mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-30 05:20:56 +02:00
Merge branch 'develop' of https://github.com/phpbb/phpbb3 into ticket/10714
* 'develop' of https://github.com/phpbb/phpbb3: (645 commits) [ticket/10679] Update module basename, we added the xcp_ prefix in 3.1 [ticket/10679] Use module_auth to limit access to the module [ticket/10679] Add new permission for changing profile field information [ticket/11219] Coding guidelines and naming consistency changes [ticket/10841] Revert more whitespace changes. [ticket/10841] Revert whitespace changes. [ticket/10841] adding space after if [ticket/10841] removing unnecessary spacing [ticket/10841] changing affectedrows check to COUNT in sql [ticket/10841] Modifying style and language selectors in UCP [ticket/11247] Fix wrong property reference in flock class. [ticket/10602] Avoid a race condition. [ticket/10602] Use last_queue_run for its intended purpose. [ticket/10716] Collect standard error from executed php process. [ticket/10716] Skip test if php is not in PATH. [ticket/10716] Exclude our dependencies from linting. [ticket/10103] New and improved wording. [ticket/10716] Only lint on php 5.3+. [ticket/10103] Assert with messages. [ticket/10103] assertLessThan/assertGreaterThan. ...
This commit is contained in:
@@ -162,6 +162,7 @@ function user_update_name($old_name, $new_name)
|
||||
function user_add($user_row, $cp_data = false)
|
||||
{
|
||||
global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
|
||||
global $phpbb_dispatcher;
|
||||
|
||||
if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
|
||||
{
|
||||
@@ -255,6 +256,16 @@ function user_add($user_row, $cp_data = false)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Use this event to modify the values to be inserted when a user is added
|
||||
*
|
||||
* @event core.user_add_modify_data
|
||||
* @var array sql_ary Array of data to be inserted when a user is added
|
||||
* @since 3.1-A1
|
||||
*/
|
||||
$vars = array('sql_ary');
|
||||
extract($phpbb_dispatcher->trigger_event('core.user_add_modify_data', compact($vars)));
|
||||
|
||||
$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
|
||||
$db->sql_query($sql);
|
||||
|
||||
@@ -341,20 +352,34 @@ function user_add($user_row, $cp_data = false)
|
||||
|
||||
/**
|
||||
* Remove User
|
||||
* @param $mode Either 'retain' or 'remove'
|
||||
*/
|
||||
function user_delete($mode, $user_id, $post_username = false)
|
||||
function user_delete($mode, $user_ids, $retain_username = true)
|
||||
{
|
||||
global $cache, $config, $db, $user, $auth, $phpbb_dispatcher;
|
||||
global $phpbb_root_path, $phpEx;
|
||||
|
||||
$db->sql_transaction('begin');
|
||||
|
||||
$user_rows = array();
|
||||
if (!is_array($user_ids))
|
||||
{
|
||||
$user_ids = array($user_ids);
|
||||
}
|
||||
|
||||
$user_id_sql = $db->sql_in_set('user_id', $user_ids);
|
||||
|
||||
$sql = 'SELECT *
|
||||
FROM ' . USERS_TABLE . '
|
||||
WHERE user_id = ' . $user_id;
|
||||
WHERE ' . $user_id_sql;
|
||||
$result = $db->sql_query($sql);
|
||||
$user_row = $db->sql_fetchrow($result);
|
||||
while ($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
$user_rows[(int) $row['user_id']] = $row;
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
if (!$user_row)
|
||||
if (empty($user_rows))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@@ -374,7 +399,7 @@ function user_delete($mode, $user_id, $post_username = false)
|
||||
// Before we begin, we will remove the reports the user issued.
|
||||
$sql = 'SELECT r.post_id, p.topic_id
|
||||
FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
|
||||
WHERE r.user_id = ' . $user_id . '
|
||||
WHERE ' . $db->sql_in_set('r.user_id', $user_ids) . '
|
||||
AND p.post_id = r.post_id';
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
@@ -428,97 +453,124 @@ function user_delete($mode, $user_id, $post_username = false)
|
||||
}
|
||||
|
||||
// Remove reports
|
||||
$db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);
|
||||
$db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE ' . $user_id_sql);
|
||||
|
||||
if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
|
||||
$num_users_delta = 0;
|
||||
|
||||
// Some things need to be done in the loop (if the query changes based
|
||||
// on which user is currently being deleted)
|
||||
$added_guest_posts = 0;
|
||||
foreach ($user_rows as $user_id => $user_row)
|
||||
{
|
||||
avatar_delete('user', $user_row);
|
||||
}
|
||||
if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
|
||||
{
|
||||
avatar_delete('user', $user_row);
|
||||
}
|
||||
|
||||
switch ($mode)
|
||||
{
|
||||
case 'retain':
|
||||
// Decrement number of users if this user is active
|
||||
if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
|
||||
{
|
||||
--$num_users_delta;
|
||||
}
|
||||
|
||||
$db->sql_transaction('begin');
|
||||
|
||||
if ($post_username === false)
|
||||
{
|
||||
$post_username = $user->lang['GUEST'];
|
||||
}
|
||||
|
||||
// If the user is inactive and newly registered we assume no posts from this user being there...
