Subs-Members.php 45 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480
  1. <?php
  2. /**
  3. * This file contains some useful functions for members and membergroups.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2013 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. /**
  17. * Delete one or more members.
  18. * Requires profile_remove_own or profile_remove_any permission for
  19. * respectively removing your own account or any account.
  20. * Non-admins cannot delete admins.
  21. * The function:
  22. * - changes author of messages, topics and polls to guest authors.
  23. * - removes all log entries concerning the deleted members, except the
  24. * error logs, ban logs and moderation logs.
  25. * - removes these members' personal messages (only the inbox), avatars,
  26. * ban entries, theme settings, moderator positions, poll votes, and
  27. * karma votes.
  28. * - updates member statistics afterwards.
  29. *
  30. * @param array $users
  31. * @param bool $check_not_admin = false
  32. */
  33. function deleteMembers($users, $check_not_admin = false)
  34. {
  35. global $sourcedir, $modSettings, $user_info, $smcFunc;
  36. // Try give us a while to sort this out...
  37. @set_time_limit(600);
  38. // Try to get some more memory.
  39. setMemoryLimit('128M');
  40. // If it's not an array, make it so!
  41. if (!is_array($users))
  42. $users = array($users);
  43. else
  44. $users = array_unique($users);
  45. // Make sure there's no void user in here.
  46. $users = array_diff($users, array(0));
  47. // How many are they deleting?
  48. if (empty($users))
  49. return;
  50. elseif (count($users) == 1)
  51. {
  52. list ($user) = $users;
  53. if ($user == $user_info['id'])
  54. isAllowedTo('profile_remove_own');
  55. else
  56. isAllowedTo('profile_remove_any');
  57. }
  58. else
  59. {
  60. foreach ($users as $k => $v)
  61. $users[$k] = (int) $v;
  62. // Deleting more than one? You can't have more than one account...
  63. isAllowedTo('profile_remove_any');
  64. }
  65. // Get their names for logging purposes.
  66. $request = $smcFunc['db_query']('', '
  67. SELECT id_member, member_name, CASE WHEN id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 THEN 1 ELSE 0 END AS is_admin
  68. FROM {db_prefix}members
  69. WHERE id_member IN ({array_int:user_list})
  70. LIMIT ' . count($users),
  71. array(
  72. 'user_list' => $users,
  73. 'admin_group' => 1,
  74. )
  75. );
  76. $admins = array();
  77. $user_log_details = array();
  78. while ($row = $smcFunc['db_fetch_assoc']($request))
  79. {
  80. if ($row['is_admin'])
  81. $admins[] = $row['id_member'];
  82. $user_log_details[$row['id_member']] = array($row['id_member'], $row['member_name']);
  83. }
  84. $smcFunc['db_free_result']($request);
  85. if (empty($user_log_details))
  86. return;
  87. // Make sure they aren't trying to delete administrators if they aren't one. But don't bother checking if it's just themself.
  88. if (!empty($admins) && ($check_not_admin || (!allowedTo('admin_forum') && (count($users) != 1 || $users[0] != $user_info['id']))))
  89. {
  90. $users = array_diff($users, $admins);
  91. foreach ($admins as $id)
  92. unset($user_log_details[$id]);
  93. }
  94. // No one left?
  95. if (empty($users))
  96. return;
  97. // Log the action - regardless of who is deleting it.
  98. $log_changes = array();
  99. foreach ($user_log_details as $user)
  100. {
  101. $log_changes[] = array(
  102. 'action' => 'delete_member',
  103. 'log_type' => 'admin',
  104. 'extra' => array(
  105. 'member' => $user[0],
  106. 'name' => $user[1],
  107. 'member_acted' => $user_info['name'],
  108. ),
  109. );
  110. // Remove any cached data if enabled.
  111. if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2)
  112. cache_put_data('user_settings-' . $user[0], null, 60);
  113. }
  114. // Make these peoples' posts guest posts.
  115. $smcFunc['db_query']('', '
  116. UPDATE {db_prefix}messages
  117. SET id_member = {int:guest_id}' . (!empty($modSettings['deleteMembersRemovesEmail']) ? ',
  118. poster_email = {string:blank_email}' : '') . '
  119. WHERE id_member IN ({array_int:users})',
  120. array(
  121. 'guest_id' => 0,
  122. 'blank_email' => '',
  123. 'users' => $users,
  124. )
  125. );
  126. $smcFunc['db_query']('', '
  127. UPDATE {db_prefix}polls
  128. SET id_member = {int:guest_id}
  129. WHERE id_member IN ({array_int:users})',
  130. array(
  131. 'guest_id' => 0,
  132. 'users' => $users,
  133. )
  134. );
  135. // Make these peoples' posts guest first posts and last posts.
  136. $smcFunc['db_query']('', '
  137. UPDATE {db_prefix}topics
  138. SET id_member_started = {int:guest_id}
  139. WHERE id_member_started IN ({array_int:users})',
  140. array(
  141. 'guest_id' => 0,
  142. 'users' => $users,
  143. )
  144. );
  145. $smcFunc['db_query']('', '
  146. UPDATE {db_prefix}topics
  147. SET id_member_updated = {int:guest_id}
  148. WHERE id_member_updated IN ({array_int:users})',
  149. array(
  150. 'guest_id' => 0,
  151. 'users' => $users,
  152. )
  153. );
  154. $smcFunc['db_query']('', '
  155. UPDATE {db_prefix}log_actions
  156. SET id_member = {int:guest_id}
  157. WHERE id_member IN ({array_int:users})',
  158. array(
  159. 'guest_id' => 0,
  160. 'users' => $users,
  161. )
  162. );
  163. $smcFunc['db_query']('', '
  164. UPDATE {db_prefix}log_banned
  165. SET id_member = {int:guest_id}
  166. WHERE id_member IN ({array_int:users})',
  167. array(
  168. 'guest_id' => 0,
  169. 'users' => $users,
  170. )
  171. );
  172. $smcFunc['db_query']('', '
  173. UPDATE {db_prefix}log_errors
  174. SET id_member = {int:guest_id}
  175. WHERE id_member IN ({array_int:users})',
  176. array(
  177. 'guest_id' => 0,
  178. 'users' => $users,
  179. )
  180. );
  181. // Delete the member.
  182. $smcFunc['db_query']('', '
  183. DELETE FROM {db_prefix}members
  184. WHERE id_member IN ({array_int:users})',
  185. array(
  186. 'users' => $users,
  187. )
  188. );
  189. // Delete any drafts...
