Blame Identity/Models/Html/phpBB/3.0.4/includes/functions_user.php

d6e8d8
d6e8d8
/**
d6e8d8
*
d6e8d8
* @package phpBB3
d6e8d8
* @version $Id: functions_user.php 8949 2008-09-26 21:29:05Z toonarmy $
d6e8d8
* @copyright (c) 2005 phpBB Group
d6e8d8
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
d6e8d8
*
d6e8d8
*/
d6e8d8
d6e8d8
/**
d6e8d8
* @ignore
d6e8d8
*/
d6e8d8
if (!defined('IN_PHPBB'))
d6e8d8
{
d6e8d8
	exit;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Obtain user_ids from usernames or vice versa. Returns false on
d6e8d8
* success else the error string
d6e8d8
*
d6e8d8
* @param array &$user_id_ary The user ids to check or empty if usernames used
d6e8d8
* @param array &$username_ary The usernames to check or empty if user ids used
d6e8d8
* @param mixed $user_type Array of user types to check, false if not restricting by user type
d6e8d8
*/
d6e8d8
function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
d6e8d8
{
d6e8d8
	global $db;
d6e8d8
d6e8d8
	// Are both arrays already filled? Yep, return else
d6e8d8
	// are neither array filled?
d6e8d8
	if ($user_id_ary && $username_ary)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
	else if (!$user_id_ary && !$username_ary)
d6e8d8
	{
d6e8d8
		return 'NO_USERS';
d6e8d8
	}
d6e8d8
d6e8d8
	$which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';
d6e8d8
d6e8d8
	if ($$which_ary && !is_array($$which_ary))
d6e8d8
	{
d6e8d8
		$$which_ary = array($$which_ary);
d6e8d8
	}
d6e8d8
d6e8d8
	$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);
d6e8d8
	unset($$which_ary);
d6e8d8
d6e8d8
	$user_id_ary = $username_ary = array();
d6e8d8
d6e8d8
	// Grab the user id/username records
d6e8d8
	$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';
d6e8d8
	$sql = 'SELECT user_id, username
d6e8d8
		FROM ' . USERS_TABLE . '
d6e8d8
		WHERE ' . $db->sql_in_set($sql_where, $sql_in);
d6e8d8
d6e8d8
	if ($user_type !== false && !empty($user_type))
d6e8d8
	{
d6e8d8
		$sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);
d6e8d8
	}
d6e8d8
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	if (!($row = $db->sql_fetchrow($result)))
d6e8d8
	{
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
		return 'NO_USERS';
d6e8d8
	}
d6e8d8
d6e8d8
	do
d6e8d8
	{
d6e8d8
		$username_ary[$row['user_id']] = $row['username'];
d6e8d8
		$user_id_ary[] = $row['user_id'];
d6e8d8
	}
d6e8d8
	while ($row = $db->sql_fetchrow($result));
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Get latest registered username and update database to reflect it
d6e8d8
*/
d6e8d8
function update_last_username()
d6e8d8
{
d6e8d8
	global $db;
d6e8d8
d6e8d8
	// Get latest username
d6e8d8
	$sql = 'SELECT user_id, username, user_colour
d6e8d8
		FROM ' . USERS_TABLE . '
d6e8d8
		WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
d6e8d8
		ORDER BY user_id DESC';
d6e8d8
	$result = $db->sql_query_limit($sql, 1);
d6e8d8
	$row = $db->sql_fetchrow($result);
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if ($row)
d6e8d8
	{
d6e8d8
		set_config('newest_user_id', $row['user_id'], true);
d6e8d8
		set_config('newest_username', $row['username'], true);
d6e8d8
		set_config('newest_user_colour', $row['user_colour'], true);
d6e8d8
	}
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Updates a username across all relevant tables/fields
d6e8d8
*
d6e8d8
* @param string $old_name the old/current username
d6e8d8
* @param string $new_name the new username
d6e8d8
*/
d6e8d8
function user_update_name($old_name, $new_name)
d6e8d8
{
d6e8d8
	global $config, $db, $cache;
d6e8d8
d6e8d8
	$update_ary = array(
d6e8d8
		FORUMS_TABLE			=> array('forum_last_poster_name'),
d6e8d8
		MODERATOR_CACHE_TABLE	=> array('username'),
d6e8d8
		POSTS_TABLE				=> array('post_username'),
d6e8d8
		TOPICS_TABLE			=> array('topic_first_poster_name', 'topic_last_poster_name'),
d6e8d8
	);
d6e8d8
d6e8d8
	foreach ($update_ary as $table => $field_ary)
d6e8d8
	{
d6e8d8
		foreach ($field_ary as $field)
d6e8d8
		{
d6e8d8
			$sql = "UPDATE $table
d6e8d8
				SET $field = '" . $db->sql_escape($new_name) . "'
d6e8d8
				WHERE $field = '" . $db->sql_escape($old_name) . "'";
d6e8d8
			$db->sql_query($sql);
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	if ($config['newest_username'] == $old_name)
d6e8d8
	{
d6e8d8
		set_config('newest_username', $new_name, true);
d6e8d8
	}
d6e8d8
d6e8d8
	// Because some tables/caches use username-specific data we need to purge this here.
d6e8d8
	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Adds an user
d6e8d8
*
d6e8d8
* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
d6e8d8
* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
d6e8d8
* @return the new user's ID.
d6e8d8
*/
d6e8d8
function user_add($user_row, $cp_data = false)
d6e8d8
{
d6e8d8
	global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
d6e8d8
d6e8d8
	if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$username_clean = utf8_clean_string($user_row['username']);
d6e8d8
d6e8d8
	if (empty($username_clean))
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$sql_ary = array(
d6e8d8
		'username'			=> $user_row['username'],
d6e8d8
		'username_clean'	=> $username_clean,
d6e8d8
		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
d6e8d8
		'user_pass_convert'	=> 0,
d6e8d8
		'user_email'		=> strtolower($user_row['user_email']),
d6e8d8
		'user_email_hash'	=> crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
d6e8d8
		'group_id'			=> $user_row['group_id'],
d6e8d8
		'user_type'			=> $user_row['user_type'],
d6e8d8
	);
d6e8d8
d6e8d8
	// These are the additional vars able to be specified
d6e8d8
	$additional_vars = array(
d6e8d8
		'user_permissions'	=> '',
d6e8d8
		'user_timezone'		=> $config['board_timezone'],
d6e8d8
		'user_dateformat'	=> $config['default_dateformat'],
d6e8d8
		'user_lang'			=> $config['default_lang'],
d6e8d8
		'user_style'		=> (int) $config['default_style'],
d6e8d8
		'user_actkey'		=> '',
d6e8d8
		'user_ip'			=> '',
d6e8d8
		'user_regdate'		=> time(),
d6e8d8
		'user_passchg'		=> time(),
d6e8d8
		'user_options'		=> 895,
d6e8d8
d6e8d8
		'user_inactive_reason'	=> 0,
d6e8d8
		'user_inactive_time'	=> 0,
d6e8d8
		'user_lastmark'			=> time(),
d6e8d8
		'user_lastvisit'		=> 0,
d6e8d8
		'user_lastpost_time'	=> 0,
d6e8d8
		'user_lastpage'			=> '',
d6e8d8
		'user_posts'			=> 0,
d6e8d8
		'user_dst'				=> (int) $config['board_dst'],
d6e8d8
		'user_colour'			=> '',
d6e8d8
		'user_occ'				=> '',
d6e8d8
		'user_interests'		=> '',
d6e8d8
		'user_avatar'			=> '',
d6e8d8
		'user_avatar_type'		=> 0,
d6e8d8
		'user_avatar_width'		=> 0,
d6e8d8
		'user_avatar_height'	=> 0,
d6e8d8
		'user_new_privmsg'		=> 0,
d6e8d8
		'user_unread_privmsg'	=> 0,
d6e8d8
		'user_last_privmsg'		=> 0,
d6e8d8
		'user_message_rules'	=> 0,
d6e8d8
		'user_full_folder'		=> PRIVMSGS_NO_BOX,
d6e8d8
		'user_emailtime'		=> 0,
d6e8d8
d6e8d8
		'user_notify'			=> 0,
d6e8d8
		'user_notify_pm'		=> 1,
d6e8d8
		'user_notify_type'		=> NOTIFY_EMAIL,
d6e8d8
		'user_allow_pm'			=> 1,
d6e8d8
		'user_allow_viewonline'	=> 1,
d6e8d8
		'user_allow_viewemail'	=> 1,
d6e8d8
		'user_allow_massemail'	=> 1,
d6e8d8
d6e8d8
		'user_sig'					=> '',
d6e8d8
		'user_sig_bbcode_uid'		=> '',
d6e8d8
		'user_sig_bbcode_bitfield'	=> '',
d6e8d8
d6e8d8
		'user_form_salt'			=> unique_id(),
d6e8d8
	);
d6e8d8
d6e8d8
	// Now fill the sql array with not required variables
d6e8d8
	foreach ($additional_vars as $key => $default_value)
d6e8d8
	{
d6e8d8
		$sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;
d6e8d8
	}
d6e8d8
d6e8d8
	// Any additional variables in $user_row not covered above?
d6e8d8
	$remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
d6e8d8
d6e8d8
	// Now fill our sql array with the remaining vars
d6e8d8
	if (sizeof($remaining_vars))
d6e8d8
	{
d6e8d8
		foreach ($remaining_vars as $key)
d6e8d8
		{
d6e8d8
			$sql_ary[$key] = $user_row[$key];
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	$user_id = $db->sql_nextid();
d6e8d8
d6e8d8
	// Insert Custom Profile Fields
d6e8d8
	if ($cp_data !== false && sizeof($cp_data))
d6e8d8
	{
d6e8d8
		$cp_data['user_id'] = (int) $user_id;
d6e8d8
d6e8d8
		if (!class_exists('custom_profile'))
d6e8d8
		{
d6e8d8
			include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
d6e8d8
		}
d6e8d8
d6e8d8
		$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
d6e8d8
			$db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
d6e8d8
		$db->sql_query($sql);
d6e8d8
	}
d6e8d8
d6e8d8
	// Place into appropriate group...
d6e8d8
	$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
d6e8d8
		'user_id'		=> (int) $user_id,
d6e8d8
		'group_id'		=> (int) $user_row['group_id'],
d6e8d8
		'user_pending'	=> 0)
d6e8d8
	);
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	// Now make it the users default group...
d6e8d8
	group_set_user_default($user_row['group_id'], array($user_id), false);
d6e8d8
d6e8d8
	// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
d6e8d8
	if ($user_row['user_type'] == USER_NORMAL)
d6e8d8
	{
d6e8d8
		set_config('newest_user_id', $user_id, true);
d6e8d8
		set_config('newest_username', $user_row['username'], true);
d6e8d8
		set_config('num_users', $config['num_users'] + 1, true);
d6e8d8
d6e8d8
		$sql = 'SELECT group_colour
d6e8d8
			FROM ' . GROUPS_TABLE . '
d6e8d8
			WHERE group_id = ' . (int) $user_row['group_id'];
d6e8d8
		$result = $db->sql_query_limit($sql, 1);
d6e8d8
		$row = $db->sql_fetchrow($result);
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		set_config('newest_user_colour', $row['group_colour'], true);
d6e8d8
	}
d6e8d8
d6e8d8
	return $user_id;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Remove User
d6e8d8
*/
d6e8d8
function user_delete($mode, $user_id, $post_username = false)
d6e8d8
{
d6e8d8
	global $cache, $config, $db, $user, $auth;
d6e8d8
	global $phpbb_root_path, $phpEx;
d6e8d8
d6e8d8
	$sql = 'SELECT *
d6e8d8
		FROM ' . USERS_TABLE . '
d6e8d8
		WHERE user_id = ' . $user_id;
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
	$user_row = $db->sql_fetchrow($result);
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if (!$user_row)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	// Before we begin, we will remove the reports the user issued.
d6e8d8
	$sql = 'SELECT r.post_id, p.topic_id
d6e8d8
		FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
d6e8d8
		WHERE r.user_id = ' . $user_id . '
d6e8d8
			AND p.post_id = r.post_id';
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	$report_posts = $report_topics = array();
d6e8d8
	while ($row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$report_posts[] = $row['post_id'];
d6e8d8
		$report_topics[] = $row['topic_id'];
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if (sizeof($report_posts))
d6e8d8
	{
d6e8d8
		$report_posts = array_unique($report_posts);
d6e8d8
		$report_topics = array_unique($report_topics);
d6e8d8
d6e8d8
		// Get a list of topics that still contain reported posts
d6e8d8
		$sql = 'SELECT DISTINCT topic_id
d6e8d8
			FROM ' . POSTS_TABLE . '
d6e8d8
			WHERE ' . $db->sql_in_set('topic_id', $report_topics) . '
d6e8d8
				AND post_reported = 1
d6e8d8
				AND ' . $db->sql_in_set('post_id', $report_posts, true);
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		$keep_report_topics = array();
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$keep_report_topics[] = $row['topic_id'];
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		if (sizeof($keep_report_topics))
d6e8d8
		{
d6e8d8
			$report_topics = array_diff($report_topics, $keep_report_topics);
d6e8d8
		}
d6e8d8
		unset($keep_report_topics);
d6e8d8
d6e8d8
		// Now set the flags back
d6e8d8
		$sql = 'UPDATE ' . POSTS_TABLE . '
d6e8d8
			SET post_reported = 0
d6e8d8
			WHERE ' . $db->sql_in_set('post_id', $report_posts);
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		if (sizeof($report_topics))
d6e8d8
		{
d6e8d8
			$sql = 'UPDATE ' . TOPICS_TABLE . '
d6e8d8
				SET topic_reported = 0
d6e8d8
				WHERE ' . $db->sql_in_set('topic_id', $report_topics);
d6e8d8
			$db->sql_query($sql);
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	// Remove reports
d6e8d8
	$db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);
d6e8d8
d6e8d8
	if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
d6e8d8
	{
d6e8d8
		avatar_delete('user', $user_row);
d6e8d8
	}
d6e8d8
d6e8d8
	switch ($mode)
d6e8d8
	{
d6e8d8
		case 'retain':
d6e8d8
d6e8d8
			$db->sql_transaction('begin');
d6e8d8
d6e8d8
			if ($post_username === false)
d6e8d8
			{
d6e8d8
				$post_username = $user->lang['GUEST'];
d6e8d8
			}
d6e8d8
d6e8d8
			// If the user is inactive and newly registered we assume no posts from this user being there...
