Subs-Members.php 44 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437
  1. <?php
  2. /**
  3. * This file contains some useful functions for members and membergroups.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2011 Simple Machines
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('Hacking attempt...');
  16. /**
  17. * Delete one or more members.
  18. * Requires profile_remove_own or profile_remove_any permission for
  19. * respectively removing your own account or any account.
  20. * Non-admins cannot delete admins.
  21. * The function:
  22. * - changes author of messages, topics and polls to guest authors.
  23. * - removes all log entries concerning the deleted members, except the
  24. * error logs, ban logs and moderation logs.
  25. * - removes these members' personal messages (only the inbox), avatars,
  26. * ban entries, theme settings, moderator positions, poll votes, and
  27. * karma votes.
  28. * - updates member statistics afterwards.
  29. *
  30. * @param array $users
  31. * @param bool $check_not_admin = false
  32. */
  33. function deleteMembers($users, $check_not_admin = false)
  34. {
  35. global $sourcedir, $modSettings, $user_info, $smcFunc;
  36. // Try give us a while to sort this out...
  37. @set_time_limit(600);
  38. // Try to get some more memory.
  39. setMemoryLimit('128M');
  40. // If it's not an array, make it so!
  41. if (!is_array($users))
  42. $users = array($users);
  43. else
  44. $users = array_unique($users);
  45. // Make sure there's no void user in here.
  46. $users = array_diff($users, array(0));
  47. // How many are they deleting?
  48. if (empty($users))
  49. return;
  50. elseif (count($users) == 1)
  51. {
  52. list ($user) = $users;
  53. if ($user == $user_info['id'])
  54. isAllowedTo('profile_remove_own');
  55. else
  56. isAllowedTo('profile_remove_any');
  57. }
  58. else
  59. {
  60. foreach ($users as $k => $v)
  61. $users[$k] = (int) $v;
  62. // Deleting more than one? You can't have more than one account...
  63. isAllowedTo('profile_remove_any');
  64. }
  65. // Get their names for logging purposes.
  66. $request = $smcFunc['db_query']('', '
  67. SELECT id_member, member_name, CASE WHEN id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 THEN 1 ELSE 0 END AS is_admin
  68. FROM {db_prefix}members
  69. WHERE id_member IN ({array_int:user_list})
  70. LIMIT ' . count($users),
  71. array(
  72. 'user_list' => $users,
  73. 'admin_group' => 1,
  74. )
  75. );
  76. $admins = array();
  77. $user_log_details = array();
  78. while ($row = $smcFunc['db_fetch_assoc']($request))
  79. {
  80. if ($row['is_admin'])
  81. $admins[] = $row['id_member'];
  82. $user_log_details[$row['id_member']] = array($row['id_member'], $row['member_name']);
  83. }
  84. $smcFunc['db_free_result']($request);
  85. if (empty($user_log_details))
  86. return;
  87. // Make sure they aren't trying to delete administrators if they aren't one. But don't bother checking if it's just themself.
  88. if (!empty($admins) && ($check_not_admin || (!allowedTo('admin_forum') && (count($users) != 1 || $users[0] != $user_info['id']))))
  89. {
  90. $users = array_diff($users, $admins);
  91. foreach ($admins as $id)
  92. unset($user_log_details[$id]);
  93. }
  94. // No one left?
  95. if (empty($users))
  96. return;
  97. // Log the action - regardless of who is deleting it.
  98. $log_changes = array();
  99. foreach ($user_log_details as $user)
  100. {
  101. $log_changes[] = array(
  102. 'action' => 'delete_member',
  103. 'log_type' => 'admin',
  104. 'extra' => array(
  105. 'member' => $user[0],
  106. 'name' => $user[1],
  107. 'member_acted' => $user_info['name'],
  108. ),
  109. );
  110. // Remove any cached data if enabled.
  111. if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2)
  112. cache_put_data('user_settings-' . $user[0], null, 60);
  113. }
  114. // Make these peoples' posts guest posts.
  115. $smcFunc['db_query']('', '
  116. UPDATE {db_prefix}messages
  117. SET id_member = {int:guest_id}' . (!empty($modSettings['deleteMembersRemovesEmail']) ? ',
  118. poster_email = {string:blank_email}' : '') . '
  119. WHERE id_member IN ({array_int:users})',
  120. array(
  121. 'guest_id' => 0,
  122. 'blank_email' => '',
  123. 'users' => $users,
  124. )
  125. );
  126. $smcFunc['db_query']('', '
  127. UPDATE {db_prefix}polls
  128. SET id_member = {int:guest_id}
  129. WHERE id_member IN ({array_int:users})',
  130. array(
  131. 'guest_id' => 0,
  132. 'users' => $users,
  133. )
  134. );
  135. // Make these peoples' posts guest first posts and last posts.
  136. $smcFunc['db_query']('', '
  137. UPDATE {db_prefix}topics
  138. SET id_member_started = {int:guest_id}
  139. WHERE id_member_started IN ({array_int:users})',
  140. array(
  141. 'guest_id' => 0,
  142. 'users' => $users,
  143. )
  144. );
  145. $smcFunc['db_query']('', '
  146. UPDATE {db_prefix}topics
  147. SET id_member_updated = {int:guest_id}
  148. WHERE id_member_updated IN ({array_int:users})',
  149. array(
  150. 'guest_id' => 0,
  151. 'users' => $users,
  152. )
  153. );
  154. $smcFunc['db_query']('', '
  155. UPDATE {db_prefix}log_actions
  156. SET id_member = {int:guest_id}
  157. WHERE id_member IN ({array_int:users})',
  158. array(
  159. 'guest_id' => 0,
  160. 'users' => $users,
  161. )
  162. );
  163. $smcFunc['db_query']('', '
  164. UPDATE {db_prefix}log_banned
  165. SET id_member = {int:guest_id}
  166. WHERE id_member IN ({array_int:users})',
  167. array(
  168. 'guest_id' => 0,
  169. 'users' => $users,
  170. )
  171. );
  172. $smcFunc['db_query']('', '
  173. UPDATE {db_prefix}log_errors
  174. SET id_member = {int:guest_id}
  175. WHERE id_member IN ({array_int:users})',
  176. array(
  177. 'guest_id' => 0,
  178. 'users' => $users,
  179. )
  180. );
  181. // Delete the member.
