header.
$display_lan = $userMethods->getNiceNames(TRUE); // List of field names and descriptive names
foreach($search_display as $disp)
{
if (isset($display_lan[$disp]))
{
$text .= "<td style='width:15%' class='fcaption'><a href='".e_SELF."?main.$disp.".($id == "desc" ? "asc" : "desc").".$from'>".$display_lan[$disp]."</a></td>";
} else {
}
else
{
$text .= "<td style='width:15%' class='fcaption'><a href='".e_SELF."?main.$disp.".($id == "desc" ? "asc" : "desc").".$from'>".ucwords(str_replace("_"," ",$disp))."</a></td>";
}
}
// ------------------------------
// ------------------------------
$text .= " <td style='width:30%' class='fcaption'>".LAN_OPTIONS."</td>
</tr>";
while ($row = $sql->db_Fetch()) {
while ($row = $sql->db_Fetch())
{
extract($row);
$text .= "<tr>
<td style='width:5%; text-align:center' class='forumheader3'>$user_id</td>
<td style='width:5%; text-align:center' class='forumheader3'>{$user_id}</td>
<td style='width:10%' class='forumheader3'>";
if ($user_perms == "0") {
@@ -775,7 +706,7 @@ class users
// Display Chosen options -------------------------------------
// Display Chosen options
$datefields = array("user_lastpost","user_lastvisit","user_join","user_currentvisit");
$boleanfields = array("user_admin","user_hideemail","user_ban");
@@ -797,7 +728,8 @@ class users
{
$text .= "&nbsp;";
}
}elseif(in_array($disp,$boleanfields))
}
elseif (in_array($disp,$boleanfields))
{
$text .= ($row[$disp]) ? ADMIN_TRUE_ICON : "";
}
@@ -821,7 +753,7 @@ class users
$text .= "</td>";
$prev[$disp] = $row[$disp];
}
// -------------------------------------------------------------
// -------------------------------------------------------------
$qry = (e_QUERY) ? "?".e_QUERY : "";
$text .= "
<td style='width:30%;text-align:center' class='forumheader3'>
@@ -867,7 +799,6 @@ class users
{
$text .= "<option value='unadmin'>".USRLAN_34."</option>\n";
}
}
if ($user_perms == "0" && !getperms("0"))
{
@@ -888,7 +819,8 @@ class users
$text .= "</table>";
}
if($action == "unverified"){
if($action == "unverified")
{
$text .= "
<div style='text-align:center'>
<br />
@@ -899,13 +831,13 @@ class users
$text .= "&nbsp;<input type='submit' class='button' name='resend_to_all' value=\"".USRLAN_144."\" />
</form>
</div>";
}
$users = (e_QUERY != "unverified") ? $sql->db_Count("user"): $unverified;
if ($users > $amount && !$_POST['searchquery']) {
if ($users > $amount && !$_POST['searchquery'])
{
$parms = "{$users},{$amount},{$from},".e_SELF."?".(e_QUERY ? "$action.$sub_action.$id." : "main.user_id.desc.")."[FROM]";
$text .= "<br />".$tp->parseTemplate("{NEXTPREV={$parms}}");
}
@@ -920,12 +852,15 @@ class users
$text .= "<div style='cursor:pointer' onclick=\"expandit('sdisp')\">".LAN_DISPLAYOPT."</div>";
$text .= "<div id='sdisp' style='padding-top:4px;display:none;text-align:center;margin-left:auto;margin-right:auto'>
<table class='forumheader3' style='width:95%'>";
/*
$fields = mysql_list_fields($mySQLdefaultdb, MPREFIX."user");
$columns = mysql_num_fields($fields);
for ($i = 0; $i < $columns; $i++) {
for ($i = 0; $i < $columns; $i++)
{
$fname[] = mysql_field_name($fields, $i);
}
*/
$fname = array_keys($display_lan);
// include extended fields in the list.
$sql -> db_Select("user_extended_struct");
while($row = $sql-> db_Fetch())
@@ -1008,72 +943,83 @@ class users
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?".e_QUERY."'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<colgroup>
<col style='width:60%' />
<col style='width:40%' />
</colgroup>
<tr>
<td style='width:50%' class='forumheader3'>".USRLAN_44.":</td>
<td style='width:50%' class='forumheader3'>". ($pref['avatar_upload'] ? "<input name='avatar_upload' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='avatar_upload' type='radio' value='0' />".LAN_NO : "<input name='avatar_upload' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='avatar_upload' type='radio' value='0' checked='checked' />".LAN_NO). (!FILE_UPLOADS ? " <span class='smalltext'>(".USRLAN_58.")</span>" : "")."
<td class='forumheader3'>".USRLAN_44.":</td>
<td class='forumheader3'>". ($pref['avatar_upload'] ? "<input name='avatar_upload' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='avatar_upload' type='radio' value='0' />".LAN_NO : "<input name='avatar_upload' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='avatar_upload' type='radio' value='0' checked='checked' />".LAN_NO). (!FILE_UPLOADS ? " <span class='smalltext'>(".USRLAN_58.")</span>" : "")."
</td>
</tr>
<tr>
<td style='width:50%' class='forumheader3'>".USRLAN_53.":</td>
<td style='width:50%' class='forumheader3'>". ($pref['photo_upload'] ? "<input name='photo_upload' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='photo_upload' type='radio' value='0' />".LAN_NO : "<input name='photo_upload' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='photo_upload' type='radio' value='0' checked='checked' />".LAN_NO). (!FILE_UPLOADS ? " <span class='smalltext'>(".USRLAN_58.")</span>" : "")."
<td class='forumheader3'>".USRLAN_53.":</td>
<td class='forumheader3'>". ($pref['photo_upload'] ? "<input name='photo_upload' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='photo_upload' type='radio' value='0' />".LAN_NO : "<input name='photo_upload' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='photo_upload' type='radio' value='0' checked='checked' />".LAN_NO). (!FILE_UPLOADS ? " <span class='smalltext'>(".USRLAN_58.")</span>" : "")."
</td>
</tr>
<tr>
<td style='width:50%' class='forumheader3'>".USRLAN_47.":</td>
<td style='width:50%' class='forumheader3'>
<td class='forumheader3'>".USRLAN_47.":</td>
<td class='forumheader3'>
<input class='tbox' type='text' name='im_width' size='10' value='".$pref['im_width']."' maxlength='5' /> (".USRLAN_48.")
</td></tr>
<tr>
<td style='width:50%' class='forumheader3'>".USRLAN_49.":</td>
<td style='width:50%' class='forumheader3'>
<td class='forumheader3'>".USRLAN_49.":</td>
<td class='forumheader3'>
<input class='tbox' type='text' name='im_height' size='10' value='".$pref['im_height']."' maxlength='5' /> (".USRLAN_50.")
</td></tr>
<tr>
<td style='width:50%' class='forumheader3'>".USRLAN_126.":</td>
<td style='width:50%;vertical-align:top' class='forumheader3'>". ($pref['profile_rate'] ? "<input name='profile_rate' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='profile_rate' type='radio' value='0' />".LAN_NO : "<input name='profile_rate' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='profile_rate' type='radio' value='0' checked='checked' />".LAN_NO)."
<td class='forumheader3'>".USRLAN_126.":</td>
<td style='vertical-align:top' class='forumheader3'>". ($pref['profile_rate'] ? "<input name='profile_rate' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='profile_rate' type='radio' value='0' />".LAN_NO : "<input name='profile_rate' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='profile_rate' type='radio' value='0' checked='checked' />".LAN_NO)."
</td>
</tr>
<tr>
<td style='width:50%' class='forumheader3'>".USRLAN_127.":</td>
<td style='width:50%;vertical-align:top' class='forumheader3'>". ($pref['profile_comments'] ? "<input name='profile_comments' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='profile_comments' type='radio' value='0' />".LAN_NO : "<input name='profile_comments' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='profile_comments' type='radio' value='0' checked='checked' />".LAN_NO)."
<td class='forumheader3'>".USRLAN_127.":</td>
<td style='vertical-align:top' class='forumheader3'>". ($pref['profile_comments'] ? "<input name='profile_comments' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='profile_comments' type='radio' value='0' />".LAN_NO : "<input name='profile_comments' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='profile_comments' type='radio' value='0' checked='checked' />".LAN_NO)."
</td>
</tr>
<tr>
<td style='width:50%;vertical-align:top' class='forumheader3'>".USRLAN_133.":<br /><span class='smalltext'>".USRLAN_134."</span></td>
<td style='width:50%;vertical-align:top' class='forumheader3'>". ($pref['force_userupdate'] ? "<input name='force_userupdate' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='force_userupdate' type='radio' value='0' />".LAN_NO : "<input name='force_userupdate' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='force_userupdate' type='radio' value='0' checked='checked' />".LAN_NO)."
<td style='vertical-align:top' class='forumheader3'>".USRLAN_133.":<br /><span class='smalltext'>".USRLAN_134."</span></td>
<td style='vertical-align:top' class='forumheader3'>". ($pref['force_userupdate'] ? "<input name='force_userupdate' type='radio' value='1' checked='checked' />".LAN_YES."&nbsp;&nbsp;<input name='force_userupdate' type='radio' value='0' />".LAN_NO : "<input name='force_userupdate' type='radio' value='1' />".LAN_YES."&nbsp;&nbsp;<input name='force_userupdate' type='radio' value='0' checked='checked' />".LAN_NO)."
</td>
</tr>
<tr>
<td style='width:50%;vertical-align:top' class='forumheader3'>".USRLAN_93."<br /><span class='smalltext'>".USRLAN_94."</span></td>
<td style='width:50%' class='forumheader3'>
<td style='vertical-align:top' class='forumheader3'>".USRLAN_93."<br /><span class='smalltext'>".USRLAN_94."</span></td>
<td class='forumheader3'>
<input class='tbox' type='text' name='del_unv' size='10' value='".$pref['del_unv']."' maxlength='5' /> ".USRLAN_95."
</td></tr>
<tr>
<td style='width:50%' class='forumheader3'>".USRLAN_130."<br /><span class='smalltext'>".USRLAN_131."</span></td>
<td style='width:50%' class='forumheader3'>&nbsp;
<td class='forumheader3'>".USRLAN_130."<br /><span class='smalltext'>".USRLAN_131."</span></td>
<td class='forumheader3'>&nbsp;
<input type='checkbox' name='track_online' value='1'".($pref['track_online'] ? " checked='checked'" : "")." /> ".USRLAN_132."&nbsp;&nbsp;
</td>
</tr>
<tr>
<td style='width:50%' class='forumheader3'>".USRLAN_146.":</td>
<td style='width:50%' class='forumheader3'><select name='memberlist_access' class='tbox'>\n";
<td class='forumheader3'>".USRLAN_146.":</td>
<td class='forumheader3'><select name='memberlist_access' class='tbox'>\n";
$text .= $e_userclass->vetted_tree('memberlist_access',array($e_userclass,'select'), $pref['memberlist_access'], "public,member,guest,admin,main,classes,nobody");
$text .= "</select>
</td>
</tr>
<tr>
<td style='vertical-align:top' class='forumheader3'>".USRLAN_190."<br /><span class='smalltext'>".USRLAN_191."</span></td>
<td class='forumheader3'>
<input class='tbox' type='text' name='user_new_period' size='10' value='".varset($pref['user_new_period'],0)."' maxlength='5' /> ".USRLAN_192."
</td></tr>
<tr>
<td colspan='2' style='text-align:center' class='forumheader'>
<input class='button' type='submit' name='update_options' value='".USRLAN_51."' />
@@ -1136,14 +1082,14 @@ class users
<tr>
<td style='width:30%' class='forumheader3'>".USRLAN_61."</td>
<td style='width:70%' class='forumheader3'>
".$rs->form_text("name", 40, varset($user_data['user_name'],""), 30)."
".$rs->form_text('username', 40, varset($user_data['user_name'],""), 30)."
</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".USRLAN_128."</td>
<td style='width:70%' class='forumheader3'>
".$rs->form_text("loginname", 40, varset($user_data['user_loginname'],""), 30)."&nbsp;&nbsp;
".$rs->form_text('loginname', 40, varset($user_data['user_loginname'],""), 30)."&nbsp;&nbsp;
".$rs->form_checkbox('generateloginname',1,varset($pref['predefinedLoginName'],FALSE)).USRLAN_170."
</td>
</tr>
@@ -1177,7 +1123,7 @@ class users
if (!isset($user_data['user_class'])) $user_data['user_class'] = varset($pref['initial_user_classes'],'');
$temp = $e_userclass->vetted_tree('userclass',array($e_userclass,'checkbox_desc'), $user_data['user_class'], 'classes');
$temp = $e_userclass->vetted_tree('class',array($e_userclass,'checkbox_desc'), $user_data['user_class'], 'classes');
if ($temp)
@@ -1191,7 +1137,7 @@ class users
$text .= "
<tr style='vertical-align:top'>
<td colspan='2' style='text-align:center' class='forumheader'>
<input class='button' type='checkbox' name='sendconfemail' value='1' />".USRLAN_151."
<input class='button' type='checkbox' name='sendconfemail' value='1' />".USRLAN_181."
</td></tr>
<tr style='vertical-align:top'>
<td colspan='2' style='text-align:center' class='forumheader'>
@@ -1245,7 +1191,7 @@ class users
{
// echo str_replace("\n","<br>",$message);
$admin_log->log_event('USET_11',str_replace(array('--ID--','--NAME--','--EMAIL--'),array($id,$name,$email),USRLAN_167),E_LOG_INFORMATIVE);
$this->show_message(USRLAN_140.": <a href='mailto:".$email."?body=".$return_address."' title=\"".DUSRLAN_7."\" >".$name."</a> (".$row['user_language'].") ");
$this->show_message(USRLAN_140.": <a href='mailto:".$email."?body=".$return_address."' title=\"".LAN_USER_08."\" >".$name."</a> (".$row['user_language'].") ");
}
else
{

