mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-18 14:48:28 +01:00
Code Issues Releases Wiki Activity

Move certain methods out of ucp class, move ucp class into ucp, break half a dozen other features, introduce x hundred new, exciting bugs

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@4213 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2003-07-07 23:43:57 +00:00
parent 4cc4867c97
commit ff58fc5e7c
7 changed files with 565 additions and 500 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

711
phpBB/includes/functions_user.php
View File

@ -19,519 +19,330 @@
*
***************************************************************************/
// Handles manipulation of user data. Primary used in registration
// and user profile manipulation
class ucp extends user
// Generates an alphanumeric random string of given length
function gen_rand_string($num_chars)
{
var $modules = array();
var $error = array();
$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
// Loads a given module (if it isn't already available), instantiates
// a new object, and where appropriate calls the modules init method
function load_module($module_name)
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($chars) - 1;
$rand_str = '';
for ($i = 0; $i < $num_chars; $i++)
{
if (!class_exists('ucp_' . $module_name))
$rand_str .= $chars[mt_rand(0, $max_chars)];
}
return $rand_str;
}
// Check to see if the username has been taken, or if it is disallowed.
// Also checks if it includes the " character, which we don't allow in usernames.
// Used for registering, changing names, and posting anonymously with a username
function validate_username($username)
{
global $db, $user;
$sql = 'SELECT username
FROM ' . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($db->sql_escape($username)) . "'";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
return 'USERNAME_TAKEN';
}
$db->sql_freeresult($result);
$sql = 'SELECT group_name
FROM ' . GROUPS_TABLE . "
WHERE LOWER(group_name) = '" . strtolower($db->sql_escape($username)) . "'";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
return 'USERNAME_TAKEN';
}
$db->sql_freeresult($result);
$sql = 'SELECT disallow_username
FROM ' . DISALLOW_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (preg_match('#' . str_replace('*', '.*?', preg_quote($row['disallow_username'], '#')) . '#i', $username))
{
global $phpbb_root_path, $phpEx;
require_once($phpbb_root_path . 'includes/ucp/ucp_' . $module_name . '.'.$phpEx);
eval('$this->module[' . $module_name . '] = new ucp_' . $module_name . '();');
if (method_exists($this->module[$module_name], 'init'))
{
$this->module[$module_name]->init();
}
return 'USERNAME_DISALLOWED';
}
}
$db->sql_freeresult($result);
// This is replaced by the loaded module
function main($module_id = false)
$sql = 'SELECT word
FROM ' . WORDS_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
return false;
}
// This generates the block template variable for outputting the list
// of submodules, should be called with an associative array of modules
// in the form 'LANG_STRING' => 'LINK'
function subsection(&$module_ary, &$selected_module)
{
global $template, $user, $phpEx, $SID;
foreach($module_ary as $section_title => $module_link)
if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
{
$template->assign_block_vars('ucp_subsection', array(
'L_TITLE' => $user->lang['UCP_' . $section_title],
'S_SELECTED'=> ($section_title == strtoupper($selected_module)) ? true : false,
'U_TITLE' => "ucp.$phpEx$SID&amp;$module_link")
);
return 'USERNAME_DISALLOWED';
}
}
$db->sql_freeresult($result);
// Displays the appropriate template with the given title
function display(&$page_title, $tpl_name)
return false;
}
// Check to see if email address is banned or already present in the DB
function validate_email($email)
{
global $config, $db, $user;
if (preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email))
{
global $template, $phpEx;
page_header($page_title);
$template->set_filenames(array(
'body' => $tpl_name)
);
make_jumpbox('viewforum.'.$phpEx);
page_footer();
}
// Generates list of additional fields, their type, appropriate data
// etc. for admin defined fields
function extra_fields($page)
{
return false;
}
// Generates an alphanumeric random string of given length
function gen_rand_string($num_chars)
{
$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($chars) - 1;
$rand_str = '';
for ($i = 0; $i < $num_chars; $i++)
{
$rand_str .= $chars[mt_rand(0, $max_chars)];
}
return $rand_str;
}
// Normalises supplied data dependant on required type/length, errors
// on incorrect data
function normalise_data(&$data, &$normalise)
{
$valid_data = array();
foreach ($normalise as $var_type => $var_ary)
{
foreach ($var_ary as $var_name => $var_limits)
{
$var_name = (is_string($var_name)) ? $var_name : $var_limits;
if (isset($data[$var_name]))
{
switch ($var_type)
{
case 'int':
$valid_data[$var_name] = (int) $data[$var_name];
break;
case 'float':
$valid_data[$var_name] = (double) $data[$var_name];
break;
case 'bool':
$valid_data[$var_name] = ($data[$var_name] <= 0) ? 0 : 1;
break;
case 'string':
// Cleanup data, remove excess spaces, run entites
$valid_data[$var_name] = htmlentities(trim(preg_replace('#\s{2,}#s', ' ', strtr((string) $data[$var_name], array_flip(get_html_translation_table(HTML_ENTITIES))))));
// How should we check this data?
if (!is_array($var_limits))
{
// Is the match a string? If it is, process it further, else we'll
// assume it's a maximum length
if (is_string($var_limits))
{
if (strstr($var_limits, ','))
{
list($min_value, $max_value) = explode(',', $var_limits);
if (!empty($valid_data[$var_name]) && strlen($valid_data[$var_name]) < $min_value)
{
$this->error[] = strtoupper($var_name) . '_TOO_SHORT';
}
if (strlen($valid_data[$var_name]) > $max_value)
{
$this->error[] = strtoupper($var_name) . '_TOO_LONG';
}
}
}
else
{
if (strlen($valid_data[$var_name]) > $var_limits)
{
$this->error[] = strtoupper($var_name) . '_TOO_LONG';
}
}
}
break;
}
}
}
}
return $valid_data;
}
// Validates data subject to supplied requirements, errors appropriately
