search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- added confirm box to ucp zebra (adding fried/foe)
[phpbb.git] / phpBB / includes / functions_user.php
blobe9297d490f410a5657021f2b517054997732ee3f
1 <?php
2 /**
3 *
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * Obtain user_ids from usernames or vice versa. Returns false on
13 * success else the error string
14 */
15 function user_get_id_name(&$user_id_ary, &$username_ary, $only_active = false)
16 {
17 global $db;
18
19 // Are both arrays already filled? Yep, return else
20 // are neither array filled?
21 if ($user_id_ary && $username_ary)
22 {
23 return false;
24 }
25 else if (!$user_id_ary && !$username_ary)
26 {
27 return 'NO_USERS';
28 }
29
30 $which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';
31
32 if ($$which_ary && !is_array($$which_ary))
33 {
34 $$which_ary = array($$which_ary);
35 }
36
37 $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);
38 unset($$which_ary);
39
40 $user_id_ary = $username_ary = array();
41
42 // Grab the user id/username records
43 $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';
44 $sql = 'SELECT user_id, username
45 FROM ' . USERS_TABLE . '
46 WHERE ' . $db->sql_in_set($sql_where, $sql_in);
47
48 if ($only_active)
49 {
50 $sql .= ' AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
51 }
52
53 $result = $db->sql_query($sql);
54
55 if (!($row = $db->sql_fetchrow($result)))
56 {
57 $db->sql_freeresult($result);
58 return 'NO_USERS';
59 }
60
61 do
62 {
63 $username_ary[$row['user_id']] = $row['username'];
64 $user_id_ary[] = $row['user_id'];
65 }
66 while ($row = $db->sql_fetchrow($result));
67 $db->sql_freeresult($result);
68
69 return false;
70 }
71
72 /**
73 * Get latest registered username and update database to reflect it
74 */
75 function update_last_username()
76 {
77 global $db;
78
79 // Get latest username
80 $sql = 'SELECT user_id, username, user_colour
81 FROM ' . USERS_TABLE . '
82 WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
83 ORDER BY user_id DESC';
84 $result = $db->sql_query_limit($sql, 1);
85 $row = $db->sql_fetchrow($result);
86 $db->sql_freeresult($result);
87
88 if ($row)
89 {
90 set_config('newest_user_id', $row['user_id'], true);
91 set_config('newest_username', $row['username'], true);
92 set_config('newest_user_colour', $row['user_colour'], true);
93 }
94 }
95
96 /**
97 * Updates a username across all relevant tables/fields
98 *
99 * @param string $old_name the old/current username
100 * @param string $new_name the new username
101 */
102 function user_update_name($old_name, $new_name)
103 {
104 global $config, $db, $cache;
105
106 $update_ary = array(
107 FORUMS_TABLE => array('forum_last_poster_name'),
108 MODERATOR_CACHE_TABLE => array('username'),
109 POSTS_TABLE => array('post_username'),
110 TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'),
111 );
112
113 foreach ($update_ary as $table => $field_ary)
114 {
115 foreach ($field_ary as $field)
116 {
117 $sql = "UPDATE $table
118 SET $field = '" . $db->sql_escape($new_name) . "'
119 WHERE $field = '" . $db->sql_escape($old_name) . "'";
120 $db->sql_query($sql);
121 }
122 }
123
124 if ($config['newest_username'] == $old_name)
125 {
126 set_config('newest_username', $new_name, true);
127 }
128 }
129
130 /**
131 * Add User
132 */
133 function user_add($user_row, $cp_data = false)
134 {
135 global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
136
137 if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
138 {
139 return false;
140 }
141
142 $sql_ary = array(
143 'username' => $user_row['username'],
144 'username_clean' => utf8_clean_string($user_row['username']),
145 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
146 'user_pass_convert' => 0,
147 'user_email' => strtolower($user_row['user_email']),
148 'user_email_hash' => (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
149 'group_id' => $user_row['group_id'],
150 'user_type' => $user_row['user_type'],
151 );
152
153 // These are the additional vars able to be specified
154 $additional_vars = array(
155 'user_permissions' => '',
156 'user_timezone' => $config['board_timezone'],
157 'user_dateformat' => $config['default_dateformat'],
158 'user_lang' => $config['default_lang'],
159 'user_style' => $config['default_style'],
160 'user_allow_pm' => 1,
161 'user_actkey' => '',
162 'user_ip' => '',
163 'user_regdate' => time(),
164 'user_passchg' => time(),
165
166 'user_inactive_reason' => 0,
167 'user_inactive_time' => 0,
168 'user_lastmark' => time(),
169 'user_lastvisit' => 0,
170 'user_lastpost_time' => 0,
171 'user_lastpage' => '',
172 'user_posts' => 0,
173 'user_dst' => 0,
174 'user_colour' => '',
175 'user_occ' => '',
176 'user_interests' => '',
177 'user_avatar' => '',
178 'user_avatar_type' => 0,
179 'user_avatar_width' => 0,
180 'user_avatar_height' => 0,
181 'user_new_privmsg' => 0,
182 'user_unread_privmsg' => 0,
183 'user_last_privmsg' => 0,
184 'user_message_rules' => 0,
185 'user_full_folder' => PRIVMSGS_NO_BOX,
186 'user_emailtime' => 0,
187
188 'user_notify' => 0,
189 'user_notify_pm' => 1,
190 'user_notify_type' => NOTIFY_EMAIL,
191 'user_allow_pm' => 1,
192 'user_allow_viewonline' => 1,
193 'user_allow_viewemail' => 1,
194 'user_allow_massemail' => 1,
195
196 'user_sig' => '',
197 'user_sig_bbcode_uid' => '',
198 'user_sig_bbcode_bitfield' => '',
199 );
200
201 // Now fill the sql array with not required variables
202 foreach ($additional_vars as $key => $default_value)
203 {
204 $sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;
205 }
206
207 // Any additional variables in $user_row not covered above?
208 $remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
209
210 // Now fill our sql array with the remaining vars
211 if (sizeof($remaining_vars))
212 {
213 foreach ($remaining_vars as $key)
214 {
215 $sql_ary[$key] = $user_row[$key];
216 }
217 }
218
219 $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
220 $db->sql_query($sql);
221
222 $user_id = $db->sql_nextid();
223
224 // Insert Custom Profile Fields
225 if ($cp_data !== false && sizeof($cp_data))
226 {
227 $cp_data['user_id'] = (int) $user_id;
228
229 if (!class_exists('custom_profile'))
230 {
231 include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
232 }
233
234 $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
235 $db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
236 $db->sql_query($sql);
237 }
238
239 // Place into appropriate group...
240 $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
241 'user_id' => (int) $user_id,
242 'group_id' => (int) $user_row['group_id'],
243 'user_pending' => 0)
244 );
245 $db->sql_query($sql);
246
247 // Now make it the users default group...