4
e107_files/shortcode/user_extended.sc
View File

@@ -1,5 +1,5 @@
//USAGE: {EXTENDED=<field_name>.[text|value|icon|text_value].<user_id>}
//EXAMPLE: {EXTENDED=user_gender.value.5} will show the value of the extended field user_gender for user #5
//USAGE: {USER_EXTENDED=<field_name>.[text|value|icon|text_value].<user_id>}
//EXAMPLE: {USER_EXTENDED=user_gender.value.5} will show the value of the extended field user_gender for user #5
include(e_LANGUAGEDIR.e_LANGUAGE."/lan_user_extended.php");
$parms = explode(".", $parm);
global $currentUser, $tp, $loop_uid, $e107, $imode, $sc_style;

54
e107_handlers/login.php
View File

@@ -12,8 +12,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
| $Revision: 1.18 $
| $Date: 2008-06-13 20:20:21 $
| $Revision: 1.19 $
| $Date: 2008-12-21 11:07:58 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -197,45 +197,22 @@ class userlogin
}
}
// User login definitely accepted here
if($user_xup)
{
$this->update_xup($user_id, $user_xup);
}
$cookieval = $user_id.".".md5($lode['user_password']); // (Use extra md5 on cookie value to obscure hashed value for password)
if ($pref['user_tracking'] == "session")
{
$_SESSION[$pref['cookie_name']] = $cookieval;
}
else
{
if ($autologin == 1)
{ // Cookie valid for up to 30 days
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
}
else
{
cookie($pref['cookie_name'], $cookieval);
}
}
// User login definitely accepted here
$cookieval = $user_info->makeUserCookie($lode,$autologin);
// Calculate class membership - needed for a couple of things
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
$class_list = explode(',',$lode['user_class']);
if ($lode['user_admin'] && strlen($lode['user_perms']))
{
$class_list[] = e_UC_ADMIN;
if (strpos($lode['user_perms'],'0') === 0)
{
$class_list[] = e_UC_MAINADMIN;
}
}
$class_list[] = e_UC_MEMBER;
$class_list[] = e_UC_PUBLIC;
$class_list = $user_info->addCommonClasses($lode, TRUE);
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list))
@@ -243,7 +220,7 @@ class userlogin
$admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
}
$edata_li = array("user_id" => $user_id, "user_name" => $username, 'class_list' => implode(',',$class_list), 'remember_me' => $autologin);
$edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',',$class_list), 'remember_me' => $autologin);
$e_event->trigger("login", $edata_li);
if($_E107['cli'])
@@ -251,6 +228,19 @@ class userlogin
return $cookieval;
}
if (in_array(e_UC_NEWUSER,$class_list))
{
if (time() > ($lode['user_join'] + (varset($pref['user_new_period'],0)*86400)))
{ // 'New user' probationary period expired - we can take them out of the class
$lode['user_class'] = $e107->user_class->ucRemove(e_UC_NEWUSER, $lode['user_class']);
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$lode['user_class'],FALSE,FALSE);
$sql->db_UpdateArray('user',array('user_class' => $lode['user_class']), 'WHERE `user_id`='.$lode['user_id']);
unset($class_list[e_UC_NEWUSER]);
$edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',',$class_list));
$e_event->trigger('userNotNew', $edata_li);
}
}
$redir = e_SELF;
if (e_QUERY) $redir .= '?'.str_replace('&amp;','&',e_QUERY);
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))

10
e107_handlers/user_extended_class.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/user_extended_class.php,v $
| $Revision: 1.19 $
| $Date: 2008-12-18 15:28:59 $
| $Author: mcfly_e107 $
| $Revision: 1.20 $
| $Date: 2008-12-21 11:07:58 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -80,9 +80,9 @@ class e107_user_extended
$this->reserved_names = array (
'id', 'name', 'loginname', 'customtitle', 'password',
'sess', 'email', 'signature', 'image', 'hideemail',
'join', 'lastvisit', 'currentvisit', 'lastpost', 'chats',
'join', 'lastvisit', 'currentvisit', 'chats',
'comments', 'forums', 'ip', 'ban', 'prefs', 'viewed',
'visits', 'admin', 'login', 'class', 'perms', 'realm', 'pwchange',
'visits', 'admin', 'login', 'class', 'perms', 'pwchange',
'xup'
);