d6e8d8
			if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
d6e8d8
			{
d6e8d8
			}
d6e8d8
			else
d6e8d8
			{
d6e8d8
				$sql = 'UPDATE ' . FORUMS_TABLE . '
d6e8d8
					SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
d6e8d8
					WHERE forum_last_poster_id = $user_id";
d6e8d8
				$db->sql_query($sql);
d6e8d8
d6e8d8
				$sql = 'UPDATE ' . POSTS_TABLE . '
d6e8d8
					SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
d6e8d8
					WHERE poster_id = $user_id";
d6e8d8
				$db->sql_query($sql);
d6e8d8
d6e8d8
				$sql = 'UPDATE ' . POSTS_TABLE . '
d6e8d8
					SET post_edit_user = ' . ANONYMOUS . "
d6e8d8
					WHERE post_edit_user = $user_id";
d6e8d8
				$db->sql_query($sql);
d6e8d8
d6e8d8
				$sql = 'UPDATE ' . TOPICS_TABLE . '
d6e8d8
					SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
d6e8d8
					WHERE topic_poster = $user_id";
d6e8d8
				$db->sql_query($sql);
d6e8d8
d6e8d8
				$sql = 'UPDATE ' . TOPICS_TABLE . '
d6e8d8
					SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
d6e8d8
					WHERE topic_last_poster_id = $user_id";
d6e8d8
				$db->sql_query($sql);
d6e8d8
d6e8d8
				// Since we change every post by this author, we need to count this amount towards the anonymous user
d6e8d8
d6e8d8
				// Update the post count for the anonymous user
d6e8d8
				if ($user_row['user_posts'])
d6e8d8
				{
d6e8d8
					$sql = 'UPDATE ' . USERS_TABLE . '
d6e8d8
						SET user_posts = user_posts + ' . $user_row['user_posts'] . '
d6e8d8
						WHERE user_id = ' . ANONYMOUS;
d6e8d8
					$db->sql_query($sql);
d6e8d8
				}
d6e8d8
			}
d6e8d8
d6e8d8
			$db->sql_transaction('commit');
d6e8d8
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'remove':
d6e8d8
d6e8d8
			if (!function_exists('delete_posts'))
d6e8d8
			{
d6e8d8
				include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
d6e8d8
			}
d6e8d8
d6e8d8
			$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
d6e8d8
				FROM ' . POSTS_TABLE . "
d6e8d8
				WHERE poster_id = $user_id
d6e8d8
				GROUP BY topic_id";
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			$topic_id_ary = array();
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				$topic_id_ary[$row['topic_id']] = $row['total_posts'];
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			if (sizeof($topic_id_ary))
d6e8d8
			{
d6e8d8
				$sql = 'SELECT topic_id, topic_replies, topic_replies_real
d6e8d8
					FROM ' . TOPICS_TABLE . '
d6e8d8
					WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
d6e8d8
				$result = $db->sql_query($sql);
d6e8d8
d6e8d8
				$del_topic_ary = array();
d6e8d8
				while ($row = $db->sql_fetchrow($result))
d6e8d8
				{
d6e8d8
					if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
d6e8d8
					{
d6e8d8
						$del_topic_ary[] = $row['topic_id'];
d6e8d8
					}
d6e8d8
				}
d6e8d8
				$db->sql_freeresult($result);
d6e8d8
d6e8d8
				if (sizeof($del_topic_ary))
d6e8d8
				{
d6e8d8
					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
d6e8d8
						WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
d6e8d8
					$db->sql_query($sql);
d6e8d8
				}
d6e8d8
			}
d6e8d8
d6e8d8
			// Delete posts, attachments, etc.
d6e8d8
			delete_posts('poster_id', $user_id);
d6e8d8
d6e8d8
		break;
d6e8d8
	}
d6e8d8
d6e8d8
	$db->sql_transaction('begin');
d6e8d8
d6e8d8
	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE);
d6e8d8
d6e8d8
	foreach ($table_ary as $table)
d6e8d8
	{
d6e8d8
		$sql = "DELETE FROM $table
d6e8d8
			WHERE user_id = $user_id";
d6e8d8
		$db->sql_query($sql);
d6e8d8
	}
d6e8d8
d6e8d8
	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
d6e8d8
d6e8d8
	// Remove any undelivered mails...
d6e8d8
	$sql = 'SELECT msg_id, user_id
d6e8d8
		FROM ' . PRIVMSGS_TO_TABLE . '
d6e8d8
		WHERE author_id = ' . $user_id . '
d6e8d8
			AND folder_id = ' . PRIVMSGS_NO_BOX;
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	$undelivered_msg = $undelivered_user = array();
d6e8d8
	while ($row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$undelivered_msg[] = $row['msg_id'];
d6e8d8
		$undelivered_user[$row['user_id']][] = true;
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if (sizeof($undelivered_msg))
d6e8d8
	{
d6e8d8
		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
d6e8d8
			WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
d6e8d8
		$db->sql_query($sql);
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
d6e8d8
		WHERE author_id = ' . $user_id . '
d6e8d8
			AND folder_id = ' . PRIVMSGS_NO_BOX;
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	// Delete all to-information
d6e8d8
	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
d6e8d8
		WHERE user_id = ' . $user_id;
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
d6e8d8
	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
d6e8d8
		SET author_id = ' . ANONYMOUS . '
d6e8d8
		WHERE author_id = ' . $user_id;
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
d6e8d8
		SET author_id = ' . ANONYMOUS . '
d6e8d8
		WHERE author_id = ' . $user_id;
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	foreach ($undelivered_user as $_user_id => $ary)
d6e8d8
	{
d6e8d8
		if ($_user_id == $user_id)
d6e8d8
		{
d6e8d8
			continue;
d6e8d8
		}
d6e8d8
d6e8d8
		$sql = 'UPDATE ' . USERS_TABLE . '
d6e8d8
			SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
d6e8d8
				user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
d6e8d8
			WHERE user_id = ' . $_user_id;
d6e8d8
		$db->sql_query($sql);
d6e8d8
	}
d6e8d8
d6e8d8
	$db->sql_transaction('commit');
d6e8d8
d6e8d8
	// Reset newest user info if appropriate
d6e8d8
	if ($config['newest_user_id'] == $user_id)
d6e8d8
	{
d6e8d8
		update_last_username();
d6e8d8
	}
d6e8d8
d6e8d8
	// Decrement number of users if this user is active
d6e8d8
	if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
d6e8d8
	{
d6e8d8
		set_config('num_users', $config['num_users'] - 1, true);
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Flips user_type from active to inactive and vice versa, handles group membership updates
d6e8d8
*
d6e8d8
* @param string $mode can be flip for flipping from active/inactive, activate or deactivate
d6e8d8
*/
d6e8d8
function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
d6e8d8
{
d6e8d8
	global $config, $db, $user, $auth;
d6e8d8
d6e8d8
	$deactivated = $activated = 0;
d6e8d8
	$sql_statements = array();
d6e8d8
d6e8d8
	if (!is_array($user_id_ary))
d6e8d8
	{
d6e8d8
		$user_id_ary = array($user_id_ary);
d6e8d8
	}
d6e8d8
d6e8d8
	if (!sizeof($user_id_ary))
d6e8d8
	{
d6e8d8
		return;
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
d6e8d8
		FROM ' . USERS_TABLE . '
d6e8d8
		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	while ($row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$sql_ary = array();
d6e8d8
d6e8d8
		if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER ||
d6e8d8
			($mode == 'activate' && $row['user_type'] != USER_INACTIVE) ||
d6e8d8
			($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))
d6e8d8
		{
d6e8d8
			continue;
d6e8d8
		}
d6e8d8
d6e8d8
		if ($row['user_type'] == USER_INACTIVE)
d6e8d8
		{
d6e8d8
			$activated++;
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			$deactivated++;
d6e8d8
d6e8d8
			// Remove the users session key...
d6e8d8
			$user->reset_login_keys($row['user_id']);
d6e8d8
		}
d6e8d8
d6e8d8
		$sql_ary += array(
d6e8d8
			'user_type'				=> ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,
d6e8d8
			'user_inactive_time'	=> ($row['user_type'] == USER_NORMAL) ? time() : 0,
d6e8d8
			'user_inactive_reason'	=> ($row['user_type'] == USER_NORMAL) ? $reason : 0,
d6e8d8
		);
d6e8d8
d6e8d8
		$sql_statements[$row['user_id']] = $sql_ary;
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if (sizeof($sql_statements))
d6e8d8
	{
d6e8d8
		foreach ($sql_statements as $user_id => $sql_ary)
d6e8d8
		{
d6e8d8
			$sql = 'UPDATE ' . USERS_TABLE . '
d6e8d8
				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
d6e8d8
				WHERE user_id = ' . $user_id;
d6e8d8
			$db->sql_query($sql);
d6e8d8
		}
d6e8d8
d6e8d8
		$auth->acl_clear_prefetch(array_keys($sql_statements));
d6e8d8
	}
d6e8d8
d6e8d8
	if ($deactivated)
d6e8d8
	{
d6e8d8
		set_config('num_users', $config['num_users'] - $deactivated, true);
d6e8d8
	}
d6e8d8
d6e8d8
	if ($activated)
d6e8d8
	{
d6e8d8
		set_config('num_users', $config['num_users'] + $activated, true);
d6e8d8
	}
d6e8d8
d6e8d8
	// Update latest username
d6e8d8
	update_last_username();
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
d6e8d8
*
d6e8d8
* @param string $mode Type of ban. One of the following: user, ip, email
d6e8d8
* @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
d6e8d8
* @param int $ban_len Ban length in minutes
d6e8d8
* @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
d6e8d8
* @param boolean $ban_exclude Exclude these entities from banning?
d6e8d8
* @param string $ban_reason String describing the reason for this ban
d6e8d8
* @return boolean
d6e8d8
*/
d6e8d8
function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
d6e8d8
{
d6e8d8
	global $db, $user, $auth, $cache;
d6e8d8
d6e8d8
	// Delete stale bans
d6e8d8
	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
d6e8d8
		WHERE ban_end < ' . time() . '
d6e8d8
			AND ban_end <> 0';
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	$ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
d6e8d8
	$ban_list_log = implode(', ', $ban_list);
d6e8d8
d6e8d8
	$current_time = time();
d6e8d8
d6e8d8
	// Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
d6e8d8
	if ($ban_len)
d6e8d8
	{
d6e8d8
		if ($ban_len != -1 || !$ban_len_other)
d6e8d8
		{
d6e8d8
			$ban_end = max($current_time, $current_time + ($ban_len) * 60);
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			$ban_other = explode('-', $ban_len_other);
d6e8d8
			if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
d6e8d8
				(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
d6e8d8
			{
d6e8d8
				$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]));
d6e8d8
			}
d6e8d8
			else
d6e8d8
			{
d6e8d8
				trigger_error('LENGTH_BAN_INVALID');
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
	else
d6e8d8
	{
d6e8d8
		$ban_end = 0;
d6e8d8
	}
d6e8d8
d6e8d8
	$founder = $founder_names = array();
d6e8d8
d6e8d8
	if (!$ban_exclude)
d6e8d8
	{
d6e8d8
		// Create a list of founder...
d6e8d8
		$sql = 'SELECT user_id, user_email, username_clean
d6e8d8
			FROM ' . USERS_TABLE . '
d6e8d8
			WHERE user_type = ' . USER_FOUNDER;
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$founder[$row['user_id']] = $row['user_email'];
d6e8d8
			$founder_names[$row['user_id']] = $row['username_clean'];
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
	}
d6e8d8
d6e8d8
	$banlist_ary = array();
d6e8d8
d6e8d8
	switch ($mode)
d6e8d8
	{
d6e8d8
		case 'user':
d6e8d8
			$type = 'ban_userid';
d6e8d8
d6e8d8
			// At the moment we do not support wildcard username banning
d6e8d8
d6e8d8
			// Select the relevant user_ids.
d6e8d8
			$sql_usernames = array();
d6e8d8
d6e8d8
			foreach ($ban_list as $username)
d6e8d8
			{
d6e8d8
				$username = trim($username);
d6e8d8
				if ($username != '')
d6e8d8
				{
d6e8d8
					$clean_name = utf8_clean_string($username);
d6e8d8
					if ($clean_name == $user->data['username_clean'])
d6e8d8
					{
d6e8d8
						trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
d6e8d8
					}
d6e8d8
					if (in_array($clean_name, $founder_names))
d6e8d8
					{
d6e8d8
						trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
d6e8d8
					}
d6e8d8
					$sql_usernames[] = $clean_name;
d6e8d8
				}
d6e8d8
			}
d6e8d8
d6e8d8
			// Make sure we have been given someone to ban
d6e8d8
			if (!sizeof($sql_usernames))
d6e8d8
			{
d6e8d8
				trigger_error('NO_USER_SPECIFIED');
d6e8d8
			}
d6e8d8
d6e8d8
			$sql = 'SELECT user_id
d6e8d8
				FROM ' . USERS_TABLE . '
d6e8d8
				WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
d6e8d8
d6e8d8
			// Do not allow banning yourself
d6e8d8
			if (sizeof($founder))
d6e8d8
			{
d6e8d8
				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
d6e8d8
			}
d6e8d8
			else
d6e8d8
			{
d6e8d8
				$sql .= ' AND user_id <> ' . $user->data['user_id'];
d6e8d8
			}
d6e8d8
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			if ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				do
d6e8d8
				{
d6e8d8
					$banlist_ary[] = (int) $row['user_id'];
d6e8d8
				}
d6e8d8
				while ($row = $db->sql_fetchrow($result));
d6e8d8
			}
d6e8d8
			else
d6e8d8
			{
d6e8d8
				$db->sql_freeresult($result);
d6e8d8
				trigger_error('NO_USERS');
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'ip':
d6e8d8
			$type = 'ban_ip';
d6e8d8
d6e8d8
			foreach ($ban_list as $ban_item)
d6e8d8
			{
d6e8d8
				if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
d6e8d8
				{
d6e8d8
					// This is an IP range
d6e8d8
					// Don't ask about all this, just don't ask ... !
