PageRenderTime 45ms CodeModel.GetById 15ms RepoModel.GetById 1ms app.codeStats 0ms

/class/userutility.php

https://gitlab.com/VoyaTrax/vtCMS2
PHP | 329 lines | 230 code | 22 blank | 77 comment | 68 complexity | e3a3bfce32632eba517a33aa386ad8c4 MD5 | raw file
Possible License(s): AGPL-1.0, GPL-2.0, MIT, GPL-3.0, BSD-3-Clause, LGPL-2.1 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  *  Xoops Form Class Elements
    4. 

  4.  *
    5. 

  5.  * You may not change or alter any portion of this comment or credits
    6. 

  6.  * of supporting developers from this source code or any supporting source code
    7. 

  7.  * which is considered copyrighted (c) material of the original comment or credit authors.
    8. 

  8.  * This program is distributed in the hope that it will be useful,
    9. 

  9.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    10. 

  10.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    11. 

  11.  *
    12. 

  12.  * @copyright       (c) 2000-2016 XOOPS Project (www.xoops.org)
    13. 

  13.  * @license             GNU GPL 2 (http://www.gnu.org/licenses/gpl-2.0.html)
    14. 

  14.  * @package             kernel
    15. 

  15.  * @since               2.3.0
    16. 

  16.  * @author              Taiwen Jiang <phppp@users.sourceforge.net>
    17. 

  17.  */
    18. 

  18. 

  19. defined('XOOPS_ROOT_PATH') || exit('Restricted access');
    20. 

  20. 

  21. /**
    22. 

  22.  * XoopsUserUtility
    23. 

  23.  *
    24. 

  24.  * @package Kernel
    25. 

  25.  * @author  Taiwen Jiang <phppp@users.sourceforge.net>
    26. 

  26.  */
    27. 

  27. class XoopsUserUtility
    28. 

  28. {
    29. 

  29.     /**
    30. 

  30.      * XoopsUserUtility::sendWelcome
    31. 

  31.      *
    32. 

  32.      * @param mixed $user
    33. 

  33.      *
    34. 

  34.      * @return bool
    35. 

  35.      */
    36. 

  36.     public static function sendWelcome($user)
    37. 

  37.     {
    38. 

  38.         global $xoopsConfigUser, $xoopsConfig;
    39. 

  39. 

  40.         if (empty($xoopsConfigUser)) {
    41. 

  41.             $config_handler  = xoops_getHandler('config');
    42. 

  42.             $xoopsConfigUser = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
    43. 

  43.         }
    44. 

  44.         if (empty($xoopsConfigUser['welcome_type'])) {
    45. 

  45.             return true;
    46. 

  46.         }
    47. 

  47. 

  48.         if (!empty($user) && !is_object($user)) {
    49. 

  49.             $member_handler = xoops_getHandler('member');
    50. 

  50.             $user           = $member_handler->getUser($user);
    51. 

  51.         }
    52. 

  52.         if (!is_object($user)) {
    53. 

  53.             return false;
    54. 

  54.         }
    55. 

  55. 

  56.         xoops_loadLanguage('user');
    57. 

  57.         $xoopsMailer =& xoops_getMailer();
    58. 

  58.         if ($xoopsConfigUser['welcome_type'] == 1 || $xoopsConfigUser['welcome_type'] == 3) {
    59. 

  59.             $xoopsMailer->useMail();
    60. 

  60.         }
    61. 

  61.         if ($xoopsConfigUser['welcome_type'] == 2 || $xoopsConfigUser['welcome_type'] == 3) {
    62. 

  62.             $xoopsMailer->usePM();
    63. 

  63.         }
    64. 

  64.         $xoopsMailer->setTemplate('welcome.tpl');
    65. 

  65.         $xoopsMailer->setSubject(sprintf(_US_WELCOME_SUBJECT, $xoopsConfig['sitename']));
    66. 

  66.         $xoopsMailer->setToUsers($user);
    67. 

  67.         if ($xoopsConfigUser['reg_dispdsclmr'] && $xoopsConfigUser['reg_disclaimer']) {
    68. 

  68.             $xoopsMailer->assign('TERMSOFUSE', $xoopsConfigUser['reg_disclaimer']);
    69. 

  69.         } else {
    70. 

  70.             $xoopsMailer->assign('TERMSOFUSE', '');
    71. 

  71.         }
    72. 

  72. 

  73.         return $xoopsMailer->send();
    74. 

  74.     }
    75. 

  75.     /**
    76. 

  76.      * $uname, $email, $pass = null, $vpass = null
    77. 

  77.      */
    78. 

  78.     /**
    79. 

  79.      * XoopsUserUtility::validate
    80. 

  80.      *
    81. 

  81.      * @return bool|string
    82. 

  82.      */
    83. 