  182. $smcFunc['db_query']('', '
  183. DELETE FROM {db_prefix}members
  184. WHERE id_member IN ({array_int:users})',
  185. array(
  186. 'users' => $users,
  187. )
  188. );
  189. // Delete the logs...
  190. $smcFunc['db_query']('', '
  191. DELETE FROM {db_prefix}log_actions
  192. WHERE id_log = {int:log_type}
  193. AND id_member IN ({array_int:users})',
  194. array(
  195. 'log_type' => 2,
  196. 'users' => $users,
  197. )
  198. );
  199. $smcFunc['db_query']('', '
  200. DELETE FROM {db_prefix}log_boards
  201. WHERE id_member IN ({array_int:users})',
  202. array(
  203. 'users' => $users,
  204. )
  205. );
  206. $smcFunc['db_query']('', '
  207. DELETE FROM {db_prefix}log_comments
  208. WHERE id_recipient IN ({array_int:users})
  209. AND comment_type = {string:warntpl}',
  210. array(
  211. 'users' => $users,
  212. 'warntpl' => 'warntpl',
  213. )
  214. );
  215. $smcFunc['db_query']('', '
  216. DELETE FROM {db_prefix}log_group_requests
  217. WHERE id_member IN ({array_int:users})',
  218. array(
  219. 'users' => $users,
  220. )
  221. );
  222. $smcFunc['db_query']('', '
  223. DELETE FROM {db_prefix}log_karma
  224. WHERE id_target IN ({array_int:users})
  225. OR id_executor IN ({array_int:users})',
  226. array(
  227. 'users' => $users,
  228. )
  229. );
  230. $smcFunc['db_query']('', '
  231. DELETE FROM {db_prefix}log_mark_read
  232. WHERE id_member IN ({array_int:users})',
  233. array(
  234. 'users' => $users,
  235. )
  236. );
  237. $smcFunc['db_query']('', '
  238. DELETE FROM {db_prefix}log_notify
  239. WHERE id_member IN ({array_int:users})',
  240. array(
  241. 'users' => $users,
  242. )
  243. );
  244. $smcFunc['db_query']('', '
  245. DELETE FROM {db_prefix}log_online
  246. WHERE id_member IN ({array_int:users})',
  247. array(
  248. 'users' => $users,
  249. )
  250. );
  251. $smcFunc['db_query']('', '
  252. DELETE FROM {db_prefix}log_subscribed
  253. WHERE id_member IN ({array_int:users})',
  254. array(
  255. 'users' => $users,
  256. )
  257. );
  258. $smcFunc['db_query']('', '
  259. DELETE FROM {db_prefix}log_topics
  260. WHERE id_member IN ({array_int:users})',
  261. array(
  262. 'users' => $users,
  263. )
  264. );
  265. $smcFunc['db_query']('', '
  266. DELETE FROM {db_prefix}collapsed_categories
  267. WHERE id_member IN ({array_int:users})',
  268. array(
  269. 'users' => $users,
  270. )
  271. );
  272. // Make their votes appear as guest votes - at least it keeps the totals right.
  273. // @todo Consider adding back in cookie protection.
  274. $smcFunc['db_query']('', '
  275. UPDATE {db_prefix}log_polls
  276. SET id_member = {int:guest_id}
  277. WHERE id_member IN ({array_int:users})',
  278. array(
  279. 'guest_id' => 0,
  280. 'users' => $users,
  281. )
  282. );
  283. // Delete personal messages.
  284. require_once($sourcedir . '/PersonalMessage.php');
  285. deleteMessages(null, null, $users);
  286. $smcFunc['db_query']('', '
  287. UPDATE {db_prefix}personal_messages
  288. SET id_member_from = {int:guest_id}
  289. WHERE id_member_from IN ({array_int:users})',
  290. array(
  291. 'guest_id' => 0,
  292. 'users' => $users,
  293. )
  294. );
  295. // They no longer exist, so we don't know who it was sent to.
  296. $smcFunc['db_query']('', '
  297. DELETE FROM {db_prefix}pm_recipients
  298. WHERE id_member IN ({array_int:users})',
  299. array(
  300. 'users' => $users,
  301. )
  302. );
  303. // Delete avatar.
  304. require_once($sourcedir . '/ManageAttachments.php');
  305. removeAttachments(array('id_member' => $users));
  306. // It's over, no more moderation for you.
  307. $smcFunc['db_query']('', '
  308. DELETE FROM {db_prefix}moderators
  309. WHERE id_member IN ({array_int:users})',
  310. array(
  311. 'users' => $users,
  312. )
  313. );
  314. $smcFunc['db_query']('', '
  315. DELETE FROM {db_prefix}group_moderators
  316. WHERE id_member IN ({array_int:users})',
  317. array(
  318. 'users' => $users,
  319. )
  320. );
  321. // If you don't exist we can't ban you.
  322. $smcFunc['db_query']('', '
  323. DELETE FROM {db_prefix}ban_items
  324. WHERE id_member IN ({array_int:users})',
  325. array(
  326. 'users' => $users,
  327. )
  328. );
  329. // Remove individual theme settings.
  330. $smcFunc['db_query']('', '
  331. DELETE FROM {db_prefix}themes
  332. WHERE id_member IN ({array_int:users})',
  333. array(
  334. 'users' => $users,
  335. )
  336. );
  337. // These users are nobody's buddy nomore.
  338. $request = $smcFunc['db_query']('', '
  339. SELECT id_member, pm_ignore_list, buddy_list
  340. FROM {db_prefix}members
  341. WHERE FIND_IN_SET({raw:pm_ignore_list}, pm_ignore_list) != 0 OR FIND_IN_SET({raw:buddy_list}, buddy_list) != 0',
  342. array(
  343. 'pm_ignore_list' => implode(', pm_ignore_list) != 0 OR FIND_IN_SET(', $users),
  344. 'buddy_list' => implode(', buddy_list) != 0 OR FIND_IN_SET(', $users),
  345. )
  346. );
  347. while ($row = $smcFunc['db_fetch_assoc']($request))
  348. $smcFunc['db_query']('', '
  349. UPDATE {db_prefix}members
  350. SET
  351. pm_ignore_list = {string:pm_ignore_list},
  352. buddy_list = {string:buddy_list}
  353. WHERE id_member = {int:id_member}',
  354. array(
  355. 'id_member' => $row['id_member'],
  356. 'pm_ignore_list' => implode(',', array_diff(explode(',', $row['pm_ignore_list']), $users)),
  357. 'buddy_list' => implode(',', array_diff(explode(',', $row['buddy_list']), $users)),
  358. )
  359. );
  360. $smcFunc['db_free_result']($request);
  361. // Make sure no member's birthday is still sticking in the calendar...
