6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
12 * Obtain user_ids from usernames or vice versa. Returns false on
13 * success else the error string
15 function user_get_id_name(&$user_id_ary, &$username_ary, $only_active = false)
19 // Are both arrays already filled? Yep, return else
20 // are neither array filled?
21 if ($user_id_ary && $username_ary)
25 else if (!$user_id_ary && !$username_ary)
30 $which_ary = ($user_id_ary) ?
'user_id_ary' : 'username_ary';
32 if ($
$which_ary && !is_array($
$which_ary))
34 $
$which_ary = array($
$which_ary);
37 $sql_in = ($which_ary == 'user_id_ary') ?
array_map('intval', $
$which_ary) : array_map('utf8_clean_string', $
$which_ary);
40 $user_id_ary = $username_ary = array();
42 // Grab the user id/username records
43 $sql_where = ($which_ary == 'user_id_ary') ?
'user_id' : 'username_clean';
44 $sql = 'SELECT user_id, username
45 FROM ' . USERS_TABLE
. '
46 WHERE ' . $db->sql_in_set($sql_where, $sql_in);
50 $sql .= ' AND user_type IN (' . USER_NORMAL
. ', ' . USER_FOUNDER
. ')';
53 $result = $db->sql_query($sql);
55 if (!($row = $db->sql_fetchrow($result)))
57 $db->sql_freeresult($result);
63 $username_ary[$row['user_id']] = $row['username'];
64 $user_id_ary[] = $row['user_id'];
66 while ($row = $db->sql_fetchrow($result));
67 $db->sql_freeresult($result);
73 * Get latest registered username and update database to reflect it
75 function update_last_username()
79 // Get latest username
80 $sql = 'SELECT user_id, username, user_colour
81 FROM ' . USERS_TABLE
. '
82 WHERE user_type IN (' . USER_NORMAL
. ', ' . USER_FOUNDER
. ')
83 ORDER BY user_id DESC';
84 $result = $db->sql_query_limit($sql, 1);
85 $row = $db->sql_fetchrow($result);
86 $db->sql_freeresult($result);
90 set_config('newest_user_id', $row['user_id'], true);
91 set_config('newest_username', $row['username'], true);
92 set_config('newest_user_colour', $row['user_colour'], true);
97 * Updates a username across all relevant tables/fields
99 * @param string $old_name the old/current username
100 * @param string $new_name the new username
102 function user_update_name($old_name, $new_name)
104 global $config, $db, $cache;
107 FORUMS_TABLE
=> array('forum_last_poster_name'),
108 MODERATOR_CACHE_TABLE
=> array('username'),
109 POSTS_TABLE
=> array('post_username'),
110 TOPICS_TABLE
=> array('topic_first_poster_name', 'topic_last_poster_name'),
113 foreach ($update_ary as $table => $field_ary)
115 foreach ($field_ary as $field)
117 $sql = "UPDATE $table
118 SET $field = '" . $db->sql_escape($new_name) . "'
119 WHERE $field = '" . $db->sql_escape($old_name) . "'";
120 $db->sql_query($sql);
124 if ($config['newest_username'] == $old_name)
126 set_config('newest_username', $new_name, true);
133 function user_add($user_row, $cp_data = false)
135 global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
137 if (empty($user_row['username']) ||
!isset($user_row['group_id']) ||
!isset($user_row['user_email']) ||
!isset($user_row['user_type']))
143 'username' => $user_row['username'],
144 'username_clean' => utf8_clean_string($user_row['username']),
145 'user_password' => (isset($user_row['user_password'])) ?
$user_row['user_password'] : '',
146 'user_pass_convert' => 0,
147 'user_email' => strtolower($user_row['user_email']),
148 'user_email_hash' => (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
149 'group_id' => $user_row['group_id'],
150 'user_type' => $user_row['user_type'],
153 // These are the additional vars able to be specified
154 $additional_vars = array(
155 'user_permissions' => '',
156 'user_timezone' => $config['board_timezone'],
157 'user_dateformat' => $config['default_dateformat'],
158 'user_lang' => $config['default_lang'],
159 'user_style' => $config['default_style'],
160 'user_allow_pm' => 1,
163 'user_regdate' => time(),
164 'user_passchg' => time(),
166 'user_inactive_reason' => 0,
167 'user_inactive_time' => 0,
168 'user_lastmark' => time(),
169 'user_lastvisit' => 0,
170 'user_lastpost_time' => 0,
171 'user_lastpage' => '',
176 'user_interests' => '',
178 'user_avatar_type' => 0,
179 'user_avatar_width' => 0,
180 'user_avatar_height' => 0,
181 'user_new_privmsg' => 0,
182 'user_unread_privmsg' => 0,
183 'user_last_privmsg' => 0,
184 'user_message_rules' => 0,
185 'user_full_folder' => PRIVMSGS_NO_BOX
,
186 'user_emailtime' => 0,
189 'user_notify_pm' => 1,
190 'user_notify_type' => NOTIFY_EMAIL
,
191 'user_allow_pm' => 1,
192 'user_allow_viewonline' => 1,
193 'user_allow_viewemail' => 1,
194 'user_allow_massemail' => 1,
197 'user_sig_bbcode_uid' => '',
198 'user_sig_bbcode_bitfield' => '',
201 // Now fill the sql array with not required variables
202 foreach ($additional_vars as $key => $default_value)
204 $sql_ary[$key] = (isset($user_row[$key])) ?
$user_row[$key] : $default_value;
207 // Any additional variables in $user_row not covered above?
208 $remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
210 // Now fill our sql array with the remaining vars
211 if (sizeof($remaining_vars))
213 foreach ($remaining_vars as $key)
215 $sql_ary[$key] = $user_row[$key];
219 $sql = 'INSERT INTO ' . USERS_TABLE
. ' ' . $db->sql_build_array('INSERT', $sql_ary);
220 $db->sql_query($sql);
222 $user_id = $db->sql_nextid();
224 // Insert Custom Profile Fields
225 if ($cp_data !== false && sizeof($cp_data))
227 $cp_data['user_id'] = (int) $user_id;
229 if (!class_exists('custom_profile'))
231 include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
234 $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE
. ' ' .
235 $db->sql_build_array('INSERT', custom_profile
::build_insert_sql_array($cp_data));
236 $db->sql_query($sql);
239 // Place into appropriate group...
240 $sql = 'INSERT INTO ' . USER_GROUP_TABLE
. ' ' . $db->sql_build_array('INSERT', array(
241 'user_id' => (int) $user_id,
242 'group_id' => (int) $user_row['group_id'],
245 $db->sql_query($sql);
247 // Now make it the users default group...