  83.     public static function validate()
    84. 

  84.     {
    85. 

  85.         global $xoopsUser;
    86. 

  86. 

  87.         $args     = func_get_args();
    88. 

  88.         $args_num = func_num_args();
    89. 

  89. 

  90.         $user  = null;
    91. 

  91.         $uname = null;
    92. 

  92.         $email = null;
    93. 

  93.         $pass  = null;
    94. 

  94.         $vpass = null;
    95. 

  95. 

  96.         switch ($args_num) {
    97. 

  97.             case 1:
    98. 

  98.                 $user = $args[0];
    99. 

  99.                 break;
    100. 

  100.             case 2:
    101. 

  101.                 list($uname, $email) = $args;
    102. 

  102.                 break;
    103. 

  103.             case 3:
    104. 

  104.                 list($user, $pass, $vpass) = $args;
    105. 

  105.                 break;
    106. 

  106.             case 4:
    107. 

  107.                 list($uname, $email, $pass, $vpass) = $args;
    108. 

  108.                 break;
    109. 

  109.             default:
    110. 

  110.                 return false;
    111. 

  111.         }
    112. 

  112.         if (is_object($user)) {
    113. 

  113.             $uname = $user->getVar('uname', 'n');
    114. 

  114.             $email = $user->getVar('email', 'n');
    115. 

  115.         }
    116. 

  116. 

  117.         $config_handler  = xoops_getHandler('config');
    118. 

  118.         $xoopsConfigUser = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
    119. 

  119. 

  120.         xoops_loadLanguage('user');
    121. 

  121.         $myts = MyTextSanitizer::getInstance();
    122. 

  122. 

  123.         $xoopsUser_isAdmin = is_object($xoopsUser) && $xoopsUser->isAdmin();
    124. 

  124.         $stop              = '';
    125. 

  125.         // Invalid email address
    126. 

  126.         if (!checkEmail($email)) {
    127. 

  127.             $stop .= _US_INVALIDMAIL . '<br />';
    128. 

  128.         }
    129. 

  129.         if (strrpos($email, ' ') > 0) {
    130. 

  130.             $stop .= _US_EMAILNOSPACES . '<br />';
    131. 

  131.         }
    132. 

  132.         // Check forbidden email address if current operator is not an administrator
    133. 

  133.         if (!$xoopsUser_isAdmin) {
    134. 

  134.             foreach ($xoopsConfigUser['bad_emails'] as $be) {
    135. 

  135.                 if (!empty($be) && preg_match('/' . $be . '/i', $email)) {
    136. 

  136.                     $stop .= _US_INVALIDMAIL . '<br />';
    137. 

  137.                     break;
    138. 

  138.                 }
    139. 

  139.             }
    140. 

  140.         }
    141. 

  141.         $uname = xoops_trim($uname);
    142. 

  142.         switch ($xoopsConfigUser['uname_test_level']) {
    143. 

  143.             case 0:
    144. 

  144.                 // strict
    145. 

  145.                 $restriction = '/[^a-zA-Z0-9\_\-]/';
    146. 

  146.                 break;
    147. 

  147.             case 1:
    148. 

  148.                 // medium
    149. 

  149.                 $restriction = '/[^a-zA-Z0-9\_\-\<\>\,\.\$\%\#\@\!\\\'\']/';
    150. 

  150.                 break;
    151. 

  151.             case 2:
    152. 

  152.                 // loose
    153. 

  153.                 $restriction = '/[\000-\040]/';
    154. 

  154.                 break;
    155. 

  155.         }
    156. 

  156.         if (empty($uname) || preg_match($restriction, $uname)) {
    157. 

  157.             $stop .= _US_INVALIDNICKNAME . '<br />';
    158. 

  158.         }
    159. 

  159.         // Check uname settings if current operator is not an administrator
    160. 

  160.         if (!$xoopsUser_isAdmin) {
    161. 

  161.             if (strlen($uname) > $xoopsConfigUser['maxuname']) {
    162. 

  162.                 $stop .= sprintf(_US_NICKNAMETOOLONG, $xoopsConfigUser['maxuname']) . '<br />';
    163. 

  163.             }
    164. 

  164.             if (strlen($uname) < $xoopsConfigUser['minuname']) {
    165. 

  165.                 $stop .= sprintf(_US_NICKNAMETOOSHORT, $xoopsConfigUser['minuname']) . '<br />';
    166. 

  166.             }
    167. 

  167.             foreach ($xoopsConfigUser['bad_unames'] as $bu) {
    168. 

  168.                 if (!empty($bu) && preg_match('/' . $bu . '/i', $uname)) {
    169. 

  169.                     $stop .= _US_NAMERESERVED . '<br />';
    170. 

  170.                     break;
    171. 