248 group_set_user_default($user_row['group_id'], array($user_id), false);
249
250 // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
251 if ($user_row['user_type'] == USER_NORMAL)
252 {
253 set_config('newest_user_id', $user_id, true);
254 set_config('newest_username', $user_row['username'], true);
255 set_config('num_users', $config['num_users'] + 1, true);
256
257 $sql = 'SELECT group_colour
258 FROM ' . GROUPS_TABLE . '
259 WHERE group_id = ' . $user_row['group_id'];
260 $result = $db->sql_query_limit($sql, 1);
261 $row = $db->sql_fetchrow($result);
262 $db->sql_freeresult($result);
263
264 set_config('newest_user_colour', $row['group_colour'], true);
265 }
266
267 return $user_id;
268 }
269
270 /**
271 * Remove User
272 */
273 function user_delete($mode, $user_id, $post_username = false)
274 {
275 global $cache, $config, $db, $user, $auth;
276 global $phpbb_root_path, $phpEx;
277
278 $sql = 'SELECT *
279 FROM ' . USERS_TABLE . '
280 WHERE user_id = ' . $user_id;
281 $result = $db->sql_query($sql);
282 $user_row = $db->sql_fetchrow($result);
283 $db->sql_freeresult($result);
284
285 if (!$user_row)
286 {
287 return false;
288 }
289
290 $db->sql_transaction('begin');
291
292 switch ($mode)
293 {
294 case 'retain':
295
296 if ($post_username === false)
297 {
298 $post_username = $user->lang['GUEST'];
299 }
300
301 $sql = 'UPDATE ' . FORUMS_TABLE . '
302 SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
303 WHERE forum_last_poster_id = $user_id";
304 $db->sql_query($sql);
305
306 $sql = 'UPDATE ' . POSTS_TABLE . '
307 SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
308 WHERE poster_id = $user_id";
309 $db->sql_query($sql);
310
311 $sql = 'UPDATE ' . POSTS_TABLE . '
312 SET post_edit_user = ' . ANONYMOUS . "
313 WHERE post_edit_user = $user_id";
314 $db->sql_query($sql);
315
316 $sql = 'UPDATE ' . TOPICS_TABLE . '
317 SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
318 WHERE topic_poster = $user_id";
319 $db->sql_query($sql);
320
321 $sql = 'UPDATE ' . TOPICS_TABLE . '
322 SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
323 WHERE topic_last_poster_id = $user_id";
324 $db->sql_query($sql);
325
326 // Since we change every post by this author, we need to count this amount towards the anonymous user
327
328 // Update the post count for the anonymous user
329 if ($user_row['user_posts'])
330 {
331 $sql = 'UPDATE ' . USERS_TABLE . '
332 SET user_posts = user_posts + ' . $user_row['user_posts'] . '
333 WHERE user_id = ' . ANONYMOUS;
334 $db->sql_query($sql);
335 }
336 break;
337
338 case 'remove':
339
340 if (!function_exists('delete_posts'))
341 {
342 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
343 }
344
345 $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
346 FROM ' . POSTS_TABLE . "
347 WHERE poster_id = $user_id
348 GROUP BY topic_id";
349 $result = $db->sql_query($sql);
350
351 $topic_id_ary = array();
352 while ($row = $db->sql_fetchrow($result))
353 {
354 $topic_id_ary[$row['topic_id']] = $row['total_posts'];
355 }
356 $db->sql_freeresult($result);
357
358 if (sizeof($topic_id_ary))
359 {
360 $sql = 'SELECT topic_id, topic_replies, topic_replies_real
361 FROM ' . TOPICS_TABLE . '
362 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
363 $result = $db->sql_query($sql);
364
365 $del_topic_ary = array();
366 while ($row = $db->sql_fetchrow($result))
367 {
368 if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
369 {
370 $del_topic_ary[] = $row['topic_id'];
371 }
372 }
373 $db->sql_freeresult($result);
374
375 if (sizeof($del_topic_ary))
376 {
377 $sql = 'DELETE FROM ' . TOPICS_TABLE . '
378 WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
379 $db->sql_query($sql);
380 }
381 }
382
383 // Delete posts, attachments, etc.
384 delete_posts('poster_id', $user_id);
385
386 break;
387 }
388
389 $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE);
390
391 foreach ($table_ary as $table)
392 {
393 $sql = "DELETE FROM $table
394 WHERE user_id = $user_id";
395 $db->sql_query($sql);
396 }
397
398 $cache->destroy('sql', MODERATOR_CACHE_TABLE);
399
400 // Remove any undelivered mails...
401 $sql = 'SELECT msg_id, user_id
402 FROM ' . PRIVMSGS_TO_TABLE . '
403 WHERE author_id = ' . $user_id . '
404 AND folder_id = ' . PRIVMSGS_NO_BOX;
405 $result = $db->sql_query($sql);
406
407 $undelivered_msg = $undelivered_user = array();
408 while ($row = $db->sql_fetchrow($result))
409 {
410 $undelivered_msg[] = $row['msg_id'];
411 $undelivered_user[$row['user_id']][] = true;
412 }
413 $db->sql_freeresult($result);
414
415 if (sizeof($undelivered_msg))
416 {
417 $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
418 WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
419 $db->sql_query($sql);
420 }
421
422 $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
423 WHERE author_id = ' . $user_id . '
424 AND folder_id = ' . PRIVMSGS_NO_BOX;
425 $db->sql_query($sql);
426
427 // Delete all to-information
428 $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
429 WHERE user_id = ' . $user_id;
430 $db->sql_query($sql);
431
432 // Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
433 $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
434 SET author_id = ' . ANONYMOUS . '
435 WHERE author_id = ' . $user_id;
436 $db->sql_query($sql);
437
438 $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
439 SET author_id = ' . ANONYMOUS . '
440 WHERE author_id = ' . $user_id;
441 $db->sql_query($sql);
442
443 foreach ($undelivered_user as $_user_id => $ary)
444 {
445 if ($_user_id == $user_id)
446 {
447 continue;
448 }
449
450 $sql = 'UPDATE ' . USERS_TABLE . '
451 SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
452 user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
453 WHERE user_id = ' . $_user_id;
454 $db->sql_query($sql);
455 }
456
457 // Reset newest user info if appropriate
458 if ($config['newest_user_id'] == $user_id)
459 {
460 update_last_username();
461 }
462
463 // Decrement number of users if this user is active
464 if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
465 {
466 set_config('num_users', $config['num_users'] - 1, true);
467 }
468
469 $db->sql_transaction('commit');
470
471 return false;
472 }
473
474 /**
475 * Flips user_type from active to inactive and vice versa, handles group membership updates
476 *
477 * @param string $mode can be flip for flipping from active/inactive, activate or deactivate
478 */
479 function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
480 {
481 global $config, $db, $user, $auth;
482
483 $deactivated = $activated = 0;
484 $sql_statements = array();
485
486 if (!is_array($user_id_ary))
487 {
488 $user_id_ary = array($user_id_ary);
489 }
490
491 if (!sizeof($user_id_ary))
492 {
493 return;
494 }
495
496 $sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
497 FROM ' . USERS_TABLE . '
498 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
499 $result = $db->sql_query($sql);
500
501 while ($row = $db->sql_fetchrow($result))
502 {
503 $sql_ary = array();
504
505 if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER ||
506 ($mode == 'activate' && $row['user_type'] != USER_INACTIVE) ||
507 ($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))
508 {
509 continue;
510 }
511
512 if ($row['user_type'] == USER_INACTIVE)
513 {
514 $activated++;
515 }
516 else
517 {
518 $deactivated++;
519
520 // Remove the users session key...
521 $user->reset_login_keys($row['user_id']);
522 }
523
524 $sql_ary += array(
525 'user_type' => ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,
526 'user_inactive_time' => ($row['user_type'] == USER_NORMAL) ? time() : 0,
527 'user_inactive_reason' => ($row['user_type'] == USER_NORMAL) ? $reason : 0,
528 );
529
530 $sql_statements[$row['user_id']] = $sql_ary;
531 }
532 $db->sql_freeresult($result);
533
534 if (sizeof($sql_statements))
535 {
536 foreach ($sql_statements as $user_id => $sql_ary)
537 {
538 $sql = 'UPDATE ' . USERS_TABLE . '
539 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
540 WHERE user_id = ' . $user_id;
541 $db->sql_query($sql);
542 }
543
544 $auth->acl_clear_prefetch(array_keys($sql_statements));
545 }
546
547 if ($deactivated)
548 {
549 set_config('num_users', $config['num_users'] - $deactivated, true);
550 }
551
552 if ($activated)
553 {
554 set_config('num_users', $config['num_users'] + $activated, true);
555 }
556
557 // Update latest username
558 update_last_username();
559 }
560
561 /**
562 * Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
563 *
564 * @param string $mode Type of ban. One of the following: user, ip, email
565 * @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
566 * @param int $ban_len Ban length in minutes
567 * @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
568 * @param boolean $ban_exclude Exclude these entities from banning?
569 * @param string $ban_reason String describing the reason for this ban
570 * @return boolean
571 */
572 function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
573 {
574 global $db, $user, $auth;
575
576 // Delete stale bans
577 $sql = 'DELETE FROM ' . BANLIST_TABLE . '
578 WHERE ban_end < ' . time() . '
579 AND ban_end <> 0';
580 $db->sql_query($sql);
581
582 $ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
583 $ban_list_log = implode(', ', $ban_list);
584
585 $current_time = time();
586
587 // Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
588 if ($ban_len)
589 {
590 if ($ban_len != -1 || !$ban_len_other)
591 {
592 $ban_end = max($current_time, $current_time + ($ban_len) * 60);
593 }
594 else
595 {
596 $ban_other = explode('-', $ban_len_other);
597 $ban_end = max($current_time, gmmktime(0, 0, 0, $ban_other[1], $ban_other[2], $ban_other[0]));
598 }
599 }
600 else
601 {
602 $ban_end = 0;
603 }
604
605 $founder = array();
606
607 if (!$ban_exclude)
608 {
609 // Create a list of founder...
