mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-05 00:07:44 +02:00
Code Issues Releases Wiki Activity

More fixes

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3219 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2002-12-21 00:15:13 +00:00
parent d7e4ddef5b
commit 2924aa13b3
3 changed files with 56 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
phpBB/includes/functions_validate.php
View File

@@ -18,7 +18,6 @@
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
//
@@ -35,56 +34,72 @@ function validate_username($username)
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
if ( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] )
if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
}
$db->sql_freeresult($result);
$sql = "SELECT group_name
FROM " . GROUPS_TABLE . "
WHERE LOWER(group_name) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
if ( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
$db->sql_freeresult($result);
$sql = "SELECT disallow_username
FROM " . DISALLOW_TABLE;
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
while( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username) )
do
{
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
}
while($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
$sql = "SELECT word
FROM " . WORDS_TABLE;
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
while( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username) )
do
{
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
}
while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
// Don't allow " in username.
if ( strstr($username, '"') )
if (strstr($username, '"'))
{
return array('error' => true, 'error_msg' => $lang['Username_invalid']);
}
@@ -100,36 +115,43 @@ function validate_email($email)
{
global $db, $lang;
if ( $email != '' )
if ($email != '')
{
if ( preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) )
if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email))
{
$sql = "SELECT ban_email
FROM " . BANLIST_TABLE;
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
while( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
$match_email = str_replace('*', '.*?', $row['ban_email']);
if ( preg_match('/^' . $match_email . '$/is', $email) )
do
{
return array('error' => true, 'error_msg' => $lang['Email_banned']);
$match_email = str_replace('*', '.*?', $row['ban_email']);
if (preg_match('/^' . $match_email . '$/is', $email))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Email_banned']);
}
}
while($row = $db->sql_fetchrow($result))
}
}
$db->sql_freeresult($result);
$sql = "SELECT user_email
FROM " . USERS_TABLE . "
WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
if ( !($result = $db->sql_query($sql)) )
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
return array('error' => true, 'error_msg' => $lang['Email_taken']);
}
$db->sql_freeresult($result);
return array('error' => false, 'error_msg' => '');
}
@@ -148,28 +170,28 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
for($i = 0; $i < count($check_var_length); $i++)
{
if ( strlen($$check_var_length[$i]) < 2 )
if (strlen($$check_var_length[$i]) < 2)
{
$$check_var_length[$i] = '';
}
}
// ICQ number has to be only numbers.
if ( !preg_match('/^[0-9]+$/', $icq) )
if (!preg_match('/^[0-9]+$/', $icq))
{
$icq = '';
}
// website has to start with http://, followed by something with length at least 3 that
// contains at least one dot.
if ( $website != "" )
if ($website != "")
{
if ( !preg_match('#^http[s]?:\/\/#i', $website) )
if (!preg_match('#^http[s]?:\/\/#i', $website))
{
$website = 'http://' . $website;
}
if ( !preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) )
if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
{
$website = '';
}
@@ -178,4 +200,4 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
return;
}
?>
?>