PageRenderTime 59ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 1ms

/sources/subs/Members.subs.php

https://github.com/Arantor/Elkarte
PHP | 1414 lines | 1020 code | 154 blank | 240 comment | 163 complexity | 249a08360dbe0ef0857b112aa3b14e4d MD5 | raw file
Possible License(s): BSD-3-Clause, LGPL-3.0
  1. <?php
  2. /**
  3. * @name ElkArte Forum
  4. * @copyright ElkArte Forum contributors
  5. * @license BSD http://opensource.org/licenses/BSD-3-Clause
  6. *
  7. * This software is a derived product, based on:
  8. *
  9. * Simple Machines Forum (SMF)
  10. * copyright: 2011 Simple Machines (http://www.simplemachines.org)
  11. * license: BSD, See included LICENSE.TXT for terms and conditions.
  12. *
  13. * @version 1.0 Alpha
  14. *
  15. * This file contains some useful functions for members and membergroups.
  16. *
  17. */
  18. if (!defined('ELKARTE'))
  19. die('No access...');
  20. /**
  21. * Delete one or more members.
  22. * Requires profile_remove_own or profile_remove_any permission for
  23. * respectively removing your own account or any account.
  24. * Non-admins cannot delete admins.
  25. * The function:
  26. * - changes author of messages, topics and polls to guest authors.
  27. * - removes all log entries concerning the deleted members, except the
  28. * error logs, ban logs and moderation logs.
  29. * - removes these members' personal messages (only the inbox), avatars,
  30. * ban entries, theme settings, moderator positions, poll votes, and
  31. * karma votes.
  32. * - updates member statistics afterwards.
  33. *
  34. * @param array $users
  35. * @param bool $check_not_admin = false
  36. */
  37. function deleteMembers($users, $check_not_admin = false)
  38. {
  39. global $modSettings, $user_info, $smcFunc;
  40. // Try give us a while to sort this out...
  41. @set_time_limit(600);
  42. // Try to get some more memory.
  43. setMemoryLimit('128M');
  44. // If it's not an array, make it so!
  45. if (!is_array($users))
  46. $users = array($users);
  47. else
  48. $users = array_unique($users);
  49. // Make sure there's no void user in here.
  50. $users = array_diff($users, array(0));
  51. // How many are they deleting?
  52. if (empty($users))
  53. return;
  54. elseif (count($users) == 1)
  55. {
  56. list ($user) = $users;
  57. if ($user == $user_info['id'])
  58. isAllowedTo('profile_remove_own');
  59. else
  60. isAllowedTo('profile_remove_any');
  61. }
  62. else
  63. {
  64. foreach ($users as $k => $v)
  65. $users[$k] = (int) $v;
  66. // Deleting more than one? You can't have more than one account...
  67. isAllowedTo('profile_remove_any');
  68. }
  69. // Get their names for logging purposes.
  70. $request = $smcFunc['db_query']('', '
  71. SELECT id_member, member_name, CASE WHEN id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 THEN 1 ELSE 0 END AS is_admin
  72. FROM {db_prefix}members
  73. WHERE id_member IN ({array_int:user_list})
  74. LIMIT ' . count($users),
  75. array(
  76. 'user_list' => $users,
  77. 'admin_group' => 1,
  78. )
  79. );
  80. $admins = array();
  81. $user_log_details = array();
  82. while ($row = $smcFunc['db_fetch_assoc']($request))
  83. {
  84. if ($row['is_admin'])
  85. $admins[] = $row['id_member'];
  86. $user_log_details[$row['id_member']] = array($row['id_member'], $row['member_name']);
  87. }
  88. $smcFunc['db_free_result']($request);
  89. if (empty($user_log_details))
  90. return;
  91. // Make sure they aren't trying to delete administrators if they aren't one. But don't bother checking if it's just themself.
  92. if (!empty($admins) && ($check_not_admin || (!allowedTo('admin_forum') && (count($users) != 1 || $users[0] != $user_info['id']))))
  93. {
  94. $users = array_diff($users, $admins);
  95. foreach ($admins as $id)
  96. unset($user_log_details[$id]);
  97. }
  98. // No one left?
  99. if (empty($users))
  100. return;
  101. // Log the action - regardless of who is deleting it.
  102. $log_changes = array();
  103. foreach ($user_log_details as $user)
  104. {
  105. $log_changes[] = array(
  106. 'action' => 'delete_member',
  107. 'log_type' => 'admin',
  108. 'extra' => array(
  109. 'member' => $user[0],
  110. 'name' => $user[1],
  111. 'member_acted' => $user_info['name'],
  112. ),
  113. );
  114. // Remove any cached data if enabled.
  115. if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2)
  116. cache_put_data('user_settings-' . $user[0], null, 60);
  117. }
  118. // Make these peoples' posts guest posts.
  119. $smcFunc['db_query']('', '
  120. UPDATE {db_prefix}messages
  121. SET id_member = {int:guest_id}' . (!empty($modSettings['deleteMembersRemovesEmail']) ? ',
  122. poster_email = {string:blank_email}' : '') . '
  123. WHERE id_member IN ({array_int:users})',
  124. array(
  125. 'guest_id' => 0,
  126. 'blank_email' => '',
  127. 'users' => $users,
  128. )
  129. );
  130. $smcFunc['db_query']('', '
  131. UPDATE {db_prefix}polls
  132. SET id_member = {int:guest_id}
  133. WHERE id_member IN ({array_int:users})',
  134. array(
  135. 'guest_id' => 0,
  136. 'users' => $users,
  137. )
  138. );
  139. // Make these peoples' posts guest first posts and last posts.