610 $sql = 'SELECT user_id, user_email
611 FROM ' . USERS_TABLE . '
612 WHERE user_type = ' . USER_FOUNDER;
613 $result = $db->sql_query($sql);
614
615 while ($row = $db->sql_fetchrow($result))
616 {
617 $founder[$row['user_id']] = $row['user_email'];
618 }
619 $db->sql_freeresult($result);
620 }
621
622 $banlist_ary = array();
623
624 switch ($mode)
625 {
626 case 'user':
627 $type = 'ban_userid';
628
629 if (in_array('*', $ban_list))
630 {
631 // Ban all users (it's a good thing that you can exclude people)
632 $banlist_ary[] = '*';
633 }
634 else
635 {
636 // Select the relevant user_ids.
637 $sql_usernames = array();
638
639 foreach ($ban_list as $username)
640 {
641 $username = trim($username);
642 if ($username != '')
643 {
644 $sql_usernames[] = utf8_clean_string($username);
645 }
646 }
647
648 // Make sure we have been given someone to ban
649 if (!sizeof($sql_usernames))
650 {
651 trigger_error($user->lang['NO_USER_SPECIFIED']);
652 }
653
654 $sql = 'SELECT user_id
655 FROM ' . USERS_TABLE . '
656 WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
657
658 // Do not allow banning yourself
659 if (sizeof($founder))
660 {
661 $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
662 }
663 else
664 {
665 $sql .= ' AND user_id <> ' . $user->data['user_id'];
666 }
667
668 $result = $db->sql_query($sql);
669
670 if ($row = $db->sql_fetchrow($result))
671 {
672 do
673 {
674 $banlist_ary[] = $row['user_id'];
675 }
676 while ($row = $db->sql_fetchrow($result));
677 }
678 else
679 {
680 trigger_error($user->lang['NO_USERS']);
681 }
682 $db->sql_freeresult($result);
683 }
684 break;
685
686 case 'ip':
687 $type = 'ban_ip';
688
689 foreach ($ban_list as $ban_item)
690 {
691 if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
692 {
693 // This is an IP range
694 // Don't ask about all this, just don't ask ... !
695 $ip_1_counter = $ip_range_explode[1];
696 $ip_1_end = $ip_range_explode[5];
697
698 while ($ip_1_counter <= $ip_1_end)
699 {
700 $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
701 $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
702
703 if ($ip_2_counter == 0 && $ip_2_end == 254)
704 {
705 $ip_2_counter = 256;
706 $ip_2_fragment = 256;
707
708 $banlist_ary[] = "$ip_1_counter.*";
709 }
710
711 while ($ip_2_counter <= $ip_2_end)
712 {
713 $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
714 $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
715
716 if ($ip_3_counter == 0 && $ip_3_end == 254)
717 {
718 $ip_3_counter = 256;
719 $ip_3_fragment = 256;
720
721 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
722 }
723
724 while ($ip_3_counter <= $ip_3_end)
725 {
726 $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
727 $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
728
729 if ($ip_4_counter == 0 && $ip_4_end == 254)
730 {
731 $ip_4_counter = 256;
732 $ip_4_fragment = 256;
733
734 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
735 }
736
737 while ($ip_4_counter <= $ip_4_end)
738 {
739 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
740 $ip_4_counter++;
741 }
742 $ip_3_counter++;
743 }
744 $ip_2_counter++;
745 }
746 $ip_1_counter++;
747 }
748 }
749 else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
750 {
751 // Normal IP address
752 $banlist_ary[] = trim($ban_item);
753 }
754 else if (preg_match('#^\*$#', trim($ban_item)))
755 {
756 // Ban all IPs
757 $banlist_ary[] = "*";
758 }
759 else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
760 {
761 // hostname
762 $ip_ary = gethostbynamel(trim($ban_item));
763
764 if (!empty($ip_ary))
765 {
766 foreach ($ip_ary as $ip)
767 {
768 if ($ip)
769 {
770 if (strlen($ip) > 40)
771 {
772 continue;
773 }
774
775 $banlist_ary[] = $ip;
776 }
777 }
778 }
779 }
780 else
781 {
782 trigger_error('NO_IPS_DEFINED');
783 }
784 }
785 break;
786
787 case 'email':
788 $type = 'ban_email';
789
790 foreach ($ban_list as $ban_item)
791 {
792 $ban_item = trim($ban_item);
793
794 if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
795 {
796 if (strlen($ban_item) > 100)
797 {
798 continue;
799 }
800
801 if (!sizeof($founder) || !in_array($ban_item, $founder))
802 {
803 $banlist_ary[] = $ban_item;
804 }
805 }
806 }
807
808 if (sizeof($ban_list) == 0)
809 {
810 trigger_error('NO_EMAILS_DEFINED');
811 }
812 break;
813
814 default:
815 trigger_error('NO_MODE');
816 break;
817 }
818
819 // Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
820 $sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";
821
822 $sql = "SELECT $type
823 FROM " . BANLIST_TABLE . "
824 WHERE $sql_where
825 AND ban_exclude = $ban_exclude";
826 $result = $db->sql_query($sql);
827
828 // Reset $sql_where, because we use it later...
829 $sql_where = '';
830
831 if ($row = $db->sql_fetchrow($result))
832 {
833 $banlist_ary_tmp = array();
834 do
835 {
836 switch ($mode)
837 {
838 case 'user':
839 $banlist_ary_tmp[] = $row['ban_userid'];
840 break;
841
842 case 'ip':
843 $banlist_ary_tmp[] = $row['ban_ip'];
844 break;
845
846 case 'email':
847 $banlist_ary_tmp[] = $row['ban_email'];
848 break;
849 }
850 }
851 while ($row = $db->sql_fetchrow($result));
852
853 $banlist_ary = array_unique(array_diff($banlist_ary, $banlist_ary_tmp));
854 unset($banlist_ary_tmp);
855 }
856 $db->sql_freeresult($result);
857
858 // We have some entities to ban
859 if (sizeof($banlist_ary))
860 {
861 $sql_ary = array();
862
863 foreach ($banlist_ary as $ban_entry)
864 {
865 $sql_ary[] = array(
866 $type => $ban_entry,
867 'ban_start' => $current_time,
868 'ban_end' => $ban_end,
869 'ban_exclude' => $ban_exclude,
870 'ban_reason' => $ban_reason,
871 'ban_give_reason' => $ban_give_reason,
872 );
873 }
874
875 $db->sql_multi_insert(BANLIST_TABLE, $sql_ary);
876
877 // If we are banning we want to logout anyone matching the ban
878 if (!$ban_exclude)
879 {
880 switch ($mode)
881 {
882 case 'user':
883 $sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
884 break;
885
886 case 'ip':
887 $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
888 break;
889
890 case 'email':
891 $banlist_ary_sql = array();
892
893 foreach ($banlist_ary as $ban_entry)
894 {
895 $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
896 }
897
898 $sql = 'SELECT user_id
899 FROM ' . USERS_TABLE . '
900 WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
901 $result = $db->sql_query($sql);
902
903 $sql_in = array();
904
905 if ($row = $db->sql_fetchrow($result))
906 {
907 do
908 {
909 $sql_in[] = $row['user_id'];
910 }
911 while ($row = $db->sql_fetchrow($result));
912
913 $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
914 }
915 $db->sql_freeresult($result);
916 break;
917 }
918
919 if (isset($sql_where) && $sql_where)
920 {
921 $sql = 'DELETE FROM ' . SESSIONS_TABLE . "
922 $sql_where";
923 $db->sql_query($sql);
924
925 if ($mode == 'user')
926 {
927 $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
928 $db->sql_query($sql);
929 }
930 }
931 }
932
933 // Update log
934 $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
935 add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
936
937 return true;
938 }
939
940 // There was nothing to ban/exclude
941 return false;
942 }
943
944 /**
945 * Unban User
946 */
947 function user_unban($mode, $ban)
948 {
949 global $db, $user, $auth;
950
951 // Delete stale bans
952 $sql = 'DELETE FROM ' . BANLIST_TABLE . '
953 WHERE ban_end < ' . time() . '
954 AND ban_end <> 0';
955 $db->sql_query($sql);
956
957 if (!is_array($ban))
958 {
959 $ban = array($ban);
960 }
961
962 $unban_sql = array_map('intval', $ban);
963
964 if (sizeof($unban_sql))
965 {
966 // Grab details of bans for logging information later
967 switch ($mode)
968 {
969 case 'user':
970 $sql = 'SELECT u.username AS unban_info
971 FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