function validate_data(&$data, &$validate)
{
global $db, $user, $config;
foreach ($validate as $operation => $var_ary)
{
foreach ($var_ary as $var_name => $compare)
{
if (!empty($compare))
{
switch ($operation)
{
case 'match':
if (is_array($compare))
{
foreach ($compare as $match)
{
if (!preg_match($match, $data[$var_name]))
{
$this->error[] = strtoupper($var_name) . '_WRONG_DATA';
}
}
}
else if (!preg_match($compare, $data[$var_name]))
{
$this->error[] = strtoupper($var_name) . '_WRONG_DATA';
}
break;
case 'compare':
if (is_array($compare))
{
if (!in_array($data[$var_name], $compare))
{
$this->error[] = strtoupper($var_name) . '_MISMATCH';
}
}
else if ($data[$var_name] != $compare)
{
$this->error[] = strtoupper($var_name) . '_MISMATCH';
}
break;
case 'function':
if ($result = $this->$compare($data[$var_name]))
{
$this->error[] = $result;
}
break;
case 'reqd':
if (!isset($data[$compare]) || (is_string($data[$compare]) && $data[$compare] === ''))
{
$this->error[] = strtoupper($compare) . '_MISSING_DATA';
}
break;
}
}
}
}
}
// Check to see if the username has been taken, or if it is disallowed.
// Also checks if it includes the " character, which we don't allow in usernames.
// Used for registering, changing names, and posting anonymously with a username
function validate_username($username)
{
global $db, $user;
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($db->sql_escape($username)) . "'";
$sql = 'SELECT ban_email
FROM ' . BANLIST_TABLE;
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
return 'USERNAME_TAKEN';
}
$db->sql_freeresult($result);
$sql = 'SELECT group_name
FROM ' . GROUPS_TABLE . "
WHERE LOWER(group_name) = '" . strtolower($db->sql_escape($username)) . "'";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
return 'USERNAME_TAKEN';
}
$db->sql_freeresult($result);
$sql = 'SELECT disallow_username
FROM ' . DISALLOW_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (preg_match('#' . str_replace('*', '.*?', preg_quote($row['disallow_username'], '#')) . '#i', $username))
if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $email))
{
return 'USERNAME_DISALLOWED';
return 'EMAIL_BANNED';
}
}
$db->sql_freeresult($result);
$sql = 'SELECT word
FROM ' . WORDS_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
if (!$config['allow_emailreuse'])
{
if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
{
return 'USERNAME_DISALLOWED';
}
}
$db->sql_freeresult($result);
return false;
}
// Check to see if email address is banned or already present in the DB
function validate_email($email)
{
global $config, $db, $user;
if (preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email))
{
$sql = 'SELECT ban_email
FROM ' . BANLIST_TABLE;
$sql = 'SELECT user_email
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
if ($row = $db->sql_fetchrow($result))
{
if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $email))
{
return 'EMAIL_BANNED';
}
return 'EMAIL_TAKEN';
}
$db->sql_freeresult($result);
if (!$config['allow_emailreuse'])
{
$sql = 'SELECT user_email
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
return 'EMAIL_TAKEN';
}
$db->sql_freeresult($result);
}
return false;
}
return 'EMAIL_INVALID';
return false;
}
return 'EMAIL_INVALID';
}
function update_username($old_name, $new_name)
{
global $db;
$update_ary = array(
FORUMS_TABLE => array('forum_last_poster_name'),
MODERATOR_TABLE => array('username'),
POSTS_TABLE => array('poster_username'),
TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'),
);
function update_username($old_name, $new_name)
foreach ($update_ary as $table => $field_ary)
{
global $db;
}
function avatar_delete()
{
global $config, $db, $user;
if (@file_exists('./' . $config['avatar_path'] . '/' . $user->data['user_avatar']))
foreach ($field_ary as $field)
{
@unlink('./' . $config['avatar_path'] . '/' . $user->data['user_avatar']);
$sql = "UPDATE $table
SET $field = '$new_name'
WHERE $field = '$old_name'";
$db->sql_query($sql);
}
}
function avatar_remote(&$data)
$sql = 'UPDATE ' . CONFIG_TABLE . "
SET config_value = '" . $new_name . "'
WHERE config_name = 'newest_username'
AND config_value = '" . $old_name . "'";
$db->sql_query($sql);
}
function avatar_delete()
{
global $config, $db, $user;
if (@file_exists('./' . $config['avatar_path'] . '/' . $user->data['user_avatar']))
{
global $config, $db, $user, $phpbb_root_path;
@unlink('./' . $config['avatar_path'] . '/' . $user->data['user_avatar']);
}
}
if (!preg_match('#^(http[s]*?)|(ftp)://#i', $data['remotelink']))
{
$data['remotelink'] = 'http://' . $data['remotelink'];
}
function avatar_remote(&$data)
{
global $config, $db, $user, $phpbb_root_path;
if (!preg_match('#^(http[s]?)|(ftp)://(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}:?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
if (!preg_match('#^(http[s]*?)|(ftp)://#i', $data['remotelink']))
{
$data['remotelink'] = 'http://' . $data['remotelink'];
}
if (!preg_match('#^(http[s]?)|(ftp)://(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}:?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
{
$this->error[] = $user->lang['AVATAR_URL_INVALID'];
return true;
}
if ((!($data['width'] || $data['height']) || $data['remotelink'] != $user->data['user_avatar']) && ($config['avatar_max_width'] || $config['avatar_max_height']))
{
list($width, $height) = @getimagesize($data['remotelink']);
if (!$width || !$height)
{
$this->error[] = $user->lang['AVATAR_URL_INVALID'];
$this->error[] = $user->lang['AVATAR_NO_SIZE'];
return true;
}
if ((!($data['width'] || $data['height']) || $data['remotelink'] != $user->data['user_avatar']) && ($config['avatar_max_width'] || $config['avatar_max_height']))
{
list($width, $height) = @getimagesize($data['remotelink']);
if (!$width || !$height)
{
$this->error[] = $user->lang['AVATAR_NO_SIZE'];
return true;
}
else if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
{
$this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']);
return true;
}
$data['width'] = &$width;
$data['height'] = &$height;
}
else if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
else if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