  140. $smcFunc['db_query']('', '
  141. UPDATE {db_prefix}topics
  142. SET id_member_started = {int:guest_id}
  143. WHERE id_member_started IN ({array_int:users})',
  144. array(
  145. 'guest_id' => 0,
  146. 'users' => $users,
  147. )
  148. );
  149. $smcFunc['db_query']('', '
  150. UPDATE {db_prefix}topics
  151. SET id_member_updated = {int:guest_id}
  152. WHERE id_member_updated IN ({array_int:users})',
  153. array(
  154. 'guest_id' => 0,
  155. 'users' => $users,
  156. )
  157. );
  158. $smcFunc['db_query']('', '
  159. UPDATE {db_prefix}log_actions
  160. SET id_member = {int:guest_id}
  161. WHERE id_member IN ({array_int:users})',
  162. array(
  163. 'guest_id' => 0,
  164. 'users' => $users,
  165. )
  166. );
  167. $smcFunc['db_query']('', '
  168. UPDATE {db_prefix}log_banned
  169. SET id_member = {int:guest_id}
  170. WHERE id_member IN ({array_int:users})',
  171. array(
  172. 'guest_id' => 0,
  173. 'users' => $users,
  174. )
  175. );
  176. $smcFunc['db_query']('', '
  177. UPDATE {db_prefix}log_errors
  178. SET id_member = {int:guest_id}
  179. WHERE id_member IN ({array_int:users})',
  180. array(
  181. 'guest_id' => 0,
  182. 'users' => $users,
  183. )
  184. );
  185. // Delete the member.
  186. $smcFunc['db_query']('', '
  187. DELETE FROM {db_prefix}members
  188. WHERE id_member IN ({array_int:users})',
  189. array(
  190. 'users' => $users,
  191. )
  192. );
  193. // Delete any drafts...
  194. $smcFunc['db_query']('', '
  195. DELETE FROM {db_prefix}user_drafts
  196. WHERE id_member IN ({array_int:users})',
  197. array(
  198. 'users' => $users,
  199. )
  200. );
  201. // Delete the logs...
  202. $smcFunc['db_query']('', '
  203. DELETE FROM {db_prefix}log_actions
  204. WHERE id_log = {int:log_type}
  205. AND id_member IN ({array_int:users})',
  206. array(
  207. 'log_type' => 2,
  208. 'users' => $users,
  209. )
  210. );
  211. $smcFunc['db_query']('', '
  212. DELETE FROM {db_prefix}log_boards
  213. WHERE id_member IN ({array_int:users})',
  214. array(
  215. 'users' => $users,
  216. )
  217. );
  218. $smcFunc['db_query']('', '
  219. DELETE FROM {db_prefix}log_comments
  220. WHERE id_recipient IN ({array_int:users})
  221. AND comment_type = {string:warntpl}',
  222. array(
  223. 'users' => $users,
  224. 'warntpl' => 'warntpl',
  225. )
  226. );
  227. $smcFunc['db_query']('', '
  228. DELETE FROM {db_prefix}log_group_requests
  229. WHERE id_member IN ({array_int:users})',
  230. array(
  231. 'users' => $users,
  232. )
  233. );
  234. $smcFunc['db_query']('', '
  235. DELETE FROM {db_prefix}log_karma
  236. WHERE id_target IN ({array_int:users})
  237. OR id_executor IN ({array_int:users})',
  238. array(
  239. 'users' => $users,
  240. )
  241. );
  242. $smcFunc['db_query']('', '
  243. DELETE FROM {db_prefix}log_mark_read
  244. WHERE id_member IN ({array_int:users})',
  245. array(
  246. 'users' => $users,
  247. )
  248. );
  249. $smcFunc['db_query']('', '
  250. DELETE FROM {db_prefix}log_notify
  251. WHERE id_member IN ({array_int:users})',
  252. array(
  253. 'users' => $users,
  254. )
  255. );
  256. $smcFunc['db_query']('', '
  257. DELETE FROM {db_prefix}log_online
  258. WHERE id_member IN ({array_int:users})',
  259. array(
  260. 'users' => $users,
  261. )
  262. );
  263. $smcFunc['db_query']('', '
  264. DELETE FROM {db_prefix}log_subscribed
  265. WHERE id_member IN ({array_int:users})',
  266. array(
  267. 'users' => $users,
  268. )
  269. );
  270. $smcFunc['db_query']('', '
  271. DELETE FROM {db_prefix}log_topics
  272. WHERE id_member IN ({array_int:users})',
  273. array(
  274. 'users' => $users,
  275. )
  276. );
  277. $smcFunc['db_query']('', '
  278. DELETE FROM {db_prefix}collapsed_categories
  279. WHERE id_member IN ({array_int:users})',
  280. array(
  281. 'users' => $users,
  282. )
  283. );
  284. // Make their votes appear as guest votes - at least it keeps the totals right.
  285. // @todo Consider adding back in cookie protection.
  286. $smcFunc['db_query']('', '
  287. UPDATE {db_prefix}log_polls
  288. SET id_member = {int:guest_id}
  289. WHERE id_member IN ({array_int:users})',
  290. array(
  291. 'guest_id' => 0,
  292. 'users' => $users,
  293. )
  294. );
  295. // Delete personal messages.
  296. require_once(SUBSDIR . '/PersonalMessage.subs.php');
  297. deleteMessages(null, null, $users);
  298. $smcFunc['db_query']('', '
  299. UPDATE {db_prefix}personal_messages
  300. SET id_member_from = {int:guest_id}
  301. WHERE id_member_from IN ({array_int:users})',
  302. array(
  303. 'guest_id' => 0,
  304. 'users' => $users,
  305. )
  306. );
  307. // They no longer exist, so we don't know who it was sent to.
  308. $smcFunc['db_query']('', '
  309. DELETE FROM {db_prefix}pm_recipients
  310. WHERE id_member IN ({array_int:users})',
  311. array(
  312. 'users' => $users,
  313. )
  314. );
  315. // Delete avatar.
  316. require_once(SUBSDIR . '/Attachments.subs.php');
  317. removeAttachments(array('id_member' => $users));
  318. // It's over, no more moderation for you.
  319. $smcFunc['db_query']('', '
  320. DELETE FROM {db_prefix}moderators
  321. WHERE id_member IN ({array_int:users})',
  322. array(
  323. 'users' => $users,
  324. )
  325. );
  326. $smcFunc['db_query']('', '
  327. DELETE FROM {db_prefix}group_moderators
  328. WHERE id_member IN ({array_int:users})',
  329. array(
  330. 'users' => $users,
  331. )
  332. );
  333. // If you don't exist we can't ban you.
  334. $smcFunc['db_query']('', '
  335. DELETE FROM {db_prefix}ban_items
  336. WHERE id_member IN ({array_int:users})',
  337. array(
  338. 'users' => $users,
  339. )
  340. );
  341. // Remove individual theme settings.