972 WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
973 AND u.user_id = b.ban_userid';
974 break;
975
976 case 'email':
977 $sql = 'SELECT ban_email AS unban_info
978 FROM ' . BANLIST_TABLE . '
979 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
980 break;
981
982 case 'ip':
983 $sql = 'SELECT ban_ip AS unban_info
984 FROM ' . BANLIST_TABLE . '
985 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
986 break;
987 }
988 $result = $db->sql_query($sql);
989
990 $l_unban_list = '';
991 while ($row = $db->sql_fetchrow($result))
992 {
993 $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
994 }
995 $db->sql_freeresult($result);
996
997 $sql = 'DELETE FROM ' . BANLIST_TABLE . '
998 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
999 $db->sql_query($sql);
1000
1001 add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1002 }
1003
1004 return false;
1005 }
1006
1007 /**
1008 * Whois facility
1009 */
1010 function user_ipwhois($ip)
1011 {
1012 $ipwhois = '';
1013
1014 $match = array(
1015 '#RIPE\.NET#is' => 'whois.ripe.net',
1016 '#whois\.apnic\.net#is' => 'whois.apnic.net',
1017 '#nic\.ad\.jp#is' => 'whois.nic.ad.jp',
1018 '#whois\.registro\.br#is' => 'whois.registro.br'
1019 );
1020
1021 if (($fsk = @fsockopen('whois.arin.net', 43)))
1022 {
1023 fputs($fsk, "$ip\n");
1024 while (!feof($fsk))
1025 {
1026 $ipwhois .= fgets($fsk, 1024);
1027 }
1028 @fclose($fsk);
1029 }
1030
1031 foreach (array_keys($match) as $server)
1032 {
1033 if (preg_match($server, $ipwhois))
1034 {
1035 $ipwhois = '';
1036 if (($fsk = @fsockopen($match[$server], 43)))
1037 {
1038 fputs($fsk, "$ip\n");
1039 while (!feof($fsk))
1040 {
1041 $ipwhois .= fgets($fsk, 1024);
1042 }
1043 @fclose($fsk);
1044 }
1045 break;
1046 }
1047 }
1048
1049 return $ipwhois;
1050 }
1051
1052 /**
1053 * Data validation ... used primarily but not exclusively by ucp modules
1054 *
1055 * "Master" function for validating a range of data types
1056 */
1057 function validate_data($data, $val_ary)
1058 {
1059 $error = array();
1060
1061 foreach ($val_ary as $var => $val_seq)
1062 {
1063 if (!is_array($val_seq[0]))
1064 {
1065 $val_seq = array($val_seq);
1066 }
1067
1068 foreach ($val_seq as $validate)
1069 {
1070 $function = array_shift($validate);
1071 array_unshift($validate, $data[$var]);
1072
1073 if ($result = call_user_func_array('validate_' . $function, $validate))
1074 {
1075 $error[] = $result . '_' . strtoupper($var);
1076 }
1077 }
1078 }
1079
1080 return $error;
1081 }
1082
1083 /**
1084 * Validate String
1085 *
1086 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1087 */
1088 function validate_string($string, $optional = false, $min = 0, $max = 0)
1089 {
1090 if (empty($string) && $optional)
1091 {
1092 return false;
1093 }
1094
1095 if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
1096 {
1097 return 'TOO_SHORT';
1098 }
1099 else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
1100 {
1101 return 'TOO_LONG';
1102 }
1103
1104 return false;
1105 }
1106
1107 /**
1108 * Validate Number
1109 *
1110 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1111 */
1112 function validate_num($num, $optional = false, $min = 0, $max = 1E99)
1113 {
1114 if (empty($num) && $optional)
1115 {
1116 return false;
1117 }
1118
1119 if ($num < $min)
1120 {
1121 return 'TOO_SMALL';
1122 }
1123 else if ($num > $max)
1124 {
1125 return 'TOO_LARGE';
1126 }
1127
1128 return false;
1129 }
1130
1131 /**
1132 * Validate Match
1133 *
1134 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1135 */
1136 function validate_match($string, $optional = false, $match)
1137 {
1138 if (empty($string) && $optional)
1139 {
1140 return false;
1141 }
1142
1143 if (!preg_match($match, $string))
1144 {
1145 return 'WRONG_DATA';
1146 }
1147
1148 return false;
1149 }
1150
1151 /**
1152 * Check to see if the username has been taken, or if it is disallowed.
1153 * Also checks if it includes the " character, which we don't allow in usernames.
1154 * Used for registering, changing names, and posting anonymously with a username
1155 *
1156 * @param string $username The username to check
1157 * @param string $allowed_username An allowed username, default being $user->data['username']
1158 *
1159 * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1160 */
1161 function validate_username($username, $allowed_username = false)
1162 {
1163 global $config, $db, $user, $cache;
1164
1165 $clean_username = utf8_clean_string($username);
1166 $allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);
1167
1168 if ($allowed_username == $clean_username)
1169 {
1170 return false;
1171 }
1172
1173 if (!preg_match('#^' . str_replace('\\\\', '\\', $config['allow_name_chars']) . '$#ui', $username) || strpos($username, '&quot;') !== false || strpos($username, '"') !== false)
1174 {
1175 return 'INVALID_CHARS';
1176 }
1177
1178 $sql = 'SELECT username
1179 FROM ' . USERS_TABLE . "
1180 WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
1181 $result = $db->sql_query($sql);
1182 $row = $db->sql_fetchrow($result);
1183 $db->sql_freeresult($result);
1184
1185 if ($row)
1186 {
1187 return 'USERNAME_TAKEN';
1188 }
1189
1190 $sql = 'SELECT group_name
1191 FROM ' . GROUPS_TABLE . "
1192 WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
1193 $result = $db->sql_query($sql);
1194 $row = $db->sql_fetchrow($result);
1195 $db->sql_freeresult($result);
1196
1197 if ($row)
1198 {
1199 return 'USERNAME_TAKEN';
1200 }
1201
1202 $bad_usernames = $cache->obtain_disallowed_usernames();
1203
1204 foreach ($bad_usernames as $bad_username)
1205 {
1206 if (preg_match('#^' . $bad_username . '#', $clean_username))
1207 {
1208 return 'USERNAME_DISALLOWED';
1209 }
1210 }
1211
1212 $sql = 'SELECT word
1213 FROM ' . WORDS_TABLE;
1214 $result = $db->sql_query($sql);
1215
1216 while ($row = $db->sql_fetchrow($result))
1217 {
1218 if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
1219 {
1220 $db->sql_freeresult($result);
1221 return 'USERNAME_DISALLOWED';
1222 }
1223 }
1224 $db->sql_freeresult($result);
1225
1226 return false;
1227 }
1228
1229 /**
1230 * Check to see if the password meets the complexity settings
1231 *
1232 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1233 */
1234 function validate_password($password)
1235 {
1236 global $config, $db, $user;
1237
1238 if (!$password)
1239 {
1240 return false;
1241 }
1242
1243 // generic UTF-8 character types supported?
1244 if (version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>=')))
1245 {
1246 $upp = '\p{Lu}';
1247 $low = '\p{Ll}';
1248 $num = '\p{N}';
1249 $sym = '[^\p{Lu}\p{Ll}\p{N}]';
1250 }
1251 else
1252 {
1253 $upp = '[A-Z]';
1254 $low = '[a-z]';
1255 $num = '[0-9]';
1256 $sym = '[^A-Za-z0-9]';
1257 }
1258
1259 $chars = array();
1260
1261 switch ($config['pass_complex'])
1262 {
1263 case 'PASS_TYPE_CASE':
1264 $chars[] = $low;
1265 $chars[] = $upp;
1266 break;
1267
1268 case 'PASS_TYPE_ALPHA':
1269 $chars[] = $low;
1270 $chars[] = $upp;
1271 $chars[] = $num;
1272 break;
1273
1274 case 'PASS_TYPE_SYMBOL':
1275 $chars[] = $low;
1276 $chars[] = $upp;
1277 $chars[] = $num;
1278 $chars[] = $sym;
1279 break;
1280 }
1281
1282 foreach ($chars as $char)
1283 {
1284 if (!preg_match('#' . $char . '#u', $password))
1285 {
1286 return 'INVALID_CHARS';
1287 }
1288 }
1289
1290 return false;
1291 }
1292
1293 /**
1294 * Check to see if email address is banned or already present in the DB
1295 *
1296 * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1297 */
1298 function validate_email($email)
1299 {
1300 global $config, $db, $user;
1301
1302 $email = strtolower($email);
1303
1304 if (strtolower($user->data['user_email']) == $email)
1305 {
1306 return false;
1307 }
1308
1309 if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
1310 {
1311 return 'EMAIL_INVALID';
1312 }
1313
1314 // Check MX record.