d6e8d8
					$ip_1_counter = $ip_range_explode[1];
d6e8d8
					$ip_1_end = $ip_range_explode[5];
d6e8d8
d6e8d8
					while ($ip_1_counter <= $ip_1_end)
d6e8d8
					{
d6e8d8
						$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
d6e8d8
						$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
d6e8d8
d6e8d8
						if ($ip_2_counter == 0 && $ip_2_end == 254)
d6e8d8
						{
d6e8d8
							$ip_2_counter = 256;
d6e8d8
							$ip_2_fragment = 256;
d6e8d8
d6e8d8
							$banlist_ary[] = "$ip_1_counter.*";
d6e8d8
						}
d6e8d8
d6e8d8
						while ($ip_2_counter <= $ip_2_end)
d6e8d8
						{
d6e8d8
							$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
d6e8d8
							$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
d6e8d8
d6e8d8
							if ($ip_3_counter == 0 && $ip_3_end == 254)
d6e8d8
							{
d6e8d8
								$ip_3_counter = 256;
d6e8d8
								$ip_3_fragment = 256;
d6e8d8
d6e8d8
								$banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
d6e8d8
							}
d6e8d8
d6e8d8
							while ($ip_3_counter <= $ip_3_end)
d6e8d8
							{
d6e8d8
								$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
d6e8d8
								$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
d6e8d8
d6e8d8
								if ($ip_4_counter == 0 && $ip_4_end == 254)
d6e8d8
								{
d6e8d8
									$ip_4_counter = 256;
d6e8d8
									$ip_4_fragment = 256;
d6e8d8
d6e8d8
									$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
d6e8d8
								}
d6e8d8
d6e8d8
								while ($ip_4_counter <= $ip_4_end)
d6e8d8
								{
d6e8d8
									$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
d6e8d8
									$ip_4_counter++;
d6e8d8
								}
d6e8d8
								$ip_3_counter++;
d6e8d8
							}
d6e8d8
							$ip_2_counter++;
d6e8d8
						}
d6e8d8
						$ip_1_counter++;
d6e8d8
					}
d6e8d8
				}
d6e8d8
				else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
d6e8d8
				{
d6e8d8
					// Normal IP address
d6e8d8
					$banlist_ary[] = trim($ban_item);
d6e8d8
				}
d6e8d8
				else if (preg_match('#^\*$#', trim($ban_item)))
d6e8d8
				{
d6e8d8
					// Ban all IPs
d6e8d8
					$banlist_ary[] = '*';
d6e8d8
				}
d6e8d8
				else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
d6e8d8
				{
d6e8d8
					// hostname
d6e8d8
					$ip_ary = gethostbynamel(trim($ban_item));
d6e8d8
d6e8d8
					if (!empty($ip_ary))
d6e8d8
					{
d6e8d8
						foreach ($ip_ary as $ip)
d6e8d8
						{
d6e8d8
							if ($ip)
d6e8d8
							{
d6e8d8
								if (strlen($ip) > 40)
d6e8d8
								{
d6e8d8
									continue;
d6e8d8
								}
d6e8d8
d6e8d8
								$banlist_ary[] = $ip;
d6e8d8
							}
d6e8d8
						}
d6e8d8
					}
d6e8d8
				}
d6e8d8
				else
d6e8d8
				{
d6e8d8
					trigger_error('NO_IPS_DEFINED');
d6e8d8
				}
d6e8d8
			}
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'email':
d6e8d8
			$type = 'ban_email';
d6e8d8
d6e8d8
			foreach ($ban_list as $ban_item)
d6e8d8
			{
d6e8d8
				$ban_item = trim($ban_item);
d6e8d8
d6e8d8
				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
d6e8d8
				{
d6e8d8
					if (strlen($ban_item) > 100)
d6e8d8
					{
d6e8d8
						continue;
d6e8d8
					}
d6e8d8
d6e8d8
					if (!sizeof($founder) || !in_array($ban_item, $founder))
d6e8d8
					{
d6e8d8
						$banlist_ary[] = $ban_item;
d6e8d8
					}
d6e8d8
				}
d6e8d8
			}
d6e8d8
d6e8d8
			if (sizeof($ban_list) == 0)
d6e8d8
			{
d6e8d8
				trigger_error('NO_EMAILS_DEFINED');
d6e8d8
			}
d6e8d8
		break;
d6e8d8
d6e8d8
		default:
d6e8d8
			trigger_error('NO_MODE');
d6e8d8
		break;
d6e8d8
	}
d6e8d8
d6e8d8
	// Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
d6e8d8
	$sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";
d6e8d8
d6e8d8
	$sql = "SELECT $type
d6e8d8
		FROM " . BANLIST_TABLE . "
d6e8d8
		WHERE $sql_where
d6e8d8
			AND ban_exclude = " . (int) $ban_exclude;
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	// Reset $sql_where, because we use it later...
d6e8d8
	$sql_where = '';
d6e8d8
d6e8d8
	if ($row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$banlist_ary_tmp = array();
d6e8d8
		do
d6e8d8
		{
d6e8d8
			switch ($mode)
d6e8d8
			{
d6e8d8
				case 'user':
d6e8d8
					$banlist_ary_tmp[] = $row['ban_userid'];
d6e8d8
				break;
d6e8d8
d6e8d8
				case 'ip':
d6e8d8
					$banlist_ary_tmp[] = $row['ban_ip'];
d6e8d8
				break;
d6e8d8
d6e8d8
				case 'email':
d6e8d8
					$banlist_ary_tmp[] = $row['ban_email'];
d6e8d8
				break;
d6e8d8
			}
d6e8d8
		}
d6e8d8
		while ($row = $db->sql_fetchrow($result));
d6e8d8
d6e8d8
		$banlist_ary = array_unique(array_diff($banlist_ary, $banlist_ary_tmp));
d6e8d8
		unset($banlist_ary_tmp);
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	// We have some entities to ban
d6e8d8
	if (sizeof($banlist_ary))
d6e8d8
	{
d6e8d8
		$sql_ary = array();
d6e8d8
d6e8d8
		foreach ($banlist_ary as $ban_entry)
d6e8d8
		{
d6e8d8
			$sql_ary[] = array(
d6e8d8
				$type				=> $ban_entry,
d6e8d8
				'ban_start'			=> (int) $current_time,
d6e8d8
				'ban_end'			=> (int) $ban_end,
d6e8d8
				'ban_exclude'		=> (int) $ban_exclude,
d6e8d8
				'ban_reason'		=> (string) $ban_reason,
d6e8d8
				'ban_give_reason'	=> (string) $ban_give_reason,
d6e8d8
			);
d6e8d8
		}
d6e8d8
d6e8d8
		$db->sql_multi_insert(BANLIST_TABLE, $sql_ary);
d6e8d8
d6e8d8
		// If we are banning we want to logout anyone matching the ban
d6e8d8
		if (!$ban_exclude)
d6e8d8
		{
d6e8d8
			switch ($mode)
d6e8d8
			{
d6e8d8
				case 'user':
d6e8d8
					$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
d6e8d8
				break;
d6e8d8
d6e8d8
				case 'ip':
d6e8d8
					$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
d6e8d8
				break;
d6e8d8
d6e8d8
				case 'email':
d6e8d8
					$banlist_ary_sql = array();
d6e8d8
d6e8d8
					foreach ($banlist_ary as $ban_entry)
d6e8d8
					{
d6e8d8
						$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
d6e8d8
					}
d6e8d8
d6e8d8
					$sql = 'SELECT user_id
d6e8d8
						FROM ' . USERS_TABLE . '
d6e8d8
						WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
d6e8d8
					$result = $db->sql_query($sql);
d6e8d8
d6e8d8
					$sql_in = array();
d6e8d8
d6e8d8
					if ($row = $db->sql_fetchrow($result))
d6e8d8
					{
d6e8d8
						do
d6e8d8
						{
d6e8d8
							$sql_in[] = $row['user_id'];
d6e8d8
						}
d6e8d8
						while ($row = $db->sql_fetchrow($result));
d6e8d8
d6e8d8
						$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
d6e8d8
					}
d6e8d8
					$db->sql_freeresult($result);
d6e8d8
				break;
d6e8d8
			}
d6e8d8
d6e8d8
			if (isset($sql_where) && $sql_where)
d6e8d8
			{
d6e8d8
				$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
d6e8d8
					$sql_where";
d6e8d8
				$db->sql_query($sql);
d6e8d8
d6e8d8
				if ($mode == 'user')
d6e8d8
				{
d6e8d8
					$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
d6e8d8
					$db->sql_query($sql);
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		// Update log
d6e8d8
		$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
d6e8d8
d6e8d8
		// Add to moderator and admin log
d6e8d8
		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
d6e8d8
		add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
d6e8d8
d6e8d8
		$cache->destroy('sql', BANLIST_TABLE);
d6e8d8
d6e8d8
		return true;
d6e8d8
	}
d6e8d8
d6e8d8
	// There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans.
d6e8d8
	$cache->destroy('sql', BANLIST_TABLE);
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Unban User
d6e8d8
*/
d6e8d8
function user_unban($mode, $ban)
d6e8d8
{
d6e8d8
	global $db, $user, $auth, $cache;
d6e8d8
d6e8d8
	// Delete stale bans
d6e8d8
	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
d6e8d8
		WHERE ban_end < ' . time() . '
d6e8d8
			AND ban_end <> 0';
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	if (!is_array($ban))
d6e8d8
	{
d6e8d8
		$ban = array($ban);
d6e8d8
	}
d6e8d8
d6e8d8
	$unban_sql = array_map('intval', $ban);
d6e8d8
d6e8d8
	if (sizeof($unban_sql))
d6e8d8
	{
d6e8d8
		// Grab details of bans for logging information later
d6e8d8
		switch ($mode)
d6e8d8
		{
d6e8d8
			case 'user':
d6e8d8
				$sql = 'SELECT u.username AS unban_info
d6e8d8
					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
d6e8d8
					WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
d6e8d8
						AND u.user_id = b.ban_userid';
d6e8d8
			break;
d6e8d8
d6e8d8
			case 'email':
d6e8d8
				$sql = 'SELECT ban_email AS unban_info
d6e8d8
					FROM ' . BANLIST_TABLE . '
d6e8d8
					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
d6e8d8
			break;
d6e8d8
d6e8d8
			case 'ip':
d6e8d8
				$sql = 'SELECT ban_ip AS unban_info
d6e8d8
					FROM ' . BANLIST_TABLE . '
d6e8d8
					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
d6e8d8
			break;
d6e8d8
		}
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		$l_unban_list = '';
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		$sql = 'DELETE FROM ' . BANLIST_TABLE . '
d6e8d8
			WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		// Add to moderator and admin log
d6e8d8
		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
d6e8d8
		add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
d6e8d8
	}
d6e8d8
d6e8d8
	$cache->destroy('sql', BANLIST_TABLE);
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Whois facility
d6e8d8
*/
d6e8d8
function user_ipwhois($ip)
d6e8d8
{
d6e8d8
	$ipwhois = '';
d6e8d8
d6e8d8
	// Check IP
d6e8d8
	// Only supporting IPv4 at the moment...
d6e8d8
	if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip))
d6e8d8
	{
d6e8d8
		return '';
d6e8d8
	}
d6e8d8
d6e8d8
	$match = array(
d6e8d8
		'#RIPE\.NET#is'				=> 'whois.ripe.net',
d6e8d8
		'#whois\.apnic\.net#is'		=> 'whois.apnic.net',
d6e8d8
		'#nic\.ad\.jp#is'			=> 'whois.nic.ad.jp',
d6e8d8
		'#whois\.registro\.br#is'	=> 'whois.registro.br'
d6e8d8
	);
d6e8d8
d6e8d8
	if (($fsk = @fsockopen('whois.arin.net', 43)))
d6e8d8
	{
d6e8d8
		fputs($fsk, "$ip\n");
d6e8d8
		while (!feof($fsk))
d6e8d8
		{
d6e8d8
			$ipwhois .= fgets($fsk, 1024);
d6e8d8
		}
d6e8d8
		@fclose($fsk);
d6e8d8
	}
d6e8d8
d6e8d8
	foreach (array_keys($match) as $server)
d6e8d8
	{
d6e8d8
		if (preg_match($server, $ipwhois))
d6e8d8
		{
d6e8d8
			$ipwhois = '';
d6e8d8
			if (($fsk = @fsockopen($match[$server], 43)))
d6e8d8
			{
d6e8d8
				fputs($fsk, "$ip\n");
d6e8d8
				while (!feof($fsk))
d6e8d8
				{
d6e8d8
					$ipwhois .= fgets($fsk, 1024);
d6e8d8
				}
d6e8d8
				@fclose($fsk);
d6e8d8
			}
d6e8d8
			break;
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	$ipwhois = htmlspecialchars($ipwhois);
d6e8d8
d6e8d8
	// Magic URL ;)
d6e8d8
	return trim(make_clickable($ipwhois, false, ''));
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Data validation ... used primarily but not exclusively by ucp modules
d6e8d8
*
d6e8d8
* "Master" function for validating a range of data types
d6e8d8
*/
d6e8d8
function validate_data($data, $val_ary)
d6e8d8
{
d6e8d8
	global $user;
d6e8d8
d6e8d8
	$error = array();
d6e8d8
d6e8d8
	foreach ($val_ary as $var => $val_seq)
d6e8d8
	{
d6e8d8
		if (!is_array($val_seq[0]))
d6e8d8
		{
d6e8d8
			$val_seq = array($val_seq);
d6e8d8
		}
d6e8d8
d6e8d8
		foreach ($val_seq as $validate)
d6e8d8
		{
d6e8d8
			$function = array_shift($validate);
d6e8d8
			array_unshift($validate, $data[$var]);
d6e8d8
d6e8d8
			if ($result = call_user_func_array('validate_' . $function, $validate))
d6e8d8
			{
d6e8d8
				// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
d6e8d8
				$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	return $error;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Validate String
d6e8d8
*
d6e8d8
* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
d6e8d8
*/
d6e8d8
function validate_string($string, $optional = false, $min = 0, $max = 0)
d6e8d8
{
d6e8d8
	if (empty($string) && $optional)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
d6e8d8
	{
d6e8d8
		return 'TOO_SHORT';
d6e8d8
	}
d6e8d8
	else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
d6e8d8
	{
d6e8d8
		return 'TOO_LONG';
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Validate Number
d6e8d8
*
d6e8d8
* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
d6e8d8
*/
d6e8d8
function validate_num($num, $optional = false, $min = 0, $max = 1E99)
d6e8d8
{
d6e8d8
	if (empty($num) && $optional)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	if ($num < $min)
d6e8d8
	{
d6e8d8
		return 'TOO_SMALL';
d6e8d8
	}
d6e8d8
	else if ($num > $max)
d6e8d8
	{
d6e8d8
		return 'TOO_LARGE';
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Validate Date
d6e8d8
* @param String $string a date in the dd-mm-yyyy format
d6e8d8
* @return	boolean
d6e8d8
*/
d6e8d8
function validate_date($date_string, $optional = false)
d6e8d8
{
d6e8d8
	$date = explode('-', $date_string);
d6e8d8
	if ((empty($date) || sizeof($date) != 3) && $optional)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
	else if ($optional)
d6e8d8
	{
d6e8d8
		for ($field = 0; $field <= 1; $field++)
d6e8d8
		{
d6e8d8
			$date[$field] = (int) $date[$field];
d6e8d8
			if (empty($date[$field]))
d6e8d8
			{
d6e8d8
				$date[$field] = 1;
d6e8d8
			}
d6e8d8
		}
d6e8d8
		$date[2] = (int) $date[2];
d6e8d8
		// assume an arbitrary leap year
d6e8d8
		if (empty($date[2]))
d6e8d8
		{
d6e8d8
			$date[2] = 1980;
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
d6e8d8
	{
d6e8d8
		return 'INVALID';
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
d6e8d8
/**
d6e8d8
* Validate Match
d6e8d8
*
d6e8d8
* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
d6e8d8
*/
d6e8d8
function validate_match($string, $optional = false, $match = '')
d6e8d8
{
d6e8d8
	if (empty($string) && $optional)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	if (empty($match))
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	if (!preg_match($match, $string))
d6e8d8
	{
d6e8d8
		return 'WRONG_DATA';
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Check to see if the username has been taken, or if it is disallowed.
