2
0

Subs-Members.php 46 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520
  1. <?php
  2. /**
  3. * This file contains some useful functions for members and membergroups.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2013 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. /**
  17. * Delete one or more members.
  18. * Requires profile_remove_own or profile_remove_any permission for
  19. * respectively removing your own account or any account.
  20. * Non-admins cannot delete admins.
  21. * The function:
  22. * - changes author of messages, topics and polls to guest authors.
  23. * - removes all log entries concerning the deleted members, except the
  24. * error logs, ban logs and moderation logs.
  25. * - removes these members' personal messages (only the inbox), avatars,
  26. * ban entries, theme settings, moderator positions, poll votes, and
  27. * karma votes.
  28. * - updates member statistics afterwards.
  29. *
  30. * @param array $users
  31. * @param bool $check_not_admin = false
  32. */
  33. function deleteMembers($users, $check_not_admin = false)
  34. {
  35. global $sourcedir, $modSettings, $user_info, $smcFunc;
  36. // Try give us a while to sort this out...
  37. @set_time_limit(600);
  38. // Try to get some more memory.
  39. setMemoryLimit('128M');
  40. // If it's not an array, make it so!
  41. if (!is_array($users))
  42. $users = array($users);
  43. else
  44. $users = array_unique($users);
  45. // Make sure there's no void user in here.
  46. $users = array_diff($users, array(0));
  47. // How many are they deleting?
  48. if (empty($users))
  49. return;
  50. elseif (count($users) == 1)
  51. {
  52. list ($user) = $users;
  53. if ($user == $user_info['id'])
  54. isAllowedTo('profile_remove_own');
  55. else
  56. isAllowedTo('profile_remove_any');
  57. }
  58. else
  59. {
  60. foreach ($users as $k => $v)
  61. $users[$k] = (int) $v;
  62. // Deleting more than one? You can't have more than one account...
  63. isAllowedTo('profile_remove_any');
  64. }
  65. // Get their names for logging purposes.
  66. $request = $smcFunc['db_query']('', '
  67. SELECT id_member, member_name, CASE WHEN id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 THEN 1 ELSE 0 END AS is_admin
  68. FROM {db_prefix}members
  69. WHERE id_member IN ({array_int:user_list})
  70. LIMIT ' . count($users),
  71. array(
  72. 'user_list' => $users,
  73. 'admin_group' => 1,
  74. )
  75. );
  76. $admins = array();
  77. $user_log_details = array();
  78. while ($row = $smcFunc['db_fetch_assoc']($request))
  79. {
  80. if ($row['is_admin'])
  81. $admins[] = $row['id_member'];
  82. $user_log_details[$row['id_member']] = array($row['id_member'], $row['member_name']);
  83. }
  84. $smcFunc['db_free_result']($request);
  85. if (empty($user_log_details))
  86. return;
  87. // Make sure they aren't trying to delete administrators if they aren't one. But don't bother checking if it's just themself.
  88. if (!empty($admins) && ($check_not_admin || (!allowedTo('admin_forum') && (count($users) != 1 || $users[0] != $user_info['id']))))
  89. {
  90. $users = array_diff($users, $admins);
  91. foreach ($admins as $id)
  92. unset($user_log_details[$id]);
  93. }
  94. // No one left?
  95. if (empty($users))
  96. return;
  97. // Log the action - regardless of who is deleting it.
  98. $log_changes = array();
  99. foreach ($user_log_details as $user)
  100. {
  101. $log_changes[] = array(
  102. 'action' => 'delete_member',
  103. 'log_type' => 'admin',
  104. 'extra' => array(
  105. 'member' => $user[0],
  106. 'name' => $user[1],
  107. 'member_acted' => $user_info['name'],
  108. ),
  109. );
  110. // Remove any cached data if enabled.
  111. if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2)
  112. cache_put_data('user_settings-' . $user[0], null, 60);
  113. }
  114. // Make these peoples' posts guest posts.
  115. $smcFunc['db_query']('', '
  116. UPDATE {db_prefix}messages
  117. SET id_member = {int:guest_id}' . (!empty($modSettings['deleteMembersRemovesEmail']) ? ',
  118. poster_email = {string:blank_email}' : '') . '
  119. WHERE id_member IN ({array_int:users})',
  120. array(
  121. 'guest_id' => 0,
  122. 'blank_email' => '',
  123. 'users' => $users,
  124. )
  125. );
  126. $smcFunc['db_query']('', '
  127. UPDATE {db_prefix}polls
  128. SET id_member = {int:guest_id}
  129. WHERE id_member IN ({array_int:users})',
  130. array(
  131. 'guest_id' => 0,
  132. 'users' => $users,
  133. )
  134. );
  135. // Make these peoples' posts guest first posts and last posts.
  136. $smcFunc['db_query']('', '
  137. UPDATE {db_prefix}topics
  138. SET id_member_started = {int:guest_id}
  139. WHERE id_member_started IN ({array_int:users})',
  140. array(
  141. 'guest_id' => 0,
  142. 'users' => $users,
  143. )
  144. );
  145. $smcFunc['db_query']('', '
  146. UPDATE {db_prefix}topics
  147. SET id_member_updated = {int:guest_id}
  148. WHERE id_member_updated IN ({array_int:users})',
  149. array(
  150. 'guest_id' => 0,
  151. 'users' => $users,
  152. )
  153. );
  154. $smcFunc['db_query']('', '
  155. UPDATE {db_prefix}log_actions
  156. SET id_member = {int:guest_id}
  157. WHERE id_member IN ({array_int:users})',
  158. array(
  159. 'guest_id' => 0,
  160. 'users' => $users,
  161. )
  162. );
  163. $smcFunc['db_query']('', '
  164. UPDATE {db_prefix}log_banned
  165. SET id_member = {int:guest_id}
  166. WHERE id_member IN ({array_int:users})',
  167. array(
  168. 'guest_id' => 0,
  169. 'users' => $users,
  170. )
  171. );
  172. $smcFunc['db_query']('', '
  173. UPDATE {db_prefix}log_errors
  174. SET id_member = {int:guest_id}
  175. WHERE id_member IN ({array_int:users})',
  176. array(
  177. 'guest_id' => 0,
  178. 'users' => $users,
  179. )
  180. );
  181. // Delete the member.
  182. $smcFunc['db_query']('', '
  183. DELETE FROM {db_prefix}members
  184. WHERE id_member IN ({array_int:users})',
  185. array(
  186. 'users' => $users,
  187. )
  188. );
  189. // Delete any drafts...
  190. $smcFunc['db_query']('', '
  191. DELETE FROM {db_prefix}user_drafts
  192. WHERE id_member IN ({array_int:users})',
  193. array(
  194. 'users' => $users,
  195. )
  196. );
  197. // Delete anything they liked.