1315 // The idea for this is from reading the UseBB blog/announcement. :)
1316 if ($config['email_check_mx'])
1317 {
1318 list(, $domain) = explode('@', $email);
1319
1320 if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
1321 {
1322 return 'DOMAIN_NO_MX_RECORD';
1323 }
1324 }
1325
1326 if ($user->check_ban(false, false, $email, true) == true)
1327 {
1328 return 'EMAIL_BANNED';
1329 }
1330
1331 if (!$config['allow_emailreuse'])
1332 {
1333 $sql = 'SELECT user_email_hash
1334 FROM ' . USERS_TABLE . "
1335 WHERE user_email_hash = " . crc32($email) . strlen($email);
1336 $result = $db->sql_query($sql);
1337 $row = $db->sql_fetchrow($result);
1338 $db->sql_freeresult($result);
1339
1340 if ($row)
1341 {
1342 return 'EMAIL_TAKEN';
1343 }
1344 }
1345
1346 return false;
1347 }
1348
1349 /**
1350 * Remove avatar
1351 */
1352 function avatar_delete($mode, $row)
1353 {
1354 global $phpbb_root_path, $config, $db, $user;
1355
1356 // Check if the users avatar is actually *not* a group avatar
1357 if ($mode == 'user')
1358 {
1359 if (strpos($row['user_avatar'], 'g' . $row['group_id'] . '_') === 0 || strpos($row['user_avatar'], $row['user_id'] . '_') !== 0)
1360 {
1361 return false;
1362 }
1363 }
1364
1365 if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar'])))
1366 {
1367 @unlink($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar']));
1368 return true;
1369 }
1370
1371 return false;
1372 }
1373
1374 /**
1375 * Remote avatar linkage
1376 */
1377 function avatar_remote($data, &$error)
1378 {
1379 global $config, $db, $user, $phpbb_root_path, $phpEx;
1380
1381 if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
1382 {
1383 $data['remotelink'] = 'http://' . $data['remotelink'];
1384 }
1385
1386 if (!preg_match('#^(http|https|ftp)://(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}:?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
1387 {
1388 $error[] = $user->lang['AVATAR_URL_INVALID'];
1389 return false;
1390 }
1391
1392 // Make sure getimagesize works...
1393 if (($image_data = @getimagesize($data['remotelink'])) === false)
1394 {
1395 $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
1396 return false;
1397 }
1398
1399 $width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
1400 $height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
1401
1402 if (!$width || !$height)
1403 {
1404 $error[] = $user->lang['AVATAR_NO_SIZE'];
1405 return false;
1406 }
1407
1408 // Check image type
1409 include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
1410 $types = fileupload::image_types();
1411 $extension = strtolower(filespec::get_extension($data['remotelink']));
1412
1413 if (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))
1414 {
1415 if (!isset($types[$image_data[2]]))
1416 {
1417 $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
1418 }
1419 else
1420 {
1421 $error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
1422 }
1423 return false;
1424 }
1425
1426 if ($config['avatar_max_width'] || $config['avatar_max_height'])
1427 {
1428 if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
1429 {
1430 $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
1431 return false;
1432 }
1433 }
1434
1435 if ($config['avatar_min_width'] || $config['avatar_min_height'])
1436 {
1437 if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height'])
1438 {
1439 $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
1440 return false;
1441 }
1442 }
1443
1444 return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);
1445 }
1446
1447 /**
1448 * Avatar upload using the upload class
1449 */
1450 function avatar_upload($data, &$error)
1451 {
1452 global $phpbb_root_path, $config, $db, $user, $phpEx;
1453
1454 // Init upload class
1455 include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
1456 $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
1457
1458 if (!empty($_FILES['uploadfile']['name']))
1459 {
1460 $file = $upload->form_upload('uploadfile');
1461 }
1462 else
1463 {
1464 $file = $upload->remote_upload($data['uploadurl']);
1465 }
1466
1467 $file->clean_filename('real', $data['user_id'] . '_');
1468
1469 $destination = $config['avatar_path'];
1470
1471 if ($destination[sizeof($destination) - 1] == '/' || $destination[sizeof($destination) - 1] == '\\')
1472 {
1473 $destination = substr($destination, 0, -1);
1474 }
1475
1476 $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
1477 if ($destination && ($destination[0] == '/' || $destination[0] == '\\'))
1478 {
1479 $destination = '';
1480 }
1481
1482 // Move file and overwrite any existing image
1483 $file->move_file($destination, true);
1484
1485 if (sizeof($file->error))
1486 {
1487 $file->remove();
1488 $error = array_merge($error, $file->error);
1489 }
1490
1491 return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height'));
1492 }
1493
1494 /**
1495 * Avatar Gallery
1496 */
1497 function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')
1498 {
1499 global $user, $cache, $template;
1500 global $config, $phpbb_root_path;
1501
1502 $avatar_list = array();
1503
1504 $path = $phpbb_root_path . $config['avatar_gallery_path'];
1505
1506 if (!file_exists($path) || !is_dir($path))
1507 {
1508 $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
1509 }
1510 else
1511 {
1512 // Collect images
1513 $dp = @opendir($path);
1514
1515 while (($file = readdir($dp)) !== false)
1516 {
1517 if ($file[0] != '.' && is_dir("$path/$file"))
1518 {
1519 $avatar_row_count = $avatar_col_count = 0;
1520
1521 $dp2 = @opendir("$path/$file");
1522 while (($sub_file = readdir($dp2)) !== false)
1523 {
1524 if (preg_match('#\.(?:gif|png|jpe?g)$#i', $sub_file))
1525 {
1526 $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
1527 'file' => "$file/$sub_file",
1528 'filename' => $sub_file,
1529 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
1530 );
1531
1532 $avatar_col_count++;
1533 if ($avatar_col_count == $items_per_column)
1534 {
1535 $avatar_row_count++;
1536 $avatar_col_count = 0;
1537 }
1538 }
1539 }
1540 closedir($dp2);
1541 }
1542 }
1543 closedir($dp);
1544 }
1545
1546 if (!sizeof($avatar_list))
1547 {
1548 $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
1549 }
1550
1551 @ksort($avatar_list);
1552
1553 $category = (!$category) ? key($avatar_list) : $category;
1554 $avatar_categories = array_keys($avatar_list);
1555
1556 $s_category_options = '';
1557 foreach ($avatar_categories as $cat)
1558 {
1559 $s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ? ' selected="selected"' : '') . '>' . $cat . '</option>';
1560 }
1561
1562 $template->assign_vars(array(
1563 'S_IN_AVATAR_GALLERY' => true,
1564 'S_CAT_OPTIONS' => $s_category_options)
1565 );
1566
1567 $avatar_list = $avatar_list[$category];
1568
1569 foreach ($avatar_list as $avatar_row_ary)
1570 {
1571 $template->assign_block_vars($block_var, array());
1572
1573 foreach ($avatar_row_ary as $avatar_col_ary)
1574 {
1575 $template->assign_block_vars($block_var . '.avatar_column', array(
1576 'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
1577 'AVATAR_NAME' => $avatar_col_ary['name'],
1578 'AVATAR_FILE' => $avatar_col_ary['filename'])
1579 );
1580
1581 $template->assign_block_vars($block_var . '.avatar_option_column', array(
1582 'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
1583 'S_OPTIONS_AVATAR' => $avatar_col_ary['filename'])
1584 );
1585 }
1586 }
1587
1588 return $avatar_list;
1589 }
1590
1591 /**
1592 * Uploading/Changing user avatar
1593 */
1594 function avatar_process_user(&$error, $custom_userdata = false)
1595 {
1596 global $config, $phpbb_root_path, $auth, $user, $db;
1597
1598 $data = array(
1599 'uploadurl' => request_var('uploadurl', ''),
1600 'remotelink' => request_var('remotelink', ''),
1601 'width' => request_var('width', ''),
1602 'height' => request_var('height', ''),
1603 );
1604
1605 $error = validate_data($data, array(
1606 'uploadurl' => array('string', true, 5, 255),
1607 'remotelink' => array('string', true, 5, 255),
1608 'width' => array('string', true, 1, 3),
1609 'height' => array('string', true, 1, 3),
1610 ));
1611
1612 if (sizeof($error))
1613 {
1614 return false;
1615 }
1616
1617 $sql_ary = array();
1618 $data['user_id'] = ($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id'];
1619 $change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;
1620 $avatar_select = basename(request_var('avatar_select', ''));
1621
1622 // Can we upload?
