PageRenderTime 32ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/forum/includes/functions_user.php

https://bitbucket.org/itoxable/chiron-gaming
PHP | 3590 lines | 2683 code | 551 blank | 356 comment | 525 complexity | 4bdf68bb81eb280a3a51cb7684dfb5fa MD5 | raw file
Possible License(s): AGPL-1.0, GPL-2.0 
    

  1. <?php

    2. 

  2. /**

    3. 

  3. *

    4. 

  4. * @package phpBB3

    5. 

  5. * @version $Id$

    6. 

  6. * @copyright (c) 2005 phpBB Group

    7. 

  7. * @license http://opensource.org/licenses/gpl-license.php GNU Public License

    8. 

  8. *

    9. 

  9. */

    10. 

  10. 

    11. 

  11. /**

    12. 

  12. * @ignore

    13. 

  13. */

    14. 

  14. if (!defined('IN_PHPBB'))

    15. 

  15. {

    16. 

  16. 	exit;

    17. 

  17. }

    18. 

  18. 

    19. 

  19. /**

    20. 

  20. * Obtain user_ids from usernames or vice versa. Returns false on

    21. 

  21. * success else the error string

    22. 

  22. *

    23. 

  23. * @param array &$user_id_ary The user ids to check or empty if usernames used

    24. 

  24. * @param array &$username_ary The usernames to check or empty if user ids used

    25. 

  25. * @param mixed $user_type Array of user types to check, false if not restricting by user type

    26. 

  26. */

    27. 

  27. function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)

    28. 

  28. {

    29. 

  29. 	global $db;

    30. 

  30. 

    31. 

  31. 	// Are both arrays already filled? Yep, return else

    32. 

  32. 	// are neither array filled?

    33. 

  33. 	if ($user_id_ary && $username_ary)

    34. 

  34. 	{

    35. 

  35. 		return false;

    36. 

  36. 	}

    37. 

  37. 	else if (!$user_id_ary && !$username_ary)

    38. 

  38. 	{

    39. 

  39. 		return 'NO_USERS';

    40. 

  40. 	}

    41. 

  41. 

    42. 

  42. 	$which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';

    43. 

  43. 

    44. 

  44. 	if ($$which_ary && !is_array($$which_ary))

    45. 

  45. 	{

    46. 

  46. 		$$which_ary = array($$which_ary);

    47. 

  47. 	}

    48. 

  48. 

    49. 

  49. 	$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);

    50. 

  50. 	unset($$which_ary);

    51. 

  51. 

    52. 

  52. 	$user_id_ary = $username_ary = array();

    53. 

  53. 

    54. 

  54. 	// Grab the user id/username records

    55. 

  55. 	$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';

    56. 

  56. 	$sql = 'SELECT user_id, username

    57. 

  57. 		FROM ' . USERS_TABLE . '

    58. 

  58. 		WHERE ' . $db->sql_in_set($sql_where, $sql_in);

    59. 

  59. 

    60. 

  60. 	if ($user_type !== false && !empty($user_type))

    61. 

  61. 	{

    62. 

  62. 		$sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);

    63. 

  63. 	}

    64. 

  64. 

    65. 

  65. 	$result = $db->sql_query($sql);

    66. 

  66. 

    67. 

  67. 	if (!($row = $db->sql_fetchrow($result)))

    68. 

  68. 	{

    69. 

  69. 		$db->sql_freeresult($result);

    70. 

  70. 		return 'NO_USERS';

    71. 

  71. 	}

    72. 

  72. 

    73. 

  73. 	do

    74. 

  74. 	{

    75. 

  75. 		$username_ary[$row['user_id']] = $row['username'];

    76. 

  76. 		$user_id_ary[] = $row['user_id'];

    77. 

  77. 	}

    78. 

  78. 	while ($row = $db->sql_fetchrow($result));

    79. 

  79. 	$db->sql_freeresult($result);

    80. 

  80. 

    81. 

  81. 	return false;

    82. 

  82. }

    83. 

  83. 

    84. 

  84. /**

    85. 

  85. * Get latest registered username and update database to reflect it

    86. 

  86. */

    87. 

  87. function update_last_username()

    88. 

  88. {

    89. 

  89. 	global $db;

    90. 

  90. 

    91. 

  91. 	// Get latest username

    92. 

  92. 	$sql = 'SELECT user_id, username, user_colour

    93. 

  93. 		FROM ' . USERS_TABLE . '

    94. 

  94. 		WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')

    95. 

  95. 		ORDER BY user_id DESC';

    96. 

  96. 	$result = $db->sql_query_limit($sql, 1);

    97. 

  97. 	$row = $db->sql_fetchrow($result);

    98. 

  98. 	$db->sql_freeresult($result);

    99. 

  99. 

    100. 

  100. 	if ($row)

    101. 

  101. 	{

    102. 

  102. 		set_config('newest_user_id', $row['user_id'], true);

    103. 

  103. 		set_config('newest_username', $row['username'], true);

    104. 

  104. 		set_config('newest_user_colour', $row['user_colour'], true);

    105. 

  105. 	}

    106. 

  106. }

    107. 

  107. 

    108. 

  108. /**

    109. 

  109. * Updates a username across all relevant tables/fields

    110. 

  110. *

    111. 

  111. * @param string $old_name the old/current username

    112. 

  112. * @param string $new_name the new username

    113. 

  113. */

    114. 

  114. function user_update_name($old_name, $new_name)

    115. 

  115. {

    116. 

  116. 	global $config, $db, $cache;

    117. 

  117. 

    118. 

  118. 	$update_ary = array(

    119. 

  119. 		FORUMS_TABLE			=> array('forum_last_poster_name'),

    120. 

  120. 		MODERATOR_CACHE_TABLE	=> array('username'),

    121. 

  121. 		POSTS_TABLE				=> array('post_username'),

    122. 

  122. 		TOPICS_TABLE			=> array('topic_first_poster_name', 'topic_last_poster_name'),

    123. 

  123. 	);

    124. 

  124. 

    125. 

  125. 	foreach ($update_ary as $table => $field_ary)

    126. 

  126. 	{

    127. 

  127. 		foreach ($field_ary as $field)

    128. 

  128. 		{

    129. 

  129. 			$sql = "UPDATE $table

    130. 

  130. 				SET $field = '" . $db->sql_escape($new_name) . "'

    131. 

  131. 				WHERE $field = '" . $db->sql_escape($old_name) . "'";

    132. 

  132. 			$db->sql_query($sql);

    133. 

  133. 		}

    134. 

  134. 	}

    135. 

  135. 

    136. 

  136. 	if ($config['newest_username'] == $old_name)

    137. 

  137. 	{

    138. 

  138. 		set_config('newest_username', $new_name, true);

    139. 

  139. 	}

    140. 

  140. 

    141. 

  141. 	// Because some tables/caches use username-specific data we need to purge this here.

    142. 

  142. 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);

    143. 

  143. }

    144. 

  144. 

    145. 

  145. /**

    146. 

  146. * Adds an user

    147. 

  147. *

    148. 

  148. * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.

    149. 

  149. * @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array

    150. 

  150. * @return the new user's ID.

    151. 

  151. */

    152. 

  152. function user_add($user_row, $cp_data = false)

    153. 

  153. {

    154. 

  154. 	global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;

    155. 

  155. 

    156. 

  156. 	if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))

    157. 

  157. 	{

    158. 

  158. 		return false;

    159. 

  159. 	}

    160. 

  160. 

    161. 

  161. 	$username_clean = utf8_clean_string($user_row['username']);

    162. 

  162. 

    163. 

  163. 	if (empty($username_clean))

    164. 

  164. 	{

    165. 

  165. 		return false;

    166. 

  166. 	}

    167. 

  167. 

    168. 

  168. 	$sql_ary = array(

    169. 

  169. 		'username'			=> $user_row['username'],

    170. 

  170. 		'username_clean'	=> $username_clean,

    171. 

  171. 		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',

    172. 

  172. 		'user_pass_convert'	=> 0,

    173. 

  173. 		'user_email'		=> strtolower($user_row['user_email']),

    174. 

  174. 		'user_email_hash'	=> phpbb_email_hash($user_row['user_email']),

    175. 

  175. 		'group_id'			=> $user_row['group_id'],

    176. 

  176. 		'user_type'			=> $user_row['user_type'],

    177. 

  177. 	);

    178. 

  178. 

    179. 

  179. 	// These are the additional vars able to be specified

    180. 

  180. 	$additional_vars = array(

    181. 

  181. 		'user_permissions'	=> '',

    182. 

  182. 		'user_timezone'		=> $config['board_timezone'],

    183. 

  183. 		'user_dateformat'	=> $config['default_dateformat'],

    184. 

  184. 		'user_lang'			=> $config['default_lang'],

    185. 

  185. 		'user_style'		=> (int) $config['default_style'],

    186. 

  186. 		'user_actkey'		=> '',

    187. 

  187. 		'user_ip'			=> '',

    188. 

  188. 		'user_regdate'		=> time(),

    189. 

  189. 		'user_passchg'		=> time(),

    190. 

  190. 		'user_options'		=> 230271,

    191. 

  191. 		// We do not set the new flag here - registration scripts need to specify it

    192. 

  192. 		'user_new'			=> 0,

    193. 

  193. 

    194. 

  194. 		'user_inactive_reason'	=> 0,

    195. 

  195. 		'user_inactive_time'	=> 0,

    196. 

  196. 		'user_lastmark'			=> time(),

    197. 

  197. 		'user_lastvisit'		=> 0,

    198. 

  198. 		'user_lastpost_time'	=> 0,

    199. 

  199. 		'user_lastpage'			=> '',

    200. 

  200. 		'user_posts'			=> 0,

    201. 

  201. 		'user_dst'				=> (int) $config['board_dst'],

    202. 

  202. 		'user_colour'			=> '',

    203. 

  203. 		'user_occ'				=> '',

    204. 

  204. 		'user_interests'		=> '',

    205. 

  205. 		'user_avatar'			=> '',

    206. 

  206. 		'user_avatar_type'		=> 0,

    207. 

  207. 		'user_avatar_width'		=> 0,

    208. 

  208. 		'user_avatar_height'	=> 0,

    209. 

  209. 		'user_new_privmsg'		=> 0,

    210. 

  210. 		'user_unread_privmsg'	=> 0,

    211. 

  211. 		'user_last_privmsg'		=> 0,

    212. 

  212. 		'user_message_rules'	=> 0,

    213. 

  213. 		'user_full_folder'		=> PRIVMSGS_NO_BOX,

    214. 

  214. 		'user_emailtime'		=> 0,

    215. 

  215. 

    216. 

  216. 		'user_notify'			=> 0,

    217. 

  217. 		'user_notify_pm'		=> 1,

    218. 

  218. 		'user_notify_type'		=> NOTIFY_EMAIL,

    219. 

  219. 		'user_allow_pm'			=> 1,

    220. 

  220. 		'user_allow_viewonline'	=> 1,

    221. 

  221. 		'user_allow_viewemail'	=> 1,

    222. 

  222. 		'user_allow_massemail'	=> 1,

    223. 

  223. 

    224. 

  224. 		'user_sig'					=> '',

    225. 

  225. 		'user_sig_bbcode_uid'		=> '',

    226. 

  226. 		'user_sig_bbcode_bitfield'	=> '',

    227. 

  227. 

    228. 

  228. 		'user_form_salt'			=> unique_id(),

    229. 

  229. 	);

    230. 

  230. 

    231. 

  231. 	// Now fill the sql array with not required variables

    232. 

  232. 	foreach ($additional_vars as $key => $default_value)

    233. 

  233. 	{

    234. 

  234. 		$sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;

    235. 

  235. 	}

    236. 

  236. 

    237. 

  237. 	// Any additional variables in $user_row not covered above?

    238. 

  238. 	$remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));

    239. 

  239. 

    240. 

  240. 	// Now fill our sql array with the remaining vars

    241. 

  241. 	if (sizeof($remaining_vars))

    242. 

  242. 	{

    243. 

  243. 		foreach ($remaining_vars as $key)

    244. 

  244. 		{

    245. 

  245. 			$sql_ary[$key] = $user_row[$key];

    246. 

  246. 		}

    247. 

  247. 	}

    248. 

  248. 

    249. 

  249. 	$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);

    250. 

  250. 	$db->sql_query($sql);

    251. 

  251. 

    252. 

  252. 	$user_id = $db->sql_nextid();

    253. 

  253. 

    254. 

  254. 	// Insert Custom Profile Fields

    255. 

  255. 	if ($cp_data !== false && sizeof($cp_data))

    256. 

  256. 	{

    257. 

  257. 		$cp_data['user_id'] = (int) $user_id;

    258. 

  258. 

    259. 

  259. 		if (!class_exists('custom_profile'))

    260. 

  260. 		{

    261. 

  261. 			include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);

    262. 

  262. 		}

    263. 

  263. 

    264. 

  264. 		$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .

    265. 

  265. 			$db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));

    266. 

  266. 		$db->sql_query($sql);

    267. 

  267. 	}

    268. 

  268. 

    269. 

  269. 	// Place into appropriate group...

    270. 

  270. 	$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(

    271. 

  271. 		'user_id'		=> (int) $user_id,

    272. 

  272. 		'group_id'		=> (int) $user_row['group_id'],

    273. 

  273. 		'user_pending'	=> 0)

    274. 

  274. 	);

    275. 

  275. 	$db->sql_query($sql);

    276. 

  276. 

    277. 

  277. 	// Now make it the users default group...

    278. 

  278. 	group_set_user_default($user_row['group_id'], array($user_id), false);

    279. 

  279. 

    280. 

  280. 	// Add to newly registered users group if user_new is 1

    281. 

  281. 	if ($config['new_member_post_limit'] && $sql_ary['user_new'])

    282. 

  282. 	{

    283. 

  283. 		$sql = 'SELECT group_id

    284. 

  284. 			FROM ' . GROUPS_TABLE . "

    285. 

  285. 			WHERE group_name = 'NEWLY_REGISTERED'

    286. 

  286. 				AND group_type = " . GROUP_SPECIAL;

    287. 

  287. 		$result = $db->sql_query($sql);

    288. 

  288. 		$add_group_id = (int) $db->sql_fetchfield('group_id');

    289. 

  289. 		$db->sql_freeresult($result);

    290. 

  290. 

    291. 

  291. 		if ($add_group_id)

    292. 

  292. 		{

    293. 

  293. 			// Because these actions only fill the log unneccessarily we skip the add_log() entry with a little hack. :/

    294. 

  294. 			$GLOBALS['skip_add_log'] = true;

    295. 

  295. 

    296. 

  296. 			// Add user to "newly registered users" group and set to default group if admin specified so.

    297. 

  297. 			if ($config['new_member_group_default'])

    298. 

  298. 			{

    299. 

  299. 				group_user_add($add_group_id, $user_id, false, false, true);

    300. 

  300. 				$user_row['group_id'] = $add_group_id;

    301. 

  301. 			}

    302. 

  302. 			else

    303. 

  303. 			{

    304. 

  304. 				group_user_add($add_group_id, $user_id);

    305. 

  305. 			}

    306. 

  306. 

    307. 

  307. 			unset($GLOBALS['skip_add_log']);

    308. 

  308. 		}

    309. 

  309. 	}

    310. 

  310. 

    311. 

  311. 	// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent

    312. 

  312. 	if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER)

    313. 

  313. 	{

    314. 

  314. 		set_config('newest_user_id', $user_id, true);

    315. 

  315. 		set_config('newest_username', $user_row['username'], true);

    316. 

  316. 		set_config_count('num_users', 1, true);

    317. 

  317. 

    318. 

  318. 		$sql = 'SELECT group_colour

    319. 

  319. 			FROM ' . GROUPS_TABLE . '

    320. 

  320. 			WHERE group_id = ' . (int) $user_row['group_id'];

    321. 

  321. 		$result = $db->sql_query_limit($sql, 1);

    322. 

  322. 		$row = $db->sql_fetchrow($result);

    323. 

  323. 		$db->sql_freeresult($result);

    324. 

  324. 

    325. 

  325. 		set_config('newest_user_colour', $row['group_colour'], true);

    326. 

  326. 	}

    327. 

  327. 

    328. 

  328. 	return $user_id;

    329. 

  329. }

    330. 

  330. 

    331. 

  331. /**

    332. 

  332. * Remove User

    333. 

  333. */

    334. 

  334. function user_delete($mode, $user_id, $post_username = false)

    335. 

  335. {

    336. 

  336. 	global $cache, $config, $db, $user, $auth;

    337. 

  337. 	global $phpbb_root_path, $phpEx;

    338. 

  338. 

    339. 

  339. 	$sql = 'SELECT *

    340. 

  340. 		FROM ' . USERS_TABLE . '

    341. 

  341. 		WHERE user_id = ' . $user_id;

    342. 

  342. 	$result = $db->sql_query($sql);

    343. 

  343. 	$user_row = $db->sql_fetchrow($result);

    344. 

  344. 	$db->sql_freeresult($result);

    345. 

  345. 

    346. 

  346. 	if (!$user_row)

    347. 

  347. 	{

    348. 

  348. 		return false;

    349. 

  349. 	}

    350. 

  350. 

    351. 

  351. 	// Before we begin, we will remove the reports the user issued.

    352. 

  352. 	$sql = 'SELECT r.post_id, p.topic_id

    353. 

  353. 		FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p

    354. 

  354. 		WHERE r.user_id = ' . $user_id . '

    355. 

  355. 			AND p.post_id = r.post_id';

    356. 

  356. 	$result = $db->sql_query($sql);

    357. 

  357. 

    358. 

  358. 	$report_posts = $report_topics = array();

    359. 

  359. 	while ($row = $db->sql_fetchrow($result))

    360. 

  360. 	{

    361. 

  361. 		$report_posts[] = $row['post_id'];

    362. 

  362. 		$report_topics[] = $row['topic_id'];

    363. 

  363. 	}

    364. 

  364. 	$db->sql_freeresult($result);

    365. 

  365. 

    366. 

  366. 	if (sizeof($report_posts))

    367. 

  367. 	{

    368. 

  368. 		$report_posts = array_unique($report_posts);

    369. 

  369. 		$report_topics = array_unique($report_topics);

    370. 

  370. 

    371. 

  371. 		// Get a list of topics that still contain reported posts

    372. 

  372. 		$sql = 'SELECT DISTINCT topic_id

    373. 

  373. 			FROM ' . POSTS_TABLE . '

    374. 

  374. 			WHERE ' . $db->sql_in_set('topic_id', $report_topics) . '

    375. 

  375. 				AND post_reported = 1

    376. 

  376. 				AND ' . $db->sql_in_set('post_id', $report_posts, true);

    377. 

  377. 		$result = $db->sql_query($sql);

    378. 

  378. 

    379. 

  379. 		$keep_report_topics = array();

    380. 

  380. 		while ($row = $db->sql_fetchrow($result))

    381. 

  381. 		{

    382. 

  382. 			$keep_report_topics[] = $row['topic_id'];

    383. 

  383. 		}

    384. 

  384. 		$db->sql_freeresult($result);

    385. 

  385. 

    386. 

  386. 		if (sizeof($keep_report_topics))

    387. 

  387. 		{

    388. 

  388. 			$report_topics = array_diff($report_topics, $keep_report_topics);

    389. 

  389. 		}

    390. 

  390. 		unset($keep_report_topics);

    391. 

  391. 

    392. 

  392. 		// Now set the flags back

    393. 

  393. 		$sql = 'UPDATE ' . POSTS_TABLE . '

    394. 

  394. 			SET post_reported = 0

    395. 

  395. 			WHERE ' . $db->sql_in_set('post_id', $report_posts);

    396. 

  396. 		$db->sql_query($sql);

    397. 

  397. 

    398. 

  398. 		if (sizeof($report_topics))

    399. 

  399. 		{

    400. 

  400. 			$sql = 'UPDATE ' . TOPICS_TABLE . '

    401. 

  401. 				SET topic_reported = 0

    402. 

  402. 				WHERE ' . $db->sql_in_set('topic_id', $report_topics);

    403. 

  403. 			$db->sql_query($sql);

    404. 

  404. 		}

    405. 

  405. 	}

    406. 

  406. 

    407. 

  407. 	// Remove reports

    408. 

  408. 	$db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);

    409. 

  409. 

    410. 

  410. 	if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)

    411. 

  411. 	{

    412. 

  412. 		avatar_delete('user', $user_row);

    413. 

  413. 	}

    414. 

  414. 

    415. 

  415. 	switch ($mode)

    416. 

  416. 	{

    417. 

  417. 		case 'retain':

    418. 

  418. 

    419. 

  419. 			$db->sql_transaction('begin');

    420. 

  420. 

    421. 

  421. 			if ($post_username === false)

    422. 

  422. 			{

    423. 

  423. 				$post_username = $user->lang['GUEST'];

    424. 

  424. 			}

    425. 

  425. 

    426. 

  426. 			// If the user is inactive and newly registered we assume no posts from this user being there...

    427. 

  427. 			if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])

    428. 

  428. 			{

    429. 

  429. 			}

    430. 

  430. 			else

    431. 

  431. 			{

    432. 

  432. 				$sql = 'UPDATE ' . FORUMS_TABLE . '

    433. 

  433. 					SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''

    434. 

  434. 					WHERE forum_last_poster_id = $user_id";

    435. 

  435. 				$db->sql_query($sql);

    436. 

  436. 

    437. 

  437. 				$sql = 'UPDATE ' . POSTS_TABLE . '

    438. 

  438. 					SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'

    439. 

  439. 					WHERE poster_id = $user_id";

    440. 

  440. 				$db->sql_query($sql);

    441. 

  441. 

    442. 

  442. 				$sql = 'UPDATE ' . POSTS_TABLE . '

    443. 

  443. 					SET post_edit_user = ' . ANONYMOUS . "

    444. 

  444. 					WHERE post_edit_user = $user_id";

    445. 

  445. 				$db->sql_query($sql);

    446. 

  446. 

    447. 

  447. 				$sql = 'UPDATE ' . TOPICS_TABLE . '

    448. 

  448. 					SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''

    449. 

  449. 					WHERE topic_poster = $user_id";

    450. 

  450. 				$db->sql_query($sql);

    451. 

  451. 

    452. 

  452. 				$sql = 'UPDATE ' . TOPICS_TABLE . '

    453. 

  453. 					SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''

    454. 