  362. updateSettings(array(
  363. 'calendar_updated' => time(),
  364. ));
  365. // Integration rocks!
  366. call_integration_hook('integrate_delete_members', array($users));
  367. updateStats('member');
  368. require_once($sourcedir . '/Logging.php');
  369. logActions($log_changes);
  370. }
  371. /**
  372. * Registers a member to the forum.
  373. * Allows two types of interface: 'guest' and 'admin'. The first
  374. * includes hammering protection, the latter can perform the
  375. * registration silently.
  376. * The strings used in the options array are assumed to be escaped.
  377. * Allows to perform several checks on the input, e.g. reserved names.
  378. * The function will adjust member statistics.
  379. * If an error is detected will fatal error on all errors unless return_errors is true.
  380. *
  381. * @param array $regOptions
  382. * @param bool $return_errors - specify whether to return the errors
  383. * @return int, the ID of the newly created member
  384. */
  385. function registerMember(&$regOptions, $return_errors = false)
  386. {
  387. global $scripturl, $txt, $modSettings, $context, $sourcedir;
  388. global $user_info, $options, $settings, $smcFunc;
  389. loadLanguage('Login');
  390. // We'll need some external functions.
  391. require_once($sourcedir . '/Subs-Auth.php');
  392. require_once($sourcedir . '/Subs-Post.php');
  393. // Put any errors in here.
  394. $reg_errors = array();
  395. // Registration from the admin center, let them sweat a little more.
  396. if ($regOptions['interface'] == 'admin')
  397. {
  398. is_not_guest();
  399. isAllowedTo('moderate_forum');
  400. }
  401. // If you're an admin, you're special ;).
  402. elseif ($regOptions['interface'] == 'guest')
  403. {
  404. // You cannot register twice...
  405. if (empty($user_info['is_guest']))
  406. redirectexit();
  407. // Make sure they didn't just register with this session.
  408. if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck']))
  409. fatal_lang_error('register_only_once', false);
  410. }
  411. // What method of authorization are we going to use?
  412. if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid')))
  413. {
  414. if (!empty($regOptions['openid']))
  415. $regOptions['auth_method'] = 'openid';
  416. else
  417. $regOptions['auth_method'] = 'password';
  418. }
  419. // No name?! How can you register with no name?
  420. if (empty($regOptions['username']))
  421. $reg_errors[] = array('lang', 'need_username');
  422. // Spaces and other odd characters are evil...
  423. $regOptions['username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? '\x{A0}' : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']);
  424. // Don't use too long a name.
  425. if ($smcFunc['strlen']($regOptions['username']) > 25)
  426. $reg_errors[] = array('lang', 'error_long_name');
  427. // Only these characters are permitted.
  428. if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $regOptions['username'])) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false)
  429. $reg_errors[] = array('lang', 'error_invalid_characters_username');
  430. if ($smcFunc['strtolower']($regOptions['username']) === $smcFunc['strtolower']($txt['guest_title']))
  431. $reg_errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
  432. // @todo Separate the sprintf?
  433. if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255)
  434. $reg_errors[] = array('done', sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($regOptions['username'])));
  435. if (!empty($regOptions['check_reserved_name']) && isReservedName($regOptions['username'], 0, false))
  436. {
  437. if ($regOptions['password'] == 'chocolate cake')
  438. $reg_errors[] = array('done', 'Sorry, I don\'t take bribes... you\'ll need to come up with a different name.');
  439. $reg_errors[] = array('done', '(' . htmlspecialchars($regOptions['username']) . ') ' . $txt['name_in_use']);
  440. }
  441. // Generate a validation code if it's supposed to be emailed.
  442. $validation_code = '';
  443. if ($regOptions['require'] == 'activation')
  444. $validation_code = generateValidationCode();
  445. // If you haven't put in a password generate one.
  446. if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password')
  447. {
  448. mt_srand(time() + 1277);
  449. $regOptions['password'] = generateValidationCode();
  450. $regOptions['password_check'] = $regOptions['password'];
  451. }
  452. // Does the first password match the second?
  453. elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password')
  454. $reg_errors[] = array('lang', 'passwords_dont_match');
  455. // That's kind of easy to guess...
  456. if ($regOptions['password'] == '')
  457. {
  458. if ($regOptions['auth_method'] == 'password')
  459. $reg_errors[] = array('lang', 'no_password');
  460. else
  461. $regOptions['password'] = sha1(mt_rand());
  462. }
  463. // Now perform hard password validation as required.
  464. if (!empty($regOptions['check_password_strength']))
  465. {
  466. $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
  467. // Password isn't legal?
  468. if ($passwordError != null)
  469. $reg_errors[] = array('lang', 'profile_error_password_' . $passwordError);
  470. }
  471. // If they are using an OpenID that hasn't been verified yet error out.
  472. // @todo Change this so they can register without having to attempt a login first
  473. if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid']))
  474. $reg_errors[] = array('lang', 'openid_not_verified');
  475. // You may not be allowed to register this email.
  476. if (!empty($regOptions['check_email_ban']))
  477. isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
  478. // Check if the email address is in use.
  479. $request = $smcFunc['db_query']('', '
  480. SELECT id_member
  481. FROM {db_prefix}members
  482. WHERE email_address = {string:email_address}
  483. OR email_address = {string:username}
  484. LIMIT 1',
  485. array(
  486. 'email_address' => $regOptions['email'],
  487. 'username' => $regOptions['username'],
  488. )
  489. );
  490. // @todo Separate the sprintf?
  491. if ($smcFunc['db_num_rows']($request) != 0)
  492. $reg_errors[] = array('lang', 'email_in_use', false, array(htmlspecialchars($regOptions['email'])));
  493. $smcFunc['db_free_result']($request);
  494. // If we found any errors we need to do something about it right away!
  495. foreach ($reg_errors as $key => $error)
  496. {
  497. /* Note for each error:
  498. 0 = 'lang' if it's an index, 'done' if it's clear text.
  499. 1 = The text/index.
  500. 2 = Whether to log.
  501. 3 = sprintf data if necessary. */
  502. if ($error[0] == 'lang')
  503. loadLanguage('Errors');
  504. $message = $error[0] == 'lang' ? (empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3])) : $error[1];
  505. // What to do, what to do, what to do.