1623 $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
1624
1625 if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
1626 {
1627 list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
1628 }
1629 else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])
1630 {
1631 list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);
1632 }
1633 else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])
1634 {
1635 $category = basename(request_var('category', ''));
1636
1637 $sql_ary['user_avatar_type'] = AVATAR_GALLERY;
1638 $sql_ary['user_avatar'] = $avatar_select;
1639
1640 // check avatar gallery
1641 if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
1642 {
1643 $sql_ary['user_avatar'] = '';
1644 $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
1645 }
1646 else
1647 {
1648 list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
1649 $sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
1650 }
1651 }
1652 else if (isset($_POST['delete']) && $change_avatar)
1653 {
1654 $sql_ary['user_avatar'] = '';
1655 $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
1656 }
1657 else if ($data['width'] && $data['height'])
1658 {
1659 // Only update the dimensions?
1660 if ($config['avatar_max_width'] || $config['avatar_max_height'])
1661 {
1662 if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
1663 {
1664 $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
1665 }
1666 }
1667
1668 if (!sizeof($error))
1669 {
1670 if ($config['avatar_min_width'] || $config['avatar_min_height'])
1671 {
1672 if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height'])
1673 {
1674 $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
1675 }
1676 }
1677 }
1678
1679 if (!sizeof($error))
1680 {
1681 $sql_ary['user_avatar_width'] = $data['width'];
1682 $sql_ary['user_avatar_height'] = $data['height'];
1683 }
1684 }
1685
1686 if (!sizeof($error))
1687 {
1688 // Do we actually have any data to update?
1689 if (sizeof($sql_ary))
1690 {
1691 $sql = 'UPDATE ' . USERS_TABLE . '
1692 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1693 WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
1694 $db->sql_query($sql);
1695
1696 if (isset($sql_ary['user_avatar']))
1697 {
1698 $userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
1699
1700 // Delete old avatar if present
1701 if ($userdata['user_avatar'] && $sql_ary['user_avatar'] != $userdata['user_avatar'] && $userdata['user_avatar_type'] != AVATAR_GALLERY)
1702 {
1703 avatar_delete('user', $userdata);
1704 }
1705 }
1706 }
1707 }
1708
1709 return (sizeof($error)) ? false : true;
1710 }
1711
1712 //
1713 // Usergroup functions
1714 //
1715
1716 /**
1717 * Add or edit a group. If we're editing a group we only update user
1718 * parameters such as rank, etc. if they are changed
1719 */
1720 function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
1721 {
1722 global $phpbb_root_path, $config, $db, $user, $file_upload;
1723
1724 $error = array();
1725 $attribute_ary = array(
1726 'group_colour' => 'string',
1727 'group_rank' => 'int',
1728 'group_avatar' => 'string',
1729 'group_avatar_type' => 'int',
1730 'group_avatar_width' => 'int',
1731 'group_avatar_height' => 'int',
1732
1733 'group_receive_pm' => 'int',
1734 'group_legend' => 'int',
1735 'group_message_limit' => 'int',
1736
1737 'group_founder_manage' => 'int',
1738 );
1739
1740 // Those are group-only attributes
1741 $group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_founder_manage');
1742
1743 // Check data
1744 if (!utf8_strlen($name) || utf8_strlen($name) > 40)
1745 {
1746 $error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];
1747 }
1748
1749 if (utf8_strlen($desc) > 255)
1750 {
1751 $error[] = $user->lang['GROUP_ERR_DESC_LONG'];
1752 }
1753
1754 if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))
1755 {
1756 $error[] = $user->lang['GROUP_ERR_TYPE'];
1757 }
1758
1759 if (!sizeof($error))
1760 {
1761 $sql_ary = array(
1762 'group_name' => (string) $name,
1763 'group_desc' => (string) $desc,
1764 'group_desc_uid' => '',
1765 'group_desc_bitfield' => '',
1766 'group_type' => (int) $type,
1767 );
1768
1769 // Parse description
1770 if ($desc)
1771 {
1772 generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
1773 }
1774
1775 if (sizeof($group_attributes))
1776 {
1777 foreach ($attribute_ary as $attribute => $_type)
1778 {
1779 if (isset($group_attributes[$attribute]))
1780 {
1781 settype($group_attributes[$attribute], $_type);
1782 $sql_ary[$attribute] = $group_attributes[$attribute];
1783 }
1784 }
1785 }
1786
1787 // Setting the log message before we set the group id (if group gets added)
1788 $log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
1789
1790 $query = '';
1791
1792 if ($group_id)
1793 {
1794 $sql = 'UPDATE ' . GROUPS_TABLE . '
1795 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1796 WHERE group_id = $group_id";
1797 $db->sql_query($sql);
1798
1799 // Since we may update the name too, we need to do this on other tables too...
1800 $sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . "
1801 SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
1802 WHERE group_id = $group_id";
1803 $db->sql_query($sql);
1804 }
1805 else
1806 {
1807 $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
1808 $db->sql_query($sql);
1809 }
1810
1811 if (!$group_id)
1812 {
1813 $group_id = $db->sql_nextid();
1814 }
1815
1816 // Set user attributes
1817 $sql_ary = array();
1818 if (sizeof($group_attributes))
1819 {
1820 foreach ($attribute_ary as $attribute => $_type)
1821 {
1822 if (isset($group_attributes[$attribute]) && !in_array($attribute, $group_only_ary))
1823 {
1824 // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
1825 if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
1826 {
1827 continue;
1828 }
1829
1830 $sql_ary[$attribute] = $group_attributes[$attribute];
1831 }
1832 }
1833 }
1834
1835 if (sizeof($sql_ary))
1836 {
1837 $sql = 'SELECT user_id
1838 FROM ' . USERS_TABLE . '
1839 WHERE group_id = ' . $group_id;
1840 $result = $db->sql_query($sql);
1841
1842 $user_ary = array();
1843 while ($row = $db->sql_fetchrow($result))
1844 {
1845 $user_ary[] = $row['user_id'];
1846 }
1847 $db->sql_freeresult($result);
1848
1849 if (sizeof($user_ary))
1850 {
1851 group_set_user_default($group_id, $user_ary, $sql_ary);
1852 }
1853 }
1854
1855 $name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;
1856 add_log('admin', $log, $name);
1857
1858 group_update_listings($group_id);
1859 }
1860
1861 return (sizeof($error)) ? $error : false;
1862 }
1863
1864 /**
1865 * Group Delete
1866 */
1867 function group_delete($group_id, $group_name = false)
1868 {
1869 global $db, $phpbb_root_path, $phpEx;
1870
1871 if (!$group_name)
1872 {
1873 $group_name = get_group_name($group_id);
1874 }
1875
1876 $start = 0;
1877
1878 do
1879 {
1880 $user_id_ary = $username_ary = array();
1881
1882 // Batch query for group members, call group_user_del
1883 $sql = 'SELECT u.user_id, u.username
1884 FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u
1885 WHERE ug.group_id = $group_id
1886 AND u.user_id = ug.user_id";
1887 $result = $db->sql_query_limit($sql, 200, $start);
1888
1889 if ($row = $db->sql_fetchrow($result))
1890 {
1891 do
1892 {
1893 $user_id_ary[] = $row['user_id'];
1894 $username_ary[] = $row['username'];
1895
1896 $start++;
1897 }
1898 while ($row = $db->sql_fetchrow($result));
1899
1900 group_user_del($group_id, $user_id_ary, $username_ary, $group_name);
1901 }
1902 else
1903 {
1904 $start = 0;
1905 }
1906 $db->sql_freeresult($result);
1907 }
1908 while ($start);
1909
1910 // Delete group
1911 $sql = 'DELETE FROM ' . GROUPS_TABLE . "
1912 WHERE group_id = $group_id";
1913 $db->sql_query($sql);
1914
1915 // Delete auth entries from the groups table
1916 $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "
1917 WHERE group_id = $group_id";
1918 $db->sql_query($sql);
1919
1920 // Re-cache moderators
1921 if (!function_exists('cache_moderators'))
1922 {
1923 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
1924 }
1925
1926 cache_moderators();
1927
1928 add_log('admin', 'LOG_GROUP_DELETE', $group_name);
1929
1930 return 'GROUP_DELETED';
1931 }
1932
1933 /**
1934 * Add user(s) to group
1935 *
1936 * @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
1937 */
1938 function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
1939 {
1940 global $db, $auth;
1941
1942 // We need both username and user_id info
1943 $result = user_get_id_name($user_id_ary, $username_ary);
1944
1945 if (!sizeof($user_id_ary) || $result !== false)
1946 {
1947 return 'NO_USER';
1948 }
1949
1950 // Remove users who are already members of this group
1951 $sql = 'SELECT user_id, group_leader
1952 FROM ' . USER_GROUP_TABLE . '
1953 WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
1954 AND group_id = $group_id";
1955 $result = $db->sql_query($sql);
1956
1957 $add_id_ary = $update_id_ary = array();
1958 while ($row = $db->sql_fetchrow($result))
1959 {
1960 $add_id_ary[] = (int) $row['user_id'];
1961
1962 if ($leader && !$row['group_leader'])
1963 {
1964 $update_id_ary[] = (int) $row['user_id'];
1965 }
1966 }
1967 $db->sql_freeresult($result);
1968
1969 // Do all the users exist in this group?