{
$this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']);
return true;
}
// Set type
$data['filename'] = &$data['remotelink'];
$data['type'] = AVATAR_REMOTE;
return false;
}
function avatar_upload(&$data)
{
global $config, $db, $user;
if (!empty($_FILES['uploadfile']['tmp_name']))
{
$filename = $_FILES['uploadfile']['tmp_name'];
$filesize = $_FILES['uploadfile']['size'];
$realname = $_FILES['uploadfile']['name'];
if (file_exists($filename) && preg_match('#^(.*?)\.(jpg|jpeg|gif|png)$#i', $realname, $match))
{
$realname = $match[1];
$filetype = $match[2];
$php_move = 'move_uploaded_file';
}
else
{
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
}
else if (preg_match('#^(http://).*?\.(jpg|jpeg|gif|png)$#i', $data['uploadurl'], $match))
{
if (empty($match[2]))
{
$this->error[] = $user->lang['AVATAR_URL_INVALID'];
return true;
}
$url = parse_url($data['uploadurl']);
$host = $url['host'];
$path = dirname($url['path']);
$port = (!empty($url['port'])) ? $url['port'] : 80;
$filetype = array_pop(explode('.', $url['path']));
$realname = basename($url['path'], '.' . $filetype);
$filename = $url['path'];
$filesize = 0;
if (!($fsock = @fsockopen($host, $port, $errno, $errstr)))
{
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");
$avatar_data = '';
while (!feof($fsock))
{
$avatar_data .= fread($fsock, $config['avatar_filesize']);
}
@fclose($fsock);
$avatar_data = array_pop(explode("\r\n", $avatar_data));
if (empty($avatar_data))
{
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
unset($url_ary);
$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache/tmp';
$filename = tempnam($tmp_path, uniqid(rand()) . '-');
if (!($fp = @fopen($filename, 'wb')))
{
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
$filesize = fwrite($fp, $avatar_data);
fclose($fp);
unset($avatar_data);
if (!$filesize)
{
unlink($filename);
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
$php_move = 'copy';
}
list($width, $height) = getimagesize($filename);
if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'] || $width < $config['avatar_min_width'] || $height < $config['avatar_min_height'] || !$width || !$height)
{
$this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
return true;
}
// Replace any chars which may cause us problems with _
$bad_chars = array(' ', '/', ':', '*', '?', '"', '<', '>', '|');
$data['filename'] = $user->data['user_id'] . '_' . str_replace($bad_chars, '_', $realname) . '.' . $filetype;
$data['width'] = &$width;
$data['height'] = &$height;
}
else if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
{
$this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']);
return true;
}
if(!$php_move($filename, './' . $config['avatar_path'] . '/' . $data['filename']))
// Set type
$data['filename'] = &$data['remotelink'];
$data['type'] = AVATAR_REMOTE;
return false;
}
function avatar_upload(&$data)
{
global $config, $db, $user;
if (!empty($_FILES['uploadfile']['tmp_name']))
{
$filename = $_FILES['uploadfile']['tmp_name'];
$filesize = $_FILES['uploadfile']['size'];
$realname = $_FILES['uploadfile']['name'];
if (file_exists($filename) && preg_match('#^(.*?)\.(jpg|jpeg|gif|png)$#i', $realname, $match))
{
$realname = $match[1];
$filetype = $match[2];
$php_move = 'move_uploaded_file';
}
else
{
@unlink($filename);
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
@unlink($filename);
$filesize = filesize('./' . $config['avatar_path'] . '/' . $data['filename']);
if (!$filesize || $filesize > $config['avatar_filesize'])
}
else if (preg_match('#^(http://).*?\.(jpg|jpeg|gif|png)$#i', $data['uploadurl'], $match))
{
if (empty($match[2]))
{
@unlink('./' . $config['avatar_path'] . '/' . $data['filename']);
$this->error[] = sprintf($user->lang['AVATAR_WRONG_FILESIZE'], $config['avatar_filesize']);
$this->error[] = $user->lang['AVATAR_URL_INVALID'];
return true;
}
// Set type
$data['type'] = AVATAR_UPLOAD;
$url = parse_url($data['uploadurl']);
return;
$host = $url['host'];
$path = dirname($url['path']);
$port = (!empty($url['port'])) ? $url['port'] : 80;
$filetype = array_pop(explode('.', $url['path']));
$realname = basename($url['path'], '.' . $filetype);
$filename = $url['path'];
$filesize = 0;
if (!($fsock = @fsockopen($host, $port, $errno, $errstr)))
{
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");
$avatar_data = '';
while (!feof($fsock))
{
$avatar_data .= fread($fsock, $config['avatar_filesize']);
}
@fclose($fsock);
$avatar_data = array_pop(explode("\r\n", $avatar_data));
if (empty($avatar_data))
{
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
unset($url_ary);
$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache/tmp';
$filename = tempnam($tmp_path, uniqid(rand()) . '-');
if (!($fp = @fopen($filename, 'wb')))
{
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
$filesize = fwrite($fp, $avatar_data);
fclose($fp);
unset($avatar_data);
if (!$filesize)
{
unlink($filename);
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
$php_move = 'copy';
}
list($width, $height) = getimagesize($filename);
if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'] || $width < $config['avatar_min_width'] || $height < $config['avatar_min_height'] || !$width || !$height)
{
$this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
return true;
}
// Replace any chars which may cause us problems with _
$bad_chars = array(' ', '/', ':', '*', '?', '"', '<', '>', '|');
$data['filename'] = $user->data['user_id'] . '_' . str_replace($bad_chars, '_', $realname) . '.' . $filetype;
$data['width'] = &$width;
$data['height'] = &$height;
if(!$php_move($filename, './' . $config['avatar_path'] . '/' . $data['filename']))
{
@unlink($filename);
$this->error[] = $user->lang['AVATAR_NOT_UPLOADED'];
return true;
}
@unlink($filename);
$filesize = filesize('./' . $config['avatar_path'] . '/' . $data['filename']);
if (!$filesize || $filesize > $config['avatar_filesize'])
{
@unlink('./' . $config['avatar_path'] . '/' . $data['filename']);
$this->error[] = sprintf($user->lang['AVATAR_WRONG_FILESIZE'], $config['avatar_filesize']);
return true;
}
// Set type
$data['type'] = AVATAR_UPLOAD;
return;
}
?>