  454. 					WHERE topic_last_poster_id = $user_id";

    455. 

  455. 				$db->sql_query($sql);

    456. 

  456. 

    457. 

  457. 				$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '

    458. 

  458. 					SET poster_id = ' . ANONYMOUS . "

    459. 

  459. 					WHERE poster_id = $user_id";

    460. 

  460. 				$db->sql_query($sql);

    461. 

  461. 

    462. 

  462. 				// Since we change every post by this author, we need to count this amount towards the anonymous user

    463. 

  463. 

    464. 

  464. 				// Update the post count for the anonymous user

    465. 

  465. 				if ($user_row['user_posts'])

    466. 

  466. 				{

    467. 

  467. 					$sql = 'UPDATE ' . USERS_TABLE . '

    468. 

  468. 						SET user_posts = user_posts + ' . $user_row['user_posts'] . '

    469. 

  469. 						WHERE user_id = ' . ANONYMOUS;

    470. 

  470. 					$db->sql_query($sql);

    471. 

  471. 				}

    472. 

  472. 			}

    473. 

  473. 

    474. 

  474. 			$db->sql_transaction('commit');

    475. 

  475. 

    476. 

  476. 		break;

    477. 

  477. 

    478. 

  478. 		case 'remove':

    479. 

  479. 

    480. 

  480. 			if (!function_exists('delete_posts'))

    481. 

  481. 			{

    482. 

  482. 				include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

    483. 

  483. 			}

    484. 

  484. 

    485. 

  485. 			// Delete posts, attachments, etc.

    486. 

  486. 			delete_posts('poster_id', $user_id);

    487. 

  487. 

    488. 

  488. 		break;

    489. 

  489. 	}

    490. 

  490. 

    491. 

  491. 	$db->sql_transaction('begin');

    492. 

  492. 

    493. 

  493. 	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);

    494. 

  494. 

    495. 

  495. 	foreach ($table_ary as $table)

    496. 

  496. 	{

    497. 

  497. 		$sql = "DELETE FROM $table

    498. 

  498. 			WHERE user_id = $user_id";

    499. 

  499. 		$db->sql_query($sql);

    500. 

  500. 	}

    501. 

  501. 

    502. 

  502. 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);

    503. 

  503. 

    504. 

  504. 	// Delete user log entries about this user

    505. 

  505. 	$sql = 'DELETE FROM ' . LOG_TABLE . '

    506. 

  506. 		WHERE reportee_id = ' . $user_id;

    507. 

  507. 	$db->sql_query($sql);

    508. 

  508. 

    509. 

  509. 	// Change user_id to anonymous for this users triggered events

    510. 

  510. 	$sql = 'UPDATE ' . LOG_TABLE . '

    511. 

  511. 		SET user_id = ' . ANONYMOUS . '

    512. 

  512. 		WHERE user_id = ' . $user_id;

    513. 

  513. 	$db->sql_query($sql);

    514. 

  514. 

    515. 

  515. 	// Delete the user_id from the zebra table

    516. 

  516. 	$sql = 'DELETE FROM ' . ZEBRA_TABLE . '

    517. 

  517. 		WHERE user_id = ' . $user_id . '

    518. 

  518. 			OR zebra_id = ' . $user_id;

    519. 

  519. 	$db->sql_query($sql);

    520. 

  520. 

    521. 

  521. 	// Delete the user_id from the banlist

    522. 

  522. 	$sql = 'DELETE FROM ' . BANLIST_TABLE . '

    523. 

  523. 		WHERE ban_userid = ' . $user_id;

    524. 

  524. 	$db->sql_query($sql);

    525. 

  525. 

    526. 

  526. 	// Delete the user_id from the session table

    527. 

  527. 	$sql = 'DELETE FROM ' . SESSIONS_TABLE . '

    528. 

  528. 		WHERE session_user_id = ' . $user_id;

    529. 

  529. 	$db->sql_query($sql);

    530. 

  530. 

    531. 

  531. 	// Remove any undelivered mails...

    532. 

  532. 	$sql = 'SELECT msg_id, user_id

    533. 

  533. 		FROM ' . PRIVMSGS_TO_TABLE . '

    534. 

  534. 		WHERE author_id = ' . $user_id . '

    535. 

  535. 			AND folder_id = ' . PRIVMSGS_NO_BOX;

    536. 

  536. 	$result = $db->sql_query($sql);

    537. 

  537. 

    538. 

  538. 	$undelivered_msg = $undelivered_user = array();

    539. 

  539. 	while ($row = $db->sql_fetchrow($result))

    540. 

  540. 	{

    541. 

  541. 		$undelivered_msg[] = $row['msg_id'];

    542. 

  542. 		$undelivered_user[$row['user_id']][] = true;

    543. 

  543. 	}

    544. 

  544. 	$db->sql_freeresult($result);

    545. 

  545. 

    546. 

  546. 	if (sizeof($undelivered_msg))

    547. 

  547. 	{

    548. 

  548. 		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '

    549. 

  549. 			WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);

    550. 

  550. 		$db->sql_query($sql);

    551. 

  551. 	}

    552. 

  552. 

    553. 

  553. 	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '

    554. 

  554. 		WHERE author_id = ' . $user_id . '

    555. 

  555. 			AND folder_id = ' . PRIVMSGS_NO_BOX;

    556. 

  556. 	$db->sql_query($sql);

    557. 

  557. 

    558. 

  558. 	// Delete all to-information

    559. 

  559. 	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '

    560. 

  560. 		WHERE user_id = ' . $user_id;

    561. 

  561. 	$db->sql_query($sql);

    562. 

  562. 

    563. 

  563. 	// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed

    564. 

  564. 	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '

    565. 

  565. 		SET author_id = ' . ANONYMOUS . '

    566. 

  566. 		WHERE author_id = ' . $user_id;

    567. 

  567. 	$db->sql_query($sql);

    568. 

  568. 

    569. 

  569. 	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '

    570. 

  570. 		SET author_id = ' . ANONYMOUS . '

    571. 

  571. 		WHERE author_id = ' . $user_id;

    572. 

  572. 	$db->sql_query($sql);

    573. 

  573. 

    574. 

  574. 	foreach ($undelivered_user as $_user_id => $ary)

    575. 

  575. 	{

    576. 

  576. 		if ($_user_id == $user_id)

    577. 

  577. 		{

    578. 

  578. 			continue;

    579. 

  579. 		}

    580. 

  580. 

    581. 

  581. 		$sql = 'UPDATE ' . USERS_TABLE . '

    582. 

  582. 			SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',

    583. 

  583. 				user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '

    584. 

  584. 			WHERE user_id = ' . $_user_id;

    585. 

  585. 		$db->sql_query($sql);

    586. 

  586. 	}

    587. 

  587. 

    588. 

  588. 	$db->sql_transaction('commit');

    589. 

  589. 

    590. 

  590. 	// Reset newest user info if appropriate

    591. 

  591. 	if ($config['newest_user_id'] == $user_id)

    592. 

  592. 	{

    593. 

  593. 		update_last_username();

    594. 

  594. 	}

    595. 

  595. 

    596. 

  596. 	// Decrement number of users if this user is active

    597. 

  597. 	if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)

    598. 

  598. 	{

    599. 

  599. 		set_config_count('num_users', -1, true);

    600. 

  600. 	}

    601. 

  601. 

    602. 

  602. 	return false;

    603. 

  603. }

    604. 

  604. 

    605. 

  605. /**

    606. 

  606. * Flips user_type from active to inactive and vice versa, handles group membership updates

    607. 

  607. *

    608. 

  608. * @param string $mode can be flip for flipping from active/inactive, activate or deactivate

    609. 

  609. */

    610. 

  610. function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)

    611. 

  611. {

    612. 

  612. 	global $config, $db, $user, $auth;

    613. 

  613. 

    614. 

  614. 	$deactivated = $activated = 0;

    615. 

  615. 	$sql_statements = array();

    616. 

  616. 

    617. 

  617. 	if (!is_array($user_id_ary))

    618. 

  618. 	{

    619. 

  619. 		$user_id_ary = array($user_id_ary);

    620. 

  620. 	}

    621. 

  621. 

    622. 

  622. 	if (!sizeof($user_id_ary))

    623. 

  623. 	{

    624. 

  624. 		return;

    625. 

  625. 	}

    626. 

  626. 

    627. 

  627. 	$sql = 'SELECT user_id, group_id, user_type, user_inactive_reason

    628. 

  628. 		FROM ' . USERS_TABLE . '

    629. 

  629. 		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);

    630. 

  630. 	$result = $db->sql_query($sql);

    631. 

  631. 

    632. 

  632. 	while ($row = $db->sql_fetchrow($result))

    633. 

  633. 	{

    634. 

  634. 		$sql_ary = array();

    635. 

  635. 

    636. 

  636. 		if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER ||

    637. 

  637. 			($mode == 'activate' && $row['user_type'] != USER_INACTIVE) ||

    638. 

  638. 			($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))

    639. 

  639. 		{

    640. 

  640. 			continue;

    641. 

  641. 		}

    642. 

  642. 

    643. 

  643. 		if ($row['user_type'] == USER_INACTIVE)

    644. 

  644. 		{

    645. 

  645. 			$activated++;

    646. 

  646. 		}

    647. 

  647. 		else

    648. 

  648. 		{

    649. 

  649. 			$deactivated++;

    650. 

  650. 

    651. 

  651. 			// Remove the users session key...

    652. 

  652. 			$user->reset_login_keys($row['user_id']);

    653. 

  653. 		}

    654. 

  654. 

    655. 

  655. 		$sql_ary += array(

    656. 

  656. 			'user_type'				=> ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,

    657. 

  657. 			'user_inactive_time'	=> ($row['user_type'] == USER_NORMAL) ? time() : 0,

    658. 

  658. 			'user_inactive_reason'	=> ($row['user_type'] == USER_NORMAL) ? $reason : 0,

    659. 

  659. 		);

    660. 

  660. 

    661. 

  661. 		$sql_statements[$row['user_id']] = $sql_ary;

    662. 

  662. 	}

    663. 

  663. 	$db->sql_freeresult($result);

    664. 

  664. 

    665. 

  665. 	if (sizeof($sql_statements))

    666. 

  666. 	{

    667. 

  667. 		foreach ($sql_statements as $user_id => $sql_ary)

    668. 

  668. 		{

    669. 

  669. 			$sql = 'UPDATE ' . USERS_TABLE . '

    670. 

  670. 				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '

    671. 

  671. 				WHERE user_id = ' . $user_id;

    672. 

  672. 			$db->sql_query($sql);

    673. 

  673. 		}

    674. 

  674. 

    675. 

  675. 		$auth->acl_clear_prefetch(array_keys($sql_statements));

    676. 

  676. 	}

    677. 

  677. 

    678. 

  678. 	if ($deactivated)

    679. 

  679. 	{

    680. 

  680. 		set_config_count('num_users', $deactivated * (-1), true);

    681. 

  681. 	}

    682. 

  682. 

    683. 

  683. 	if ($activated)

    684. 

  684. 	{

    685. 

  685. 		set_config_count('num_users', $activated, true);

    686. 

  686. 	}

    687. 

  687. 

    688. 

  688. 	// Update latest username

    689. 

  689. 	update_last_username();

    690. 

  690. }

    691. 

  691. 

    692. 

  692. /**

    693. 

  693. * Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address

    694. 

  694. *

    695. 

  695. * @param string $mode Type of ban. One of the following: user, ip, email

    696. 

  696. * @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses

    697. 

  697. * @param int $ban_len Ban length in minutes

    698. 

  698. * @param string $ban_len_other Ban length as a date (YYYY-MM-DD)

    699. 

  699. * @param boolean $ban_exclude Exclude these entities from banning?

    700. 

  700. * @param string $ban_reason String describing the reason for this ban

    701. 

  701. * @return boolean

    702. 

  702. */

    703. 

  703. function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')

    704. 

  704. {

    705. 

  705. 	global $db, $user, $auth, $cache;

    706. 

  706. 

    707. 

  707. 	// Delete stale bans

    708. 

  708. 	$sql = 'DELETE FROM ' . BANLIST_TABLE . '

    709. 

  709. 		WHERE ban_end < ' . time() . '

    710. 

  710. 			AND ban_end <> 0';

    711. 

  711. 	$db->sql_query($sql);

    712. 

  712. 

    713. 

  713. 	$ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;

    714. 

  714. 	$ban_list_log = implode(', ', $ban_list);

    715. 

  715. 

    716. 

  716. 	$current_time = time();

    717. 

  717. 

    718. 

  718. 	// Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.

    719. 

  719. 	if ($ban_len)

    720. 

  720. 	{

    721. 

  721. 		if ($ban_len != -1 || !$ban_len_other)

    722. 

  722. 		{

    723. 

  723. 			$ban_end = max($current_time, $current_time + ($ban_len) * 60);

    724. 

  724. 		}

    725. 

  725. 		else

    726. 

  726. 		{

    727. 

  727. 			$ban_other = explode('-', $ban_len_other);

    728. 

  728. 			if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&

    729. 

  729. 				(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))

    730. 

  730. 			{

    731. 

  731. 				$time_offset = (isset($user->timezone) && isset($user->dst)) ? (int) $user->timezone + (int) $user->dst : 0;

    732. 

  732. 				$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]) - $time_offset);

    733. 

  733. 			}

    734. 

  734. 			else

    735. 

  735. 			{

    736. 

  736. 				trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);

    737. 

  737. 			}

    738. 

  738. 		}

    739. 

  739. 	}

    740. 

  740. 	else

    741. 

  741. 	{

    742. 

  742. 		$ban_end = 0;

    743. 

  743. 	}

    744. 

  744. 

    745. 

  745. 	$founder = $founder_names = array();

    746. 

  746. 

    747. 

  747. 	if (!$ban_exclude)

    748. 

  748. 	{

    749. 

  749. 		// Create a list of founder...

    750. 

  750. 		$sql = 'SELECT user_id, user_email, username_clean

    751. 

  751. 			FROM ' . USERS_TABLE . '

    752. 

  752. 			WHERE user_type = ' . USER_FOUNDER;

    753. 

  753. 		$result = $db->sql_query($sql);

    754. 

  754. 

    755. 

  755. 		while ($row = $db->sql_fetchrow($result))

    756. 

  756. 		{

    757. 

  757. 			$founder[$row['user_id']] = $row['user_email'];

    758. 

  758. 			$founder_names[$row['user_id']] = $row['username_clean'];

    759. 

  759. 		}

    760. 

  760. 		$db->sql_freeresult($result);

    761. 

  761. 	}

    762. 

  762. 

    763. 

  763. 	$banlist_ary = array();

    764. 

  764. 

    765. 

  765. 	switch ($mode)

    766. 

  766. 	{

    767. 

  767. 		case 'user':

    768. 

  768. 			$type = 'ban_userid';

    769. 

  769. 

    770. 

  770. 			// At the moment we do not support wildcard username banning

    771. 

  771. 

    772. 

  772. 			// Select the relevant user_ids.

    773. 

  773. 			$sql_usernames = array();

    774. 

  774. 

    775. 

  775. 			foreach ($ban_list as $username)

    776. 

  776. 			{

    777. 

  777. 				$username = trim($username);

    778. 

  778. 				if ($username != '')

    779. 

  779. 				{

    780. 

  780. 					$clean_name = utf8_clean_string($username);

    781. 

  781. 					if ($clean_name == $user->data['username_clean'])

    782. 

  782. 					{

    783. 

  783. 						trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);

    784. 

  784. 					}

    785. 

  785. 					if (in_array($clean_name, $founder_names))

    786. 

  786. 					{

    787. 

  787. 						trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);

    788. 

  788. 					}

    789. 

  789. 					$sql_usernames[] = $clean_name;

    790. 

  790. 				}

    791. 

  791. 			}

    792. 

  792. 

    793. 

  793. 			// Make sure we have been given someone to ban

    794. 

  794. 			if (!sizeof($sql_usernames))

    795. 

  795. 			{

    796. 

  796. 				trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);

    797. 

  797. 			}

    798. 

  798. 

    799. 

  799. 			$sql = 'SELECT user_id

    800. 

  800. 				FROM ' . USERS_TABLE . '

    801. 

  801. 				WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);

    802. 

  802. 

    803. 

  803. 			// Do not allow banning yourself, the guest account, or founders.

    804. 

  804. 			$non_bannable = array($user->data['user_id'], ANONYMOUS);

    805. 

  805. 			if (sizeof($founder))

    806. 

  806. 			{

    807. 

  807. 				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);

    808. 

  808. 			}

    809. 

  809. 			else

    810. 

  810. 			{

    811. 

  811. 				$sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);

    812. 

  812. 			}

    813. 

  813. 

    814. 

  814. 			$result = $db->sql_query($sql);

    815. 

  815. 

    816. 

  816. 			if ($row = $db->sql_fetchrow($result))

    817. 

  817. 			{

    818. 

  818. 				do

    819. 

  819. 				{

    820. 

  820. 					$banlist_ary[] = (int) $row['user_id'];

    821. 

  821. 				}

    822. 

  822. 				while ($row = $db->sql_fetchrow($result));

    823. 

  823. 			}

    824. 

  824. 			else

    825. 

  825. 			{

    826. 

  826. 				$db->sql_freeresult($result);

    827. 

  827. 				trigger_error('NO_USERS', E_USER_WARNING);

    828. 

  828. 			}

    829. 

  829. 			$db->sql_freeresult($result);

    830. 

  830. 		break;

    831. 

  831. 

    832. 

  832. 		case 'ip':

    833. 

  833. 			$type = 'ban_ip';

    834. 

  834. 

    835. 

  835. 			foreach ($ban_list as $ban_item)

    836. 

  836. 			{

    837. 

  837. 				if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))

    838. 

  838. 				{

    839. 

  839. 					// This is an IP range

    840. 

  840. 					// Don't ask about all this, just don't ask ... !

    841. 

  841. 					$ip_1_counter = $ip_range_explode[1];

    842. 

  842. 					$ip_1_end = $ip_range_explode[5];

    843. 

  843. 

    844. 

  844. 					while ($ip_1_counter <= $ip_1_end)

    845. 

  845. 					{

    846. 

  846. 						$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;

    847. 

  847. 						$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];

    848. 

  848. 

    849. 

  849. 						if ($ip_2_counter == 0 && $ip_2_end == 254)

    850. 

  850. 						{

    851. 

  851. 							$ip_2_counter = 256;

    852. 

  852. 							$ip_2_fragment = 256;

    853. 

  853. 

    854. 

  854. 							$banlist_ary[] = "$ip_1_counter.*";

    855. 

  855. 						}

    856. 

  856. 

    857. 

  857. 						while ($ip_2_counter <= $ip_2_end)

    858. 

  858. 						{

    859. 

  859. 							$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;

    860. 

  860. 							$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];

    861. 

  861. 

    862. 

  862. 							if ($ip_3_counter == 0 && $ip_3_end == 254)

    863. 

  863. 							{

    864. 

  864. 								$ip_3_counter = 256;

    865. 

  865. 								$ip_3_fragment = 256;

    866. 

  866. 

    867. 

  867. 								$banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";

    868. 

  868. 							}

    869. 

  869. 

    870. 

  870. 							while ($ip_3_counter <= $ip_3_end)

    871. 

  871. 							{

    872. 

  872. 								$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;

    873. 

  873. 								$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];

    874. 

  874. 

    875. 

  875. 								if ($ip_4_counter == 0 && $ip_4_end == 254)

    876. 

  876. 								{

    877. 

  877. 									$ip_4_counter = 256;

    878. 

  878. 									$ip_4_fragment = 256;

    879. 

  879. 

    880. 

  880. 									$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";

    881. 

  881. 								}

    882. 

  882. 

    883. 

  883. 								while ($ip_4_counter <= $ip_4_end)

    884. 

  884. 								{

    885. 

  885. 									$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";

    886. 

  886. 									$ip_4_counter++;

    887. 

  887. 								}

    888. 

  888. 								$ip_3_counter++;

    889. 

  889. 							}

    890. 

  890. 							$ip_2_counter++;

    891. 

  891. 						}

    892. 

  892. 						$ip_1_counter++;

    893. 

  893. 					}

    894. 

  894. 				}

    895. 

  895. 				else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))

    896. 

  896. 				{

    897. 

  897. 					// Normal IP address

    898. 

  898. 					$banlist_ary[] = trim($ban_item);

    899. 

  899. 				}

    900. 

  900. 				else if (preg_match('#^\*$#', trim($ban_item)))

    901. 

  901. 				{

    902. 

  902. 					// Ban all IPs

    903. 

  903. 					$banlist_ary[] = '*';

    904. 

  904. 				}

    905. 

  905. 				else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))

    906. 

  906. 				{

    907. 

  907. 					// hostname

    908. 

  908. 					$ip_ary = gethostbynamel(trim($ban_item));

    909. 

  909. 

    910. 

  910. 					if (!empty($ip_ary))

    911. 

  911. 					{

    912. 

  912. 						foreach ($ip_ary as $ip)

    913. 

  913. 						{

    914. 

  914. 							if ($ip)

    915. 

  915. 							{

    916. 

  916. 								if (strlen($ip) > 40)

    917. 

  917. 								{

    918. 

  918. 									continue;

    919. 

  919. 								}

    920. 

  920. 

    921. 

  921. 								$banlist_ary[] = $ip;

    922. 

  922. 							}

    923. 

  923. 						}

    924. 

  924. 					}

    925. 

  925. 				}

    926. 

  926. 

    927. 

  927. 				if (empty($banlist_ary))

    928. 

  928. 				{

    929. 

  929. 					trigger_error('NO_IPS_DEFINED', E_USER_WARNING);

    930. 

  930. 				}

    931. 

  931. 			}

    932. 

  932. 		break;

    933. 

  933. 

    934. 

  934. 		case 'email':

    935. 

  935. 			$type = 'ban_email';

    936. 

  936. 

    937. 

  937. 			foreach ($ban_list as $ban_item)

    938. 

  938. 			{

    939. 

  939. 				$ban_item = trim($ban_item);

    940. 

  940. 

    941. 

  941. 				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))

    942. 

  942. 				{

    943. 

  943. 					if (strlen($ban_item) > 100)

    944. 

  944. 					{

    945. 

  945. 						continue;

    946. 

  946. 					}

    947. 

  947. 

    948. 