  198. $smcFunc['db_query']('', '
  199. DELETE FROM {db_prefix}user_likes
  200. WHERE id_member IN ({array_int:users})',
  201. array(
  202. 'users' => $users,
  203. )
  204. );
  205. // Delete the logs...
  206. $smcFunc['db_query']('', '
  207. DELETE FROM {db_prefix}log_actions
  208. WHERE id_log = {int:log_type}
  209. AND id_member IN ({array_int:users})',
  210. array(
  211. 'log_type' => 2,
  212. 'users' => $users,
  213. )
  214. );
  215. $smcFunc['db_query']('', '
  216. DELETE FROM {db_prefix}log_boards
  217. WHERE id_member IN ({array_int:users})',
  218. array(
  219. 'users' => $users,
  220. )
  221. );
  222. $smcFunc['db_query']('', '
  223. DELETE FROM {db_prefix}log_comments
  224. WHERE id_recipient IN ({array_int:users})
  225. AND comment_type = {string:warntpl}',
  226. array(
  227. 'users' => $users,
  228. 'warntpl' => 'warntpl',
  229. )
  230. );
  231. $smcFunc['db_query']('', '
  232. DELETE FROM {db_prefix}log_group_requests
  233. WHERE id_member IN ({array_int:users})',
  234. array(
  235. 'users' => $users,
  236. )
  237. );
  238. $smcFunc['db_query']('', '
  239. DELETE FROM {db_prefix}log_karma
  240. WHERE id_target IN ({array_int:users})
  241. OR id_executor IN ({array_int:users})',
  242. array(
  243. 'users' => $users,
  244. )
  245. );
  246. $smcFunc['db_query']('', '
  247. DELETE FROM {db_prefix}log_mark_read
  248. WHERE id_member IN ({array_int:users})',
  249. array(
  250. 'users' => $users,
  251. )
  252. );
  253. $smcFunc['db_query']('', '
  254. DELETE FROM {db_prefix}log_notify
  255. WHERE id_member IN ({array_int:users})',
  256. array(
  257. 'users' => $users,
  258. )
  259. );
  260. $smcFunc['db_query']('', '
  261. DELETE FROM {db_prefix}log_online
  262. WHERE id_member IN ({array_int:users})',
  263. array(
  264. 'users' => $users,
  265. )
  266. );
  267. $smcFunc['db_query']('', '
  268. DELETE FROM {db_prefix}log_subscribed
  269. WHERE id_member IN ({array_int:users})',
  270. array(
  271. 'users' => $users,
  272. )
  273. );
  274. $smcFunc['db_query']('', '
  275. DELETE FROM {db_prefix}log_topics
  276. WHERE id_member IN ({array_int:users})',
  277. array(
  278. 'users' => $users,
  279. )
  280. );
  281. $smcFunc['db_query']('', '
  282. DELETE FROM {db_prefix}collapsed_categories
  283. WHERE id_member IN ({array_int:users})',
  284. array(
  285. 'users' => $users,
  286. )
  287. );
  288. // Make their votes appear as guest votes - at least it keeps the totals right.
  289. // @todo Consider adding back in cookie protection.
  290. $smcFunc['db_query']('', '
  291. UPDATE {db_prefix}log_polls
  292. SET id_member = {int:guest_id}
  293. WHERE id_member IN ({array_int:users})',
  294. array(
  295. 'guest_id' => 0,
  296. 'users' => $users,
  297. )
  298. );
  299. // Delete personal messages.
  300. require_once($sourcedir . '/PersonalMessage.php');
  301. deleteMessages(null, null, $users);
  302. $smcFunc['db_query']('', '
  303. UPDATE {db_prefix}personal_messages
  304. SET id_member_from = {int:guest_id}
  305. WHERE id_member_from IN ({array_int:users})',
  306. array(
  307. 'guest_id' => 0,
  308. 'users' => $users,
  309. )
  310. );
  311. // They no longer exist, so we don't know who it was sent to.
  312. $smcFunc['db_query']('', '
  313. DELETE FROM {db_prefix}pm_recipients
  314. WHERE id_member IN ({array_int:users})',
  315. array(
  316. 'users' => $users,
  317. )
  318. );
  319. // Delete avatar.
  320. require_once($sourcedir . '/ManageAttachments.php');
  321. removeAttachments(array('id_member' => $users));
  322. // It's over, no more moderation for you.
  323. $smcFunc['db_query']('', '
  324. DELETE FROM {db_prefix}moderators
  325. WHERE id_member IN ({array_int:users})',
  326. array(
  327. 'users' => $users,
  328. )
  329. );
  330. $smcFunc['db_query']('', '
  331. DELETE FROM {db_prefix}group_moderators
  332. WHERE id_member IN ({array_int:users})',
  333. array(
  334. 'users' => $users,
  335. )
  336. );
  337. // If you don't exist we can't ban you.
  338. $smcFunc['db_query']('', '
  339. DELETE FROM {db_prefix}ban_items
  340. WHERE id_member IN ({array_int:users})',
  341. array(
  342. 'users' => $users,
  343. )
  344. );
  345. // Remove individual theme settings.
  346. $smcFunc['db_query']('', '
  347. DELETE FROM {db_prefix}themes
  348. WHERE id_member IN ({array_int:users})',
  349. array(
  350. 'users' => $users,
  351. )
  352. );
  353. // These users are nobody's buddy nomore.
  354. $request = $smcFunc['db_query']('', '
  355. SELECT id_member, pm_ignore_list, buddy_list
  356. FROM {db_prefix}members
  357. WHERE FIND_IN_SET({raw:pm_ignore_list}, pm_ignore_list) != 0 OR FIND_IN_SET({raw:buddy_list}, buddy_list) != 0',
  358. array(
  359. 'pm_ignore_list' => implode(', pm_ignore_list) != 0 OR FIND_IN_SET(', $users),
  360. 'buddy_list' => implode(', buddy_list) != 0 OR FIND_IN_SET(', $users),
  361. )
  362. );
  363. while ($row = $smcFunc['db_fetch_assoc']($request))
  364. $smcFunc['db_query']('', '
  365. UPDATE {db_prefix}members
  366. SET
  367. pm_ignore_list = {string:pm_ignore_list},
  368. buddy_list = {string:buddy_list}
  369. WHERE id_member = {int:id_member}',
  370. array(
  371. 'id_member' => $row['id_member'],
  372. 'pm_ignore_list' => implode(',', array_diff(explode(',', $row['pm_ignore_list']), $users)),
  373. 'buddy_list' => implode(',', array_diff(explode(',', $row['buddy_list']), $users)),
  374. )
  375. );
  376. $smcFunc['db_free_result']($request);
  377. // Make sure no member's birthday is still sticking in the calendar...