d6e8d8
* Also checks if it includes the " character, which we don't allow in usernames.
d6e8d8
* Used for registering, changing names, and posting anonymously with a username
d6e8d8
*
d6e8d8
* @param string $username The username to check
d6e8d8
* @param string $allowed_username An allowed username, default being $user->data['username']
d6e8d8
*
d6e8d8
* @return	mixed	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
d6e8d8
*/
d6e8d8
function validate_username($username, $allowed_username = false)
d6e8d8
{
d6e8d8
	global $config, $db, $user, $cache;
d6e8d8
d6e8d8
	$clean_username = utf8_clean_string($username);
d6e8d8
	$allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);
d6e8d8
d6e8d8
	if ($allowed_username == $clean_username)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	// ... fast checks first.
d6e8d8
	if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username))
d6e8d8
	{
d6e8d8
		return 'INVALID_CHARS';
d6e8d8
	}
d6e8d8
d6e8d8
	$mbstring = $pcre = false;
d6e8d8
d6e8d8
	// generic UTF-8 character types supported?
d6e8d8
	if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
d6e8d8
	{
d6e8d8
		$pcre = true;
d6e8d8
	}
d6e8d8
	else if (function_exists('mb_ereg_match'))
d6e8d8
	{
d6e8d8
		mb_regex_encoding('UTF-8');
d6e8d8
		$mbstring = true;
d6e8d8
	}
d6e8d8
d6e8d8
	switch ($config['allow_name_chars'])
d6e8d8
	{
d6e8d8
		case 'USERNAME_CHARS_ANY':
d6e8d8
			$pcre = true;
d6e8d8
			$regex = '.+';
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'USERNAME_ALPHA_ONLY':
d6e8d8
			$pcre = true;
d6e8d8
			$regex = '[A-Za-z0-9]+';
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'USERNAME_ALPHA_SPACERS':
d6e8d8
			$pcre = true;
d6e8d8
			$regex = '[A-Za-z0-9-[\]_+ ]+';
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'USERNAME_LETTER_NUM':
d6e8d8
			if ($pcre)
d6e8d8
			{
d6e8d8
				$regex = '[\p{Lu}\p{Ll}\p{N}]+';
d6e8d8
			}
d6e8d8
			else if ($mbstring)
d6e8d8
			{
d6e8d8
				$regex = '[[:upper:][:lower:][:digit:]]+';
d6e8d8
			}
d6e8d8
			else
d6e8d8
			{
d6e8d8
				$pcre = true;
d6e8d8
				$regex = '[a-zA-Z0-9]+';
d6e8d8
			}
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'USERNAME_LETTER_NUM_SPACERS':
d6e8d8
			if ($pcre)
d6e8d8
			{
d6e8d8
				$regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
d6e8d8
			}
d6e8d8
			else if ($mbstring)
d6e8d8
			{
d6e8d8
				$regex = '[-\]_+ [[:upper:][:lower:][:digit:]]+';
d6e8d8
			}
d6e8d8
			else
d6e8d8
			{
d6e8d8
				$pcre = true;
d6e8d8
				$regex = '[-\]_+ [a-zA-Z0-9]+';
d6e8d8
			}
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'USERNAME_ASCII':
d6e8d8
		default:
d6e8d8
			$pcre = true;
d6e8d8
			$regex = '[\x01-\x7F]+';
d6e8d8
		break;
d6e8d8
	}
d6e8d8
d6e8d8
	if ($pcre)
d6e8d8
	{
d6e8d8
		if (!preg_match('#^' . $regex . '$#u', $username))
d6e8d8
		{
d6e8d8
			return 'INVALID_CHARS';
d6e8d8
		}
d6e8d8
	}
d6e8d8
	else if ($mbstring)
d6e8d8
	{
d6e8d8
		$matches = array();
d6e8d8
		mb_ereg_search_init('^' . $username . '$', $regex, $matches);
d6e8d8
		if (!mb_ereg_search())
d6e8d8
		{
d6e8d8
			return 'INVALID_CHARS';
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'SELECT username
d6e8d8
		FROM ' . USERS_TABLE . "
d6e8d8
		WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
	$row = $db->sql_fetchrow($result);
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if ($row)
d6e8d8
	{
d6e8d8
		return 'USERNAME_TAKEN';
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'SELECT group_name
d6e8d8
		FROM ' . GROUPS_TABLE . "
d6e8d8
		WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
	$row = $db->sql_fetchrow($result);
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if ($row)
d6e8d8
	{
d6e8d8
		return 'USERNAME_TAKEN';
d6e8d8
	}
d6e8d8
d6e8d8
	$bad_usernames = $cache->obtain_disallowed_usernames();
d6e8d8
d6e8d8
	foreach ($bad_usernames as $bad_username)
d6e8d8
	{
d6e8d8
		if (preg_match('#^' . $bad_username . '$#', $clean_username))
d6e8d8
		{
d6e8d8
			return 'USERNAME_DISALLOWED';
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Check to see if the password meets the complexity settings
d6e8d8
*
d6e8d8
* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
d6e8d8
*/
d6e8d8
function validate_password($password)
d6e8d8
{
d6e8d8
	global $config, $db, $user;
d6e8d8
d6e8d8
	if (!$password)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$pcre = $mbstring = false;
d6e8d8
d6e8d8
	// generic UTF-8 character types supported?
d6e8d8
	if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
d6e8d8
	{
d6e8d8
		$upp = '\p{Lu}';
d6e8d8
		$low = '\p{Ll}';
d6e8d8
		$let = '\p{L}';
d6e8d8
		$num = '\p{N}';
d6e8d8
		$sym = '[^\p{Lu}\p{Ll}\p{N}]';
d6e8d8
		$pcre = true;
d6e8d8
	}
d6e8d8
	else if (function_exists('mb_ereg_match'))
d6e8d8
	{
d6e8d8
		mb_regex_encoding('UTF-8');
d6e8d8
		$upp = '[[:upper:]]';
d6e8d8
		$low = '[[:lower:]]';
d6e8d8
		$let = '[[:lower:][:upper:]]';
d6e8d8
		$num = '[[:digit:]]';
d6e8d8
		$sym = '[^[:upper:][:lower:][:digit:]]';
d6e8d8
		$mbstring = true;
d6e8d8
	}
d6e8d8
	else
d6e8d8
	{
d6e8d8
		$upp = '[A-Z]';
d6e8d8
		$low = '[a-z]';
d6e8d8
		$let = '[a-zA-Z]';
d6e8d8
		$num = '[0-9]';
d6e8d8
		$sym = '[^A-Za-z0-9]';
d6e8d8
		$pcre = true;
d6e8d8
	}
d6e8d8
d6e8d8
	$chars = array();
d6e8d8
d6e8d8
	switch ($config['pass_complex'])
d6e8d8
	{
d6e8d8
		case 'PASS_TYPE_CASE':
d6e8d8
			$chars[] = $low;
d6e8d8
			$chars[] = $upp;
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'PASS_TYPE_ALPHA':
d6e8d8
			$chars[] = $let;
d6e8d8
			$chars[] = $num;
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'PASS_TYPE_SYMBOL':
d6e8d8
			$chars[] = $low;
d6e8d8
			$chars[] = $upp;
d6e8d8
			$chars[] = $num;
d6e8d8
			$chars[] = $sym;
d6e8d8
		break;
d6e8d8
	}
d6e8d8
d6e8d8
	if ($pcre)
d6e8d8
	{
d6e8d8
		foreach ($chars as $char)
d6e8d8
		{
d6e8d8
			if (!preg_match('#' . $char . '#u', $password))
d6e8d8
			{
d6e8d8
				return 'INVALID_CHARS';
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
	else if ($mbstring)
d6e8d8
	{
d6e8d8
		foreach ($chars as $char)
d6e8d8
		{
d6e8d8
			if (mb_ereg($char, $password) === false)
d6e8d8
			{
d6e8d8
				return 'INVALID_CHARS';
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Check to see if email address is banned or already present in the DB
d6e8d8
*
d6e8d8
* @param string $email The email to check
d6e8d8
* @param string $allowed_email An allowed email, default being $user->data['user_email']
d6e8d8
*
d6e8d8
* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
d6e8d8
*/
d6e8d8
function validate_email($email, $allowed_email = false)
d6e8d8
{
d6e8d8
	global $config, $db, $user;
d6e8d8
d6e8d8
	$email = strtolower($email);
d6e8d8
	$allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email);
d6e8d8
d6e8d8
	if ($allowed_email == $email)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
d6e8d8
	{
d6e8d8
		return 'EMAIL_INVALID';
d6e8d8
	}
d6e8d8
d6e8d8
	// Check MX record.
d6e8d8
	// The idea for this is from reading the UseBB blog/announcement. :)
d6e8d8
	if ($config['email_check_mx'])
d6e8d8
	{
d6e8d8
		list(, $domain) = explode('@', $email);
d6e8d8
d6e8d8
		if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
d6e8d8
		{
d6e8d8
			return 'DOMAIN_NO_MX_RECORD';
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
d6e8d8
	{
d6e8d8
		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
d6e8d8
	}
d6e8d8
d6e8d8
	if (!$config['allow_emailreuse'])
d6e8d8
	{
d6e8d8
		$sql = 'SELECT user_email_hash
d6e8d8
			FROM ' . USERS_TABLE . "
d6e8d8
			WHERE user_email_hash = " . (crc32($email) . strlen($email));
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
		$row = $db->sql_fetchrow($result);
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		if ($row)
d6e8d8
		{
d6e8d8
			return 'EMAIL_TAKEN';
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Validate jabber address
d6e8d8
* Taken from the jabber class within flyspray (see author notes)
d6e8d8
*
d6e8d8
* @author flyspray.org
d6e8d8
*/
d6e8d8
function validate_jabber($jid)
d6e8d8
{
d6e8d8
	if (!$jid)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$seperator_pos = strpos($jid, '@');
d6e8d8
d6e8d8
	if ($seperator_pos === false)
d6e8d8
	{
d6e8d8
		return 'WRONG_DATA';
d6e8d8
	}
d6e8d8
d6e8d8
	$username = substr($jid, 0, $seperator_pos);
d6e8d8
	$realm = substr($jid, $seperator_pos + 1);
d6e8d8
d6e8d8
	if (strlen($username) == 0 || strlen($realm) < 3)
d6e8d8
	{
d6e8d8
		return 'WRONG_DATA';
d6e8d8
	}
d6e8d8
d6e8d8
	$arr = explode('.', $realm);
d6e8d8
d6e8d8
	if (sizeof($arr) == 0)
d6e8d8
	{
d6e8d8
		return 'WRONG_DATA';
d6e8d8
	}
d6e8d8
d6e8d8
	foreach ($arr as $part)
d6e8d8
	{
d6e8d8
		if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')
d6e8d8
		{
d6e8d8
			return 'WRONG_DATA';
d6e8d8
		}
d6e8d8
d6e8d8
		if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
d6e8d8
		{
d6e8d8
			return 'WRONG_DATA';
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	$boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
d6e8d8
d6e8d8
	// Prohibited Characters RFC3454 + RFC3920
d6e8d8
	$prohibited = array(
d6e8d8
		// Table C.1.1
d6e8d8
		array(0x0020, 0x0020),		// SPACE
d6e8d8
		// Table C.1.2
d6e8d8
		array(0x00A0, 0x00A0),		// NO-BREAK SPACE
d6e8d8
		array(0x1680, 0x1680),		// OGHAM SPACE MARK
d6e8d8
		array(0x2000, 0x2001),		// EN QUAD
d6e8d8
		array(0x2001, 0x2001),		// EM QUAD
d6e8d8
		array(0x2002, 0x2002),		// EN SPACE
d6e8d8
		array(0x2003, 0x2003),		// EM SPACE
d6e8d8
		array(0x2004, 0x2004),		// THREE-PER-EM SPACE
d6e8d8
		array(0x2005, 0x2005),		// FOUR-PER-EM SPACE
d6e8d8
		array(0x2006, 0x2006),		// SIX-PER-EM SPACE
d6e8d8
		array(0x2007, 0x2007),		// FIGURE SPACE
d6e8d8
		array(0x2008, 0x2008),		// PUNCTUATION SPACE
d6e8d8
		array(0x2009, 0x2009),		// THIN SPACE
d6e8d8
		array(0x200A, 0x200A),		// HAIR SPACE
d6e8d8
		array(0x200B, 0x200B),		// ZERO WIDTH SPACE
d6e8d8
		array(0x202F, 0x202F),		// NARROW NO-BREAK SPACE
d6e8d8
		array(0x205F, 0x205F),		// MEDIUM MATHEMATICAL SPACE
d6e8d8
		array(0x3000, 0x3000),		// IDEOGRAPHIC SPACE
d6e8d8
		// Table C.2.1
d6e8d8
		array(0x0000, 0x001F),		// [CONTROL CHARACTERS]
d6e8d8
		array(0x007F, 0x007F),		// DELETE
d6e8d8
		// Table C.2.2
d6e8d8
		array(0x0080, 0x009F),		// [CONTROL CHARACTERS]
d6e8d8
		array(0x06DD, 0x06DD),		// ARABIC END OF AYAH
d6e8d8
		array(0x070F, 0x070F),		// SYRIAC ABBREVIATION MARK
d6e8d8
		array(0x180E, 0x180E),		// MONGOLIAN VOWEL SEPARATOR
d6e8d8
		array(0x200C, 0x200C), 		// ZERO WIDTH NON-JOINER
d6e8d8
		array(0x200D, 0x200D),		// ZERO WIDTH JOINER
d6e8d8
		array(0x2028, 0x2028),		// LINE SEPARATOR
d6e8d8
		array(0x2029, 0x2029),		// PARAGRAPH SEPARATOR
d6e8d8
		array(0x2060, 0x2060),		// WORD JOINER
d6e8d8
		array(0x2061, 0x2061),		// FUNCTION APPLICATION
d6e8d8
		array(0x2062, 0x2062),		// INVISIBLE TIMES
d6e8d8
		array(0x2063, 0x2063),		// INVISIBLE SEPARATOR
d6e8d8
		array(0x206A, 0x206F),		// [CONTROL CHARACTERS]
d6e8d8
		array(0xFEFF, 0xFEFF),		// ZERO WIDTH NO-BREAK SPACE
d6e8d8
		array(0xFFF9, 0xFFFC),		// [CONTROL CHARACTERS]
d6e8d8
		array(0x1D173, 0x1D17A),	// [MUSICAL CONTROL CHARACTERS]
d6e8d8
		// Table C.3
d6e8d8
		array(0xE000, 0xF8FF),		// [PRIVATE USE, PLANE 0]
d6e8d8
		array(0xF0000, 0xFFFFD),	// [PRIVATE USE, PLANE 15]
d6e8d8
		array(0x100000, 0x10FFFD),	// [PRIVATE USE, PLANE 16]
d6e8d8
		// Table C.4
d6e8d8
		array(0xFDD0, 0xFDEF),		// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0xFFFE, 0xFFFF),		// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x1FFFE, 0x1FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x2FFFE, 0x2FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x3FFFE, 0x3FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x4FFFE, 0x4FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x5FFFE, 0x5FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x6FFFE, 0x6FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x7FFFE, 0x7FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x8FFFE, 0x8FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x9FFFE, 0x9FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0xAFFFE, 0xAFFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0xBFFFE, 0xBFFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0xCFFFE, 0xCFFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0xDFFFE, 0xDFFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0xEFFFE, 0xEFFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0xFFFFE, 0xFFFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		array(0x10FFFE, 0x10FFFF),	// [NONCHARACTER CODE POINTS]
