Subs-Members.php 44 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391
  1. <?php
  2. /**
  3. * Simple Machines Forum (SMF)
  4. *
  5. * @package SMF
  6. * @author Simple Machines http://www.simplemachines.org
  7. * @copyright 2011 Simple Machines
  8. * @license http://www.simplemachines.org/about/smf/license.php BSD
  9. *
  10. * @version 2.0
  11. */
  12. if (!defined('SMF'))
  13. die('Hacking attempt...');
  14. /* This file contains some useful functions for members and membergroups.
  15. void deleteMembers(array $users, bool check_not_admin = false)
  16. - delete of one or more members.
  17. - requires profile_remove_own or profile_remove_any permission for
  18. respectively removing your own account or any account.
  19. - non-admins cannot delete admins.
  20. - changes author of messages, topics and polls to guest authors.
  21. - removes all log entries concerning the deleted members, except the
  22. error logs, ban logs and moderation logs.
  23. - removes these members' personal messages (only the inbox), avatars,
  24. ban entries, theme settings, moderator positions, poll votes, and
  25. karma votes.
  26. - updates member statistics afterwards.
  27. int registerMember(array options, bool return_errors)
  28. - registers a member to the forum.
  29. - returns the ID of the newly created member.
  30. - allows two types of interface: 'guest' and 'admin'. The first
  31. includes hammering protection, the latter can perform the
  32. registration silently.
  33. - the strings used in the options array are assumed to be escaped.
  34. - allows to perform several checks on the input, e.g. reserved names.
  35. - adjusts member statistics.
  36. - if an error is detected will fatal error on all errors unless return_errors is true.
  37. bool isReservedName(string name, int id_member = 0, bool is_name = true, bool fatal = true)
  38. - checks if name is a reserved name or username.
  39. - if is_name is false, the name is assumed to be a username.
  40. - the id_member variable is used to ignore duplicate matches with the
  41. current member.
  42. array groupsAllowedTo(string permission, int board_id = null)
  43. - retrieves a list of membergroups that are allowed to do the given
  44. permission.
  45. - if board_id is not null, a board permission is assumed.
  46. - takes different permission settings into account.
  47. - returns an array containing an array for the allowed membergroup ID's
  48. and an array for the denied membergroup ID's.
  49. array membersAllowedTo(string permission, int board_id = null)
  50. - retrieves a list of members that are allowed to do the given
  51. permission.
  52. - if board_id is not null, a board permission is assumed.
  53. - takes different permission settings into account.
  54. - takes possible moderators (on board 'board_id') into account.
  55. - returns an array containing member ID's.
  56. int reattributePosts(int id_member, string email = false, string membername = false, bool add_to_post_count = false)
  57. - reattribute guest posts to a specified member.
  58. - does not check for any permissions.
  59. - returns the number of successful reattributed posts.
  60. - if add_to_post_count is set, the member's post count is increased.
  61. void BuddyListToggle()
  62. - add a member to your buddy list or remove it.
  63. - requires profile_identity_own permission.
  64. - called by ?action=buddy;u=x;session_id=y.
  65. - redirects to ?action=profile;u=x.
  66. void populateDuplicateMembers(&array members)
  67. // !!!
  68. */
  69. // Delete a group of/single member.
  70. function deleteMembers($users, $check_not_admin = false)
  71. {
  72. global $sourcedir, $modSettings, $user_info, $smcFunc;
  73. // Try give us a while to sort this out...
  74. @set_time_limit(600);
  75. // Try to get some more memory.
  76. if (@ini_get('memory_limit') < 128)
  77. @ini_set('memory_limit', '128M');
  78. // If it's not an array, make it so!
  79. if (!is_array($users))
  80. $users = array($users);
  81. else
  82. $users = array_unique($users);
  83. // Make sure there's no void user in here.
  84. $users = array_diff($users, array(0));
  85. // How many are they deleting?
  86. if (empty($users))
  87. return;
  88. elseif (count($users) == 1)
  89. {
  90. list ($user) = $users;
  91. if ($user == $user_info['id'])
  92. isAllowedTo('profile_remove_own');
  93. else
  94. isAllowedTo('profile_remove_any');
  95. }
  96. else
  97. {
  98. foreach ($users as $k => $v)
  99. $users[$k] = (int) $v;
  100. // Deleting more than one? You can't have more than one account...
  101. isAllowedTo('profile_remove_any');
  102. }
  103. // Get their names for logging purposes.
  104. $request = $smcFunc['db_query']('', '
  105. SELECT id_member, member_name, CASE WHEN id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 THEN 1 ELSE 0 END AS is_admin
  106. FROM {db_prefix}members
  107. WHERE id_member IN ({array_int:user_list})
  108. LIMIT ' . count($users),
  109. array(
  110. 'user_list' => $users,
  111. 'admin_group' => 1,
  112. )
  113. );
  114. $admins = array();
  115. $user_log_details = array();
  116. while ($row = $smcFunc['db_fetch_assoc']($request))
  117. {
  118. if ($row['is_admin'])
  119. $admins[] = $row['id_member'];
  120. $user_log_details[$row['id_member']] = array($row['id_member'], $row['member_name']);
  121. }
  122. $smcFunc['db_free_result']($request);
  123. if (empty($user_log_details))
  124. return;
  125. // Make sure they aren't trying to delete administrators if they aren't one. But don't bother checking if it's just themself.
  126. if (!empty($admins) && ($check_not_admin || (!allowedTo('admin_forum') && (count($users) != 1 || $users[0] != $user_info['id']))))
  127. {
  128. $users = array_diff($users, $admins);
  129. foreach ($admins as $id)
  130. unset($user_log_details[$id]);
  131. }
  132. // No one left?
  133. if (empty($users))
  134. return;
  135. // Log the action - regardless of who is deleting it.
  136. $log_inserts = array();
  137. foreach ($user_log_details as $user)
  138. {
  139. // Integration rocks!
  140. call_integration_hook('integrate_delete_member', array($user[0]));
  141. // Add it to the administration log for future reference.
  142. $log_inserts[] = array(
  143. time(), 3, $user_info['id'], $user_info['ip'], 'delete_member',
  144. 0, 0, 0, serialize(array('member' => $user[0], 'name' => $user[1], 'member_acted' => $user_info['name'])),
  145. );
  146. // Remove any cached data if enabled.