371
e107_handlers/user_handler.php
View File

@@ -1,32 +1,34 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| <20>Steve Dunstan 2001-2002
| http://e107.org
| jalist@e107.org
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/user_handler.php,v $
| $Revision: 1.2 $
| $Date: 2008-08-26 19:45:12 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Handler - user-related functions
*
* $Source: /cvs_backup/e107_0.8/e107_handlers/user_handler.php,v $
* $Revision: 1.3 $
* $Date: 2008-12-21 11:07:58 $
* $Author: e107steved $
*
*/
/*
USER HANDLER CLASS - manages login and various user functions
Vetting routines TODO:
user_sess processing
user_image processing
user_xup processing - nothing special?
*/
if (!defined('e107_INIT')) { exit; }
// Codes for `user_ban` field (not all used ATM)
define('USER_VALIDATED',0);
define('USER_BANNED',1);
define('USER_REGISTERED_NOT_VALIDATED',2);
@@ -46,17 +48,69 @@ define('PASSWORD_VALID',TRUE);
define ('PASSWORD_DEFAULT_TYPE',PASSWORD_E107_MD5);
//define ('PASSWORD_DEFAULT_TYPE',PASSWORD_E107_SALT);
// Required language file - if not loaded elsewhere, uncomment next line
//include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php');
class UserHandler
{
var $userVettingInfo = array();
var $preferred = PASSWORD_DEFAULT_TYPE; // Preferred password format
var $passwordOpts = 0; // Copy of pref
var $passwordEmail = FALSE; // True if can use email address to log in
var $otherFields = array();
// Constructor
function UserHandler()
{
global $pref;
/*
Table of vetting methods for user data - lists every field whose value could be set manually.
Valid 'vetMethod' values (use comma separated list for multiple vetting):
0 - Null method
1 - Check for duplicates
2 - Check against $pref['signup_disallow_text']
Index is the destination field name. If the source index name is different, specify 'srcName' in the array.
Possible processing options:
'doToDB' - passes final value through $tp->toDB()
'stripTags' - strips HTML tags from the value (not an error if there are some)
'minLength' - minimum length (in utf-8 characters) for the string
'maxLength' - minimum length (in utf-8 characters) for the string
'longTrim' - if set, and the string exceeds maxLength, its trimmed
'enablePref' - value is processed only if the named $pref evaluates to true; otherwise any input is discarded without error
*/
$this->userVettingInfo = array(
'user_name' => array('niceName'=> LAN_USER_01, 'vetMethod' => '1,2', 'vetParam' => 'signup_disallow_text', 'srcName' => 'username', 'stripTags' => TRUE, 'stripChars' => '/&nbsp;|\#|\=|\$/', fixedBlock => 'anonymous', 'minLength' => 2, 'maxLength' => varset($pref['displayname_maxlength'],15)), // Display name
'user_loginname' => array('niceName'=> LAN_USER_02, 'vetMethod' => '1', 'vetParam' => '', 'srcName' => 'loginname', 'stripTags' => TRUE, 'stripChars' => '/&nbsp;|\#|\=|\$/', 'minLength' => 2, 'maxLength' => varset($pref['loginname_maxlength'],30)), // User name
'user_login' => array('niceName'=> LAN_USER_03, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'realname', 'dbClean' => 'toDB'), // Real name (no real vetting)
'user_customtitle' => array('niceName'=> LAN_USER_04, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'customtitle', 'dbClean' => 'toDB', 'enablePref' => 'signup_option_customtitle'), // No real vetting
'user_password' => array('niceName'=> LAN_USER_05, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'password1', 'minLength' => varset($pref['signup_pass_len'],1)),
'user_sess' => array('niceName'=> LAN_USER_06, 'vetMethod' => '0', 'vetParam' => '', 'dbClean' => 'toDB'), // Photo
'user_image' => array('niceName'=> LAN_USER_07, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'image', 'dbClean' => 'toDB'), // Avatar
'user_email' => array('niceName'=> LAN_USER_08, 'vetMethod' => '1', 'vetParam' => '', 'srcName' => 'email', 'dbClean' => 'toDB'),
'user_signature' => array('niceName'=> LAN_USER_09, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'signature', 'dbClean' => 'toDB'),
'user_hideemail' => array('niceName'=> LAN_USER_10, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'hideemail', 'dbClean' => 'intval'),
'user_xup' => array('niceName'=> LAN_USER_11, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'user_xup', 'dbClean' => 'toDB'),
'user_class' => array('niceName'=> LAN_USER_12, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'class', 'dataType' => '1')
);
$this->otherFields = array(
'user_join' => LAN_USER_14,
'user_lastvisit' => LAN_USER_15,
'user_currentvisit' => LAN_USER_16,
'user_comments' => LAN_USER_17,
'user_ip' => LAN_USER_18,
'user_ban' => LAN_USER_19,
'user_prefs' => LAN_USER_20,
'user_visits' => LAN_USER_21,
'user_admin' => LAN_USER_22,
'user_perms' => LAN_USER_23,
'user_pwchange' => LAN_USER_24
// user_chats int(10) unsigned NOT NULL default '0',
);
$this->passwordOpts = varset($pref['passwordEncoding'],0);
$this->passwordEmail = varset($pref['allowEmailLogin'],FALSE);
switch ($this->passwordOpts)
@@ -154,6 +208,15 @@ class UserHandler
}
// Determines whether its necessary to store a separate password for email address validation
function needEmailPassword()
{
if ($this->preferred == PASSWORD_E107_MD5) return FALSE;
if ($this->passwordEmail) return TRUE;
return FALSE;
}
// Checks whether the password value can be converted to the current default
// Returns TRUE if conversion possible.
// Returns FALSE if conversion not possible, or not needed
@@ -250,7 +313,7 @@ class UserHandler
function make_email_query($email, $fieldname = 'banlist_ip')
{
global $tp;
$tmp = strtolower($tp -> toDB(trim(substr($email, strrpos($email, "@")+1))));
$tmp = strtolower($tp -> toDB(trim(substr($email, strrpos($email, "@")+1)))); // Pull out the domain name
if ($tmp == '') return FALSE;
if (strpos($tmp,'.') === FALSE) return FALSE;
$em = array_reverse(explode('.',$tmp));
@@ -259,103 +322,13 @@ class UserHandler
foreach ($em as $e)
{
$line = '.'.$e.$line;
$out[] = $fieldname."='*{$line}'";
$out[] = '`'.$fieldname."`='*{$line}'";
}
return implode(' OR ',$out);
}
// Validate a standard user field (for length, acceptable characters etc).
// Returns TRUE if totally acceptable
// If $justStrip is FALSE, returns FALSE for an unacceptable value
// If $justStrip is TRUE, usually returns a new value (based on that passed) which does validate - usually characters stripped, length trimmed etc
// Note: will return FALSE for some input values regardless of the setting of $justStrip
// Currently coded to always return TRUE if field name not recognised
function validateField($fieldName,$fieldValue, $justStrip = FALSE)
{
global $pref;
$newValue = $fieldValue;
switch ($fieldName)
{
case 'user_loginname' :
$newValue = trim(preg_replace('/&nbsp;|\#|\=|\$/', "", strip_tags($fieldValue)));
$newValue = substr($newValue,0,varset($pref['loginname_maxlength'],30));
if (strlen($newValue) < 2) return FALSE; // Always an error if a short string
break;
case 'user_password' :