d6e8d8
		// Table C.5
d6e8d8
		array(0xD800, 0xDFFF),		// [SURROGATE CODES]
d6e8d8
		// Table C.6
d6e8d8
		array(0xFFF9, 0xFFF9),		// INTERLINEAR ANNOTATION ANCHOR
d6e8d8
		array(0xFFFA, 0xFFFA),		// INTERLINEAR ANNOTATION SEPARATOR
d6e8d8
		array(0xFFFB, 0xFFFB),		// INTERLINEAR ANNOTATION TERMINATOR
d6e8d8
		array(0xFFFC, 0xFFFC),		// OBJECT REPLACEMENT CHARACTER
d6e8d8
		array(0xFFFD, 0xFFFD),		// REPLACEMENT CHARACTER
d6e8d8
		// Table C.7
d6e8d8
		array(0x2FF0, 0x2FFB),		// [IDEOGRAPHIC DESCRIPTION CHARACTERS]
d6e8d8
		// Table C.8
d6e8d8
		array(0x0340, 0x0340),		// COMBINING GRAVE TONE MARK
d6e8d8
		array(0x0341, 0x0341),		// COMBINING ACUTE TONE MARK
d6e8d8
		array(0x200E, 0x200E),		// LEFT-TO-RIGHT MARK
d6e8d8
		array(0x200F, 0x200F),		// RIGHT-TO-LEFT MARK
d6e8d8
		array(0x202A, 0x202A),		// LEFT-TO-RIGHT EMBEDDING
d6e8d8
		array(0x202B, 0x202B),		// RIGHT-TO-LEFT EMBEDDING
d6e8d8
		array(0x202C, 0x202C),		// POP DIRECTIONAL FORMATTING
d6e8d8
		array(0x202D, 0x202D),		// LEFT-TO-RIGHT OVERRIDE
d6e8d8
		array(0x202E, 0x202E),		// RIGHT-TO-LEFT OVERRIDE
d6e8d8
		array(0x206A, 0x206A),		// INHIBIT SYMMETRIC SWAPPING
d6e8d8
		array(0x206B, 0x206B),		// ACTIVATE SYMMETRIC SWAPPING
d6e8d8
		array(0x206C, 0x206C),		// INHIBIT ARABIC FORM SHAPING
d6e8d8
		array(0x206D, 0x206D),		// ACTIVATE ARABIC FORM SHAPING
d6e8d8
		array(0x206E, 0x206E),		// NATIONAL DIGIT SHAPES
d6e8d8
		array(0x206F, 0x206F),		// NOMINAL DIGIT SHAPES
d6e8d8
		// Table C.9
d6e8d8
		array(0xE0001, 0xE0001),	// LANGUAGE TAG
d6e8d8
		array(0xE0020, 0xE007F),	// [TAGGING CHARACTERS]
d6e8d8
		// RFC3920
d6e8d8
		array(0x22, 0x22),			// "
d6e8d8
		array(0x26, 0x26),			// &
d6e8d8
		array(0x27, 0x27),			// '
d6e8d8
		array(0x2F, 0x2F),			// /
d6e8d8
		array(0x3A, 0x3A),			// :
d6e8d8
		array(0x3C, 0x3C),			// <
d6e8d8
		array(0x3E, 0x3E),			// >
d6e8d8
		array(0x40, 0x40)			// @
d6e8d8
	);
d6e8d8
d6e8d8
	$pos = 0;
d6e8d8
	$result = true;
d6e8d8
d6e8d8
	while ($pos < strlen($username))
d6e8d8
	{
d6e8d8
		$len = $uni = 0;
d6e8d8
		for ($i = 0; $i <= 5; $i++)
d6e8d8
		{
d6e8d8
			if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])
d6e8d8
			{
d6e8d8
				$len = $i + 1;
d6e8d8
				$uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);
d6e8d8
d6e8d8
				for ($k = 1; $k < $len; $k++)
d6e8d8
				{
d6e8d8
					$uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);
d6e8d8
				}
d6e8d8
d6e8d8
				break;
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		if ($len == 0)
d6e8d8
		{
d6e8d8
			return 'WRONG_DATA';
d6e8d8
		}
d6e8d8
d6e8d8
		foreach ($prohibited as $pval)
d6e8d8
		{
d6e8d8
			if ($uni >= $pval[0] && $uni <= $pval[1])
d6e8d8
			{
d6e8d8
				$result = false;
d6e8d8
				break 2;
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		$pos = $pos + $len;
d6e8d8
	}
d6e8d8
d6e8d8
	if (!$result)
d6e8d8
	{
d6e8d8
		return 'WRONG_DATA';
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Remove avatar
d6e8d8
*/
d6e8d8
function avatar_delete($mode, $row, $clean_db = false)
d6e8d8
{
d6e8d8
	global $phpbb_root_path, $config, $db, $user;
d6e8d8
d6e8d8
	// Check if the users avatar is actually *not* a group avatar
d6e8d8
	if ($mode == 'user')
d6e8d8
	{
d6e8d8
		if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
d6e8d8
		{
d6e8d8
			return false;
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	if ($clean_db)
d6e8d8
	{
d6e8d8
		avatar_remove_db($row[$mode . '_avatar']);
d6e8d8
	}
d6e8d8
	$filename = get_avatar_filename($row[$mode . '_avatar']);
d6e8d8
	if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
d6e8d8
	{
d6e8d8
		@unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
d6e8d8
		return true;
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Remote avatar linkage
d6e8d8
*/
d6e8d8
function avatar_remote($data, &$error)
d6e8d8
{
d6e8d8
	global $config, $db, $user, $phpbb_root_path, $phpEx;
d6e8d8
d6e8d8
	if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
d6e8d8
	{
d6e8d8
		$data['remotelink'] = 'http://' . $data['remotelink'];
d6e8d8
	}
d6e8d8
	if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
d6e8d8
	{
d6e8d8
		$error[] = $user->lang['AVATAR_URL_INVALID'];
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	// Make sure getimagesize works...
d6e8d8
	if (($image_data = @getimagesize($data['remotelink'])) === false && (empty($data['width']) || empty($data['height'])))
d6e8d8
	{
d6e8d8
		$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	if (!empty($image_data) && ($image_data[0] < 2 || $image_data[1] < 2))
d6e8d8
	{
d6e8d8
		$error[] = $user->lang['AVATAR_NO_SIZE'];
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
d6e8d8
	$height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
d6e8d8
d6e8d8
	if ($width < 2 || $height < 2)
d6e8d8
	{
d6e8d8
		$error[] = $user->lang['AVATAR_NO_SIZE'];
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	// Check image type
d6e8d8
	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
d6e8d8
	$types = fileupload::image_types();
d6e8d8
	$extension = strtolower(filespec::get_extension($data['remotelink']));
d6e8d8
d6e8d8
	if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))
d6e8d8
	{
d6e8d8
		if (!isset($types[$image_data[2]]))
d6e8d8
		{
d6e8d8
			$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			$error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
d6e8d8
		}
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	if ($config['avatar_max_width'] || $config['avatar_max_height'])
d6e8d8
	{
d6e8d8
		if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
d6e8d8
		{
d6e8d8
			$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
d6e8d8
			return false;
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	if ($config['avatar_min_width'] || $config['avatar_min_height'])
d6e8d8
	{
d6e8d8
		if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height'])
d6e8d8
		{
d6e8d8
			$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
d6e8d8
			return false;
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Avatar upload using the upload class
d6e8d8
*/
d6e8d8
function avatar_upload($data, &$error)
d6e8d8
{
d6e8d8
	global $phpbb_root_path, $config, $db, $user, $phpEx;
d6e8d8
d6e8d8
	// Init upload class
d6e8d8
	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
d6e8d8
	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
d6e8d8
d6e8d8
	if (!empty($_FILES['uploadfile']['name']))
d6e8d8
	{
d6e8d8
		$file = $upload->form_upload('uploadfile');
d6e8d8
	}
d6e8d8
	else
d6e8d8
	{
d6e8d8
		$file = $upload->remote_upload($data['uploadurl']);
d6e8d8
	}
d6e8d8
d6e8d8
	$prefix = $config['avatar_salt'] . '_';
d6e8d8
	$file->clean_filename('avatar', $prefix, $data['user_id']);
d6e8d8
d6e8d8
	$destination = $config['avatar_path'];
d6e8d8
d6e8d8
	// Adjust destination path (no trailing slash)
d6e8d8
	if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\')
d6e8d8
	{
d6e8d8
		$destination = substr($destination, 0, -1);
d6e8d8
	}
d6e8d8
d6e8d8
	$destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
d6e8d8
	if ($destination && ($destination[0] == '/' || $destination[0] == "\\"))
d6e8d8
	{
d6e8d8
		$destination = '';
d6e8d8
	}
d6e8d8
d6e8d8
	// Move file and overwrite any existing image
d6e8d8
	$file->move_file($destination, true);
d6e8d8
d6e8d8
	if (sizeof($file->error))
d6e8d8
	{
d6e8d8
		$file->remove();
d6e8d8
		$error = array_merge($error, $file->error);
d6e8d8
	}
d6e8d8
d6e8d8
	return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Generates avatar filename from the database entry
d6e8d8
*/
d6e8d8
function get_avatar_filename($avatar_entry)
d6e8d8
{
d6e8d8
	global $config;
d6e8d8
d6e8d8
d6e8d8
	if ($avatar_entry[0] === 'g')
d6e8d8
	{
d6e8d8
		$avatar_group = true;
d6e8d8
		$avatar_entry = substr($avatar_entry, 1);
d6e8d8
	}
d6e8d8
	else
d6e8d8
	{
d6e8d8
		$avatar_group = false;
d6e8d8
	}
d6e8d8
	$ext 			= substr(strrchr($avatar_entry, '.'), 1);
d6e8d8
	$avatar_entry	= intval($avatar_entry);
d6e8d8
	return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Avatar Gallery
d6e8d8
*/
d6e8d8
function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')
d6e8d8
{
d6e8d8
	global $user, $cache, $template;
d6e8d8
	global $config, $phpbb_root_path;
d6e8d8
d6e8d8
	$avatar_list = array();
d6e8d8
d6e8d8
	$path = $phpbb_root_path . $config['avatar_gallery_path'];
d6e8d8
d6e8d8
	if (!file_exists($path) || !is_dir($path))
d6e8d8
	{
d6e8d8
		$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
d6e8d8
	}
d6e8d8
	else
d6e8d8
	{
d6e8d8
		// Collect images
d6e8d8
		$dp = @opendir($path);
d6e8d8
d6e8d8
		if (!$dp)
d6e8d8
		{
d6e8d8
			return array($user->lang['NO_AVATAR_CATEGORY'] => array());
d6e8d8
		}
d6e8d8
d6e8d8
		while (($file = readdir($dp)) !== false)
d6e8d8
		{
d6e8d8
			if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))
d6e8d8
			{
d6e8d8
				$avatar_row_count = $avatar_col_count = 0;
d6e8d8
d6e8d8
				if ($dp2 = @opendir("$path/$file"))
d6e8d8
				{
d6e8d8
					while (($sub_file = readdir($dp2)) !== false)
d6e8d8
					{
d6e8d8
						if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))
d6e8d8
						{
d6e8d8
							$avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
d6e8d8
								'file'		=> "$file/$sub_file",
d6e8d8
								'filename'	=> $sub_file,
d6e8d8
								'name'		=> ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
d6e8d8
							);
d6e8d8
							$avatar_col_count++;
d6e8d8
							if ($avatar_col_count == $items_per_column)
d6e8d8
							{
d6e8d8
								$avatar_row_count++;
d6e8d8
								$avatar_col_count = 0;
d6e8d8
							}
d6e8d8
						}
d6e8d8
					}
d6e8d8
					closedir($dp2);
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
		closedir($dp);
d6e8d8
	}
d6e8d8
d6e8d8
	if (!sizeof($avatar_list))
d6e8d8
	{
d6e8d8
		$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
d6e8d8
	}
d6e8d8
d6e8d8
	@ksort($avatar_list);
d6e8d8
d6e8d8
	$category = (!$category) ? key($avatar_list) : $category;
d6e8d8
	$avatar_categories = array_keys($avatar_list);
d6e8d8
d6e8d8
	$s_category_options = '';
d6e8d8
	foreach ($avatar_categories as $cat)
d6e8d8
	{
d6e8d8
		$s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ? ' selected="selected"' : '') . '>' . $cat . '</option>';
d6e8d8
	}
d6e8d8
d6e8d8
	$template->assign_vars(array(
d6e8d8
		'S_AVATARS_ENABLED'		=> true,
d6e8d8
		'S_IN_AVATAR_GALLERY'	=> true,
d6e8d8
		'S_CAT_OPTIONS'			=> $s_category_options)
d6e8d8
	);
d6e8d8
d6e8d8
	$avatar_list = (isset($avatar_list[$category])) ? $avatar_list[$category] : array();
d6e8d8
d6e8d8
	foreach ($avatar_list as $avatar_row_ary)
d6e8d8
	{
d6e8d8
		$template->assign_block_vars($block_var, array());
d6e8d8
d6e8d8
		foreach ($avatar_row_ary as $avatar_col_ary)
d6e8d8
		{
d6e8d8
			$template->assign_block_vars($block_var . '.avatar_column', array(
d6e8d8
				'AVATAR_IMAGE'	=> $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
d6e8d8
				'AVATAR_NAME'	=> $avatar_col_ary['name'],
d6e8d8
				'AVATAR_FILE'	=> $avatar_col_ary['filename'])
d6e8d8
			);
d6e8d8
d6e8d8
			$template->assign_block_vars($block_var . '.avatar_option_column', array(
d6e8d8
				'AVATAR_IMAGE'	=> $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
d6e8d8
				'S_OPTIONS_AVATAR'	=> $avatar_col_ary['filename'])
d6e8d8
			);
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	return $avatar_list;
d6e8d8
}
d6e8d8
d6e8d8
d6e8d8
/**
d6e8d8
* Tries to (re-)establish avatar dimensions
d6e8d8
*/
d6e8d8
function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $current_y = 0)
d6e8d8
{
d6e8d8
	global $config, $phpbb_root_path, $user;
d6e8d8
d6e8d8
	switch ($avatar_type)
d6e8d8
	{
d6e8d8
		case AVATAR_REMOTE :
d6e8d8
			break;
d6e8d8
d6e8d8
		case AVATAR_UPLOAD :
d6e8d8
			$avatar = $phpbb_root_path . $config['avatar_path'] . '/' . get_avatar_filename($avatar);
d6e8d8
			break;
d6e8d8
d6e8d8
		case AVATAR_GALLERY :
d6e8d8
			$avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;
d6e8d8
			break;
d6e8d8
	}
d6e8d8
d6e8d8
	// Make sure getimagesize works...