  506. if ($return_errors)
  507. {
  508. if (!empty($error[2]))
  509. log_error($message, $error[2]);
  510. $reg_errors[$key] = $message;
  511. }
  512. else
  513. fatal_error($message, empty($error[2]) ? false : $error[2]);
  514. }
  515. // If there's any errors left return them at once!
  516. if (!empty($reg_errors))
  517. return $reg_errors;
  518. $reservedVars = array(
  519. 'actual_theme_url',
  520. 'actual_images_url',
  521. 'base_theme_dir',
  522. 'base_theme_url',
  523. 'default_images_url',
  524. 'default_theme_dir',
  525. 'default_theme_url',
  526. 'default_template',
  527. 'images_url',
  528. 'number_recent_posts',
  529. 'smiley_sets_default',
  530. 'theme_dir',
  531. 'theme_id',
  532. 'theme_layers',
  533. 'theme_templates',
  534. 'theme_url',
  535. );
  536. // Can't change reserved vars.
  537. if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0)
  538. fatal_lang_error('no_theme');
  539. // Some of these might be overwritten. (the lower ones that are in the arrays below.)
  540. $regOptions['register_vars'] = array(
  541. 'member_name' => $regOptions['username'],
  542. 'email_address' => $regOptions['email'],
  543. 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']),
  544. 'password_salt' => substr(md5(mt_rand()), 0, 4) ,
  545. 'posts' => 0,
  546. 'date_registered' => time(),
  547. 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'],
  548. 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'],
  549. 'validation_code' => $validation_code,
  550. 'real_name' => $regOptions['username'],
  551. 'personal_text' => $modSettings['default_personal_text'],
  552. 'pm_email_notify' => 1,
  553. 'id_theme' => 0,
  554. 'id_post_group' => 4,
  555. 'lngfile' => '',
  556. 'buddy_list' => '',
  557. 'pm_ignore_list' => '',
  558. 'message_labels' => '',
  559. 'website_title' => '',
  560. 'website_url' => '',
  561. 'location' => '',
  562. 'icq' => '',
  563. 'aim' => '',
  564. 'yim' => '',
  565. 'msn' => '',
  566. 'time_format' => '',
  567. 'signature' => '',
  568. 'avatar' => '',
  569. 'usertitle' => '',
  570. 'secret_question' => '',
  571. 'secret_answer' => '',
  572. 'additional_groups' => '',
  573. 'ignore_boards' => '',
  574. 'smiley_set' => '',
  575. 'openid_uri' => (!empty($regOptions['openid']) ? $regOptions['openid'] : ''),
  576. );
  577. // Setup the activation status on this new account so it is correct - firstly is it an under age account?
  578. if ($regOptions['require'] == 'coppa')
  579. {
  580. $regOptions['register_vars']['is_activated'] = 5;
  581. // @todo This should be changed. To what should be it be changed??
  582. $regOptions['register_vars']['validation_code'] = '';
  583. }
  584. // Maybe it can be activated right away?
  585. elseif ($regOptions['require'] == 'nothing')
  586. $regOptions['register_vars']['is_activated'] = 1;
  587. // Maybe it must be activated by email?
  588. elseif ($regOptions['require'] == 'activation')
  589. $regOptions['register_vars']['is_activated'] = 0;
  590. // Otherwise it must be awaiting approval!
  591. else
  592. $regOptions['register_vars']['is_activated'] = 3;
  593. if (isset($regOptions['memberGroup']))
  594. {
  595. // Make sure the id_group will be valid, if this is an administator.
  596. $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
  597. // Check if this group is assignable.
  598. $unassignableGroups = array(-1, 3);
  599. $request = $smcFunc['db_query']('', '
  600. SELECT id_group
  601. FROM {db_prefix}membergroups
  602. WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
  603. OR group_type = {int:is_protected}'),
  604. array(
  605. 'min_posts' => -1,
  606. 'is_protected' => 1,
  607. )
  608. );
  609. while ($row = $smcFunc['db_fetch_assoc']($request))
  610. $unassignableGroups[] = $row['id_group'];
  611. $smcFunc['db_free_result']($request);
  612. if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups))
  613. $regOptions['register_vars']['id_group'] = 0;
  614. }
  615. // ICQ cannot be zero.
  616. if (isset($regOptions['extra_register_vars']['icq']) && empty($regOptions['extra_register_vars']['icq']))
  617. $regOptions['extra_register_vars']['icq'] = '';
  618. // Integrate optional member settings to be set.
  619. if (!empty($regOptions['extra_register_vars']))
  620. foreach ($regOptions['extra_register_vars'] as $var => $value)
  621. $regOptions['register_vars'][$var] = $value;
  622. // Integrate optional user theme options to be set.
  623. $theme_vars = array();
  624. if (!empty($regOptions['theme_vars']))
  625. foreach ($regOptions['theme_vars'] as $var => $value)
  626. $theme_vars[$var] = $value;
  627. // Right, now let's prepare for insertion.
  628. $knownInts = array(
  629. 'date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages',
  630. 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad',
  631. 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types',
  632. 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning',
  633. );
  634. $knownFloats = array(
  635. 'time_offset',
  636. );
  637. // Call an optional function to validate the users' input.
  638. call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats));
  639. $column_names = array();
  640. $values = array();
  641. foreach ($regOptions['register_vars'] as $var => $val)
  642. {
  643. $type = 'string';
  644. if (in_array($var, $knownInts))
  645. $type = 'int';
  646. elseif (in_array($var, $knownFloats))
  647. $type = 'float';
  648. elseif ($var == 'birthdate')
  649. $type = 'date';
  650. $column_names[$var] = $type;
  651. $values[$var] = $val;
  652. }
  653. // Register them into the database.
  654. $smcFunc['db_insert']('',
  655. '{db_prefix}members',
  656. $column_names,
  657. $values,
  658. array('id_member')
  659. );
  660. $memberID = $smcFunc['db_insert_id']('{db_prefix}members', 'id_member');
  661. // Update the number of members and latest member's info - and pass the name, but remove the 's.
  662. if ($regOptions['register_vars']['is_activated'] == 1)
  663. updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
  664. else
  665. updateStats('member');
  666. // Theme variables too?