|
||||
if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
|
||||
{
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = 'UPDATE ' . FORUMS_TABLE . '
|
||||
SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
|
||||
WHERE forum_last_poster_id = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
$sql = 'UPDATE ' . POSTS_TABLE . '
|
||||
SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
|
||||
WHERE poster_id = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
$sql = 'UPDATE ' . POSTS_TABLE . '
|
||||
SET post_edit_user = ' . ANONYMOUS . "
|
||||
WHERE post_edit_user = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
$sql = 'UPDATE ' . TOPICS_TABLE . '
|
||||
SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
|
||||
WHERE topic_poster = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
$sql = 'UPDATE ' . TOPICS_TABLE . '
|
||||
SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
|
||||
WHERE topic_last_poster_id = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
|
||||
SET poster_id = ' . ANONYMOUS . "
|
||||
WHERE poster_id = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
// Since we change every post by this author, we need to count this amount towards the anonymous user
|
||||
|
||||
// Update the post count for the anonymous user
|
||||
if ($user_row['user_posts'])
|
||||
switch ($mode)
|
||||
{
|
||||
case 'retain':
|
||||
if ($retain_username === false)
|
||||
{
|
||||
$sql = 'UPDATE ' . USERS_TABLE . '
|
||||
SET user_posts = user_posts + ' . $user_row['user_posts'] . '
|
||||
WHERE user_id = ' . ANONYMOUS;
|
||||
$db->sql_query($sql);
|
||||
$post_username = $user->lang['GUEST'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$post_username = $user_row['username'];
|
||||
}
|
||||
}
|
||||
|
||||
$db->sql_transaction('commit');
|
||||
// If the user is inactive and newly registered
|
||||
// we assume no posts from the user, and save
|
||||
// the queries
|
||||
if ($user_row['user_type'] != USER_INACTIVE || $user_row['user_inactive_reason'] != INACTIVE_REGISTER || $user_row['user_posts'])
|
||||
{
|
||||
// When we delete these users and retain the posts, we must assign all the data to the guest user
|
||||
$sql = 'UPDATE ' . FORUMS_TABLE . '
|
||||
SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
|
||||
WHERE forum_last_poster_id = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
break;
|
||||
$sql = 'UPDATE ' . POSTS_TABLE . '
|
||||
SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
|
||||
WHERE poster_id = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
case 'remove':
|
||||
$sql = 'UPDATE ' . TOPICS_TABLE . '
|
||||
SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
|
||||
WHERE topic_poster = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
if (!function_exists('delete_posts'))
|
||||
{
|
||||
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
||||
}
|
||||
$sql = 'UPDATE ' . TOPICS_TABLE . '
|
||||
SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
|
||||
WHERE topic_last_poster_id = $user_id";
|
||||
$db->sql_query($sql);
|
||||
|
||||
// Delete posts, attachments, etc.
|
||||
delete_posts('poster_id', $user_id);
|
||||
// Since we change every post by this author, we need to count this amount towards the anonymous user
|
||||
|
||||
break;
|
||||
if ($user_row['user_posts'])
|
||||
{
|
||||
$added_guest_posts += $user_row['user_posts'];
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case 'remove':
|
||||
// there is nothing variant specific to deleting posts
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$db->sql_transaction('begin');
|
||||
if ($num_users_delta != 0)
|
||||
{
|
||||
set_config_count('num_users', $num_users_delta, true);
|
||||
}
|
||||
|
||||
// Now do the invariant tasks
|
||||
// all queries performed in one call of this function are in a single transaction
|
||||
// so this is kosher
|
||||
if ($mode == 'retain')
|
||||
{
|
||||
// Assign more data to the Anonymous user
|
||||
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
|
||||
SET poster_id = ' . ANONYMOUS . '
|
||||
WHERE ' . $db->sql_in_set('poster_id', $user_ids);
|
||||
$db->sql_query($sql);
|
||||
|
||||
$sql = 'UPDATE ' . POSTS_TABLE . '
|
||||
SET post_edit_user = ' . ANONYMOUS . '
|
||||
WHERE ' . $db->sql_in_set('post_edit_user', $user_ids);
|
||||
$db->sql_query($sql);
|
||||
|
||||
$sql = 'UPDATE ' . USERS_TABLE . '
|
||||
SET user_posts = user_posts + ' . $added_guest_posts . '
|
||||
WHERE user_id = ' . ANONYMOUS;
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
else if ($mode == 'remove')
|
||||
{
|
||||
if (!function_exists('delete_posts'))
|
||||
{
|
||||
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
||||
}
|
||||
|
||||
// Delete posts, attachments, etc.