  190. $smcFunc['db_query']('', '
  191. DELETE FROM {db_prefix}user_drafts
  192. WHERE id_member IN ({array_int:users})',
  193. array(
  194. 'users' => $users,
  195. )
  196. );
  197. // Delete the logs...
  198. $smcFunc['db_query']('', '
  199. DELETE FROM {db_prefix}log_actions
  200. WHERE id_log = {int:log_type}
  201. AND id_member IN ({array_int:users})',
  202. array(
  203. 'log_type' => 2,
  204. 'users' => $users,
  205. )
  206. );
  207. $smcFunc['db_query']('', '
  208. DELETE FROM {db_prefix}log_boards
  209. WHERE id_member IN ({array_int:users})',
  210. array(
  211. 'users' => $users,
  212. )
  213. );
  214. $smcFunc['db_query']('', '
  215. DELETE FROM {db_prefix}log_comments
  216. WHERE id_recipient IN ({array_int:users})
  217. AND comment_type = {string:warntpl}',
  218. array(
  219. 'users' => $users,
  220. 'warntpl' => 'warntpl',
  221. )
  222. );
  223. $smcFunc['db_query']('', '
  224. DELETE FROM {db_prefix}log_group_requests
  225. WHERE id_member IN ({array_int:users})',
  226. array(
  227. 'users' => $users,
  228. )
  229. );
  230. $smcFunc['db_query']('', '
  231. DELETE FROM {db_prefix}log_karma
  232. WHERE id_target IN ({array_int:users})
  233. OR id_executor IN ({array_int:users})',
  234. array(
  235. 'users' => $users,
  236. )
  237. );
  238. $smcFunc['db_query']('', '
  239. DELETE FROM {db_prefix}log_mark_read
  240. WHERE id_member IN ({array_int:users})',
  241. array(
  242. 'users' => $users,
  243. )
  244. );
  245. $smcFunc['db_query']('', '
  246. DELETE FROM {db_prefix}log_notify
  247. WHERE id_member IN ({array_int:users})',
  248. array(
  249. 'users' => $users,
  250. )
  251. );
  252. $smcFunc['db_query']('', '
  253. DELETE FROM {db_prefix}log_online
  254. WHERE id_member IN ({array_int:users})',
  255. array(
  256. 'users' => $users,
  257. )
  258. );
  259. $smcFunc['db_query']('', '
  260. DELETE FROM {db_prefix}log_subscribed
  261. WHERE id_member IN ({array_int:users})',
  262. array(
  263. 'users' => $users,
  264. )
  265. );
  266. $smcFunc['db_query']('', '
  267. DELETE FROM {db_prefix}log_topics
  268. WHERE id_member IN ({array_int:users})',
  269. array(
  270. 'users' => $users,
  271. )
  272. );
  273. $smcFunc['db_query']('', '
  274. DELETE FROM {db_prefix}collapsed_categories
  275. WHERE id_member IN ({array_int:users})',
  276. array(
  277. 'users' => $users,
  278. )
  279. );
  280. // Make their votes appear as guest votes - at least it keeps the totals right.
  281. // @todo Consider adding back in cookie protection.
  282. $smcFunc['db_query']('', '
  283. UPDATE {db_prefix}log_polls
  284. SET id_member = {int:guest_id}
  285. WHERE id_member IN ({array_int:users})',
  286. array(
  287. 'guest_id' => 0,
  288. 'users' => $users,
  289. )
  290. );
  291. // Delete personal messages.
  292. require_once($sourcedir . '/PersonalMessage.php');
  293. deleteMessages(null, null, $users);
  294. $smcFunc['db_query']('', '
  295. UPDATE {db_prefix}personal_messages
  296. SET id_member_from = {int:guest_id}
  297. WHERE id_member_from IN ({array_int:users})',
  298. array(
  299. 'guest_id' => 0,
  300. 'users' => $users,
  301. )
  302. );
  303. // They no longer exist, so we don't know who it was sent to.
  304. $smcFunc['db_query']('', '
  305. DELETE FROM {db_prefix}pm_recipients
  306. WHERE id_member IN ({array_int:users})',
  307. array(
  308. 'users' => $users,
  309. )
  310. );
  311. // Delete avatar.
  312. require_once($sourcedir . '/ManageAttachments.php');
  313. removeAttachments(array('id_member' => $users));
  314. // It's over, no more moderation for you.
  315. $smcFunc['db_query']('', '
  316. DELETE FROM {db_prefix}moderators
  317. WHERE id_member IN ({array_int:users})',
  318. array(
  319. 'users' => $users,
  320. )
  321. );
  322. $smcFunc['db_query']('', '
  323. DELETE FROM {db_prefix}group_moderators
  324. WHERE id_member IN ({array_int:users})',
  325. array(
  326. 'users' => $users,
  327. )
  328. );
  329. // If you don't exist we can't ban you.
  330. $smcFunc['db_query']('', '
  331. DELETE FROM {db_prefix}ban_items
  332. WHERE id_member IN ({array_int:users})',
  333. array(
  334. 'users' => $users,
  335. )
  336. );
  337. // Remove individual theme settings.
  338. $smcFunc['db_query']('', '
  339. DELETE FROM {db_prefix}themes
  340. WHERE id_member IN ({array_int:users})',
  341. array(
  342. 'users' => $users,
  343. )
  344. );
  345. // These users are nobody's buddy nomore.
  346. $request = $smcFunc['db_query']('', '
  347. SELECT id_member, pm_ignore_list, buddy_list
  348. FROM {db_prefix}members
  349. WHERE FIND_IN_SET({raw:pm_ignore_list}, pm_ignore_list) != 0 OR FIND_IN_SET({raw:buddy_list}, buddy_list) != 0',
  350. array(
  351. 'pm_ignore_list' => implode(', pm_ignore_list) != 0 OR FIND_IN_SET(', $users),
  352. 'buddy_list' => implode(', buddy_list) != 0 OR FIND_IN_SET(', $users),
  353. )
  354. );
  355. while ($row = $smcFunc['db_fetch_assoc']($request))
  356. $smcFunc['db_query']('', '
  357. UPDATE {db_prefix}members
  358. SET
  359. pm_ignore_list = {string:pm_ignore_list},
  360. buddy_list = {string:buddy_list}
  361. WHERE id_member = {int:id_member}',
  362. array(
  363. 'id_member' => $row['id_member'],
  364. 'pm_ignore_list' => implode(',', array_diff(explode(',', $row['pm_ignore_list']), $users)),
  365. 'buddy_list' => implode(',', array_diff(explode(',', $row['buddy_list']), $users)),
  366. )
  367. );
  368. $smcFunc['db_free_result']($request);
  369. // Make sure no member's birthday is still sticking in the calendar...