if (strlen($fieldValue) < $pref['signup_pass_len']) return FALSE;
break;
}
if ($justStrip)
{
return $newValue;
}
else
{
return ($newValue == $fieldValue);
}
}
// Takes an array of $_POST fields whose first characters match $prefix, and passes them through the validateField routine
// Returns three arrays - one of validated results, one of failed fields and one of errors corresponding to the failed fields
function validatePostList($prefix = '', $doToDB = TRUE, $justStrip = FALSE)
{
global $tp;
$ret = array('validate' => array(), 'failed' => array(), 'errors' => array());
foreach ($_POST as $k => $v)
{
if (($prefix == '') || (strpos($k,$prefix) === 0))
{ // Field to validate
$result = $this->validateField($k,$v,$justStrip);
if ($result === FALSE)
{ // error
$ret['failed'][$k] = $v;
$ret['errors'][$k] = TRUE;
}
else
{
if ($doToTB) $result = $tp->toDB($result);
$ret['validate'][$k] = $result;
}
}
}
return $ret;
}
// Takes an array of $_POST field names specified in comma-separated form in $fieldlist (blank = 'all'), and passes them through the validateField routine
// Returns three arrays - one of validated results, one of failed fields and one of errors corresponding to the failed fields
function validatePostFields($fieldList = '', $doToDB = TRUE, $justStrip = FALSE)
{
global $tp;
$ret = array('validate' => array(), 'failed' => array(), 'errors' => array());
if ($fieldList == '')
{
$fieldArray = array_keys($_POST);
}
else
{
$fieldArray = explode(',',$fieldList);
}
foreach ($fieldArray as $k)
{
$k = trim($k);
$result = $this->validateField($k,$_POST[$k],$justStrip);
if ($result === FALSE)
{ // error
$ret['failed'][$k] = $_POST[$k];
$ret['errors'][$k] = TRUE;
}
else
{
if ($doToTB) $result = $tp->toDB($result);
$ret['validate'][$k] = $result;
}
}
return $ret;
}
function makeUserCookie($lode,$autologin = FALSE)
{
global $pref;
@@ -377,6 +350,188 @@ class UserHandler
}
}
// Generate an array of all the basic classes a user belongs to
// if $asArray TRUE, returns results in an array; else as a comma-separated string
// If $incInherited is TRUE, includes inherited classes
function addCommonClasses($userData, $asArray = FALSE, $incInherited = FALSE)
{
if ($incInherited)
{
$classList = array();
global $e_userclass;
if (!isset($e_userclass) && !is_object($e_userclass))
{
require_once(e_HANDLER."userclass_class.php");
$e_userclass = new user_class;
}
$classList = $e_userclass->get_all_user_classes($var['user_class']);
}
else
{
if ($userData['user_class'] != '') $classList = explode(',',$userData['user_class']);
}
foreach (array(e_UC_MEMBER, e_UC_READONLY, e_UC_PUBLIC) as $c)
{
if (!in_array($c,$classList))
{
$classList[] = $c;
}
}
if ((varset($userData['user_admin'],0) == 1) && strlen($userData['user_perms']))
{
$classList[] = e_UC_ADMIN;
if (strpos($userData['user_perms'],'0') === 0)
{
$classList[] = e_UC_MAINADMIN;
}
}
if ($asArray) return $classList;
return implode(',',$classList);
}
// Return an array of descriptive names for each field in the user DB. If $all is false, just returns the modifiable ones. Else returns all
function getNiceNames($all = FALSE)
{
// $ret = array('user_id' => LAN_USER_13);
foreach ($this->userVettingInfo as $k => $v)
{
$ret[$k] = $v['niceName'];
}
if ($all)
{
$ret = array_merge($ret, $this->otherFields);
}
return $ret;
}
//===================================================
// User Field validation
//===================================================
/* $_POST field names:
DB signup usersettings quick add function
------------------------------------------------------------------------------
user_id - user_id - Unique user ID
user_name name username username Display name
user_loginname loginname loginname loginname User name (login name)
user_customtitle - customtitle - Custom title
user_password password1 password1 password1 Password (prior to encoding)
password2 password2 password1 (Check password field)
user_sess * - Photo (file on server)
user_email email email email Email address
email_confirm
user_signature signature signature - User signature
user_image image image* - Avatar (may be external URL or file on server)
user_hideemail hideemail hideemail - Flag to hide user's email address
user_login realname realname realname User Real name
user_xup xupexist user_xup - XUP file link
user_class class class userclass User class (array on form)
user_loginname may be auto-generated
* avatar (user_image) and photo (user_sess) may be uploaded files
Following fields auto-filled in code as required:
user_join
user_lastvisit
user_currentvisit
user_chats
user_comments
user_forums
user_ip
user_ban
user_prefs
user_viewed
user_visits
user_admin
user_perms
user_pwchange
*/
// Function does validation specific to user data. Updates the $targetData array as appropriate.
// Returns TRUE if nothing updated; FALSE if errors found (only checks data previously passed as good)
function userValidation(&$targetData)
{
global $e107, $pref;
$u_sql = new db;
$ret = TRUE;
if (isset($targetData['validate']['user_email']))
{
$v = trim($targetData['validate']['user_email']); // Always check email address if its entered
if ($v == '')
{
$errMsg = ERR_MISSING_VALUE;
}
elseif (!check_email($v))
{
$errMsg = ERR_INVALID_EMAIL;
}
elseif ($u_sql->db_Count('user', '(*)', "WHERE `user_email`='".$v."' AND `user_ban`=1 "))
{
$errMsg = ERR_BANNED_USER;
}
else
{ // See if email address banned
$wc = $this->make_email_query($v); // Generate the query for the ban list
if ($wc) { $wc = "`banlist_ip`='{$v}' OR ".$wc; }
if (($wc === FALSE) || !$e107->check_ban($wc, FALSE, TRUE))
{
echo "Email banned<br />";
$errMsg = ERR_BANNED_EMAIL;
}
}
if ($errMsg)
{
unset($targetData['validate']['user_email']); // Remove the valid entry
}
}
else
{
if (!isset($targetData['errors']['user_email']) && !varset($pref['disable_emailcheck'],FALSE))
{ // We may have already picked up an error on the email address - or it may be allowed to be empty
$errMsg = ERR_MISSING_VALUE;
}
}
if ($errMsg)
{ // Update the error
$targetData['errors']['user_email'] = $errMsg;
$targetData['failed']['user_email'] = $v;
$ret = FALSE;
}
return $ret;
}
// Given an array of user data intended to be written to the DB, adds empty strings (or other default value) for any field which doesn't have a default in the SQL definition.
// (Avoids problems with MySQL in STRICT mode.).
// Returns TRUE if additions made, FALSE if no change.
function addNonDefaulted(&$userInfo)
{
$nonDefaulted = array('user_signature' => '', 'user_prefs' => '', 'user_class' => '', 'user_perms' => '');
$ret = FALSE;
foreach ($nonDefaulted as $k => $v)
{
if (!isset($userInfo[$k]))
{
$userInfo[$k] = $v;
$ret = TRUE;
}
}
return $ret;
}
// Delete time-expired partial registrations from the user DB
function deleteExpired()
{
global $pref, $sql;
if (isset($pref['del_unv']) && $pref['del_unv'] && $pref['user_reg_veri'] != 2)
{
$threshold=(time() - ($pref['del_unv'] * 60));
$sql->db_Delete("user", "user_ban = 2 AND user_join < '{$threshold}' ");
}
}
}
?>