  147. if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2)
  148. cache_put_data('user_settings-' . $user[0], null, 60);
  149. }
  150. // Do the actual logging...
  151. if (!empty($log_inserts) && !empty($modSettings['modlog_enabled']))
  152. $smcFunc['db_insert']('',
  153. '{db_prefix}log_actions',
  154. array(
  155. 'log_time' => 'int', 'id_log' => 'int', 'id_member' => 'int', 'ip' => 'string-16', 'action' => 'string',
  156. 'id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'extra' => 'string-65534',
  157. ),
  158. $log_inserts,
  159. array('id_action')
  160. );
  161. // Make these peoples' posts guest posts.
  162. $smcFunc['db_query']('', '
  163. UPDATE {db_prefix}messages
  164. SET id_member = {int:guest_id}, poster_email = {string:blank_email}
  165. WHERE id_member IN ({array_int:users})',
  166. array(
  167. 'guest_id' => 0,
  168. 'blank_email' => '',
  169. 'users' => $users,
  170. )
  171. );
  172. $smcFunc['db_query']('', '
  173. UPDATE {db_prefix}polls
  174. SET id_member = {int:guest_id}
  175. WHERE id_member IN ({array_int:users})',
  176. array(
  177. 'guest_id' => 0,
  178. 'users' => $users,
  179. )
  180. );
  181. // Make these peoples' posts guest first posts and last posts.
  182. $smcFunc['db_query']('', '
  183. UPDATE {db_prefix}topics
  184. SET id_member_started = {int:guest_id}
  185. WHERE id_member_started IN ({array_int:users})',
  186. array(
  187. 'guest_id' => 0,
  188. 'users' => $users,
  189. )
  190. );
  191. $smcFunc['db_query']('', '
  192. UPDATE {db_prefix}topics
  193. SET id_member_updated = {int:guest_id}
  194. WHERE id_member_updated IN ({array_int:users})',
  195. array(
  196. 'guest_id' => 0,
  197. 'users' => $users,
  198. )
  199. );
  200. $smcFunc['db_query']('', '
  201. UPDATE {db_prefix}log_actions
  202. SET id_member = {int:guest_id}
  203. WHERE id_member IN ({array_int:users})',
  204. array(
  205. 'guest_id' => 0,
  206. 'users' => $users,
  207. )
  208. );
  209. $smcFunc['db_query']('', '
  210. UPDATE {db_prefix}log_banned
  211. SET id_member = {int:guest_id}
  212. WHERE id_member IN ({array_int:users})',
  213. array(
  214. 'guest_id' => 0,
  215. 'users' => $users,
  216. )
  217. );
  218. $smcFunc['db_query']('', '
  219. UPDATE {db_prefix}log_errors
  220. SET id_member = {int:guest_id}
  221. WHERE id_member IN ({array_int:users})',
  222. array(
  223. 'guest_id' => 0,
  224. 'users' => $users,
  225. )
  226. );
  227. // Delete the member.
  228. $smcFunc['db_query']('', '
  229. DELETE FROM {db_prefix}members
  230. WHERE id_member IN ({array_int:users})',
  231. array(
  232. 'users' => $users,
  233. )
  234. );
  235. // Delete the logs...
  236. $smcFunc['db_query']('', '
  237. DELETE FROM {db_prefix}log_actions
  238. WHERE id_log = {int:log_type}
  239. AND id_member IN ({array_int:users})',
  240. array(
  241. 'log_type' => 2,
  242. 'users' => $users,
  243. )
  244. );
  245. $smcFunc['db_query']('', '
  246. DELETE FROM {db_prefix}log_boards
  247. WHERE id_member IN ({array_int:users})',
  248. array(
  249. 'users' => $users,
  250. )
  251. );
  252. $smcFunc['db_query']('', '
  253. DELETE FROM {db_prefix}log_comments
  254. WHERE id_recipient IN ({array_int:users})
  255. AND comment_type = {string:warntpl}',
  256. array(
  257. 'users' => $users,
  258. 'warntpl' => 'warntpl',
  259. )
  260. );
  261. $smcFunc['db_query']('', '
  262. DELETE FROM {db_prefix}log_group_requests
  263. WHERE id_member IN ({array_int:users})',
  264. array(
  265. 'users' => $users,
  266. )
  267. );
  268. $smcFunc['db_query']('', '
  269. DELETE FROM {db_prefix}log_karma
  270. WHERE id_target IN ({array_int:users})
  271. OR id_executor IN ({array_int:users})',
  272. array(
  273. 'users' => $users,
  274. )
  275. );
  276. $smcFunc['db_query']('', '
  277. DELETE FROM {db_prefix}log_mark_read
  278. WHERE id_member IN ({array_int:users})',
  279. array(
  280. 'users' => $users,
  281. )
  282. );
  283. $smcFunc['db_query']('', '
  284. DELETE FROM {db_prefix}log_notify
  285. WHERE id_member IN ({array_int:users})',
  286. array(
  287. 'users' => $users,
  288. )
  289. );
  290. $smcFunc['db_query']('', '
  291. DELETE FROM {db_prefix}log_online
  292. WHERE id_member IN ({array_int:users})',
  293. array(
  294. 'users' => $users,
  295. )
  296. );
  297. $smcFunc['db_query']('', '
  298. DELETE FROM {db_prefix}log_subscribed
  299. WHERE id_member IN ({array_int:users})',
  300. array(
  301. 'users' => $users,
  302. )
  303. );
  304. $smcFunc['db_query']('', '
  305. DELETE FROM {db_prefix}log_topics
  306. WHERE id_member IN ({array_int:users})',
  307. array(
  308. 'users' => $users,
  309. )
  310. );
  311. $smcFunc['db_query']('', '
  312. DELETE FROM {db_prefix}collapsed_categories
  313. WHERE id_member IN ({array_int:users})',
  314. array(
  315. 'users' => $users,
  316. )
  317. );
  318. // Make their votes appear as guest votes - at least it keeps the totals right.
  319. //!!! Consider adding back in cookie protection.
  320. $smcFunc['db_query']('', '
  321. UPDATE {db_prefix}log_polls
  322. SET id_member = {int:guest_id}
  323. WHERE id_member IN ({array_int:users})',
  324. array(
  325. 'guest_id' => 0,
  326. 'users' => $users,
  327. )
  328. );
  329. // Delete personal messages.