  948. 					if (!sizeof($founder) || !in_array($ban_item, $founder))

    949. 

  949. 					{

    950. 

  950. 						$banlist_ary[] = $ban_item;

    951. 

  951. 					}

    952. 

  952. 				}

    953. 

  953. 			}

    954. 

  954. 

    955. 

  955. 			if (sizeof($ban_list) == 0)

    956. 

  956. 			{

    957. 

  957. 				trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);

    958. 

  958. 			}

    959. 

  959. 		break;

    960. 

  960. 

    961. 

  961. 		default:

    962. 

  962. 			trigger_error('NO_MODE', E_USER_WARNING);

    963. 

  963. 		break;

    964. 

  964. 	}

    965. 

  965. 

    966. 

  966. 	// Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.

    967. 

  967. 	$sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";

    968. 

  968. 

    969. 

  969. 	$sql = "SELECT $type

    970. 

  970. 		FROM " . BANLIST_TABLE . "

    971. 

  971. 		WHERE $sql_where

    972. 

  972. 			AND ban_exclude = " . (int) $ban_exclude;

    973. 

  973. 	$result = $db->sql_query($sql);

    974. 

  974. 

    975. 

  975. 	// Reset $sql_where, because we use it later...

    976. 

  976. 	$sql_where = '';

    977. 

  977. 

    978. 

  978. 	if ($row = $db->sql_fetchrow($result))

    979. 

  979. 	{

    980. 

  980. 		$banlist_ary_tmp = array();

    981. 

  981. 		do

    982. 

  982. 		{

    983. 

  983. 			switch ($mode)

    984. 

  984. 			{

    985. 

  985. 				case 'user':

    986. 

  986. 					$banlist_ary_tmp[] = $row['ban_userid'];

    987. 

  987. 				break;

    988. 

  988. 

    989. 

  989. 				case 'ip':

    990. 

  990. 					$banlist_ary_tmp[] = $row['ban_ip'];

    991. 

  991. 				break;

    992. 

  992. 

    993. 

  993. 				case 'email':

    994. 

  994. 					$banlist_ary_tmp[] = $row['ban_email'];

    995. 

  995. 				break;

    996. 

  996. 			}

    997. 

  997. 		}

    998. 

  998. 		while ($row = $db->sql_fetchrow($result));

    999. 

  999. 

    1000. 

  1000. 		$banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);

    1001. 

  1001. 

    1002. 

  1002. 		if (sizeof($banlist_ary_tmp))

    1003. 

  1003. 		{

    1004. 

  1004. 			// One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length

    1005. 

  1005. 			$sql = 'DELETE FROM ' . BANLIST_TABLE . '

    1006. 

  1006. 				WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . '

    1007. 

  1007. 					AND ban_exclude = ' . (int) $ban_exclude;

    1008. 

  1008. 			$db->sql_query($sql);

    1009. 

  1009. 		}

    1010. 

  1010. 

    1011. 

  1011. 		unset($banlist_ary_tmp);

    1012. 

  1012. 	}

    1013. 

  1013. 	$db->sql_freeresult($result);

    1014. 

  1014. 

    1015. 

  1015. 	// We have some entities to ban

    1016. 

  1016. 	if (sizeof($banlist_ary))

    1017. 

  1017. 	{

    1018. 

  1018. 		$sql_ary = array();

    1019. 

  1019. 

    1020. 

  1020. 		foreach ($banlist_ary as $ban_entry)

    1021. 

  1021. 		{

    1022. 

  1022. 			$sql_ary[] = array(

    1023. 

  1023. 				$type				=> $ban_entry,

    1024. 

  1024. 				'ban_start'			=> (int) $current_time,

    1025. 

  1025. 				'ban_end'			=> (int) $ban_end,

    1026. 

  1026. 				'ban_exclude'		=> (int) $ban_exclude,

    1027. 

  1027. 				'ban_reason'		=> (string) $ban_reason,

    1028. 

  1028. 				'ban_give_reason'	=> (string) $ban_give_reason,

    1029. 

  1029. 			);

    1030. 

  1030. 		}

    1031. 

  1031. 

    1032. 

  1032. 		$db->sql_multi_insert(BANLIST_TABLE, $sql_ary);

    1033. 

  1033. 

    1034. 

  1034. 		// If we are banning we want to logout anyone matching the ban

    1035. 

  1035. 		if (!$ban_exclude)

    1036. 

  1036. 		{

    1037. 

  1037. 			switch ($mode)

    1038. 

  1038. 			{

    1039. 

  1039. 				case 'user':

    1040. 

  1040. 					$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);

    1041. 

  1041. 				break;

    1042. 

  1042. 

    1043. 

  1043. 				case 'ip':

    1044. 

  1044. 					$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);

    1045. 

  1045. 				break;

    1046. 

  1046. 

    1047. 

  1047. 				case 'email':

    1048. 

  1048. 					$banlist_ary_sql = array();

    1049. 

  1049. 

    1050. 

  1050. 					foreach ($banlist_ary as $ban_entry)

    1051. 

  1051. 					{

    1052. 

  1052. 						$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);

    1053. 

  1053. 					}

    1054. 

  1054. 

    1055. 

  1055. 					$sql = 'SELECT user_id

    1056. 

  1056. 						FROM ' . USERS_TABLE . '

    1057. 

  1057. 						WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);

    1058. 

  1058. 					$result = $db->sql_query($sql);

    1059. 

  1059. 

    1060. 

  1060. 					$sql_in = array();

    1061. 

  1061. 

    1062. 

  1062. 					if ($row = $db->sql_fetchrow($result))

    1063. 

  1063. 					{

    1064. 

  1064. 						do

    1065. 

  1065. 						{

    1066. 

  1066. 							$sql_in[] = $row['user_id'];

    1067. 

  1067. 						}

    1068. 

  1068. 						while ($row = $db->sql_fetchrow($result));

    1069. 

  1069. 

    1070. 

  1070. 						$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);

    1071. 

  1071. 					}

    1072. 

  1072. 					$db->sql_freeresult($result);

    1073. 

  1073. 				break;

    1074. 

  1074. 			}

    1075. 

  1075. 

    1076. 

  1076. 			if (isset($sql_where) && $sql_where)

    1077. 

  1077. 			{

    1078. 

  1078. 				$sql = 'DELETE FROM ' . SESSIONS_TABLE . "

    1079. 

  1079. 					$sql_where";

    1080. 

  1080. 				$db->sql_query($sql);

    1081. 

  1081. 

    1082. 

  1082. 				if ($mode == 'user')

    1083. 

  1083. 				{

    1084. 

  1084. 					$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));

    1085. 

  1085. 					$db->sql_query($sql);

    1086. 

  1086. 				}

    1087. 

  1087. 			}

    1088. 

  1088. 		}

    1089. 

  1089. 

    1090. 

  1090. 		// Update log

    1091. 

  1091. 		$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';

    1092. 

  1092. 

    1093. 

  1093. 		// Add to moderator log, admin log and user notes

    1094. 

  1094. 		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);

    1095. 

  1095. 		add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);

    1096. 

  1096. 		if ($mode == 'user')

    1097. 

  1097. 		{

    1098. 

  1098. 			foreach ($banlist_ary as $user_id)

    1099. 

  1099. 			{

    1100. 

  1100. 				add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);

    1101. 

  1101. 			}

    1102. 

  1102. 		}

    1103. 

  1103. 

    1104. 

  1104. 		$cache->destroy('sql', BANLIST_TABLE);

    1105. 

  1105. 

    1106. 

  1106. 		return true;

    1107. 

  1107. 	}

    1108. 

  1108. 

    1109. 

  1109. 	// There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans.

    1110. 

  1110. 	$cache->destroy('sql', BANLIST_TABLE);

    1111. 

  1111. 

    1112. 

  1112. 	return false;

    1113. 

  1113. }

    1114. 

  1114. 

    1115. 

  1115. /**

    1116. 

  1116. * Unban User

    1117. 

  1117. */

    1118. 

  1118. function user_unban($mode, $ban)

    1119. 

  1119. {

    1120. 

  1120. 	global $db, $user, $auth, $cache;

    1121. 

  1121. 

    1122. 

  1122. 	// Delete stale bans

    1123. 

  1123. 	$sql = 'DELETE FROM ' . BANLIST_TABLE . '

    1124. 

  1124. 		WHERE ban_end < ' . time() . '

    1125. 

  1125. 			AND ban_end <> 0';

    1126. 

  1126. 	$db->sql_query($sql);

    1127. 

  1127. 

    1128. 

  1128. 	if (!is_array($ban))

    1129. 

  1129. 	{

    1130. 

  1130. 		$ban = array($ban);

    1131. 

  1131. 	}

    1132. 

  1132. 

    1133. 

  1133. 	$unban_sql = array_map('intval', $ban);

    1134. 

  1134. 

    1135. 

  1135. 	if (sizeof($unban_sql))

    1136. 

  1136. 	{

    1137. 

  1137. 		// Grab details of bans for logging information later

    1138. 

  1138. 		switch ($mode)

    1139. 

  1139. 		{

    1140. 

  1140. 			case 'user':

    1141. 

  1141. 				$sql = 'SELECT u.username AS unban_info, u.user_id

    1142. 

  1142. 					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b

    1143. 

  1143. 					WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '

    1144. 

  1144. 						AND u.user_id = b.ban_userid';

    1145. 

  1145. 			break;

    1146. 

  1146. 

    1147. 

  1147. 			case 'email':

    1148. 

  1148. 				$sql = 'SELECT ban_email AS unban_info

    1149. 

  1149. 					FROM ' . BANLIST_TABLE . '

    1150. 

  1150. 					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);

    1151. 

  1151. 			break;

    1152. 

  1152. 

    1153. 

  1153. 			case 'ip':

    1154. 

  1154. 				$sql = 'SELECT ban_ip AS unban_info

    1155. 

  1155. 					FROM ' . BANLIST_TABLE . '

    1156. 

  1156. 					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);

    1157. 

  1157. 			break;

    1158. 

  1158. 		}

    1159. 

  1159. 		$result = $db->sql_query($sql);

    1160. 

  1160. 

    1161. 

  1161. 		$l_unban_list = '';

    1162. 

  1162. 		$user_ids_ary = array();

    1163. 

  1163. 		while ($row = $db->sql_fetchrow($result))

    1164. 

  1164. 		{

    1165. 

  1165. 			$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];

    1166. 

  1166. 			if ($mode == 'user')

    1167. 

  1167. 			{

    1168. 

  1168. 				$user_ids_ary[] = $row['user_id'];

    1169. 

  1169. 			}

    1170. 

  1170. 		}

    1171. 

  1171. 		$db->sql_freeresult($result);

    1172. 

  1172. 

    1173. 

  1173. 		$sql = 'DELETE FROM ' . BANLIST_TABLE . '

    1174. 

  1174. 			WHERE ' . $db->sql_in_set('ban_id', $unban_sql);

    1175. 

  1175. 		$db->sql_query($sql);

    1176. 

  1176. 

    1177. 

  1177. 		// Add to moderator log, admin log and user notes

    1178. 

  1178. 		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);

    1179. 

  1179. 		add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);

    1180. 

  1180. 		if ($mode == 'user')

    1181. 

  1181. 		{

    1182. 

  1182. 			foreach ($user_ids_ary as $user_id)

    1183. 

  1183. 			{

    1184. 

  1184. 				add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);

    1185. 

  1185. 			}

    1186. 

  1186. 		}

    1187. 

  1187. 	}

    1188. 

  1188. 

    1189. 

  1189. 	$cache->destroy('sql', BANLIST_TABLE);

    1190. 

  1190. 

    1191. 

  1191. 	return false;

    1192. 

  1192. }

    1193. 

  1193. 

    1194. 

  1194. /**

    1195. 

  1195. * Internet Protocol Address Whois

    1196. 

  1196. * RFC3912: WHOIS Protocol Specification

    1197. 

  1197. *

    1198. 

  1198. * @param string $ip		Ip address, either IPv4 or IPv6.

    1199. 

  1199. *

    1200. 

  1200. * @return string		Empty string if not a valid ip address.

    1201. 

  1201. *						Otherwise make_clickable()'ed whois result.

    1202. 

  1202. */

    1203. 

  1203. function user_ipwhois($ip)

    1204. 

  1204. {

    1205. 

  1205. 	if (empty($ip))

    1206. 

  1206. 	{

    1207. 

  1207. 		return '';

    1208. 

  1208. 	}

    1209. 

  1209. 

    1210. 

  1210. 	if (preg_match(get_preg_expression('ipv4'), $ip))

    1211. 

  1211. 	{

    1212. 

  1212. 		// IPv4 address

    1213. 

  1213. 		$whois_host = 'whois.arin.net.';

    1214. 

  1214. 	}

    1215. 

  1215. 	else if (preg_match(get_preg_expression('ipv6'), $ip))

    1216. 

  1216. 	{

    1217. 

  1217. 		// IPv6 address

    1218. 

  1218. 		$whois_host = 'whois.sixxs.net.';

    1219. 

  1219. 	}

    1220. 

  1220. 	else

    1221. 

  1221. 	{

    1222. 

  1222. 		return '';

    1223. 

  1223. 	}

    1224. 

  1224. 

    1225. 

  1225. 	$ipwhois = '';

    1226. 

  1226. 

    1227. 

  1227. 	if (($fsk = @fsockopen($whois_host, 43)))

    1228. 

  1228. 	{

    1229. 

  1229. 		// CRLF as per RFC3912

    1230. 

  1230. 		fputs($fsk, "$ip\r\n");

    1231. 

  1231. 		while (!feof($fsk))

    1232. 

  1232. 		{

    1233. 

  1233. 			$ipwhois .= fgets($fsk, 1024);

    1234. 

  1234. 		}

    1235. 

  1235. 		@fclose($fsk);

    1236. 

  1236. 	}

    1237. 

  1237. 

    1238. 

  1238. 	$match = array();

    1239. 

  1239. 

    1240. 

  1240. 	// Test for referrals from $whois_host to other whois databases, roll on rwhois

    1241. 

  1241. 	if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))

    1242. 

  1242. 	{

    1243. 

  1243. 		if (strpos($match[1], ':') !== false)

    1244. 

  1244. 		{

    1245. 

  1245. 			$pos	= strrpos($match[1], ':');

    1246. 

  1246. 			$server	= substr($match[1], 0, $pos);

    1247. 

  1247. 			$port	= (int) substr($match[1], $pos + 1);

    1248. 

  1248. 			unset($pos);

    1249. 

  1249. 		}

    1250. 

  1250. 		else

    1251. 

  1251. 		{

    1252. 

  1252. 			$server	= $match[1];

    1253. 

  1253. 			$port	= 43;

    1254. 

  1254. 		}

    1255. 

  1255. 

    1256. 

  1256. 		$buffer = '';

    1257. 

  1257. 

    1258. 

  1258. 		if (($fsk = @fsockopen($server, $port)))

    1259. 

  1259. 		{

    1260. 

  1260. 			fputs($fsk, "$ip\r\n");

    1261. 

  1261. 			while (!feof($fsk))

    1262. 

  1262. 			{

    1263. 

  1263. 				$buffer .= fgets($fsk, 1024);

    1264. 

  1264. 			}

    1265. 

  1265. 			@fclose($fsk);

    1266. 

  1266. 		}

    1267. 

  1267. 

    1268. 

  1268. 		// Use the result from $whois_host if we don't get any result here

    1269. 

  1269. 		$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;

    1270. 

  1270. 	}

    1271. 

  1271. 

    1272. 

  1272. 	$ipwhois = htmlspecialchars($ipwhois);

    1273. 

  1273. 

    1274. 

  1274. 	// Magic URL ;)

    1275. 

  1275. 	return trim(make_clickable($ipwhois, false, ''));

    1276. 

  1276. }

    1277. 

  1277. 

    1278. 

  1278. /**

    1279. 

  1279. * Data validation ... used primarily but not exclusively by ucp modules

    1280. 

  1280. *

    1281. 

  1281. * "Master" function for validating a range of data types

    1282. 

  1282. */

    1283. 

  1283. function validate_data($data, $val_ary)

    1284. 

  1284. {

    1285. 

  1285. 	global $user;

    1286. 

  1286. 

    1287. 

  1287. 	$error = array();

    1288. 

  1288. 

    1289. 

  1289. 	foreach ($val_ary as $var => $val_seq)

    1290. 

  1290. 	{

    1291. 

  1291. 		if (!is_array($val_seq[0]))

    1292. 

  1292. 		{

    1293. 

  1293. 			$val_seq = array($val_seq);

    1294. 

  1294. 		}

    1295. 

  1295. 

    1296. 

  1296. 		foreach ($val_seq as $validate)

    1297. 

  1297. 		{

    1298. 

  1298. 			$function = array_shift($validate);

    1299. 

  1299. 			array_unshift($validate, $data[$var]);

    1300. 

  1300. 

    1301. 

  1301. 			if ($result = call_user_func_array('validate_' . $function, $validate))

    1302. 

  1302. 			{

    1303. 

  1303. 				// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.

    1304. 

  1304. 				$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);

    1305. 

  1305. 			}

    1306. 

  1306. 		}

    1307. 

  1307. 	}

    1308. 

  1308. 

    1309. 

  1309. 	return $error;

    1310. 

  1310. }

    1311. 

  1311. 

    1312. 

  1312. /**

    1313. 

  1313. * Validate String

    1314. 

  1314. *

    1315. 

  1315. * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)

    1316. 

  1316. */

    1317. 

  1317. function validate_string($string, $optional = false, $min = 0, $max = 0)

    1318. 

  1318. {

    1319. 

  1319. 	if (empty($string) && $optional)

    1320. 

  1320. 	{

    1321. 

  1321. 		return false;

    1322. 

  1322. 	}

    1323. 

  1323. 

    1324. 

  1324. 	if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)

    1325. 

  1325. 	{

    1326. 

  1326. 		return 'TOO_SHORT';

    1327. 

  1327. 	}

    1328. 

  1328. 	else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)

    1329. 

  1329. 	{

    1330. 

  1330. 		return 'TOO_LONG';

    1331. 

  1331. 	}

    1332. 

  1332. 

    1333. 

  1333. 	return false;

    1334. 

  1334. }

    1335. 

  1335. 

    1336. 

  1336. /**

    1337. 

  1337. * Validate Number

    1338. 

  1338. *

    1339. 

  1339. * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)

    1340. 

  1340. */

    1341. 

  1341. function validate_num($num, $optional = false, $min = 0, $max = 1E99)

    1342. 

  1342. {

    1343. 

  1343. 	if (empty($num) && $optional)

    1344. 

  1344. 	{

    1345. 

  1345. 		return false;

    1346. 

  1346. 	}

    1347. 

  1347. 

    1348. 

  1348. 	if ($num < $min)

    1349. 

  1349. 	{

    1350. 

  1350. 		return 'TOO_SMALL';

    1351. 

  1351. 	}

    1352. 

  1352. 	else if ($num > $max)

    1353. 

  1353. 	{

    1354. 

  1354. 		return 'TOO_LARGE';

    1355. 

  1355. 	}

    1356. 

  1356. 

    1357. 

  1357. 	return false;

    1358. 

  1358. }

    1359. 

  1359. 

    1360. 

  1360. /**

    1361. 

  1361. * Validate Date

    1362. 

  1362. * @param String $string a date in the dd-mm-yyyy format

    1363. 

  1363. * @return	boolean

    1364. 

  1364. */

    1365. 

  1365. function validate_date($date_string, $optional = false)

    1366. 

  1366. {

    1367. 

  1367. 	$date = explode('-', $date_string);

    1368. 

  1368. 	if ((empty($date) || sizeof($date) != 3) && $optional)

    1369. 

  1369. 	{

    1370. 

  1370. 		return false;

    1371. 

  1371. 	}

    1372. 

  1372. 	else if ($optional)

    1373. 

  1373. 	{

    1374. 

  1374. 		for ($field = 0; $field <= 1; $field++)

    1375. 

  1375. 		{

    1376. 

  1376. 			$date[$field] = (int) $date[$field];

    1377. 

  1377. 			if (empty($date[$field]))

    1378. 

  1378. 			{

    1379. 

  1379. 				$date[$field] = 1;

    1380. 

  1380. 			}

    1381. 

  1381. 		}

    1382. 

  1382. 		$date[2] = (int) $date[2];

    1383. 

  1383. 		// assume an arbitrary leap year

    1384. 

  1384. 		if (empty($date[2]))

    1385. 

  1385. 		{

    1386. 

  1386. 			$date[2] = 1980;

    1387. 

  1387. 		}

    1388. 

  1388. 	}

    1389. 

  1389. 

    1390. 

  1390. 	if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))

    1391. 

  1391. 	{

    1392. 

  1392. 		return 'INVALID';

    1393. 

  1393. 	}

    1394. 

  1394. 

    1395. 

  1395. 	return false;

    1396. 

  1396. }

    1397. 

  1397. 

    1398. 

  1398. 

    1399. 

  1399. /**

    1400. 

  1400. * Validate Match

    1401. 

  1401. *

    1402. 

  1402. * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)

    1403. 

  1403. */

    1404. 

  1404. function validate_match($string, $optional = false, $match = '')

    1405. 

  1405. {

    1406. 

  1406. 	if (empty($string) && $optional)

    1407. 

  1407. 	{

    1408. 

  1408. 		return false;

    1409. 

  1409. 	}

    1410. 

  1410. 

    1411. 

  1411. 	if (empty($match))

    1412. 

  1412. 	{

    1413. 

  1413. 		return false;

    1414. 

  1414. 	}

    1415. 

  1415. 

    1416. 

  1416. 	if (!preg_match($match, $string))

    1417. 

  1417. 	{

    1418. 

  1418. 		return 'WRONG_DATA';

    1419. 

  1419. 	}

    1420. 

  1420. 

    1421. 

  1421. 	return false;

    1422. 

  1422. }

    1423. 

  1423. 

    1424. 

  1424. /**

    1425. 

  1425. * Validate Language Pack ISO Name

    1426. 

  1426. *

    1427. 

  1427. * Tests whether a language name is valid and installed

    1428. 

  1428. *

    1429. 

  1429. * @param string $lang_iso	The language string to test

    1430. 

  1430. *

    1431. 

  1431. * @return bool|string		Either false if validation succeeded or

    1432. 

  1432. *							a string which will be used as the error message

    1433. 