55
e107_handlers/userclass_class.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/userclass_class.php,v $
| $Revision: 1.23 $
| $Date: 2008-12-12 22:39:17 $
| $Author: secretr $
| $Revision: 1.24 $
| $Date: 2008-12-21 11:07:58 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -26,7 +26,7 @@ if (!defined('e107_INIT')) { exit; }
require_once(e_HANDLER.'arraystorage_class.php');
include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_userclass.php");
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_userclass.php');
/*
@@ -39,10 +39,9 @@ define("e_UC_MEMBER", 253);
define("e_UC_ADMIN", 254);
define("e_UC_NOBODY", 255);
*/
// Move these definitions to class2.php later if they're adopted
define("e_UC_ADMINMOD",249);
define("e_UC_MODS",248);
//define("e_UC_USERS",247);
define('e_UC_ADMINMOD',249);
define('e_UC_MODS',248);
define('e_UC_NEWUSER',247); // Users in 'probationary' period
define('e_UC_SPECIAL_BASE',245); // Assign class IDs 245 and above for fixed/special purposes
define('UC_CLASS_ICON_DIR','userclasses/'); // Directory for userclass icons
@@ -77,11 +76,12 @@ class user_class
e_UC_MEMBER => UC_LAN_3,
e_UC_ADMIN => UC_LAN_5,
e_UC_MAINADMIN => UC_LAN_6,
e_UC_READONLY => UC_LAN_4
e_UC_READONLY => UC_LAN_4,
e_UC_NEWUSER => UC_LAN_9
);
$this->text_class_link = array('public' => e_UC_PUBLIC, 'guest' => e_UC_GUEST, 'nobody' => e_UC_NOBODY, 'member' => e_UC_MEMBER,
'admin' => e_UC_ADMIN, 'main' => e_UC_MAINADMIN, 'readonly' => e_UC_READONLY);
'admin' => e_UC_ADMIN, 'main' => e_UC_MAINADMIN, 'readonly' => e_UC_READONLY, 'new' => e_UC_NEWUSER);
$this->readTree(TRUE); // Initialise the classes on entry
}
@@ -121,8 +121,18 @@ class user_class
{
if (!isset($this->class_tree[$c]) && ($c != e_UC_PUBLIC))
{
// $this->class_tree[$c]['userclass_parent'] = (($c == e_UC_MEMBER) || ($c == e_UC_NOBODY)) ? e_UC_PUBLIC : e_UC_MEMBER;
$this->class_tree[$c]['userclass_parent'] = (($c == e_UC_ADMIN) || ($c == e_UC_MAINADMIN)) ? e_UC_MEMBER : e_UC_PUBLIC ;
switch ($c)
{
case e_UC_ADMIN :
case e_UC_MAINADMIN :
$this->class_tree[$c]['userclass_parent'] = e_UC_NOBODY;
break;
case e_UC_NEWUSER :
$this->class_tree[$c]['userclass_parent'] = e_UC_MEMBER;
break;
default :
$this->class_tree[$c]['userclass_parent'] = e_UC_PUBLIC;
}
$this->class_tree[$c]['userclass_id'] = $c;
$this->class_tree[$c]['userclass_name'] = $d;
$this->class_tree[$c]['userclass_description'] = 'Fixed class';
@@ -236,6 +246,7 @@ class user_class
readonly
admin
main - main admin
new - new users
classes - shows all classes
matchclass - if 'classes' is set, this option will only show the classes that the user is a member of
language - list of languages.
@@ -596,6 +607,20 @@ class user_class
}
// Utility to remove a specified class ID from the default comma-separated list
function ucRemove($classID, $from, $asArray = FALSE)
{
$tmp = array_flip(explode(',',$from));
if (isset($tmp[$classID]))
{
unset($tmp[$classID]);
}
$tmp = array_keys($tmp);
if ($asArray) { return $tmp; }
return implode(',',$tmp);
}
/*
Return all users in a particular class or set of classes.
$classlist is a comma separated list of classes - if the 'predefined' classes are required, they must be included. No spaces allowed
@@ -1162,6 +1187,12 @@ class user_class_admin extends user_class
'userclass_editclass' => e_UC_MAINADMIN,
'userclass_parent' => e_UC_ADMINMOD,
'userclass_visibility' => e_UC_MEMBER
),
array('userclass_id' => e_UC_NEWUSER, 'userclass_name' => UC_LAN_9,
'userclass_description' => UCSLAN_87,
'userclass_editclass' => e_UC_MAINADMIN,
'userclass_parent' => e_UC_MEMBER,
'userclass_visibility' => e_UC_ADMIN
)
);