  667. if (!empty($theme_vars))
  668. {
  669. $inserts = array();
  670. foreach ($theme_vars as $var => $val)
  671. $inserts[] = array($memberID, $var, $val);
  672. $smcFunc['db_insert']('insert',
  673. '{db_prefix}themes',
  674. array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'),
  675. $inserts,
  676. array('id_member', 'variable')
  677. );
  678. }
  679. // If it's enabled, increase the registrations for today.
  680. trackStats(array('registers' => '+'));
  681. // Administrative registrations are a bit different...
  682. if ($regOptions['interface'] == 'admin')
  683. {
  684. if ($regOptions['require'] == 'activation')
  685. $email_message = 'admin_register_activate';
  686. elseif (!empty($regOptions['send_welcome_email']))
  687. $email_message = 'admin_register_immediate';
  688. if (isset($email_message))
  689. {
  690. $replacements = array(
  691. 'REALNAME' => $regOptions['register_vars']['real_name'],
  692. 'USERNAME' => $regOptions['username'],
  693. 'PASSWORD' => $regOptions['password'],
  694. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  695. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  696. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  697. 'ACTIVATIONCODE' => $validation_code,
  698. );
  699. $emaildata = loadEmailTemplate($email_message, $replacements);
  700. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  701. }
  702. // All admins are finished here.
  703. return $memberID;
  704. }
  705. // Can post straight away - welcome them to your fantastic community...
  706. if ($regOptions['require'] == 'nothing')
  707. {
  708. if (!empty($regOptions['send_welcome_email']))
  709. {
  710. $replacements = array(
  711. 'REALNAME' => $regOptions['register_vars']['real_name'],
  712. 'USERNAME' => $regOptions['username'],
  713. 'PASSWORD' => $regOptions['password'],
  714. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  715. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  716. );
  717. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
  718. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  719. }
  720. // Send admin their notification.
  721. adminNotify('standard', $memberID, $regOptions['username']);
  722. }
  723. // Need to activate their account - or fall under COPPA.
  724. elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa')
  725. {
  726. $replacements = array(
  727. 'REALNAME' => $regOptions['register_vars']['real_name'],
  728. 'USERNAME' => $regOptions['username'],
  729. 'PASSWORD' => $regOptions['password'],
  730. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  731. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  732. );
  733. if ($regOptions['require'] == 'activation')
  734. $replacements += array(
  735. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  736. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  737. 'ACTIVATIONCODE' => $validation_code,
  738. );
  739. else
  740. $replacements += array(
  741. 'COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID,
  742. );
  743. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
  744. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  745. }
  746. // Must be awaiting approval.
  747. else
  748. {
  749. $replacements = array(
  750. 'REALNAME' => $regOptions['register_vars']['real_name'],
  751. 'USERNAME' => $regOptions['username'],
  752. 'PASSWORD' => $regOptions['password'],
  753. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  754. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  755. );
  756. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
  757. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  758. // Admin gets informed here...
  759. adminNotify('approval', $memberID, $regOptions['username']);
  760. }
  761. // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
  762. $_SESSION['just_registered'] = 1;
  763. return $memberID;
  764. }
  765. /**
  766. * Check if a name is in the reserved words list.
  767. * (name, current member id, name/username?.)
  768. * - checks if name is a reserved name or username.
  769. * - if is_name is false, the name is assumed to be a username.
  770. * - the id_member variable is used to ignore duplicate matches with the
  771. * current member.
  772. *
  773. * @param string $name
  774. * @param int $current_ID_MEMBER
  775. * @param bool $is_name
  776. * @param bool $fatal
  777. */
  778. function isReservedName($name, $current_ID_MEMBER = 0, $is_name = true, $fatal = true)
  779. {
  780. global $user_info, $modSettings, $smcFunc, $context;
  781. // No cheating with entities please.
  782. $replaceEntities = create_function('$string', '
  783. $num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;' . (empty($context['utf8']) ? '
  784. return $num < 0x20 ? \'\' : ($num < 0x80 ? chr($num) : \'&#\' . $string . \';\');' : '
  785. return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) ? \'\' : ($num < 0x80 ? chr($num) : ($num < 0x800 ? chr(192 | $num >> 6) . chr(128 | $num & 63) : ($num < 0x10000 ? chr(224 | $num >> 12) . chr(128 | $num >> 6 & 63) . chr(128 | $num & 63) : chr(240 | $num >> 18) . chr(128 | $num >> 12 & 63) . chr(128 | $num >> 6 & 63) . chr(128 | $num & 63))));')
  786. );
  787. $name = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', '$replaceEntities(\'\\2\')', $name);
  788. $checkName = $smcFunc['strtolower']($name);
  789. // Administrators are never restricted ;).
  790. if (!allowedTo('moderate_forum') && ((!empty($modSettings['reserveName']) && $is_name) || !empty($modSettings['reserveUser']) && !$is_name))
  791. {
  792. $reservedNames = explode("\n", $modSettings['reserveNames']);
  793. // Case sensitive check?
  794. $checkMe = empty($modSettings['reserveCase']) ? $checkName : $name;
  795. // Check each name in the list...
  796. foreach ($reservedNames as $reserved)
  797. {
  798. if ($reserved == '')
  799. continue;
  800. // The admin might've used entities too, level the playing field.
  801. $reservedCheck = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', '$replaceEntities(\'\\2\')', $reserved);
  802. // Case sensitive name?
  803. if (empty($modSettings['reserveCase']))
  804. $reservedCheck = $smcFunc['strtolower']($reservedCheck);
  805. // If it's not just entire word, check for it in there somewhere...
  806. if ($checkMe == $reservedCheck || ($smcFunc['strpos']($checkMe, $reservedCheck) !== false && empty($modSettings['reserveWord'])))
  807. if ($fatal)
  808. fatal_lang_error('username_reserved', 'password', array($reserved));
  809. else
  810. return true;
  811. }
  812. $censor_name = $name;
  813. if (censorText($censor_name) != $name)
  814. if ($fatal)
  815. fatal_lang_error('name_censored', 'password', array($name));
  816. else
  817. return true;
  818. }
  819. // Characters we just shouldn't allow, regardless.
  820. foreach (array('*') as $char)
  821. if (strpos($checkName, $char) !== false)
  822. if ($fatal)
  823. fatal_lang_error('username_reserved', 'password', array($char));
  824. else
  825. return true;
  826. // Get rid of any SQL parts of the reserved name...
  827. $checkName = strtr($name, array('_' => '\\_', '%' => '\\%'));
  828. // Make sure they don't want someone else's name.