248 group_set_user_default($user_row['group_id'], array($user_id), false);
250 // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
251 if ($user_row['user_type'] == USER_NORMAL
)
253 set_config('newest_user_id', $user_id, true);
254 set_config('newest_username', $user_row['username'], true);
255 set_config('num_users', $config['num_users'] +
1, true);
257 $sql = 'SELECT group_colour
258 FROM ' . GROUPS_TABLE
. '
259 WHERE group_id = ' . $user_row['group_id'];
260 $result = $db->sql_query_limit($sql, 1);
261 $row = $db->sql_fetchrow($result);
262 $db->sql_freeresult($result);
264 set_config('newest_user_colour', $row['group_colour'], true);
273 function user_delete($mode, $user_id, $post_username = false)
275 global $cache, $config, $db, $user, $auth;
276 global $phpbb_root_path, $phpEx;
279 FROM ' . USERS_TABLE
. '
280 WHERE user_id = ' . $user_id;
281 $result = $db->sql_query($sql);
282 $user_row = $db->sql_fetchrow($result);
283 $db->sql_freeresult($result);
290 $db->sql_transaction('begin');
296 if ($post_username === false)
298 $post_username = $user->lang
['GUEST'];
301 $sql = 'UPDATE ' . FORUMS_TABLE
. '
302 SET forum_last_poster_id = ' . ANONYMOUS
. ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
303 WHERE forum_last_poster_id = $user_id";
304 $db->sql_query($sql);
306 $sql = 'UPDATE ' . POSTS_TABLE
. '
307 SET poster_id = ' . ANONYMOUS
. ", post_username = '" . $db->sql_escape($post_username) . "'
308 WHERE poster_id = $user_id";
309 $db->sql_query($sql);
311 $sql = 'UPDATE ' . POSTS_TABLE
. '
312 SET post_edit_user = ' . ANONYMOUS
. "
313 WHERE post_edit_user = $user_id";
314 $db->sql_query($sql);
316 $sql = 'UPDATE ' . TOPICS_TABLE
. '
317 SET topic_poster = ' . ANONYMOUS
. ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
318 WHERE topic_poster = $user_id";
319 $db->sql_query($sql);
321 $sql = 'UPDATE ' . TOPICS_TABLE
. '
322 SET topic_last_poster_id = ' . ANONYMOUS
. ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
323 WHERE topic_last_poster_id = $user_id";
324 $db->sql_query($sql);
326 // Since we change every post by this author, we need to count this amount towards the anonymous user
328 // Update the post count for the anonymous user
329 if ($user_row['user_posts'])
331 $sql = 'UPDATE ' . USERS_TABLE
. '
332 SET user_posts = user_posts + ' . $user_row['user_posts'] . '
333 WHERE user_id = ' . ANONYMOUS
;
334 $db->sql_query($sql);
340 if (!function_exists('delete_posts'))
342 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
345 $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
346 FROM ' . POSTS_TABLE
. "
347 WHERE poster_id = $user_id
349 $result = $db->sql_query($sql);
351 $topic_id_ary = array();
352 while ($row = $db->sql_fetchrow($result))
354 $topic_id_ary[$row['topic_id']] = $row['total_posts'];
356 $db->sql_freeresult($result);
358 if (sizeof($topic_id_ary))
360 $sql = 'SELECT topic_id, topic_replies, topic_replies_real
361 FROM ' . TOPICS_TABLE
. '
362 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
363 $result = $db->sql_query($sql);
365 $del_topic_ary = array();
366 while ($row = $db->sql_fetchrow($result))
368 if (max($row['topic_replies'], $row['topic_replies_real']) +
1 == $topic_id_ary[$row['topic_id']])
370 $del_topic_ary[] = $row['topic_id'];
373 $db->sql_freeresult($result);
375 if (sizeof($del_topic_ary))
377 $sql = 'DELETE FROM ' . TOPICS_TABLE
. '
378 WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
379 $db->sql_query($sql);
383 // Delete posts, attachments, etc.
384 delete_posts('poster_id', $user_id);
389 $table_ary = array(USERS_TABLE
, USER_GROUP_TABLE
, TOPICS_WATCH_TABLE
, FORUMS_WATCH_TABLE
, ACL_USERS_TABLE
, TOPICS_TRACK_TABLE
, TOPICS_POSTED_TABLE
, FORUMS_TRACK_TABLE
, PROFILE_FIELDS_DATA_TABLE
, MODERATOR_CACHE_TABLE
);
391 foreach ($table_ary as $table)
393 $sql = "DELETE FROM $table
394 WHERE user_id = $user_id";
395 $db->sql_query($sql);
398 $cache->destroy('sql', MODERATOR_CACHE_TABLE
);
400 // Remove any undelivered mails...
401 $sql = 'SELECT msg_id, user_id
402 FROM ' . PRIVMSGS_TO_TABLE
. '
403 WHERE author_id = ' . $user_id . '
404 AND folder_id = ' . PRIVMSGS_NO_BOX
;
405 $result = $db->sql_query($sql);
407 $undelivered_msg = $undelivered_user = array();
408 while ($row = $db->sql_fetchrow($result))
410 $undelivered_msg[] = $row['msg_id'];
411 $undelivered_user[$row['user_id']][] = true;
413 $db->sql_freeresult($result);
415 if (sizeof($undelivered_msg))
417 $sql = 'DELETE FROM ' . PRIVMSGS_TABLE
. '
418 WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
419 $db->sql_query($sql);
422 $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE
. '
423 WHERE author_id = ' . $user_id . '
424 AND folder_id = ' . PRIVMSGS_NO_BOX
;
425 $db->sql_query($sql);
427 // Delete all to-information
428 $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE
. '
429 WHERE user_id = ' . $user_id;
430 $db->sql_query($sql);
432 // Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
433 $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE
. '
434 SET author_id = ' . ANONYMOUS
. '
435 WHERE author_id = ' . $user_id;
436 $db->sql_query($sql);
438 $sql = 'UPDATE ' . PRIVMSGS_TABLE
. '
439 SET author_id = ' . ANONYMOUS
. '
440 WHERE author_id = ' . $user_id;
441 $db->sql_query($sql);
443 foreach ($undelivered_user as $_user_id => $ary)
445 if ($_user_id == $user_id)
450 $sql = 'UPDATE ' . USERS_TABLE
. '
451 SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
452 user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
453 WHERE user_id = ' . $_user_id;
454 $db->sql_query($sql);
457 // Reset newest user info if appropriate
458 if ($config['newest_user_id'] == $user_id)
460 update_last_username();
463 // Decrement number of users if this user is active
464 if ($user_row['user_type'] != USER_INACTIVE
&& $user_row['user_type'] != USER_IGNORE
)
466 set_config('num_users', $config['num_users'] - 1, true);
469 $db->sql_transaction('commit');
475 * Flips user_type from active to inactive and vice versa, handles group membership updates
477 * @param string $mode can be flip for flipping from active/inactive, activate or deactivate
479 function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL
)
481 global $config, $db, $user, $auth;
483 $deactivated = $activated = 0;
484 $sql_statements = array();
486 if (!is_array($user_id_ary))
488 $user_id_ary = array($user_id_ary);
491 if (!sizeof($user_id_ary))
496 $sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
497 FROM ' . USERS_TABLE
. '
498 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
499 $result = $db->sql_query($sql);
501 while ($row = $db->sql_fetchrow($result))
505 if ($row['user_type'] == USER_IGNORE ||
$row['user_type'] == USER_FOUNDER ||
506 ($mode == 'activate' && $row['user_type'] != USER_INACTIVE
) ||
507 ($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE
))
512 if ($row['user_type'] == USER_INACTIVE
)
520 // Remove the users session key...