378
e107_handlers/validator_class.php Normal file
View File

@@ -0,0 +1,378 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Handler - general purpose validation functions
*
* $Source: /cvs_backup/e107_0.8/e107_handlers/validator_class.php,v $
* $Revision: 1.1 $
* $Date: 2008-12-21 11:07:58 $
* $Author: e107steved $
*
*/
// List of error numbers which may be returned from validation
define('ERR_MISSING_VALUE','01');
define('ERR_UNEXPECTED_VALUE','02');
define('ERR_INVALID_CHARS', '03');
define('ERR_TOO_SHORT', '04');
define('ERR_TOO_LONG', '05');
define('ERR_DUPLICATE', '06');
define('ERR_DISALLOWED_TEXT', '07');
define('ERR_FIELD_DISABLED', '08');
define('ERR_INVALID_WORD', '09');
define('ERR_PASSWORDS_DIFFERENT', '10');
define('ERR_BANNED_EMAIL', '11');
define('ERR_INVALID_EMAIL', '12');
define('ERR_ARRAY_EXPECTED', '13');
define('ERR_BANNED_USER', '14');
define('ERR_FIELDS_DIFFERENT', '15');
define('ERR_CODE_ERROR', '16');
define('ERR_TOO_LOW', '17');
define('ERR_TOO_HIGH', '18');
/*
The validator functions use an array of parameters for each variable to be validated.
The index of the parameter array is the destination field name.
Possible processing options:
'srcname' - specifies the array index of the source data, where its different to the destination index
'dbClean' - method for preparing the value to write to the DB (done as final step before returning). Options are:
- 'toDB' - passes final value through $tp->toDB()
- 'intval' - makes an integer
'stripTags' - strips HTML tags from the value (not an error if there are some)
'minLength' - minimum length (in utf-8 characters) for the string
'maxLength' - minimum length (in utf-8 characters) for the string
'minVal' - lowest allowed value for numerics
'maxVal' - highest allowed value for numerics
'longTrim' - if set, and the string exceeds maxLength, its trimmed
'enablePref' - value is processed only if the named $pref evaluates to true; otherwise any input is discarded without error
'dataType' - selects special processing methods:
1 - array of numerics (e.g. class membership)
In general, only define an option if its to be used
*/
class validatorClass
{
// Passed an array of 'source' fields and an array of definitions to validate. The definition may include the name of a validation function.
// Returns three arrays - one of validated results, one of failed fields and one of errors corresponding to the failed fields
// Normally processes only those source fields it finds (and for which it has a definition). If $addDefaults is true, sets defaults for those that have
// ...one and aren't otherwise defined.
function validateFields(&$sourceFields, &$definitions, $addDefaults = FALSE)
{
global $tp, $pref;
$ret = array('validate' => array(), 'failed' => array(), 'errors' => array());
foreach ($definitions as $dest => $defs)
{
$errNum = 0; // Start with no error
$src = varset($defs['srcName'],$dest); // Set source field name
if (!isset($sourceFields[$src]))
{
if ($addDefaults)
{
if (isset($defs['default']))
{
$ret['validate'] = $defs['default']; // Set default value if one is specified
} //...otherwise don't add the value at all
}
else
{
$ret['errors'][$dest] = ERR_MISSING_VALUE; // No source value
}
}
else
{ // Got a field we want, and some data to validate here
$value = $sourceFields[$src];
if (!$errNum && isset($defs['enablePref']))
{ // Only process this field if a specified pref enables it
if (!varsettrue($pref[$options['enablePref']]))
{
continue; // Just loop to the next field - ignore this one.
}
}
if (!$errNum && isset($defs['stripTags']))
{
$newValue = trim(strip_tags($value));
if ($newValue <> $value)
{
$errNum = ERR_INVALID_CHARS;
}
$value = $newValue;
}
if (!$errNum && isset($defs['stripChars']))
{
$newValue = trim(preg_replace($defs['stripChars'], "", $value));
if ($newValue <> $value)
{
$errNum = ERR_INVALID_CHARS;
}
$value = $newValue;
}
if (!$errNum && isset($defs['minLength']) && $tp->uStrLen($value) < $defs['minLength'])
{
if ($value == '')
{
$errNum = ERR_MISSING_VALUE;
}
else
{
$errNum = ERR_TOO_SHORT;
}
}
if (!$errNum && isset($defs['maxLength']) && $tp->uStrLen($value) > $defs['maxLength'])
{
if (varsettrue($defs['longtrim']))
{
$value = substr($value,0,$defs['maxLength']);
}
else
{
$errNum = ERR_TOO_LONG;
}
}
if (!$errnum && isset($defs['minVal']) && ($value < $defs['minVal']))
{
$errNum = ERR_TOO_LOW;
}
if (!$errnum && isset($defs['maxVal']) && ($value < $defs['maxVal']))
{
$errNum = ERR_TOO_HIGH;
}
if (!$errNum && isset($defs['fixedBlock']))
{
$newValue = $tp->uStrToLower($value);
$temp = explode(',',$defs['fixedBlock']);
foreach ($temp as $t)
{
if ($newValue == $tp->uStrToLower($t))
{
$errNum = ERR_INVALID_WORD;
break;
}
}
}
if (!$errNum && isset($defs['dataType']))
{
switch ($defs['dataType'])
{
case 1 : // Assumes we're passed an array variable to be turned into a comma-separated list of integers
if (is_array($value))
{
$temp = array();
foreach ($value as $v)
{
$temp[] = intval($v);
}
$value = implode(',',array_unique($temp));
}
else
{
$errNum = ERR_ARRAY_EXPECTED;
}
default :
$errNum = ERR_CODE_ERROR; // Pick up bad values
}
}
if (!$errNum)
{
if (isset($defs['dbClean']))
{
switch ($defs['dbClean'])
{
case 'toDB' :
$value = $tp->toDB($value);
break;
case 'intval' :
$value = intval($value);
break;
default :
echo "Invalid dbClean method: {$defs['dbClean']}<br />"; // Debug message
}
}
$ret['validate'][$dest] = $value; // Success!!
}
}
if ($errNum)
{ // error to report
$ret['errors'][$dest] = $errNum;
$ret['failed'][$dest] = $sourceFields[$src]; // Save value with error
}
}
return $ret;
}
/*
// Validate data against a DB table
// Inspects the passed array of user data (not necessarily containing all possible fields) and validates against the DB where appropriate.
// Just skips over fields for which we don't have a validation routine without an error
// The target array is as returned from validateFields(), so has 'validate', 'failed' and 'errors' first-level sub-arrays
// All the 'vetting methods' begin 'vet', and don't overlap with validateFields(), so the same definition array may be used for both
// Similarly, error numbers don't overlap with validateFields()
// Typically checks for unacceptable duplicates, banned users etc
// Any errors are reflected by updating the passed array.
// Returns TRUE if all data validates, FALSE if any field fails to validate. Checks all fields which are present, regardless
// For some things we need to know the user_id of the data being validated, so may return an error if that isn't specified
Parameters:
'vetMethod' - see list below. To use more than one method, specify comma-separated
'vetParam' - possible parameter for some vet methods
Valid 'vetMethod' values (use comma separated list for multiple vetting):
0 - Null method
1 - Check for duplicates - field name in table must be the same as array index unless 'dbFieldName' specifies otherwise
2 - Check against the comma-separated wordlist in the $pref named in vetParam['signup_disallow_text']
*/
function dbValidateArray(&$targetData, &$definitions, $targetTable, $userID = 0)
{
global $pref;
$u_sql = new db;
$allOK = TRUE;
$userID = intval($userID); // Precautionary
if (!$targetTable) return FALSE;
foreach ($targetData['validate'] as $f => $v)
{
$errMsg = '';
if (isset($definitions[$f]))
{
$options = $definitions[$f]; // Validation options to use
if (isset($options['vetMethod']))
{
$toDo = explode(',',$options['vetMethod']);
foreach ($toDo as $vm)
{
switch ($vm)
{
case 0 : // Shouldn't get this - just do nothing if we do
break;
case 1 : // Check for duplicates.
if ($v == '')
{
$errMsg = ERR_MISSING_VALUE;
break;
}
$field = varset($options['dbFieldName'],$f);
if ($temp = $u_sql->db_Count($targetTable, "(*)", "WHERE `{$f}`='".$v."' AND `user_id` != ".$userID))
{
$errMsg = ERR_DUPLICATE;
}
// echo "Duplicate check: {$f} = {$v} Result: {$temp}<br />";
break;
case 2 : // Check against $pref
if (isset($options['vetParam']) && isset($pref[$options['vetParam']]))
{
$tmp = explode(",", $pref[$options['vetParam']]);
foreach($tmp as $disallow)
{
if(stristr($v, trim($disallow)))
{
$errMsg = ERR_DISALLOWED_TEXT;
}
}
unset($tmp);
}
break;
default :
echo 'Invalid vetMethod: '.$options['vetMethod'].'<br />'; // Really a debug aid - should never get here
}
if ($errMsg) { break; } // Just trap first error
}
// Add in other validation methods here
}
}
if ($errMsg)
{ // Update the error
$targetData['errors'][$f] = $errMsg;
$targetData['failed'][$f] = $v;
unset($targetData['validate'][$f]); // Remove the valid entry
$allOK = FALSE;
}
}
return $allOK;
}
// Given a comma-separated string of required fields, and an array of data, adds an error message for each field which doesn't already have an entry.
// Returns TRUE if no changes (which doesn't mean there are no errors - other routines may have found them). FALSE if new errors
function checkMandatory($fieldList, &$target)
{
$fields = explode(',', $fieldList);
$allOK = TRUE;
foreach ($fields as $f)
{
if (!isset($target['validate'][$f]) && !isset($target['errors'][$f]))
{
$allOK = FALSE;
$targetData['errors'][$f] = ERR_MISSING_VALUE;
}
}
return $allOK;
}
// Given two arrays, returns an array of those elements in $input which are different from the corresponding element in $refs.
// If $addMissing == TRUE, includes any element in $input for which there isn't a corresponding element in $refs
function findChanges(&$input, &$refs, $addMissing = FALSE)
{
$ret = array();
foreach ($input as $k => $v)
{
if (isset($refs[$k]))
{
if ($refs[$k] != $v) { $ret[$k] = $v; }
}
else
{
if ($addMissing) { $ret[$k] = $v; }
}
}
return $ret;
}
// Given a vetted array of variables, generates a list of errors using the specified format string.
// %n is the error number (as stored on the array)
// %t is the corresponding error message, made by concatenating $constPrefix and the error number to form a constant (e.g. $constPrefix = 'USER_ERROR_')
// %v calls up the entered value
// %f is the field name
// %x is the 'nice name' - possible if parameter list passed. Otherwise field name added
// $EOL is inserted after all messages except the last.
// If $EOL is an empty string, returns an array of messages.
function makeErrorList($vars, $constPrefix, $format = '%n - %x %t: %v', $EOL = '<br />', $niceNames = NULL)
{
if (count($vars['errors']) == 0) return '';
$eList = array();
$checkNice = ($niceNames != NULL) && is_array($niceNames);
foreach ($vars['errors'] as $f => $n)
{
$curLine = $format;
$curLine = str_replace('%n', $n, $curLine);
$curLine = str_replace('%t', constant($constPrefix.$n), $curLine);
$curLine = str_replace('%v', $vars['failed'][$f],$curLine); // Possibly this should have some protection added
$curLine = str_replace('%f', $f, $curLine);
if ($checkNice & isset($niceNames[$f]['niceName']))
{
$curLine = str_replace('%x', $niceNames[$f]['niceName'], $curLine);
}
else
{
$curLine = str_replace('%x', $f, $curLine); // Just use the field name
}
$eList[] = $curLine;
}
if ($EOL == '') return $eList;
return implode($EOL, $eList);
}
}
?>