  171.                 }
    172. 

  172.             }
    173. 

  173.             /**
    174. 

  174.              * if (strrpos($uname, ' ') > 0) {
    175. 

  175.              * $stop .= _US_NICKNAMENOSPACES . '<br />';
    176. 

  176.              * }
    177. 

  177.              */
    178. 

  178.         }
    179. 

  179.         $xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
    180. 

  180.         // Check if uname/email already exists if the user is a new one
    181. 

  181.         $uid    = is_object($user) ? $user->getVar('uid') : 0;
    182. 

  182.         $sql    = 'SELECT COUNT(*) FROM `' . $xoopsDB->prefix('users') . '` WHERE `uname` = ' . $xoopsDB->quote(addslashes($uname)) . (($uid > 0) ? " AND `uid` <> {$uid}" : '');
    183. 

  183.         $result = $xoopsDB->query($sql);
    184. 

  184.         list($count) = $xoopsDB->fetchRow($result);
    185. 

  185.         if ($count > 0) {
    186. 

  186.             $stop .= _US_NICKNAMETAKEN . '<br />';
    187. 

  187.         }
    188. 

  188.         $sql    = 'SELECT COUNT(*) FROM `' . $xoopsDB->prefix('users') . '` WHERE `email` = ' . $xoopsDB->quote(addslashes($email)) . (($uid > 0) ? " AND `uid` <> {$uid}" : '');
    189. 

  189.         $result = $xoopsDB->query($sql);
    190. 

  190.         list($count) = $xoopsDB->fetchRow($result);
    191. 

  191.         if ($count > 0) {
    192. 

  192.             $stop .= _US_EMAILTAKEN . '<br />';
    193. 

  193.         }
    194. 

  194.         // If password is not set, skip password validation
    195. 

  195.         if ($pass === null && $vpass === null) {
    196. 

  196.             return $stop;
    197. 

  197.         }
    198. 

  198. 

  199.         if (!isset($pass) || $pass == '' || !isset($vpass) || $vpass == '') {
    200. 

  200.             $stop .= _US_ENTERPWD . '<br />';
    201. 

  201.         }
    202. 

  202.         if (isset($pass) && ($pass != $vpass)) {
    203. 

  203.             $stop .= _US_PASSNOTSAME . '<br />';
    204. 

  204.         } elseif (($pass != '') && (strlen($pass) < $xoopsConfigUser['minpass'])) {
    205. 

  205.             $stop .= sprintf(_US_PWDTOOSHORT, $xoopsConfigUser['minpass']) . '<br />';
    206. 

  206.         }
    207. 

  207. 

  208.         return $stop;
    209. 

  209.     }
    210. 

  210. 

  211.     /**
    212. 

  212.      * Get client IP
    213. 

  213.      *
    214. 

  214.      * Adapted from PMA_getIp() [phpmyadmin project]
    215. 

  215.      *
    216. 

  216.      * @param  bool $asString requiring integer or dotted string
    217. 

  217.      * @return mixed string or integer value for the IP
    218. 

  218.      */
    219. 

  219.     public static function getIP($asString = false)
    220. 

  220.     {
    221. 

  221.         // Gets the proxy ip sent by the user
    222. 

  222.         $proxy_ip = '';
    223. 

  223.         if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    224. 

  224.             $proxy_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    225. 

  225.         } elseif (!empty($_SERVER['HTTP_X_FORWARDED'])) {
    226. 

  226.             $proxy_ip = $_SERVER['HTTP_X_FORWARDED'];
    227. 

  227.         } elseif (!empty($_SERVER['HTTP_FORWARDED_FOR'])) {
    228. 

  228.             $proxy_ip = $_SERVER['HTTP_FORWARDED_FOR'];
    229. 

  229.         } elseif (!empty($_SERVER['HTTP_FORWARDED'])) {
    230. 

  230.             $proxy_ip = $_SERVER['HTTP_FORWARDED'];
    231. 

  231.         } elseif (!empty($_SERVER['HTTP_VIA'])) {
    232. 

  232.             $proxy_ip = $_SERVER['HTTP_VIA'];
    233. 

  233.         } elseif (!empty($_SERVER['HTTP_X_COMING_FROM'])) {
    234. 

  234.             $proxy_ip = $_SERVER['HTTP_X_COMING_FROM'];
    235. 

  235.         } elseif (!empty($_SERVER['HTTP_COMING_FROM'])) {
    236. 

  236.             $proxy_ip = $_SERVER['HTTP_COMING_FROM'];
    237. 

  237.         }
    238. 

  238.         if (!empty($proxy_ip)) {
    239. 

  239.             $ip = new \Xmf\IPAddress($proxy_ip);
    240. 

  240.             if (false === $ip->asReadable()) {
    241. 