  370. updateSettings(array(
  371. 'calendar_updated' => time(),
  372. ));
  373. // Integration rocks!
  374. call_integration_hook('integrate_delete_members', array($users));
  375. updateStats('member');
  376. require_once($sourcedir . '/Logging.php');
  377. logActions($log_changes);
  378. }
  379. /**
  380. * Registers a member to the forum.
  381. * Allows two types of interface: 'guest' and 'admin'. The first
  382. * includes hammering protection, the latter can perform the
  383. * registration silently.
  384. * The strings used in the options array are assumed to be escaped.
  385. * Allows to perform several checks on the input, e.g. reserved names.
  386. * The function will adjust member statistics.
  387. * If an error is detected will fatal error on all errors unless return_errors is true.
  388. *
  389. * @param array $regOptions
  390. * @param bool $return_errors - specify whether to return the errors
  391. * @return int, the ID of the newly created member
  392. */
  393. function registerMember(&$regOptions, $return_errors = false)
  394. {
  395. global $scripturl, $txt, $modSettings, $context, $sourcedir;
  396. global $user_info, $options, $settings, $smcFunc;
  397. loadLanguage('Login');
  398. // We'll need some external functions.
  399. require_once($sourcedir . '/Subs-Auth.php');
  400. require_once($sourcedir . '/Subs-Post.php');
  401. // Put any errors in here.
  402. $reg_errors = array();
  403. // Registration from the admin center, let them sweat a little more.
  404. if ($regOptions['interface'] == 'admin')
  405. {
  406. is_not_guest();
  407. isAllowedTo('moderate_forum');
  408. }
  409. // If you're an admin, you're special ;).
  410. elseif ($regOptions['interface'] == 'guest')
  411. {
  412. // You cannot register twice...
  413. if (empty($user_info['is_guest']))
  414. redirectexit();
  415. // Make sure they didn't just register with this session.
  416. if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck']))
  417. fatal_lang_error('register_only_once', false);
  418. }
  419. // What method of authorization are we going to use?
  420. if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid')))
  421. {
  422. if (!empty($regOptions['openid']))
  423. $regOptions['auth_method'] = 'openid';
  424. else
  425. $regOptions['auth_method'] = 'password';
  426. }
  427. // Spaces and other odd characters are evil...
  428. $regOptions['username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? '\x{A0}' : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']);
  429. // @todo Separate the sprintf?
  430. if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255)
  431. $reg_errors[] = array('done', sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($regOptions['username'])));
  432. $username_validation_errors = validateUsername(0, $regOptions['username'], true, !empty($regOptions['check_reserved_name']));
  433. if (!empty($username_validation_errors))
  434. $reg_errors = array_merge($reg_errors, $username_validation_errors);
  435. // Generate a validation code if it's supposed to be emailed.
  436. $validation_code = '';
  437. if ($regOptions['require'] == 'activation')
  438. $validation_code = generateValidationCode();
  439. // If you haven't put in a password generate one.
  440. if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password')
  441. {
  442. mt_srand(time() + 1277);
  443. $regOptions['password'] = generateValidationCode();
  444. $regOptions['password_check'] = $regOptions['password'];
  445. }
  446. // Does the first password match the second?
  447. elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password')
  448. $reg_errors[] = array('lang', 'passwords_dont_match');
  449. // That's kind of easy to guess...
  450. if ($regOptions['password'] == '')
  451. {
  452. if ($regOptions['auth_method'] == 'password')
  453. $reg_errors[] = array('lang', 'no_password');
  454. else
  455. $regOptions['password'] = sha1(mt_rand());
  456. }
  457. // Now perform hard password validation as required.
  458. if (!empty($regOptions['check_password_strength']))
  459. {
  460. $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
  461. // Password isn't legal?
  462. if ($passwordError != null)
  463. $reg_errors[] = array('lang', 'profile_error_password_' . $passwordError);
  464. }
  465. // If they are using an OpenID that hasn't been verified yet error out.
  466. // @todo Change this so they can register without having to attempt a login first
  467. if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid']))
  468. $reg_errors[] = array('lang', 'openid_not_verified');
  469. // You may not be allowed to register this email.
  470. if (!empty($regOptions['check_email_ban']))
  471. isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
  472. // Check if the email address is in use.
  473. $request = $smcFunc['db_query']('', '
  474. SELECT id_member
  475. FROM {db_prefix}members
  476. WHERE email_address = {string:email_address}
  477. OR email_address = {string:username}
  478. LIMIT 1',
  479. array(
  480. 'email_address' => $regOptions['email'],
  481. 'username' => $regOptions['username'],
  482. )
  483. );
  484. // @todo Separate the sprintf?
  485. if ($smcFunc['db_num_rows']($request) != 0)
  486. $reg_errors[] = array('lang', 'email_in_use', false, array($smcFunc['htmlspecialchars']($regOptions['email'])));
  487. $smcFunc['db_free_result']($request);
  488. // Perhaps someone else wants to check this user
  489. call_integration_hook('integrate_register_check', array(&$regOptions, &$reg_errors));
  490. // If we found any errors we need to do something about it right away!
  491. foreach ($reg_errors as $key => $error)
  492. {
  493. /* Note for each error:
  494. 0 = 'lang' if it's an index, 'done' if it's clear text.
  495. 1 = The text/index.
  496. 2 = Whether to log.
  497. 3 = sprintf data if necessary. */
  498. if ($error[0] == 'lang')
  499. loadLanguage('Errors');
  500. $message = $error[0] == 'lang' ? (empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3])) : $error[1];
  501. // What to do, what to do, what to do.
  502. if ($return_errors)
  503. {
  504. if (!empty($error[2]))
  505. log_error($message, $error[2]);
  506. $reg_errors[$key] = $message;
  507. }
  508. else
  509. fatal_error($message, empty($error[2]) ? false : $error[2]);
  510. }
  511. // If there's any errors left return them at once!
  512. if (!empty($reg_errors))
  513. return $reg_errors;
  514. $reservedVars = array(
  515. 'actual_theme_url',
  516. 'actual_images_url',
  517. 'base_theme_dir',
  518. 'base_theme_url',
  519. 'default_images_url',
  520. 'default_theme_dir',
  521. 'default_theme_url',
  522. 'default_template',
  523. 'images_url',
  524. 'number_recent_posts',
  525. 'smiley_sets_default',
  526. 'theme_dir',
  527. 'theme_id',
  528. 'theme_layers',
  529. 'theme_templates',
  530. 'theme_url',
  531. );
  532. // Can't change reserved vars.