521 $user->reset_login_keys($row['user_id']);
525 'user_type' => ($row['user_type'] == USER_NORMAL
) ? USER_INACTIVE
: USER_NORMAL
,
526 'user_inactive_time' => ($row['user_type'] == USER_NORMAL
) ?
time() : 0,
527 'user_inactive_reason' => ($row['user_type'] == USER_NORMAL
) ?
$reason : 0,
530 $sql_statements[$row['user_id']] = $sql_ary;
532 $db->sql_freeresult($result);
534 if (sizeof($sql_statements))
536 foreach ($sql_statements as $user_id => $sql_ary)
538 $sql = 'UPDATE ' . USERS_TABLE
. '
539 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
540 WHERE user_id = ' . $user_id;
541 $db->sql_query($sql);
544 $auth->acl_clear_prefetch(array_keys($sql_statements));
549 set_config('num_users', $config['num_users'] - $deactivated, true);
554 set_config('num_users', $config['num_users'] +
$activated, true);
557 // Update latest username
558 update_last_username();
562 * Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
564 * @param string $mode Type of ban. One of the following: user, ip, email
565 * @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
566 * @param int $ban_len Ban length in minutes
567 * @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
568 * @param boolean $ban_exclude Exclude these entities from banning?
569 * @param string $ban_reason String describing the reason for this ban
572 function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
574 global $db, $user, $auth;
577 $sql = 'DELETE FROM ' . BANLIST_TABLE
. '
578 WHERE ban_end < ' . time() . '
580 $db->sql_query($sql);
582 $ban_list = (!is_array($ban)) ?
array_unique(explode("\n", $ban)) : $ban;
583 $ban_list_log = implode(', ', $ban_list);
585 $current_time = time();
587 // Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
590 if ($ban_len != -1 ||
!$ban_len_other)
592 $ban_end = max($current_time, $current_time +
($ban_len) * 60);
596 $ban_other = explode('-', $ban_len_other);
597 $ban_end = max($current_time, gmmktime(0, 0, 0, $ban_other[1], $ban_other[2], $ban_other[0]));
609 // Create a list of founder...
610 $sql = 'SELECT user_id, user_email
611 FROM ' . USERS_TABLE
. '
612 WHERE user_type = ' . USER_FOUNDER
;
613 $result = $db->sql_query($sql);
615 while ($row = $db->sql_fetchrow($result))
617 $founder[$row['user_id']] = $row['user_email'];
619 $db->sql_freeresult($result);
622 $banlist_ary = array();
627 $type = 'ban_userid';
629 if (in_array('*', $ban_list))
631 // Ban all users (it's a good thing that you can exclude people)
632 $banlist_ary[] = '*';
636 // Select the relevant user_ids.
637 $sql_usernames = array();
639 foreach ($ban_list as $username)
641 $username = trim($username);
644 $sql_usernames[] = utf8_clean_string($username);
648 // Make sure we have been given someone to ban
649 if (!sizeof($sql_usernames))
651 trigger_error($user->lang
['NO_USER_SPECIFIED']);
654 $sql = 'SELECT user_id
655 FROM ' . USERS_TABLE
. '
656 WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
658 // Do not allow banning yourself
659 if (sizeof($founder))
661 $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data
['user_id'])), true);
665 $sql .= ' AND user_id <> ' . $user->data
['user_id'];
668 $result = $db->sql_query($sql);
670 if ($row = $db->sql_fetchrow($result))
674 $banlist_ary[] = $row['user_id'];
676 while ($row = $db->sql_fetchrow($result));
680 trigger_error($user->lang
['NO_USERS']);
682 $db->sql_freeresult($result);
689 foreach ($ban_list as $ban_item)
691 if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
693 // This is an IP range
694 // Don't ask about all this, just don't ask ... !
695 $ip_1_counter = $ip_range_explode[1];
696 $ip_1_end = $ip_range_explode[5];
698 while ($ip_1_counter <= $ip_1_end)
700 $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ?
$ip_range_explode[2] : 0;
701 $ip_2_end = ($ip_1_counter < $ip_1_end) ?
254 : $ip_range_explode[6];
703 if ($ip_2_counter == 0 && $ip_2_end == 254)
706 $ip_2_fragment = 256;
708 $banlist_ary[] = "$ip_1_counter.*";
711 while ($ip_2_counter <= $ip_2_end)
713 $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ?
$ip_range_explode[3] : 0;
714 $ip_3_end = ($ip_2_counter < $ip_2_end ||
$ip_1_counter < $ip_1_end) ?
254 : $ip_range_explode[7];
716 if ($ip_3_counter == 0 && $ip_3_end == 254)
719 $ip_3_fragment = 256;
721 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
724 while ($ip_3_counter <= $ip_3_end)
726 $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ?
$ip_range_explode[4] : 0;
727 $ip_4_end = ($ip_3_counter < $ip_3_end ||
$ip_2_counter < $ip_2_end) ?
254 : $ip_range_explode[8];
729 if ($ip_4_counter == 0 && $ip_4_end == 254)
732 $ip_4_fragment = 256;
734 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
737 while ($ip_4_counter <= $ip_4_end)
739 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
749 else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) ||
preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
752 $banlist_ary[] = trim($ban_item);
754 else if (preg_match('#^\*$#', trim($ban_item)))
757 $banlist_ary[] = "*";
759 else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
762 $ip_ary = gethostbynamel(trim($ban_item));
766 foreach ($ip_ary as $ip)
770 if (strlen($ip) > 40)
775 $banlist_ary[] = $ip;
782 trigger_error('NO_IPS_DEFINED');
790 foreach ($ban_list as $ban_item)
792 $ban_item = trim($ban_item);
794 if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
796 if (strlen($ban_item) > 100)
801 if (!sizeof($founder) ||
!in_array($ban_item, $founder))
803 $banlist_ary[] = $ban_item;
808 if (sizeof($ban_list) == 0)
810 trigger_error('NO_EMAILS_DEFINED');
815 trigger_error('NO_MODE');
819 // Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
820 $sql_where = ($type == 'ban_userid') ?
'ban_userid <> 0' : "$type <> ''";
823 FROM " . BANLIST_TABLE
. "
825 AND ban_exclude = $ban_exclude";
826 $result = $db->sql_query($sql);
828 // Reset $sql_where, because we use it later...
831 if ($row = $db->sql_fetchrow($result))
833 $banlist_ary_tmp = array();
839 $banlist_ary_tmp[] = $row['ban_userid'];
843 $banlist_ary_tmp[] = $row['ban_ip'];
847 $banlist_ary_tmp[] = $row['ban_email'];
851 while ($row = $db->sql_fetchrow($result));
853 $banlist_ary = array_unique(array_diff($banlist_ary, $banlist_ary_tmp));
854 unset($banlist_ary_tmp);
856 $db->sql_freeresult($result);
858 // We have some entities to ban
859 if (sizeof($banlist_ary))
863 foreach ($banlist_ary as $ban_entry)
867 'ban_start' => $current_time,
868 'ban_end' => $ban_end,
869 'ban_exclude' => $ban_exclude,
870 'ban_reason' => $ban_reason,
871 'ban_give_reason' => $ban_give_reason,
875 $db->sql_multi_insert(BANLIST_TABLE
, $sql_ary);
877 // If we are banning we want to logout anyone matching the ban
883 $sql_where = (in_array('*', $banlist_ary)) ?
'' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
887 $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
891 $banlist_ary_sql = array();
893 foreach ($banlist_ary as $ban_entry)
895 $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
898 $sql = 'SELECT user_id
899 FROM ' . USERS_TABLE
. '
900 WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
901 $result = $db->sql_query($sql);
905 if ($row = $db->sql_fetchrow($result))
909 $sql_in[] = $row['user_id'];
911 while ($row = $db->sql_fetchrow($result));
913 $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
915 $db->sql_freeresult($result);
919 if (isset($sql_where) && $sql_where)
921 $sql = 'DELETE FROM ' . SESSIONS_TABLE
. "
923 $db->sql_query($sql);
927 $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE
. ' ' . ((in_array('*', $banlist_ary)) ?
'' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
928 $db->sql_query($sql);
934 $log_entry = ($ban_exclude) ?
'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
935 add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
940 // There was nothing to ban/exclude
947 function user_unban($mode, $ban)
949 global $db, $user, $auth;
952 $sql = 'DELETE FROM ' . BANLIST_TABLE
. '
953 WHERE ban_end < ' . time() . '
955 $db->sql_query($sql);
962 $unban_sql = array_map('intval', $ban);
964 if (sizeof($unban_sql))
966 // Grab details of bans for logging information later
970 $sql = 'SELECT u.username AS unban_info
971 FROM ' . USERS_TABLE
. ' u, ' . BANLIST_TABLE
. ' b
972 WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
973 AND u.user_id = b.ban_userid';
977 $sql = 'SELECT ban_email AS unban_info
978 FROM ' . BANLIST_TABLE
. '
979 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
983 $sql = 'SELECT ban_ip AS unban_info
984 FROM ' . BANLIST_TABLE
. '
985 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
988 $result = $db->sql_query($sql);
991 while ($row = $db->sql_fetchrow($result))
993 $l_unban_list .= (($l_unban_list != '') ?
', ' : '') . $row['unban_info'];
995 $db->sql_freeresult($result);
997 $sql = 'DELETE FROM ' . BANLIST_TABLE
. '
998 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
999 $db->sql_query($sql);
1001 add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1010 function user_ipwhois($ip)
1015 '#RIPE\.NET#is' => 'whois.ripe.net',
1016 '#whois\.apnic\.net#is' => 'whois.apnic.net',
1017 '#nic\.ad\.jp#is' => 'whois.nic.ad.jp',
1018 '#whois\.registro\.br#is' => 'whois.registro.br'
1021 if (($fsk = @fsockopen
('whois.arin.net', 43)))
1023 fputs($fsk, "$ip\n");
1026 $ipwhois .= fgets($fsk, 1024);
1031 foreach (array_keys($match) as $server)
1033 if (preg_match($server, $ipwhois))
1036 if (($fsk = @fsockopen
($match[$server], 43)))
1038 fputs($fsk, "$ip\n");
1041 $ipwhois .= fgets($fsk, 1024);
1053 * Data validation ... used primarily but not exclusively by ucp modules
1055 * "Master" function for validating a range of data types
1057 function validate_data($data, $val_ary)
1061 foreach ($val_ary as $var => $val_seq)
1063 if (!is_array($val_seq[0]))
1065 $val_seq = array($val_seq);
1068 foreach ($val_seq as $validate)
1070 $function = array_shift($validate);
1071 array_unshift($validate, $data[$var]);
1073 if ($result = call_user_func_array('validate_' . $function, $validate))
1075 $error[] = $result . '_' . strtoupper($var);
1086 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1088 function validate_string($string, $optional = false, $min = 0, $max = 0)
1090 if (empty($string) && $optional)
1095 if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
1099 else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
1110 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1112 function validate_num($num, $optional = false, $min = 0, $max = 1E99
)
1114 if (empty($num) && $optional)
1123 else if ($num > $max)
1134 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1136 function validate_match($string, $optional = false, $match)
1138 if (empty($string) && $optional)
1143 if (!preg_match($match, $string))
1145 return 'WRONG_DATA';
1152 * Check to see if the username has been taken, or if it is disallowed.
1153 * Also checks if it includes the " character, which we don't allow in usernames.
1154 * Used for registering, changing names, and posting anonymously with a username
1156 * @param string $username The username to check
1157 * @param string $allowed_username An allowed username, default being $user->data['username']
1159 * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1161 function validate_username($username, $allowed_username = false)
1163 global $config, $db, $user, $cache;
1165 $clean_username = utf8_clean_string($username);
1166 $allowed_username = ($allowed_username === false) ?
$user->data
['username_clean'] : utf8_clean_string($allowed_username);
1168 if ($allowed_username == $clean_username)
1173 if (!preg_match('#^' . str_replace('\\\\', '\\', $config['allow_name_chars']) . '$#ui', $username) ||
strpos($username, '"') !== false ||
strpos($username, '"') !== false)
1175 return 'INVALID_CHARS';
1178 $sql = 'SELECT username
1179 FROM ' . USERS_TABLE
. "
1180 WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
1181 $result = $db->sql_query($sql);
1182 $row = $db->sql_fetchrow($result);
1183 $db->sql_freeresult($result);
1187 return 'USERNAME_TAKEN';
1190 $sql = 'SELECT group_name
1191 FROM ' . GROUPS_TABLE
. "
1192 WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
1193 $result = $db->sql_query($sql);
1194 $row = $db->sql_fetchrow($result);
1195 $db->sql_freeresult($result);
1199 return 'USERNAME_TAKEN';
1202 $bad_usernames = $cache->obtain_disallowed_usernames();
1204 foreach ($bad_usernames as $bad_username)
1206 if (preg_match('#^' . $bad_username . '#', $clean_username))
1208 return 'USERNAME_DISALLOWED';
1213 FROM ' . WORDS_TABLE
;
1214 $result = $db->sql_query($sql);
1216 while ($row = $db->sql_fetchrow($result))
1218 if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
1220 $db->sql_freeresult($result);
1221 return 'USERNAME_DISALLOWED';
1224 $db->sql_freeresult($result);
1230 * Check to see if the password meets the complexity settings
1232 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1234 function validate_password($password)
1236 global $config, $db, $user;
1243 // generic UTF-8 character types supported?