  241.                 $ip = \Xmf\IPAddress::fromRequest();
    242. 

  242.             }
    243. 

  243.         } else {
    244. 

  244.             $ip = \Xmf\IPAddress::fromRequest();
    245. 

  245.         }
    246. 

  246. 

  247.         // this really should return $ip->asBinary() instead of ip2long, but for IPv6, this will
    248. 

  248.         // return false when the ip2long() fails. Callers are not expecting binary strings.
    249. 

  249.         $the_IP = $asString ? $ip->asReadable() : ip2long($ip->asReadable());
    250. 

  250. 

  251.         return $the_IP;
    252. 

  252.     }
    253. 

  253. 

  254.     /**
    255. 

  255.      * XoopsUserUtility::getUnameFromIds()
    256. 

  256.      *
    257. 

  257.      * @param  mixed $uid
    258. 

  258.      * @param  mixed $usereal
    259. 

  259.      * @param  mixed $linked
    260. 

  260.      * @return array
    261. 

  261.      */
    262. 

  262.     public static function getUnameFromIds($uid, $usereal = false, $linked = false)
    263. 

  263.     {
    264. 

  264.         if (!is_array($uid)) {
    265. 

  265.             $uid = array($uid);
    266. 

  266.         }
    267. 

  267.         $userid = array_map('intval', array_filter($uid));
    268. 

  268. 

  269.         $myts  = MyTextSanitizer::getInstance();
    270. 

  270.         $users = array();
    271. 

  271.         if (count($userid) > 0) {
    272. 

  272.             $xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
    273. 

  273.             $sql     = 'SELECT uid, uname, name FROM ' . $xoopsDB->prefix('users') . ' WHERE level > 0 AND uid IN(' . implode(',', array_unique($userid)) . ')';
    274. 

  274.             if (!$result = $xoopsDB->query($sql)) {
    275. 

  275.                 return $users;
    276. 

  276.             }
    277. 

  277.             while ($row = $xoopsDB->fetchArray($result)) {
    278. 

  278.                 $uid = $row['uid'];
    279. 

  279.                 if ($usereal && $row['name']) {
    280. 

  280.                     $users[$uid] = $myts->htmlSpecialChars($row['name']);
    281. 

  281.                 } else {
    282. 

  282.                     $users[$uid] = $myts->htmlSpecialChars($row['uname']);
    283. 

  283.                 }
    284. 

  284.                 if ($linked) {
    285. 

  285.                     $users[$uid] = '<a href="' . XOOPS_URL . '/userinfo.php?uid=' . $uid . '" title="' . $users[$uid] . '">' . $users[$uid] . '</a>';
    286. 

  286.                 }
    287. 

  287.             }
    288. 

  288.         }
    289. 

  289.         if (in_array(0, $users, true)) {
    290. 

  290.             $users[0] = $myts->htmlSpecialChars($GLOBALS['xoopsConfig']['anonymous']);
    291. 

  291.         }
    292. 

  292. 

  293.         return $users;
    294. 

  294.     }
    295. 

  295. 

  296.     /**
    297. 

  297.      * XoopsUserUtility::getUnameFromId()
    298. 

  298.      *
    299. 

  299.      * @param  mixed $userid
    300. 

  300.      * @param  mixed $usereal
    301. 

  301.      * @param  mixed $linked
    302. 

  302.      * @return string
    303. 

  303.      */
    304. 

  304.     public static function getUnameFromId($userid, $usereal = false, $linked = false)
    305. 

  305.     {
    306. 

  306.         $myts     = MyTextSanitizer::getInstance();
    307. 

  307.         $userid   = (int)$userid;
    308. 

  308.         $username = '';
    309. 

  309.         if ($userid > 0) {
    310. 

  310.             $member_handler = xoops_getHandler('member');
    311. 

  311.             $user           = $member_handler->getUser($userid);
    312. 

  312.             if (is_object($user)) {
    313. 

  313.                 if ($usereal && $user->getVar('name')) {
    314. 

  314.                     $username = $user->getVar('name');
    315. 

  315.                 } else {
    316. 

  316.                     $username = $user->getVar('uname');
    317. 

  317.                 }
    318. 

  318.                 if (!empty($linked)) {
    319. 

  319.                     $username = '<a href="' . XOOPS_URL . '/userinfo.php?uid=' . $userid . '" title="' . $username . '">' . $username . '</a>';
    320. 

  320.                 }
    321. 

  321.             }
    322. 

  322.         }
    323. 

  323.         if (empty($username)) {
    324. 

  324.             $username = $myts->htmlSpecialChars($GLOBALS['xoopsConfig']['anonymous']);
    325. 

  325.         }
    326. 

  326. 

  327.         return $username;
    328. 

  328.     }
    329. 

  329. }
    330. 

  330.