1970 $add_id_ary = array_diff($user_id_ary, $add_id_ary);
1971
1972 // If we have no users
1973 if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
1974 {
1975 return 'GROUP_USERS_EXIST';
1976 }
1977
1978 $db->sql_transaction('begin');
1979
1980 // Insert the new users
1981 if (sizeof($add_id_ary))
1982 {
1983 $sql_ary = array();
1984
1985 foreach ($add_id_ary as $user_id)
1986 {
1987 $sql_ary[] = array(
1988 'user_id' => $user_id,
1989 'group_id' => $group_id,
1990 'group_leader' => $leader,
1991 'user_pending' => $pending,
1992 );
1993 }
1994
1995 $db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);
1996 }
1997
1998 if (sizeof($update_id_ary))
1999 {
2000 $sql = 'UPDATE ' . USER_GROUP_TABLE . '
2001 SET group_leader = 1
2002 WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
2003 AND group_id = $group_id";
2004 $db->sql_query($sql);
2005 }
2006
2007 if ($default)
2008 {
2009 group_set_user_default($group_id, $user_id_ary, $group_attributes);
2010 }
2011
2012 $db->sql_transaction('commit');
2013
2014 // Clear permissions cache of relevant users
2015 $auth->acl_clear_prefetch($user_id_ary);
2016
2017 if (!$group_name)
2018 {
2019 $group_name = get_group_name($group_id);
2020 }
2021
2022 $log = ($leader) ? 'LOG_MODS_ADDED' : 'LOG_USERS_ADDED';
2023
2024 add_log('admin', $log, $group_name, implode(', ', $username_ary));
2025
2026 group_update_listings($group_id);
2027
2028 // Return false - no error
2029 return false;
2030 }
2031
2032 /**
2033 * Remove a user/s from a given group. When we remove users we update their
2034 * default group_id. We do this by examining which "special" groups they belong
2035 * to. The selection is made based on a reasonable priority system
2036 *
2037 * @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
2038 */
2039 function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
2040 {
2041 global $db, $auth;
2042
2043 $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
2044
2045 // We need both username and user_id info
2046 $result = user_get_id_name($user_id_ary, $username_ary);
2047
2048 if (!sizeof($user_id_ary) || $result !== false)
2049 {
2050 return 'NO_USER';
2051 }
2052
2053 $sql = 'SELECT *
2054 FROM ' . GROUPS_TABLE . '
2055 WHERE ' . $db->sql_in_set('group_name', $group_order);
2056 $result = $db->sql_query($sql);
2057
2058 $group_order_id = $special_group_data = array();
2059 while ($row = $db->sql_fetchrow($result))
2060 {
2061 $group_order_id[$row['group_name']] = $row['group_id'];
2062
2063 $special_group_data[$row['group_id']] = array(
2064 'group_colour' => $row['group_colour'],
2065 'group_rank' => $row['group_rank'],
2066 );
2067
2068 // Only set the group avatar if one is defined...
2069 if ($row['group_avatar'])
2070 {
2071 $special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
2072 'group_avatar' => $row['group_avatar'],
2073 'group_avatar_type' => $row['group_avatar_type'],
2074 'group_avatar_width' => $row['group_avatar_width'],
2075 'group_avatar_height' => $row['group_avatar_height'])
2076 );
2077 }
2078 }
2079 $db->sql_freeresult($result);
2080
2081 // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
2082 $sql = 'SELECT user_id, group_id
2083 FROM ' . USERS_TABLE . '
2084 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
2085 $result = $db->sql_query($sql);
2086
2087 $default_groups = array();
2088 while ($row = $db->sql_fetchrow($result))
2089 {
2090 $default_groups[$row['user_id']] = $row['group_id'];
2091 }
2092 $db->sql_freeresult($result);
2093
2094 // What special group memberships exist for these users?
2095 $sql = 'SELECT g.group_id, g.group_name, ug.user_id
2096 FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
2097 WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
2098 AND g.group_id = ug.group_id
2099 AND g.group_id <> $group_id
2100 AND g.group_type = " . GROUP_SPECIAL . '
2101 ORDER BY ug.user_id, g.group_id';
2102 $result = $db->sql_query($sql);
2103
2104 $temp_ary = array();
2105 while ($row = $db->sql_fetchrow($result))
2106 {
2107 if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || array_search($row['group_name'], $group_order) < $temp_ary[$row['user_id']]))
2108 {
2109 $temp_ary[$row['user_id']] = $row['group_id'];
2110 }
2111 }
2112 $db->sql_freeresult($result);
2113
2114 $sql_where_ary = array();
2115 foreach ($temp_ary as $uid => $gid)
2116 {
2117 $sql_where_ary[$gid][] = $uid;
2118 }
2119 unset($temp_ary);
2120
2121 foreach ($special_group_data as $gid => $default_data_ary)
2122 {
2123 if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
2124 {
2125 group_set_user_default($gid, $sql_where_ary[$gid], $special_group_data[$gid]);
2126 }
2127 }
2128 unset($special_group_data);
2129
2130 $sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
2131 WHERE group_id = $group_id
2132 AND " . $db->sql_in_set('user_id', $user_id_ary);
2133 $db->sql_query($sql);
2134
2135 // Clear permissions cache of relevant users
2136 $auth->acl_clear_prefetch($user_id_ary);
2137
2138 if (!$group_name)
2139 {
2140 $group_name = get_group_name($group_id);
2141 }
2142
2143 $log = 'LOG_GROUP_REMOVE';
2144
2145 add_log('admin', $log, $group_name, implode(', ', $username_ary));
2146
2147 group_update_listings($group_id);
2148
2149 // Return false - no error
2150 return false;
2151 }
2152
2153 /**
2154 * This is used to promote (to leader), demote or set as default a member/s
2155 */
2156 function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
2157 {
2158 global $db, $auth, $phpbb_root_path, $phpEx, $config;
2159
2160 // We need both username and user_id info
2161 $result = user_get_id_name($user_id_ary, $username_ary);
2162
2163 if (!sizeof($user_id_ary) || $result !== false)
2164 {
2165 return false;
2166 }
2167
2168 if (!$group_name)
2169 {
2170 $group_name = get_group_name($group_id);
2171 }
2172
2173 switch ($action)
2174 {
2175 case 'demote':
2176 case 'promote':
2177 $sql = 'UPDATE ' . USER_GROUP_TABLE . '
2178 SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
2179 WHERE group_id = $group_id
2180 AND " . $db->sql_in_set('user_id', $user_id_ary);
2181 $db->sql_query($sql);
2182
2183 $log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
2184 break;
2185
2186 case 'approve':
2187 // Make sure we only approve those which are pending ;)
2188 $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
2189 FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
2190 WHERE ug.group_id = ' . $group_id . '
2191 AND ug.user_pending = 1
2192 AND ug.user_id = u.user_id
2193 AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
2194 $result = $db->sql_query($sql);
2195
2196 $user_id_ary = $email_users = array();
2197 while ($row = $db->sql_fetchrow($result))
2198 {
2199 $user_id_ary[] = $row['user_id'];
2200 $email_users[] = $row;
2201 }
2202 $db->sql_freeresult($result);
2203
2204 if (!sizeof($user_id_ary))
2205 {
2206 return false;
2207 }
2208
2209 $sql = 'UPDATE ' . USER_GROUP_TABLE . "
2210 SET user_pending = 0
2211 WHERE group_id = $group_id
2212 AND " . $db->sql_in_set('user_id', $user_id_ary);
2213 $db->sql_query($sql);
2214
2215 // Send approved email to users...