d6e8d8
	if (($image_data = @getimagesize($avatar)) === false)
d6e8d8
	{
d6e8d8
		$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	if ($image_data[0] < 2 || $image_data[1] < 2)
d6e8d8
	{
d6e8d8
		$error[] = $user->lang['AVATAR_NO_SIZE'];
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	// try to maintain ratio
d6e8d8
	if (!(empty($current_x) && empty($current_y)))
d6e8d8
	{
d6e8d8
		if ($current_x != 0)
d6e8d8
		{
d6e8d8
			$image_data[1] = (int) floor(($current_x / $image_data[0]) * $image_data[1]);
d6e8d8
			$image_data[1] = min($config['avatar_max_height'], $image_data[1]);
d6e8d8
			$image_data[1] = max($config['avatar_min_height'], $image_data[1]);
d6e8d8
		}
d6e8d8
		if ($current_y != 0)
d6e8d8
		{
d6e8d8
			$image_data[0] = (int) floor(($current_y / $image_data[1]) * $image_data[0]);
d6e8d8
			$image_data[0] = min($config['avatar_max_width'], $image_data[1]);
d6e8d8
			$image_data[0] = max($config['avatar_min_width'], $image_data[1]);
d6e8d8
		}
d6e8d8
	}
d6e8d8
	return array($image_data[0], $image_data[1]);
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Uploading/Changing user avatar
d6e8d8
*/
d6e8d8
function avatar_process_user(&$error, $custom_userdata = false)
d6e8d8
{
d6e8d8
	global $config, $phpbb_root_path, $auth, $user, $db;
d6e8d8
d6e8d8
	$data = array(
d6e8d8
		'uploadurl'		=> request_var('uploadurl', ''),
d6e8d8
		'remotelink'	=> request_var('remotelink', ''),
d6e8d8
		'width'			=> request_var('width', 0),
d6e8d8
		'height'		=> request_var('height', 0),
d6e8d8
	);
d6e8d8
d6e8d8
	$error = validate_data($data, array(
d6e8d8
		'uploadurl'		=> array('string', true, 5, 255),
d6e8d8
		'remotelink'	=> array('string', true, 5, 255),
d6e8d8
		'width'			=> array('string', true, 1, 3),
d6e8d8
		'height'		=> array('string', true, 1, 3),
d6e8d8
	));
d6e8d8
d6e8d8
	if (sizeof($error))
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$sql_ary = array();
d6e8d8
d6e8d8
	if ($custom_userdata === false)
d6e8d8
	{
d6e8d8
		$userdata = &$user->data;
d6e8d8
	}
d6e8d8
	else
d6e8d8
	{
d6e8d8
		$userdata = &$custom_userdata;
d6e8d8
	}
d6e8d8
d6e8d8
	$data['user_id'] = $userdata['user_id'];
d6e8d8
	$change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;
d6e8d8
	$avatar_select = basename(request_var('avatar_select', ''));
d6e8d8
d6e8d8
	// Can we upload?
d6e8d8
	$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
d6e8d8
d6e8d8
	if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
d6e8d8
	{
d6e8d8
		list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
d6e8d8
	}
d6e8d8
	else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])
d6e8d8
	{
d6e8d8
		list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);
d6e8d8
	}
d6e8d8
	else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])
d6e8d8
	{
d6e8d8
		$category = basename(request_var('category', ''));
d6e8d8
d6e8d8
		$sql_ary['user_avatar_type'] = AVATAR_GALLERY;
d6e8d8
		$sql_ary['user_avatar'] = $avatar_select;
d6e8d8
d6e8d8
		// check avatar gallery
d6e8d8
		if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
d6e8d8
		{
d6e8d8
			$sql_ary['user_avatar'] = '';
d6e8d8
			$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
d6e8d8
			$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
d6e8d8
		}
d6e8d8
	}
d6e8d8
	else if (isset($_POST['delete']) && $change_avatar)
d6e8d8
	{
d6e8d8
		$sql_ary['user_avatar'] = '';
d6e8d8
		$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
d6e8d8
	}
d6e8d8
	else if (!empty($userdata['user_avatar']))
d6e8d8
	{
d6e8d8
		// Only update the dimensions
d6e8d8
d6e8d8
		if (empty($data['width']) || empty($data['height']))
d6e8d8
		{
d6e8d8
			if ($dims = avatar_get_dimensions($userdata['user_avatar'], $userdata['user_avatar_type'], $error, $data['width'], $data['height']))
d6e8d8
			{
d6e8d8
				list($guessed_x, $guessed_y) = $dims;
d6e8d8
				if (empty($data['width']))
d6e8d8
				{
d6e8d8
					$data['width'] = $guessed_x;
d6e8d8
				}
d6e8d8
				if (empty($data['height']))
d6e8d8
				{
d6e8d8
					$data['height'] = $guessed_y;
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
		if (($config['avatar_max_width'] || $config['avatar_max_height']) &&
d6e8d8
			(($data['width'] != $userdata['user_avatar_width']) || $data['height'] != $userdata['user_avatar_height']))
d6e8d8
		{
d6e8d8
			if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
d6e8d8
			{
d6e8d8
				$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		if (!sizeof($error))
d6e8d8
		{
d6e8d8
			if ($config['avatar_min_width'] || $config['avatar_min_height'])
d6e8d8
			{
d6e8d8
				if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height'])
d6e8d8
				{
d6e8d8
					$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		if (!sizeof($error))
d6e8d8
		{
d6e8d8
			$sql_ary['user_avatar_width'] = $data['width'];
d6e8d8
			$sql_ary['user_avatar_height'] = $data['height'];
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	if (!sizeof($error))
d6e8d8
	{
d6e8d8
		// Do we actually have any data to update?
d6e8d8
		if (sizeof($sql_ary))
d6e8d8
		{
d6e8d8
			$ext_new = $ext_old = '';
d6e8d8
			if (isset($sql_ary['user_avatar']))
d6e8d8
			{
d6e8d8
				$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
d6e8d8
				$ext_new = (empty($sql_ary['user_avatar'])) ? '' : substr(strrchr($sql_ary['user_avatar'], '.'), 1);
d6e8d8
				$ext_old = (empty($userdata['user_avatar'])) ? '' : substr(strrchr($userdata['user_avatar'], '.'), 1);
d6e8d8
d6e8d8
				if ($userdata['user_avatar_type'] == AVATAR_UPLOAD)
d6e8d8
				{
d6e8d8
					// Delete old avatar if present
d6e8d8
					if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']))
d6e8d8
					   || ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $ext_new !== $ext_old))
d6e8d8
					{
d6e8d8
						avatar_delete('user', $userdata);
d6e8d8
					}
d6e8d8
				}
d6e8d8
			}
d6e8d8
d6e8d8
			$sql = 'UPDATE ' . USERS_TABLE . '
d6e8d8
				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
d6e8d8
				WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
d6e8d8
			$db->sql_query($sql);
d6e8d8
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	return (sizeof($error)) ? false : true;
d6e8d8
}
d6e8d8
d6e8d8
//
d6e8d8
// Usergroup functions
d6e8d8
//
d6e8d8
d6e8d8
/**
d6e8d8
* Add or edit a group. If we're editing a group we only update user
d6e8d8
* parameters such as rank, etc. if they are changed
d6e8d8
*/
d6e8d8
function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
d6e8d8
{
d6e8d8
	global $phpbb_root_path, $config, $db, $user, $file_upload;
d6e8d8
d6e8d8
	$error = array();
d6e8d8
	$attribute_ary = array(
d6e8d8
		'group_colour'			=> 'string',
d6e8d8
		'group_rank'			=> 'int',
d6e8d8
		'group_avatar'			=> 'string',
d6e8d8
		'group_avatar_type'		=> 'int',
d6e8d8
		'group_avatar_width'	=> 'int',
d6e8d8
		'group_avatar_height'	=> 'int',
d6e8d8
d6e8d8
		'group_receive_pm'		=> 'int',
d6e8d8
		'group_legend'			=> 'int',
d6e8d8
		'group_message_limit'	=> 'int',
d6e8d8
		'group_max_recipients'	=> 'int',
d6e8d8
d6e8d8
		'group_founder_manage'	=> 'int',
d6e8d8
	);
d6e8d8
d6e8d8
	// Those are group-only attributes
d6e8d8
	$group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_max_recipients', 'group_founder_manage');
d6e8d8
d6e8d8
	// Check data. Limit group name length.
d6e8d8
	if (!utf8_strlen($name) || utf8_strlen($name) > 60)
d6e8d8
	{
d6e8d8
		$error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];
d6e8d8
	}
d6e8d8
d6e8d8
	$err = group_validate_groupname($group_id, $name);
d6e8d8
	if (!empty($err))
d6e8d8
	{
d6e8d8
		$error[] = $user->lang[$err];
d6e8d8
	}
d6e8d8
d6e8d8
	if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))
d6e8d8
	{
d6e8d8
		$error[] = $user->lang['GROUP_ERR_TYPE'];
d6e8d8
	}
d6e8d8
d6e8d8
	if (!sizeof($error))
d6e8d8
	{
d6e8d8
		$user_ary = array();
d6e8d8
		$sql_ary = array(
d6e8d8
			'group_name'			=> (string) $name,
d6e8d8
			'group_desc'			=> (string) $desc,
d6e8d8
			'group_desc_uid'		=> '',
d6e8d8
			'group_desc_bitfield'	=> '',
d6e8d8
			'group_type'			=> (int) $type,
d6e8d8
		);
d6e8d8
d6e8d8
		// Parse description
d6e8d8
		if ($desc)
d6e8d8
		{
d6e8d8
			generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
d6e8d8
		}
d6e8d8
d6e8d8
		if (sizeof($group_attributes))
d6e8d8
		{
d6e8d8
			foreach ($attribute_ary as $attribute => $_type)
d6e8d8
			{
d6e8d8
				if (isset($group_attributes[$attribute]))
d6e8d8
				{
d6e8d8
					settype($group_attributes[$attribute], $_type);
d6e8d8
					$sql_ary[$attribute] = $group_attributes[$attribute];
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		// Setting the log message before we set the group id (if group gets added)
d6e8d8
		$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
d6e8d8
d6e8d8
		$query = '';
d6e8d8
d6e8d8
		if ($group_id)
d6e8d8
		{
d6e8d8
			$sql = 'SELECT user_id
d6e8d8
				FROM ' . USERS_TABLE . '
d6e8d8
				WHERE group_id = ' . $group_id;
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				$user_ary[] = $row['user_id'];
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			if (isset($sql_ary['group_avatar']) && !$sql_ary['group_avatar'])
d6e8d8
			{
d6e8d8
				remove_default_avatar($group_id, $user_ary);
d6e8d8
			}
d6e8d8
			if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
d6e8d8
			{
d6e8d8
				remove_default_rank($group_id, $user_ary);
d6e8d8
			}
d6e8d8
d6e8d8
			$sql = 'UPDATE ' . GROUPS_TABLE . '
d6e8d8
				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
d6e8d8
				WHERE group_id = $group_id";
d6e8d8
			$db->sql_query($sql);
d6e8d8
d6e8d8
			// Since we may update the name too, we need to do this on other tables too...