  342. $smcFunc['db_query']('', '
  343. DELETE FROM {db_prefix}themes
  344. WHERE id_member IN ({array_int:users})',
  345. array(
  346. 'users' => $users,
  347. )
  348. );
  349. // These users are nobody's buddy nomore.
  350. $request = $smcFunc['db_query']('', '
  351. SELECT id_member, pm_ignore_list, buddy_list
  352. FROM {db_prefix}members
  353. WHERE FIND_IN_SET({raw:pm_ignore_list}, pm_ignore_list) != 0 OR FIND_IN_SET({raw:buddy_list}, buddy_list) != 0',
  354. array(
  355. 'pm_ignore_list' => implode(', pm_ignore_list) != 0 OR FIND_IN_SET(', $users),
  356. 'buddy_list' => implode(', buddy_list) != 0 OR FIND_IN_SET(', $users),
  357. )
  358. );
  359. while ($row = $smcFunc['db_fetch_assoc']($request))
  360. $smcFunc['db_query']('', '
  361. UPDATE {db_prefix}members
  362. SET
  363. pm_ignore_list = {string:pm_ignore_list},
  364. buddy_list = {string:buddy_list}
  365. WHERE id_member = {int:id_member}',
  366. array(
  367. 'id_member' => $row['id_member'],
  368. 'pm_ignore_list' => implode(',', array_diff(explode(',', $row['pm_ignore_list']), $users)),
  369. 'buddy_list' => implode(',', array_diff(explode(',', $row['buddy_list']), $users)),
  370. )
  371. );
  372. $smcFunc['db_free_result']($request);
  373. // Make sure no member's birthday is still sticking in the calendar...
  374. updateSettings(array(
  375. 'calendar_updated' => time(),
  376. ));
  377. // Integration rocks!
  378. call_integration_hook('integrate_delete_members', array($users));
  379. updateStats('member');
  380. require_once(SOURCEDIR . '/Logging.php');
  381. logActions($log_changes);
  382. }
  383. /**
  384. * Registers a member to the forum.
  385. * Allows two types of interface: 'guest' and 'admin'. The first
  386. * includes hammering protection, the latter can perform the
  387. * registration silently.
  388. * The strings used in the options array are assumed to be escaped.
  389. * Allows to perform several checks on the input, e.g. reserved names.
  390. * The function will adjust member statistics.
  391. * If an error is detected will fatal error on all errors unless return_errors is true.
  392. *
  393. * @param array $regOptions
  394. * @param bool $return_errors - specify whether to return the errors
  395. * @return int, the ID of the newly created member
  396. */
  397. function registerMember(&$regOptions, $return_errors = false)
  398. {
  399. global $scripturl, $txt, $modSettings, $context;
  400. global $user_info, $options, $settings, $smcFunc;
  401. loadLanguage('Login');
  402. // We'll need some external functions.
  403. require_once(SUBSDIR . '/Auth.subs.php');
  404. require_once(SUBSDIR . '/Mail.subs.php');
  405. // Put any errors in here.
  406. $reg_errors = array();
  407. // Registration from the admin center, let them sweat a little more.
  408. if ($regOptions['interface'] == 'admin')
  409. {
  410. is_not_guest();
  411. isAllowedTo('moderate_forum');
  412. }
  413. // If you're an admin, you're special ;).
  414. elseif ($regOptions['interface'] == 'guest')
  415. {
  416. // You cannot register twice...
  417. if (empty($user_info['is_guest']))
  418. redirectexit();
  419. // Make sure they didn't just register with this session.
  420. if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck']))
  421. fatal_lang_error('register_only_once', false);
  422. }
  423. // What method of authorization are we going to use?
  424. if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid')))
  425. {
  426. if (!empty($regOptions['openid']))
  427. $regOptions['auth_method'] = 'openid';
  428. else
  429. $regOptions['auth_method'] = 'password';
  430. }
  431. // Spaces and other odd characters are evil...
  432. $regOptions['username'] = preg_replace('~[\t\n\r\x0B\0\x{A0}]+~u', ' ', $regOptions['username']);
  433. // @todo Separate the sprintf?
  434. if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255)
  435. $reg_errors[] = array('done', sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($regOptions['username'])));
  436. $username_validation_errors = validateUsername(0, $regOptions['username'], true, !empty($regOptions['check_reserved_name']));
  437. if (!empty($username_validation_errors))
  438. $reg_errors = array_merge($reg_errors, $username_validation_errors);
  439. // Generate a validation code if it's supposed to be emailed.
  440. $validation_code = '';
  441. if ($regOptions['require'] == 'activation')
  442. $validation_code = generateValidationCode();
  443. // If you haven't put in a password generate one.
  444. if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password')
  445. {
  446. mt_srand(time() + 1277);
  447. $regOptions['password'] = generateValidationCode();
  448. $regOptions['password_check'] = $regOptions['password'];
  449. }
  450. // Does the first password match the second?
  451. elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password')
  452. $reg_errors[] = array('lang', 'passwords_dont_match');
  453. // That's kind of easy to guess...
  454. if ($regOptions['password'] == '')
  455. {
  456. if ($regOptions['auth_method'] == 'password')
  457. $reg_errors[] = array('lang', 'no_password');
  458. else
  459. $regOptions['password'] = sha1(mt_rand());
  460. }
  461. // Now perform hard password validation as required.
  462. if (!empty($regOptions['check_password_strength']))
  463. {
  464. $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
  465. // Password isn't legal?
  466. if ($passwordError != null)
  467. $reg_errors[] = array('lang', 'profile_error_password_' . $passwordError);
  468. }
  469. // If they are using an OpenID that hasn't been verified yet error out.
  470. // @todo Change this so they can register without having to attempt a login first
  471. if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid']))
  472. $reg_errors[] = array('lang', 'openid_not_verified');
  473. // You may not be allowed to register this email.
  474. if (!empty($regOptions['check_email_ban']))
  475. isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
  476. // Check if the email address is in use.
  477. $request = $smcFunc['db_query']('', '
  478. SELECT id_member
  479. FROM {db_prefix}members
  480. WHERE email_address = {string:email_address}
  481. OR email_address = {string:username}
  482. LIMIT 1',
  483. array(
  484. 'email_address' => $regOptions['email'],
  485. 'username' => $regOptions['username'],
  486. )
  487. );
  488. // @todo Separate the sprintf?