2216 include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
2217 $messenger = new messenger();
2218
2219 foreach ($email_users as $row)
2220 {
2221 $messenger->template('group_approved', $row['user_lang']);
2222
2223 $messenger->to($row['user_email'], $row['username']);
2224 $messenger->im($row['user_jabber'], $row['username']);
2225
2226 $messenger->assign_vars(array(
2227 'USERNAME' => htmlspecialchars_decode($row['username']),
2228 'GROUP_NAME' => htmlspecialchars_decode($group_name),
2229 'U_GROUP' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
2230 );
2231
2232 $messenger->send($row['user_notify_type']);
2233 }
2234
2235 $messenger->save_queue();
2236
2237 $log = 'LOG_USERS_APPROVED';
2238 break;
2239
2240 case 'default':
2241 group_set_user_default($group_id, $user_id_ary, $group_attributes);
2242 $log = 'LOG_GROUP_DEFAULTS';
2243 break;
2244 }
2245
2246 // Clear permissions cache of relevant users
2247 $auth->acl_clear_prefetch($user_id_ary);
2248
2249 add_log('admin', $log, $group_name, implode(', ', $username_ary));
2250
2251 group_update_listings($group_id);
2252
2253 return true;
2254 }
2255
2256 /**
2257 * Set users default group
2258 *
2259 * @private
2260 */
2261 function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
2262 {
2263 global $db;
2264
2265 if (empty($user_id_ary))
2266 {
2267 return;
2268 }
2269
2270 $attribute_ary = array(
2271 'group_colour' => 'string',
2272 'group_rank' => 'int',
2273 'group_avatar' => 'string',
2274 'group_avatar_type' => 'int',
2275 'group_avatar_width' => 'int',
2276 'group_avatar_height' => 'int',
2277 );
2278
2279 $sql_ary = array(
2280 'group_id' => $group_id
2281 );
2282
2283 // Were group attributes passed to the function? If not we need to obtain them
2284 if ($group_attributes === false)
2285 {
2286 $sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
2287 FROM ' . GROUPS_TABLE . "
2288 WHERE group_id = $group_id";
2289 $result = $db->sql_query($sql);
2290 $group_attributes = $db->sql_fetchrow($result);
2291 $db->sql_freeresult($result);
2292 }
2293
2294 foreach ($attribute_ary as $attribute => $type)
2295 {
2296 if (isset($group_attributes[$attribute]))
2297 {
2298 // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
2299 if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
2300 {
2301 continue;
2302 }
2303
2304 settype($group_attributes[$attribute], $type);
2305 $sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
2306 }
2307 }
2308
2309 // Before we update the user attributes, we will make a list of those having now the group avatar assigned
2310 if (in_array('user_avatar', array_keys($sql_ary)))
2311 {
2312 // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
2313 $sql = 'SELECT user_id, group_id, user_avatar
2314 FROM ' . USERS_TABLE . '
2315 WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
2316 AND user_avatar_type = ' . AVATAR_UPLOAD;
2317 $result = $db->sql_query($sql);
2318
2319 while ($row = $db->sql_fetchrow($result))
2320 {
2321 avatar_delete('user', $row);
2322 }
2323 $db->sql_freeresult($result);
2324 }
2325
2326 $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2327 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
2328 $db->sql_query($sql);
2329
2330 if (in_array('user_colour', array_keys($sql_ary)))
2331 {
2332 // Update any cached colour information for these users
2333 $sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
2334 WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);
2335 $db->sql_query($sql);
2336
2337 $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
2338 WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);
2339 $db->sql_query($sql);
2340
2341 $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
2342 WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
2343 $db->sql_query($sql);
2344
2345 global $config;
2346
2347 if (in_array($config['newest_user_id'], $user_id_ary))
2348 {
2349 set_config('newest_user_colour', $sql_ary['user_colour'], true);
2350 }
2351 }
2352
2353 if ($update_listing)
2354 {
2355 group_update_listings($group_id);
2356 }
2357 }
2358
2359 /**
2360 * Get group name
2361 */
2362 function get_group_name($group_id)
2363 {
2364 global $db, $user;
2365
2366 $sql = 'SELECT group_name, group_type
2367 FROM ' . GROUPS_TABLE . '
2368 WHERE group_id = ' . (int) $group_id;
2369 $result = $db->sql_query($sql);
2370 $row = $db->sql_fetchrow($result);
2371 $db->sql_freeresult($result);
2372
2373 if (!$row)
2374 {
2375 return '';
2376 }
2377
2378 return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
2379 }
2380
2381 /**
2382 * Obtain either the members of a specified group, the groups the specified user is subscribed to
2383 * or checking if a specified user is in a specified group
2384 *
2385 * Note: Never use this more than once... first group your users/groups
2386 */
2387 function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)
2388 {
2389 global $db;
2390
2391 if (!$group_id_ary && !$user_id_ary)
2392 {
2393 return true;
2394 }
2395
2396 if ($user_id_ary)
2397 {
2398 $user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
2399 }
2400
2401 if ($group_id_ary)
2402 {
2403 $group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
2404 }
2405
2406 $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
2407 FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
2408 WHERE ug.user_id = u.user_id AND ';
2409
2410 if ($group_id_ary)
2411 {
2412 $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
2413 }
2414
2415 if ($user_id_ary)
2416 {
2417 $sql .= ($group_id_ary) ? ' AND ' : ' ';
2418 $sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
2419 }
2420
2421 $result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);
2422
2423 $row = $db->sql_fetchrow($result);
2424
2425 if ($return_bool)
2426 {
2427 $db->sql_freeresult($result);
2428 return ($row) ? true : false;
2429 }
2430
2431 if (!$row)
2432 {
2433 return false;
2434 }
2435
2436 $return = array();
2437
2438 do
2439 {
2440 $return[] = $row;
2441 }
2442 while ($row = $db->sql_fetchrow($result));
2443
2444 $db->sql_freeresult($result);
2445
2446 return $return;
2447 }
2448
2449 /**
2450 * Re-cache moderators and foes if group has a_ or m_ permissions
2451 */
2452 function group_update_listings($group_id)
2453 {
2454 global $auth;
2455
2456 $hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
2457
2458 if (!sizeof($hold_ary))
2459 {
2460 return;
2461 }
2462
2463 $mod_permissions = $admin_permissions = false;
2464
2465 foreach ($hold_ary as $g_id => $forum_ary)
2466 {
2467 foreach ($forum_ary as $forum_id => $auth_ary)
2468 {
2469 foreach ($auth_ary as $auth_option => $setting)
2470 {
2471 if ($mod_permissions && $admin_permissions)
2472 {
2473 break 3;
2474 }
2475
2476 if ($setting != ACL_YES)
2477 {
2478 continue;
2479 }
2480
2481 if ($auth_option == 'm_')
2482 {
2483 $mod_permissions = true;
2484 }
2485
2486 if ($auth_option == 'a_')
2487 {
2488 $admin_permissions = true;
2489 }
2490 }
2491 }
2492 }
2493
2494 if ($mod_permissions)
2495 {
2496 if (!function_exists('cache_moderators'))
2497 {
2498 global $phpbb_root_path, $phpEx;
2499 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
2500 }
2501 cache_moderators();
2502 }
2503
2504 if ($mod_permissions || $admin_permissions)
2505 {
2506 update_foes();
2507 }
2508 }
2509
2510 ?>
phpbb is a php-based BBS (buletin board system)