  330. require_once($sourcedir . '/PersonalMessage.php');
  331. deleteMessages(null, null, $users);
  332. $smcFunc['db_query']('', '
  333. UPDATE {db_prefix}personal_messages
  334. SET id_member_from = {int:guest_id}
  335. WHERE id_member_from IN ({array_int:users})',
  336. array(
  337. 'guest_id' => 0,
  338. 'users' => $users,
  339. )
  340. );
  341. // They no longer exist, so we don't know who it was sent to.
  342. $smcFunc['db_query']('', '
  343. DELETE FROM {db_prefix}pm_recipients
  344. WHERE id_member IN ({array_int:users})',
  345. array(
  346. 'users' => $users,
  347. )
  348. );
  349. // Delete avatar.
  350. require_once($sourcedir . '/ManageAttachments.php');
  351. removeAttachments(array('id_member' => $users));
  352. // It's over, no more moderation for you.
  353. $smcFunc['db_query']('', '
  354. DELETE FROM {db_prefix}moderators
  355. WHERE id_member IN ({array_int:users})',
  356. array(
  357. 'users' => $users,
  358. )
  359. );
  360. $smcFunc['db_query']('', '
  361. DELETE FROM {db_prefix}group_moderators
  362. WHERE id_member IN ({array_int:users})',
  363. array(
  364. 'users' => $users,
  365. )
  366. );
  367. // If you don't exist we can't ban you.
  368. $smcFunc['db_query']('', '
  369. DELETE FROM {db_prefix}ban_items
  370. WHERE id_member IN ({array_int:users})',
  371. array(
  372. 'users' => $users,
  373. )
  374. );
  375. // Remove individual theme settings.
  376. $smcFunc['db_query']('', '
  377. DELETE FROM {db_prefix}themes
  378. WHERE id_member IN ({array_int:users})',
  379. array(
  380. 'users' => $users,
  381. )
  382. );
  383. // These users are nobody's buddy nomore.
  384. $request = $smcFunc['db_query']('', '
  385. SELECT id_member, pm_ignore_list, buddy_list
  386. FROM {db_prefix}members
  387. WHERE FIND_IN_SET({raw:pm_ignore_list}, pm_ignore_list) != 0 OR FIND_IN_SET({raw:buddy_list}, buddy_list) != 0',
  388. array(
  389. 'pm_ignore_list' => implode(', pm_ignore_list) != 0 OR FIND_IN_SET(', $users),
  390. 'buddy_list' => implode(', buddy_list) != 0 OR FIND_IN_SET(', $users),
  391. )
  392. );
  393. while ($row = $smcFunc['db_fetch_assoc']($request))
  394. $smcFunc['db_query']('', '
  395. UPDATE {db_prefix}members
  396. SET
  397. pm_ignore_list = {string:pm_ignore_list},
  398. buddy_list = {string:buddy_list}
  399. WHERE id_member = {int:id_member}',
  400. array(
  401. 'id_member' => $row['id_member'],
  402. 'pm_ignore_list' => implode(',', array_diff(explode(',', $row['pm_ignore_list']), $users)),
  403. 'buddy_list' => implode(',', array_diff(explode(',', $row['buddy_list']), $users)),
  404. )
  405. );
  406. $smcFunc['db_free_result']($request);
  407. // Make sure no member's birthday is still sticking in the calendar...
  408. updateSettings(array(
  409. 'calendar_updated' => time(),
  410. ));
  411. updateStats('member');
  412. }
  413. function registerMember(&$regOptions, $return_errors = false)
  414. {
  415. global $scripturl, $txt, $modSettings, $context, $sourcedir;
  416. global $user_info, $options, $settings, $smcFunc;
  417. loadLanguage('Login');
  418. // We'll need some external functions.
  419. require_once($sourcedir . '/Subs-Auth.php');
  420. require_once($sourcedir . '/Subs-Post.php');
  421. // Put any errors in here.
  422. $reg_errors = array();
  423. // Registration from the admin center, let them sweat a little more.
  424. if ($regOptions['interface'] == 'admin')
  425. {
  426. is_not_guest();
  427. isAllowedTo('moderate_forum');
  428. }
  429. // If you're an admin, you're special ;).
  430. elseif ($regOptions['interface'] == 'guest')
  431. {
  432. // You cannot register twice...
  433. if (empty($user_info['is_guest']))
  434. redirectexit();
  435. // Make sure they didn't just register with this session.
  436. if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck']))
  437. fatal_lang_error('register_only_once', false);
  438. }
  439. // What method of authorization are we going to use?
  440. if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid')))
  441. {
  442. if (!empty($regOptions['openid']))
  443. $regOptions['auth_method'] = 'openid';
  444. else
  445. $regOptions['auth_method'] = 'password';
  446. }
  447. // No name?! How can you register with no name?
  448. if (empty($regOptions['username']))
  449. $reg_errors[] = array('lang', 'need_username');
  450. // Spaces and other odd characters are evil...
  451. $regOptions['username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}' : "\xC2\xA0") : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']);
  452. // Don't use too long a name.
  453. if ($smcFunc['strlen']($regOptions['username']) > 25)
  454. $reg_errors[] = array('lang', 'error_long_name');
  455. // Only these characters are permitted.
  456. if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $regOptions['username'])) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false)
  457. $reg_errors[] = array('lang', 'error_invalid_characters_username');
  458. if ($smcFunc['strtolower']($regOptions['username']) === $smcFunc['strtolower']($txt['guest_title']))
  459. $reg_errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
  460. // !!! Separate the sprintf?
  461. if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255)
  462. $reg_errors[] = array('done', sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($regOptions['username'])));
  463. if (!empty($regOptions['check_reserved_name']) && isReservedName($regOptions['username'], 0, false))
  464. {
  465. if ($regOptions['password'] == 'chocolate cake')
  466. $reg_errors[] = array('done', 'Sorry, I don\'t take bribes... you\'ll need to come up with a different name.');
  467. $reg_errors[] = array('done', '(' . htmlspecialchars($regOptions['username']) . ') ' . $txt['name_in_use']);
  468. }
  469. // Generate a validation code if it's supposed to be emailed.
  470. $validation_code = '';
  471. if ($regOptions['require'] == 'activation')
  472. $validation_code = generateValidationCode();
  473. // If you haven't put in a password generate one.