  489. if ($smcFunc['db_num_rows']($request) != 0)
  490. $reg_errors[] = array('lang', 'email_in_use', false, array(htmlspecialchars($regOptions['email'])));
  491. $smcFunc['db_free_result']($request);
  492. // If we found any errors we need to do something about it right away!
  493. foreach ($reg_errors as $key => $error)
  494. {
  495. /* Note for each error:
  496. 0 = 'lang' if it's an index, 'done' if it's clear text.
  497. 1 = The text/index.
  498. 2 = Whether to log.
  499. 3 = sprintf data if necessary. */
  500. if ($error[0] == 'lang')
  501. loadLanguage('Errors');
  502. $message = $error[0] == 'lang' ? (empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3])) : $error[1];
  503. // What to do, what to do, what to do.
  504. if ($return_errors)
  505. {
  506. if (!empty($error[2]))
  507. log_error($message, $error[2]);
  508. $reg_errors[$key] = $message;
  509. }
  510. else
  511. fatal_error($message, empty($error[2]) ? false : $error[2]);
  512. }
  513. // If there's any errors left return them at once!
  514. if (!empty($reg_errors))
  515. return $reg_errors;
  516. $reservedVars = array(
  517. 'actual_theme_url',
  518. 'actual_images_url',
  519. 'base_theme_dir',
  520. 'base_theme_url',
  521. 'default_images_url',
  522. 'default_theme_dir',
  523. 'default_theme_url',
  524. 'default_template',
  525. 'images_url',
  526. 'number_recent_posts',
  527. 'smiley_sets_default',
  528. 'theme_dir',
  529. 'theme_id',
  530. 'theme_layers',
  531. 'theme_templates',
  532. 'theme_url',
  533. );
  534. // Can't change reserved vars.
  535. if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0)
  536. fatal_lang_error('no_theme');
  537. // Some of these might be overwritten. (the lower ones that are in the arrays below.)
  538. $regOptions['register_vars'] = array(
  539. 'member_name' => $regOptions['username'],
  540. 'email_address' => $regOptions['email'],
  541. 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']),
  542. 'password_salt' => substr(md5(mt_rand()), 0, 4) ,
  543. 'posts' => 0,
  544. 'date_registered' => time(),
  545. 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'],
  546. 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'],
  547. 'validation_code' => $validation_code,
  548. 'real_name' => $regOptions['username'],
  549. 'personal_text' => $modSettings['default_personal_text'],
  550. 'pm_email_notify' => 1,
  551. 'id_theme' => 0,
  552. 'id_post_group' => 4,
  553. 'lngfile' => '',
  554. 'buddy_list' => '',
  555. 'pm_ignore_list' => '',
  556. 'message_labels' => '',
  557. 'website_title' => '',
  558. 'website_url' => '',
  559. 'location' => '',
  560. 'time_format' => '',
  561. 'signature' => '',
  562. 'avatar' => '',
  563. 'usertitle' => '',
  564. 'secret_question' => '',
  565. 'secret_answer' => '',
  566. 'additional_groups' => '',
  567. 'ignore_boards' => '',
  568. 'smiley_set' => '',
  569. 'openid_uri' => (!empty($regOptions['openid']) ? $regOptions['openid'] : ''),
  570. );
  571. // Setup the activation status on this new account so it is correct - firstly is it an under age account?
  572. if ($regOptions['require'] == 'coppa')
  573. {
  574. $regOptions['register_vars']['is_activated'] = 5;
  575. // @todo This should be changed. To what should be it be changed??
  576. $regOptions['register_vars']['validation_code'] = '';
  577. }
  578. // Maybe it can be activated right away?
  579. elseif ($regOptions['require'] == 'nothing')
  580. $regOptions['register_vars']['is_activated'] = 1;
  581. // Maybe it must be activated by email?
  582. elseif ($regOptions['require'] == 'activation')
  583. $regOptions['register_vars']['is_activated'] = 0;
  584. // Otherwise it must be awaiting approval!
  585. else
  586. $regOptions['register_vars']['is_activated'] = 3;
  587. if (isset($regOptions['memberGroup']))
  588. {
  589. // Make sure the id_group will be valid, if this is an administator.
  590. $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
  591. // Check if this group is assignable.
  592. $unassignableGroups = array(-1, 3);
  593. $request = $smcFunc['db_query']('', '
  594. SELECT id_group
  595. FROM {db_prefix}membergroups
  596. WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
  597. OR group_type = {int:is_protected}'),
  598. array(
  599. 'min_posts' => -1,
  600. 'is_protected' => 1,
  601. )
  602. );
  603. while ($row = $smcFunc['db_fetch_assoc']($request))
  604. $unassignableGroups[] = $row['id_group'];
  605. $smcFunc['db_free_result']($request);
  606. if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups))
  607. $regOptions['register_vars']['id_group'] = 0;
  608. }
  609. // Integrate optional member settings to be set.
  610. if (!empty($regOptions['extra_register_vars']))
  611. foreach ($regOptions['extra_register_vars'] as $var => $value)
  612. $regOptions['register_vars'][$var] = $value;
  613. // Integrate optional user theme options to be set.
  614. $theme_vars = array();
  615. if (!empty($regOptions['theme_vars']))
  616. foreach ($regOptions['theme_vars'] as $var => $value)
  617. $theme_vars[$var] = $value;
  618. // Right, now let's prepare for insertion.
  619. $knownInts = array(
  620. 'date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages',
  621. 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad',
  622. 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types',
  623. 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning',
  624. );
  625. $knownFloats = array(
  626. 'time_offset',
  627. );
  628. // Call an optional function to validate the users' input.
  629. call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, $knownInts, $knownFloats));
  630. $column_names = array();
  631. $values = array();
  632. foreach ($regOptions['register_vars'] as $var => $val)
  633. {
  634. $type = 'string';
  635. if (in_array($var, $knownInts))
  636. $type = 'int';
  637. elseif (in_array($var, $knownFloats))
  638. $type = 'float';
  639. elseif ($var == 'birthdate')
  640. $type = 'date';
  641. $column_names[$var] = $type;
  642. $values[$var] = $val;
  643. }
  644. // Register them into the database.