1244 if (version_compare(PHP_VERSION
, '5.1.0', '>=') ||
(version_compare(PHP_VERSION
, '5.0.0-dev', '<=') && version_compare(PHP_VERSION
, '4.4.0', '>=')))
1249 $sym = '[^\p{Lu}\p{Ll}\p{N}]';
1256 $sym = '[^A-Za-z0-9]';
1261 switch ($config['pass_complex'])
1263 case 'PASS_TYPE_CASE':
1268 case 'PASS_TYPE_ALPHA':
1274 case 'PASS_TYPE_SYMBOL':
1282 foreach ($chars as $char)
1284 if (!preg_match('#' . $char . '#u', $password))
1286 return 'INVALID_CHARS';
1294 * Check to see if email address is banned or already present in the DB
1296 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1298 function validate_email($email)
1300 global $config, $db, $user;
1302 $email = strtolower($email);
1304 if (strtolower($user->data
['user_email']) == $email)
1309 if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
1311 return 'EMAIL_INVALID';
1315 // The idea for this is from reading the UseBB blog/announcement. :)
1316 if ($config['email_check_mx'])
1318 list(, $domain) = explode('@', $email);
1320 if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
1322 return 'DOMAIN_NO_MX_RECORD';
1326 if ($user->check_ban(false, false, $email, true) == true)
1328 return 'EMAIL_BANNED';
1331 if (!$config['allow_emailreuse'])
1333 $sql = 'SELECT user_email_hash
1334 FROM ' . USERS_TABLE
. "
1335 WHERE user_email_hash = " . crc32($email) . strlen($email);
1336 $result = $db->sql_query($sql);
1337 $row = $db->sql_fetchrow($result);
1338 $db->sql_freeresult($result);
1342 return 'EMAIL_TAKEN';
1352 function avatar_delete($mode, $row)
1354 global $phpbb_root_path, $config, $db, $user;
1356 // Check if the users avatar is actually *not* a group avatar
1357 if ($mode == 'user')
1359 if (strpos($row['user_avatar'], 'g' . $row['group_id'] . '_') === 0 ||
strpos($row['user_avatar'], $row['user_id'] . '_') !== 0)
1365 if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar'])))
1367 @unlink
($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar']));
1375 * Remote avatar linkage
1377 function avatar_remote($data, &$error)
1379 global $config, $db, $user, $phpbb_root_path, $phpEx;
1381 if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
1383 $data['remotelink'] = 'http://' . $data['remotelink'];
1386 if (!preg_match('#^(http|https|ftp)://(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}:?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
1388 $error[] = $user->lang
['AVATAR_URL_INVALID'];
1392 // Make sure getimagesize works...
1393 if (($image_data = @getimagesize
($data['remotelink'])) === false)
1395 $error[] = $user->lang
['UNABLE_GET_IMAGE_SIZE'];
1399 $width = ($data['width'] && $data['height']) ?
$data['width'] : $image_data[0];
1400 $height = ($data['width'] && $data['height']) ?
$data['height'] : $image_data[1];
1402 if (!$width ||
!$height)
1404 $error[] = $user->lang
['AVATAR_NO_SIZE'];
1409 include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
1410 $types = fileupload
::image_types();
1411 $extension = strtolower(filespec
::get_extension($data['remotelink']));
1413 if (!isset($types[$image_data[2]]) ||
!in_array($extension, $types[$image_data[2]]))
1415 if (!isset($types[$image_data[2]]))
1417 $error[] = $user->lang
['UNABLE_GET_IMAGE_SIZE'];
1421 $error[] = sprintf($user->lang
['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
1426 if ($config['avatar_max_width'] ||
$config['avatar_max_height'])
1428 if ($width > $config['avatar_max_width'] ||
$height > $config['avatar_max_height'])
1430 $error[] = sprintf($user->lang
['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
1435 if ($config['avatar_min_width'] ||
$config['avatar_min_height'])
1437 if ($width < $config['avatar_min_width'] ||
$height < $config['avatar_min_height'])
1439 $error[] = sprintf($user->lang
['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
1444 return array(AVATAR_REMOTE
, $data['remotelink'], $width, $height);
1448 * Avatar upload using the upload class
1450 function avatar_upload($data, &$error)
1452 global $phpbb_root_path, $config, $db, $user, $phpEx;
1454 // Init upload class
1455 include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
1456 $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
1458 if (!empty($_FILES['uploadfile']['name']))
1460 $file = $upload->form_upload('uploadfile');
1464 $file = $upload->remote_upload($data['uploadurl']);
1467 $file->clean_filename('real', $data['user_id'] . '_');
1469 $destination = $config['avatar_path'];
1471 if ($destination[sizeof($destination) - 1] == '/' ||
$destination[sizeof($destination) - 1] == '\\')
1473 $destination = substr($destination, 0, -1);
1476 $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
1477 if ($destination && ($destination[0] == '/' ||
$destination[0] == '\\'))
1482 // Move file and overwrite any existing image
1483 $file->move_file($destination, true);
1485 if (sizeof($file->error
))
1488 $error = array_merge($error, $file->error
);
1491 return array(AVATAR_UPLOAD
, $file->get('realname'), $file->get('width'), $file->get('height'));
1497 function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')
1499 global $user, $cache, $template;
1500 global $config, $phpbb_root_path;
1502 $avatar_list = array();
1504 $path = $phpbb_root_path . $config['avatar_gallery_path'];
1506 if (!file_exists($path) ||
!is_dir($path))
1508 $avatar_list = array($user->lang
['NO_AVATAR_CATEGORY'] => array());
1513 $dp = @opendir
($path);
1515 while (($file = readdir($dp)) !== false)
1517 if ($file[0] != '.' && is_dir("$path/$file"))
1519 $avatar_row_count = $avatar_col_count = 0;
1521 $dp2 = @opendir
("$path/$file");
1522 while (($sub_file = readdir($dp2)) !== false)
1524 if (preg_match('#\.(?:gif|png|jpe?g)$#i', $sub_file))
1526 $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
1527 'file' => "$file/$sub_file",
1528 'filename' => $sub_file,
1529 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
1532 $avatar_col_count++
;
1533 if ($avatar_col_count == $items_per_column)
1535 $avatar_row_count++
;
1536 $avatar_col_count = 0;
1546 if (!sizeof($avatar_list))
1548 $avatar_list = array($user->lang
['NO_AVATAR_CATEGORY'] => array());
1551 @ksort
($avatar_list);
1553 $category = (!$category) ?
key($avatar_list) : $category;
1554 $avatar_categories = array_keys($avatar_list);
1556 $s_category_options = '';
1557 foreach ($avatar_categories as $cat)
1559 $s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ?
' selected="selected"' : '') . '>' . $cat . '</option>';
1562 $template->assign_vars(array(
1563 'S_IN_AVATAR_GALLERY' => true,
1564 'S_CAT_OPTIONS' => $s_category_options)
1567 $avatar_list = $avatar_list[$category];
1569 foreach ($avatar_list as $avatar_row_ary)
1571 $template->assign_block_vars($block_var, array());
1573 foreach ($avatar_row_ary as $avatar_col_ary)
1575 $template->assign_block_vars($block_var . '.avatar_column', array(
1576 'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
1577 'AVATAR_NAME' => $avatar_col_ary['name'],
1578 'AVATAR_FILE' => $avatar_col_ary['filename'])
1581 $template->assign_block_vars($block_var . '.avatar_option_column', array(
1582 'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
1583 'S_OPTIONS_AVATAR' => $avatar_col_ary['filename'])
1588 return $avatar_list;
1592 * Uploading/Changing user avatar
1594 function avatar_process_user(&$error, $custom_userdata = false)
1596 global $config, $phpbb_root_path, $auth, $user, $db;
1599 'uploadurl' => request_var('uploadurl', ''),
1600 'remotelink' => request_var('remotelink', ''),
1601 'width' => request_var('width', ''),
1602 'height' => request_var('height', ''),
1605 $error = validate_data($data, array(
1606 'uploadurl' => array('string', true, 5, 255),
1607 'remotelink' => array('string', true, 5, 255),
1608 'width' => array('string', true, 1, 3),
1609 'height' => array('string', true, 1, 3),
1618 $data['user_id'] = ($custom_userdata === false) ?