29
phpBB/includes/ucp/ucp_main.php
View File

@ -31,7 +31,7 @@ class ucp_main extends ucp
$submodules['FRONT'] = "i=$id&amp;mode=front";
$submodules['WATCHED'] = "i=$id&amp;mode=watched";
$this->subsection($submodules, $submode);
$this->menu($id, $submodules, $submode);
unset($submodules);
switch ($submode)
@ -152,8 +152,8 @@ class ucp_main extends ucp
'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt),
'ATTACH_ICON_IMG' => ($auth->acl_get('f_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', '') : '',
'S_ROW_COUNT' => $i,
'S_USER_POSTED' => (!empty($row['mark_type'])) ? true : false,
'S_ROW_COUNT' => $i,
'S_USER_POSTED' => (!empty($row['mark_type'])) ? true : false,
'U_VIEW_TOPIC' => $view_topic_url)
);
@ -163,7 +163,6 @@ class ucp_main extends ucp
$db->sql_freeresult($result);
//TODO
/*
$sql_and = '';
$sql = 'SELECT COUNT(post_id) AS total_posts
FROM ' . POSTS_TABLE . '
@ -184,7 +183,7 @@ class ucp_main extends ucp
$post_count_sql";
$result = $db->sql_query($sql);
$num_real_posts = min($row['user_posts'], $db->sql_fetchfield('num_posts', 0, $result));
$num_real_posts = min($user->data['user_posts'], $db->sql_fetchfield('num_posts', 0, $result));
$db->sql_freeresult($result);
$sql = "SELECT f.forum_id, f.forum_name, COUNT(post_id) AS num_posts
@ -237,9 +236,15 @@ class ucp_main extends ucp
}
unset($active_t_row);
$template->assign_vars(show_profile($row));
// $template->assign_vars(show_profile($row));
$template->assign_vars(array(
'USER_COLOR' => (!empty($user->data['user_colour'])) ? $user->data['user_colour'] : '',
'RANK_TITLE' => $rank_title,
'KARMA' => (!empty($row['user_karma'])) ? $user->data['user_karma'] : 0,
'JOINED' => $user->format_date($user->data['user_regdate'], $user->lang['DATE_FORMAT']),
'VISITED' => (empty($last_visit)) ? ' - ' : $user->format_date($last_visit, $user->lang['DATE_FORMAT']),
'POSTS' => ($data['user_posts']) ? $data['user_posts'] : 0,
'POSTS_DAY' => sprintf($user->lang['POST_DAY'], $posts_per_day),
'POSTS_PCT' => sprintf($user->lang['POST_PCT'], $percentage),
'ACTIVE_FORUM' => $active_f_name,
@ -252,13 +257,12 @@ class ucp_main extends ucp
'OCCUPATION' => (!empty($row['user_occ'])) ? $row['user_occ'] : '',
'INTERESTS' => (!empty($row['user_interests'])) ? $row['user_interests'] : '',
'S_PROFILE_ACTION' => "groupcp.$phpEx$SID",
'S_GROUP_OPTIONS' => $group_options,
'U_ACTIVE_FORUM' => "viewforum.$phpEx$SID&amp;f=$active_f_id",
'U_ACTIVE_TOPIC' => "viewtopic.$phpEx$SID&amp;t=$active_t_id",)
);
*/
break;
case 'watched':
@ -385,15 +389,14 @@ class ucp_main extends ucp
// Subscribed Topics
$sql_t_tracking = ($config['load_db_lastread'] || $config['load_db_track']) ? 'LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')' : '';
$sql_f_tracking = ($config['load_db_lastread']) ? 'LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.forum_id = t.forum_id AND ft.user_id = ' . $user->data['user_id'] . ')' : '';
$sql_from = ($config['load_db_lastread'] || $config['load_db_track']) ? '(' . TOPICS_TABLE . ' t LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . '))' : TOPICS_TABLE . ' t';
// $sql_f_tracking = ($config['load_db_lastread']) ? 'LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.forum_id = t.forum_id AND ft.user_id = ' . $user->data['user_id'] . ')' : '';
$sql_t_select = ($config['load_db_lastread'] || $config['load_db_track']) ? ', tt.mark_type, tt.mark_time' : '';
$sql_f_select = ($config['load_db_lastread']) ? ', ft.mark_time AS forum_mark_time' : '';
// $sql_f_select = ($config['load_db_lastread']) ? ', ft.mark_time AS forum_mark_time' : '';
$sql = "SELECT t.* $sql_f_select $sql_t_select
FROM ((" . TOPICS_TABLE . " t
$sql_f_tracking) $sql_t_tracking), " . TOPICS_WATCH_TABLE . ' tw
FROM $sql_from, " . TOPICS_WATCH_TABLE . ' tw
WHERE tw.user_id = ' . $user->data['user_id'] . '
AND t.topic_id = tw.topic_id
ORDER BY t.topic_last_post_time DESC';