  474. if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password')
  475. {
  476. mt_srand(time() + 1277);
  477. $regOptions['password'] = generateValidationCode();
  478. $regOptions['password_check'] = $regOptions['password'];
  479. }
  480. // Does the first password match the second?
  481. elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password')
  482. $reg_errors[] = array('lang', 'passwords_dont_match');
  483. // That's kind of easy to guess...
  484. if ($regOptions['password'] == '')
  485. {
  486. if ($regOptions['auth_method'] == 'password')
  487. $reg_errors[] = array('lang', 'no_password');
  488. else
  489. $regOptions['password'] = sha1(mt_rand());
  490. }
  491. // Now perform hard password validation as required.
  492. if (!empty($regOptions['check_password_strength']))
  493. {
  494. $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
  495. // Password isn't legal?
  496. if ($passwordError != null)
  497. $reg_errors[] = array('lang', 'profile_error_password_' . $passwordError);
  498. }
  499. // If they are using an OpenID that hasn't been verified yet error out.
  500. // !!! Change this so they can register without having to attempt a login first
  501. if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid']))
  502. $reg_errors[] = array('lang', 'openid_not_verified');
  503. // You may not be allowed to register this email.
  504. if (!empty($regOptions['check_email_ban']))
  505. isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
  506. // Check if the email address is in use.
  507. $request = $smcFunc['db_query']('', '
  508. SELECT id_member
  509. FROM {db_prefix}members
  510. WHERE email_address = {string:email_address}
  511. OR email_address = {string:username}
  512. LIMIT 1',
  513. array(
  514. 'email_address' => $regOptions['email'],
  515. 'username' => $regOptions['username'],
  516. )
  517. );
  518. // !!! Separate the sprintf?
  519. if ($smcFunc['db_num_rows']($request) != 0)
  520. $reg_errors[] = array('lang', 'email_in_use', false, array(htmlspecialchars($regOptions['email'])));
  521. $smcFunc['db_free_result']($request);
  522. // If we found any errors we need to do something about it right away!
  523. foreach ($reg_errors as $key => $error)
  524. {
  525. /* Note for each error:
  526. 0 = 'lang' if it's an index, 'done' if it's clear text.
  527. 1 = The text/index.
  528. 2 = Whether to log.
  529. 3 = sprintf data if necessary. */
  530. if ($error[0] == 'lang')
  531. loadLanguage('Errors');
  532. $message = $error[0] == 'lang' ? (empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3])) : $error[1];
  533. // What to do, what to do, what to do.
  534. if ($return_errors)
  535. {
  536. if (!empty($error[2]))
  537. log_error($message, $error[2]);
  538. $reg_errors[$key] = $message;
  539. }
  540. else
  541. fatal_error($message, empty($error[2]) ? false : $error[2]);
  542. }
  543. // If there's any errors left return them at once!
  544. if (!empty($reg_errors))
  545. return $reg_errors;
  546. $reservedVars = array(
  547. 'actual_theme_url',
  548. 'actual_images_url',
  549. 'base_theme_dir',
  550. 'base_theme_url',
  551. 'default_images_url',
  552. 'default_theme_dir',
  553. 'default_theme_url',
  554. 'default_template',
  555. 'images_url',
  556. 'number_recent_posts',
  557. 'smiley_sets_default',
  558. 'theme_dir',
  559. 'theme_id',
  560. 'theme_layers',
  561. 'theme_templates',
  562. 'theme_url',
  563. );
  564. // Can't change reserved vars.
  565. if (isset($regOptions['theme_vars']) && array_intersect($regOptions['theme_vars'], $reservedVars) != array())
  566. fatal_lang_error('no_theme');
  567. // Some of these might be overwritten. (the lower ones that are in the arrays below.)
  568. $regOptions['register_vars'] = array(
  569. 'member_name' => $regOptions['username'],
  570. 'email_address' => $regOptions['email'],
  571. 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']),
  572. 'password_salt' => substr(md5(mt_rand()), 0, 4) ,
  573. 'posts' => 0,
  574. 'date_registered' => time(),
  575. 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'],
  576. 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'],
  577. 'validation_code' => $validation_code,
  578. 'real_name' => $regOptions['username'],
  579. 'personal_text' => $modSettings['default_personal_text'],
  580. 'pm_email_notify' => 1,
  581. 'id_theme' => 0,
  582. 'id_post_group' => 4,
  583. 'lngfile' => '',
  584. 'buddy_list' => '',
  585. 'pm_ignore_list' => '',
  586. 'message_labels' => '',
  587. 'website_title' => '',
  588. 'website_url' => '',
  589. 'location' => '',
  590. 'icq' => '',
  591. 'aim' => '',
  592. 'yim' => '',
  593. 'msn' => '',
  594. 'time_format' => '',
  595. 'signature' => '',
  596. 'avatar' => '',
  597. 'usertitle' => '',
  598. 'secret_question' => '',
  599. 'secret_answer' => '',
  600. 'additional_groups' => '',
  601. 'ignore_boards' => '',
  602. 'smiley_set' => '',
  603. 'openid_uri' => (!empty($regOptions['openid']) ? $regOptions['openid'] : ''),
  604. );
  605. // Setup the activation status on this new account so it is correct - firstly is it an under age account?
  606. if ($regOptions['require'] == 'coppa')
  607. {
  608. $regOptions['register_vars']['is_activated'] = 5;
  609. // !!! This should be changed. To what should be it be changed??
  610. $regOptions['register_vars']['validation_code'] = '';
  611. }
  612. // Maybe it can be activated right away?
  613. elseif ($regOptions['require'] == 'nothing')
  614. $regOptions['register_vars']['is_activated'] = 1;
  615. // Maybe it must be activated by email?
  616. elseif ($regOptions['require'] == 'activation')
  617. $regOptions['register_vars']['is_activated'] = 0;
  618. // Otherwise it must be awaiting approval!
  619. else
  620. $regOptions['register_vars']['is_activated'] = 3;
  621. if (isset($regOptions['memberGroup']))
  622. {
  623. // Make sure the id_group will be valid, if this is an administator.
  624. $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
  625. // Check if this group is assignable.