$user->data
['user_id'] : $custom_userdata['user_id'];
1619 $change_avatar = ($custom_userdata === false) ?
$auth->acl_get('u_chgavatar') : true;
1620 $avatar_select = basename(request_var('avatar_select', ''));
1623 $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get
('file_uploads') ||
strtolower(@ini_get
('file_uploads')) == 'on')) ?
true : false;
1625 if ((!empty($_FILES['uploadfile']['name']) ||
$data['uploadurl']) && $can_upload)
1627 list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
1629 else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])
1631 list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);
1633 else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])
1635 $category = basename(request_var('category', ''));
1637 $sql_ary['user_avatar_type'] = AVATAR_GALLERY
;
1638 $sql_ary['user_avatar'] = $avatar_select;
1640 // check avatar gallery
1641 if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
1643 $sql_ary['user_avatar'] = '';
1644 $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
1648 list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
1649 $sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
1652 else if (isset($_POST['delete']) && $change_avatar)
1654 $sql_ary['user_avatar'] = '';
1655 $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
1657 else if ($data['width'] && $data['height'])
1659 // Only update the dimensions?
1660 if ($config['avatar_max_width'] ||
$config['avatar_max_height'])
1662 if ($data['width'] > $config['avatar_max_width'] ||
$data['height'] > $config['avatar_max_height'])
1664 $error[] = sprintf($user->lang
['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
1668 if (!sizeof($error))
1670 if ($config['avatar_min_width'] ||
$config['avatar_min_height'])
1672 if ($data['width'] < $config['avatar_min_width'] ||
$data['height'] < $config['avatar_min_height'])
1674 $error[] = sprintf($user->lang
['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
1679 if (!sizeof($error))
1681 $sql_ary['user_avatar_width'] = $data['width'];
1682 $sql_ary['user_avatar_height'] = $data['height'];
1686 if (!sizeof($error))
1688 // Do we actually have any data to update?
1689 if (sizeof($sql_ary))
1691 $sql = 'UPDATE ' . USERS_TABLE
. '
1692 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1693 WHERE user_id = ' . (($custom_userdata === false) ?
$user->data
['user_id'] : $custom_userdata['user_id']);
1694 $db->sql_query($sql);
1696 if (isset($sql_ary['user_avatar']))
1698 $userdata = ($custom_userdata === false) ?
$user->data
: $custom_userdata;
1700 // Delete old avatar if present
1701 if ($userdata['user_avatar'] && $sql_ary['user_avatar'] != $userdata['user_avatar'] && $userdata['user_avatar_type'] != AVATAR_GALLERY
)
1703 avatar_delete('user', $userdata);
1709 return (sizeof($error)) ?
false : true;
1713 // Usergroup functions
1717 * Add or edit a group. If we're editing a group we only update user
1718 * parameters such as rank, etc. if they are changed
1720 function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
1722 global $phpbb_root_path, $config, $db, $user, $file_upload;
1725 $attribute_ary = array(
1726 'group_colour' => 'string',
1727 'group_rank' => 'int',
1728 'group_avatar' => 'string',
1729 'group_avatar_type' => 'int',
1730 'group_avatar_width' => 'int',
1731 'group_avatar_height' => 'int',
1733 'group_receive_pm' => 'int',
1734 'group_legend' => 'int',
1735 'group_message_limit' => 'int',
1737 'group_founder_manage' => 'int',
1740 // Those are group-only attributes
1741 $group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_founder_manage');
1744 if (!utf8_strlen($name) ||
utf8_strlen($name) > 40)
1746 $error[] = (!utf8_strlen($name)) ?
$user->lang
['GROUP_ERR_USERNAME'] : $user->lang
['GROUP_ERR_USER_LONG'];
1749 if (utf8_strlen($desc) > 255)
1751 $error[] = $user->lang
['GROUP_ERR_DESC_LONG'];
1754 if (!in_array($type, array(GROUP_OPEN
, GROUP_CLOSED
, GROUP_HIDDEN
, GROUP_SPECIAL
, GROUP_FREE
)))
1756 $error[] = $user->lang
['GROUP_ERR_TYPE'];
1759 if (!sizeof($error))
1762 'group_name' => (string) $name,
1763 'group_desc' => (string) $desc,
1764 'group_desc_uid' => '',
1765 'group_desc_bitfield' => '',
1766 'group_type' => (int) $type,
1769 // Parse description
1772 generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
1775 if (sizeof($group_attributes))
1777 foreach ($attribute_ary as $attribute => $_type)
1779 if (isset($group_attributes[$attribute]))
1781 settype($group_attributes[$attribute], $_type);
1782 $sql_ary[$attribute] = $group_attributes[$attribute];
1787 // Setting the log message before we set the group id (if group gets added)
1788 $log = ($group_id) ?
'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
1794 $sql = 'UPDATE ' . GROUPS_TABLE
. '
1795 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1796 WHERE group_id = $group_id";
1797 $db->sql_query($sql);
1799 // Since we may update the name too, we need to do this on other tables too...
1800 $sql = 'UPDATE ' . MODERATOR_CACHE_TABLE
. "
1801 SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
1802 WHERE group_id = $group_id";
1803 $db->sql_query($sql);
1807 $sql = 'INSERT INTO ' . GROUPS_TABLE
. ' ' . $db->sql_build_array('INSERT', $sql_ary);
1808 $db->sql_query($sql);
1813 $group_id = $db->sql_nextid();
1816 // Set user attributes
1818 if (sizeof($group_attributes))
1820 foreach ($attribute_ary as $attribute => $_type)
1822 if (isset($group_attributes[$attribute]) && !in_array($attribute, $group_only_ary))
1824 // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
1825 if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
1830 $sql_ary[$attribute] = $group_attributes[$attribute];
1835 if (sizeof($sql_ary))
1837 $sql = 'SELECT user_id
1838 FROM ' . USERS_TABLE
. '
1839 WHERE group_id = ' . $group_id;
1840 $result = $db->sql_query($sql);
1842 $user_ary = array();
1843 while ($row = $db->sql_fetchrow($result))
1845 $user_ary[] = $row['user_id'];
1847 $db->sql_freeresult($result);
1849 if (sizeof($user_ary))
1851 group_set_user_default($group_id, $user_ary, $sql_ary);
1855 $name = ($type == GROUP_SPECIAL
) ?
$user->lang
['G_' . $name] : $name;
1856 add_log('admin', $log, $name);
1858 group_update_listings($group_id);
1861 return (sizeof($error)) ?