  533. if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0)
  534. fatal_lang_error('no_theme');
  535. // Some of these might be overwritten. (the lower ones that are in the arrays below.)
  536. $regOptions['register_vars'] = array(
  537. 'member_name' => $regOptions['username'],
  538. 'email_address' => $regOptions['email'],
  539. 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']),
  540. 'password_salt' => substr(md5(mt_rand()), 0, 4) ,
  541. 'posts' => 0,
  542. 'date_registered' => time(),
  543. 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'],
  544. 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'],
  545. 'validation_code' => $validation_code,
  546. 'real_name' => $regOptions['username'],
  547. 'personal_text' => $modSettings['default_personal_text'],
  548. 'pm_email_notify' => 1,
  549. 'id_theme' => 0,
  550. 'id_post_group' => 4,
  551. 'lngfile' => '',
  552. 'buddy_list' => '',
  553. 'pm_ignore_list' => '',
  554. 'message_labels' => '',
  555. 'website_title' => '',
  556. 'website_url' => '',
  557. 'location' => '',
  558. 'icq' => '',
  559. 'aim' => '',
  560. 'yim' => '',
  561. 'skype' => '',
  562. 'time_format' => '',
  563. 'signature' => '',
  564. 'avatar' => '',
  565. 'usertitle' => '',
  566. 'secret_question' => '',
  567. 'secret_answer' => '',
  568. 'additional_groups' => '',
  569. 'ignore_boards' => '',
  570. 'smiley_set' => '',
  571. 'openid_uri' => (!empty($regOptions['openid']) ? $regOptions['openid'] : ''),
  572. );
  573. // Setup the activation status on this new account so it is correct - firstly is it an under age account?
  574. if ($regOptions['require'] == 'coppa')
  575. {
  576. $regOptions['register_vars']['is_activated'] = 5;
  577. // @todo This should be changed. To what should be it be changed??
  578. $regOptions['register_vars']['validation_code'] = '';
  579. }
  580. // Maybe it can be activated right away?
  581. elseif ($regOptions['require'] == 'nothing')
  582. $regOptions['register_vars']['is_activated'] = 1;
  583. // Maybe it must be activated by email?
  584. elseif ($regOptions['require'] == 'activation')
  585. $regOptions['register_vars']['is_activated'] = 0;
  586. // Otherwise it must be awaiting approval!
  587. else
  588. $regOptions['register_vars']['is_activated'] = 3;
  589. if (isset($regOptions['memberGroup']))
  590. {
  591. // Make sure the id_group will be valid, if this is an administator.
  592. $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
  593. // Check if this group is assignable.
  594. $unassignableGroups = array(-1, 3);
  595. $request = $smcFunc['db_query']('', '
  596. SELECT id_group
  597. FROM {db_prefix}membergroups
  598. WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
  599. OR group_type = {int:is_protected}'),
  600. array(
  601. 'min_posts' => -1,
  602. 'is_protected' => 1,
  603. )
  604. );
  605. while ($row = $smcFunc['db_fetch_assoc']($request))
  606. $unassignableGroups[] = $row['id_group'];
  607. $smcFunc['db_free_result']($request);
  608. if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups))
  609. $regOptions['register_vars']['id_group'] = 0;
  610. }
  611. // ICQ cannot be zero.
  612. if (isset($regOptions['extra_register_vars']['icq']) && empty($regOptions['extra_register_vars']['icq']))
  613. $regOptions['extra_register_vars']['icq'] = '';
  614. // Integrate optional member settings to be set.
  615. if (!empty($regOptions['extra_register_vars']))
  616. foreach ($regOptions['extra_register_vars'] as $var => $value)
  617. $regOptions['register_vars'][$var] = $value;
  618. // Integrate optional user theme options to be set.
  619. $theme_vars = array();
  620. if (!empty($regOptions['theme_vars']))
  621. foreach ($regOptions['theme_vars'] as $var => $value)
  622. $theme_vars[$var] = $value;
  623. // Right, now let's prepare for insertion.
  624. $knownInts = array(
  625. 'date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages',
  626. 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad',
  627. 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types',
  628. 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning',
  629. );
  630. $knownFloats = array(
  631. 'time_offset',
  632. );
  633. // Call an optional function to validate the users' input.
  634. call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats));
  635. $column_names = array();
  636. $values = array();
  637. foreach ($regOptions['register_vars'] as $var => $val)
  638. {
  639. $type = 'string';
  640. if (in_array($var, $knownInts))
  641. $type = 'int';
  642. elseif (in_array($var, $knownFloats))
  643. $type = 'float';
  644. elseif ($var == 'birthdate')
  645. $type = 'date';
  646. $column_names[$var] = $type;
  647. $values[$var] = $val;
  648. }
  649. // Register them into the database.
  650. $smcFunc['db_insert']('',
  651. '{db_prefix}members',
  652. $column_names,
  653. $values,
  654. array('id_member')
  655. );
  656. $memberID = $smcFunc['db_insert_id']('{db_prefix}members', 'id_member');
  657. // Update the number of members and latest member's info - and pass the name, but remove the 's.
  658. if ($regOptions['register_vars']['is_activated'] == 1)
  659. updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
  660. else
  661. updateStats('member');
  662. // Theme variables too?
  663. if (!empty($theme_vars))
  664. {
  665. $inserts = array();
  666. foreach ($theme_vars as $var => $val)
  667. $inserts[] = array($memberID, $var, $val);
  668. $smcFunc['db_insert']('insert',
  669. '{db_prefix}themes',
  670. array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'),
  671. $inserts,
  672. array('id_member', 'variable')
  673. );
  674. }
  675. // If it's enabled, increase the registrations for today.
  676. trackStats(array('registers' => '+'));
  677. // Administrative registrations are a bit different...
  678. if ($regOptions['interface'] == 'admin')
  679. {
  680. if ($regOptions['require'] == 'activation')
  681. $email_message = 'admin_register_activate';
  682. elseif (!empty($regOptions['send_welcome_email']))
  683. $email_message = 'admin_register_immediate';
  684. if (isset($email_message))
  685. {
  686. $replacements = array(
  687. 'REALNAME' => $regOptions['register_vars']['real_name'],
  688. 'USERNAME' => $regOptions['username'],
  689. 'PASSWORD' => $regOptions['password'],
  690. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  691. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  692. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  693. 'ACTIVATIONCODE' => $validation_code,
  694. );
  695. $emaildata = loadEmailTemplate($email_message, $replacements);
  696. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  697. }
  698. // All admins are finished here.