|
||||
// delete_posts can handle any number of IDs in its second argument
|
||||
delete_posts('poster_id', $user_ids);
|
||||
}
|
||||
|
||||
$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);
|
||||
|
||||
// Delete the miscellaneous (non-post) data for the user
|
||||
foreach ($table_ary as $table)
|
||||
{
|
||||
$sql = "DELETE FROM $table
|
||||
WHERE user_id = $user_id";
|
||||
WHERE " . $user_id_sql;
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
|
||||
@@ -526,29 +578,29 @@ function user_delete($mode, $user_id, $post_username = false)
|
||||
|
||||
// Delete user log entries about this user
|
||||
$sql = 'DELETE FROM ' . LOG_TABLE . '
|
||||
WHERE reportee_id = ' . $user_id;
|
||||
WHERE ' . $db->sql_in_set('reportee_id', $user_ids);
|
||||
$db->sql_query($sql);
|
||||
|
||||
// Change user_id to anonymous for this users triggered events
|
||||
$sql = 'UPDATE ' . LOG_TABLE . '
|
||||
SET user_id = ' . ANONYMOUS . '
|
||||
WHERE user_id = ' . $user_id;
|
||||
WHERE ' . $user_id_sql;
|
||||
$db->sql_query($sql);
|
||||
|
||||
// Delete the user_id from the zebra table
|
||||
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
|
||||
WHERE user_id = ' . $user_id . '
|
||||
OR zebra_id = ' . $user_id;
|
||||
WHERE ' . $user_id_sql . '
|
||||
OR ' . $db->sql_in_set('zebra_id', $user_ids);
|
||||
$db->sql_query($sql);
|
||||
|
||||
// Delete the user_id from the banlist
|
||||
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
|
||||
WHERE ban_userid = ' . $user_id;
|
||||
WHERE ' . $db->sql_in_set('ban_userid', $user_ids);
|
||||
$db->sql_query($sql);
|
||||
|
||||
// Delete the user_id from the session table
|
||||
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
|
||||
WHERE session_user_id = ' . $user_id;
|
||||
WHERE ' . $db->sql_in_set('session_user_id', $user_ids);
|
||||
$db->sql_query($sql);
|
||||
|
||||
// Clean the private messages tables from the user
|
||||
@@ -556,7 +608,7 @@ function user_delete($mode, $user_id, $post_username = false)
|
||||
{
|
||||
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
|
||||
}
|
||||
phpbb_delete_user_pms($user_id);
|
||||
phpbb_delete_users_pms($user_ids);
|
||||
|
||||
$db->sql_transaction('commit');
|
||||
|
||||
@@ -573,17 +625,11 @@ function user_delete($mode, $user_id, $post_username = false)
|
||||
extract($phpbb_dispatcher->trigger_event('core.delete_user_after', compact($vars)));
|
||||
|
||||
// Reset newest user info if appropriate
|
||||
if ($config['newest_user_id'] == $user_id)
|
||||
if (in_array($config['newest_user_id'], $user_ids))
|
||||
{
|
||||
update_last_username();
|
||||
}
|
||||
|
||||
// Decrement number of users if this user is active
|
||||
if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
|
||||
{
|
||||
set_config_count('num_users', -1, true);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -2096,13 +2142,14 @@ function avatar_remote($data, &$error)
|
||||
*/
|
||||
function avatar_upload($data, &$error)
|
||||
{
|
||||
global $phpbb_root_path, $config, $db, $user, $phpEx;
|
||||
global $phpbb_root_path, $config, $db, $user, $phpEx, $request;
|
||||
|
||||
// Init upload class
|
||||
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
|
||||
$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));
|
||||
|
||||
if (!empty($_FILES['uploadfile']['name']))
|
||||
$uploadfile = $request->file('uploadfile');
|
||||
if (!empty($uploadfile['name']))
|
||||
{
|
||||
$file = $upload->form_upload('uploadfile');
|
||||
}
|
||||
@@ -2325,7 +2372,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $
|
||||
*/
|
||||
function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null)
|
||||
{
|
||||
global $config, $phpbb_root_path, $auth, $user, $db;
|
||||
global $config, $phpbb_root_path, $auth, $user, $db, $request;
|
||||
|
||||
$data = array(
|
||||
'uploadurl' => request_var('uploadurl', ''),
|
||||
@@ -2367,7 +2414,8 @@ function avatar_process_user(&$error, $custom_userdata = false, $can_upload = nu
|
||||
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
|
||||
}
|
||||
|
||||
if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
|
||||
$uploadfile = $request->file('uploadfile');
|
||||
if ((!empty($uploadfile['name']) || $data['uploadurl']) && $can_upload)
|
||||
{
|
||||
list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
|
||||
}
|
||||
|
Reference in New Issue
Block a user