  626. $unassignableGroups = array(-1, 3);
  627. $request = $smcFunc['db_query']('', '
  628. SELECT id_group
  629. FROM {db_prefix}membergroups
  630. WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
  631. OR group_type = {int:is_protected}'),
  632. array(
  633. 'min_posts' => -1,
  634. 'is_protected' => 1,
  635. )
  636. );
  637. while ($row = $smcFunc['db_fetch_assoc']($request))
  638. $unassignableGroups[] = $row['id_group'];
  639. $smcFunc['db_free_result']($request);
  640. if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups))
  641. $regOptions['register_vars']['id_group'] = 0;
  642. }
  643. // ICQ cannot be zero.
  644. if (isset($regOptions['extra_register_vars']['icq']) && empty($regOptions['extra_register_vars']['icq']))
  645. $regOptions['extra_register_vars']['icq'] = '';
  646. // Integrate optional member settings to be set.
  647. if (!empty($regOptions['extra_register_vars']))
  648. foreach ($regOptions['extra_register_vars'] as $var => $value)
  649. $regOptions['register_vars'][$var] = $value;
  650. // Integrate optional user theme options to be set.
  651. $theme_vars = array();
  652. if (!empty($regOptions['theme_vars']))
  653. foreach ($regOptions['theme_vars'] as $var => $value)
  654. $theme_vars[$var] = $value;
  655. // Call an optional function to validate the users' input.
  656. call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars));
  657. // Right, now let's prepare for insertion.
  658. $knownInts = array(
  659. 'date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages',
  660. 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad',
  661. 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types',
  662. 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning',
  663. );
  664. $knownFloats = array(
  665. 'time_offset',
  666. );
  667. $column_names = array();
  668. $values = array();
  669. foreach ($regOptions['register_vars'] as $var => $val)
  670. {
  671. $type = 'string';
  672. if (in_array($var, $knownInts))
  673. $type = 'int';
  674. elseif (in_array($var, $knownFloats))
  675. $type = 'float';
  676. elseif ($var == 'birthdate')
  677. $type = 'date';
  678. $column_names[$var] = $type;
  679. $values[$var] = $val;
  680. }
  681. // Register them into the database.
  682. $smcFunc['db_insert']('',
  683. '{db_prefix}members',
  684. $column_names,
  685. $values,
  686. array('id_member')
  687. );
  688. $memberID = $smcFunc['db_insert_id']('{db_prefix}members', 'id_member');
  689. // Update the number of members and latest member's info - and pass the name, but remove the 's.
  690. if ($regOptions['register_vars']['is_activated'] == 1)
  691. updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
  692. else
  693. updateStats('member');
  694. // Theme variables too?
  695. if (!empty($theme_vars))
  696. {
  697. $inserts = array();
  698. foreach ($theme_vars as $var => $val)
  699. $inserts[] = array($memberID, $var, $val);
  700. $smcFunc['db_insert']('insert',
  701. '{db_prefix}themes',
  702. array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'),
  703. $inserts,
  704. array('id_member', 'variable')
  705. );
  706. }
  707. // If it's enabled, increase the registrations for today.
  708. trackStats(array('registers' => '+'));
  709. // Administrative registrations are a bit different...
  710. if ($regOptions['interface'] == 'admin')
  711. {
  712. if ($regOptions['require'] == 'activation')
  713. $email_message = 'admin_register_activate';
  714. elseif (!empty($regOptions['send_welcome_email']))
  715. $email_message = 'admin_register_immediate';
  716. if (isset($email_message))
  717. {
  718. $replacements = array(
  719. 'REALNAME' => $regOptions['register_vars']['real_name'],
  720. 'USERNAME' => $regOptions['username'],
  721. 'PASSWORD' => $regOptions['password'],
  722. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  723. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  724. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  725. 'ACTIVATIONCODE' => $validation_code,
  726. );
  727. $emaildata = loadEmailTemplate($email_message, $replacements);
  728. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  729. }
  730. // All admins are finished here.
  731. return $memberID;
  732. }
  733. // Can post straight away - welcome them to your fantastic community...
  734. if ($regOptions['require'] == 'nothing')
  735. {
  736. if (!empty($regOptions['send_welcome_email']))
  737. {
  738. $replacements = array(
  739. 'REALNAME' => $regOptions['register_vars']['real_name'],
  740. 'USERNAME' => $regOptions['username'],
  741. 'PASSWORD' => $regOptions['password'],
  742. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  743. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  744. );
  745. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
  746. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  747. }
  748. // Send admin their notification.
  749. adminNotify('standard', $memberID, $regOptions['username']);
  750. }
  751. // Need to activate their account - or fall under COPPA.
  752. elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa')
  753. {
  754. $replacements = array(
  755. 'REALNAME' => $regOptions['register_vars']['real_name'],
  756. 'USERNAME' => $regOptions['username'],
  757. 'PASSWORD' => $regOptions['password'],
  758. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  759. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  760. );
  761. if ($regOptions['require'] == 'activation')
  762. $replacements += array(
  763. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  764. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  765. 'ACTIVATIONCODE' => $validation_code,
  766. );
  767. else
  768. $replacements += array(
  769. 'COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID,
  770. );
  771. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
  772. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  773. }
  774. // Must be awaiting approval.
  775. else
  776. {
  777. $replacements = array(
  778. 'REALNAME' => $regOptions['register_vars']['real_name'],
  779. 'USERNAME' => $regOptions['username'],
  780. 'PASSWORD' => $regOptions['password'],
  781. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  782. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  783. );
  784. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
  785. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  786. // Admin gets informed here...
  787. adminNotify('approval', $memberID, $regOptions['username']);
  788. }
  789. // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
  790. $_SESSION['just_registered'] = 1;
  791. return $memberID;
  792. }
  793. // Check if a name is in the reserved words list. (name, current member id, name/username?.)
  794. function isReservedName($name, $current_ID_MEMBER = 0, $is_name = true, $fatal = true)
  795. {
  796. global $user_info, $modSettings, $smcFunc, $context;
  797. // No cheating with entities please.
  798. $replaceEntities = create_function('$string', '
  799. $num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;' . (empty($context['utf8']) ? '
  800. return $num < 0x20 ? \'\' : ($num < 0x80 ? chr($num) : \'&#\' . $string . \';\');' : '
  801. return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) ? \'\' : ($num < 0x80 ? chr($num) : ($num < 0x800 ? chr(192 | $num >> 6) . chr(128 | $num & 63) : ($num < 0x10000 ? chr(224 | $num >> 12) . chr(128 | $num >> 6 & 63) . chr(128 | $num & 63) : chr(240 | $num >> 18) . chr(128 | $num >> 12 & 63) . chr(128 | $num >> 6 & 63) . chr(128 | $num & 63))));')
  802. );
  803. $name = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', '$replaceEntities(\'\\2\')', $name);
  804. $checkName = $smcFunc['strtolower']($name);
  805. // Administrators are never restricted ;).