  1433. *							(with the variable name appended)

    1434. 

  1434. */

    1435. 

  1435. function validate_language_iso_name($lang_iso)

    1436. 

  1436. {

    1437. 

  1437. 	global $db;

    1438. 

  1438. 

    1439. 

  1439. 	$sql = 'SELECT lang_id

    1440. 

  1440. 		FROM ' . LANG_TABLE . "

    1441. 

  1441. 		WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";

    1442. 

  1442. 	$result = $db->sql_query($sql);

    1443. 

  1443. 	$lang_id = (int) $db->sql_fetchfield('lang_id');

    1444. 

  1444. 	$db->sql_freeresult($result);

    1445. 

  1445. 

    1446. 

  1446. 	return ($lang_id) ? false : 'WRONG_DATA';

    1447. 

  1447. }

    1448. 

  1448. 

    1449. 

  1449. /**

    1450. 

  1450. * Check to see if the username has been taken, or if it is disallowed.

    1451. 

  1451. * Also checks if it includes the " character, which we don't allow in usernames.

    1452. 

  1452. * Used for registering, changing names, and posting anonymously with a username

    1453. 

  1453. *

    1454. 

  1454. * @param string $username The username to check

    1455. 

  1455. * @param string $allowed_username An allowed username, default being $user->data['username']

    1456. 

  1456. *

    1457. 

  1457. * @return	mixed	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)

    1458. 

  1458. */

    1459. 

  1459. function validate_username($username, $allowed_username = false)

    1460. 

  1460. {

    1461. 

  1461. 	global $config, $db, $user, $cache;

    1462. 

  1462. 

    1463. 

  1463. 	$clean_username = utf8_clean_string($username);

    1464. 

  1464. 	$allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);

    1465. 

  1465. 

    1466. 

  1466. 	if ($allowed_username == $clean_username)

    1467. 

  1467. 	{

    1468. 

  1468. 		return false;

    1469. 

  1469. 	}

    1470. 

  1470. 

    1471. 

  1471. 	// ... fast checks first.

    1472. 

  1472. 	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))

    1473. 

  1473. 	{

    1474. 

  1474. 		return 'INVALID_CHARS';

    1475. 

  1475. 	}

    1476. 

  1476. 

    1477. 

  1477. 	$mbstring = $pcre = false;

    1478. 

  1478. 

    1479. 

  1479. 	// generic UTF-8 character types supported?

    1480. 

  1480. 	if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)

    1481. 

  1481. 	{

    1482. 

  1482. 		$pcre = true;

    1483. 

  1483. 	}

    1484. 

  1484. 	else if (function_exists('mb_ereg_match'))

    1485. 

  1485. 	{

    1486. 

  1486. 		mb_regex_encoding('UTF-8');

    1487. 

  1487. 		$mbstring = true;

    1488. 

  1488. 	}

    1489. 

  1489. 

    1490. 

  1490. 	switch ($config['allow_name_chars'])

    1491. 

  1491. 	{

    1492. 

  1492. 		case 'USERNAME_CHARS_ANY':

    1493. 

  1493. 			$pcre = true;

    1494. 

  1494. 			$regex = '.+';

    1495. 

  1495. 		break;

    1496. 

  1496. 

    1497. 

  1497. 		case 'USERNAME_ALPHA_ONLY':

    1498. 

  1498. 			$pcre = true;

    1499. 

  1499. 			$regex = '[A-Za-z0-9]+';

    1500. 

  1500. 		break;

    1501. 

  1501. 

    1502. 

  1502. 		case 'USERNAME_ALPHA_SPACERS':

    1503. 

  1503. 			$pcre = true;

    1504. 

  1504. 			$regex = '[A-Za-z0-9-[\]_+ ]+';

    1505. 

  1505. 		break;

    1506. 

  1506. 

    1507. 

  1507. 		case 'USERNAME_LETTER_NUM':

    1508. 

  1508. 			if ($pcre)

    1509. 

  1509. 			{

    1510. 

  1510. 				$regex = '[\p{Lu}\p{Ll}\p{N}]+';

    1511. 

  1511. 			}

    1512. 

  1512. 			else if ($mbstring)

    1513. 

  1513. 			{

    1514. 

  1514. 				$regex = '[[:upper:][:lower:][:digit:]]+';

    1515. 

  1515. 			}

    1516. 

  1516. 			else

    1517. 

  1517. 			{

    1518. 

  1518. 				$pcre = true;

    1519. 

  1519. 				$regex = '[a-zA-Z0-9]+';

    1520. 

  1520. 			}

    1521. 

  1521. 		break;

    1522. 

  1522. 

    1523. 

  1523. 		case 'USERNAME_LETTER_NUM_SPACERS':

    1524. 

  1524. 			if ($pcre)

    1525. 

  1525. 			{

    1526. 

  1526. 				$regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';

    1527. 

  1527. 			}

    1528. 

  1528. 			else if ($mbstring)

    1529. 

  1529. 			{

    1530. 

  1530. 				$regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';

    1531. 

  1531. 			}

    1532. 

  1532. 			else

    1533. 

  1533. 			{

    1534. 

  1534. 				$pcre = true;

    1535. 

  1535. 				$regex = '[-\]_+ [a-zA-Z0-9]+';

    1536. 

  1536. 			}

    1537. 

  1537. 		break;

    1538. 

  1538. 

    1539. 

  1539. 		case 'USERNAME_ASCII':

    1540. 

  1540. 		default:

    1541. 

  1541. 			$pcre = true;

    1542. 

  1542. 			$regex = '[\x01-\x7F]+';

    1543. 

  1543. 		break;

    1544. 

  1544. 	}

    1545. 

  1545. 

    1546. 

  1546. 	if ($pcre)

    1547. 

  1547. 	{

    1548. 

  1548. 		if (!preg_match('#^' . $regex . '$#u', $username))

    1549. 

  1549. 		{

    1550. 

  1550. 			return 'INVALID_CHARS';

    1551. 

  1551. 		}

    1552. 

  1552. 	}

    1553. 

  1553. 	else if ($mbstring)

    1554. 

  1554. 	{

    1555. 

  1555. 		mb_ereg_search_init($username, '^' . $regex . '$');

    1556. 

  1556. 		if (!mb_ereg_search())

    1557. 

  1557. 		{

    1558. 

  1558. 			return 'INVALID_CHARS';

    1559. 

  1559. 		}

    1560. 

  1560. 	}

    1561. 

  1561. 

    1562. 

  1562. 	$sql = 'SELECT username

    1563. 

  1563. 		FROM ' . USERS_TABLE . "

    1564. 

  1564. 		WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";

    1565. 

  1565. 	$result = $db->sql_query($sql);

    1566. 

  1566. 	$row = $db->sql_fetchrow($result);

    1567. 

  1567. 	$db->sql_freeresult($result);

    1568. 

  1568. 

    1569. 

  1569. 	if ($row)

    1570. 

  1570. 	{

    1571. 

  1571. 		return 'USERNAME_TAKEN';

    1572. 

  1572. 	}

    1573. 

  1573. 

    1574. 

  1574. 	$sql = 'SELECT group_name

    1575. 

  1575. 		FROM ' . GROUPS_TABLE . "

    1576. 

  1576. 		WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";

    1577. 

  1577. 	$result = $db->sql_query($sql);

    1578. 

  1578. 	$row = $db->sql_fetchrow($result);

    1579. 

  1579. 	$db->sql_freeresult($result);

    1580. 

  1580. 

    1581. 

  1581. 	if ($row)

    1582. 

  1582. 	{

    1583. 

  1583. 		return 'USERNAME_TAKEN';

    1584. 

  1584. 	}

    1585. 

  1585. 

    1586. 

  1586. 	$bad_usernames = $cache->obtain_disallowed_usernames();

    1587. 

  1587. 

    1588. 

  1588. 	foreach ($bad_usernames as $bad_username)

    1589. 

  1589. 	{

    1590. 

  1590. 		if (preg_match('#^' . $bad_username . '$#', $clean_username))

    1591. 

  1591. 		{

    1592. 

  1592. 			return 'USERNAME_DISALLOWED';

    1593. 

  1593. 		}

    1594. 

  1594. 	}

    1595. 

  1595. 

    1596. 

  1596. 	return false;

    1597. 

  1597. }

    1598. 

  1598. 

    1599. 

  1599. /**

    1600. 

  1600. * Check to see if the password meets the complexity settings

    1601. 

  1601. *

    1602. 

  1602. * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)

    1603. 

  1603. */

    1604. 

  1604. function validate_password($password)

    1605. 

  1605. {

    1606. 

  1606. 	global $config, $db, $user;

    1607. 

  1607. 

    1608. 

  1608. 	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')

    1609. 

  1609. 	{

    1610. 

  1610. 		// Password empty or no password complexity required.

    1611. 

  1611. 		return false;

    1612. 

  1612. 	}

    1613. 

  1613. 

    1614. 

  1614. 	$pcre = $mbstring = false;

    1615. 

  1615. 

    1616. 

  1616. 	// generic UTF-8 character types supported?

    1617. 

  1617. 	if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)

    1618. 

  1618. 	{

    1619. 

  1619. 		$upp = '\p{Lu}';

    1620. 

  1620. 		$low = '\p{Ll}';

    1621. 

  1621. 		$num = '\p{N}';

    1622. 

  1622. 		$sym = '[^\p{Lu}\p{Ll}\p{N}]';

    1623. 

  1623. 		$pcre = true;

    1624. 

  1624. 	}

    1625. 

  1625. 	else if (function_exists('mb_ereg_match'))

    1626. 

  1626. 	{

    1627. 

  1627. 		mb_regex_encoding('UTF-8');

    1628. 

  1628. 		$upp = '[[:upper:]]';

    1629. 

  1629. 		$low = '[[:lower:]]';

    1630. 

  1630. 		$num = '[[:digit:]]';

    1631. 

  1631. 		$sym = '[^[:upper:][:lower:][:digit:]]';

    1632. 

  1632. 		$mbstring = true;

    1633. 

  1633. 	}

    1634. 

  1634. 	else

    1635. 

  1635. 	{

    1636. 

  1636. 		$upp = '[A-Z]';

    1637. 

  1637. 		$low = '[a-z]';

    1638. 

  1638. 		$num = '[0-9]';

    1639. 

  1639. 		$sym = '[^A-Za-z0-9]';

    1640. 

  1640. 		$pcre = true;

    1641. 

  1641. 	}

    1642. 

  1642. 

    1643. 

  1643. 	$chars = array();

    1644. 

  1644. 

    1645. 

  1645. 	switch ($config['pass_complex'])

    1646. 

  1646. 	{

    1647. 

  1647. 		// No break statements below ...

    1648. 

  1648. 		// We require strong passwords in case pass_complex is not set or is invalid

    1649. 

  1649. 		default:

    1650. 

  1650. 

    1651. 

  1651. 		// Require mixed case letters, numbers and symbols

    1652. 

  1652. 		case 'PASS_TYPE_SYMBOL':

    1653. 

  1653. 			$chars[] = $sym;

    1654. 

  1654. 

    1655. 

  1655. 		// Require mixed case letters and numbers

    1656. 

  1656. 		case 'PASS_TYPE_ALPHA':

    1657. 

  1657. 			$chars[] = $num;

    1658. 

  1658. 

    1659. 

  1659. 		// Require mixed case letters

    1660. 

  1660. 		case 'PASS_TYPE_CASE':

    1661. 

  1661. 			$chars[] = $low;

    1662. 

  1662. 			$chars[] = $upp;

    1663. 

  1663. 	}

    1664. 

  1664. 

    1665. 

  1665. 	if ($pcre)

    1666. 

  1666. 	{

    1667. 

  1667. 		foreach ($chars as $char)

    1668. 

  1668. 		{

    1669. 

  1669. 			if (!preg_match('#' . $char . '#u', $password))

    1670. 

  1670. 			{

    1671. 

  1671. 				return 'INVALID_CHARS';

    1672. 

  1672. 			}

    1673. 

  1673. 		}

    1674. 

  1674. 	}

    1675. 

  1675. 	else if ($mbstring)

    1676. 

  1676. 	{

    1677. 

  1677. 		foreach ($chars as $char)

    1678. 

  1678. 		{

    1679. 

  1679. 			if (mb_ereg($char, $password) === false)

    1680. 

  1680. 			{

    1681. 

  1681. 				return 'INVALID_CHARS';

    1682. 

  1682. 			}

    1683. 

  1683. 		}

    1684. 

  1684. 	}

    1685. 

  1685. 

    1686. 

  1686. 	return false;

    1687. 

  1687. }

    1688. 

  1688. 

    1689. 

  1689. /**

    1690. 

  1690. * Check to see if email address is banned or already present in the DB

    1691. 

  1691. *

    1692. 

  1692. * @param string $email The email to check

    1693. 

  1693. * @param string $allowed_email An allowed email, default being $user->data['user_email']

    1694. 

  1694. *

    1695. 

  1695. * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)

    1696. 

  1696. */

    1697. 

  1697. function validate_email($email, $allowed_email = false)

    1698. 

  1698. {

    1699. 

  1699. 	global $config, $db, $user;

    1700. 

  1700. 

    1701. 

  1701. 	$email = strtolower($email);

    1702. 

  1702. 	$allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email);

    1703. 

  1703. 

    1704. 

  1704. 	if ($allowed_email == $email)

    1705. 

  1705. 	{

    1706. 

  1706. 		return false;

    1707. 

  1707. 	}

    1708. 

  1708. 

    1709. 

  1709. 	if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))

    1710. 

  1710. 	{

    1711. 

  1711. 		return 'EMAIL_INVALID';

    1712. 

  1712. 	}

    1713. 

  1713. 

    1714. 

  1714. 	// Check MX record.

    1715. 

  1715. 	// The idea for this is from reading the UseBB blog/announcement. :)

    1716. 

  1716. 	if ($config['email_check_mx'])

    1717. 

  1717. 	{

    1718. 

  1718. 		list(, $domain) = explode('@', $email);

    1719. 

  1719. 

    1720. 

  1720. 		if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)

    1721. 

  1721. 		{

    1722. 

  1722. 			return 'DOMAIN_NO_MX_RECORD';

    1723. 

  1723. 		}

    1724. 

  1724. 	}

    1725. 

  1725. 

    1726. 

  1726. 	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)

    1727. 

  1727. 	{

    1728. 

  1728. 		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;

    1729. 

  1729. 	}

    1730. 

  1730. 

    1731. 

  1731. 	if (!$config['allow_emailreuse'])

    1732. 

  1732. 	{

    1733. 

  1733. 		$sql = 'SELECT user_email_hash

    1734. 

  1734. 			FROM ' . USERS_TABLE . "

    1735. 

  1735. 			WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));

    1736. 

  1736. 		$result = $db->sql_query($sql);

    1737. 

  1737. 		$row = $db->sql_fetchrow($result);

    1738. 

  1738. 		$db->sql_freeresult($result);

    1739. 

  1739. 

    1740. 

  1740. 		if ($row)

    1741. 

  1741. 		{

    1742. 

  1742. 			return 'EMAIL_TAKEN';

    1743. 

  1743. 		}

    1744. 

  1744. 	}

    1745. 

  1745. 

    1746. 

  1746. 	return false;

    1747. 

  1747. }

    1748. 

  1748. 

    1749. 

  1749. /**

    1750. 

  1750. * Validate jabber address

    1751. 

  1751. * Taken from the jabber class within flyspray (see author notes)

    1752. 

  1752. *

    1753. 

  1753. * @author flyspray.org

    1754. 

  1754. */

    1755. 

  1755. function validate_jabber($jid)

    1756. 

  1756. {

    1757. 

  1757. 	if (!$jid)

    1758. 

  1758. 	{

    1759. 

  1759. 		return false;

    1760. 

  1760. 	}

    1761. 

  1761. 

    1762. 

  1762. 	$seperator_pos = strpos($jid, '@');

    1763. 

  1763. 

    1764. 

  1764. 	if ($seperator_pos === false)

    1765. 

  1765. 	{

    1766. 

  1766. 		return 'WRONG_DATA';

    1767. 

  1767. 	}

    1768. 

  1768. 

    1769. 

  1769. 	$username = substr($jid, 0, $seperator_pos);

    1770. 

  1770. 	$realm = substr($jid, $seperator_pos + 1);

    1771. 

  1771. 

    1772. 

  1772. 	if (strlen($username) == 0 || strlen($realm) < 3)

    1773. 

  1773. 	{

    1774. 

  1774. 		return 'WRONG_DATA';

    1775. 

  1775. 	}

    1776. 

  1776. 

    1777. 

  1777. 	$arr = explode('.', $realm);

    1778. 

  1778. 

    1779. 

  1779. 	if (sizeof($arr) == 0)

    1780. 

  1780. 	{

    1781. 

  1781. 		return 'WRONG_DATA';

    1782. 

  1782. 	}

    1783. 

  1783. 

    1784. 

  1784. 	foreach ($arr as $part)

    1785. 

  1785. 	{

    1786. 

  1786. 		if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')

    1787. 

  1787. 		{

    1788. 

  1788. 			return 'WRONG_DATA';

    1789. 

  1789. 		}

    1790. 

  1790. 

    1791. 

  1791. 		if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))

    1792. 

  1792. 		{

    1793. 

  1793. 			return 'WRONG_DATA';

    1794. 

  1794. 		}

    1795. 

  1795. 	}

    1796. 

  1796. 

    1797. 

  1797. 	$boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));

    1798. 

  1798. 

    1799. 

  1799. 	// Prohibited Characters RFC3454 + RFC3920

    1800. 

  1800. 	$prohibited = array(

    1801. 

  1801. 		// Table C.1.1

    1802. 

  1802. 		array(0x0020, 0x0020),		// SPACE

    1803. 

  1803. 		// Table C.1.2

    1804. 

  1804. 		array(0x00A0, 0x00A0),		// NO-BREAK SPACE

    1805. 

  1805. 		array(0x1680, 0x1680),		// OGHAM SPACE MARK

    1806. 

  1806. 		array(0x2000, 0x2001),		// EN QUAD

    1807. 

  1807. 		array(0x2001, 0x2001),		// EM QUAD

    1808. 

  1808. 		array(0x2002, 0x2002),		// EN SPACE

    1809. 

  1809. 		array(0x2003, 0x2003),		// EM SPACE

    1810. 

  1810. 		array(0x2004, 0x2004),		// THREE-PER-EM SPACE

    1811. 

  1811. 		array(0x2005, 0x2005),		// FOUR-PER-EM SPACE

    1812. 

  1812. 		array(0x2006, 0x2006),		// SIX-PER-EM SPACE

    1813. 

  1813. 		array(0x2007, 0x2007),		// FIGURE SPACE

    1814. 

  1814. 		array(0x2008, 0x2008),		// PUNCTUATION SPACE

    1815. 

  1815. 		array(0x2009, 0x2009),		// THIN SPACE

    1816. 

  1816. 		array(0x200A, 0x200A),		// HAIR SPACE

    1817. 

  1817. 		array(0x200B, 0x200B),		// ZERO WIDTH SPACE

    1818. 

  1818. 		array(0x202F, 0x202F),		// NARROW NO-BREAK SPACE

    1819. 

  1819. 		array(0x205F, 0x205F),		// MEDIUM MATHEMATICAL SPACE

    1820. 

  1820. 		array(0x3000, 0x3000),		// IDEOGRAPHIC SPACE

    1821. 

  1821. 		// Table C.2.1

    1822. 

  1822. 		array(0x0000, 0x001F),		// [CONTROL CHARACTERS]

    1823. 

  1823. 		array(0x007F, 0x007F),		// DELETE

    1824. 

  1824. 		// Table C.2.2

    1825. 

  1825. 		array(0x0080, 0x009F),		// [CONTROL CHARACTERS]

    1826. 

  1826. 		array(0x06DD, 0x06DD),		// ARABIC END OF AYAH

    1827. 

  1827. 		array(0x070F, 0x070F),		// SYRIAC ABBREVIATION MARK

    1828. 

  1828. 		array(0x180E, 0x180E),		// MONGOLIAN VOWEL SEPARATOR

    1829. 

  1829. 		array(0x200C, 0x200C), 		// ZERO WIDTH NON-JOINER

    1830. 

  1830. 		array(0x200D, 0x200D),		// ZERO WIDTH JOINER

    1831. 

  1831. 		array(0x2028, 0x2028),		// LINE SEPARATOR

    1832. 

  1832. 		array(0x2029, 0x2029),		// PARAGRAPH SEPARATOR

    1833. 

  1833. 		array(0x2060, 0x2060),		// WORD JOINER

    1834. 

  1834. 		array(0x2061, 0x2061),		// FUNCTION APPLICATION

    1835. 

  1835. 		array(0x2062, 0x2062),		// INVISIBLE TIMES

    1836. 

  1836. 		array(0x2063, 0x2063),		// INVISIBLE SEPARATOR

    1837. 

  1837. 		array(0x206A, 0x206F),		// [CONTROL CHARACTERS]

    1838. 

  1838. 		array(0xFEFF, 0xFEFF),		// ZERO WIDTH NO-BREAK SPACE

    1839. 

  1839. 		array(0xFFF9, 0xFFFC),		// [CONTROL CHARACTERS]

    1840. 

  1840. 		array(0x1D173, 0x1D17A),	// [MUSICAL CONTROL CHARACTERS]

    1841. 

  1841. 		// Table C.3

    1842. 

  1842. 		array(0xE000, 0xF8FF),		// [PRIVATE USE, PLANE 0]

    1843. 

  1843. 		array(0xF0000, 0xFFFFD),	// [PRIVATE USE, PLANE 15]

    1844. 

  1844. 		array(0x100000, 0x10FFFD),	// [PRIVATE USE, PLANE 16]

    1845. 

  1845. 		// Table C.4

    1846. 

  1846. 		array(0xFDD0, 0xFDEF),		// [NONCHARACTER CODE POINTS]

    1847. 

  1847. 		array(0xFFFE, 0xFFFF),		// [NONCHARACTER CODE POINTS]

    1848. 

  1848. 		array(0x1FFFE, 0x1FFFF),	// [NONCHARACTER CODE POINTS]

    1849. 

  1849. 		array(0x2FFFE, 0x2FFFF),	// [NONCHARACTER CODE POINTS]

    1850. 

  1850. 		array(0x3FFFE, 0x3FFFF),	// [NONCHARACTER CODE POINTS]

    1851. 