  829. $request = $smcFunc['db_query']('', '
  830. SELECT id_member
  831. FROM {db_prefix}members
  832. WHERE ' . (empty($current_ID_MEMBER) ? '' : 'id_member != {int:current_member}
  833. AND ') . '(real_name LIKE {string:check_name} OR member_name LIKE {string:check_name})
  834. LIMIT 1',
  835. array(
  836. 'current_member' => $current_ID_MEMBER,
  837. 'check_name' => $checkName,
  838. )
  839. );
  840. if ($smcFunc['db_num_rows']($request) > 0)
  841. {
  842. $smcFunc['db_free_result']($request);
  843. return true;
  844. }
  845. // Does name case insensitive match a member group name?
  846. $request = $smcFunc['db_query']('', '
  847. SELECT id_group
  848. FROM {db_prefix}membergroups
  849. WHERE group_name LIKE {string:check_name}
  850. LIMIT 1',
  851. array(
  852. 'check_name' => $checkName,
  853. )
  854. );
  855. if ($smcFunc['db_num_rows']($request) > 0)
  856. {
  857. $smcFunc['db_free_result']($request);
  858. return true;
  859. }
  860. // Okay, they passed.
  861. return false;
  862. }
  863. // Get a list of groups that have a given permission (on a given board).
  864. /**
  865. * Retrieves a list of membergroups that are allowed to do the given
  866. * permission. (on the given board)
  867. * If board_id is not null, a board permission is assumed.
  868. * The function takes different permission settings into account.
  869. *
  870. * @param string $permission
  871. * @param int $board_id = null
  872. * @return an array containing an array for the allowed membergroup ID's
  873. * and an array for the denied membergroup ID's.
  874. */
  875. function groupsAllowedTo($permission, $board_id = null)
  876. {
  877. global $modSettings, $board_info, $smcFunc;
  878. // Admins are allowed to do anything.
  879. $member_groups = array(
  880. 'allowed' => array(1),
  881. 'denied' => array(),
  882. );
  883. // Assume we're dealing with regular permissions (like profile_view_own).
  884. if ($board_id === null)
  885. {
  886. $request = $smcFunc['db_query']('', '
  887. SELECT id_group, add_deny
  888. FROM {db_prefix}permissions
  889. WHERE permission = {string:permission}',
  890. array(
  891. 'permission' => $permission,
  892. )
  893. );
  894. while ($row = $smcFunc['db_fetch_assoc']($request))
  895. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  896. $smcFunc['db_free_result']($request);
  897. }
  898. // Otherwise it's time to look at the board.
  899. else
  900. {
  901. // First get the profile of the given board.
  902. if (isset($board_info['id']) && $board_info['id'] == $board_id)
  903. $profile_id = $board_info['profile'];
  904. elseif ($board_id !== 0)
  905. {
  906. $request = $smcFunc['db_query']('', '
  907. SELECT id_profile
  908. FROM {db_prefix}boards
  909. WHERE id_board = {int:id_board}
  910. LIMIT 1',
  911. array(
  912. 'id_board' => $board_id,
  913. )
  914. );
  915. if ($smcFunc['db_num_rows']($request) == 0)
  916. fatal_lang_error('no_board');
  917. list ($profile_id) = $smcFunc['db_fetch_row']($request);
  918. $smcFunc['db_free_result']($request);
  919. }
  920. else
  921. $profile_id = 1;
  922. $request = $smcFunc['db_query']('', '
  923. SELECT bp.id_group, bp.add_deny
  924. FROM {db_prefix}board_permissions AS bp
  925. WHERE bp.permission = {string:permission}
  926. AND bp.id_profile = {int:profile_id}',
  927. array(
  928. 'profile_id' => $profile_id,
  929. 'permission' => $permission,
  930. )
  931. );
  932. while ($row = $smcFunc['db_fetch_assoc']($request))
  933. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  934. $smcFunc['db_free_result']($request);
  935. }
  936. // Denied is never allowed.
  937. $member_groups['allowed'] = array_diff($member_groups['allowed'], $member_groups['denied']);
  938. return $member_groups;
  939. }
  940. /**
  941. * Retrieves a list of members that have a given permission
  942. * (on a given board).
  943. * If board_id is not null, a board permission is assumed.
  944. * Takes different permission settings into account.
  945. * Takes possible moderators (on board 'board_id') into account.
  946. *
  947. * @param string $permission
  948. * @param int $board_id = null
  949. * @return an array containing member ID's.
  950. */
  951. function membersAllowedTo($permission, $board_id = null)
  952. {
  953. global $smcFunc;
  954. $member_groups = groupsAllowedTo($permission, $board_id);
  955. $include_moderators = in_array(3, $member_groups['allowed']) && $board_id !== null;
  956. $member_groups['allowed'] = array_diff($member_groups['allowed'], array(3));
  957. $exclude_moderators = in_array(3, $member_groups['denied']) && $board_id !== null;
  958. $member_groups['denied'] = array_diff($member_groups['denied'], array(3));
  959. $request = $smcFunc['db_query']('', '
  960. SELECT mem.id_member
  961. FROM {db_prefix}members AS mem' . ($include_moderators || $exclude_moderators ? '
  962. LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_member = mem.id_member AND mods.id_board = {int:board_id})' : '') . '
  963. WHERE (' . ($include_moderators ? 'mods.id_member IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_allowed}) OR FIND_IN_SET({raw:member_group_allowed_implode}, mem.additional_groups) != 0)' . (empty($member_groups['denied']) ? '' : '
  964. AND NOT (' . ($exclude_moderators ? 'mods.id_member IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_denied}) OR FIND_IN_SET({raw:member_group_denied_implode}, mem.additional_groups) != 0)'),
  965. array(
  966. 'member_groups_allowed' => $member_groups['allowed'],
  967. 'member_groups_denied' => $member_groups['denied'],
  968. 'board_id' => $board_id,
  969. 'member_group_allowed_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['allowed']),
  970. 'member_group_denied_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['denied']),
  971. )
  972. );
  973. $members = array();
  974. while ($row = $smcFunc['db_fetch_assoc']($request))
  975. $members[] = $row['id_member'];
  976. $smcFunc['db_free_result']($request);
  977. return $members;
  978. }
  979. /**
  980. * This function is used to reassociate members with relevant posts.
  981. * Reattribute guest posts to a specified member.
  982. * Does not check for any permissions.