  699. return $memberID;
  700. }
  701. // Can post straight away - welcome them to your fantastic community...
  702. if ($regOptions['require'] == 'nothing')
  703. {
  704. if (!empty($regOptions['send_welcome_email']))
  705. {
  706. $replacements = array(
  707. 'REALNAME' => $regOptions['register_vars']['real_name'],
  708. 'USERNAME' => $regOptions['username'],
  709. 'PASSWORD' => $regOptions['password'],
  710. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  711. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  712. );
  713. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
  714. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  715. }
  716. // Send admin their notification.
  717. adminNotify('standard', $memberID, $regOptions['username']);
  718. }
  719. // Need to activate their account - or fall under COPPA.
  720. elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa')
  721. {
  722. $replacements = array(
  723. 'REALNAME' => $regOptions['register_vars']['real_name'],
  724. 'USERNAME' => $regOptions['username'],
  725. 'PASSWORD' => $regOptions['password'],
  726. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  727. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  728. );
  729. if ($regOptions['require'] == 'activation')
  730. $replacements += array(
  731. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code,
  732. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID,
  733. 'ACTIVATIONCODE' => $validation_code,
  734. );
  735. else
  736. $replacements += array(
  737. 'COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID,
  738. );
  739. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
  740. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  741. }
  742. // Must be awaiting approval.
  743. else
  744. {
  745. $replacements = array(
  746. 'REALNAME' => $regOptions['register_vars']['real_name'],
  747. 'USERNAME' => $regOptions['username'],
  748. 'PASSWORD' => $regOptions['password'],
  749. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  750. 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '',
  751. );
  752. $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
  753. sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  754. // Admin gets informed here...
  755. adminNotify('approval', $memberID, $regOptions['username']);
  756. }
  757. // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
  758. $_SESSION['just_registered'] = 1;
  759. // If they are for sure registered, let other people to know about it
  760. call_integration_hook('integrate_register_after', array($regOptions, $memberID));
  761. return $memberID;
  762. }
  763. /**
  764. * Check if a name is in the reserved words list.
  765. * (name, current member id, name/username?.)
  766. * - checks if name is a reserved name or username.
  767. * - if is_name is false, the name is assumed to be a username.
  768. * - the id_member variable is used to ignore duplicate matches with the
  769. * current member.
  770. *
  771. * @param string $name
  772. * @param int $current_ID_MEMBER
  773. * @param bool $is_name
  774. * @param bool $fatal
  775. */
  776. function isReservedName($name, $current_ID_MEMBER = 0, $is_name = true, $fatal = true)
  777. {
  778. global $user_info, $modSettings, $smcFunc, $context;
  779. $name = preg_replace_callback('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~', 'replaceEntities__callback', $name);
  780. $checkName = $smcFunc['strtolower']($name);
  781. // Administrators are never restricted ;).
  782. if (!allowedTo('moderate_forum') && ((!empty($modSettings['reserveName']) && $is_name) || !empty($modSettings['reserveUser']) && !$is_name))
  783. {
  784. $reservedNames = explode("\n", $modSettings['reserveNames']);
  785. // Case sensitive check?
  786. $checkMe = empty($modSettings['reserveCase']) ? $checkName : $name;
  787. // Check each name in the list...
  788. foreach ($reservedNames as $reserved)
  789. {
  790. if ($reserved == '')
  791. continue;
  792. // The admin might've used entities too, level the playing field.
  793. $reservedCheck = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~', 'replaceEntities__callback', $reserved);
  794. // Case sensitive name?
  795. if (empty($modSettings['reserveCase']))
  796. $reservedCheck = $smcFunc['strtolower']($reservedCheck);
  797. // If it's not just entire word, check for it in there somewhere...
  798. if ($checkMe == $reservedCheck || ($smcFunc['strpos']($checkMe, $reservedCheck) !== false && empty($modSettings['reserveWord'])))
  799. if ($fatal)
  800. fatal_lang_error('username_reserved', 'password', array($reserved));
  801. else
  802. return true;
  803. }
  804. $censor_name = $name;
  805. if (censorText($censor_name) != $name)
  806. if ($fatal)
  807. fatal_lang_error('name_censored', 'password', array($name));
  808. else
  809. return true;
  810. }
  811. // Characters we just shouldn't allow, regardless.
  812. foreach (array('*') as $char)
  813. if (strpos($checkName, $char) !== false)
  814. if ($fatal)
  815. fatal_lang_error('username_reserved', 'password', array($char));
  816. else
  817. return true;
  818. // Get rid of any SQL parts of the reserved name...
  819. $checkName = strtr($name, array('_' => '\\_', '%' => '\\%'));
  820. // Make sure they don't want someone else's name.
  821. $request = $smcFunc['db_query']('', '
  822. SELECT id_member
  823. FROM {db_prefix}members
  824. WHERE ' . (empty($current_ID_MEMBER) ? '' : 'id_member != {int:current_member}
  825. AND ') . '(real_name LIKE {string:check_name} OR member_name LIKE {string:check_name})
  826. LIMIT 1',
  827. array(
  828. 'current_member' => $current_ID_MEMBER,
  829. 'check_name' => $checkName,
  830. )
  831. );
  832. if ($smcFunc['db_num_rows']($request) > 0)
  833. {
  834. $smcFunc['db_free_result']($request);
  835. return true;
  836. }
  837. // Does name case insensitive match a member group name?
  838. $request = $smcFunc['db_query']('', '
  839. SELECT id_group
  840. FROM {db_prefix}membergroups
  841. WHERE group_name LIKE {string:check_name}
  842. LIMIT 1',
  843. array(
  844. 'check_name' => $checkName,
  845. )
  846. );
  847. if ($smcFunc['db_num_rows']($request) > 0)
  848. {
  849. $smcFunc['db_free_result']($request);
  850. return true;
  851. }
  852. // Okay, they passed.
  853. return false;
  854. }
  855. // Get a list of groups that have a given permission (on a given board).
  856. /**
  857. * Retrieves a list of membergroups that are allowed to do the given
  858. * permission. (on the given board)
  859. * If board_id is not null, a board permission is assumed.
  860. * The function takes different permission settings into account.
  861. *
  862. * @param string $permission
  863. * @param int $board_id = null
  864. * @return an array containing an array for the allowed membergroup ID's
  865. * and an array for the denied membergroup ID's.
  866. */
  867. function groupsAllowedTo($permission, $board_id = null)
  868. {
  869. global $modSettings, $board_info, $smcFunc;
  870. // Admins are allowed to do anything.