  806. if (!allowedTo('moderate_forum') && ((!empty($modSettings['reserveName']) && $is_name) || !empty($modSettings['reserveUser']) && !$is_name))
  807. {
  808. $reservedNames = explode("\n", $modSettings['reserveNames']);
  809. // Case sensitive check?
  810. $checkMe = empty($modSettings['reserveCase']) ? $checkName : $name;
  811. // Check each name in the list...
  812. foreach ($reservedNames as $reserved)
  813. {
  814. if ($reserved == '')
  815. continue;
  816. // The admin might've used entities too, level the playing field.
  817. $reservedCheck = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', '$replaceEntities(\'\\2\')', $reserved);
  818. // Case sensitive name?
  819. if (empty($modSettings['reserveCase']))
  820. $reservedCheck = $smcFunc['strtolower']($reservedCheck);
  821. // If it's not just entire word, check for it in there somewhere...
  822. if ($checkMe == $reservedCheck || ($smcFunc['strpos']($checkMe, $reservedCheck) !== false && empty($modSettings['reserveWord'])))
  823. if ($fatal)
  824. fatal_lang_error('username_reserved', 'password', array($reserved));
  825. else
  826. return true;
  827. }
  828. $censor_name = $name;
  829. if (censorText($censor_name) != $name)
  830. if ($fatal)
  831. fatal_lang_error('name_censored', 'password', array($name));
  832. else
  833. return true;
  834. }
  835. // Characters we just shouldn't allow, regardless.
  836. foreach (array('*') as $char)
  837. if (strpos($checkName, $char) !== false)
  838. if ($fatal)
  839. fatal_lang_error('username_reserved', 'password', array($char));
  840. else
  841. return true;
  842. // Get rid of any SQL parts of the reserved name...
  843. $checkName = strtr($name, array('_' => '\\_', '%' => '\\%'));
  844. // Make sure they don't want someone else's name.
  845. $request = $smcFunc['db_query']('', '
  846. SELECT id_member
  847. FROM {db_prefix}members
  848. WHERE ' . (empty($current_ID_MEMBER) ? '' : 'id_member != {int:current_member}
  849. AND ') . '(real_name LIKE {string:check_name} OR member_name LIKE {string:check_name})
  850. LIMIT 1',
  851. array(
  852. 'current_member' => $current_ID_MEMBER,
  853. 'check_name' => $checkName,
  854. )
  855. );
  856. if ($smcFunc['db_num_rows']($request) > 0)
  857. {
  858. $smcFunc['db_free_result']($request);
  859. return true;
  860. }
  861. // Does name case insensitive match a member group name?
  862. $request = $smcFunc['db_query']('', '
  863. SELECT id_group
  864. FROM {db_prefix}membergroups
  865. WHERE group_name LIKE {string:check_name}
  866. LIMIT 1',
  867. array(
  868. 'check_name' => $checkName,
  869. )
  870. );
  871. if ($smcFunc['db_num_rows']($request) > 0)
  872. {
  873. $smcFunc['db_free_result']($request);
  874. return true;
  875. }
  876. // Okay, they passed.
  877. return false;
  878. }
  879. // Get a list of groups that have a given permission (on a given board).
  880. function groupsAllowedTo($permission, $board_id = null)
  881. {
  882. global $modSettings, $board_info, $smcFunc;
  883. // Admins are allowed to do anything.
  884. $member_groups = array(
  885. 'allowed' => array(1),
  886. 'denied' => array(),
  887. );
  888. // Assume we're dealing with regular permissions (like profile_view_own).
  889. if ($board_id === null)
  890. {
  891. $request = $smcFunc['db_query']('', '
  892. SELECT id_group, add_deny
  893. FROM {db_prefix}permissions
  894. WHERE permission = {string:permission}',
  895. array(
  896. 'permission' => $permission,
  897. )
  898. );
  899. while ($row = $smcFunc['db_fetch_assoc']($request))
  900. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  901. $smcFunc['db_free_result']($request);
  902. }
  903. // Otherwise it's time to look at the board.
  904. else
  905. {
  906. // First get the profile of the given board.
  907. if (isset($board_info['id']) && $board_info['id'] == $board_id)
  908. $profile_id = $board_info['profile'];
  909. elseif ($board_id !== 0)
  910. {
  911. $request = $smcFunc['db_query']('', '
  912. SELECT id_profile
  913. FROM {db_prefix}boards
  914. WHERE id_board = {int:id_board}
  915. LIMIT 1',
  916. array(
  917. 'id_board' => $board_id,
  918. )
  919. );
  920. if ($smcFunc['db_num_rows']($request) == 0)
  921. fatal_lang_error('no_board');
  922. list ($profile_id) = $smcFunc['db_fetch_row']($request);
  923. $smcFunc['db_free_result']($request);
  924. }
  925. else
  926. $profile_id = 1;
  927. $request = $smcFunc['db_query']('', '
  928. SELECT bp.id_group, bp.add_deny
  929. FROM {db_prefix}board_permissions AS bp
  930. WHERE bp.permission = {string:permission}
  931. AND bp.id_profile = {int:profile_id}',
  932. array(
  933. 'profile_id' => $profile_id,
  934. 'permission' => $permission,
  935. )
  936. );
  937. while ($row = $smcFunc['db_fetch_assoc']($request))
  938. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  939. $smcFunc['db_free_result']($request);
  940. }
  941. // Denied is never allowed.
  942. $member_groups['allowed'] = array_diff($member_groups['allowed'], $member_groups['denied']);
  943. return $member_groups;
  944. }
  945. // Get a list of members that have a given permission (on a given board).