  1851. 		array(0x4FFFE, 0x4FFFF),	// [NONCHARACTER CODE POINTS]

    1852. 

  1852. 		array(0x5FFFE, 0x5FFFF),	// [NONCHARACTER CODE POINTS]

    1853. 

  1853. 		array(0x6FFFE, 0x6FFFF),	// [NONCHARACTER CODE POINTS]

    1854. 

  1854. 		array(0x7FFFE, 0x7FFFF),	// [NONCHARACTER CODE POINTS]

    1855. 

  1855. 		array(0x8FFFE, 0x8FFFF),	// [NONCHARACTER CODE POINTS]

    1856. 

  1856. 		array(0x9FFFE, 0x9FFFF),	// [NONCHARACTER CODE POINTS]

    1857. 

  1857. 		array(0xAFFFE, 0xAFFFF),	// [NONCHARACTER CODE POINTS]

    1858. 

  1858. 		array(0xBFFFE, 0xBFFFF),	// [NONCHARACTER CODE POINTS]

    1859. 

  1859. 		array(0xCFFFE, 0xCFFFF),	// [NONCHARACTER CODE POINTS]

    1860. 

  1860. 		array(0xDFFFE, 0xDFFFF),	// [NONCHARACTER CODE POINTS]

    1861. 

  1861. 		array(0xEFFFE, 0xEFFFF),	// [NONCHARACTER CODE POINTS]

    1862. 

  1862. 		array(0xFFFFE, 0xFFFFF),	// [NONCHARACTER CODE POINTS]

    1863. 

  1863. 		array(0x10FFFE, 0x10FFFF),	// [NONCHARACTER CODE POINTS]

    1864. 

  1864. 		// Table C.5

    1865. 

  1865. 		array(0xD800, 0xDFFF),		// [SURROGATE CODES]

    1866. 

  1866. 		// Table C.6

    1867. 

  1867. 		array(0xFFF9, 0xFFF9),		// INTERLINEAR ANNOTATION ANCHOR

    1868. 

  1868. 		array(0xFFFA, 0xFFFA),		// INTERLINEAR ANNOTATION SEPARATOR

    1869. 

  1869. 		array(0xFFFB, 0xFFFB),		// INTERLINEAR ANNOTATION TERMINATOR

    1870. 

  1870. 		array(0xFFFC, 0xFFFC),		// OBJECT REPLACEMENT CHARACTER

    1871. 

  1871. 		array(0xFFFD, 0xFFFD),		// REPLACEMENT CHARACTER

    1872. 

  1872. 		// Table C.7

    1873. 

  1873. 		array(0x2FF0, 0x2FFB),		// [IDEOGRAPHIC DESCRIPTION CHARACTERS]

    1874. 

  1874. 		// Table C.8

    1875. 

  1875. 		array(0x0340, 0x0340),		// COMBINING GRAVE TONE MARK

    1876. 

  1876. 		array(0x0341, 0x0341),		// COMBINING ACUTE TONE MARK

    1877. 

  1877. 		array(0x200E, 0x200E),		// LEFT-TO-RIGHT MARK

    1878. 

  1878. 		array(0x200F, 0x200F),		// RIGHT-TO-LEFT MARK

    1879. 

  1879. 		array(0x202A, 0x202A),		// LEFT-TO-RIGHT EMBEDDING

    1880. 

  1880. 		array(0x202B, 0x202B),		// RIGHT-TO-LEFT EMBEDDING

    1881. 

  1881. 		array(0x202C, 0x202C),		// POP DIRECTIONAL FORMATTING

    1882. 

  1882. 		array(0x202D, 0x202D),		// LEFT-TO-RIGHT OVERRIDE

    1883. 

  1883. 		array(0x202E, 0x202E),		// RIGHT-TO-LEFT OVERRIDE

    1884. 

  1884. 		array(0x206A, 0x206A),		// INHIBIT SYMMETRIC SWAPPING

    1885. 

  1885. 		array(0x206B, 0x206B),		// ACTIVATE SYMMETRIC SWAPPING

    1886. 

  1886. 		array(0x206C, 0x206C),		// INHIBIT ARABIC FORM SHAPING

    1887. 

  1887. 		array(0x206D, 0x206D),		// ACTIVATE ARABIC FORM SHAPING

    1888. 

  1888. 		array(0x206E, 0x206E),		// NATIONAL DIGIT SHAPES

    1889. 

  1889. 		array(0x206F, 0x206F),		// NOMINAL DIGIT SHAPES

    1890. 

  1890. 		// Table C.9

    1891. 

  1891. 		array(0xE0001, 0xE0001),	// LANGUAGE TAG

    1892. 

  1892. 		array(0xE0020, 0xE007F),	// [TAGGING CHARACTERS]

    1893. 

  1893. 		// RFC3920

    1894. 

  1894. 		array(0x22, 0x22),			// "

    1895. 

  1895. 		array(0x26, 0x26),			// &

    1896. 

  1896. 		array(0x27, 0x27),			// '

    1897. 

  1897. 		array(0x2F, 0x2F),			// /

    1898. 

  1898. 		array(0x3A, 0x3A),			// :

    1899. 

  1899. 		array(0x3C, 0x3C),			// <

    1900. 

  1900. 		array(0x3E, 0x3E),			// >

    1901. 

  1901. 		array(0x40, 0x40)			// @

    1902. 

  1902. 	);

    1903. 

  1903. 

    1904. 

  1904. 	$pos = 0;

    1905. 

  1905. 	$result = true;

    1906. 

  1906. 

    1907. 

  1907. 	while ($pos < strlen($username))

    1908. 

  1908. 	{

    1909. 

  1909. 		$len = $uni = 0;

    1910. 

  1910. 		for ($i = 0; $i <= 5; $i++)

    1911. 

  1911. 		{

    1912. 

  1912. 			if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])

    1913. 

  1913. 			{

    1914. 

  1914. 				$len = $i + 1;

    1915. 

  1915. 				$uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);

    1916. 

  1916. 

    1917. 

  1917. 				for ($k = 1; $k < $len; $k++)

    1918. 

  1918. 				{

    1919. 

  1919. 					$uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);

    1920. 

  1920. 				}

    1921. 

  1921. 

    1922. 

  1922. 				break;

    1923. 

  1923. 			}

    1924. 

  1924. 		}

    1925. 

  1925. 

    1926. 

  1926. 		if ($len == 0)

    1927. 

  1927. 		{

    1928. 

  1928. 			return 'WRONG_DATA';

    1929. 

  1929. 		}

    1930. 

  1930. 

    1931. 

  1931. 		foreach ($prohibited as $pval)

    1932. 

  1932. 		{

    1933. 

  1933. 			if ($uni >= $pval[0] && $uni <= $pval[1])

    1934. 

  1934. 			{

    1935. 

  1935. 				$result = false;

    1936. 

  1936. 				break 2;

    1937. 

  1937. 			}

    1938. 

  1938. 		}

    1939. 

  1939. 

    1940. 

  1940. 		$pos = $pos + $len;

    1941. 

  1941. 	}

    1942. 

  1942. 

    1943. 

  1943. 	if (!$result)

    1944. 

  1944. 	{

    1945. 

  1945. 		return 'WRONG_DATA';

    1946. 

  1946. 	}

    1947. 

  1947. 

    1948. 

  1948. 	return false;

    1949. 

  1949. }

    1950. 

  1950. 

    1951. 

  1951. /**

    1952. 

  1952. * Remove avatar

    1953. 

  1953. */

    1954. 

  1954. function avatar_delete($mode, $row, $clean_db = false)

    1955. 

  1955. {

    1956. 

  1956. 	global $phpbb_root_path, $config, $db, $user;

    1957. 

  1957. 

    1958. 

  1958. 	// Check if the users avatar is actually *not* a group avatar

    1959. 

  1959. 	if ($mode == 'user')

    1960. 

  1960. 	{

    1961. 

  1961. 		if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))

    1962. 

  1962. 		{

    1963. 

  1963. 			return false;

    1964. 

  1964. 		}

    1965. 

  1965. 	}

    1966. 

  1966. 

    1967. 

  1967. 	if ($clean_db)

    1968. 

  1968. 	{

    1969. 

  1969. 		avatar_remove_db($row[$mode . '_avatar']);

    1970. 

  1970. 	}

    1971. 

  1971. 	$filename = get_avatar_filename($row[$mode . '_avatar']);

    1972. 

  1972. 	if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))

    1973. 

  1973. 	{

    1974. 

  1974. 		@unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);

    1975. 

  1975. 		return true;

    1976. 

  1976. 	}

    1977. 

  1977. 

    1978. 

  1978. 	return false;

    1979. 

  1979. }

    1980. 

  1980. 

    1981. 

  1981. /**

    1982. 

  1982. * Remote avatar linkage

    1983. 

  1983. */

    1984. 

  1984. function avatar_remote($data, &$error)

    1985. 

  1985. {

    1986. 

  1986. 	global $config, $db, $user, $phpbb_root_path, $phpEx;

    1987. 

  1987. 

    1988. 

  1988. 	if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))

    1989. 

  1989. 	{

    1990. 

  1990. 		$data['remotelink'] = 'http://' . $data['remotelink'];

    1991. 

  1991. 	}

    1992. 

  1992. 	if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))

    1993. 

  1993. 	{

    1994. 

  1994. 		$error[] = $user->lang['AVATAR_URL_INVALID'];

    1995. 

  1995. 		return false;

    1996. 

  1996. 	}

    1997. 

  1997. 

    1998. 

  1998. 	// Make sure getimagesize works...

    1999. 

  1999. 	if (($image_data = @getimagesize($data['remotelink'])) === false && (empty($data['width']) || empty($data['height'])))

    2000. 

  2000. 	{

    2001. 

  2001. 		$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];

    2002. 

  2002. 		return false;

    2003. 

  2003. 	}

    2004. 

  2004. 

    2005. 

  2005. 	if (!empty($image_data) && ($image_data[0] < 2 || $image_data[1] < 2))

    2006. 

  2006. 	{

    2007. 

  2007. 		$error[] = $user->lang['AVATAR_NO_SIZE'];

    2008. 

  2008. 		return false;

    2009. 

  2009. 	}

    2010. 

  2010. 

    2011. 

  2011. 	$width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];

    2012. 

  2012. 	$height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];

    2013. 

  2013. 

    2014. 

  2014. 	if ($width < 2 || $height < 2)

    2015. 

  2015. 	{

    2016. 

  2016. 		$error[] = $user->lang['AVATAR_NO_SIZE'];

    2017. 

  2017. 		return false;

    2018. 

  2018. 	}

    2019. 

  2019. 

    2020. 

  2020. 	// Check image type

    2021. 

  2021. 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);

    2022. 

  2022. 	$types = fileupload::image_types();

    2023. 

  2023. 	$extension = strtolower(filespec::get_extension($data['remotelink']));

    2024. 

  2024. 

    2025. 

  2025. 	if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))

    2026. 

  2026. 	{

    2027. 

  2027. 		if (!isset($types[$image_data[2]]))

    2028. 

  2028. 		{

    2029. 

  2029. 			$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];

    2030. 

  2030. 		}

    2031. 

  2031. 		else

    2032. 

  2032. 		{

    2033. 

  2033. 			$error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);

    2034. 

  2034. 		}

    2035. 

  2035. 		return false;

    2036. 

  2036. 	}

    2037. 

  2037. 

    2038. 

  2038. 	if ($config['avatar_max_width'] || $config['avatar_max_height'])

    2039. 

  2039. 	{

    2040. 

  2040. 		if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])

    2041. 

  2041. 		{

    2042. 

  2042. 			$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);

    2043. 

  2043. 			return false;

    2044. 

  2044. 		}

    2045. 

  2045. 	}

    2046. 

  2046. 

    2047. 

  2047. 	if ($config['avatar_min_width'] || $config['avatar_min_height'])

    2048. 

  2048. 	{

    2049. 

  2049. 		if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height'])

    2050. 

  2050. 		{

    2051. 

  2051. 			$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);

    2052. 

  2052. 			return false;

    2053. 

  2053. 		}

    2054. 

  2054. 	}

    2055. 

  2055. 

    2056. 

  2056. 	return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);

    2057. 

  2057. }

    2058. 

  2058. 

    2059. 

  2059. /**

    2060. 

  2060. * Avatar upload using the upload class

    2061. 

  2061. */

    2062. 

  2062. function avatar_upload($data, &$error)

    2063. 

  2063. {

    2064. 

  2064. 	global $phpbb_root_path, $config, $db, $user, $phpEx;

    2065. 

  2065. 

    2066. 

  2066. 	// Init upload class

    2067. 

  2067. 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);

    2068. 

  2068. 	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));

    2069. 

  2069. 

    2070. 

  2070. 	if (!empty($_FILES['uploadfile']['name']))

    2071. 

  2071. 	{

    2072. 

  2072. 		$file = $upload->form_upload('uploadfile');

    2073. 

  2073. 	}

    2074. 

  2074. 	else

    2075. 

  2075. 	{

    2076. 

  2076. 		$file = $upload->remote_upload($data['uploadurl']);

    2077. 

  2077. 	}

    2078. 

  2078. 

    2079. 

  2079. 	$prefix = $config['avatar_salt'] . '_';

    2080. 

  2080. 	$file->clean_filename('avatar', $prefix, $data['user_id']);

    2081. 

  2081. 

    2082. 

  2082. 	$destination = $config['avatar_path'];

    2083. 

  2083. 

    2084. 

  2084. 	// Adjust destination path (no trailing slash)

    2085. 

  2085. 	if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\')

    2086. 

  2086. 	{

    2087. 

  2087. 		$destination = substr($destination, 0, -1);

    2088. 

  2088. 	}

    2089. 

  2089. 

    2090. 

  2090. 	$destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);

    2091. 

  2091. 	if ($destination && ($destination[0] == '/' || $destination[0] == "\\"))

    2092. 

  2092. 	{

    2093. 

  2093. 		$destination = '';

    2094. 

  2094. 	}

    2095. 

  2095. 

    2096. 

  2096. 	// Move file and overwrite any existing image

    2097. 

  2097. 	$file->move_file($destination, true);

    2098. 

  2098. 

    2099. 

  2099. 	if (sizeof($file->error))

    2100. 

  2100. 	{

    2101. 

  2101. 		$file->remove();

    2102. 

  2102. 		$error = array_merge($error, $file->error);

    2103. 

  2103. 	}

    2104. 

  2104. 

    2105. 

  2105. 	return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));

    2106. 

  2106. }

    2107. 

  2107. 

    2108. 

  2108. /**

    2109. 

  2109. * Generates avatar filename from the database entry

    2110. 

  2110. */

    2111. 

  2111. function get_avatar_filename($avatar_entry)

    2112. 

  2112. {

    2113. 

  2113. 	global $config;

    2114. 

  2114. 

    2115. 

  2115. 

    2116. 

  2116. 	if ($avatar_entry[0] === 'g')

    2117. 

  2117. 	{

    2118. 

  2118. 		$avatar_group = true;

    2119. 

  2119. 		$avatar_entry = substr($avatar_entry, 1);

    2120. 

  2120. 	}

    2121. 

  2121. 	else

    2122. 

  2122. 	{

    2123. 

  2123. 		$avatar_group = false;

    2124. 

  2124. 	}

    2125. 

  2125. 	$ext 			= substr(strrchr($avatar_entry, '.'), 1);

    2126. 

  2126. 	$avatar_entry	= intval($avatar_entry);

    2127. 

  2127. 	return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;

    2128. 

  2128. }

    2129. 

  2129. 

    2130. 

  2130. /**

    2131. 

  2131. * Avatar Gallery

    2132. 

  2132. */

    2133. 

  2133. function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')

    2134. 

  2134. {

    2135. 

  2135. 	global $user, $cache, $template;

    2136. 

  2136. 	global $config, $phpbb_root_path;

    2137. 

  2137. 

    2138. 

  2138. 	$avatar_list = array();

    2139. 

  2139. 

    2140. 

  2140. 	$path = $phpbb_root_path . $config['avatar_gallery_path'];

    2141. 

  2141. 

    2142. 

  2142. 	if (!file_exists($path) || !is_dir($path))

    2143. 

  2143. 	{

    2144. 

  2144. 		$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());

    2145. 

  2145. 	}

    2146. 

  2146. 	else

    2147. 

  2147. 	{

    2148. 

  2148. 		// Collect images

    2149. 

  2149. 		$dp = @opendir($path);

    2150. 

  2150. 

    2151. 

  2151. 		if (!$dp)

    2152. 

  2152. 		{

    2153. 

  2153. 			return array($user->lang['NO_AVATAR_CATEGORY'] => array());

    2154. 

  2154. 		}

    2155. 

  2155. 

    2156. 

  2156. 		while (($file = readdir($dp)) !== false)

    2157. 

  2157. 		{

    2158. 

  2158. 			if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))

    2159. 

  2159. 			{

    2160. 

  2160. 				$avatar_row_count = $avatar_col_count = 0;

    2161. 

  2161. 

    2162. 

  2162. 				if ($dp2 = @opendir("$path/$file"))

    2163. 

  2163. 				{

    2164. 

  2164. 					while (($sub_file = readdir($dp2)) !== false)

    2165. 

  2165. 					{

    2166. 

  2166. 						if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))

    2167. 

  2167. 						{

    2168. 

  2168. 							$avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(

    2169. 

  2169. 								'file'		=> rawurlencode($file) . '/' . rawurlencode($sub_file),

    2170. 

  2170. 								'filename'	=> rawurlencode($sub_file),

    2171. 

  2171. 								'name'		=> ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),

    2172. 

  2172. 							);

    2173. 

  2173. 							$avatar_col_count++;

    2174. 

  2174. 							if ($avatar_col_count == $items_per_column)

    2175. 

  2175. 							{

    2176. 

  2176. 								$avatar_row_count++;

    2177. 

  2177. 								$avatar_col_count = 0;

    2178. 

  2178. 							}

    2179. 

  2179. 						}

    2180. 

  2180. 					}

    2181. 

  2181. 					closedir($dp2);

    2182. 

  2182. 				}

    2183. 

  2183. 			}

    2184. 

  2184. 		}

    2185. 

  2185. 		closedir($dp);

    2186. 

  2186. 	}

    2187. 

  2187. 

    2188. 

  2188. 	if (!sizeof($avatar_list))

    2189. 

  2189. 	{

    2190. 

  2190. 		$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());

    2191. 

  2191. 	}

    2192. 

  2192. 

    2193. 

  2193. 	@ksort($avatar_list);

    2194. 

  2194. 

    2195. 

  2195. 	$category = (!$category) ? key($avatar_list) : $category;

    2196. 

  2196. 	$avatar_categories = array_keys($avatar_list);

    2197. 

  2197. 

    2198. 

  2198. 	$s_category_options = '';

    2199. 

  2199. 	foreach ($avatar_categories as $cat)

    2200. 

  2200. 	{

    2201. 

  2201. 		$s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ? ' selected="selected"' : '') . '>' . $cat . '</option>';

    2202. 

  2202. 	}

    2203. 

  2203. 

    2204. 

  2204. 	$template->assign_vars(array(

    2205. 

  2205. 		'S_AVATARS_ENABLED'		=> true,

    2206. 

  2206. 		'S_IN_AVATAR_GALLERY'	=> true,

    2207. 

  2207. 		'S_CAT_OPTIONS'			=> $s_category_options)

    2208. 

  2208. 	);

    2209. 

  2209. 

    2210. 

  2210. 	$avatar_list = (isset($avatar_list[$category])) ? $avatar_list[$category] : array();

    2211. 

  2211. 

    2212. 

  2212. 	foreach ($avatar_list as $avatar_row_ary)

    2213. 

  2213. 	{

    2214. 

  2214. 		$template->assign_block_vars($block_var, array());

    2215. 

  2215. 

    2216. 

  2216. 		foreach ($avatar_row_ary as $avatar_col_ary)

    2217. 

  2217. 		{

    2218. 

  2218. 			$template->assign_block_vars($block_var . '.avatar_column', array(

    2219. 

  2219. 				'AVATAR_IMAGE'	=> $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],

    2220. 

  2220. 				'AVATAR_NAME'	=> $avatar_col_ary['name'],

    2221. 

  2221. 				'AVATAR_FILE'	=> $avatar_col_ary['filename'])

    2222. 

  2222. 			);

    2223. 

  2223. 

    2224. 

  2224. 			$template->assign_block_vars($block_var . '.avatar_option_column', array(

    2225. 

  2225. 				'AVATAR_IMAGE'	=> $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],

    2226. 

  2226. 				'S_OPTIONS_AVATAR'	=> $avatar_col_ary['filename'])

    2227. 

  2227. 			);

    2228. 

  2228. 		}

    2229. 

  2229. 	}

    2230. 

  2230. 

    2231. 

  2231. 	return $avatar_list;

    2232. 

  2232. }

    2233. 

  2233. 

    2234. 

  2234. 

    2235. 

  2235. /**

    2236. 

  2236. * Tries to (re-)establish avatar dimensions

    2237. 

  2237. */

    2238. 

  2238. function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $current_y = 0)

    2239. 

  2239. {

    2240. 

  2240. 	global $config, $phpbb_root_path, $user;

    2241. 

  2241. 

    2242. 

  2242. 	switch ($avatar_type)

    2243. 

  2243. 	{

    2244. 

  2244. 		case AVATAR_REMOTE :

    2245. 

  2245. 			break;

    2246. 

  2246. 

    2247. 

  2247. 		case AVATAR_UPLOAD :

    2248. 

  2248. 			$avatar = $phpbb_root_path . $config['avatar_path'] . '/' . get_avatar_filename($avatar);

    2249. 

  2249. 			break;

    2250. 

  2250. 

    2251. 

  2251. 		case AVATAR_GALLERY :

    2252. 

  2252. 			$avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;

    2253. 

  2253. 			break;

    2254. 

  2254. 	}

    2255. 

  2255. 

    2256. 

  2256. 	// Make sure getimagesize works...

    2257. 

  2257. 	if (($image_data = @getimagesize($avatar)) === false)

    2258. 

  2258. 	{

    2259. 

  2259. 		$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];

    2260. 

  2260. 		return false;

    2261. 

  2261. 	}

    2262. 

  2262. 

    2263. 

  2263. 	if ($image_data[0] < 2 || $image_data[1] < 2)

    2264. 