9
e107_languages/English/admin/lan_userclass2.php
View File

@@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_userclass2.php,v $
| $Revision: 1.6 $
| $Date: 2008-11-29 21:16:54 $
| $Revision: 1.7 $
| $Date: 2008-12-21 11:07:58 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -95,6 +95,11 @@ define('UCSLAN_83', 'Classes in group');
define('UCSLAN_84', ' (Group)');
define('UCSLAN_85', 'You have assigned all available classes; please reassign one which is not in use');
define('UCSLAN_86', 'Some settings not allowed for admin classes - they have been set to defaults. ');
define('UCSLAN_87', 'Recently joined users');
define('UCSLAN_88', '');
define('UCSLAN_89', '');
define('UCSLAN_90', '');
define('UCSLAN_91', '');
define("UCSLAN_UPDATE", 'Update');

84
e107_languages/English/admin/lan_users.php
View File

@@ -1,13 +1,18 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_users.php,v $
| $Revision: 1.11 $
| $Date: 2008-07-03 21:23:47 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Language file - user admin
*
* $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_users.php,v $
* $Revision: 1.12 $
* $Date: 2008-12-21 11:07:58 $
* $Author: e107steved $
*
*/
define("USRLAN_1", "Options Saved.");
define("USRLAN_3", "now listed an Administrator - to set permissions please go to the");
@@ -155,6 +160,7 @@ define("USRLAN_152", "Clear bounce and Activate");
define("USRLAN_153", "Delete non-bounce emails");
define("USRLAN_154", "Clear email for checked");
define("USRLAN_155", "Total {TOTAL} emails found. {DELCOUNT} deleted through options.<br />{DELUSER} users marked as 'bounced' (out of {FOUND} emails)");
define("USRLAN_156", "Email address is already in use");
define('USRLAN_160', 'Total --COUNT-- users of type --TYPE-- pruned');
define('USRLAN_161', 'User ID --UID-- name --NAME-- banned');
@@ -170,12 +176,12 @@ define('USRLAN_170', 'Random user name');
define('USRLAN_171', 'Random password');
define('USRLAN_172', 'Password set');
define('USRLAN_173', 'Login name set');
define('USRLAN_174', '');
define('USRLAN_174', 'User name --NAME-- created');
define('USRLAN_175', '');
define('USRLAN_179', "User banned: ");
define('USRLAN_180', "IP address of {IP} appears on whitelist; IP not banned.");
define('USRLAN_181', "Send confirmation email with password to new user");
define('USRLAN_179', 'User banned: ');
define('USRLAN_180', 'IP address of {IP} appears on whitelist; IP not banned.');
define('USRLAN_181', 'Send confirmation email with password to new user');
define('USRLAN_182', 'Invalid characters in login name');
define('USRLAN_183', 'That login name already in use');
define('USRLAN_184', 'Length of login name outside limits');
@@ -186,49 +192,19 @@ define('USRLAN_187', 'Access to website: ');
define('USRLAN_188', 'Email sent successfully');
define('USRLAN_189', 'Error sending email');
define("LAN_MAINADMIN","Main Admin");
define("LAN_ADMIN","Admin");
define("LAN_NOTVERIFIED","Not Verified");
define("LAN_BANNED","Banned");
define("LAN_BOUNCED","Bounced");
define('USRLAN_190', 'New user probationary period (days)');
define('USRLAN_191', '(admin can impose restrictions during this period in some areas)');
define('USRLAN_192', 'days');
define('USRLAN_193', 'Nothing changed - not saved');
define('USRLAN_194', '');
define('USRLAN_195', '');
define("DUSRLAN_1", "ID");
define("DUSRLAN_2", "Display Name");
define("DUSRLAN_3", "Username");
define("DUSRLAN_4", "Custom Title");
define("DUSRLAN_5", "Password");
define("DUSRLAN_6", "Photo");
define("DUSRLAN_7", "Email");
define("DUSRLAN_8", "Website");
define("DUSRLAN_9", "ICQ");
define("DUSRLAN_10", "AIM");
define("DUSRLAN_11", "MSN");
define("DUSRLAN_12", "Location");
define("DUSRLAN_13", "Birthday");
define("DUSRLAN_14", "Signature");
define("DUSRLAN_15", "Avatar");
define("DUSRLAN_16", "Timezone");
define("DUSRLAN_17", "Hide Email");
define("DUSRLAN_18", "Join Date");
define("DUSRLAN_19", "Last Visit");
define("DUSRLAN_20", "Current Visit");
define("DUSRLAN_21", "Last Post");
define("DUSRLAN_22", "Chatbox Posts");
define("DUSRLAN_23", "Comments");
define("DUSRLAN_24", "Forum Posts");
define("DUSRLAN_25", "IP");
define("DUSRLAN_26", "Ban");
define("DUSRLAN_27", "Prefs");
define("DUSRLAN_28", "New");
define("DUSRLAN_29", "Viewed");
define("DUSRLAN_30", "Visits");
define("DUSRLAN_31", "Admin");
define("DUSRLAN_32", "Real Name");
define("DUSRLAN_33", "User Class");
define("DUSRLAN_34", "Perms");
define("DUSRLAN_35", "Tracked threads");
define("DUSRLAN_36", "Password Change");
define("DUSRLAN_37", "XUP");
define('LAN_MAINADMIN','Main Admin');
define('LAN_ADMIN','Admin');
define('LAN_NOTVERIFIED','Not Verified');
define('LAN_BANNED','Banned');
define('LAN_BOUNCED','Bounced');
?>

21
e107_languages/English/lan_signup.php
View File

@@ -1,13 +1,18 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_signup.php,v $
| $Revision: 1.12 $
| $Date: 2008-07-30 19:46:30 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Language file - User signup
*
* $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_signup.php,v $
* $Revision: 1.13 $
* $Date: 2008-12-21 11:07:58 $
* $Author: e107steved $
*
*/
define("PAGE_NAME", "Register");
define("LAN_7", "Display Name: ");