  871. $member_groups = array(
  872. 'allowed' => array(1),
  873. 'denied' => array(),
  874. );
  875. // Assume we're dealing with regular permissions (like profile_view_own).
  876. if ($board_id === null)
  877. {
  878. $request = $smcFunc['db_query']('', '
  879. SELECT id_group, add_deny
  880. FROM {db_prefix}permissions
  881. WHERE permission = {string:permission}',
  882. array(
  883. 'permission' => $permission,
  884. )
  885. );
  886. while ($row = $smcFunc['db_fetch_assoc']($request))
  887. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  888. $smcFunc['db_free_result']($request);
  889. }
  890. // Otherwise it's time to look at the board.
  891. else
  892. {
  893. // First get the profile of the given board.
  894. if (isset($board_info['id']) && $board_info['id'] == $board_id)
  895. $profile_id = $board_info['profile'];
  896. elseif ($board_id !== 0)
  897. {
  898. $request = $smcFunc['db_query']('', '
  899. SELECT id_profile
  900. FROM {db_prefix}boards
  901. WHERE id_board = {int:id_board}
  902. LIMIT 1',
  903. array(
  904. 'id_board' => $board_id,
  905. )
  906. );
  907. if ($smcFunc['db_num_rows']($request) == 0)
  908. fatal_lang_error('no_board');
  909. list ($profile_id) = $smcFunc['db_fetch_row']($request);
  910. $smcFunc['db_free_result']($request);
  911. }
  912. else
  913. $profile_id = 1;
  914. $request = $smcFunc['db_query']('', '
  915. SELECT bp.id_group, bp.add_deny
  916. FROM {db_prefix}board_permissions AS bp
  917. WHERE bp.permission = {string:permission}
  918. AND bp.id_profile = {int:profile_id}',
  919. array(
  920. 'profile_id' => $profile_id,
  921. 'permission' => $permission,
  922. )
  923. );
  924. while ($row = $smcFunc['db_fetch_assoc']($request))
  925. $member_groups[$row['add_deny'] === '1' ? 'allowed' : 'denied'][] = $row['id_group'];
  926. $smcFunc['db_free_result']($request);
  927. $moderator_groups = array();
  928. // "Inherit" any moderator permissions as needed
  929. if (isset($board_info['moderator_groups']))
  930. {
  931. $moderator_groups = array_keys($board_info['moderator_groups']);
  932. }
  933. elseif ($board_id !== 0)
  934. {
  935. // Get the groups that can moderate this board
  936. $request = $smcFunc['db_query']('', '
  937. SELECT id_group
  938. FROM {db_prefix}moderator_groups
  939. WHERE id_board = {int:board_id}',
  940. array(
  941. 'board_id' => $board_id,
  942. )
  943. );
  944. while ($row = $smcFunc['db_fetch_assoc']($request))
  945. {
  946. $moderator_groups[] = $row['id_group'];
  947. }
  948. $smcFunc['db_free_result']($request);
  949. }
  950. // "Inherit" any additional permissions from the "Moderators" group
  951. foreach ($moderator_groups as $mod_group)
  952. {
  953. // If they're not specifically allowed, but the moderator group is, then allow it
  954. if (in_array(3, $member_groups['allowed']) && !in_array($mod_group, $member_groups['allowed']))
  955. {
  956. $member_groups['allowed'][] = $mod_group;
  957. }
  958. // They're not denied, but the moderator group is, so deny it
  959. if (in_array(3, $member_groups['denied']) && !in_array($mod_group, $member_groups['denied']))
  960. {
  961. $member_groups['denied'][] = $mod_group;
  962. }
  963. }
  964. }
  965. // Denied is never allowed.
  966. $member_groups['allowed'] = array_diff($member_groups['allowed'], $member_groups['denied']);
  967. return $member_groups;
  968. }
  969. /**
  970. * Retrieves a list of members that have a given permission
  971. * (on a given board).
  972. * If board_id is not null, a board permission is assumed.
  973. * Takes different permission settings into account.
  974. * Takes possible moderators (on board 'board_id') into account.
  975. *
  976. * @param string $permission
  977. * @param int $board_id = null
  978. * @return an array containing member ID's.
  979. */
  980. function membersAllowedTo($permission, $board_id = null)
  981. {
  982. global $smcFunc;
  983. $member_groups = groupsAllowedTo($permission, $board_id);
  984. $all_groups = array_merge($member_groups['allowed'], $member_groups['denied']);
  985. $include_moderators = in_array(3, $member_groups['allowed']) && $board_id !== null;
  986. $member_groups['allowed'] = array_diff($member_groups['allowed'], array(3));
  987. $exclude_moderators = in_array(3, $member_groups['denied']) && $board_id !== null;
  988. $member_groups['denied'] = array_diff($member_groups['denied'], array(3));
  989. $request = $smcFunc['db_query']('', '
  990. SELECT mem.id_member
  991. FROM {db_prefix}members AS mem' . ($include_moderators || $exclude_moderators ? '
  992. LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_member = mem.id_member AND mods.id_board = {int:board_id})
  993. LEFT JOIN {db_prefix}moderator_groups AS modgs ON (modgs.id_group IN ({array_int:all_member_groups}))' : '') . '
  994. WHERE (' . ($include_moderators ? 'mods.id_member IS NOT NULL OR modgs.id_group IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_allowed}) OR FIND_IN_SET({raw:member_group_allowed_implode}, mem.additional_groups) != 0 OR mem.id_post_group IN ({array_int:member_groups_allowed}))' . (empty($member_groups['denied']) ? '' : '
  995. AND NOT (' . ($exclude_moderators ? 'mods.id_member IS NOT NULL OR modgs.id_group IS NOT NULL OR ' : '') . 'mem.id_group IN ({array_int:member_groups_denied}) OR FIND_IN_SET({raw:member_group_denied_implode}, mem.additional_groups) != 0 OR mem.id_post_group IN ({array_int:member_groups_denied}))'),
  996. array(
  997. 'member_groups_allowed' => $member_groups['allowed'],
  998. 'member_groups_denied' => $member_groups['denied'],
  999. 'all_member_groups' => $all_groups,
  1000. 'board_id' => $board_id,
  1001. 'member_group_allowed_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['allowed']),
  1002. 'member_group_denied_implode' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $member_groups['denied']),
  1003. )
  1004. );
  1005. $members = array();
  1006. while ($row = $smcFunc['db_fetch_assoc']($request))
  1007. $members[] = $row['id_member'];
  1008. $smcFunc['db_free_result']($request);
  1009. return $members;
  1010. }
  1011. /**
  1012. * This function is used to reassociate members with relevant posts.