  645. $smcFunc['db_insert']('',
  646. '{db_prefix}members',
  647. $column_names,
  648. $values,
  649. array('id_member')
  650. );
  651. $memberID = $smcFunc['db_insert_id']('{db_prefix}members', 'id_member');
  652. // Update the number of members and latest member's info - and pass the name, but remove the 's.
  653. if ($regOptions['register_vars']['is_activated'] == 1)
  654. updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
  655. else
  656. updateStats('member');
  657. // Theme variables too?
  658. if (!empty($theme_vars))
  659. {
  660. $inserts = array();
  661. foreach ($theme_vars as $var => $val)
  662. $inserts[] = array($memberID, $var, $val);
  663. $smcFunc['db_insert']('insert',
  664. '{db_prefix}themes',
  665. array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'),
  666. $inserts,
  667. array('id_member', 'variable')
  668. );
  669. }
  670. // If it's enabled, increase the registrations for today.
  671. trackStats(array('registers' => '+'));
  672. // Administrative registrations are a bit different...
  673. if ($regOptions['interface'] == 'admin')
  674. {
  675. if ($regOptions['require'] == 'activation')
  676. $email_message = 'admin_register_activate';
  677. elseif (!empty($regOptions['send_welcome_email']))
  678. $email_message = 'admin_register_immediate';
  679. if (isset($email_message))
  680. {
  681. $replacements = array(
  682. 'REALNAME' => $regOptions['register_vars']['real_name'],
  683. 'USERNAME' => $regOptions['username'],
  684. 'PASSWORD' => $regOptions['password'],
  685. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  686. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  687. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  688. 'ACTIVATIONCODE' => $validation_code,
  689. );
  690. $emaildata = loadEmailTemplate($email_message, $replacements);
  691. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  692. }
  693. // All admins are finished here.
  694. return $memberID;
  695. }
  696. // Can post straight away - welcome them to your fantastic community...
  697. if ($regOptions['require'] == 'nothing')
  698. {
  699. if (!empty($regOptions['send_welcome_email']))
  700. {
  701. $replacements = array(
  702. 'REALNAME' => $regOptions['register_vars']['real_name'],
  703. 'USERNAME' => $regOptions['username'],
  704. 'PASSWORD' => $regOptions['password'],
  705. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  706. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  707. );
  708. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
  709. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  710. }
  711. // Send admin their notification.
  712. require_once(SUBSDIR . '/Post.subs.php');
  713. adminNotify('standard', $memberID, $regOptions['username']);
  714. }
  715. // Need to activate their account - or fall under COPPA.
  716. elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa')
  717. {
  718. $replacements = array(
  719. 'REALNAME' => $regOptions['register_vars']['real_name'],
  720. 'USERNAME' => $regOptions['username'],
  721. 'PASSWORD' => $regOptions['password'],
  722. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  723. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  724. );
  725. if ($regOptions['require'] == 'activation')
  726. $replacements += array(
  727. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  728. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  729. 'ACTIVATIONCODE' => $validation_code,
  730. );
  731. else
  732. $replacements += array(
  733. 'COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID,
  734. );
  735. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
  736. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  737. }
  738. // Must be awaiting approval.
  739. else
  740. {
  741. $replacements = array(
  742. 'REALNAME' => $regOptions['register_vars']['real_name'],
  743. 'USERNAME' => $regOptions['username'],
  744. 'PASSWORD' => $regOptions['password'],
  745. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  746. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  747. );
  748. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
  749. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  750. // Admin gets informed here...
  751. require_once(SUBSDIR . '/Post.subs.php');
  752. adminNotify('approval', $memberID, $regOptions['username']);
  753. }
  754. // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
  755. $_SESSION['just_registered'] = 1;
  756. return $memberID;
  757. }
  758. /**
  759. * Check if a name is in the reserved words list.
  760. * (name, current member id, name/username?.)
  761. * - checks if name is a reserved name or username.
  762. * - if is_name is false, the name is assumed to be a username.
  763. * - the id_member variable is used to ignore duplicate matches with the
  764. * current member.
  765. *
  766. * @param string $name
  767. * @param int $current_ID_MEMBER
  768. * @param bool $is_name
  769. * @param bool $fatal
  770. */
  771. function isReservedName($name, $current_ID_MEMBER = 0, $is_name = true, $fatal = true)
  772. {
  773. global $user_info, $modSettings, $smcFunc, $context;
  774. $name = preg_replace_callback('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~', 'replaceEntities__callback', $name);
  775. $checkName = $smcFunc['strtolower']($name);
  776. // Administrators are never restricted ;).
  777. if (!allowedTo('moderate_forum') && ((!empty($modSettings['reserveName']) && $is_name) || !empty($modSettings['reserveUser']) && !$is_name))
  778. {
  779. $reservedNames = explode("\n", $modSettings['reserveNames']);
  780. // Case sensitive check?
  781. $checkMe = empty($modSettings['reserveCase']) ? $checkName : $name;
  782. // Check each name in the list...
  783. foreach ($reservedNames as $reserved)
  784. {
  785. if ($reserved == '')
  786. continue;
  787. // The admin might've used entities too, level the playing field.
  788. $reservedCheck = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~', 'replaceEntities__callback', $reserved);
  789. // Case sensitive name?
  790. if (empty($modSettings['reserveCase']))
  791. $reservedCheck = $smcFunc['strtolower']($reservedCheck);
  792. // If it's not just entire word, check for it in there somewhere...
  793. if ($checkMe == $reservedCheck || ($smcFunc['strpos']($checkMe, $reservedCheck) !== false && empty($modSettings['reserveWord'])))
  794. if ($fatal)
  795. fatal_lang_error('username_reserved', 'password', array($reserved));
  796. else
  797. return true;
  798. }
  799. $censor_name = $name;
  800. if (censorText($censor_name) != $name)
  801. if ($fatal)
  802. fatal_lang_error('name_censored', 'password', array($name));
  803. else
  804. return true;
  805. }
  806. // Characters we just shouldn't allow, regardless.
  807. foreach (array('*') as $char)
  808. if (strpos($checkName, $char) !== false)
  809. if ($fatal)
  810. fatal_lang_error('username_reserved', 'password', array($char));
  811. else
  812. return true;
  813. // Get rid of any SQL parts of the reserved name...
  814. $checkName = strtr($name, array('_' => '\\_', '%' => '\\%'));
  815. // Make sure they don't want someone else's name.