d6e8d8
			$sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . "
d6e8d8
				SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
d6e8d8
				WHERE group_id = $group_id";
d6e8d8
			$db->sql_query($sql);
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			$sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
d6e8d8
			$db->sql_query($sql);
d6e8d8
		}
d6e8d8
d6e8d8
		if (!$group_id)
d6e8d8
		{
d6e8d8
			$group_id = $db->sql_nextid();
d6e8d8
			if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
d6e8d8
			{
d6e8d8
				group_correct_avatar($group_id, $sql_ary['group_avatar']);
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		// Set user attributes
d6e8d8
		$sql_ary = array();
d6e8d8
		if (sizeof($group_attributes))
d6e8d8
		{
d6e8d8
			foreach ($attribute_ary as $attribute => $_type)
d6e8d8
			{
d6e8d8
				if (isset($group_attributes[$attribute]) && !in_array($attribute, $group_only_ary))
d6e8d8
				{
d6e8d8
					// If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
d6e8d8
					if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
d6e8d8
					{
d6e8d8
						continue;
d6e8d8
					}
d6e8d8
d6e8d8
					$sql_ary[$attribute] = $group_attributes[$attribute];
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		if (sizeof($sql_ary) && sizeof($user_ary))
d6e8d8
		{
d6e8d8
			group_set_user_default($group_id, $user_ary, $sql_ary);
d6e8d8
		}
d6e8d8
d6e8d8
		$name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;
d6e8d8
		add_log('admin', $log, $name);
d6e8d8
d6e8d8
		group_update_listings($group_id);
d6e8d8
	}
d6e8d8
d6e8d8
	return (sizeof($error)) ? $error : false;
d6e8d8
}
d6e8d8
d6e8d8
d6e8d8
/**
d6e8d8
* Changes a group avatar's filename to conform to the naming scheme
d6e8d8
*/
d6e8d8
function group_correct_avatar($group_id, $old_entry)
d6e8d8
{
d6e8d8
	global $config, $db, $phpbb_root_path;
d6e8d8
d6e8d8
	$group_id		= (int)$group_id;
d6e8d8
	$ext 			= substr(strrchr($old_entry, '.'), 1);
d6e8d8
	$old_filename 	= get_avatar_filename($old_entry);
d6e8d8
	$new_filename 	= $config['avatar_salt'] . "_g$group_id.$ext";
d6e8d8
	$new_entry 		= 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
d6e8d8
d6e8d8
	$avatar_path = $phpbb_root_path . $config['avatar_path'];
d6e8d8
	if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
d6e8d8
	{
d6e8d8
		$sql = 'UPDATE ' . GROUPS_TABLE . '
d6e8d8
			SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
d6e8d8
			WHERE group_id = $group_id";
d6e8d8
		$db->sql_query($sql);
d6e8d8
	}
d6e8d8
}
d6e8d8
d6e8d8
d6e8d8
/**
d6e8d8
* Remove avatar also for users not having the group as default
d6e8d8
*/
d6e8d8
function avatar_remove_db($avatar_name)
d6e8d8
{
d6e8d8
	global $config, $db;
d6e8d8
d6e8d8
	$sql = 'UPDATE ' . USERS_TABLE . "
d6e8d8
		SET user_avatar = '',
d6e8d8
		user_avatar_type = 0
d6e8d8
		WHERE user_avatar = '" . $db->sql_escape($avatar_name) . '\'';
d6e8d8
	$db->sql_query($sql);
d6e8d8
}
d6e8d8
d6e8d8
d6e8d8
/**
d6e8d8
* Group Delete
d6e8d8
*/
d6e8d8
function group_delete($group_id, $group_name = false)
d6e8d8
{
d6e8d8
	global $db, $phpbb_root_path, $phpEx;
d6e8d8
d6e8d8
	if (!$group_name)
d6e8d8
	{
d6e8d8
		$group_name = get_group_name($group_id);
d6e8d8
	}
d6e8d8
d6e8d8
	$start = 0;
d6e8d8
d6e8d8
	do
d6e8d8
	{
d6e8d8
		$user_id_ary = $username_ary = array();
d6e8d8
d6e8d8
		// Batch query for group members, call group_user_del
d6e8d8
		$sql = 'SELECT u.user_id, u.username
d6e8d8
			FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u
d6e8d8
			WHERE ug.group_id = $group_id
d6e8d8
				AND u.user_id = ug.user_id";
d6e8d8
		$result = $db->sql_query_limit($sql, 200, $start);
d6e8d8
d6e8d8
		if ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			do
d6e8d8
			{
d6e8d8
				$user_id_ary[] = $row['user_id'];
d6e8d8
				$username_ary[] = $row['username'];
d6e8d8
d6e8d8
				$start++;
d6e8d8
			}
d6e8d8
			while ($row = $db->sql_fetchrow($result));
d6e8d8
d6e8d8
			group_user_del($group_id, $user_id_ary, $username_ary, $group_name);
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			$start = 0;
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
	}
d6e8d8
	while ($start);
d6e8d8
d6e8d8
	// Delete group
d6e8d8
	$sql = 'DELETE FROM ' . GROUPS_TABLE . "
d6e8d8
		WHERE group_id = $group_id";
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	// Delete auth entries from the groups table
d6e8d8
	$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "
d6e8d8
		WHERE group_id = $group_id";
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	// Re-cache moderators
d6e8d8
	if (!function_exists('cache_moderators'))
d6e8d8
	{
d6e8d8
		include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
d6e8d8
	}
d6e8d8
d6e8d8
	cache_moderators();
d6e8d8
d6e8d8
	add_log('admin', 'LOG_GROUP_DELETE', $group_name);
d6e8d8
d6e8d8
	// Return false - no error
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Add user(s) to group
d6e8d8
*
d6e8d8
* @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
d6e8d8
*/
d6e8d8
function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
d6e8d8
{
d6e8d8
	global $db, $auth;
d6e8d8
d6e8d8
	// We need both username and user_id info
d6e8d8
	$result = user_get_id_name($user_id_ary, $username_ary);
d6e8d8
d6e8d8
	if (!sizeof($user_id_ary) || $result !== false)
d6e8d8
	{
d6e8d8
		return 'NO_USER';
d6e8d8
	}
d6e8d8
d6e8d8
	// Remove users who are already members of this group
d6e8d8
	$sql = 'SELECT user_id, group_leader
d6e8d8
		FROM ' . USER_GROUP_TABLE . '
d6e8d8
		WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
d6e8d8
			AND group_id = $group_id";
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	$add_id_ary = $update_id_ary = array();
d6e8d8
	while ($row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$add_id_ary[] = (int) $row['user_id'];
d6e8d8
d6e8d8
		if ($leader && !$row['group_leader'])
d6e8d8
		{
d6e8d8
			$update_id_ary[] = (int) $row['user_id'];
d6e8d8
		}
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	// Do all the users exist in this group?
d6e8d8
	$add_id_ary = array_diff($user_id_ary, $add_id_ary);
d6e8d8
d6e8d8
	// If we have no users
d6e8d8
	if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
d6e8d8
	{
d6e8d8
		return 'GROUP_USERS_EXIST';
d6e8d8
	}
d6e8d8
d6e8d8
	$db->sql_transaction('begin');
d6e8d8
d6e8d8
	// Insert the new users
d6e8d8
	if (sizeof($add_id_ary))
d6e8d8
	{
d6e8d8
		$sql_ary = array();
d6e8d8
d6e8d8
		foreach ($add_id_ary as $user_id)
d6e8d8
		{
d6e8d8
			$sql_ary[] = array(
d6e8d8
				'user_id'		=> (int) $user_id,
d6e8d8
				'group_id'		=> (int) $group_id,
d6e8d8
				'group_leader'	=> (int) $leader,
d6e8d8
				'user_pending'	=> (int) $pending,
d6e8d8
			);
d6e8d8
		}
d6e8d8
d6e8d8
		$db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);
d6e8d8
	}
d6e8d8
d6e8d8
	if (sizeof($update_id_ary))
d6e8d8
	{
d6e8d8
		$sql = 'UPDATE ' . USER_GROUP_TABLE . '
d6e8d8
			SET group_leader = 1
d6e8d8
			WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
d6e8d8
				AND group_id = $group_id";
d6e8d8
		$db->sql_query($sql);
d6e8d8
	}
d6e8d8
d6e8d8
	if ($default)
d6e8d8
	{
d6e8d8
		group_set_user_default($group_id, $user_id_ary, $group_attributes);
d6e8d8
	}
d6e8d8
d6e8d8
	$db->sql_transaction('commit');
d6e8d8
d6e8d8
	// Clear permissions cache of relevant users
d6e8d8
	$auth->acl_clear_prefetch($user_id_ary);
d6e8d8
d6e8d8
	if (!$group_name)
d6e8d8
	{
d6e8d8
		$group_name = get_group_name($group_id);
d6e8d8
	}
d6e8d8
d6e8d8
	$log = ($leader) ? 'LOG_MODS_ADDED' : 'LOG_USERS_ADDED';
d6e8d8
d6e8d8
	add_log('admin', $log, $group_name, implode(', ', $username_ary));
d6e8d8
d6e8d8
	group_update_listings($group_id);
d6e8d8
d6e8d8
	// Return false - no error
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Remove a user/s from a given group. When we remove users we update their
d6e8d8
* default group_id. We do this by examining which "special" groups they belong
d6e8d8
* to. The selection is made based on a reasonable priority system
d6e8d8
*
d6e8d8
* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
d6e8d8
*/
d6e8d8
function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
d6e8d8
{
d6e8d8
	global $db, $auth;
d6e8d8
d6e8d8
	$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
d6e8d8
d6e8d8
	// We need both username and user_id info
d6e8d8
	$result = user_get_id_name($user_id_ary, $username_ary);
d6e8d8
d6e8d8
	if (!sizeof($user_id_ary) || $result !== false)
d6e8d8
	{
d6e8d8
		return 'NO_USER';
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'SELECT *
d6e8d8
		FROM ' . GROUPS_TABLE . '
d6e8d8
		WHERE ' . $db->sql_in_set('group_name', $group_order);
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	$group_order_id = $special_group_data = array();
d6e8d8
	while ($row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$group_order_id[$row['group_name']] = $row['group_id'];
d6e8d8
d6e8d8
		$special_group_data[$row['group_id']] = array(
d6e8d8
			'group_colour'			=> $row['group_colour'],
d6e8d8
			'group_rank'				=> $row['group_rank'],
d6e8d8
		);
d6e8d8
d6e8d8
		// Only set the group avatar if one is defined...
d6e8d8
		if ($row['group_avatar'])
d6e8d8
		{
d6e8d8
			$special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
d6e8d8
				'group_avatar'			=> $row['group_avatar'],
d6e8d8
				'group_avatar_type'		=> $row['group_avatar_type'],
d6e8d8
				'group_avatar_width'		=> $row['group_avatar_width'],
d6e8d8
				'group_avatar_height'	=> $row['group_avatar_height'])
d6e8d8
			);
d6e8d8
		}
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
d6e8d8
	$sql = 'SELECT user_id, group_id
d6e8d8
		FROM ' . USERS_TABLE . '
d6e8d8
		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	$default_groups = array();
d6e8d8
	while ($row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$default_groups[$row['user_id']] = $row['group_id'];
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	// What special group memberships exist for these users?
d6e8d8
	$sql = 'SELECT g.group_id, g.group_name, ug.user_id
d6e8d8
		FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
d6e8d8
		WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
d6e8d8
			AND g.group_id = ug.group_id
d6e8d8
			AND g.group_id <> $group_id
d6e8d8
			AND g.group_type = " . GROUP_SPECIAL . '
d6e8d8
		ORDER BY ug.user_id, g.group_id';
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
d6e8d8
	$temp_ary = array();
d6e8d8
	while ($row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || array_search($row['group_name'], $group_order) < $temp_ary[$row['user_id']]))
d6e8d8
		{
d6e8d8
			$temp_ary[$row['user_id']] = $row['group_id'];
d6e8d8
		}
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	$sql_where_ary = array();
d6e8d8
	foreach ($temp_ary as $uid => $gid)
d6e8d8
	{
d6e8d8
		$sql_where_ary[$gid][] = $uid;
d6e8d8
	}
d6e8d8
	unset($temp_ary);
d6e8d8
d6e8d8
	foreach ($special_group_data as $gid => $default_data_ary)
d6e8d8
	{
d6e8d8
		if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
d6e8d8
		{
d6e8d8
			remove_default_rank($group_id, $sql_where_ary[$gid]);
d6e8d8
			remove_default_avatar($group_id, $sql_where_ary[$gid]);
d6e8d8
			group_set_user_default($gid, $sql_where_ary[$gid], $default_data_ary);
d6e8d8
		}
d6e8d8
	}
d6e8d8
	unset($special_group_data);
d6e8d8
d6e8d8
	$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
d6e8d8
		WHERE group_id = $group_id
d6e8d8
			AND " . $db->sql_in_set('user_id', $user_id_ary);
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	// Clear permissions cache of relevant users
d6e8d8
	$auth->acl_clear_prefetch($user_id_ary);
d6e8d8
d6e8d8
	if (!$group_name)
d6e8d8
	{
d6e8d8
		$group_name = get_group_name($group_id);
d6e8d8
	}
d6e8d8
d6e8d8
	$log = 'LOG_GROUP_REMOVE';
d6e8d8
d6e8d8
	add_log('admin', $log, $group_name, implode(', ', $username_ary));
d6e8d8
d6e8d8
	group_update_listings($group_id);
d6e8d8
d6e8d8
	// Return false - no error
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
d6e8d8
/**
d6e8d8
* Removes the group avatar of the default group from the users in user_ids who have that group as default.
d6e8d8
*/
d6e8d8
function remove_default_avatar($group_id, $user_ids)
d6e8d8
{
d6e8d8
	global $db;
d6e8d8
d6e8d8
	if (!is_array($user_ids))
d6e8d8
	{
d6e8d8
		$user_ids = array($user_ids);
d6e8d8
	}
d6e8d8
	if (empty($user_ids))
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$user_ids = array_map('intval', $user_ids);
d6e8d8
d6e8d8
	$sql = 'SELECT *
d6e8d8
		FROM ' . GROUPS_TABLE . '
d6e8d8
		WHERE group_id = ' . (int)$group_id;
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
	if (!$row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	$sql = 'UPDATE ' . USERS_TABLE . "
d6e8d8
		SET user_avatar = '',
d6e8d8
			user_avatar_type = 0,
d6e8d8
			user_avatar_width = 0,
d6e8d8
			user_avatar_height = 0
d6e8d8
		WHERE group_id = " . (int) $group_id . "
d6e8d8
		AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "'
d6e8d8
		AND " . $db->sql_in_set('user_id', $user_ids);
d6e8d8
d6e8d8
	$db->sql_query($sql);
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Removes the group rank of the default group from the users in user_ids who have that group as default.