$error : false;
1867 function group_delete($group_id, $group_name = false)
1869 global $db, $phpbb_root_path, $phpEx;
1873 $group_name = get_group_name($group_id);
1880 $user_id_ary = $username_ary = array();
1882 // Batch query for group members, call group_user_del
1883 $sql = 'SELECT u.user_id, u.username
1884 FROM ' . USER_GROUP_TABLE
. ' ug, ' . USERS_TABLE
. " u
1885 WHERE ug.group_id = $group_id
1886 AND u.user_id = ug.user_id";
1887 $result = $db->sql_query_limit($sql, 200, $start);
1889 if ($row = $db->sql_fetchrow($result))
1893 $user_id_ary[] = $row['user_id'];
1894 $username_ary[] = $row['username'];
1898 while ($row = $db->sql_fetchrow($result));
1900 group_user_del($group_id, $user_id_ary, $username_ary, $group_name);
1906 $db->sql_freeresult($result);
1911 $sql = 'DELETE FROM ' . GROUPS_TABLE
. "
1912 WHERE group_id = $group_id";
1913 $db->sql_query($sql);
1915 // Delete auth entries from the groups table
1916 $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE
. "
1917 WHERE group_id = $group_id";
1918 $db->sql_query($sql);
1920 // Re-cache moderators
1921 if (!function_exists('cache_moderators'))
1923 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
1928 add_log('admin', 'LOG_GROUP_DELETE', $group_name);
1930 return 'GROUP_DELETED';
1934 * Add user(s) to group
1936 * @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
1938 function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
1942 // We need both username and user_id info
1943 $result = user_get_id_name($user_id_ary, $username_ary);
1945 if (!sizeof($user_id_ary) ||
$result !== false)
1950 // Remove users who are already members of this group
1951 $sql = 'SELECT user_id, group_leader
1952 FROM ' . USER_GROUP_TABLE
. '
1953 WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
1954 AND group_id = $group_id";
1955 $result = $db->sql_query($sql);
1957 $add_id_ary = $update_id_ary = array();
1958 while ($row = $db->sql_fetchrow($result))
1960 $add_id_ary[] = (int) $row['user_id'];
1962 if ($leader && !$row['group_leader'])
1964 $update_id_ary[] = (int) $row['user_id'];
1967 $db->sql_freeresult($result);
1969 // Do all the users exist in this group?
1970 $add_id_ary = array_diff($user_id_ary, $add_id_ary);
1972 // If we have no users
1973 if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
1975 return 'GROUP_USERS_EXIST';
1978 $db->sql_transaction('begin');
1980 // Insert the new users
1981 if (sizeof($add_id_ary))
1985 foreach ($add_id_ary as $user_id)
1988 'user_id' => $user_id,
1989 'group_id' => $group_id,
1990 'group_leader' => $leader,
1991 'user_pending' => $pending,
1995 $db->sql_multi_insert(USER_GROUP_TABLE
, $sql_ary);
1998 if (sizeof($update_id_ary))
2000 $sql = 'UPDATE ' . USER_GROUP_TABLE
. '
2001 SET group_leader = 1
2002 WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
2003 AND group_id = $group_id";
2004 $db->sql_query($sql);
2009 group_set_user_default($group_id, $user_id_ary, $group_attributes);
2012 $db->sql_transaction('commit');
2014 // Clear permissions cache of relevant users
2015 $auth->acl_clear_prefetch($user_id_ary);
2019 $group_name = get_group_name($group_id);
2022 $log = ($leader) ?
'LOG_MODS_ADDED' : 'LOG_USERS_ADDED';
2024 add_log('admin', $log, $group_name, implode(', ', $username_ary));
2026 group_update_listings($group_id);
2028 // Return false - no error
2033 * Remove a user/s from a given group. When we remove users we update their
2034 * default group_id. We do this by examining which "special" groups they belong
2035 * to. The selection is made based on a reasonable priority system
2037 * @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
2039 function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
2043 $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
2045 // We need both username and user_id info
2046 $result = user_get_id_name($user_id_ary, $username_ary);
2048 if (!sizeof($user_id_ary) ||
$result !== false)
2054 FROM ' . GROUPS_TABLE
. '
2055 WHERE ' . $db->sql_in_set('group_name', $group_order);
2056 $result = $db->sql_query($sql);
2058 $group_order_id = $special_group_data = array();
2059 while ($row = $db->sql_fetchrow($result))
2061 $group_order_id[$row['group_name']] = $row['group_id'];
2063 $special_group_data[$row['group_id']] = array(
2064 'group_colour' => $row['group_colour'],
2065 'group_rank' => $row['group_rank'],
2068 // Only set the group avatar if one is defined...
2069 if ($row['group_avatar'])
2071 $special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
2072 'group_avatar' => $row['group_avatar'],
2073 'group_avatar_type' => $row['group_avatar_type'],
2074 'group_avatar_width' => $row['group_avatar_width'],
2075 'group_avatar_height' => $row['group_avatar_height'])
2079 $db->sql_freeresult($result);
2081 // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
2082 $sql = 'SELECT user_id, group_id
2083 FROM ' . USERS_TABLE
. '
2084 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
2085 $result = $db->sql_query($sql);
2087 $default_groups = array();
2088 while ($row = $db->sql_fetchrow($result))
2090 $default_groups[$row['user_id']] = $row['group_id'];
2092 $db->sql_freeresult($result);
2094 // What special group memberships exist for these users?
2095 $sql = 'SELECT g.group_id, g.group_name, ug.user_id
2096 FROM ' . USER_GROUP_TABLE
. ' ug, ' . GROUPS_TABLE
. ' g
2097 WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
2098 AND g.group_id = ug.group_id
2099 AND g.group_id <> $group_id
2100 AND g.group_type = " . GROUP_SPECIAL
. '
2101 ORDER BY ug.user_id, g.group_id';
2102 $result = $db->sql_query($sql);
2104 $temp_ary = array();
2105 while ($row = $db->sql_fetchrow($result))
2107 if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) ||
array_search($row['group_name'], $group_order) < $temp_ary[$row['user_id']]))
2109 $temp_ary[$row['user_id']] = $row['group_id'];
2112 $db->sql_freeresult($result);
2114 $sql_where_ary = array();
2115 foreach ($temp_ary as $uid => $gid)
2117 $sql_where_ary[$gid][] = $uid;
2121 foreach ($special_group_data as $gid => $default_data_ary)
2123 if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
2125 group_set_user_default($gid, $sql_where_ary[$gid], $special_group_data[$gid]);
2128 unset($special_group_data);
2130 $sql = 'DELETE FROM ' . USER_GROUP_TABLE
. "
2131 WHERE group_id = $group_id
2132 AND " . $db->sql_in_set('user_id', $user_id_ary);
2133 $db->sql_query($sql);
2135 // Clear permissions cache of relevant users
2136 $auth->acl_clear_prefetch($user_id_ary);
2140 $group_name = get_group_name($group_id);
2143 $log = 'LOG_GROUP_REMOVE';
2145 add_log('admin', $log, $group_name, implode(', ', $username_ary));
2147 group_update_listings($group_id);
2149 // Return false - no error
2154 * This is used to promote (to leader), demote or set as default a member/s
2156 function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
2158 global $db, $auth, $phpbb_root_path, $phpEx, $config;
2160 // We need both username and user_id info
2161 $result = user_get_id_name($user_id_ary, $username_ary);
2163 if (!sizeof($user_id_ary) ||
$result !== false)
2170 $group_name = get_group_name($group_id);
2177 $sql = 'UPDATE ' . USER_GROUP_TABLE
. '
2178 SET group_leader = ' . (($action == 'promote') ?
1 : 0) . "
2179 WHERE group_id = $group_id
2180 AND " . $db->sql_in_set('user_id', $user_id_ary);
2181 $db->sql_query($sql);
2183 $log = ($action == 'promote') ?