  1013. * Reattribute guest posts to a specified member.
  1014. * Does not check for any permissions.
  1015. * If add_to_post_count is set, the member's post count is increased.
  1016. *
  1017. * @param int $memID
  1018. * @param string $email = false
  1019. * @param string $membername = false
  1020. * @param bool $post_count = false
  1021. * @return nothing
  1022. */
  1023. function reattributePosts($memID, $email = false, $membername = false, $post_count = false)
  1024. {
  1025. global $smcFunc;
  1026. // Firstly, if email and username aren't passed find out the members email address and name.
  1027. if ($email === false && $membername === false)
  1028. {
  1029. $request = $smcFunc['db_query']('', '
  1030. SELECT email_address, member_name
  1031. FROM {db_prefix}members
  1032. WHERE id_member = {int:memID}
  1033. LIMIT 1',
  1034. array(
  1035. 'memID' => $memID,
  1036. )
  1037. );
  1038. list ($email, $membername) = $smcFunc['db_fetch_row']($request);
  1039. $smcFunc['db_free_result']($request);
  1040. }
  1041. // If they want the post count restored then we need to do some research.
  1042. if ($post_count)
  1043. {
  1044. $request = $smcFunc['db_query']('', '
  1045. SELECT COUNT(*)
  1046. FROM {db_prefix}messages AS m
  1047. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND b.count_posts = {int:count_posts})
  1048. WHERE m.id_member = {int:guest_id}
  1049. AND m.approved = {int:is_approved}
  1050. AND m.icon != {string:recycled_icon}' . (empty($email) ? '' : '
  1051. AND m.poster_email = {string:email_address}') . (empty($membername) ? '' : '
  1052. AND m.poster_name = {string:member_name}'),
  1053. array(
  1054. 'count_posts' => 0,
  1055. 'guest_id' => 0,
  1056. 'email_address' => $email,
  1057. 'member_name' => $membername,
  1058. 'is_approved' => 1,
  1059. 'recycled_icon' => 'recycled',
  1060. )
  1061. );
  1062. list ($messageCount) = $smcFunc['db_fetch_row']($request);
  1063. $smcFunc['db_free_result']($request);
  1064. updateMemberData($memID, array('posts' => 'posts + ' . $messageCount));
  1065. }
  1066. $query_parts = array();
  1067. if (!empty($email))
  1068. $query_parts[] = 'poster_email = {string:email_address}';
  1069. if (!empty($membername))
  1070. $query_parts[] = 'poster_name = {string:member_name}';
  1071. $query = implode(' AND ', $query_parts);
  1072. // Finally, update the posts themselves!
  1073. $smcFunc['db_query']('', '
  1074. UPDATE {db_prefix}messages
  1075. SET id_member = {int:memID}
  1076. WHERE ' . $query,
  1077. array(
  1078. 'memID' => $memID,
  1079. 'email_address' => $email,
  1080. 'member_name' => $membername,
  1081. )
  1082. );
  1083. // ...and the topics too!
  1084. $smcFunc['db_query']('', '
  1085. UPDATE {db_prefix}topics as t, {db_prefix}messages as m
  1086. SET t.id_member_started = {int:memID}
  1087. WHERE m.id_member = {int:memID}
  1088. AND t.id_first_msg = m.id_msg',
  1089. array(
  1090. 'memID' => $memID,
  1091. )
  1092. );
  1093. // Allow mods with their own post tables to reattribute posts as well :)
  1094. call_integration_hook('integrate_reattribute_posts', array($memID, $email, $membername, $post_count));
  1095. }
  1096. /**
  1097. * This simple function adds/removes the passed user from the current users buddy list.
  1098. * Requires profile_identity_own permission.
  1099. * Called by ?action=buddy;u=x;session_id=y.
  1100. * Redirects to ?action=profile;u=x.
  1101. */
  1102. function BuddyListToggle()
  1103. {
  1104. global $user_info;
  1105. checkSession('get');
  1106. isAllowedTo('profile_identity_own');
  1107. is_not_guest();
  1108. if (empty($_REQUEST['u']))
  1109. fatal_lang_error('no_access', false);
  1110. $_REQUEST['u'] = (int) $_REQUEST['u'];
  1111. // Remove if it's already there...
  1112. if (in_array($_REQUEST['u'], $user_info['buddies']))
  1113. $user_info['buddies'] = array_diff($user_info['buddies'], array($_REQUEST['u']));
  1114. // ...or add if it's not and if it's not you.
  1115. elseif ($user_info['id'] != $_REQUEST['u'])
  1116. $user_info['buddies'][] = (int) $_REQUEST['u'];
  1117. // Update the settings.
  1118. updateMemberData($user_info['id'], array('buddy_list' => implode(',', $user_info['buddies'])));
  1119. // Redirect back to the profile
  1120. redirectexit('action=profile;u=' . $_REQUEST['u']);
  1121. }
  1122. /**
  1123. * Callback for createList().
  1124. *
  1125. * @param $start
  1126. * @param $items_per_page
  1127. * @param $sort
  1128. * @param $where
  1129. * @param $where_params
  1130. * @param $get_duplicates
  1131. */
  1132. function list_getMembers($start, $items_per_page, $sort, $where, $where_params = array(), $get_duplicates = false)
  1133. {
  1134. global $smcFunc;
  1135. $request = $smcFunc['db_query']('', '
  1136. SELECT
  1137. mem.id_member, mem.member_name, mem.real_name, mem.email_address, mem.icq, mem.aim, mem.yim, mem.skype, mem.member_ip, mem.member_ip2, mem.last_login,
  1138. mem.posts, mem.is_activated, mem.date_registered, mem.id_group, mem.additional_groups, mg.group_name
  1139. FROM {db_prefix}members AS mem
  1140. LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = mem.id_group)
  1141. WHERE ' . ($where == '1' ? '1=1' : $where) . '
  1142. ORDER BY {raw:sort}
  1143. LIMIT {int:start}, {int:per_page}',
  1144. array_merge($where_params, array(
  1145. 'sort' => $sort,
  1146. 'start' => $start,
  1147. 'per_page' => $items_per_page,
  1148. ))
  1149. );
  1150. $members = array();
  1151. while ($row = $smcFunc['db_fetch_assoc']($request))
  1152. $members[] = $row;
  1153. $smcFunc['db_free_result']($request);
  1154. // If we want duplicates pass the members array off.
  1155. if ($get_duplicates)
  1156. populateDuplicateMembers($members);
  1157. return $members;
  1158. }
  1159. /**
  1160. * Callback for createList().