  2264. 	{

    2265. 

  2265. 		$error[] = $user->lang['AVATAR_NO_SIZE'];

    2266. 

  2266. 		return false;

    2267. 

  2267. 	}

    2268. 

  2268. 

    2269. 

  2269. 	// try to maintain ratio

    2270. 

  2270. 	if (!(empty($current_x) && empty($current_y)))

    2271. 

  2271. 	{

    2272. 

  2272. 		if ($current_x != 0)

    2273. 

  2273. 		{

    2274. 

  2274. 			$image_data[1] = (int) floor(($current_x / $image_data[0]) * $image_data[1]);

    2275. 

  2275. 			$image_data[1] = min($config['avatar_max_height'], $image_data[1]);

    2276. 

  2276. 			$image_data[1] = max($config['avatar_min_height'], $image_data[1]);

    2277. 

  2277. 		}

    2278. 

  2278. 		if ($current_y != 0)

    2279. 

  2279. 		{

    2280. 

  2280. 			$image_data[0] = (int) floor(($current_y / $image_data[1]) * $image_data[0]);

    2281. 

  2281. 			$image_data[0] = min($config['avatar_max_width'], $image_data[1]);

    2282. 

  2282. 			$image_data[0] = max($config['avatar_min_width'], $image_data[1]);

    2283. 

  2283. 		}

    2284. 

  2284. 	}

    2285. 

  2285. 	return array($image_data[0], $image_data[1]);

    2286. 

  2286. }

    2287. 

  2287. 

    2288. 

  2288. /**

    2289. 

  2289. * Uploading/Changing user avatar

    2290. 

  2290. */

    2291. 

  2291. function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null)

    2292. 

  2292. {

    2293. 

  2293. 	global $config, $phpbb_root_path, $auth, $user, $db;

    2294. 

  2294. 

    2295. 

  2295. 	$data = array(

    2296. 

  2296. 		'uploadurl'		=> request_var('uploadurl', ''),

    2297. 

  2297. 		'remotelink'	=> request_var('remotelink', ''),

    2298. 

  2298. 		'width'			=> request_var('width', 0),

    2299. 

  2299. 		'height'		=> request_var('height', 0),

    2300. 

  2300. 	);

    2301. 

  2301. 

    2302. 

  2302. 	$error = validate_data($data, array(

    2303. 

  2303. 		'uploadurl'		=> array('string', true, 5, 255),

    2304. 

  2304. 		'remotelink'	=> array('string', true, 5, 255),

    2305. 

  2305. 		'width'			=> array('string', true, 1, 3),

    2306. 

  2306. 		'height'		=> array('string', true, 1, 3),

    2307. 

  2307. 	));

    2308. 

  2308. 

    2309. 

  2309. 	if (sizeof($error))

    2310. 

  2310. 	{

    2311. 

  2311. 		return false;

    2312. 

  2312. 	}

    2313. 

  2313. 

    2314. 

  2314. 	$sql_ary = array();

    2315. 

  2315. 

    2316. 

  2316. 	if ($custom_userdata === false)

    2317. 

  2317. 	{

    2318. 

  2318. 		$userdata = &$user->data;

    2319. 

  2319. 	}

    2320. 

  2320. 	else

    2321. 

  2321. 	{

    2322. 

  2322. 		$userdata = &$custom_userdata;

    2323. 

  2323. 	}

    2324. 

  2324. 

    2325. 

  2325. 	$data['user_id'] = $userdata['user_id'];

    2326. 

  2326. 	$change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;

    2327. 

  2327. 	$avatar_select = basename(request_var('avatar_select', ''));

    2328. 

  2328. 

    2329. 

  2329. 	// Can we upload?

    2330. 

  2330. 	if (is_null($can_upload))

    2331. 

  2331. 	{

    2332. 

  2332. 		$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;

    2333. 

  2333. 	}

    2334. 

  2334. 

    2335. 

  2335. 	if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)

    2336. 

  2336. 	{

    2337. 

  2337. 		list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);

    2338. 

  2338. 	}

    2339. 

  2339. 	else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])

    2340. 

  2340. 	{

    2341. 

  2341. 		list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);

    2342. 

  2342. 	}

    2343. 

  2343. 	else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])

    2344. 

  2344. 	{

    2345. 

  2345. 		$category = basename(request_var('category', ''));

    2346. 

  2346. 

    2347. 

  2347. 		$sql_ary['user_avatar_type'] = AVATAR_GALLERY;

    2348. 

  2348. 		$sql_ary['user_avatar'] = $avatar_select;

    2349. 

  2349. 

    2350. 

  2350. 		// check avatar gallery

    2351. 

  2351. 		if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))

    2352. 

  2352. 		{

    2353. 

  2353. 			$sql_ary['user_avatar'] = '';

    2354. 

  2354. 			$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;

    2355. 

  2355. 		}

    2356. 

  2356. 		else

    2357. 

  2357. 		{

    2358. 

  2358. 			list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . urldecode($sql_ary['user_avatar']));

    2359. 

  2359. 			$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];

    2360. 

  2360. 		}

    2361. 

  2361. 	}

    2362. 

  2362. 	else if (isset($_POST['delete']) && $change_avatar)

    2363. 

  2363. 	{

    2364. 

  2364. 		$sql_ary['user_avatar'] = '';

    2365. 

  2365. 		$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;

    2366. 

  2366. 	}

    2367. 

  2367. 	else if (!empty($userdata['user_avatar']))

    2368. 

  2368. 	{

    2369. 

  2369. 		// Only update the dimensions

    2370. 

  2370. 

    2371. 

  2371. 		if (empty($data['width']) || empty($data['height']))

    2372. 

  2372. 		{

    2373. 

  2373. 			if ($dims = avatar_get_dimensions($userdata['user_avatar'], $userdata['user_avatar_type'], $error, $data['width'], $data['height']))

    2374. 

  2374. 			{

    2375. 

  2375. 				list($guessed_x, $guessed_y) = $dims;

    2376. 

  2376. 				if (empty($data['width']))

    2377. 

  2377. 				{

    2378. 

  2378. 					$data['width'] = $guessed_x;

    2379. 

  2379. 				}

    2380. 

  2380. 				if (empty($data['height']))

    2381. 

  2381. 				{

    2382. 

  2382. 					$data['height'] = $guessed_y;

    2383. 

  2383. 				}

    2384. 

  2384. 			}

    2385. 

  2385. 		}

    2386. 

  2386. 		if (($config['avatar_max_width'] || $config['avatar_max_height']) &&

    2387. 

  2387. 			(($data['width'] != $userdata['user_avatar_width']) || $data['height'] != $userdata['user_avatar_height']))

    2388. 

  2388. 		{

    2389. 

  2389. 			if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])

    2390. 

  2390. 			{

    2391. 

  2391. 				$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);

    2392. 

  2392. 			}

    2393. 

  2393. 		}

    2394. 

  2394. 

    2395. 

  2395. 		if (!sizeof($error))

    2396. 

  2396. 		{

    2397. 

  2397. 			if ($config['avatar_min_width'] || $config['avatar_min_height'])

    2398. 

  2398. 			{

    2399. 

  2399. 				if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height'])

    2400. 

  2400. 				{

    2401. 

  2401. 					$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);

    2402. 

  2402. 				}

    2403. 

  2403. 			}

    2404. 

  2404. 		}

    2405. 

  2405. 

    2406. 

  2406. 		if (!sizeof($error))

    2407. 

  2407. 		{

    2408. 

  2408. 			$sql_ary['user_avatar_width'] = $data['width'];

    2409. 

  2409. 			$sql_ary['user_avatar_height'] = $data['height'];

    2410. 

  2410. 		}

    2411. 

  2411. 	}

    2412. 

  2412. 

    2413. 

  2413. 	if (!sizeof($error))

    2414. 

  2414. 	{

    2415. 

  2415. 		// Do we actually have any data to update?

    2416. 

  2416. 		if (sizeof($sql_ary))

    2417. 

  2417. 		{

    2418. 

  2418. 			$ext_new = $ext_old = '';

    2419. 

  2419. 			if (isset($sql_ary['user_avatar']))

    2420. 

  2420. 			{

    2421. 

  2421. 				$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;

    2422. 

  2422. 				$ext_new = (empty($sql_ary['user_avatar'])) ? '' : substr(strrchr($sql_ary['user_avatar'], '.'), 1);

    2423. 

  2423. 				$ext_old = (empty($userdata['user_avatar'])) ? '' : substr(strrchr($userdata['user_avatar'], '.'), 1);

    2424. 

  2424. 

    2425. 

  2425. 				if ($userdata['user_avatar_type'] == AVATAR_UPLOAD)

    2426. 

  2426. 				{

    2427. 

  2427. 					// Delete old avatar if present

    2428. 

  2428. 					if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']))

    2429. 

  2429. 					   || ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $ext_new !== $ext_old))

    2430. 

  2430. 					{

    2431. 

  2431. 						avatar_delete('user', $userdata);

    2432. 

  2432. 					}

    2433. 

  2433. 				}

    2434. 

  2434. 			}

    2435. 

  2435. 

    2436. 

  2436. 			$sql = 'UPDATE ' . USERS_TABLE . '

    2437. 

  2437. 				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '

    2438. 

  2438. 				WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);

    2439. 

  2439. 			$db->sql_query($sql);

    2440. 

  2440. 

    2441. 

  2441. 		}

    2442. 

  2442. 	}

    2443. 

  2443. 

    2444. 

  2444. 	return (sizeof($error)) ? false : true;

    2445. 

  2445. }

    2446. 

  2446. 

    2447. 

  2447. //

    2448. 

  2448. // Usergroup functions

    2449. 

  2449. //

    2450. 

  2450. 

    2451. 

  2451. /**

    2452. 

  2452. * Add or edit a group. If we're editing a group we only update user

    2453. 

  2453. * parameters such as rank, etc. if they are changed

    2454. 

  2454. */

    2455. 

  2455. function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)

    2456. 

  2456. {

    2457. 

  2457. 	global $phpbb_root_path, $config, $db, $user, $file_upload;

    2458. 

  2458. 

    2459. 

  2459. 	$error = array();

    2460. 

  2460. 

    2461. 

  2461. 	// Attributes which also affect the users table

    2462. 

  2462. 	$user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height');

    2463. 

  2463. 

    2464. 

  2464. 	// Check data. Limit group name length.

    2465. 

  2465. 	if (!utf8_strlen($name) || utf8_strlen($name) > 60)

    2466. 

  2466. 	{

    2467. 

  2467. 		$error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];

    2468. 

  2468. 	}

    2469. 

  2469. 

    2470. 

  2470. 	$err = group_validate_groupname($group_id, $name);

    2471. 

  2471. 	if (!empty($err))

    2472. 

  2472. 	{

    2473. 

  2473. 		$error[] = $user->lang[$err];

    2474. 

  2474. 	}

    2475. 

  2475. 

    2476. 

  2476. 	if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))

    2477. 

  2477. 	{

    2478. 

  2478. 		$error[] = $user->lang['GROUP_ERR_TYPE'];

    2479. 

  2479. 	}

    2480. 

  2480. 

    2481. 

  2481. 	if (!sizeof($error))

    2482. 

  2482. 	{

    2483. 

  2483. 		$user_ary = array();

    2484. 

  2484. 		$sql_ary = array(

    2485. 

  2485. 			'group_name'			=> (string) $name,

    2486. 

  2486. 			'group_desc'			=> (string) $desc,

    2487. 

  2487. 			'group_desc_uid'		=> '',

    2488. 

  2488. 			'group_desc_bitfield'	=> '',

    2489. 

  2489. 			'group_type'			=> (int) $type,

    2490. 

  2490. 		);

    2491. 

  2491. 

    2492. 

  2492. 		// Parse description

    2493. 

  2493. 		if ($desc)

    2494. 

  2494. 		{

    2495. 

  2495. 			generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);

    2496. 

  2496. 		}

    2497. 

  2497. 

    2498. 

  2498. 		if (sizeof($group_attributes))

    2499. 

  2499. 		{

    2500. 

  2500. 			// Merge them with $sql_ary to properly update the group

    2501. 

  2501. 			$sql_ary = array_merge($sql_ary, $group_attributes);

    2502. 

  2502. 		}

    2503. 

  2503. 

    2504. 

  2504. 		// Setting the log message before we set the group id (if group gets added)

    2505. 

  2505. 		$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';

    2506. 

  2506. 

    2507. 

  2507. 		$query = '';

    2508. 

  2508. 

    2509. 

  2509. 		if ($group_id)

    2510. 

  2510. 		{

    2511. 

  2511. 			$sql = 'SELECT user_id

    2512. 

  2512. 				FROM ' . USERS_TABLE . '

    2513. 

  2513. 				WHERE group_id = ' . $group_id;

    2514. 

  2514. 			$result = $db->sql_query($sql);

    2515. 

  2515. 

    2516. 

  2516. 			while ($row = $db->sql_fetchrow($result))

    2517. 

  2517. 			{

    2518. 

  2518. 				$user_ary[] = $row['user_id'];

    2519. 

  2519. 			}

    2520. 

  2520. 			$db->sql_freeresult($result);

    2521. 

  2521. 

    2522. 

  2522. 			if (isset($sql_ary['group_avatar']) && !$sql_ary['group_avatar'])

    2523. 

  2523. 			{

    2524. 

  2524. 				remove_default_avatar($group_id, $user_ary);

    2525. 

  2525. 			}

    2526. 

  2526. 

    2527. 

  2527. 			if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])

    2528. 

  2528. 			{

    2529. 

  2529. 				remove_default_rank($group_id, $user_ary);

    2530. 

  2530. 			}

    2531. 

  2531. 

    2532. 

  2532. 			$sql = 'UPDATE ' . GROUPS_TABLE . '

    2533. 

  2533. 				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "

    2534. 

  2534. 				WHERE group_id = $group_id";

    2535. 

  2535. 			$db->sql_query($sql);

    2536. 

  2536. 

    2537. 

  2537. 			// Since we may update the name too, we need to do this on other tables too...

    2538. 

  2538. 			$sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . "

    2539. 

  2539. 				SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'

    2540. 

  2540. 				WHERE group_id = $group_id";

    2541. 

  2541. 			$db->sql_query($sql);

    2542. 

  2542. 

    2543. 

  2543. 			// One special case is the group skip auth setting. If this was changed we need to purge permissions for this group

    2544. 

  2544. 			if (isset($group_attributes['group_skip_auth']))

    2545. 

  2545. 			{

    2546. 

  2546. 				// Get users within this group...

    2547. 

  2547. 				$sql = 'SELECT user_id

    2548. 

  2548. 					FROM ' . USER_GROUP_TABLE . '

    2549. 

  2549. 					WHERE group_id = ' . $group_id . '

    2550. 

  2550. 						AND user_pending = 0';

    2551. 

  2551. 				$result = $db->sql_query($sql);

    2552. 

  2552. 

    2553. 

  2553. 				$user_id_ary = array();

    2554. 

  2554. 				while ($row = $db->sql_fetchrow($result))

    2555. 

  2555. 				{

    2556. 

  2556. 					$user_id_ary[] = $row['user_id'];

    2557. 

  2557. 				}

    2558. 

  2558. 				$db->sql_freeresult($result);

    2559. 

  2559. 

    2560. 

  2560. 				if (!empty($user_id_ary))

    2561. 

  2561. 				{

    2562. 

  2562. 					global $auth;

    2563. 

  2563. 

    2564. 

  2564. 					// Clear permissions cache of relevant users

    2565. 

  2565. 					$auth->acl_clear_prefetch($user_id_ary);

    2566. 

  2566. 				}

    2567. 

  2567. 			}

    2568. 

  2568. 		}

    2569. 

  2569. 		else

    2570. 

  2570. 		{

    2571. 

  2571. 			$sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);

    2572. 

  2572. 			$db->sql_query($sql);

    2573. 

  2573. 		}

    2574. 

  2574. 

    2575. 

  2575. 		if (!$group_id)

    2576. 

  2576. 		{

    2577. 

  2577. 			$group_id = $db->sql_nextid();

    2578. 

  2578. 

    2579. 

  2579. 			if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)

    2580. 

  2580. 			{

    2581. 

  2581. 				group_correct_avatar($group_id, $sql_ary['group_avatar']);

    2582. 

  2582. 			}

    2583. 

  2583. 		}

    2584. 

  2584. 

    2585. 

  2585. 		// Set user attributes

    2586. 

  2586. 		$sql_ary = array();

    2587. 

  2587. 		if (sizeof($group_attributes))

    2588. 

  2588. 		{

    2589. 

  2589. 			// Go through the user attributes array, check if a group attribute matches it and then set it. ;)

    2590. 

  2590. 			foreach ($user_attribute_ary as $attribute)

    2591. 

  2591. 			{

    2592. 

  2592. 				if (!isset($group_attributes[$attribute]))

    2593. 

  2593. 				{

    2594. 

  2594. 					continue;

    2595. 

  2595. 				}

    2596. 

  2596. 

    2597. 

  2597. 				// If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...

    2598. 

  2598. 				if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])

    2599. 

  2599. 				{

    2600. 

  2600. 					continue;

    2601. 

  2601. 				}

    2602. 

  2602. 

    2603. 

  2603. 				$sql_ary[$attribute] = $group_attributes[$attribute];

    2604. 

  2604. 			}

    2605. 

  2605. 		}

    2606. 

  2606. 

    2607. 

  2607. 		if (sizeof($sql_ary) && sizeof($user_ary))

    2608. 

  2608. 		{

    2609. 

  2609. 			group_set_user_default($group_id, $user_ary, $sql_ary);

    2610. 

  2610. 		}

    2611. 

  2611. 

    2612. 

  2612. 		$name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;

    2613. 

  2613. 		add_log('admin', $log, $name);

    2614. 

  2614. 

    2615. 

  2615. 		group_update_listings($group_id);

    2616. 

  2616. 	}

    2617. 

  2617. 

    2618. 

  2618. 	return (sizeof($error)) ? $error : false;

    2619. 

  2619. }

    2620. 

  2620. 

    2621. 

  2621. 

    2622. 

  2622. /**

    2623. 

  2623. * Changes a group avatar's filename to conform to the naming scheme

    2624. 

  2624. */

    2625. 

  2625. function group_correct_avatar($group_id, $old_entry)

    2626. 

  2626. {

    2627. 

  2627. 	global $config, $db, $phpbb_root_path;

    2628. 

  2628. 

    2629. 

  2629. 	$group_id		= (int)$group_id;

    2630. 

  2630. 	$ext 			= substr(strrchr($old_entry, '.'), 1);

    2631. 

  2631. 	$old_filename 	= get_avatar_filename($old_entry);

    2632. 

  2632. 	$new_filename 	= $config['avatar_salt'] . "_g$group_id.$ext";

    2633. 

  2633. 	$new_entry 		= 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";

    2634. 

  2634. 

    2635. 

  2635. 	$avatar_path = $phpbb_root_path . $config['avatar_path'];

    2636. 

  2636. 	if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))

    2637. 

  2637. 	{

    2638. 

  2638. 		$sql = 'UPDATE ' . GROUPS_TABLE . '

    2639. 

  2639. 			SET group_avatar = \'' . $db->sql_escape($new_entry) . "'

    2640. 

  2640. 			WHERE group_id = $group_id";

    2641. 

  2641. 		$db->sql_query($sql);

    2642. 

  2642. 	}

    2643. 

  2643. }

    2644. 

  2644. 

    2645. 

  2645. 

    2646. 

  2646. /**

    2647. 

  2647. * Remove avatar also for users not having the group as default

    2648. 

  2648. */

    2649. 

  2649. function avatar_remove_db($avatar_name)

    2650. 

  2650. {

    2651. 

  2651. 	global $config, $db;

    2652. 

  2652. 

    2653. 

  2653. 	$sql = 'UPDATE ' . USERS_TABLE . "

    2654. 

  2654. 		SET user_avatar = '',

    2655. 

  2655. 		user_avatar_type = 0

    2656. 

  2656. 		WHERE user_avatar = '" . $db->sql_escape($avatar_name) . '\'';

    2657. 

  2657. 	$db->sql_query($sql);

    2658. 

  2658. }

    2659. 

  2659. 

    2660. 

  2660. 

    2661. 

  2661. /**

    2662. 

  2662. * Group Delete

    2663. 

  2663. */

    2664. 

  2664. function group_delete($group_id, $group_name = false)

    2665. 

  2665. {

    2666. 

  2666. 	global $db, $phpbb_root_path, $phpEx;

    2667. 

  2667. 

    2668. 

  2668. 	if (!$group_name)

    2669. 

  2669. 	{

    2670. 

  2670. 		$group_name = get_group_name($group_id);

    2671. 

  2671. 	}

    2672. 

  2672. 

    2673. 

  2673. 	$start = 0;

    2674. 

  2674. 

    2675. 

  2675. 	do

    2676. 

  2676. 	{

    2677. 

  2677. 		$user_id_ary = $username_ary = array();

    2678. 

  2678. 

    2679. 

  2679. 		// Batch query for group members, call group_user_del

    2680. 

  2680. 		$sql = 'SELECT u.user_id, u.username

    2681. 

  2681. 			FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u

    2682. 

  2682. 			WHERE ug.group_id = $group_id

    2683. 

  2683. 				AND u.user_id = ug.user_id";

    2684. 

  2684. 		$result = $db->sql_query_limit($sql, 200, $start);

    2685. 

  2685. 

    2686. 

  2686. 		if ($row = $db->sql_fetchrow($result))

    2687. 

  2687. 		{

    2688. 

  2688. 			do

    2689. 

  2689. 			{

    2690. 

  2690. 				$user_id_ary[] = $row['user_id'];

    2691. 

  2691. 				$username_ary[] = $row['username'];

    2692. 

  2692. 

    2693. 

  2693. 				$start++;

    2694. 

  2694. 			}

    2695. 

  2695. 			while ($row = $db->sql_fetchrow($result));

    2696. 

  2696. 

    2697. 

  2697. 			group_user_del($group_id, $user_id_ary, $username_ary, $group_name);

    2698. 

  2698. 		}

    2699. 

  2699. 		else

    2700. 

  2700. 		{

    2701. 

  2701. 			$start = 0;

    2702. 

  2702. 		}

    2703. 

  2703. 		$db->sql_freeresult($result);

    2704. 

  2704. 	}

    2705. 