  946. function membersAllowedTo($permission, $board_id = null)
  947. {
  948. global $smcFunc;
  949. $member_groups = groupsAllowedTo($permission, $board_id);
  950. $include_moderators = in_array(3, $member_groups['allowed']) && $board_id !== null;
  951. $member_groups['allowed'] = array_diff($member_groups['allowed'], array(3));
  952. $exclude_moderators = in_array(3, $member_groups['denied']) && $board_id !== null;
  953. $member_groups['denied'] = array_diff($member_groups['denied'], array(3));
  954. $request = $smcFunc['db_query']('', '
  955. SELECT mem.id_member
  956. FROM {db_prefix}members AS mem' . ($include_moderators || $exclude_moderators ? '
  957. LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_member = mem.id_member AND mods.id_board = {int:board_id})' : '') . '
  958. WHERE (' . ($include_moderators ? 'mods.id_member IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_allowed}) OR FIND_IN_SET({raw:member_group_allowed_implode}, mem.additional_groups) != 0)' . (empty($member_groups['denied']) ? '' : '
  959. AND NOT (' . ($exclude_moderators ? 'mods.id_member IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_denied}) OR FIND_IN_SET({raw:member_group_denied_implode}, mem.additional_groups) != 0)'),
  960. array(
  961. 'member_groups_allowed' => $member_groups['allowed'],
  962. 'member_groups_denied' => $member_groups['denied'],
  963. 'board_id' => $board_id,
  964. 'member_group_allowed_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['allowed']),
  965. 'member_group_denied_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['denied']),
  966. )
  967. );
  968. $members = array();
  969. while ($row = $smcFunc['db_fetch_assoc']($request))
  970. $members[] = $row['id_member'];
  971. $smcFunc['db_free_result']($request);
  972. return $members;
  973. }
  974. // This function is used to reassociate members with relevant posts.
  975. function reattributePosts($memID, $email = false, $membername = false, $post_count = false)
  976. {
  977. global $smcFunc;
  978. // Firstly, if email and username aren't passed find out the members email address and name.
  979. if ($email === false && $membername === false)
  980. {
  981. $request = $smcFunc['db_query']('', '
  982. SELECT email_address, member_name
  983. FROM {db_prefix}members
  984. WHERE id_member = {int:memID}
  985. LIMIT 1',
  986. array(
  987. 'memID' => $memID,
  988. )
  989. );
  990. list ($email, $membername) = $smcFunc['db_fetch_row']($request);
  991. $smcFunc['db_free_result']($request);
  992. }
  993. // If they want the post count restored then we need to do some research.
  994. if ($post_count)
  995. {
  996. $request = $smcFunc['db_query']('', '
  997. SELECT COUNT(*)
  998. FROM {db_prefix}messages AS m
  999. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND b.count_posts = {int:count_posts})
  1000. WHERE m.id_member = {int:guest_id}
  1001. AND m.approved = {int:is_approved}
  1002. AND m.icon != {string:recycled_icon}' . (empty($email) ? '' : '
  1003. AND m.poster_email = {string:email_address}') . (empty($membername) ? '' : '
  1004. AND m.poster_name = {string:member_name}'),
  1005. array(
  1006. 'count_posts' => 0,
  1007. 'guest_id' => 0,
  1008. 'email_address' => $email,
  1009. 'member_name' => $membername,
  1010. 'is_approved' => 1,
  1011. 'recycled_icon' => 'recycled',
  1012. )
  1013. );
  1014. list ($messageCount) = $smcFunc['db_fetch_row']($request);
  1015. $smcFunc['db_free_result']($request);
  1016. updateMemberData($memID, array('posts' => 'posts + ' . $messageCount));
  1017. }
  1018. $query_parts = array();
  1019. if (!empty($email))
  1020. $query_parts[] = 'poster_email = {string:email_address}';
  1021. if (!empty($membername))
  1022. $query_parts[] = 'poster_name = {string:member_name}';
  1023. $query = implode(' AND ', $query_parts);
  1024. // Finally, update the posts themselves!
  1025. $smcFunc['db_query']('', '
  1026. UPDATE {db_prefix}messages
  1027. SET id_member = {int:memID}
  1028. WHERE ' . $query,
  1029. array(
  1030. 'memID' => $memID,
  1031. 'email_address' => $email,
  1032. 'member_name' => $membername,
  1033. )
  1034. );
  1035. return $smcFunc['db_affected_rows']();
  1036. }
  1037. // This simple function adds/removes the passed user from the current users buddy list.
  1038. function BuddyListToggle()
  1039. {
  1040. global $user_info;
  1041. checkSession('get');
  1042. isAllowedTo('profile_identity_own');
  1043. is_not_guest();
  1044. if (empty($_REQUEST['u']))
  1045. fatal_lang_error('no_access', false);
  1046. $_REQUEST['u'] = (int) $_REQUEST['u'];
  1047. // Remove if it's already there...
  1048. if (in_array($_REQUEST['u'], $user_info['buddies']))
  1049. $user_info['buddies'] = array_diff($user_info['buddies'], array($_REQUEST['u']));
  1050. // ...or add if it's not and if it's not you.
  1051. elseif ($user_info['id'] != $_REQUEST['u'])
  1052. $user_info['buddies'][] = (int) $_REQUEST['u'];
  1053. // Update the settings.
  1054. updateMemberData($user_info['id'], array('buddy_list' => implode(',', $user_info['buddies'])));
  1055. // Redirect back to the profile
  1056. redirectexit('action=profile;u=' . $_REQUEST['u']);
  1057. }
  1058. function list_getMembers($start, $items_per_page, $sort, $where, $where_params = array(), $get_duplicates = false)
  1059. {
  1060. global $smcFunc;
  1061. $request = $smcFunc['db_query']('', '
  1062. SELECT
  1063. mem.id_member, mem.member_name, mem.real_name, mem.email_address, mem.icq, mem.aim, mem.yim, mem.msn, mem.member_ip, mem.member_ip2, mem.last_login,
  1064. mem.posts, mem.is_activated, mem.date_registered, mem.id_group, mem.additional_groups, mg.group_name
  1065. FROM {db_prefix}members AS mem
  1066. LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = mem.id_group)
  1067. WHERE ' . $where . '
  1068. ORDER BY {raw:sort}
  1069. LIMIT {int:start}, {int:per_page}',
  1070. array_merge($where_params, array(
  1071. 'sort' => $sort,
  1072. 'start' => $start,
  1073. 'per_page' => $items_per_page,
  1074. ))
  1075. );
  1076. $members = array();
  1077. while ($row = $smcFunc['db_fetch_assoc']($request))
  1078. $members[] = $row;
  1079. $smcFunc['db_free_result']($request);
  1080. // If we want duplicates pass the members array off.