34
phpBB/includes/ucp/ucp_prefs.php
View File

@ -32,7 +32,7 @@ class ucp_prefs extends ucp
$submodules['VIEW'] = "i=$id&amp;mode=view";
$submodules['POST'] = "i=$id&amp;mode=post";
$this->subsection($submodules, $submode);
$this->menu($id, $submodules, $submode);
unset($submodules);
switch($submode)
@ -49,7 +49,7 @@ class ucp_prefs extends ucp
),
'int' => array('dst', 'style'),
'float' => array('tz'),
'bool' => array('viewemail', 'hideonline', 'notifypm', 'popuppm')
'bool' => array('viewemail', 'massemail', 'hideonline', 'notifypm', 'popuppm')
);
$data = $this->normalise_data($_POST, $normalise);
@ -64,8 +64,9 @@ class ucp_prefs extends ucp
if (!sizeof($this->error))
{
$sql_ary = array(
'user_allow_viewemail' => $data['viewemail'],
'user_allow_viewonline' => !$data['hideonline'],
'user_allow_viewemail' => $data['viewemail'],
'user_allow_massemail' => $data['massemail'],
'user_allow_viewonline' => ($auth->acl_get('u_hideonline')) ? !$data['hideonline'] : $user->data['user_allow_viewonline'],
'user_notify_pm' => $data['notifypm'],
'user_popup_pm' => $data['popuppm'],
'user_dst' => $data['dst'],
@ -90,9 +91,12 @@ class ucp_prefs extends ucp
unset($data);
}
$view_email = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail'];
$viewemail = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail'];
$view_email_yes = ($viewemail) ? ' checked="checked"' : '';
$view_email_no = (!$viewemail) ? ' checked="checked"' : '';
$massemail = (isset($massemail)) ? $massemail : $user->data['user_allow_massemail'];
$mass_email_yes = ($massemail) ? ' checked="checked"' : '';
$mass_email_no = (!$massemail) ? ' checked="checked"' : '';
$hideonline = (isset($hideonline)) ? $hideonline : !$user->data['user_allow_viewonline'];
$hide_online_yes = ($hideonline) ? ' checked="checked"' : '';
$hide_online_no = (!$hideonline) ? ' checked="checked"' : '';
@ -116,6 +120,8 @@ class ucp_prefs extends ucp
'VIEW_EMAIL_YES' => $view_email_yes,
'VIEW_EMAIL_NO' => $view_email_no,
'ADMIN_EMAIL_YES' => $mass_email_yes,
'ADMIN_EMAIL_NO' => $mass_email_no,
'HIDE_ONLINE_YES' => $hide_online_yes,
'HIDE_ONLINE_NO' => $hide_online_no,
'NOTIFY_PM_YES' => $notify_pm_yes,
@ -129,7 +135,9 @@ class ucp_prefs extends ucp
'S_LANG_OPTIONS' => language_select($lang),
'S_STYLE_OPTIONS' => style_select($style),
'S_TZ_OPTIONS' => tz_select($tz))
'S_TZ_OPTIONS' => tz_select($tz),
'S_CAN_HIDE_ONLINE' => true,
)
);
break;
@ -143,7 +151,7 @@ class ucp_prefs extends ucp
'sk' => '1,1',
'sd' => '1,1',
),
'int' => array('st'),
'int' => array('st', 'minkarma'),
'bool' => array('images', 'flash', 'smilies', 'sigs', 'avatars', 'wordcensor'),
);
$data = $this->normalise_data($_POST, $normalise);
@ -159,7 +167,8 @@ class ucp_prefs extends ucp
'user_viewcensors' => ($auth->acl_get('u_chgcensors')) ? $data['wordcensor'] : $user->data['user_viewcensors'],
'user_sortby_type' => $data['sk'],
'user_sortby_dir' => $data['sd'],
'user_show_days' => $data['st'],
'user_show_days' => $data['st'],
'user_min_karma' => $data['minkarma'],
);
$sql = 'UPDATE ' . USERS_TABLE . '
@ -190,6 +199,14 @@ class ucp_prefs extends ucp
$s_limit_days = $s_sort_key = $s_sort_dir = '';
gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, &$s_limit_days, &$s_sort_key, &$s_sort_dir);
$s_min_karma_options = '';
$minkarma = (isset($minkarma)) ? $minkarma : $user->data['user_min_karma'];
for ($i = -5; $i < 6; $i++)