  2705. 	while ($start);

    2706. 

  2706. 

    2707. 

  2707. 	// Delete group

    2708. 

  2708. 	$sql = 'DELETE FROM ' . GROUPS_TABLE . "

    2709. 

  2709. 		WHERE group_id = $group_id";

    2710. 

  2710. 	$db->sql_query($sql);

    2711. 

  2711. 

    2712. 

  2712. 	// Delete auth entries from the groups table

    2713. 

  2713. 	$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "

    2714. 

  2714. 		WHERE group_id = $group_id";

    2715. 

  2715. 	$db->sql_query($sql);

    2716. 

  2716. 

    2717. 

  2717. 	// Re-cache moderators

    2718. 

  2718. 	if (!function_exists('cache_moderators'))

    2719. 

  2719. 	{

    2720. 

  2720. 		include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

    2721. 

  2721. 	}

    2722. 

  2722. 

    2723. 

  2723. 	cache_moderators();

    2724. 

  2724. 

    2725. 

  2725. 	add_log('admin', 'LOG_GROUP_DELETE', $group_name);

    2726. 

  2726. 

    2727. 

  2727. 	// Return false - no error

    2728. 

  2728. 	return false;

    2729. 

  2729. }

    2730. 

  2730. 

    2731. 

  2731. /**

    2732. 

  2732. * Add user(s) to group

    2733. 

  2733. *

    2734. 

  2734. * @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'

    2735. 

  2735. */

    2736. 

  2736. function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)

    2737. 

  2737. {

    2738. 

  2738. 	global $db, $auth;

    2739. 

  2739. 

    2740. 

  2740. 	// We need both username and user_id info

    2741. 

  2741. 	$result = user_get_id_name($user_id_ary, $username_ary);

    2742. 

  2742. 

    2743. 

  2743. 	if (!sizeof($user_id_ary) || $result !== false)

    2744. 

  2744. 	{

    2745. 

  2745. 		return 'NO_USER';

    2746. 

  2746. 	}

    2747. 

  2747. 

    2748. 

  2748. 	// Remove users who are already members of this group

    2749. 

  2749. 	$sql = 'SELECT user_id, group_leader

    2750. 

  2750. 		FROM ' . USER_GROUP_TABLE . '

    2751. 

  2751. 		WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "

    2752. 

  2752. 			AND group_id = $group_id";

    2753. 

  2753. 	$result = $db->sql_query($sql);

    2754. 

  2754. 

    2755. 

  2755. 	$add_id_ary = $update_id_ary = array();

    2756. 

  2756. 	while ($row = $db->sql_fetchrow($result))

    2757. 

  2757. 	{

    2758. 

  2758. 		$add_id_ary[] = (int) $row['user_id'];

    2759. 

  2759. 

    2760. 

  2760. 		if ($leader && !$row['group_leader'])

    2761. 

  2761. 		{

    2762. 

  2762. 			$update_id_ary[] = (int) $row['user_id'];

    2763. 

  2763. 		}

    2764. 

  2764. 	}

    2765. 

  2765. 	$db->sql_freeresult($result);

    2766. 

  2766. 

    2767. 

  2767. 	// Do all the users exist in this group?

    2768. 

  2768. 	$add_id_ary = array_diff($user_id_ary, $add_id_ary);

    2769. 

  2769. 

    2770. 

  2770. 	// If we have no users

    2771. 

  2771. 	if (!sizeof($add_id_ary) && !sizeof($update_id_ary))

    2772. 

  2772. 	{

    2773. 

  2773. 		return 'GROUP_USERS_EXIST';

    2774. 

  2774. 	}

    2775. 

  2775. 

    2776. 

  2776. 	$db->sql_transaction('begin');

    2777. 

  2777. 

    2778. 

  2778. 	// Insert the new users

    2779. 

  2779. 	if (sizeof($add_id_ary))

    2780. 

  2780. 	{

    2781. 

  2781. 		$sql_ary = array();

    2782. 

  2782. 

    2783. 

  2783. 		foreach ($add_id_ary as $user_id)

    2784. 

  2784. 		{

    2785. 

  2785. 			$sql_ary[] = array(

    2786. 

  2786. 				'user_id'		=> (int) $user_id,

    2787. 

  2787. 				'group_id'		=> (int) $group_id,

    2788. 

  2788. 				'group_leader'	=> (int) $leader,

    2789. 

  2789. 				'user_pending'	=> (int) $pending,

    2790. 

  2790. 			);

    2791. 

  2791. 		}

    2792. 

  2792. 

    2793. 

  2793. 		$db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);

    2794. 

  2794. 	}

    2795. 

  2795. 

    2796. 

  2796. 	if (sizeof($update_id_ary))

    2797. 

  2797. 	{

    2798. 

  2798. 		$sql = 'UPDATE ' . USER_GROUP_TABLE . '

    2799. 

  2799. 			SET group_leader = 1

    2800. 

  2800. 			WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "

    2801. 

  2801. 				AND group_id = $group_id";

    2802. 

  2802. 		$db->sql_query($sql);

    2803. 

  2803. 	}

    2804. 

  2804. 

    2805. 

  2805. 	if ($default)

    2806. 

  2806. 	{

    2807. 

  2807. 		group_user_attributes('default', $group_id, $user_id_ary, false, $group_name, $group_attributes);

    2808. 

  2808. 	}

    2809. 

  2809. 

    2810. 

  2810. 	$db->sql_transaction('commit');

    2811. 

  2811. 

    2812. 

  2812. 	// Clear permissions cache of relevant users

    2813. 

  2813. 	$auth->acl_clear_prefetch($user_id_ary);

    2814. 

  2814. 

    2815. 

  2815. 	if (!$group_name)

    2816. 

  2816. 	{

    2817. 

  2817. 		$group_name = get_group_name($group_id);

    2818. 

  2818. 	}

    2819. 

  2819. 

    2820. 

  2820. 	$log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED');

    2821. 

  2821. 

    2822. 

  2822. 	add_log('admin', $log, $group_name, implode(', ', $username_ary));

    2823. 

  2823. 

    2824. 

  2824. 	group_update_listings($group_id);

    2825. 

  2825. 

    2826. 

  2826. 	// Return false - no error

    2827. 

  2827. 	return false;

    2828. 

  2828. }

    2829. 

  2829. 

    2830. 

  2830. /**

    2831. 

  2831. * Remove a user/s from a given group. When we remove users we update their

    2832. 

  2832. * default group_id. We do this by examining which "special" groups they belong

    2833. 

  2833. * to. The selection is made based on a reasonable priority system

    2834. 

  2834. *

    2835. 

  2835. * @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'

    2836. 

  2836. */

    2837. 

  2837. function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)

    2838. 

  2838. {

    2839. 

  2839. 	global $db, $auth, $config;

    2840. 

  2840. 

    2841. 

  2841. 	if ($config['coppa_enable'])

    2842. 

  2842. 	{

    2843. 

  2843. 		$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');

    2844. 

  2844. 	}

    2845. 

  2845. 	else

    2846. 

  2846. 	{

    2847. 

  2847. 		$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED', 'BOTS', 'GUESTS');

    2848. 

  2848. 	}

    2849. 

  2849. 

    2850. 

  2850. 	// We need both username and user_id info

    2851. 

  2851. 	$result = user_get_id_name($user_id_ary, $username_ary);

    2852. 

  2852. 

    2853. 

  2853. 	if (!sizeof($user_id_ary) || $result !== false)

    2854. 

  2854. 	{

    2855. 

  2855. 		return 'NO_USER';

    2856. 

  2856. 	}

    2857. 

  2857. 

    2858. 

  2858. 	$sql = 'SELECT *

    2859. 

  2859. 		FROM ' . GROUPS_TABLE . '

    2860. 

  2860. 		WHERE ' . $db->sql_in_set('group_name', $group_order);

    2861. 

  2861. 	$result = $db->sql_query($sql);

    2862. 

  2862. 

    2863. 

  2863. 	$group_order_id = $special_group_data = array();

    2864. 

  2864. 	while ($row = $db->sql_fetchrow($result))

    2865. 

  2865. 	{

    2866. 

  2866. 		$group_order_id[$row['group_name']] = $row['group_id'];

    2867. 

  2867. 

    2868. 

  2868. 		$special_group_data[$row['group_id']] = array(

    2869. 

  2869. 			'group_colour'			=> $row['group_colour'],

    2870. 

  2870. 			'group_rank'				=> $row['group_rank'],

    2871. 

  2871. 		);

    2872. 

  2872. 

    2873. 

  2873. 		// Only set the group avatar if one is defined...

    2874. 

  2874. 		if ($row['group_avatar'])

    2875. 

  2875. 		{

    2876. 

  2876. 			$special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(

    2877. 

  2877. 				'group_avatar'			=> $row['group_avatar'],

    2878. 

  2878. 				'group_avatar_type'		=> $row['group_avatar_type'],

    2879. 

  2879. 				'group_avatar_width'		=> $row['group_avatar_width'],

    2880. 

  2880. 				'group_avatar_height'	=> $row['group_avatar_height'])

    2881. 

  2881. 			);

    2882. 

  2882. 		}

    2883. 

  2883. 	}

    2884. 

  2884. 	$db->sql_freeresult($result);

    2885. 

  2885. 

    2886. 

  2886. 	// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default

    2887. 

  2887. 	$sql = 'SELECT user_id, group_id

    2888. 

  2888. 		FROM ' . USERS_TABLE . '

    2889. 

  2889. 		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);

    2890. 

  2890. 	$result = $db->sql_query($sql);

    2891. 

  2891. 

    2892. 

  2892. 	$default_groups = array();

    2893. 

  2893. 	while ($row = $db->sql_fetchrow($result))

    2894. 

  2894. 	{

    2895. 

  2895. 		$default_groups[$row['user_id']] = $row['group_id'];

    2896. 

  2896. 	}

    2897. 

  2897. 	$db->sql_freeresult($result);

    2898. 

  2898. 

    2899. 

  2899. 	// What special group memberships exist for these users?

    2900. 

  2900. 	$sql = 'SELECT g.group_id, g.group_name, ug.user_id

    2901. 

  2901. 		FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g

    2902. 

  2902. 		WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "

    2903. 

  2903. 			AND g.group_id = ug.group_id

    2904. 

  2904. 			AND g.group_id <> $group_id

    2905. 

  2905. 			AND g.group_type = " . GROUP_SPECIAL . '

    2906. 

  2906. 		ORDER BY ug.user_id, g.group_id';

    2907. 

  2907. 	$result = $db->sql_query($sql);

    2908. 

  2908. 

    2909. 

  2909. 	$temp_ary = array();

    2910. 

  2910. 	while ($row = $db->sql_fetchrow($result))

    2911. 

  2911. 	{

    2912. 

  2912. 		if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || $group_order_id[$row['group_name']] < $temp_ary[$row['user_id']]))

    2913. 

  2913. 		{

    2914. 

  2914. 			$temp_ary[$row['user_id']] = $row['group_id'];

    2915. 

  2915. 		}

    2916. 

  2916. 	}

    2917. 

  2917. 	$db->sql_freeresult($result);

    2918. 

  2918. 

    2919. 

  2919. 	// sql_where_ary holds the new default groups and their users

    2920. 

  2920. 	$sql_where_ary = array();

    2921. 

  2921. 	foreach ($temp_ary as $uid => $gid)

    2922. 

  2922. 	{

    2923. 

  2923. 		$sql_where_ary[$gid][] = $uid;

    2924. 

  2924. 	}

    2925. 

  2925. 	unset($temp_ary);

    2926. 

  2926. 

    2927. 

  2927. 	foreach ($special_group_data as $gid => $default_data_ary)

    2928. 

  2928. 	{

    2929. 

  2929. 		if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))

    2930. 

  2930. 		{

    2931. 

  2931. 			remove_default_rank($group_id, $sql_where_ary[$gid]);

    2932. 

  2932. 			remove_default_avatar($group_id, $sql_where_ary[$gid]);

    2933. 

  2933. 			group_set_user_default($gid, $sql_where_ary[$gid], $default_data_ary);

    2934. 

  2934. 		}

    2935. 

  2935. 	}

    2936. 

  2936. 	unset($special_group_data);

    2937. 

  2937. 

    2938. 

  2938. 	$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "

    2939. 

  2939. 		WHERE group_id = $group_id

    2940. 

  2940. 			AND " . $db->sql_in_set('user_id', $user_id_ary);

    2941. 

  2941. 	$db->sql_query($sql);

    2942. 

  2942. 

    2943. 

  2943. 	// Clear permissions cache of relevant users

    2944. 

  2944. 	$auth->acl_clear_prefetch($user_id_ary);

    2945. 

  2945. 

    2946. 

  2946. 	if (!$group_name)

    2947. 

  2947. 	{

    2948. 

  2948. 		$group_name = get_group_name($group_id);

    2949. 

  2949. 	}

    2950. 

  2950. 

    2951. 

  2951. 	$log = 'LOG_GROUP_REMOVE';

    2952. 

  2952. 

    2953. 

  2953. 	if ($group_name)

    2954. 

  2954. 	{

    2955. 

  2955. 		add_log('admin', $log, $group_name, implode(', ', $username_ary));

    2956. 

  2956. 	}

    2957. 

  2957. 

    2958. 

  2958. 	group_update_listings($group_id);

    2959. 

  2959. 

    2960. 

  2960. 	// Return false - no error

    2961. 

  2961. 	return false;

    2962. 

  2962. }

    2963. 

  2963. 

    2964. 

  2964. 

    2965. 

  2965. /**

    2966. 

  2966. * Removes the group avatar of the default group from the users in user_ids who have that group as default.

    2967. 

  2967. */

    2968. 

  2968. function remove_default_avatar($group_id, $user_ids)

    2969. 

  2969. {

    2970. 

  2970. 	global $db;

    2971. 

  2971. 

    2972. 

  2972. 	if (!is_array($user_ids))

    2973. 

  2973. 	{

    2974. 

  2974. 		$user_ids = array($user_ids);

    2975. 

  2975. 	}

    2976. 

  2976. 	if (empty($user_ids))

    2977. 

  2977. 	{

    2978. 

  2978. 		return false;

    2979. 

  2979. 	}

    2980. 

  2980. 

    2981. 

  2981. 	$user_ids = array_map('intval', $user_ids);

    2982. 

  2982. 

    2983. 

  2983. 	$sql = 'SELECT *

    2984. 

  2984. 		FROM ' . GROUPS_TABLE . '

    2985. 

  2985. 		WHERE group_id = ' . (int)$group_id;

    2986. 

  2986. 	$result = $db->sql_query($sql);

    2987. 

  2987. 	if (!$row = $db->sql_fetchrow($result))

    2988. 

  2988. 	{

    2989. 

  2989. 		$db->sql_freeresult($result);

    2990. 

  2990. 		return false;

    2991. 

  2991. 	}

    2992. 

  2992. 	$db->sql_freeresult($result);

    2993. 

  2993. 

    2994. 

  2994. 	$sql = 'UPDATE ' . USERS_TABLE . "

    2995. 

  2995. 		SET user_avatar = '',

    2996. 

  2996. 			user_avatar_type = 0,

    2997. 

  2997. 			user_avatar_width = 0,

    2998. 

  2998. 			user_avatar_height = 0

    2999. 

  2999. 		WHERE group_id = " . (int) $group_id . "

    3000. 

  3000. 		AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "'

    3001. 

  3001. 		AND " . $db->sql_in_set('user_id', $user_ids);

    3002. 

  3002. 

    3003. 

  3003. 	$db->sql_query($sql);

    3004. 

  3004. }

    3005. 

  3005. 

    3006. 

  3006. /**

    3007. 

  3007. * Removes the group rank of the default group from the users in user_ids who have that group as default.

    3008. 

  3008. */

    3009. 

  3009. function remove_default_rank($group_id, $user_ids)

    3010. 

  3010. {

    3011. 

  3011. 	global $db;

    3012. 

  3012. 

    3013. 

  3013. 	if (!is_array($user_ids))

    3014. 

  3014. 	{

    3015. 

  3015. 		$user_ids = array($user_ids);

    3016. 

  3016. 	}

    3017. 

  3017. 	if (empty($user_ids))

    3018. 

  3018. 	{

    3019. 

  3019. 		return false;

    3020. 

  3020. 	}

    3021. 

  3021. 

    3022. 

  3022. 	$user_ids = array_map('intval', $user_ids);

    3023. 

  3023. 

    3024. 

  3024. 	$sql = 'SELECT *

    3025. 

  3025. 		FROM ' . GROUPS_TABLE . '

    3026. 

  3026. 		WHERE group_id = ' . (int)$group_id;

    3027. 

  3027. 	$result = $db->sql_query($sql);

    3028. 

  3028. 	if (!$row = $db->sql_fetchrow($result))

    3029. 

  3029. 	{

    3030. 

  3030. 		$db->sql_freeresult($result);

    3031. 

  3031. 		return false;

    3032. 

  3032. 	}

    3033. 

  3033. 	$db->sql_freeresult($result);

    3034. 

  3034. 

    3035. 

  3035. 	$sql = 'UPDATE ' . USERS_TABLE . '

    3036. 

  3036. 		SET user_rank = 0

    3037. 

  3037. 		WHERE group_id = ' . (int)$group_id . '

    3038. 

  3038. 		AND user_rank <> 0

    3039. 

  3039. 		AND user_rank = ' . (int)$row['group_rank'] . '

    3040. 

  3040. 		AND ' . $db->sql_in_set('user_id', $user_ids);

    3041. 

  3041. 	$db->sql_query($sql);

    3042. 

  3042. }

    3043. 

  3043. 

    3044. 

  3044. /**

    3045. 

  3045. * This is used to promote (to leader), demote or set as default a member/s

    3046. 

  3046. */

    3047. 

  3047. function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)

    3048. 

  3048. {

    3049. 

  3049. 	global $db, $auth, $phpbb_root_path, $phpEx, $config;

    3050. 

  3050. 

    3051. 

  3051. 	// We need both username and user_id info

    3052. 

  3052. 	$result = user_get_id_name($user_id_ary, $username_ary);

    3053. 

  3053. 

    3054. 

  3054. 	if (!sizeof($user_id_ary) || $result !== false)

    3055. 

  3055. 	{

    3056. 

  3056. 		return 'NO_USERS';

    3057. 

  3057. 	}

    3058. 

  3058. 

    3059. 

  3059. 	if (!$group_name)

    3060. 

  3060. 	{

    3061. 

  3061. 		$group_name = get_group_name($group_id);

    3062. 

  3062. 	}

    3063. 

  3063. 

    3064. 

  3064. 	switch ($action)

    3065. 

  3065. 	{

    3066. 

  3066. 		case 'demote':

    3067. 

  3067. 		case 'promote':

    3068. 

  3068. 

    3069. 

  3069. 			$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "

    3070. 

  3070. 				WHERE group_id = $group_id

    3071. 

  3071. 					AND user_pending = 1

    3072. 

  3072. 					AND " . $db->sql_in_set('user_id', $user_id_ary);

    3073. 

  3073. 			$result = $db->sql_query_limit($sql, 1);

    3074. 

  3074. 			$not_empty = ($db->sql_fetchrow($result));

    3075. 

  3075. 			$db->sql_freeresult($result);

    3076. 

  3076. 			if ($not_empty)

    3077. 

  3077. 			{

    3078. 

  3078. 				return 'NO_VALID_USERS';

    3079. 

  3079. 			}

    3080. 

  3080. 

    3081. 

  3081. 			$sql = 'UPDATE ' . USER_GROUP_TABLE . '

    3082. 

  3082. 				SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "

    3083. 

  3083. 				WHERE group_id = $group_id

    3084. 

  3084. 					AND user_pending = 0

    3085. 

  3085. 					AND " . $db->sql_in_set('user_id', $user_id_ary);

    3086. 

  3086. 			$db->sql_query($sql);

    3087. 

  3087. 

    3088. 

  3088. 			$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';

    3089. 

  3089. 		break;

    3090. 

  3090. 

    3091. 

  3091. 		case 'approve':

    3092. 

  3092. 			// Make sure we only approve those which are pending ;)

    3093. 

  3093. 			$sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang

    3094. 

  3094. 				FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug

    3095. 

  3095. 				WHERE ug.group_id = ' . $group_id . '

    3096. 

  3096. 					AND ug.user_pending = 1

    3097. 

  3097. 					AND ug.user_id = u.user_id

    3098. 

  3098. 					AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);

    3099. 

  3099. 			$result = $db->sql_query($sql);

    3100. 

  3100. 

    3101. 

  3101. 			$user_id_ary = $email_users = array();

    3102. 

  3102. 			while ($row = $db->sql_fetchrow($result))

    3103. 

  3103. 			{

    3104. 

  3104. 				$user_id_ary[] = $row['user_id'];

    3105. 

  3105. 				$email_users[] = $row;

    3106. 

  3106. 			}

    3107. 

  3107. 			$db->sql_freeresult($result);

    3108. 

  3108. 

    3109. 

  3109. 			if (!sizeof($user_id_ary))

    3110. 

  3110. 			{

    3111. 

  3111. 				return false;

    3112. 

  3112. 			}

    3113. 

  3113. 

    3114. 

  3114. 			$sql = 'UPDATE ' . USER_GROUP_TABLE . "

    3115. 

  3115. 				SET user_pending = 0

    3116. 

  3116. 				WHERE group_id = $group_id

    3117. 

  3117. 					AND " . $db->sql_in_set('user_id', $user_id_ary);

    3118. 

  3118. 			$db->sql_query($sql);

    3119. 

  3119. 

    3120. 

  3120. 			// Send approved email to users...

    3121. 

  3121. 			include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);

    3122. 

  3122. 			$messenger = new messenger();

    3123. 

  3123. 

    3124. 

  3124. 			foreach ($email_users as $row)

    3125. 

  3125. 			{

    3126. 

  3126. 				$messenger->template('group_approved', $row['user_lang']);

    3127. 

  3127. 

    3128. 

  3128. 				$messenger->to($row['user_email'], $row['username']);

    3129. 

  3129. 				$messenger->im($row['user_jabber'], $row['username']);

    3130. 

  3130. 

    3131. 

  3131. 				$messenger->assign_vars(array(

    3132. 

  3132. 					'USERNAME'		=> htmlspecialchars_decode($row['username']),

    3133. 