  378. updateSettings(array(
  379. 'calendar_updated' => time(),
  380. ));
  381. // Integration rocks!
  382. call_integration_hook('integrate_delete_members', array($users));
  383. updateStats('member');
  384. require_once($sourcedir . '/Logging.php');
  385. logActions($log_changes);
  386. }
  387. /**
  388. * Registers a member to the forum.
  389. * Allows two types of interface: 'guest' and 'admin'. The first
  390. * includes hammering protection, the latter can perform the
  391. * registration silently.
  392. * The strings used in the options array are assumed to be escaped.
  393. * Allows to perform several checks on the input, e.g. reserved names.
  394. * The function will adjust member statistics.
  395. * If an error is detected will fatal error on all errors unless return_errors is true.
  396. *
  397. * @param array $regOptions
  398. * @param bool $return_errors - specify whether to return the errors
  399. * @return int, the ID of the newly created member
  400. */
  401. function registerMember(&$regOptions, $return_errors = false)
  402. {
  403. global $scripturl, $txt, $modSettings, $context, $sourcedir;
  404. global $user_info, $options, $settings, $smcFunc;
  405. loadLanguage('Login');
  406. // We'll need some external functions.
  407. require_once($sourcedir . '/Subs-Auth.php');
  408. require_once($sourcedir . '/Subs-Post.php');
  409. // Put any errors in here.
  410. $reg_errors = array();
  411. // Registration from the admin center, let them sweat a little more.
  412. if ($regOptions['interface'] == 'admin')
  413. {
  414. is_not_guest();
  415. isAllowedTo('moderate_forum');
  416. }
  417. // If you're an admin, you're special ;).
  418. elseif ($regOptions['interface'] == 'guest')
  419. {
  420. // You cannot register twice...
  421. if (empty($user_info['is_guest']))
  422. redirectexit();
  423. // Make sure they didn't just register with this session.
  424. if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck']))
  425. fatal_lang_error('register_only_once', false);
  426. }
  427. // What method of authorization are we going to use?
  428. if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid')))
  429. {
  430. if (!empty($regOptions['openid']))
  431. $regOptions['auth_method'] = 'openid';
  432. else
  433. $regOptions['auth_method'] = 'password';
  434. }
  435. // Spaces and other odd characters are evil...
  436. $regOptions['username'] = trim(preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']));
  437. // @todo Separate the sprintf?
  438. if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255)
  439. $reg_errors[] = array('lang', 'profile_error_bad_email');
  440. $username_validation_errors = validateUsername(0, $regOptions['username'], true, !empty($regOptions['check_reserved_name']));
  441. if (!empty($username_validation_errors))
  442. $reg_errors = array_merge($reg_errors, $username_validation_errors);
  443. // Generate a validation code if it's supposed to be emailed.
  444. $validation_code = '';
  445. if ($regOptions['require'] == 'activation')
  446. $validation_code = generateValidationCode();
  447. // If you haven't put in a password generate one.
  448. if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password')
  449. {
  450. mt_srand(time() + 1277);
  451. $regOptions['password'] = generateValidationCode();
  452. $regOptions['password_check'] = $regOptions['password'];
  453. }
  454. // Does the first password match the second?
  455. elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password')
  456. $reg_errors[] = array('lang', 'passwords_dont_match');
  457. // That's kind of easy to guess...
  458. if ($regOptions['password'] == '')
  459. {
  460. if ($regOptions['auth_method'] == 'password')
  461. $reg_errors[] = array('lang', 'no_password');
  462. else
  463. $regOptions['password'] = sha1(mt_rand());
  464. }
  465. // Now perform hard password validation as required.
  466. if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '')
  467. {
  468. $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
  469. // Password isn't legal?
  470. if ($passwordError != null)
  471. $reg_errors[] = array('lang', 'profile_error_password_' . $passwordError);
  472. }
  473. // If they are using an OpenID that hasn't been verified yet error out.
  474. // @todo Change this so they can register without having to attempt a login first
  475. if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid']))
  476. $reg_errors[] = array('lang', 'openid_not_verified');
  477. // You may not be allowed to register this email.
  478. if (!empty($regOptions['check_email_ban']))
  479. isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
  480. // Check if the email address is in use.
  481. $request = $smcFunc['db_query']('', '
  482. SELECT id_member
  483. FROM {db_prefix}members
  484. WHERE email_address = {string:email_address}
  485. OR email_address = {string:username}
  486. LIMIT 1',
  487. array(
  488. 'email_address' => $regOptions['email'],
  489. 'username' => $regOptions['username'],
  490. )
  491. );
  492. // @todo Separate the sprintf?
  493. if ($smcFunc['db_num_rows']($request) != 0)
  494. $reg_errors[] = array('lang', 'email_in_use', false, array($smcFunc['htmlspecialchars']($regOptions['email'])));
  495. $smcFunc['db_free_result']($request);
  496. // Perhaps someone else wants to check this user
  497. call_integration_hook('integrate_register_check', array(&$regOptions, &$reg_errors));
  498. // If we found any errors we need to do something about it right away!
  499. foreach ($reg_errors as $key => $error)
  500. {
  501. /* Note for each error:
  502. 0 = 'lang' if it's an index, 'done' if it's clear text.
  503. 1 = The text/index.
  504. 2 = Whether to log.
  505. 3 = sprintf data if necessary. */
  506. if ($error[0] == 'lang')
  507. loadLanguage('Errors');
  508. $message = $error[0] == 'lang' ? (empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3])) : $error[1];
  509. // What to do, what to do, what to do.
  510. if ($return_errors)
  511. {
  512. if (!empty($error[2]))
  513. log_error($message, $error[2]);
  514. $reg_errors[$key] = $message;
  515. }
  516. else
  517. fatal_error($message, empty($error[2]) ? false : $error[2]);
  518. }
  519. // If there's any errors left return them at once!
  520. if (!empty($reg_errors))
  521. return $reg_errors;
  522. $reservedVars = array(
  523. 'actual_theme_url',
  524. 'actual_images_url',
  525. 'base_theme_dir',
  526. 'base_theme_url',
  527. 'default_images_url',
  528. 'default_theme_dir',
  529. 'default_theme_url',
  530. 'default_template',
  531. 'images_url',
  532. 'number_recent_posts',
  533. 'smiley_sets_default',
  534. 'theme_dir',
  535. 'theme_id',
  536. 'theme_layers',
  537. 'theme_templates',
  538. 'theme_url',
  539. );
  540. // Can't change reserved vars.
  541. if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0)
  542. fatal_lang_error('no_theme');
  543. // Some of these might be overwritten. (the lower ones that are in the arrays below.)