  1081. if ($get_duplicates)
  1082. populateDuplicateMembers($members);
  1083. return $members;
  1084. }
  1085. function list_getNumMembers($where, $where_params = array())
  1086. {
  1087. global $smcFunc, $modSettings;
  1088. // We know how many members there are in total.
  1089. if (empty($where) || $where == '1')
  1090. $num_members = $modSettings['totalMembers'];
  1091. // The database knows the amount when there are extra conditions.
  1092. else
  1093. {
  1094. $request = $smcFunc['db_query']('', '
  1095. SELECT COUNT(*)
  1096. FROM {db_prefix}members AS mem
  1097. WHERE ' . $where,
  1098. array_merge($where_params, array(
  1099. ))
  1100. );
  1101. list ($num_members) = $smcFunc['db_fetch_row']($request);
  1102. $smcFunc['db_free_result']($request);
  1103. }
  1104. return $num_members;
  1105. }
  1106. function populateDuplicateMembers(&$members)
  1107. {
  1108. global $smcFunc;
  1109. // This will hold all the ip addresses.
  1110. $ips = array();
  1111. foreach ($members as $key => $member)
  1112. {
  1113. // Create the duplicate_members element.
  1114. $members[$key]['duplicate_members'] = array();
  1115. // Store the IPs.
  1116. if (!empty($member['member_ip']))
  1117. $ips[] = $member['member_ip'];
  1118. if (!empty($member['member_ip2']))
  1119. $ips[] = $member['member_ip2'];
  1120. }
  1121. $ips = array_unique($ips);
  1122. if (empty($ips))
  1123. return false;
  1124. // Fetch all members with this IP address, we'll filter out the current ones in a sec.
  1125. $request = $smcFunc['db_query']('', '
  1126. SELECT
  1127. id_member, member_name, email_address, member_ip, member_ip2, is_activated
  1128. FROM {db_prefix}members
  1129. WHERE member_ip IN ({array_string:ips})
  1130. OR member_ip2 IN ({array_string:ips})',
  1131. array(
  1132. 'ips' => $ips,
  1133. )
  1134. );
  1135. $duplicate_members = array();
  1136. $duplicate_ids = array();
  1137. while ($row = $smcFunc['db_fetch_assoc']($request))
  1138. {
  1139. //$duplicate_ids[] = $row['id_member'];
  1140. $member_context = array(
  1141. 'id' => $row['id_member'],
  1142. 'name' => $row['member_name'],
  1143. 'email' => $row['email_address'],
  1144. 'is_banned' => $row['is_activated'] > 10,
  1145. 'ip' => $row['member_ip'],
  1146. 'ip2' => $row['member_ip2'],
  1147. );
  1148. if (in_array($row['member_ip'], $ips))
  1149. $duplicate_members[$row['member_ip']][] = $member_context;
  1150. if ($row['member_ip'] != $row['member_ip2'] && in_array($row['member_ip2'], $ips))
  1151. $duplicate_members[$row['member_ip2']][] = $member_context;
  1152. }
  1153. $smcFunc['db_free_result']($request);
  1154. // Also try to get a list of messages using these ips.
  1155. $request = $smcFunc['db_query']('', '
  1156. SELECT
  1157. m.poster_ip, mem.id_member, mem.member_name, mem.email_address, mem.is_activated
  1158. FROM {db_prefix}messages AS m
  1159. INNER JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
  1160. WHERE m.id_member != 0
  1161. ' . (!empty($duplicate_ids) ? 'AND m.id_member NOT IN ({array_int:duplicate_ids})' : '') . '
  1162. AND m.poster_ip IN ({array_string:ips})',
  1163. array(
  1164. 'duplicate_ids' => $duplicate_ids,
  1165. 'ips' => $ips,
  1166. )
  1167. );
  1168. $had_ips = array();
  1169. while ($row = $smcFunc['db_fetch_assoc']($request))
  1170. {
  1171. // Don't collect lots of the same.
  1172. if (isset($had_ips[$row['poster_ip']]) && in_array($row['id_member'], $had_ips[$row['poster_ip']]))
  1173. continue;
  1174. $had_ips[$row['poster_ip']][] = $row['id_member'];
  1175. $duplicate_members[$row['poster_ip']][] = array(
  1176. 'id' => $row['id_member'],
  1177. 'name' => $row['member_name'],
  1178. 'email' => $row['email_address'],
  1179. 'is_banned' => $row['is_activated'] > 10,
  1180. 'ip' => $row['poster_ip'],
  1181. 'ip2' => $row['poster_ip'],
  1182. );
  1183. }
  1184. $smcFunc['db_free_result']($request);
  1185. // Now we have all the duplicate members, stick them with their respective member in the list.
  1186. if (!empty($duplicate_members))
  1187. foreach ($members as $key => $member)
  1188. {
  1189. if (isset($duplicate_members[$member['member_ip']]))
  1190. $members[$key]['duplicate_members'] = $duplicate_members[$member['member_ip']];
  1191. if ($member['member_ip'] != $member['member_ip2'] && isset($duplicate_members[$member['member_ip2']]))
  1192. $members[$key]['duplicate_members'] = array_merge($member['duplicate_members'], $duplicate_members[$member['member_ip2']]);
  1193. // Check we don't have lots of the same member.
  1194. $member_track = array($member['id_member']);
  1195. foreach ($members[$key]['duplicate_members'] as $duplicate_id_member => $duplicate_member)
  1196. {
  1197. if (in_array($duplicate_member['id'], $member_track))
  1198. {
  1199. unset($members[$key]['duplicate_members'][$duplicate_id_member]);
  1200. continue;
  1201. }
  1202. $member_track[] = $duplicate_member['id'];
  1203. }
  1204. }
  1205. }
  1206. // Generate a random validation code.
  1207. function generateValidationCode()
  1208. {
  1209. global $smcFunc, $modSettings;
  1210. $request = $smcFunc['db_query']('get_random_number', '
  1211. SELECT RAND()',
  1212. array(
  1213. )
  1214. );
  1215. list ($dbRand) = $smcFunc['db_fetch_row']($request);
  1216. $smcFunc['db_free_result']($request);
  1217. return substr(preg_replace('/\W/', '', sha1(microtime() . mt_rand() . $dbRand . $modSettings['rand_seed'])), 0, 10);
  1218. }
  1219. ?>