  3133. 					'GROUP_NAME'	=> htmlspecialchars_decode($group_name),

    3134. 

  3134. 					'U_GROUP'		=> generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")

    3135. 

  3135. 				);

    3136. 

  3136. 

    3137. 

  3137. 				$messenger->send($row['user_notify_type']);

    3138. 

  3138. 			}

    3139. 

  3139. 

    3140. 

  3140. 			$messenger->save_queue();

    3141. 

  3141. 

    3142. 

  3142. 			$log = 'LOG_USERS_APPROVED';

    3143. 

  3143. 		break;

    3144. 

  3144. 

    3145. 

  3145. 		case 'default':

    3146. 

  3146. 			// We only set default group for approved members of the group

    3147. 

  3147. 			$sql = 'SELECT user_id

    3148. 

  3148. 				FROM ' . USER_GROUP_TABLE . "

    3149. 

  3149. 				WHERE group_id = $group_id

    3150. 

  3150. 					AND user_pending = 0

    3151. 

  3151. 					AND " . $db->sql_in_set('user_id', $user_id_ary);

    3152. 

  3152. 			$result = $db->sql_query($sql);

    3153. 

  3153. 

    3154. 

  3154. 			$user_id_ary = $username_ary = array();

    3155. 

  3155. 			while ($row = $db->sql_fetchrow($result))

    3156. 

  3156. 			{

    3157. 

  3157. 				$user_id_ary[] = $row['user_id'];

    3158. 

  3158. 			}

    3159. 

  3159. 			$db->sql_freeresult($result);

    3160. 

  3160. 

    3161. 

  3161. 			$result = user_get_id_name($user_id_ary, $username_ary);

    3162. 

  3162. 			if (!sizeof($user_id_ary) || $result !== false)

    3163. 

  3163. 			{

    3164. 

  3164. 				return 'NO_USERS';

    3165. 

  3165. 			}

    3166. 

  3166. 

    3167. 

  3167. 			$sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '

    3168. 

  3168. 				WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);

    3169. 

  3169. 			$result = $db->sql_query($sql);

    3170. 

  3170. 

    3171. 

  3171. 			$groups = array();

    3172. 

  3172. 			while ($row = $db->sql_fetchrow($result))

    3173. 

  3173. 			{

    3174. 

  3174. 				if (!isset($groups[$row['group_id']]))

    3175. 

  3175. 				{

    3176. 

  3176. 					$groups[$row['group_id']] = array();

    3177. 

  3177. 				}

    3178. 

  3178. 				$groups[$row['group_id']][] = $row['user_id'];

    3179. 

  3179. 			}

    3180. 

  3180. 			$db->sql_freeresult($result);

    3181. 

  3181. 

    3182. 

  3182. 			foreach ($groups as $gid => $uids)

    3183. 

  3183. 			{

    3184. 

  3184. 				remove_default_rank($gid, $uids);

    3185. 

  3185. 				remove_default_avatar($gid, $uids);

    3186. 

  3186. 			}

    3187. 

  3187. 			group_set_user_default($group_id, $user_id_ary, $group_attributes);

    3188. 

  3188. 			$log = 'LOG_GROUP_DEFAULTS';

    3189. 

  3189. 		break;

    3190. 

  3190. 	}

    3191. 

  3191. 

    3192. 

  3192. 	// Clear permissions cache of relevant users

    3193. 

  3193. 	$auth->acl_clear_prefetch($user_id_ary);

    3194. 

  3194. 

    3195. 

  3195. 	add_log('admin', $log, $group_name, implode(', ', $username_ary));

    3196. 

  3196. 

    3197. 

  3197. 	group_update_listings($group_id);

    3198. 

  3198. 

    3199. 

  3199. 	return false;

    3200. 

  3200. }

    3201. 

  3201. 

    3202. 

  3202. /**

    3203. 

  3203. * A small version of validate_username to check for a group name's existence. To be called directly.

    3204. 

  3204. */

    3205. 

  3205. function group_validate_groupname($group_id, $group_name)

    3206. 

  3206. {

    3207. 

  3207. 	global $config, $db;

    3208. 

  3208. 

    3209. 

  3209. 	$group_name =  utf8_clean_string($group_name);

    3210. 

  3210. 

    3211. 

  3211. 	if (!empty($group_id))

    3212. 

  3212. 	{

    3213. 

  3213. 		$sql = 'SELECT group_name

    3214. 

  3214. 			FROM ' . GROUPS_TABLE . '

    3215. 

  3215. 			WHERE group_id = ' . (int) $group_id;

    3216. 

  3216. 		$result = $db->sql_query($sql);

    3217. 

  3217. 		$row = $db->sql_fetchrow($result);

    3218. 

  3218. 		$db->sql_freeresult($result);

    3219. 

  3219. 

    3220. 

  3220. 		if (!$row)

    3221. 

  3221. 		{

    3222. 

  3222. 			return false;

    3223. 

  3223. 		}

    3224. 

  3224. 

    3225. 

  3225. 		$allowed_groupname = utf8_clean_string($row['group_name']);

    3226. 

  3226. 

    3227. 

  3227. 		if ($allowed_groupname == $group_name)

    3228. 

  3228. 		{

    3229. 

  3229. 			return false;

    3230. 

  3230. 		}

    3231. 

  3231. 	}

    3232. 

  3232. 

    3233. 

  3233. 	$sql = 'SELECT group_name

    3234. 

  3234. 		FROM ' . GROUPS_TABLE . "

    3235. 

  3235. 		WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'";

    3236. 

  3236. 	$result = $db->sql_query($sql);

    3237. 

  3237. 	$row = $db->sql_fetchrow($result);

    3238. 

  3238. 	$db->sql_freeresult($result);

    3239. 

  3239. 

    3240. 

  3240. 	if ($row)

    3241. 

  3241. 	{

    3242. 

  3242. 		return 'GROUP_NAME_TAKEN';

    3243. 

  3243. 	}

    3244. 

  3244. 

    3245. 

  3245. 	return false;

    3246. 

  3246. }

    3247. 

  3247. 

    3248. 

  3248. /**

    3249. 

  3249. * Set users default group

    3250. 

  3250. *

    3251. 

  3251. * @access private

    3252. 

  3252. */

    3253. 

  3253. function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)

    3254. 

  3254. {

    3255. 

  3255. 	global $cache, $db;

    3256. 

  3256. 

    3257. 

  3257. 	if (empty($user_id_ary))

    3258. 

  3258. 	{

    3259. 

  3259. 		return;

    3260. 

  3260. 	}

    3261. 

  3261. 

    3262. 

  3262. 	$attribute_ary = array(

    3263. 

  3263. 		'group_colour'			=> 'string',

    3264. 

  3264. 		'group_rank'			=> 'int',

    3265. 

  3265. 		'group_avatar'			=> 'string',

    3266. 

  3266. 		'group_avatar_type'		=> 'int',

    3267. 

  3267. 		'group_avatar_width'	=> 'int',

    3268. 

  3268. 		'group_avatar_height'	=> 'int',

    3269. 

  3269. 	);

    3270. 

  3270. 

    3271. 

  3271. 	$sql_ary = array(

    3272. 

  3272. 		'group_id'		=> $group_id

    3273. 

  3273. 	);

    3274. 

  3274. 

    3275. 

  3275. 	// Were group attributes passed to the function? If not we need to obtain them

    3276. 

  3276. 	if ($group_attributes === false)

    3277. 

  3277. 	{

    3278. 

  3278. 		$sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '

    3279. 

  3279. 			FROM ' . GROUPS_TABLE . "

    3280. 

  3280. 			WHERE group_id = $group_id";

    3281. 

  3281. 		$result = $db->sql_query($sql);

    3282. 

  3282. 		$group_attributes = $db->sql_fetchrow($result);

    3283. 

  3283. 		$db->sql_freeresult($result);

    3284. 

  3284. 	}

    3285. 

  3285. 

    3286. 

  3286. 	foreach ($attribute_ary as $attribute => $type)

    3287. 

  3287. 	{

    3288. 

  3288. 		if (isset($group_attributes[$attribute]))

    3289. 

  3289. 		{

    3290. 

  3290. 			// If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group

    3291. 

  3291. 			if ((strpos($attribute, 'group_avatar') === 0 || strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute])

    3292. 

  3292. 			{

    3293. 

  3293. 				continue;

    3294. 

  3294. 			}

    3295. 

  3295. 

    3296. 

  3296. 			settype($group_attributes[$attribute], $type);

    3297. 

  3297. 			$sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];

    3298. 

  3298. 		}

    3299. 

  3299. 	}

    3300. 

  3300. 

    3301. 

  3301. 	// Before we update the user attributes, we will make a list of those having now the group avatar assigned

    3302. 

  3302. 	if (isset($sql_ary['user_avatar']))

    3303. 

  3303. 	{

    3304. 

  3304. 		// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)

    3305. 

  3305. 		$sql = 'SELECT user_id, group_id, user_avatar

    3306. 

  3306. 			FROM ' . USERS_TABLE . '

    3307. 

  3307. 			WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '

    3308. 

  3308. 				AND user_avatar_type = ' . AVATAR_UPLOAD;

    3309. 

  3309. 		$result = $db->sql_query($sql);

    3310. 

  3310. 

    3311. 

  3311. 		while ($row = $db->sql_fetchrow($result))

    3312. 

  3312. 		{

    3313. 

  3313. 			avatar_delete('user', $row);

    3314. 

  3314. 		}

    3315. 

  3315. 		$db->sql_freeresult($result);

    3316. 

  3316. 	}

    3317. 

  3317. 	else

    3318. 

  3318. 	{

    3319. 

  3319. 		unset($sql_ary['user_avatar_type']);

    3320. 

  3320. 		unset($sql_ary['user_avatar_height']);

    3321. 

  3321. 		unset($sql_ary['user_avatar_width']);

    3322. 

  3322. 	}

    3323. 

  3323. 

    3324. 

  3324. 	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '

    3325. 

  3325. 		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);

    3326. 

  3326. 	$db->sql_query($sql);

    3327. 

  3327. 

    3328. 

  3328. 	if (isset($sql_ary['user_colour']))

    3329. 

  3329. 	{

    3330. 

  3330. 		// Update any cached colour information for these users

    3331. 

  3331. 		$sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'

    3332. 

  3332. 			WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);

    3333. 

  3333. 		$db->sql_query($sql);

    3334. 

  3334. 

    3335. 

  3335. 		$sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'

    3336. 

  3336. 			WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);

    3337. 

  3337. 		$db->sql_query($sql);

    3338. 

  3338. 

    3339. 

  3339. 		$sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'

    3340. 

  3340. 			WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);

    3341. 

  3341. 		$db->sql_query($sql);

    3342. 

  3342. 

    3343. 

  3343. 		global $config;

    3344. 

  3344. 

    3345. 

  3345. 		if (in_array($config['newest_user_id'], $user_id_ary))

    3346. 

  3346. 		{

    3347. 

  3347. 			set_config('newest_user_colour', $sql_ary['user_colour'], true);

    3348. 

  3348. 		}

    3349. 

  3349. 	}

    3350. 

  3350. 

    3351. 

  3351. 	if ($update_listing)

    3352. 

  3352. 	{

    3353. 

  3353. 		group_update_listings($group_id);

    3354. 

  3354. 	}

    3355. 

  3355. 

    3356. 

  3356. 	// Because some tables/caches use usercolour-specific data we need to purge this here.

    3357. 

  3357. 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);

    3358. 

  3358. }

    3359. 

  3359. 

    3360. 

  3360. /**

    3361. 

  3361. * Get group name

    3362. 

  3362. */

    3363. 

  3363. function get_group_name($group_id)

    3364. 

  3364. {

    3365. 

  3365. 	global $db, $user;

    3366. 

  3366. 

    3367. 

  3367. 	$sql = 'SELECT group_name, group_type

    3368. 

  3368. 		FROM ' . GROUPS_TABLE . '

    3369. 

  3369. 		WHERE group_id = ' . (int) $group_id;

    3370. 

  3370. 	$result = $db->sql_query($sql);

    3371. 

  3371. 	$row = $db->sql_fetchrow($result);

    3372. 

  3372. 	$db->sql_freeresult($result);

    3373. 

  3373. 

    3374. 

  3374. 	if (!$row || ($row['group_type'] == GROUP_SPECIAL && empty($user->lang)))

    3375. 

  3375. 	{

    3376. 

  3376. 		return '';

    3377. 

  3377. 	}

    3378. 

  3378. 

    3379. 

  3379. 	return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];

    3380. 

  3380. }

    3381. 

  3381. 

    3382. 

  3382. /**

    3383. 

  3383. * Obtain either the members of a specified group, the groups the specified user is subscribed to

    3384. 

  3384. * or checking if a specified user is in a specified group. This function does not return pending memberships.

    3385. 

  3385. *

    3386. 

  3386. * Note: Never use this more than once... first group your users/groups

    3387. 

  3387. */

    3388. 

  3388. function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)

    3389. 

  3389. {

    3390. 

  3390. 	global $db;

    3391. 

  3391. 

    3392. 

  3392. 	if (!$group_id_ary && !$user_id_ary)

    3393. 

  3393. 	{

    3394. 

  3394. 		return true;

    3395. 

  3395. 	}

    3396. 

  3396. 

    3397. 

  3397. 	if ($user_id_ary)

    3398. 

  3398. 	{

    3399. 

  3399. 		$user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;

    3400. 

  3400. 	}

    3401. 

  3401. 

    3402. 

  3402. 	if ($group_id_ary)

    3403. 

  3403. 	{

    3404. 

  3404. 		$group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;

    3405. 

  3405. 	}

    3406. 

  3406. 

    3407. 

  3407. 	$sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email

    3408. 

  3408. 		FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u

    3409. 

  3409. 		WHERE ug.user_id = u.user_id

    3410. 

  3410. 			AND ug.user_pending = 0 AND ';

    3411. 

  3411. 

    3412. 

  3412. 	if ($group_id_ary)

    3413. 

  3413. 	{

    3414. 

  3414. 		$sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);

    3415. 

  3415. 	}

    3416. 

  3416. 

    3417. 

  3417. 	if ($user_id_ary)

    3418. 

  3418. 	{

    3419. 

  3419. 		$sql .= ($group_id_ary) ? ' AND ' : ' ';

    3420. 

  3420. 		$sql .= $db->sql_in_set('ug.user_id', $user_id_ary);

    3421. 

  3421. 	}

    3422. 

  3422. 

    3423. 

  3423. 	$result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);

    3424. 

  3424. 

    3425. 

  3425. 	$row = $db->sql_fetchrow($result);

    3426. 

  3426. 

    3427. 

  3427. 	if ($return_bool)

    3428. 

  3428. 	{

    3429. 

  3429. 		$db->sql_freeresult($result);

    3430. 

  3430. 		return ($row) ? true : false;

    3431. 

  3431. 	}

    3432. 

  3432. 

    3433. 

  3433. 	if (!$row)

    3434. 

  3434. 	{

    3435. 

  3435. 		return false;

    3436. 

  3436. 	}

    3437. 

  3437. 

    3438. 

  3438. 	$return = array();

    3439. 

  3439. 

    3440. 

  3440. 	do

    3441. 

  3441. 	{

    3442. 

  3442. 		$return[] = $row;

    3443. 

  3443. 	}

    3444. 

  3444. 	while ($row = $db->sql_fetchrow($result));

    3445. 

  3445. 

    3446. 

  3446. 	$db->sql_freeresult($result);

    3447. 

  3447. 

    3448. 

  3448. 	return $return;

    3449. 

  3449. }

    3450. 

  3450. 

    3451. 

  3451. /**

    3452. 

  3452. * Re-cache moderators and foes if group has a_ or m_ permissions

    3453. 

  3453. */

    3454. 

  3454. function group_update_listings($group_id)

    3455. 

  3455. {

    3456. 

  3456. 	global $auth;

    3457. 

  3457. 

    3458. 

  3458. 	$hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));

    3459. 

  3459. 

    3460. 

  3460. 	if (!sizeof($hold_ary))

    3461. 

  3461. 	{

    3462. 

  3462. 		return;

    3463. 

  3463. 	}

    3464. 

  3464. 

    3465. 

  3465. 	$mod_permissions = $admin_permissions = false;

    3466. 

  3466. 

    3467. 

  3467. 	foreach ($hold_ary as $g_id => $forum_ary)

    3468. 

  3468. 	{

    3469. 

  3469. 		foreach ($forum_ary as $forum_id => $auth_ary)

    3470. 

  3470. 		{

    3471. 

  3471. 			foreach ($auth_ary as $auth_option => $setting)

    3472. 

  3472. 			{

    3473. 

  3473. 				if ($mod_permissions && $admin_permissions)

    3474. 

  3474. 				{

    3475. 

  3475. 					break 3;

    3476. 

  3476. 				}

    3477. 

  3477. 

    3478. 

  3478. 				if ($setting != ACL_YES)

    3479. 

  3479. 				{

    3480. 

  3480. 					continue;

    3481. 

  3481. 				}

    3482. 

  3482. 

    3483. 

  3483. 				if ($auth_option == 'm_')

    3484. 

  3484. 				{

    3485. 

  3485. 					$mod_permissions = true;

    3486. 

  3486. 				}

    3487. 

  3487. 

    3488. 

  3488. 				if ($auth_option == 'a_')

    3489. 

  3489. 				{

    3490. 

  3490. 					$admin_permissions = true;

    3491. 

  3491. 				}

    3492. 

  3492. 			}

    3493. 

  3493. 		}

    3494. 

  3494. 	}

    3495. 

  3495. 

    3496. 

  3496. 	if ($mod_permissions)

    3497. 

  3497. 	{

    3498. 

  3498. 		if (!function_exists('cache_moderators'))

    3499. 

  3499. 		{

    3500. 

  3500. 			global $phpbb_root_path, $phpEx;

    3501. 

  3501. 			include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

    3502. 

  3502. 		}

    3503. 

  3503. 		cache_moderators();

    3504. 

  3504. 	}

    3505. 

  3505. 

    3506. 

  3506. 	if ($mod_permissions || $admin_permissions)

    3507. 

  3507. 	{

    3508. 

  3508. 		if (!function_exists('update_foes'))

    3509. 

  3509. 		{

    3510. 

  3510. 			global $phpbb_root_path, $phpEx;

    3511. 

  3511. 			include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

    3512. 

  3512. 		}

    3513. 

  3513. 		update_foes(array($group_id));

    3514. 

  3514. 	}

    3515. 

  3515. }

    3516. 

  3516. 

    3517. 

  3517. 

    3518. 

  3518. 

    3519. 

  3519. /**

    3520. 

  3520. * Funtion to make a user leave the NEWLY_REGISTERED system group.

    3521. 

  3521. * @access public

    3522. 

  3522. * @param $user_id The id of the user to remove from the group

    3523. 

  3523. */

    3524. 

  3524. function remove_newly_registered($user_id, $user_data = false)

    3525. 

  3525. {

    3526. 

  3526. 	global $db;

    3527. 

  3527. 

    3528. 

  3528. 	if ($user_data === false)

    3529. 

  3529. 	{

    3530. 

  3530. 		$sql = 'SELECT *

    3531. 

  3531. 			FROM ' . USERS_TABLE . '

    3532. 

  3532. 			WHERE user_id = ' . $user_id;

    3533. 

  3533. 		$result = $db->sql_query($sql);

    3534. 

  3534. 		$user_row = $db->sql_fetchrow($result);

    3535. 

  3535. 		$db->sql_freeresult($result);

    3536. 

  3536. 

    3537. 

  3537. 		if (!$user_row)

    3538. 

  3538. 		{

    3539. 

  3539. 			return false;

    3540. 

  3540. 		}

    3541. 

  3541. 		else

    3542. 

  3542. 		{

    3543. 

  3543. 			$user_data  = $user_row;

    3544. 

  3544. 		}

    3545. 

  3545. 	}

    3546. 

  3546. 

    3547. 

  3547. 	if (empty($user_data['user_new']))

    3548. 

  3548. 	{

    3549. 

  3549. 		return false;

    3550. 

  3550. 	}

    3551. 

  3551. 

    3552. 

  3552. 	$sql = 'SELECT group_id

    3553. 

  3553. 		FROM ' . GROUPS_TABLE . "

    3554. 

  3554. 		WHERE group_name = 'NEWLY_REGISTERED'

    3555. 

  3555. 			AND group_type = " . GROUP_SPECIAL;

    3556. 

  3556. 	$result = $db->sql_query($sql);

    3557. 

  3557. 	$group_id = (int) $db->sql_fetchfield('group_id');

    3558. 

  3558. 	$db->sql_freeresult($result);

    3559. 

  3559. 

    3560. 

  3560. 	if (!$group_id)

    3561. 

  3561. 	{

    3562. 

  3562. 		return false;

    3563. 

  3563. 	}

    3564. 

  3564. 

    3565. 

  3565. 	// We need to call group_user_del here, because this function makes sure everything is correctly changed.

    3566. 

  3566. 	// A downside for a call within the session handler is that the language is not set up yet - so no log entry

    3567. 

  3567. 	group_user_del($group_id, $user_id);

    3568. 

  3568. 

    3569. 

  3569. 	// Set user_new to 0 to let this not be triggered again

    3570. 

  3570. 	$sql = 'UPDATE ' . USERS_TABLE . '

    3571. 

  3571. 		SET user_new = 0

    3572. 

  3572. 		WHERE user_id = ' . $user_id;

    3573. 

  3573. 	$db->sql_query($sql);

    3574. 

  3574. 

    3575. 

  3575. 	// The new users group was the users default group?

    3576. 

  3576. 	if ($user_data['group_id'] == $group_id)

    3577. 

  3577. 	{

    3578. 

  3578. 		// Which group is now the users default one?

    3579. 

  3579. 		$sql = 'SELECT group_id

    3580. 

  3580. 			FROM ' . USERS_TABLE . '

    3581. 

  3581. 			WHERE user_id = ' . $user_id;

    3582. 

  3582. 		$result = $db->sql_query($sql);

    3583. 

  3583. 		$user_data['group_id'] = $db->sql_fetchfield('group_id');

    3584. 

  3584. 		$db->sql_freeresult($result);

    3585. 

  3585. 	}

    3586. 

  3586. 

    3587. 

  3587. 	return $user_data['group_id'];

    3588. 

  3588. }

    3589. 

  3589. 

    3590. 

  3590. ?>
    3591.