  544. $regOptions['register_vars'] = array(
  545. 'member_name' => $regOptions['username'],
  546. 'email_address' => $regOptions['email'],
  547. 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']),
  548. 'password_salt' => substr(md5(mt_rand()), 0, 4) ,
  549. 'posts' => 0,
  550. 'date_registered' => time(),
  551. 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'],
  552. 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'],
  553. 'validation_code' => $validation_code,
  554. 'real_name' => $regOptions['username'],
  555. 'personal_text' => $modSettings['default_personal_text'],
  556. 'pm_email_notify' => 1,
  557. 'id_theme' => 0,
  558. 'id_post_group' => 4,
  559. 'lngfile' => '',
  560. 'buddy_list' => '',
  561. 'pm_ignore_list' => '',
  562. 'website_title' => '',
  563. 'website_url' => '',
  564. 'location' => '',
  565. 'icq' => '',
  566. 'aim' => '',
  567. 'yim' => '',
  568. 'skype' => '',
  569. 'time_format' => '',
  570. 'signature' => '',
  571. 'avatar' => '',
  572. 'usertitle' => '',
  573. 'secret_question' => '',
  574. 'secret_answer' => '',
  575. 'additional_groups' => '',
  576. 'ignore_boards' => '',
  577. 'smiley_set' => '',
  578. 'openid_uri' => (!empty($regOptions['openid']) ? $regOptions['openid'] : ''),
  579. );
  580. // Setup the activation status on this new account so it is correct - firstly is it an under age account?
  581. if ($regOptions['require'] == 'coppa')
  582. {
  583. $regOptions['register_vars']['is_activated'] = 5;
  584. // @todo This should be changed. To what should be it be changed??
  585. $regOptions['register_vars']['validation_code'] = '';
  586. }
  587. // Maybe it can be activated right away?
  588. elseif ($regOptions['require'] == 'nothing')
  589. $regOptions['register_vars']['is_activated'] = 1;
  590. // Maybe it must be activated by email?
  591. elseif ($regOptions['require'] == 'activation')
  592. $regOptions['register_vars']['is_activated'] = 0;
  593. // Otherwise it must be awaiting approval!
  594. else
  595. $regOptions['register_vars']['is_activated'] = 3;
  596. if (isset($regOptions['memberGroup']))
  597. {
  598. // Make sure the id_group will be valid, if this is an administator.
  599. $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
  600. // Check if this group is assignable.
  601. $unassignableGroups = array(-1, 3);
  602. $request = $smcFunc['db_query']('', '
  603. SELECT id_group
  604. FROM {db_prefix}membergroups
  605. WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
  606. OR group_type = {int:is_protected}'),
  607. array(
  608. 'min_posts' => -1,
  609. 'is_protected' => 1,
  610. )
  611. );
  612. while ($row = $smcFunc['db_fetch_assoc']($request))
  613. $unassignableGroups[] = $row['id_group'];
  614. $smcFunc['db_free_result']($request);
  615. if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups))
  616. $regOptions['register_vars']['id_group'] = 0;
  617. }
  618. // ICQ cannot be zero.
  619. if (isset($regOptions['extra_register_vars']['icq']) && empty($regOptions['extra_register_vars']['icq']))
  620. $regOptions['extra_register_vars']['icq'] = '';
  621. // Integrate optional member settings to be set.
  622. if (!empty($regOptions['extra_register_vars']))
  623. foreach ($regOptions['extra_register_vars'] as $var => $value)
  624. $regOptions['register_vars'][$var] = $value;
  625. // Integrate optional user theme options to be set.
  626. $theme_vars = array();
  627. if (!empty($regOptions['theme_vars']))
  628. foreach ($regOptions['theme_vars'] as $var => $value)
  629. $theme_vars[$var] = $value;
  630. // Right, now let's prepare for insertion.
  631. $knownInts = array(
  632. 'date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages',
  633. 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad',
  634. 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types',
  635. 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning',
  636. );
  637. $knownFloats = array(
  638. 'time_offset',
  639. );
  640. // Call an optional function to validate the users' input.
  641. call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats));
  642. $column_names = array();
  643. $values = array();
  644. foreach ($regOptions['register_vars'] as $var => $val)
  645. {
  646. $type = 'string';
  647. if (in_array($var, $knownInts))
  648. $type = 'int';
  649. elseif (in_array($var, $knownFloats))
  650. $type = 'float';
  651. elseif ($var == 'birthdate')
  652. $type = 'date';
  653. $column_names[$var] = $type;
  654. $values[$var] = $val;
  655. }
  656. // Register them into the database.
  657. $smcFunc['db_insert']('',
  658. '{db_prefix}members',
  659. $column_names,
  660. $values,
  661. array('id_member')
  662. );
  663. $memberID = $smcFunc['db_insert_id']('{db_prefix}members', 'id_member');
  664. // Call an optional function as notification of registration.
  665. call_integration_hook('integrate_post_register', array(&$regOptions, &$theme_vars, &$memberID));
  666. // Update the number of members and latest member's info - and pass the name, but remove the 's.
  667. if ($regOptions['register_vars']['is_activated'] == 1)
  668. updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
  669. else
  670. updateStats('member');
  671. // Theme variables too?
  672. if (!empty($theme_vars))
  673. {
  674. $inserts = array();
  675. foreach ($theme_vars as $var => $val)
  676. $inserts[] = array($memberID, $var, $val);
  677. $smcFunc['db_insert']('insert',
  678. '{db_prefix}themes',
  679. array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'),
  680. $inserts,
  681. array('id_member', 'variable')
  682. );
  683. }
  684. // If it's enabled, increase the registrations for today.
  685. trackStats(array('registers' => '+'));
  686. // Administrative registrations are a bit different...
  687. if ($regOptions['interface'] == 'admin')
  688. {
  689. if ($regOptions['require'] == 'activation')
  690. $email_message = 'admin_register_activate';
  691. elseif (!empty($regOptions['send_welcome_email']))
  692. $email_message = 'admin_register_immediate';
  693. if (isset($email_message))
  694. {
  695. $replacements = array(
  696. 'REALNAME' => $regOptions['register_vars']['real_name'],
  697. 'USERNAME' => $regOptions['username'],
  698. 'PASSWORD' => $regOptions['password'],
  699. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  700. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  701. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  702. 'ACTIVATIONCODE' => $validation_code,
  703. );
  704. $emaildata = loadEmailTemplate($email_message, $replacements);
  705. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  706. }
  707. // All admins are finished here.
  708. return $memberID;
  709. }
  710. // Can post straight away - welcome them to your fantastic community...
  711. if ($regOptions['require'] == 'nothing')
  712. {
  713. if (!empty($regOptions['send_welcome_email']))
  714. {
  715. $replacements = array(
  716. 'REALNAME' => $regOptions['register_vars']['real_name'],
  717. 'USERNAME' => $regOptions['username'],
  718. 'PASSWORD' => $regOptions['password'],
  719. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  720. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  721. );
  722. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
  723. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  724. }
  725. // Send admin their notification.