{
$selected = ($i == $minkarma) ? ' selected="selected"' : '';
$s_min_karma_options .= "<option value=\"$i\"$selected>$i</option>";
}
$images = (isset($images)) ? $images : $user->data['user_viewimg'];
$images_yes = ($images) ? ' checked="checked"' : '';
$images_no = (!$images) ? ' checked="checked"' : '';
@ -225,6 +242,7 @@ class ucp_prefs extends ucp
'DISABLE_CENSORS_YES' => $wordcensor_yes,
'DISABLE_CENSORS_NO' => $wordcensor_no,
'S_MIN_KARMA_OPTIONS' => $s_min_karma_options,
'S_CHANGE_CENSORS' => ($auth->acl_get('u_chgcensors')) ? true : false,
'S_SELECT_SORT_DAYS' => $s_limit_days,
'S_SELECT_SORT_KEY' => $s_sort_key,

17
phpBB/includes/ucp/ucp_profile.php
View File

@ -25,7 +25,7 @@ class ucp_profile extends ucp
{
global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx;
$submode = ($_REQUEST['mode']) ? htmlspecialchars($_REQUEST['mode']) : 'reg_details';
$submode = (isset($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : 'reg_details';
$error = '';
$submodules['REG_DETAILS'] = "i=$id&amp;mode=reg_details";
@ -33,7 +33,7 @@ class ucp_profile extends ucp
$submodules['SIGNATURE'] = "i=$id&amp;mode=signature";
$submodules['AVATAR'] = "i=$id&amp;mode=avatar";
$this->subsection($submodules, $submode);
$this->menu($id, $submodules, $submode);
unset($submodules);
switch ($submode)
@ -66,7 +66,7 @@ class ucp_profile extends ucp
'email_confirm' => ($data['email'] != $user->data['user_email']) ? $data['email'] : '',
),
'match' => array(
'username' => ($data['username'] != $user->data['username']) ? '#^' . str_replace('\\\\', '\\', $config['allow_name_chars']) . '$#iu' : '',
'username' => ($data['username'] != $user->data['username']) ? '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu' : '',
),
'function' => array(
'username' => ($data['username'] != $user->data['username']) ? 'validate_username' : '',
@ -91,7 +91,7 @@ class ucp_profile extends ucp
// Need to update config, forum, topic, posting, messages, etc.
if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') & $config['allow_namechange'])
{
$this->update_username($user->data['username'], $data['username']);
update_username($user->data['username'], $data['username']);
}
meta_refresh(3, "ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode");
@ -349,13 +349,12 @@ class ucp_profile extends ucp
// Can we upload?
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || @ini_get('file_uploads') == 'On')) ? true : false;
if (isset($_POST['submit']))
{
$data = array();
if (!empty($_FILES['uploadfile']['tmp_name']) && $can_upload)
{
$this->avatar_upload($data);
avatar_upload($data);
}
else if (!empty($_POST['uploadurl']) && $can_upload)
{
@ -366,7 +365,7 @@ class ucp_profile extends ucp
);
$data = $this->normalise_data($_POST, $normalise);
$this->avatar_upload($data);
avatar_upload($data);
}
else if (!empty($_POST['remotelink']) && $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote'])
{
@ -379,7 +378,7 @@ class ucp_profile extends ucp
);
$data = $this->normalise_data($_POST, $normalise);
$this->avatar_remote($data);
avatar_remote($data);
}
else if (!empty($_POST['delete']) && $auth->acl_get('u_chgavatar'))
{
@ -406,7 +405,7 @@ class ucp_profile extends ucp
// Delete old avatar if present
if ($user->data['user_avatar'] != '' && $data['filename'] != $user->data['user_avatar'])
{
$this->avatar_delete();
avatar_delete();
}
}