5
e107_languages/English/lan_userclass.php
View File

@@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_userclass.php,v $
| $Revision: 1.2 $
| $Date: 2008-12-17 21:02:30 $
| $Revision: 1.3 $
| $Date: 2008-12-21 11:07:58 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -18,5 +18,6 @@ define("UC_LAN_5", "Admin");
define("UC_LAN_6", "Main Admin");
define('UC_LAN_7', 'Forum Moderators');
define('UC_LAN_8','Admins and Mods');
define('UC_LAN_9','New Users');
?>

46
signup.php
View File

@@ -1,36 +1,30 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| <20>Steve Dunstan 2001-2008
| http://e107.org
| jalist@e107.org
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/signup.php,v $
| $Revision: 1.26 $
| $Date: 2008-12-17 20:26:51 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* User signup
*
* $Source: /cvs_backup/e107_0.8/signup.php,v $
* $Revision: 1.27 $
* $Date: 2008-12-21 11:07:58 $
* $Author: e107steved $
*
*/
require_once("class2.php");
$qs = explode(".", e_QUERY);
if($qs[0] != "activate")
{ // multi-language fix.
e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php");
e107_include_once(e_LANGUAGEDIR."English/lan_signup.php");
e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_usersettings.php");
include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php");
include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_usersettings.php");
}
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php'); // Generic user-related language defines
if (isset($pref['del_unv']) && $pref['del_unv'] && $pref['user_reg_veri'] != 2)
{
$threshold=(time() - ($pref['del_unv'] * 60));
$sql->db_Delete("user", "user_ban = 2 AND user_join < '{$threshold}' ");
}
include_once(e_HANDLER."user_extended_class.php");
$usere = new e107_user_extended;
@@ -38,6 +32,7 @@ require_once(e_HANDLER."calendar/calendar_class.php");
$cal = new DHTML_Calendar(true);
require_once(e_HANDLER.'user_handler.php');
$user_info = new UserHandler;
$user_info->deleteExpired(); // Delete time-expired partial registrations
if (is_readable(THEME."signup_template.php"))
{
@@ -188,7 +183,7 @@ if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1))
// ------------------------------------------------------------------
if(!$_POST) // Notice Removal.
if(!$_POST)
{
$error = "";
@@ -381,7 +376,7 @@ if (isset($_POST['register']))
$error = TRUE;
}
if($_POST['xupexist'])
if (varsettrue($pref['xup_enabled']) && varsettrue($_POST['xupexist']))
{
require_once(e_HANDLER."xml_class.php");
$xml = new parseXml;
@@ -585,7 +580,6 @@ global $db_debug;
// Check Email against banlist.
$wc = $tp -> toDB("*".trim(substr($_POST['email'], strpos($_POST['email'], "@"))));
// if ($do_email_validate && $sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."' OR banlist_ip='{$wc}'"))
if ($do_email_validate && !$e107->check_ban("banlist_ip='".$_POST['email']."' OR banlist_ip='{$wc}'",FALSE,TRUE))
{
$email_address_OK = FALSE;

55
usersettings.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/usersettings.php,v $
| $Revision: 1.28 $
| $Date: 2008-12-21 03:58:07 $
| $Author: mcfly_e107 $
| $Revision: 1.29 $
| $Date: 2008-12-21 11:07:58 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
Notes:
@@ -72,25 +72,6 @@ $promptPassword = false;
require_once (HEADERF);
// Given an array of user data, return a comma separated string which includes public, admin, member classes etc as appropriate.
function addCommonClasses($udata)
{
$tmp = array();
if ($udata['user_class'] != '') $tmp = explode(',', $udata['user_class']);
$tmp[] = e_UC_MEMBER;
$tmp[] = e_UC_READONLY;
$tmp[] = e_UC_PUBLIC;
if ($udata['user_admin'] == 1)
{
$tmp[] = e_UC_ADMIN;
}
if (strpos($udata['user_perms'], '0') === 0)
{
$tmp[] = e_UC_MAINADMIN;
}
return implode(",", $tmp);
}
// Save user settings (changes only)
//-----------------------------------
@@ -111,7 +92,7 @@ if (isset($_POST['updatesettings']) || isset($_POST['SaveValidatedInfo']))
$udata = get_user_data($inp); // Get all the existing user data, including any extended fields
$udata['user_classlist'] = addCommonClasses($udata);
$udata['user_classlist'] = $user_info->addCommonClasses($udata, FALSE);
$peer = ($inp == USERID ? false : true); // FALSE if editing own data
}
@@ -392,8 +373,9 @@ if (isset($_POST['updatesettings']))
$err = $ue->user_extended_validate_entry($val, $extList[$key]);
if ($err === true && !$_uid)
{ // General error - usually empty field; could be unacceptable value, or regex fail and no error message defined
$error .= LAN_SIGNUP_6.($tp->toHtml($extList[$key]['user_extended_struct_text'], false, "defs"))." ".LAN_SIGNUP_7."\\n";
} elseif ($err)
$error .= LAN_SIGNUP_6.($tp->toHtml($extList[$key]['user_extended_struct_text'],FALSE,"defs"))." ".LAN_SIGNUP_7."\\n";
}
elseif ($err)
{ // Specific error message returned - usually regex fail
$error .= $err."\\n";
$err = true;
@@ -446,10 +428,16 @@ if (isset($_POST['updatesettings']))
// Handle fields which are just transferred without vetting (but are subject to toDB() for exploit restriction)
$copy_list = array('user_signature' => 'signature', 'user_login' => 'realname', 'user_email' => 'email', 'user_hideemail' => 'hideemail', 'user_xup' => 'user_xup');
$copy_list = array('user_signature' => 'signature',
'user_login' => 'realname',
'user_email' => 'email',
'user_hideemail' =>'hideemail',
'user_xup' => 'user_xup');
// Next list identifies numerics which might take a value of 0
$non_text_list = array('user_hideemail' => 'hideemail');
$non_text_list = array(
'user_hideemail' =>'hideemail'
);
foreach ($copy_list as $k => $v)
{
if (isset($_POST[$v]) && (trim($_POST[$v]) || isset($non_text_list[$k])))
@@ -579,7 +567,8 @@ if (!$error && (count($changed_user_data) || $new_pass))
}
else
{
if ((isset($changed_user_data['user_loginname']) && $user_info->isPasswordRequired('user_loginname')) || (isset($changed_user_data['user_email']) && $user_info->isPasswordRequired('user_email')))
if ((isset($changed_user_data['user_loginname']) && $user_info->isPasswordRequired('user_loginname'))
|| (isset($changed_user_data['user_email']) && $user_info->isPasswordRequired('user_email')))
{
if ($_uid)
{ // Admin is changing it
@@ -792,8 +781,8 @@ WHERE u.user_id='".intval($uuid)."'
";
$sql->db_Select_gen($qry);
$curVal = $sql->db_Fetch();
$curVal['userclass_list'] = addCommonClasses($curVal);
$curVal=$sql->db_Fetch();
$curVal['userclass_list'] = $user_info->addCommonClasses($curVal, FALSE);
if ($_POST)
@@ -848,6 +837,7 @@ function req($field)
}
// Delete a file from the public directories. Return TRUE on success, FALSE on failure.
// Also deletes from database if appropriate.
function delete_file($fname, $dir = 'avatars/')
@@ -857,8 +847,9 @@ function delete_file($fname, $dir = 'avatars/')
if (preg_match("#Binary (.*?)/#", $fname, $match))
{
return $sql->db_Delete("rbinary", "binary_id='".$tp->toDB($match[1])."'");
} elseif (file_exists(e_FILE."public/".$dir.$fname))
return $sql -> db_Delete("rbinary", "binary_id='".$tp -> toDB($match[1])."'");
}
elseif (file_exists(e_FILE."public/".$dir.$fname))
{
unlink(e_FILE."public/".$dir.$fname);
return true;