  726. adminNotify('standard', $memberID, $regOptions['username']);
  727. }
  728. // Need to activate their account - or fall under COPPA.
  729. elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa')
  730. {
  731. $replacements = array(
  732. 'REALNAME' => $regOptions['register_vars']['real_name'],
  733. 'USERNAME' => $regOptions['username'],
  734. 'PASSWORD' => $regOptions['password'],
  735. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  736. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  737. );
  738. if ($regOptions['require'] == 'activation')
  739. $replacements += array(
  740. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  741. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  742. 'ACTIVATIONCODE' => $validation_code,
  743. );
  744. else
  745. $replacements += array(
  746. 'COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID,
  747. );
  748. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
  749. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  750. }
  751. // Must be awaiting approval.
  752. else
  753. {
  754. $replacements = array(
  755. 'REALNAME' => $regOptions['register_vars']['real_name'],
  756. 'USERNAME' => $regOptions['username'],
  757. 'PASSWORD' => $regOptions['password'],
  758. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  759. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  760. );
  761. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
  762. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  763. // Admin gets informed here...
  764. adminNotify('approval', $memberID, $regOptions['username']);
  765. }
  766. // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
  767. $_SESSION['just_registered'] = 1;
  768. // If they are for sure registered, let other people to know about it
  769. call_integration_hook('integrate_register_after', array($regOptions, $memberID));
  770. return $memberID;
  771. }
  772. /**
  773. * Check if a name is in the reserved words list.
  774. * (name, current member id, name/username?.)
  775. * - checks if name is a reserved name or username.
  776. * - if is_name is false, the name is assumed to be a username.
  777. * - the id_member variable is used to ignore duplicate matches with the
  778. * current member.
  779. *
  780. * @param string $name
  781. * @param int $current_ID_MEMBER
  782. * @param bool $is_name
  783. * @param bool $fatal
  784. */
  785. function isReservedName($name, $current_ID_MEMBER = 0, $is_name = true, $fatal = true)
  786. {
  787. global $user_info, $modSettings, $smcFunc, $context;
  788. $name = preg_replace_callback('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~', 'replaceEntities__callback', $name);
  789. $checkName = $smcFunc['strtolower']($name);
  790. // Administrators are never restricted ;).
  791. if (!allowedTo('moderate_forum') && ((!empty($modSettings['reserveName']) && $is_name) || !empty($modSettings['reserveUser']) && !$is_name))
  792. {
  793. $reservedNames = explode("\n", $modSettings['reserveNames']);
  794. // Case sensitive check?
  795. $checkMe = empty($modSettings['reserveCase']) ? $checkName : $name;
  796. // Check each name in the list...
  797. foreach ($reservedNames as $reserved)
  798. {
  799. if ($reserved == '')
  800. continue;
  801. // The admin might've used entities too, level the playing field.
  802. $reservedCheck = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~', 'replaceEntities__callback', $reserved);
  803. // Case sensitive name?
  804. if (empty($modSettings['reserveCase']))
  805. $reservedCheck = $smcFunc['strtolower']($reservedCheck);
  806. // If it's not just entire word, check for it in there somewhere...
  807. if ($checkMe == $reservedCheck || ($smcFunc['strpos']($checkMe, $reservedCheck) !== false && empty($modSettings['reserveWord'])))
  808. if ($fatal)
  809. fatal_lang_error('username_reserved', 'password', array($reserved));
  810. else
  811. return true;
  812. }
  813. $censor_name = $name;
  814. if (censorText($censor_name) != $name)
  815. if ($fatal)
  816. fatal_lang_error('name_censored', 'password', array($name));
  817. else
  818. return true;
  819. }
  820. // Characters we just shouldn't allow, regardless.
  821. foreach (array('*') as $char)
  822. if (strpos($checkName, $char) !== false)
  823. if ($fatal)
  824. fatal_lang_error('username_reserved', 'password', array($char));
  825. else
  826. return true;
  827. // Get rid of any SQL parts of the reserved name...
  828. $checkName = strtr($name, array('_' => '\\_', '%' => '\\%'));
  829. // Make sure they don't want someone else's name.
  830. $request = $smcFunc['db_query']('', '
  831. SELECT id_member
  832. FROM {db_prefix}members
  833. WHERE ' . (empty($current_ID_MEMBER) ? '' : 'id_member != {int:current_member}
  834. AND ') . '({raw:real_name} LIKE {string:check_name} OR {raw:member_name} LIKE {string:check_name})
  835. LIMIT 1',
  836. array(
  837. 'real_name' => $smcFunc['db_case_sensitive'] ? 'LOWER(real_name)' : 'real_name',
  838. 'member_name' => $smcFunc['db_case_sensitive'] ? 'LOWER(member_name)' : 'member_name',
  839. 'current_member' => $current_ID_MEMBER,
  840. 'check_name' => $checkName,
  841. )
  842. );
  843. if ($smcFunc['db_num_rows']($request) > 0)
  844. {
  845. $smcFunc['db_free_result']($request);
  846. return true;
  847. }
  848. // Does name case insensitive match a member group name?
  849. $request = $smcFunc['db_query']('', '
  850. SELECT id_group
  851. FROM {db_prefix}membergroups
  852. WHERE {raw:group_name} LIKE {string:check_name}
  853. LIMIT 1',
  854. array(
  855. 'group_name' => $smcFunc['db_case_sensitive'] ? 'LOWER(group_name)' : 'group_name',
  856. 'check_name' => $checkName,
  857. )
  858. );
  859. if ($smcFunc['db_num_rows']($request) > 0)
  860. {
  861. $smcFunc['db_free_result']($request);
  862. return true;
  863. }
  864. // Okay, they passed.
  865. return false;
  866. }
  867. // Get a list of groups that have a given permission (on a given board).
  868. /**
  869. * Retrieves a list of membergroups that are allowed to do the given
  870. * permission. (on the given board)
  871. * If board_id is not null, a board permission is assumed.
  872. * The function takes different permission settings into account.
  873. *
  874. * @param string $permission
  875. * @param int $board_id = null
  876. * @return an array containing an array for the allowed membergroup ID's
  877. * and an array for the denied membergroup ID's.
  878. */
  879. function groupsAllowedTo($permission, $board_id = null)
  880. {
  881. global $modSettings, $board_info, $smcFunc;
  882. // Admins are allowed to do anything.
  883. $member_groups = array(
  884. 'allowed' => array(1),
  885. 'denied' => array(),
  886. );
  887. // Assume we're dealing with regular permissions (like profile_view).