  1161. *
  1162. * @param $where
  1163. * @param $where_params
  1164. */
  1165. function list_getNumMembers($where, $where_params = array())
  1166. {
  1167. global $smcFunc, $modSettings;
  1168. // We know how many members there are in total.
  1169. if (empty($where) || $where == '1=1')
  1170. $num_members = $modSettings['totalMembers'];
  1171. // The database knows the amount when there are extra conditions.
  1172. else
  1173. {
  1174. $request = $smcFunc['db_query']('', '
  1175. SELECT COUNT(*)
  1176. FROM {db_prefix}members AS mem
  1177. WHERE ' . $where,
  1178. array_merge($where_params, array(
  1179. ))
  1180. );
  1181. list ($num_members) = $smcFunc['db_fetch_row']($request);
  1182. $smcFunc['db_free_result']($request);
  1183. }
  1184. return $num_members;
  1185. }
  1186. /**
  1187. * Find potential duplicate registation members based on the same IP address
  1188. *
  1189. * @param $members
  1190. */
  1191. function populateDuplicateMembers(&$members)
  1192. {
  1193. global $smcFunc;
  1194. // This will hold all the ip addresses.
  1195. $ips = array();
  1196. foreach ($members as $key => $member)
  1197. {
  1198. // Create the duplicate_members element.
  1199. $members[$key]['duplicate_members'] = array();
  1200. // Store the IPs.
  1201. if (!empty($member['member_ip']))
  1202. $ips[] = $member['member_ip'];
  1203. if (!empty($member['member_ip2']))
  1204. $ips[] = $member['member_ip2'];
  1205. }
  1206. $ips = array_unique($ips);
  1207. if (empty($ips))
  1208. return false;
  1209. // Fetch all members with this IP address, we'll filter out the current ones in a sec.
  1210. $request = $smcFunc['db_query']('', '
  1211. SELECT
  1212. id_member, member_name, email_address, member_ip, member_ip2, is_activated
  1213. FROM {db_prefix}members
  1214. WHERE member_ip IN ({array_string:ips})
  1215. OR member_ip2 IN ({array_string:ips})',
  1216. array(
  1217. 'ips' => $ips,
  1218. )
  1219. );
  1220. $duplicate_members = array();
  1221. $duplicate_ids = array();
  1222. while ($row = $smcFunc['db_fetch_assoc']($request))
  1223. {
  1224. //$duplicate_ids[] = $row['id_member'];
  1225. $member_context = array(
  1226. 'id' => $row['id_member'],
  1227. 'name' => $row['member_name'],
  1228. 'email' => $row['email_address'],
  1229. 'is_banned' => $row['is_activated'] > 10,
  1230. 'ip' => $row['member_ip'],
  1231. 'ip2' => $row['member_ip2'],
  1232. );
  1233. if (in_array($row['member_ip'], $ips))
  1234. $duplicate_members[$row['member_ip']][] = $member_context;
  1235. if ($row['member_ip'] != $row['member_ip2'] && in_array($row['member_ip2'], $ips))
  1236. $duplicate_members[$row['member_ip2']][] = $member_context;
  1237. }
  1238. $smcFunc['db_free_result']($request);
  1239. // Also try to get a list of messages using these ips.
  1240. $request = $smcFunc['db_query']('', '
  1241. SELECT
  1242. m.poster_ip, mem.id_member, mem.member_name, mem.email_address, mem.is_activated
  1243. FROM {db_prefix}messages AS m
  1244. INNER JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
  1245. WHERE m.id_member != 0
  1246. ' . (!empty($duplicate_ids) ? 'AND m.id_member NOT IN ({array_int:duplicate_ids})' : '') . '
  1247. AND m.poster_ip IN ({array_string:ips})',
  1248. array(
  1249. 'duplicate_ids' => $duplicate_ids,
  1250. 'ips' => $ips,
  1251. )
  1252. );
  1253. $had_ips = array();
  1254. while ($row = $smcFunc['db_fetch_assoc']($request))
  1255. {
  1256. // Don't collect lots of the same.
  1257. if (isset($had_ips[$row['poster_ip']]) && in_array($row['id_member'], $had_ips[$row['poster_ip']]))
  1258. continue;
  1259. $had_ips[$row['poster_ip']][] = $row['id_member'];
  1260. $duplicate_members[$row['poster_ip']][] = array(
  1261. 'id' => $row['id_member'],
  1262. 'name' => $row['member_name'],
  1263. 'email' => $row['email_address'],
  1264. 'is_banned' => $row['is_activated'] > 10,
  1265. 'ip' => $row['poster_ip'],
  1266. 'ip2' => $row['poster_ip'],
  1267. );
  1268. }
  1269. $smcFunc['db_free_result']($request);
  1270. // Now we have all the duplicate members, stick them with their respective member in the list.
  1271. if (!empty($duplicate_members))
  1272. foreach ($members as $key => $member)
  1273. {
  1274. if (isset($duplicate_members[$member['member_ip']]))
  1275. $members[$key]['duplicate_members'] = $duplicate_members[$member['member_ip']];
  1276. if ($member['member_ip'] != $member['member_ip2'] && isset($duplicate_members[$member['member_ip2']]))
  1277. $members[$key]['duplicate_members'] = array_merge($member['duplicate_members'], $duplicate_members[$member['member_ip2']]);
  1278. // Check we don't have lots of the same member.
  1279. $member_track = array($member['id_member']);
  1280. foreach ($members[$key]['duplicate_members'] as $duplicate_id_member => $duplicate_member)
  1281. {
  1282. if (in_array($duplicate_member['id'], $member_track))
  1283. {
  1284. unset($members[$key]['duplicate_members'][$duplicate_id_member]);
  1285. continue;
  1286. }
  1287. $member_track[] = $duplicate_member['id'];
  1288. }
  1289. }
  1290. }
  1291. /**
  1292. * Generate a random validation code.
  1293. * @todo Err. Whatcha doin' here.
  1294. *
  1295. * @return type
  1296. */
  1297. function generateValidationCode()
  1298. {
  1299. global $smcFunc, $modSettings;
  1300. $request = $smcFunc['db_query']('get_random_number', '
  1301. SELECT RAND()',
  1302. array(
  1303. )
  1304. );
  1305. list ($dbRand) = $smcFunc['db_fetch_row']($request);
  1306. $smcFunc['db_free_result']($request);
  1307. return substr(preg_replace('/\W/', '', sha1(microtime() . mt_rand() . $dbRand . $modSettings['rand_seed'])), 0, 10);
  1308. }
  1309. ?>