d6e8d8
*/
d6e8d8
function remove_default_rank($group_id, $user_ids)
d6e8d8
{
d6e8d8
	global $db;
d6e8d8
d6e8d8
	if (!is_array($user_ids))
d6e8d8
	{
d6e8d8
		$user_ids = array($user_ids);
d6e8d8
	}
d6e8d8
	if (empty($user_ids))
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$user_ids = array_map('intval', $user_ids);
d6e8d8
d6e8d8
	$sql = 'SELECT *
d6e8d8
		FROM ' . GROUPS_TABLE . '
d6e8d8
		WHERE group_id = ' . (int)$group_id;
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
	if (!$row = $db->sql_fetchrow($result))
d6e8d8
	{
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	$sql = 'UPDATE ' . USERS_TABLE . '
d6e8d8
		SET user_rank = 0
d6e8d8
		WHERE group_id = ' . (int)$group_id . '
d6e8d8
		AND user_rank <> 0
d6e8d8
		AND user_rank = ' . (int)$row['group_rank'] . '
d6e8d8
		AND ' . $db->sql_in_set('user_id', $user_ids);
d6e8d8
	$db->sql_query($sql);
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* This is used to promote (to leader), demote or set as default a member/s
d6e8d8
*/
d6e8d8
function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
d6e8d8
{
d6e8d8
	global $db, $auth, $phpbb_root_path, $phpEx, $config;
d6e8d8
d6e8d8
	// We need both username and user_id info
d6e8d8
	$result = user_get_id_name($user_id_ary, $username_ary);
d6e8d8
d6e8d8
	if (!sizeof($user_id_ary) || $result !== false)
d6e8d8
	{
d6e8d8
		return 'NO_USERS';
d6e8d8
	}
d6e8d8
d6e8d8
	if (!$group_name)
d6e8d8
	{
d6e8d8
		$group_name = get_group_name($group_id);
d6e8d8
	}
d6e8d8
d6e8d8
	switch ($action)
d6e8d8
	{
d6e8d8
		case 'demote':
d6e8d8
		case 'promote':
d6e8d8
d6e8d8
			$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
d6e8d8
				WHERE group_id = $group_id
d6e8d8
					AND user_pending = 1
d6e8d8
					AND " . $db->sql_in_set('user_id', $user_id_ary);
d6e8d8
			$result = $db->sql_query_limit($sql, 1);
d6e8d8
			$not_empty = ($db->sql_fetchrow($result));
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
			if ($not_empty)
d6e8d8
			{
d6e8d8
				return 'NO_VALID_USERS';
d6e8d8
			}
d6e8d8
d6e8d8
			$sql = 'UPDATE ' . USER_GROUP_TABLE . '
d6e8d8
				SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
d6e8d8
				WHERE group_id = $group_id
d6e8d8
					AND user_pending = 0
d6e8d8
					AND " . $db->sql_in_set('user_id', $user_id_ary);
d6e8d8
			$db->sql_query($sql);
d6e8d8
d6e8d8
			$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'approve':
d6e8d8
			// Make sure we only approve those which are pending ;)
d6e8d8
			$sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
d6e8d8
				FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
d6e8d8
				WHERE ug.group_id = ' . $group_id . '
d6e8d8
					AND ug.user_pending = 1
d6e8d8
					AND ug.user_id = u.user_id
d6e8d8
					AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			$user_id_ary = $email_users = array();
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				$user_id_ary[] = $row['user_id'];
d6e8d8
				$email_users[] = $row;
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			if (!sizeof($user_id_ary))
d6e8d8
			{
d6e8d8
				return false;
d6e8d8
			}
d6e8d8
d6e8d8
			$sql = 'UPDATE ' . USER_GROUP_TABLE . "
d6e8d8
				SET user_pending = 0
d6e8d8
				WHERE group_id = $group_id
d6e8d8
					AND " . $db->sql_in_set('user_id', $user_id_ary);
d6e8d8
			$db->sql_query($sql);
d6e8d8
d6e8d8
			// Send approved email to users...
d6e8d8
			include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
d6e8d8
			$messenger = new messenger();
d6e8d8
d6e8d8
			foreach ($email_users as $row)
d6e8d8
			{
d6e8d8
				$messenger->template('group_approved', $row['user_lang']);
d6e8d8
d6e8d8
				$messenger->to($row['user_email'], $row['username']);
d6e8d8
				$messenger->im($row['user_jabber'], $row['username']);
d6e8d8
d6e8d8
				$messenger->assign_vars(array(
d6e8d8
					'USERNAME'		=> htmlspecialchars_decode($row['username']),
d6e8d8
					'GROUP_NAME'	=> htmlspecialchars_decode($group_name),
d6e8d8
					'U_GROUP'		=> generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
d6e8d8
				);
d6e8d8
d6e8d8
				$messenger->send($row['user_notify_type']);
d6e8d8
			}
d6e8d8
d6e8d8
			$messenger->save_queue();
d6e8d8
d6e8d8
			$log = 'LOG_USERS_APPROVED';
d6e8d8
		break;
d6e8d8
d6e8d8
		case 'default':
d6e8d8
			$sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
d6e8d8
				WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			$groups = array();
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				if (!isset($groups[$row['group_id']]))
d6e8d8
				{
d6e8d8
					$groups[$row['group_id']] = array();
d6e8d8
				}
d6e8d8
				$groups[$row['group_id']][] = $row['user_id'];
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			foreach ($groups as $gid => $uids)
d6e8d8
			{
d6e8d8
				remove_default_rank($gid, $uids);
d6e8d8
				remove_default_avatar($gid, $uids);
d6e8d8
			}
d6e8d8
			group_set_user_default($group_id, $user_id_ary, $group_attributes);
d6e8d8
			$log = 'LOG_GROUP_DEFAULTS';
d6e8d8
		break;
d6e8d8
	}
d6e8d8
d6e8d8
	// Clear permissions cache of relevant users
d6e8d8
	$auth->acl_clear_prefetch($user_id_ary);
d6e8d8
d6e8d8
	add_log('admin', $log, $group_name, implode(', ', $username_ary));
d6e8d8
d6e8d8
	group_update_listings($group_id);
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* A small version of validate_username to check for a group name's existence. To be called directly.
d6e8d8
*/
d6e8d8
function group_validate_groupname($group_id, $group_name)
d6e8d8
{
d6e8d8
	global $config, $db;
d6e8d8
d6e8d8
	$group_name =  utf8_clean_string($group_name);
d6e8d8
d6e8d8
	if (!empty($group_id))
d6e8d8
	{
d6e8d8
		$sql = 'SELECT group_name
d6e8d8
			FROM ' . GROUPS_TABLE . '
d6e8d8
			WHERE group_id = ' . (int) $group_id;
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
		$row = $db->sql_fetchrow($result);
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		if (!$row)
d6e8d8
		{
d6e8d8
			return false;
d6e8d8
		}
d6e8d8
d6e8d8
		$allowed_groupname = utf8_clean_string($row['group_name']);
d6e8d8
d6e8d8
		if ($allowed_groupname == $group_name)
d6e8d8
		{
d6e8d8
			return false;
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'SELECT group_name
d6e8d8
		FROM ' . GROUPS_TABLE . "
d6e8d8
		WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'";
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
	$row = $db->sql_fetchrow($result);
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if ($row)
d6e8d8
	{
d6e8d8
		return 'GROUP_NAME_TAKEN';
d6e8d8
	}
d6e8d8
d6e8d8
	return false;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Set users default group
d6e8d8
*
d6e8d8
* @access private
d6e8d8
*/
d6e8d8
function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
d6e8d8
{
d6e8d8
	global $db;
d6e8d8
d6e8d8
	if (empty($user_id_ary))
d6e8d8
	{
d6e8d8
		return;
d6e8d8
	}
d6e8d8
d6e8d8
	$attribute_ary = array(
d6e8d8
		'group_colour'			=> 'string',
d6e8d8
		'group_rank'			=> 'int',
d6e8d8
		'group_avatar'			=> 'string',
d6e8d8
		'group_avatar_type'		=> 'int',
d6e8d8
		'group_avatar_width'	=> 'int',
d6e8d8
		'group_avatar_height'	=> 'int',
d6e8d8
	);
d6e8d8
d6e8d8
	$sql_ary = array(
d6e8d8
		'group_id'		=> $group_id
d6e8d8
	);
d6e8d8
d6e8d8
	// Were group attributes passed to the function? If not we need to obtain them
d6e8d8
	if ($group_attributes === false)
d6e8d8
	{
d6e8d8
		$sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
d6e8d8
			FROM ' . GROUPS_TABLE . "
d6e8d8
			WHERE group_id = $group_id";
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
		$group_attributes = $db->sql_fetchrow($result);
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
	}
d6e8d8
d6e8d8
	foreach ($attribute_ary as $attribute => $type)
d6e8d8
	{
d6e8d8
		if (isset($group_attributes[$attribute]))
d6e8d8
		{
d6e8d8
			// If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group
d6e8d8
			if ((strpos($attribute, 'group_avatar') === 0 || strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute])
d6e8d8
			{
d6e8d8
				continue;
d6e8d8
			}
d6e8d8
d6e8d8
			settype($group_attributes[$attribute], $type);
d6e8d8
			$sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	// Before we update the user attributes, we will make a list of those having now the group avatar assigned
d6e8d8
	if (isset($sql_ary['user_avatar']))
d6e8d8
	{
d6e8d8
		// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
d6e8d8
		$sql = 'SELECT user_id, group_id, user_avatar
d6e8d8
			FROM ' . USERS_TABLE . '
d6e8d8
			WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
d6e8d8
				AND user_avatar_type = ' . AVATAR_UPLOAD;
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			avatar_delete('user', $row);
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
	}
d6e8d8
	else
d6e8d8
	{
d6e8d8
		unset($sql_ary['user_avatar_type']);
d6e8d8
		unset($sql_ary['user_avatar_height']);
d6e8d8
		unset($sql_ary['user_avatar_width']);
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
d6e8d8
		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
d6e8d8
	$db->sql_query($sql);
d6e8d8
d6e8d8
	if (isset($sql_ary['user_colour']))
d6e8d8
	{
d6e8d8
		// Update any cached colour information for these users
d6e8d8
		$sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
d6e8d8
			WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		$sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
d6e8d8
			WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		$sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
d6e8d8
			WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		global $config;
d6e8d8
d6e8d8
		if (in_array($config['newest_user_id'], $user_id_ary))
d6e8d8
		{
d6e8d8
			set_config('newest_user_colour', $sql_ary['user_colour'], true);
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	if ($update_listing)
d6e8d8
	{
d6e8d8
		group_update_listings($group_id);
d6e8d8
	}
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Get group name
d6e8d8
*/
d6e8d8
function get_group_name($group_id)
d6e8d8
{
d6e8d8
	global $db, $user;
d6e8d8
d6e8d8
	$sql = 'SELECT group_name, group_type
d6e8d8
		FROM ' . GROUPS_TABLE . '
d6e8d8
		WHERE group_id = ' . (int) $group_id;
d6e8d8
	$result = $db->sql_query($sql);
d6e8d8
	$row = $db->sql_fetchrow($result);
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	if (!$row)
d6e8d8
	{
d6e8d8
		return '';
d6e8d8
	}
d6e8d8
d6e8d8
	return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Obtain either the members of a specified group, the groups the specified user is subscribed to
d6e8d8
* or checking if a specified user is in a specified group. This function does not return pending memberships.
d6e8d8
*
d6e8d8
* Note: Never use this more than once... first group your users/groups
d6e8d8
*/
d6e8d8
function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)
d6e8d8
{
d6e8d8
	global $db;
d6e8d8
d6e8d8
	if (!$group_id_ary && !$user_id_ary)
d6e8d8
	{
d6e8d8
		return true;
d6e8d8
	}
d6e8d8
d6e8d8
	if ($user_id_ary)
d6e8d8
	{
d6e8d8
		$user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
d6e8d8
	}
d6e8d8
d6e8d8
	if ($group_id_ary)
d6e8d8
	{
d6e8d8
		$group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
d6e8d8
	}
d6e8d8
d6e8d8
	$sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
d6e8d8
		FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
d6e8d8
		WHERE ug.user_id = u.user_id
d6e8d8
			AND ug.user_pending = 0 AND ';
d6e8d8
d6e8d8
	if ($group_id_ary)
d6e8d8
	{
d6e8d8
		$sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
d6e8d8
	}
d6e8d8
d6e8d8
	if ($user_id_ary)
d6e8d8
	{
d6e8d8
		$sql .= ($group_id_ary) ? ' AND ' : ' ';
d6e8d8
		$sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
d6e8d8
	}
d6e8d8
d6e8d8
	$result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);
d6e8d8
d6e8d8
	$row = $db->sql_fetchrow($result);
d6e8d8
d6e8d8
	if ($return_bool)
d6e8d8
	{
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
		return ($row) ? true : false;
d6e8d8
	}
d6e8d8
d6e8d8
	if (!$row)
d6e8d8
	{
d6e8d8
		return false;
d6e8d8
	}
d6e8d8
d6e8d8
	$return = array();
d6e8d8
d6e8d8
	do
d6e8d8
	{
d6e8d8
		$return[] = $row;
d6e8d8
	}
d6e8d8
	while ($row = $db->sql_fetchrow($result));
d6e8d8
d6e8d8
	$db->sql_freeresult($result);
d6e8d8
d6e8d8
	return $return;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* Re-cache moderators and foes if group has a_ or m_ permissions
d6e8d8
*/
d6e8d8
function group_update_listings($group_id)
d6e8d8
{
d6e8d8
	global $auth;
d6e8d8
d6e8d8
	$hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
d6e8d8
d6e8d8
	if (!sizeof($hold_ary))
d6e8d8
	{
d6e8d8
		return;
d6e8d8
	}
d6e8d8
d6e8d8
	$mod_permissions = $admin_permissions = false;
d6e8d8
d6e8d8
	foreach ($hold_ary as $g_id => $forum_ary)
d6e8d8
	{
d6e8d8
		foreach ($forum_ary as $forum_id => $auth_ary)
d6e8d8
		{
d6e8d8
			foreach ($auth_ary as $auth_option => $setting)
d6e8d8
			{
d6e8d8
				if ($mod_permissions && $admin_permissions)
d6e8d8
				{
d6e8d8
					break 3;
d6e8d8
				}
d6e8d8
d6e8d8
				if ($setting != ACL_YES)
d6e8d8
				{
d6e8d8
					continue;
d6e8d8
				}
d6e8d8
d6e8d8
				if ($auth_option == 'm_')
d6e8d8
				{
d6e8d8
					$mod_permissions = true;
d6e8d8
				}
d6e8d8
d6e8d8
				if ($auth_option == 'a_')
d6e8d8
				{
d6e8d8
					$admin_permissions = true;
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	if ($mod_permissions)
d6e8d8
	{
d6e8d8
		if (!function_exists('cache_moderators'))
d6e8d8
		{
d6e8d8
			global $phpbb_root_path, $phpEx;
d6e8d8
			include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
d6e8d8
		}
d6e8d8
		cache_moderators();
d6e8d8
	}
d6e8d8
d6e8d8
	if ($mod_permissions || $admin_permissions)
d6e8d8
	{
d6e8d8
		if (!function_exists('update_foes'))
d6e8d8
		{
d6e8d8
			global $phpbb_root_path, $phpEx;
d6e8d8
			include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
d6e8d8
		}
d6e8d8
		update_foes(array($group_id));
d6e8d8
	}
d6e8d8
}
d6e8d8
d6e8d8
?>