6
phpBB/includes/ucp/ucp_register.php
View File

@ -92,7 +92,7 @@ class ucp_register extends ucp
'email_confirm' => $data['email'],
),
'match' => array(
'username' => '#^' . str_replace('\\\\', '\\', $config['allow_name_chars']) . '$#iu',
'username' => '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu',
),
'function' => array(
'username' => 'validate_username',
@ -146,7 +146,7 @@ class ucp_register extends ucp
$config['require_activation'] == USER_ACTIVATION_SELF ||
$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
{
$user_actkey = $this->gen_rand_string(10);
$user_actkey = gen_rand_string(10);
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len > 6) ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
@ -324,7 +324,7 @@ class ucp_register extends ucp
}
$db->sql_freeresult($result);
$code = $this->gen_rand_string(6);
$code = gen_rand_string(6);
$confirm_id = md5(uniqid($user_ip));
$sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)

9
phpBB/posting.php
View File

@ -109,7 +109,8 @@ switch ($mode)
$sql = 'SELECT t.*, f.*
FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
WHERE t.topic_id = $topic_id
AND f.forum_id IN (t.forum_id, $forum_id)";
AND (f.forum_id = t.forum_id
OR f.forum_id = $forum_id)";
$forum_validate = $topic_validate = true;
break;
@ -131,7 +132,8 @@ switch ($mode)
WHERE p.post_id = $post_id
AND t.topic_id = p.topic_id
AND u.user_id = p.poster_id
AND f.forum_id IN (t.forum_id, $forum_id)";
AND (f.forum_id = t.forum_id
OR f.forum_id = $forum_id)";
$forum_validate = $topic_validate = $post_validate = true;
break;
@ -667,10 +669,9 @@ if ($submit || $preview || $refresh)
if (($username != '' && $user->data['user_id'] == ANONYMOUS) || ($mode == 'edit' && $post_username != ''))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$ucp = new ucp();
$username = strip_tags(htmlspecialchars($username));
if (($result = $ucp->validate_username($username)) != false)
if (($result = validate_username($username)) != false)
{
$error[] = $result;
}