  888. if ($board_id === null)
  889. {
  890. $request = $smcFunc['db_query']('', '
  891. SELECT id_group, add_deny
  892. FROM {db_prefix}permissions
  893. WHERE permission = {string:permission}',
  894. array(
  895. 'permission' => $permission,
  896. )
  897. );
  898. while ($row = $smcFunc['db_fetch_assoc']($request))
  899. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  900. $smcFunc['db_free_result']($request);
  901. }
  902. // Otherwise it's time to look at the board.
  903. else
  904. {
  905. // First get the profile of the given board.
  906. if (isset($board_info['id']) && $board_info['id'] == $board_id)
  907. $profile_id = $board_info['profile'];
  908. elseif ($board_id !== 0)
  909. {
  910. $request = $smcFunc['db_query']('', '
  911. SELECT id_profile
  912. FROM {db_prefix}boards
  913. WHERE id_board = {int:id_board}
  914. LIMIT 1',
  915. array(
  916. 'id_board' => $board_id,
  917. )
  918. );
  919. if ($smcFunc['db_num_rows']($request) == 0)
  920. fatal_lang_error('no_board');
  921. list ($profile_id) = $smcFunc['db_fetch_row']($request);
  922. $smcFunc['db_free_result']($request);
  923. }
  924. else
  925. $profile_id = 1;
  926. $request = $smcFunc['db_query']('', '
  927. SELECT bp.id_group, bp.add_deny
  928. FROM {db_prefix}board_permissions AS bp
  929. WHERE bp.permission = {string:permission}
  930. AND bp.id_profile = {int:profile_id}',
  931. array(
  932. 'profile_id' => $profile_id,
  933. 'permission' => $permission,
  934. )
  935. );
  936. while ($row = $smcFunc['db_fetch_assoc']($request))
  937. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  938. $smcFunc['db_free_result']($request);
  939. $moderator_groups = array();
  940. // "Inherit" any moderator permissions as needed
  941. if (isset($board_info['moderator_groups']))
  942. {
  943. $moderator_groups = array_keys($board_info['moderator_groups']);
  944. }
  945. elseif ($board_id !== 0)
  946. {
  947. // Get the groups that can moderate this board
  948. $request = $smcFunc['db_query']('', '
  949. SELECT id_group
  950. FROM {db_prefix}moderator_groups
  951. WHERE id_board = {int:board_id}',
  952. array(
  953. 'board_id' => $board_id,
  954. )
  955. );
  956. while ($row = $smcFunc['db_fetch_assoc']($request))
  957. {
  958. $moderator_groups[] = $row['id_group'];
  959. }
  960. $smcFunc['db_free_result']($request);
  961. }
  962. // "Inherit" any additional permissions from the "Moderators" group
  963. foreach ($moderator_groups as $mod_group)
  964. {
  965. // If they're not specifically allowed, but the moderator group is, then allow it
  966. if (in_array(3, $member_groups['allowed']) && !in_array($mod_group, $member_groups['allowed']))
  967. {
  968. $member_groups['allowed'][] = $mod_group;
  969. }
  970. // They're not denied, but the moderator group is, so deny it
  971. if (in_array(3, $member_groups['denied']) && !in_array($mod_group, $member_groups['denied']))
  972. {
  973. $member_groups['denied'][] = $mod_group;
  974. }
  975. }
  976. }
  977. // Denied is never allowed.
  978. $member_groups['allowed'] = array_diff($member_groups['allowed'], $member_groups['denied']);
  979. return $member_groups;
  980. }
  981. /**
  982. * Retrieves a list of members that have a given permission
  983. * (on a given board).
  984. * If board_id is not null, a board permission is assumed.
  985. * Takes different permission settings into account.
  986. * Takes possible moderators (on board 'board_id') into account.
  987. *
  988. * @param string $permission
  989. * @param int $board_id = null
  990. * @return an array containing member ID's.
  991. */
  992. function membersAllowedTo($permission, $board_id = null)
  993. {
  994. global $smcFunc;
  995. $member_groups = groupsAllowedTo($permission, $board_id);
  996. $all_groups = array_merge($member_groups['allowed'], $member_groups['denied']);
  997. $include_moderators = in_array(3, $member_groups['allowed']) && $board_id !== null;
  998. $member_groups['allowed'] = array_diff($member_groups['allowed'], array(3));
  999. $exclude_moderators = in_array(3, $member_groups['denied']) && $board_id !== null;
  1000. $member_groups['denied'] = array_diff($member_groups['denied'], array(3));
  1001. $request = $smcFunc['db_query']('', '
  1002. SELECT mem.id_member
  1003. FROM {db_prefix}members AS mem' . ($include_moderators || $exclude_moderators ? '
  1004. LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_member = mem.id_member AND mods.id_board = {int:board_id})
  1005. LEFT JOIN {db_prefix}moderator_groups AS modgs ON (modgs.id_group IN ({array_int:all_member_groups}))' : '') . '
  1006. WHERE (' . ($include_moderators ? 'mods.id_member IS NOT NULL OR modgs.id_group IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_allowed}) OR FIND_IN_SET({raw:member_group_allowed_implode}, mem.additional_groups) != 0 OR mem.id_post_group IN ({array_int:member_groups_allowed}))' . (empty($member_groups['denied']) ? '' : '
  1007. AND NOT (' . ($exclude_moderators ? 'mods.id_member IS NOT NULL OR modgs.id_group IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_denied}) OR FIND_IN_SET({raw:member_group_denied_implode}, mem.additional_groups) != 0 OR mem.id_post_group IN ({array_int:member_groups_denied}))'),
  1008. array(
  1009. 'member_groups_allowed' => $member_groups['allowed'],
  1010. 'member_groups_denied' => $member_groups['denied'],
  1011. 'all_member_groups' => $all_groups,
  1012. 'board_id' => $board_id,
  1013. 'member_group_allowed_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['allowed']),
  1014. 'member_group_denied_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['denied']),
  1015. )
  1016. );
  1017. $members = array();
  1018. while ($row = $smcFunc['db_fetch_assoc']($request))
  1019. $members[] = $row['id_member'];
  1020. $smcFunc['db_free_result']($request);
  1021. return $members;
  1022. }
  1023. /**
  1024. * This function is used to reassociate members with relevant posts.
  1025. * Reattribute guest posts to a specified member.
  1026. * Does not check for any permissions.
  1027. * If add_to_post_count is set, the member's post count is increased.
  1028. *
  1029. * @param int $memID
  1030. * @param string $email = false
  1031. * @param string $membername = false
  1032. * @param bool $post_count = false
  1033. * @return nothing
  1034. */
  1035. function reattributePosts($memID, $email = false, $membername = false, $post_count = false)
  1036. {
  1037. global $smcFunc;
  1038. $updated = array(
  1039. 'messages' => 0,
  1040. 'topics' => 0,
  1041. 'reports' => 0,
  1042. );
  1043. // Firstly, if email and username aren't passed find out the members email address and name.