  816. $request = $smcFunc['db_query']('', '
  817. SELECT id_member
  818. FROM {db_prefix}members
  819. WHERE ' . (empty($current_ID_MEMBER) ? '' : 'id_member != {int:current_member}
  820. AND ') . '(real_name LIKE {string:check_name} OR member_name LIKE {string:check_name})
  821. LIMIT 1',
  822. array(
  823. 'current_member' => $current_ID_MEMBER,
  824. 'check_name' => $checkName,
  825. )
  826. );
  827. if ($smcFunc['db_num_rows']($request) > 0)
  828. {
  829. $smcFunc['db_free_result']($request);
  830. return true;
  831. }
  832. // Does name case insensitive match a member group name?
  833. $request = $smcFunc['db_query']('', '
  834. SELECT id_group
  835. FROM {db_prefix}membergroups
  836. WHERE group_name LIKE {string:check_name}
  837. LIMIT 1',
  838. array(
  839. 'check_name' => $checkName,
  840. )
  841. );
  842. if ($smcFunc['db_num_rows']($request) > 0)
  843. {
  844. $smcFunc['db_free_result']($request);
  845. return true;
  846. }
  847. // Okay, they passed.
  848. return false;
  849. }
  850. // Get a list of groups that have a given permission (on a given board).
  851. /**
  852. * Retrieves a list of membergroups that are allowed to do the given
  853. * permission. (on the given board)
  854. * If board_id is not null, a board permission is assumed.
  855. * The function takes different permission settings into account.
  856. *
  857. * @param string $permission
  858. * @param int $board_id = null
  859. * @return an array containing an array for the allowed membergroup ID's
  860. * and an array for the denied membergroup ID's.
  861. */
  862. function groupsAllowedTo($permission, $board_id = null)
  863. {
  864. global $modSettings, $board_info, $smcFunc;
  865. // Admins are allowed to do anything.
  866. $member_groups = array(
  867. 'allowed' => array(1),
  868. 'denied' => array(),
  869. );
  870. // Assume we're dealing with regular permissions (like profile_view_own).
  871. if ($board_id === null)
  872. {
  873. $request = $smcFunc['db_query']('', '
  874. SELECT id_group, add_deny
  875. FROM {db_prefix}permissions
  876. WHERE permission = {string:permission}',
  877. array(
  878. 'permission' => $permission,
  879. )
  880. );
  881. while ($row = $smcFunc['db_fetch_assoc']($request))
  882. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  883. $smcFunc['db_free_result']($request);
  884. }
  885. // Otherwise it's time to look at the board.
  886. else
  887. {
  888. // First get the profile of the given board.
  889. if (isset($board_info['id']) && $board_info['id'] == $board_id)
  890. $profile_id = $board_info['profile'];
  891. elseif ($board_id !== 0)
  892. {
  893. $request = $smcFunc['db_query']('', '
  894. SELECT id_profile
  895. FROM {db_prefix}boards
  896. WHERE id_board = {int:id_board}
  897. LIMIT 1',
  898. array(
  899. 'id_board' => $board_id,
  900. )
  901. );
  902. if ($smcFunc['db_num_rows']($request) == 0)
  903. fatal_lang_error('no_board');
  904. list ($profile_id) = $smcFunc['db_fetch_row']($request);
  905. $smcFunc['db_free_result']($request);
  906. }
  907. else
  908. $profile_id = 1;
  909. $request = $smcFunc['db_query']('', '
  910. SELECT bp.id_group, bp.add_deny
  911. FROM {db_prefix}board_permissions AS bp
  912. WHERE bp.permission = {string:permission}
  913. AND bp.id_profile = {int:profile_id}',
  914. array(
  915. 'profile_id' => $profile_id,
  916. 'permission' => $permission,
  917. )
  918. );
  919. while ($row = $smcFunc['db_fetch_assoc']($request))
  920. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  921. $smcFunc['db_free_result']($request);
  922. }
  923. // Denied is never allowed.
  924. $member_groups['allowed'] = array_diff($member_groups['allowed'], $member_groups['denied']);
  925. return $member_groups;
  926. }
  927. /**
  928. * Retrieves a list of members that have a given permission
  929. * (on a given board).
  930. * If board_id is not null, a board permission is assumed.
  931. * Takes different permission settings into account.
  932. * Takes possible moderators (on board 'board_id') into account.
  933. *
  934. * @param string $permission
  935. * @param int $board_id = null
  936. * @return an array containing member ID's.
  937. */
  938. function membersAllowedTo($permission, $board_id = null)
  939. {
  940. global $smcFunc;
  941. $member_groups = groupsAllowedTo($permission, $board_id);
  942. $include_moderators = in_array(3, $member_groups['allowed']) && $board_id !== null;
  943. $member_groups['allowed'] = array_diff($member_groups['allowed'], array(3));
  944. $exclude_moderators = in_array(3, $member_groups['denied']) && $board_id !== null;
  945. $member_groups['denied'] = array_diff($member_groups['denied'], array(3));
  946. $request = $smcFunc['db_query']('', '
  947. SELECT mem.id_member
  948. FROM {db_prefix}members AS mem' . ($include_moderators || $exclude_moderators ? '
  949. LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_member = mem.id_member AND mods.id_board = {int:board_id})' : '') . '
  950. WHERE (' . ($include_moderators ? 'mods.id_member IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_allowed}) OR FIND_IN_SET({raw:member_group_allowed_implode}, mem.additional_groups) != 0 OR mem.id_post_group IN ({array_int:member_groups_allowed}))' . (empty($member_groups['denied']) ? '' : '
  951. AND NOT (' . ($exclude_moderators ? 'mods.id_member IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_denied}) OR FIND_IN_SET({raw:member_group_denied_implode}, mem.additional_groups) != 0 OR mem.id_post_group IN ({array_int:member_groups_denied}))'),
  952. array(
  953. 'member_groups_allowed' => $member_groups['allowed'],
  954. 'member_groups_denied' => $member_groups['denied'],
  955. 'board_id' => $board_id,
  956. 'member_group_allowed_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['allowed']),
  957. 'member_group_denied_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['denied']),
  958. )
  959. );
  960. $members = array();
  961. while ($row = $smcFunc['db_fetch_assoc']($request))
  962. $members[] = $row['id_member'];
  963. $smcFunc['db_free_result']($request);
  964. return $members;
  965. }
  966. /**
  967. * This function is used to reassociate members with relevant posts.