'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
2187 // Make sure we only approve those which are pending ;)
2188 $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
2189 FROM ' . USERS_TABLE
. ' u, ' . USER_GROUP_TABLE
. ' ug
2190 WHERE ug.group_id = ' . $group_id . '
2191 AND ug.user_pending = 1
2192 AND ug.user_id = u.user_id
2193 AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
2194 $result = $db->sql_query($sql);
2196 $user_id_ary = $email_users = array();
2197 while ($row = $db->sql_fetchrow($result))
2199 $user_id_ary[] = $row['user_id'];
2200 $email_users[] = $row;
2202 $db->sql_freeresult($result);
2204 if (!sizeof($user_id_ary))
2209 $sql = 'UPDATE ' . USER_GROUP_TABLE
. "
2210 SET user_pending = 0
2211 WHERE group_id = $group_id
2212 AND " . $db->sql_in_set('user_id', $user_id_ary);
2213 $db->sql_query($sql);
2215 // Send approved email to users...
2216 include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
2217 $messenger = new messenger();
2219 foreach ($email_users as $row)
2221 $messenger->template('group_approved', $row['user_lang']);
2223 $messenger->to($row['user_email'], $row['username']);
2224 $messenger->im($row['user_jabber'], $row['username']);
2226 $messenger->assign_vars(array(
2227 'USERNAME' => htmlspecialchars_decode($row['username']),
2228 'GROUP_NAME' => htmlspecialchars_decode($group_name),
2229 'U_GROUP' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
2232 $messenger->send($row['user_notify_type']);
2235 $messenger->save_queue();
2237 $log = 'LOG_USERS_APPROVED';
2241 group_set_user_default($group_id, $user_id_ary, $group_attributes);
2242 $log = 'LOG_GROUP_DEFAULTS';
2246 // Clear permissions cache of relevant users
2247 $auth->acl_clear_prefetch($user_id_ary);
2249 add_log('admin', $log, $group_name, implode(', ', $username_ary));
2251 group_update_listings($group_id);
2257 * Set users default group
2261 function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
2265 if (empty($user_id_ary))
2270 $attribute_ary = array(
2271 'group_colour' => 'string',
2272 'group_rank' => 'int',
2273 'group_avatar' => 'string',
2274 'group_avatar_type' => 'int',
2275 'group_avatar_width' => 'int',
2276 'group_avatar_height' => 'int',
2280 'group_id' => $group_id
2283 // Were group attributes passed to the function? If not we need to obtain them
2284 if ($group_attributes === false)
2286 $sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
2287 FROM ' . GROUPS_TABLE
. "
2288 WHERE group_id = $group_id";
2289 $result = $db->sql_query($sql);
2290 $group_attributes = $db->sql_fetchrow($result);
2291 $db->sql_freeresult($result);
2294 foreach ($attribute_ary as $attribute => $type)
2296 if (isset($group_attributes[$attribute]))
2298 // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
2299 if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
2304 settype($group_attributes[$attribute], $type);
2305 $sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
2309 // Before we update the user attributes, we will make a list of those having now the group avatar assigned
2310 if (in_array('user_avatar', array_keys($sql_ary)))
2312 // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
2313 $sql = 'SELECT user_id, group_id, user_avatar
2314 FROM ' . USERS_TABLE
. '
2315 WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
2316 AND user_avatar_type = ' . AVATAR_UPLOAD
;
2317 $result = $db->sql_query($sql);
2319 while ($row = $db->sql_fetchrow($result))
2321 avatar_delete('user', $row);
2323 $db->sql_freeresult($result);
2326 $sql = 'UPDATE ' . USERS_TABLE
. ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2327 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
2328 $db->sql_query($sql);
2330 if (in_array('user_colour', array_keys($sql_ary)))
2332 // Update any cached colour information for these users
2333 $sql = 'UPDATE ' . FORUMS_TABLE
. " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
2334 WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);
2335 $db->sql_query($sql);
2337 $sql = 'UPDATE ' . TOPICS_TABLE
. " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
2338 WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);
2339 $db->sql_query($sql);
2341 $sql = 'UPDATE ' . TOPICS_TABLE
. " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
2342 WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
2343 $db->sql_query($sql);
2347 if (in_array($config['newest_user_id'], $user_id_ary))
2349 set_config('newest_user_colour', $sql_ary['user_colour'], true);
2353 if ($update_listing)
2355 group_update_listings($group_id);
2362 function get_group_name($group_id)
2366 $sql = 'SELECT group_name, group_type
2367 FROM ' . GROUPS_TABLE
. '
2368 WHERE group_id = ' . (int) $group_id;
2369 $result = $db->sql_query($sql);
2370 $row = $db->sql_fetchrow($result);
2371 $db->sql_freeresult($result);
2378 return ($row['group_type'] == GROUP_SPECIAL
) ?
$user->lang
['G_' . $row['group_name']] : $row['group_name'];
2382 * Obtain either the members of a specified group, the groups the specified user is subscribed to
2383 * or checking if a specified user is in a specified group
2385 * Note: Never use this more than once... first group your users/groups
2387 function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)
2391 if (!$group_id_ary && !$user_id_ary)
2398 $user_id_ary = (!is_array($user_id_ary)) ?
array($user_id_ary) : $user_id_ary;
2403 $group_id_ary = (!is_array($group_id_ary)) ?
array($group_id_ary) : $group_id_ary;
2406 $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
2407 FROM ' . USER_GROUP_TABLE
. ' ug, ' . USERS_TABLE
. ' u
2408 WHERE ug.user_id = u.user_id AND ';
2412 $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
2417 $sql .= ($group_id_ary) ?
' AND ' : ' ';
2418 $sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
2421 $result = ($return_bool) ?
$db->sql_query_limit($sql, 1) : $db->sql_query($sql);
2423 $row = $db->sql_fetchrow($result);
2427 $db->sql_freeresult($result);
2428 return ($row) ?
true : false;
2442 while ($row = $db->sql_fetchrow($result));
2444 $db->sql_freeresult($result);
2450 * Re-cache moderators and foes if group has a_ or m_ permissions
2452 function group_update_listings($group_id)
2456 $hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
2458 if (!sizeof($hold_ary))
2463 $mod_permissions = $admin_permissions = false;
2465 foreach ($hold_ary as $g_id => $forum_ary)
2467 foreach ($forum_ary as $forum_id => $auth_ary)
2469 foreach ($auth_ary as $auth_option => $setting)
2471 if ($mod_permissions && $admin_permissions)
2476 if ($setting != ACL_YES
)
2481 if ($auth_option == 'm_')
2483 $mod_permissions = true;
2486 if ($auth_option == 'a_')
2488 $admin_permissions = true;
2494 if ($mod_permissions)
2496 if (!function_exists('cache_moderators'))
2498 global $phpbb_root_path, $phpEx;
2499 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
2504 if ($mod_permissions ||
$admin_permissions)