  983. * If add_to_post_count is set, the member's post count is increased.
  984. *
  985. * @param int $memID
  986. * @param string $email = false
  987. * @param string $membername = false
  988. * @param bool $post_count = false
  989. * @return nothing
  990. */
  991. function reattributePosts($memID, $email = false, $membername = false, $post_count = false)
  992. {
  993. global $smcFunc;
  994. // Firstly, if email and username aren't passed find out the members email address and name.
  995. if ($email === false && $membername === false)
  996. {
  997. $request = $smcFunc['db_query']('', '
  998. SELECT email_address, member_name
  999. FROM {db_prefix}members
  1000. WHERE id_member = {int:memID}
  1001. LIMIT 1',
  1002. array(
  1003. 'memID' => $memID,
  1004. )
  1005. );
  1006. list ($email, $membername) = $smcFunc['db_fetch_row']($request);
  1007. $smcFunc['db_free_result']($request);
  1008. }
  1009. // If they want the post count restored then we need to do some research.
  1010. if ($post_count)
  1011. {
  1012. $request = $smcFunc['db_query']('', '
  1013. SELECT COUNT(*)
  1014. FROM {db_prefix}messages AS m
  1015. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND b.count_posts = {int:count_posts})
  1016. WHERE m.id_member = {int:guest_id}
  1017. AND m.approved = {int:is_approved}
  1018. AND m.icon != {string:recycled_icon}' . (empty($email) ? '' : '
  1019. AND m.poster_email = {string:email_address}') . (empty($membername) ? '' : '
  1020. AND m.poster_name = {string:member_name}'),
  1021. array(
  1022. 'count_posts' => 0,
  1023. 'guest_id' => 0,
  1024. 'email_address' => $email,
  1025. 'member_name' => $membername,
  1026. 'is_approved' => 1,
  1027. 'recycled_icon' => 'recycled',
  1028. )
  1029. );
  1030. list ($messageCount) = $smcFunc['db_fetch_row']($request);
  1031. $smcFunc['db_free_result']($request);
  1032. updateMemberData($memID, array('posts' => 'posts + ' . $messageCount));
  1033. }
  1034. $query_parts = array();
  1035. if (!empty($email))
  1036. $query_parts[] = 'poster_email = {string:email_address}';
  1037. if (!empty($membername))
  1038. $query_parts[] = 'poster_name = {string:member_name}';
  1039. $query = implode(' AND ', $query_parts);
  1040. // Finally, update the posts themselves!
  1041. $smcFunc['db_query']('', '
  1042. UPDATE {db_prefix}messages
  1043. SET id_member = {int:memID}
  1044. WHERE ' . $query,
  1045. array(
  1046. 'memID' => $memID,
  1047. 'email_address' => $email,
  1048. 'member_name' => $membername,
  1049. )
  1050. );
  1051. // ...and the topics too!
  1052. $smcFunc['db_query']('', '
  1053. UPDATE {db_prefix}topics as t, {db_prefix}messages as m
  1054. SET t.id_member_started = {int:memID}
  1055. WHERE m.id_member = {int:memID}
  1056. AND t.id_first_msg = m.id_msg',
  1057. array(
  1058. 'memID' => $memID,
  1059. )
  1060. );
  1061. // Allow mods with their own post tables to reattribute posts as well :)
  1062. call_integration_hook('integrate_reattribute_posts', array(&$memID, &$email, &$membername, &$post_count));
  1063. }
  1064. /**
  1065. * This simple function adds/removes the passed user from the current users buddy list.
  1066. * Requires profile_identity_own permission.
  1067. * Called by ?action=buddy;u=x;session_id=y.
  1068. * Redirects to ?action=profile;u=x.
  1069. */
  1070. function BuddyListToggle()
  1071. {
  1072. global $user_info;
  1073. checkSession('get');
  1074. isAllowedTo('profile_identity_own');
  1075. is_not_guest();
  1076. if (empty($_REQUEST['u']))
  1077. fatal_lang_error('no_access', false);
  1078. $_REQUEST['u'] = (int) $_REQUEST['u'];
  1079. // Remove if it's already there...
  1080. if (in_array($_REQUEST['u'], $user_info['buddies']))
  1081. $user_info['buddies'] = array_diff($user_info['buddies'], array($_REQUEST['u']));
  1082. // ...or add if it's not and if it's not you.
  1083. elseif ($user_info['id'] != $_REQUEST['u'])
  1084. $user_info['buddies'][] = (int) $_REQUEST['u'];
  1085. // Update the settings.
  1086. updateMemberData($user_info['id'], array('buddy_list' => implode(',', $user_info['buddies'])));
  1087. // Redirect back to the profile
  1088. redirectexit('action=profile;u=' . $_REQUEST['u']);
  1089. }
  1090. /**
  1091. * Callback for createList().
  1092. *
  1093. * @param $start
  1094. * @param $items_per_page
  1095. * @param $sort
  1096. * @param $where
  1097. * @param $where_params
  1098. * @param $get_duplicates
  1099. */
  1100. function list_getMembers($start, $items_per_page, $sort, $where, $where_params = array(), $get_duplicates = false)
  1101. {
  1102. global $smcFunc;
  1103. $request = $smcFunc['db_query']('', '
  1104. SELECT
  1105. mem.id_member, mem.member_name, mem.real_name, mem.email_address, mem.icq, mem.aim, mem.yim, mem.msn, mem.member_ip, mem.member_ip2, mem.last_login,
  1106. mem.posts, mem.is_activated, mem.date_registered, mem.id_group, mem.additional_groups, mg.group_name
  1107. FROM {db_prefix}members AS mem
  1108. LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = mem.id_group)
  1109. WHERE ' . $where . '
  1110. ORDER BY {raw:sort}
  1111. LIMIT {int:start}, {int:per_page}',
  1112. array_merge($where_params, array(
  1113. 'sort' => $sort,
  1114. 'start' => $start,
  1115. 'per_page' => $items_per_page,
  1116. ))
  1117. );
  1118. $members = array();
  1119. while ($row = $smcFunc['db_fetch_assoc']($request))
  1120. $members[] = $row;
  1121. $smcFunc['db_free_result']($request);
  1122. // If we want duplicates pass the members array off.
  1123. if ($get_duplicates)
  1124. populateDuplicateMembers($members);
  1125. return $members;
  1126. }
  1127. /**
  1128. * Callback for createList().