  968. * Reattribute guest posts to a specified member.
  969. * Does not check for any permissions.
  970. * If add_to_post_count is set, the member's post count is increased.
  971. *
  972. * @param int $memID
  973. * @param string $email = false
  974. * @param string $membername = false
  975. * @param bool $post_count = false
  976. * @return nothing
  977. */
  978. function reattributePosts($memID, $email = false, $membername = false, $post_count = false)
  979. {
  980. global $smcFunc;
  981. // Firstly, if email and username aren't passed find out the members email address and name.
  982. if ($email === false && $membername === false)
  983. {
  984. $request = $smcFunc['db_query']('', '
  985. SELECT email_address, member_name
  986. FROM {db_prefix}members
  987. WHERE id_member = {int:memID}
  988. LIMIT 1',
  989. array(
  990. 'memID' => $memID,
  991. )
  992. );
  993. list ($email, $membername) = $smcFunc['db_fetch_row']($request);
  994. $smcFunc['db_free_result']($request);
  995. }
  996. // If they want the post count restored then we need to do some research.
  997. if ($post_count)
  998. {
  999. $request = $smcFunc['db_query']('', '
  1000. SELECT COUNT(*)
  1001. FROM {db_prefix}messages AS m
  1002. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND b.count_posts = {int:count_posts})
  1003. WHERE m.id_member = {int:guest_id}
  1004. AND m.approved = {int:is_approved}
  1005. AND m.icon != {string:recycled_icon}' . (empty($email) ? '' : '
  1006. AND m.poster_email = {string:email_address}') . (empty($membername) ? '' : '
  1007. AND m.poster_name = {string:member_name}'),
  1008. array(
  1009. 'count_posts' => 0,
  1010. 'guest_id' => 0,
  1011. 'email_address' => $email,
  1012. 'member_name' => $membername,
  1013. 'is_approved' => 1,
  1014. 'recycled_icon' => 'recycled',
  1015. )
  1016. );
  1017. list ($messageCount) = $smcFunc['db_fetch_row']($request);
  1018. $smcFunc['db_free_result']($request);
  1019. updateMemberData($memID, array('posts' => 'posts + ' . $messageCount));
  1020. }
  1021. $query_parts = array();
  1022. if (!empty($email))
  1023. $query_parts[] = 'poster_email = {string:email_address}';
  1024. if (!empty($membername))
  1025. $query_parts[] = 'poster_name = {string:member_name}';
  1026. $query = implode(' AND ', $query_parts);
  1027. // Finally, update the posts themselves!
  1028. $smcFunc['db_query']('', '
  1029. UPDATE {db_prefix}messages
  1030. SET id_member = {int:memID}
  1031. WHERE ' . $query,
  1032. array(
  1033. 'memID' => $memID,
  1034. 'email_address' => $email,
  1035. 'member_name' => $membername,
  1036. )
  1037. );
  1038. // ...and the topics too!
  1039. $smcFunc['db_query']('', '
  1040. UPDATE {db_prefix}topics as t, {db_prefix}messages as m
  1041. SET t.id_member_started = {int:memID}
  1042. WHERE m.id_member = {int:memID}
  1043. AND t.id_first_msg = m.id_msg',
  1044. array(
  1045. 'memID' => $memID,
  1046. )
  1047. );
  1048. // Allow mods with their own post tables to reattribute posts as well :)
  1049. call_integration_hook('integrate_reattribute_posts', array($memID, $email, $membername, $post_count));
  1050. }
  1051. /**
  1052. * Callback for createList().
  1053. *
  1054. * @param $start
  1055. * @param $items_per_page
  1056. * @param $sort
  1057. * @param $where
  1058. * @param $where_params
  1059. * @param $get_duplicates
  1060. */
  1061. function list_getMembers($start, $items_per_page, $sort, $where, $where_params = array(), $get_duplicates = false)
  1062. {
  1063. global $smcFunc;
  1064. $request = $smcFunc['db_query']('', '
  1065. SELECT
  1066. mem.id_member, mem.member_name, mem.real_name, mem.email_address, mem.member_ip, mem.member_ip2, mem.last_login,
  1067. mem.posts, mem.is_activated, mem.date_registered, mem.id_group, mem.additional_groups, mg.group_name
  1068. FROM {db_prefix}members AS mem
  1069. LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = mem.id_group)
  1070. WHERE ' . ($where == '1' ? '1=1' : $where) . '
  1071. ORDER BY {raw:sort}
  1072. LIMIT {int:start}, {int:per_page}',
  1073. array_merge($where_params, array(
  1074. 'sort' => $sort,
  1075. 'start' => $start,
  1076. 'per_page' => $items_per_page,
  1077. ))
  1078. );
  1079. $members = array();
  1080. while ($row = $smcFunc['db_fetch_assoc']($request))
  1081. $members[] = $row;
  1082. $smcFunc['db_free_result']($request);
  1083. // If we want duplicates pass the members array off.
  1084. if ($get_duplicates)
  1085. populateDuplicateMembers($members);
  1086. return $members;
  1087. }
  1088. /**
  1089. * Callback for createList().
  1090. *
  1091. * @param $where
  1092. * @param $where_params
  1093. */
  1094. function list_getNumMembers($where, $where_params = array())
  1095. {
  1096. global $smcFunc, $modSettings;
  1097. // We know how many members there are in total.
  1098. if (empty($where) || $where == '1')
  1099. $num_members = $modSettings['totalMembers'];
  1100. // The database knows the amount when there are extra conditions.
  1101. else
  1102. {
  1103. $request = $smcFunc['db_query']('', '
  1104. SELECT COUNT(*)
  1105. FROM {db_prefix}members AS mem
  1106. WHERE ' . $where,
  1107. array_merge($where_params, array(
  1108. ))
  1109. );
  1110. list ($num_members) = $smcFunc['db_fetch_row']($request);
  1111. $smcFunc['db_free_result']($request);
  1112. }
  1113. return $num_members;
  1114. }
  1115. /**
  1116. * Find potential duplicate registation members based on the same IP address
  1117. *
  1118. * @param $members
  1119. */
  1120. function populateDuplicateMembers(&$members)
  1121. {
  1122. global $smcFunc;
  1123. // This will hold all the ip addresses.