259
phpBB/ucp.php
View File

@ -56,12 +56,243 @@ include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . '/includes/functions_user.'.$phpEx);
// ---------
// FUNCTIONS
//
// Handles manipulation of user data. Primary used in registration
// and user profile manipulation
class ucp extends user
{
var $modules = array();
var $error = array();
// Loads a given module (if it isn't already available), instantiates
// a new object, and where appropriate calls the modules init method
function load_module($module_name)
{
if (!class_exists('ucp_' . $module_name))
{
global $phpbb_root_path, $phpEx;
require_once($phpbb_root_path . 'includes/ucp/ucp_' . $module_name . '.'.$phpEx);
eval('$this->module = new ucp_' . $module_name . '();');
if (method_exists($this->module, 'init'))
{
$this->module->init();
}
}
}
// This is replaced by the loaded module
function main($module_id = false)
{
return false;
}
// This generates the block template variable for outputting the list
// of submodules, should be called with an associative array of modules
// in the form 'LANG_STRING' => 'LINK'
function menu(&$id, &$module_ary, &$selected_module)
{
global $template, $user, $phpEx, $SID, $s_modules;
foreach ($s_modules as $module_id => $section_data)
{
$template->assign_block_vars('ucp_section', array(
'L_TITLE' => $section_data['title'],
'S_SELECTED'=> $section_data['selected'],
'U_TITLE' => $section_data['url'])
);
if ($module_id == $id)
{
foreach ($module_ary as $section_title => $module_link)
{
$template->assign_block_vars('ucp_section.ucp_subsection', array(
'L_TITLE' => $user->lang['UCP_' . $section_title],
'S_SELECTED'=> ($section_title == strtoupper($selected_module)) ? true : false,
'U_TITLE' => "ucp.$phpEx$SID&amp;$module_link")
);
}
}
}
foreach ($module_ary as $section_title => $module_link)
{
$template->assign_block_vars('ucp_subsection', array(
'L_TITLE' => $user->lang['UCP_' . $section_title],
'S_SELECTED'=> ($section_title == strtoupper($selected_module)) ? true : false,
'U_TITLE' => "ucp.$phpEx$SID&amp;$module_link")
);
}
}
// Displays the appropriate template with the given title
function display(&$page_title, $tpl_name)
{
global $template, $phpEx;
page_header($page_title);
$template->set_filenames(array(
'body' => $tpl_name)
);
make_jumpbox('viewforum.'.$phpEx);
page_footer();
}
// Normalises supplied data dependant on required type/length, errors
// on incorrect data
function normalise_data(&$data, &$normalise)
{
$valid_data = array();
foreach ($normalise as $var_type => $var_ary)
{
foreach ($var_ary as $var_name => $var_limits)
{
$var_name = (is_string($var_name)) ? $var_name : $var_limits;
if (isset($data[$var_name]))
{
switch ($var_type)
{
case 'int':
$valid_data[$var_name] = (int) $data[$var_name];
break;
case 'float':
$valid_data[$var_name] = (double) $data[$var_name];
break;
case 'bool':
$valid_data[$var_name] = ($data[$var_name] <= 0) ? 0 : 1;
break;
case 'string':
// Cleanup data, remove excess spaces, run entites
$valid_data[$var_name] = htmlentities(trim(preg_replace('#\s{2,}#s', ' ', strtr((string) $data[$var_name], array_flip(get_html_translation_table(HTML_ENTITIES))))));
// How should we check this data?
if (!is_array($var_limits))
{
// Is the match a string? If it is, process it further, else we'll
// assume it's a maximum length
if (is_string($var_limits))
{
if (strstr($var_limits, ','))
{
list($min_value, $max_value) = explode(',', $var_limits);
if (!empty($valid_data[$var_name]) && strlen($valid_data[$var_name]) < $min_value)
{
$this->error[] = strtoupper($var_name) . '_TOO_SHORT';
}
if (strlen($valid_data[$var_name]) > $max_value)
{
$this->error[] = strtoupper($var_name) . '_TOO_LONG';
}
}
}
else
{
if (strlen($valid_data[$var_name]) > $var_limits)
{
$this->error[] = strtoupper($var_name) . '_TOO_LONG';
}
}
}
break;
}
}
}
}
return $valid_data;
}
// Validates data subject to supplied requirements, errors appropriately
function validate_data(&$data, &$validate)
{
global $db, $user, $config;
foreach ($validate as $operation => $var_ary)
{
foreach ($var_ary as $var_name => $compare)
{
if (!empty($compare))
{
switch ($operation)
{
case 'match':
if (is_array($compare))
{
foreach ($compare as $match)
{
if (!preg_match($match, $data[$var_name]))
{
$this->error[] = strtoupper($var_name) . '_WRONG_DATA';
}
}
}
else if (!preg_match($compare, $data[$var_name]))
{
$this->error[] = strtoupper($var_name) . '_WRONG_DATA';
}
break;
case 'compare':
if (is_array($compare))
{
if (!in_array($data[$var_name], $compare))
{
$this->error[] = strtoupper($var_name) . '_MISMATCH';
}
}
else if ($data[$var_name] != $compare)
{
$this->error[] = strtoupper($var_name) . '_MISMATCH';
}
break;
case 'function':
if ($result = $compare($data[$var_name]))
{
$this->error[] = $result;
}
break;
case 'reqd':
if (!isset($data[$compare]) || (is_string($data[$compare]) && $data[$compare] === ''))
{
$this->error[] = strtoupper($compare) . '_MISSING_DATA';
}
break;
}
}
}
}
}
}
//
// FUNCTIONS
// ---------
// Start session management
$user->start();
$user->setup();
$auth->acl($user->data);
// Basic parameter data
$mode = (!empty($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : '';
$module = (!empty($_REQUEST['i'])) ? intval($_REQUEST['i']) : 1;
@ -76,15 +307,14 @@ switch ($mode)
{
case 'activate':
$ucp->load_module('activate');
$ucp->module['activate']->main();
$ucp->module->main();
break;
case 'remind':
$ucp->load_module('remind');
$ucp->module['remind']->main();
$ucp->module->main();
break;
case 'register':
if ($user->data['user_id'] != ANONYMOUS)
{
@ -92,12 +322,12 @@ switch ($mode)
}
$ucp->load_module('register');
$ucp->module['register']->main();
$ucp->module->main();
break;
case 'confirm':
$ucp->load_module('confirm');
$ucp->module['confirm']->main();
$ucp->module->main();
break;
case 'login':
@ -135,11 +365,12 @@ obtain_word_list($censors);
// Grab the other enabled UCP modules
$sql = "SELECT module_id, module_title, module_filename
FROM " . UCP_MODULES_TABLE . "
ORDER BY module_order ASC";
$sql = 'SELECT module_id, module_title, module_filename
FROM ' . UCP_MODULES_TABLE . '
ORDER BY module_order ASC';
$result = $db->sql_query($sql);
$s_modules = array();
while ($row = $db->sql_fetchrow($result))
{
$template->assign_block_vars('ucp_sections', array(
@ -149,7 +380,11 @@ while ($row = $db->sql_fetchrow($result))
'S_IS_TAB' => ($row['module_id'] == $module) ? true : false)
);
$s_modules[$row['module_id']]['title'] = $user->lang['UCP_' . $row['module_title']];
$s_modules[$row['module_id']]['url'] = "ucp.$phpEx$SID&amp;i=" . $row['module_id'];
$s_modules[$row['module_id']]['selected'] = ($row['module_id'] == $module) ? true : false;
if ($row['module_id'] == $module)
{
$selected_module = $row['module_filename'];
@ -161,9 +396,7 @@ $db->sql_freeresult($result);
if ($selected_module)
{
$ucp->load_module($selected_module);
$ucp->module[$selected_module]->main($selected_id);
$ucp->module->main($selected_id);
}
exit;
?>