  1044. if ($email === false && $membername === false)
  1045. {
  1046. $request = $smcFunc['db_query']('', '
  1047. SELECT email_address, member_name
  1048. FROM {db_prefix}members
  1049. WHERE id_member = {int:memID}
  1050. LIMIT 1',
  1051. array(
  1052. 'memID' => $memID,
  1053. )
  1054. );
  1055. list ($email, $membername) = $smcFunc['db_fetch_row']($request);
  1056. $smcFunc['db_free_result']($request);
  1057. }
  1058. // If they want the post count restored then we need to do some research.
  1059. if ($post_count)
  1060. {
  1061. $request = $smcFunc['db_query']('', '
  1062. SELECT COUNT(*)
  1063. FROM {db_prefix}messages AS m
  1064. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND b.count_posts = {int:count_posts})
  1065. WHERE m.id_member = {int:guest_id}
  1066. AND m.approved = {int:is_approved}
  1067. AND m.icon != {string:recycled_icon}' . (empty($email) ? '' : '
  1068. AND m.poster_email = {string:email_address}') . (empty($membername) ? '' : '
  1069. AND m.poster_name = {string:member_name}'),
  1070. array(
  1071. 'count_posts' => 0,
  1072. 'guest_id' => 0,
  1073. 'email_address' => $email,
  1074. 'member_name' => $membername,
  1075. 'is_approved' => 1,
  1076. 'recycled_icon' => 'recycled',
  1077. )
  1078. );
  1079. list ($messageCount) = $smcFunc['db_fetch_row']($request);
  1080. $smcFunc['db_free_result']($request);
  1081. updateMemberData($memID, array('posts' => 'posts + ' . $messageCount));
  1082. }
  1083. $query_parts = array();
  1084. if (!empty($email))
  1085. $query_parts[] = 'poster_email = {string:email_address}';
  1086. if (!empty($membername))
  1087. $query_parts[] = 'poster_name = {string:member_name}';
  1088. $query = implode(' AND ', $query_parts);
  1089. // Finally, update the posts themselves!
  1090. $smcFunc['db_query']('', '
  1091. UPDATE {db_prefix}messages
  1092. SET id_member = {int:memID}
  1093. WHERE ' . $query,
  1094. array(
  1095. 'memID' => $memID,
  1096. 'email_address' => $email,
  1097. 'member_name' => $membername,
  1098. )
  1099. );
  1100. $updated['messages'] = $smcFunc['db_affected_rows']();
  1101. // Did we update any messages?
  1102. if ($updated['messages'] > 0)
  1103. {
  1104. // First, check for updated topics.
  1105. $smcFunc['db_query']('', '
  1106. UPDATE {db_prefix}topics as t, {db_prefix}messages as m
  1107. SET t.id_member_started = {int:memID}
  1108. WHERE m.id_member = {int:memID}
  1109. AND t.id_first_msg = m.id_msg',
  1110. array(
  1111. 'memID' => $memID,
  1112. )
  1113. );
  1114. $updated['topics'] = $smcFunc['db_affected_rows']();
  1115. // Second, check for updated reports.
  1116. $smcFunc['db_query']('', '
  1117. UPDATE {db_prefix}log_reported AS lr, {db_prefix}messages AS m
  1118. SET lr.id_member = {int:memID}
  1119. WHERE lr.id_msg = m.id_msg
  1120. AND m.id_member = {int:memID}',
  1121. array(
  1122. 'memID' => $memID,
  1123. )
  1124. );
  1125. $updated['reports'] = $smcFunc['db_affected_rows']();
  1126. }
  1127. // Allow mods with their own post tables to reattribute posts as well :)
  1128. call_integration_hook('integrate_reattribute_posts', array($memID, $email, $membername, $post_count, &$updated));
  1129. return $updated;
  1130. }
  1131. /**
  1132. * This simple function adds/removes the passed user from the current users buddy list.
  1133. * Requires profile_identity_own permission.
  1134. * Called by ?action=buddy;u=x;session_id=y.
  1135. * Redirects to ?action=profile;u=x.
  1136. */
  1137. function BuddyListToggle()
  1138. {
  1139. global $user_info;
  1140. checkSession('get');
  1141. isAllowedTo('profile_identity_own');
  1142. is_not_guest();
  1143. if (empty($_REQUEST['u']))
  1144. fatal_lang_error('no_access', false);
  1145. $_REQUEST['u'] = (int) $_REQUEST['u'];
  1146. // Remove if it's already there...
  1147. if (in_array($_REQUEST['u'], $user_info['buddies']))
  1148. $user_info['buddies'] = array_diff($user_info['buddies'], array($_REQUEST['u']));
  1149. // ...or add if it's not and if it's not you.
  1150. elseif ($user_info['id'] != $_REQUEST['u'])
  1151. $user_info['buddies'][] = (int) $_REQUEST['u'];
  1152. // Update the settings.
  1153. updateMemberData($user_info['id'], array('buddy_list' => implode(',', $user_info['buddies'])));
  1154. // Redirect back to the profile
  1155. redirectexit('action=profile;u=' . $_REQUEST['u']);
  1156. }
  1157. /**
  1158. * Callback for createList().
  1159. *
  1160. * @param $start
  1161. * @param $items_per_page
  1162. * @param $sort
  1163. * @param $where
  1164. * @param $where_params
  1165. * @param $get_duplicates
  1166. */
  1167. function list_getMembers($start, $items_per_page, $sort, $where, $where_params = array(), $get_duplicates = false)
  1168. {
  1169. global $smcFunc;
  1170. $request = $smcFunc['db_query']('', '
  1171. SELECT
  1172. mem.id_member, mem.member_name, mem.real_name, mem.email_address, mem.icq, mem.aim, mem.yim, mem.skype, mem.member_ip, mem.member_ip2, mem.last_login,
  1173. mem.posts, mem.is_activated, mem.date_registered, mem.id_group, mem.additional_groups, mg.group_name
  1174. FROM {db_prefix}members AS mem
  1175. LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = mem.id_group)
  1176. WHERE ' . ($where == '1' ? '1=1' : $where) . '
  1177. ORDER BY {raw:sort}
  1178. LIMIT {int:start}, {int:per_page}',
  1179. array_merge($where_params, array(
  1180. 'sort' => $sort,
  1181. 'start' => $start,
  1182. 'per_page' => $items_per_page,
  1183. ))
  1184. );
  1185. $members = array();
  1186. while ($row = $smcFunc['db_fetch_assoc']($request))
  1187. $members[] = $row;
  1188. $smcFunc['db_free_result']($request);
  1189. // If we want duplicates pass the members array off.