  1129. *
  1130. * @param $where
  1131. * @param $where_params
  1132. */
  1133. function list_getNumMembers($where, $where_params = array())
  1134. {
  1135. global $smcFunc, $modSettings;
  1136. // We know how many members there are in total.
  1137. if (empty($where) || $where == '1')
  1138. $num_members = $modSettings['totalMembers'];
  1139. // The database knows the amount when there are extra conditions.
  1140. else
  1141. {
  1142. $request = $smcFunc['db_query']('', '
  1143. SELECT COUNT(*)
  1144. FROM {db_prefix}members AS mem
  1145. WHERE ' . $where,
  1146. array_merge($where_params, array(
  1147. ))
  1148. );
  1149. list ($num_members) = $smcFunc['db_fetch_row']($request);
  1150. $smcFunc['db_free_result']($request);
  1151. }
  1152. return $num_members;
  1153. }
  1154. /**
  1155. *
  1156. * @param $members
  1157. */
  1158. function populateDuplicateMembers(&$members)
  1159. {
  1160. global $smcFunc;
  1161. // This will hold all the ip addresses.
  1162. $ips = array();
  1163. foreach ($members as $key => $member)
  1164. {
  1165. // Create the duplicate_members element.
  1166. $members[$key]['duplicate_members'] = array();
  1167. // Store the IPs.
  1168. if (!empty($member['member_ip']))
  1169. $ips[] = $member['member_ip'];
  1170. if (!empty($member['member_ip2']))
  1171. $ips[] = $member['member_ip2'];
  1172. }
  1173. $ips = array_unique($ips);
  1174. if (empty($ips))
  1175. return false;
  1176. // Fetch all members with this IP address, we'll filter out the current ones in a sec.
  1177. $request = $smcFunc['db_query']('', '
  1178. SELECT
  1179. id_member, member_name, email_address, member_ip, member_ip2, is_activated
  1180. FROM {db_prefix}members
  1181. WHERE member_ip IN ({array_string:ips})
  1182. OR member_ip2 IN ({array_string:ips})',
  1183. array(
  1184. 'ips' => $ips,
  1185. )
  1186. );
  1187. $duplicate_members = array();
  1188. $duplicate_ids = array();
  1189. while ($row = $smcFunc['db_fetch_assoc']($request))
  1190. {
  1191. //$duplicate_ids[] = $row['id_member'];
  1192. $member_context = array(
  1193. 'id' => $row['id_member'],
  1194. 'name' => $row['member_name'],
  1195. 'email' => $row['email_address'],
  1196. 'is_banned' => $row['is_activated'] > 10,
  1197. 'ip' => $row['member_ip'],
  1198. 'ip2' => $row['member_ip2'],
  1199. );
  1200. if (in_array($row['member_ip'], $ips))
  1201. $duplicate_members[$row['member_ip']][] = $member_context;
  1202. if ($row['member_ip'] != $row['member_ip2'] && in_array($row['member_ip2'], $ips))
  1203. $duplicate_members[$row['member_ip2']][] = $member_context;
  1204. }
  1205. $smcFunc['db_free_result']($request);
  1206. // Also try to get a list of messages using these ips.
  1207. $request = $smcFunc['db_query']('', '
  1208. SELECT
  1209. m.poster_ip, mem.id_member, mem.member_name, mem.email_address, mem.is_activated
  1210. FROM {db_prefix}messages AS m
  1211. INNER JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
  1212. WHERE m.id_member != 0
  1213. ' . (!empty($duplicate_ids) ? 'AND m.id_member NOT IN ({array_int:duplicate_ids})' : '') . '
  1214. AND m.poster_ip IN ({array_string:ips})',
  1215. array(
  1216. 'duplicate_ids' => $duplicate_ids,
  1217. 'ips' => $ips,
  1218. )
  1219. );
  1220. $had_ips = array();
  1221. while ($row = $smcFunc['db_fetch_assoc']($request))
  1222. {
  1223. // Don't collect lots of the same.
  1224. if (isset($had_ips[$row['poster_ip']]) && in_array($row['id_member'], $had_ips[$row['poster_ip']]))
  1225. continue;
  1226. $had_ips[$row['poster_ip']][] = $row['id_member'];
  1227. $duplicate_members[$row['poster_ip']][] = array(
  1228. 'id' => $row['id_member'],
  1229. 'name' => $row['member_name'],
  1230. 'email' => $row['email_address'],
  1231. 'is_banned' => $row['is_activated'] > 10,
  1232. 'ip' => $row['poster_ip'],
  1233. 'ip2' => $row['poster_ip'],
  1234. );
  1235. }
  1236. $smcFunc['db_free_result']($request);
  1237. // Now we have all the duplicate members, stick them with their respective member in the list.
  1238. if (!empty($duplicate_members))
  1239. foreach ($members as $key => $member)
  1240. {
  1241. if (isset($duplicate_members[$member['member_ip']]))
  1242. $members[$key]['duplicate_members'] = $duplicate_members[$member['member_ip']];
  1243. if ($member['member_ip'] != $member['member_ip2'] && isset($duplicate_members[$member['member_ip2']]))
  1244. $members[$key]['duplicate_members'] = array_merge($member['duplicate_members'], $duplicate_members[$member['member_ip2']]);
  1245. // Check we don't have lots of the same member.
  1246. $member_track = array($member['id_member']);
  1247. foreach ($members[$key]['duplicate_members'] as $duplicate_id_member => $duplicate_member)
  1248. {
  1249. if (in_array($duplicate_member['id'], $member_track))
  1250. {
  1251. unset($members[$key]['duplicate_members'][$duplicate_id_member]);
  1252. continue;
  1253. }
  1254. $member_track[] = $duplicate_member['id'];
  1255. }
  1256. }
  1257. }
  1258. // Generate a random validation code.
  1259. // @todo Err. Whatcha doin' here.
  1260. function generateValidationCode()
  1261. {
  1262. global $smcFunc, $modSettings;
  1263. $request = $smcFunc['db_query']('get_random_number', '
  1264. SELECT RAND()',
  1265. array(
  1266. )
  1267. );
  1268. list ($dbRand) = $smcFunc['db_fetch_row']($request);
  1269. $smcFunc['db_free_result']($request);
  1270. return substr(preg_replace('/\W/', '', sha1(microtime() . mt_rand() . $dbRand . $modSettings['rand_seed'])), 0, 10);
  1271. }
  1272. ?>