  1124. $ips = array();
  1125. foreach ($members as $key => $member)
  1126. {
  1127. // Create the duplicate_members element.
  1128. $members[$key]['duplicate_members'] = array();
  1129. // Store the IPs.
  1130. if (!empty($member['member_ip']))
  1131. $ips[] = $member['member_ip'];
  1132. if (!empty($member['member_ip2']))
  1133. $ips[] = $member['member_ip2'];
  1134. }
  1135. $ips = array_unique($ips);
  1136. if (empty($ips))
  1137. return false;
  1138. // Fetch all members with this IP address, we'll filter out the current ones in a sec.
  1139. $request = $smcFunc['db_query']('', '
  1140. SELECT
  1141. id_member, member_name, email_address, member_ip, member_ip2, is_activated
  1142. FROM {db_prefix}members
  1143. WHERE member_ip IN ({array_string:ips})
  1144. OR member_ip2 IN ({array_string:ips})',
  1145. array(
  1146. 'ips' => $ips,
  1147. )
  1148. );
  1149. $duplicate_members = array();
  1150. $duplicate_ids = array();
  1151. while ($row = $smcFunc['db_fetch_assoc']($request))
  1152. {
  1153. //$duplicate_ids[] = $row['id_member'];
  1154. $member_context = array(
  1155. 'id' => $row['id_member'],
  1156. 'name' => $row['member_name'],
  1157. 'email' => $row['email_address'],
  1158. 'is_banned' => $row['is_activated'] > 10,
  1159. 'ip' => $row['member_ip'],
  1160. 'ip2' => $row['member_ip2'],
  1161. );
  1162. if (in_array($row['member_ip'], $ips))
  1163. $duplicate_members[$row['member_ip']][] = $member_context;
  1164. if ($row['member_ip'] != $row['member_ip2'] && in_array($row['member_ip2'], $ips))
  1165. $duplicate_members[$row['member_ip2']][] = $member_context;
  1166. }
  1167. $smcFunc['db_free_result']($request);
  1168. // Also try to get a list of messages using these ips.
  1169. $request = $smcFunc['db_query']('', '
  1170. SELECT
  1171. m.poster_ip, mem.id_member, mem.member_name, mem.email_address, mem.is_activated
  1172. FROM {db_prefix}messages AS m
  1173. INNER JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
  1174. WHERE m.id_member != 0
  1175. ' . (!empty($duplicate_ids) ? 'AND m.id_member NOT IN ({array_int:duplicate_ids})' : '') . '
  1176. AND m.poster_ip IN ({array_string:ips})',
  1177. array(
  1178. 'duplicate_ids' => $duplicate_ids,
  1179. 'ips' => $ips,
  1180. )
  1181. );
  1182. $had_ips = array();
  1183. while ($row = $smcFunc['db_fetch_assoc']($request))
  1184. {
  1185. // Don't collect lots of the same.
  1186. if (isset($had_ips[$row['poster_ip']]) && in_array($row['id_member'], $had_ips[$row['poster_ip']]))
  1187. continue;
  1188. $had_ips[$row['poster_ip']][] = $row['id_member'];
  1189. $duplicate_members[$row['poster_ip']][] = array(
  1190. 'id' => $row['id_member'],
  1191. 'name' => $row['member_name'],
  1192. 'email' => $row['email_address'],
  1193. 'is_banned' => $row['is_activated'] > 10,
  1194. 'ip' => $row['poster_ip'],
  1195. 'ip2' => $row['poster_ip'],
  1196. );
  1197. }
  1198. $smcFunc['db_free_result']($request);
  1199. // Now we have all the duplicate members, stick them with their respective member in the list.
  1200. if (!empty($duplicate_members))
  1201. foreach ($members as $key => $member)
  1202. {
  1203. if (isset($duplicate_members[$member['member_ip']]))
  1204. $members[$key]['duplicate_members'] = $duplicate_members[$member['member_ip']];
  1205. if ($member['member_ip'] != $member['member_ip2'] && isset($duplicate_members[$member['member_ip2']]))
  1206. $members[$key]['duplicate_members'] = array_merge($member['duplicate_members'], $duplicate_members[$member['member_ip2']]);
  1207. // Check we don't have lots of the same member.
  1208. $member_track = array($member['id_member']);
  1209. foreach ($members[$key]['duplicate_members'] as $duplicate_id_member => $duplicate_member)
  1210. {
  1211. if (in_array($duplicate_member['id'], $member_track))
  1212. {
  1213. unset($members[$key]['duplicate_members'][$duplicate_id_member]);
  1214. continue;
  1215. }
  1216. $member_track[] = $duplicate_member['id'];
  1217. }
  1218. }
  1219. }
  1220. /**
  1221. * Generate a random validation code.
  1222. * @todo Err. Whatcha doin' here.
  1223. *
  1224. * @return type
  1225. */
  1226. function generateValidationCode()
  1227. {
  1228. global $smcFunc, $modSettings;
  1229. $request = $smcFunc['db_query']('get_random_number', '
  1230. SELECT RAND()',
  1231. array(
  1232. )
  1233. );
  1234. list ($dbRand) = $smcFunc['db_fetch_row']($request);
  1235. $smcFunc['db_free_result']($request);
  1236. return substr(preg_replace('/\W/', '', sha1(microtime() . mt_rand() . $dbRand . $modSettings['rand_seed'])), 0, 10);
  1237. }
  1238. /**
  1239. * Find out if there is another admin than the given user.
  1240. *
  1241. * @param int $memberID ID of the member, to compare with.
  1242. */
  1243. function isAnotherAdmin($memberID)
  1244. {
  1245. global $smcFunc;
  1246. $request = $smcFunc['db_query']('', '
  1247. SELECT id_member
  1248. FROM {db_prefix}members
  1249. WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
  1250. AND id_member != {int:selected_member}
  1251. LIMIT 1',
  1252. array(
  1253. 'admin_group' => 1,
  1254. 'selected_member' => $memberID,
  1255. )
  1256. );
  1257. list ($another) = $smcFunc['db_fetch_row']($request);
  1258. $smcFunc['db_free_result']($request);
  1259. return $another;
  1260. }