  1190. if ($get_duplicates)
  1191. populateDuplicateMembers($members);
  1192. return $members;
  1193. }
  1194. /**
  1195. * Callback for createList().
  1196. *
  1197. * @param $where
  1198. * @param $where_params
  1199. */
  1200. function list_getNumMembers($where, $where_params = array())
  1201. {
  1202. global $smcFunc, $modSettings;
  1203. // We know how many members there are in total.
  1204. if (empty($where) || $where == '1=1')
  1205. $num_members = $modSettings['totalMembers'];
  1206. // The database knows the amount when there are extra conditions.
  1207. else
  1208. {
  1209. $request = $smcFunc['db_query']('', '
  1210. SELECT COUNT(*)
  1211. FROM {db_prefix}members AS mem
  1212. WHERE ' . $where,
  1213. array_merge($where_params, array(
  1214. ))
  1215. );
  1216. list ($num_members) = $smcFunc['db_fetch_row']($request);
  1217. $smcFunc['db_free_result']($request);
  1218. }
  1219. return $num_members;
  1220. }
  1221. /**
  1222. * Find potential duplicate registation members based on the same IP address
  1223. *
  1224. * @param $members
  1225. */
  1226. function populateDuplicateMembers(&$members)
  1227. {
  1228. global $smcFunc;
  1229. // This will hold all the ip addresses.
  1230. $ips = array();
  1231. foreach ($members as $key => $member)
  1232. {
  1233. // Create the duplicate_members element.
  1234. $members[$key]['duplicate_members'] = array();
  1235. // Store the IPs.
  1236. if (!empty($member['member_ip']))
  1237. $ips[] = $member['member_ip'];
  1238. if (!empty($member['member_ip2']))
  1239. $ips[] = $member['member_ip2'];
  1240. }
  1241. $ips = array_unique($ips);
  1242. if (empty($ips))
  1243. return false;
  1244. // Fetch all members with this IP address, we'll filter out the current ones in a sec.
  1245. $request = $smcFunc['db_query']('', '
  1246. SELECT
  1247. id_member, member_name, email_address, member_ip, member_ip2, is_activated
  1248. FROM {db_prefix}members
  1249. WHERE member_ip IN ({array_string:ips})
  1250. OR member_ip2 IN ({array_string:ips})',
  1251. array(
  1252. 'ips' => $ips,
  1253. )
  1254. );
  1255. $duplicate_members = array();
  1256. $duplicate_ids = array();
  1257. while ($row = $smcFunc['db_fetch_assoc']($request))
  1258. {
  1259. //$duplicate_ids[] = $row['id_member'];
  1260. $member_context = array(
  1261. 'id' => $row['id_member'],
  1262. 'name' => $row['member_name'],
  1263. 'email' => $row['email_address'],
  1264. 'is_banned' => $row['is_activated'] > 10,
  1265. 'ip' => $row['member_ip'],
  1266. 'ip2' => $row['member_ip2'],
  1267. );
  1268. if (in_array($row['member_ip'], $ips))
  1269. $duplicate_members[$row['member_ip']][] = $member_context;
  1270. if ($row['member_ip'] != $row['member_ip2'] && in_array($row['member_ip2'], $ips))
  1271. $duplicate_members[$row['member_ip2']][] = $member_context;
  1272. }
  1273. $smcFunc['db_free_result']($request);
  1274. // Also try to get a list of messages using these ips.
  1275. $request = $smcFunc['db_query']('', '
  1276. SELECT
  1277. m.poster_ip, mem.id_member, mem.member_name, mem.email_address, mem.is_activated
  1278. FROM {db_prefix}messages AS m
  1279. INNER JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
  1280. WHERE m.id_member != 0
  1281. ' . (!empty($duplicate_ids) ? 'AND m.id_member NOT IN ({array_int:duplicate_ids})' : '') . '
  1282. AND m.poster_ip IN ({array_string:ips})',
  1283. array(
  1284. 'duplicate_ids' => $duplicate_ids,
  1285. 'ips' => $ips,
  1286. )
  1287. );
  1288. $had_ips = array();
  1289. while ($row = $smcFunc['db_fetch_assoc']($request))
  1290. {
  1291. // Don't collect lots of the same.
  1292. if (isset($had_ips[$row['poster_ip']]) && in_array($row['id_member'], $had_ips[$row['poster_ip']]))
  1293. continue;
  1294. $had_ips[$row['poster_ip']][] = $row['id_member'];
  1295. $duplicate_members[$row['poster_ip']][] = array(
  1296. 'id' => $row['id_member'],
  1297. 'name' => $row['member_name'],
  1298. 'email' => $row['email_address'],
  1299. 'is_banned' => $row['is_activated'] > 10,
  1300. 'ip' => $row['poster_ip'],
  1301. 'ip2' => $row['poster_ip'],
  1302. );
  1303. }
  1304. $smcFunc['db_free_result']($request);
  1305. // Now we have all the duplicate members, stick them with their respective member in the list.
  1306. if (!empty($duplicate_members))
  1307. foreach ($members as $key => $member)
  1308. {
  1309. if (isset($duplicate_members[$member['member_ip']]))
  1310. $members[$key]['duplicate_members'] = $duplicate_members[$member['member_ip']];
  1311. if ($member['member_ip'] != $member['member_ip2'] && isset($duplicate_members[$member['member_ip2']]))
  1312. $members[$key]['duplicate_members'] = array_merge($member['duplicate_members'], $duplicate_members[$member['member_ip2']]);
  1313. // Check we don't have lots of the same member.
  1314. $member_track = array($member['id_member']);
  1315. foreach ($members[$key]['duplicate_members'] as $duplicate_id_member => $duplicate_member)
  1316. {
  1317. if (in_array($duplicate_member['id'], $member_track))
  1318. {
  1319. unset($members[$key]['duplicate_members'][$duplicate_id_member]);
  1320. continue;
  1321. }
  1322. $member_track[] = $duplicate_member['id'];
  1323. }
  1324. }
  1325. }
  1326. /**
  1327. * Generate a random validation code.
  1328. * @todo Err. Whatcha doin' here.
  1329. *
  1330. * @return type
  1331. */
  1332. function generateValidationCode()
  1333. {
  1334. global $smcFunc, $modSettings;
  1335. $request = $smcFunc['db_query']('get_random_number', '
  1336. SELECT RAND()',
  1337. array(
  1338. )
  1339. );
  1340. list ($dbRand) = $smcFunc['db_fetch_row']($request);
  1341. $smcFunc['db_free_result']($request);
  1342. return substr(preg_replace('/\W/', '', sha1(microtime() . mt_rand() . $dbRand . $modSettings['rand_seed'])), 0, 10);
  1343. }
  1344. ?>