phpBB - /trunk/phpBB/includes/functions_user.php - Annotate

root / trunk / phpBB / includes / functions_user.php

History | View | Annotate | Download (94.3 kB)

-psotfx
+<?php
-bartvb
+/**
 acydburn
-acydburn
+* @package phpBB3
-bartvb
+* @copyright (c) 2005 phpBB Group
-git-gate
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
 acydburn
-acydburn
+*/
 psotfx
-acydburn
+/**
-acydburn
+* @ignore
-acydburn
+*/
-acydburn
+if (!defined('IN_PHPBB'))
 acydburn
-acydburn
+        exit;
 acydburn
 acydburn
-acydburn
+/**
-acydburn
+* Obtain user_ids from usernames or vice versa. Returns false on
-acydburn
+* success else the error string
 acydburn
-acydburn
+* @param array &$user_id_ary The user ids to check or empty if usernames used
-acydburn
+* @param array &$username_ary The usernames to check or empty if user ids used
-acydburn
+* @param mixed $user_type Array of user types to check, false if not restricting by user type
-acydburn
+*/
-acydburn
+function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
 psotfx
-psotfx
+        global $db;
 psotfx
-psotfx
+        // Are both arrays already filled? Yep, return else
-bartvb
+        // are neither array filled?
-psotfx
+        if ($user_id_ary && $username_ary)
 psotfx
-acydburn
+                return false;
 psotfx
-psotfx
+        else if (!$user_id_ary && !$username_ary)
 psotfx
-psotfx
+                return 'NO_USERS';
 psotfx
 psotfx
-psotfx
+        $which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';
 psotfx
-acydburn
+        if ($$which_ary && !is_array($$which_ary))
 psotfx
-psotfx
+                $$which_ary = array($$which_ary);
 psotfx
 psotfx
-naderman
+        $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);
-psotfx
+        unset($$which_ary);
 psotfx
-acydburn
+        $user_id_ary = $username_ary = array();
 acydburn
-psotfx
+        // Grab the user id/username records
-naderman
+        $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';
-bartvb
+        $sql = 'SELECT user_id, username
-acydburn
+                FROM ' . USERS_TABLE . '
-acydburn
+                WHERE ' . $db->sql_in_set($sql_where, $sql_in);
 acydburn
-acydburn
+        if ($user_type !== false && !empty($user_type))
 acydburn
-acydburn
+                $sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);
 acydburn
 acydburn
-psotfx
+        $result = $db->sql_query($sql);
 psotfx
-psotfx
+        if (!($row = $db->sql_fetchrow($result)))
 psotfx
-acydburn
+                $db->sql_freeresult($result);
-psotfx
+                return 'NO_USERS';
 psotfx
 psotfx
-psotfx
+        do
 psotfx
-psotfx
+                $username_ary[$row['user_id']] = $row['username'];
-psotfx
+                $user_id_ary[] = $row['user_id'];
 psotfx
-psotfx
+        while ($row = $db->sql_fetchrow($result));
-psotfx
+        $db->sql_freeresult($result);
 psotfx
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Get latest registered username and update database to reflect it
-acydburn
+*/
-acydburn
+function update_last_username()
 acydburn
-acydburn
+        global $db;
 acydburn
-acydburn
+        // Get latest username
-davidmj
+        $sql = 'SELECT user_id, username, user_colour
-acydburn
+                FROM ' . USERS_TABLE . '
-acydburn
+                WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
-acydburn
+                ORDER BY user_id DESC';
-acydburn
+        $result = $db->sql_query_limit($sql, 1);
-acydburn
+        $row = $db->sql_fetchrow($result);
-acydburn
+        $db->sql_freeresult($result);
 acydburn
-acydburn
+        if ($row)
 acydburn
-acydburn
+                set_config('newest_user_id', $row['user_id'], true);
-acydburn
+                set_config('newest_username', $row['username'], true);
-davidmj
+                set_config('newest_user_colour', $row['user_colour'], true);
 acydburn
 acydburn
 acydburn
-acydburn
+/**
-acydburn
+* Updates a username across all relevant tables/fields
 acydburn
-acydburn
+* @param string $old_name the old/current username
-acydburn
+* @param string $new_name the new username
-acydburn
+*/
-psotfx
+function user_update_name($old_name, $new_name)
 psotfx
-acydburn
+        global $config, $db, $cache;
 psotfx
-psotfx
+        $update_ary = array(
-acydburn
+                FORUMS_TABLE                        => array('forum_last_poster_name'),
-acydburn
+                MODERATOR_CACHE_TABLE        => array('username'),
-acydburn
+                POSTS_TABLE                                => array('post_username'),
-acydburn
+                TOPICS_TABLE                        => array('topic_first_poster_name', 'topic_last_poster_name'),
-psotfx
+        );
 psotfx
-psotfx
+        foreach ($update_ary as $table => $field_ary)
 psotfx
-psotfx
+                foreach ($field_ary as $field)
 psotfx
-bartvb
+                        $sql = "UPDATE $table
-acydburn
+                                SET $field = '" . $db->sql_escape($new_name) . "'
-acydburn
+                                WHERE $field = '" . $db->sql_escape($old_name) . "'";
-psotfx
+                        $db->sql_query($sql);
 psotfx
 psotfx
 psotfx
-psotfx
+        if ($config['newest_username'] == $old_name)
 psotfx
-acydburn
+                set_config('newest_username', $new_name, true);
 psotfx
 acydburn
-acydburn
+        // Because some tables/caches use username-specific data we need to purge this here.
-acydburn
+        $cache->destroy('sql', MODERATOR_CACHE_TABLE);
 psotfx
 psotfx
-acydburn
+/**
-Kellanved
+* Adds an user
 Kellanved
-Kellanved
+* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
-Kellanved
+* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
-acydburn
+* @return the new user's ID.
-acydburn
+*/
-acydburn
+function user_add($user_row, $cp_data = false)
 acydburn
-acydburn
+        global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
 acydburn
-acydburn
+        if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
 acydburn
-acydburn
+                return false;
 acydburn
 acydburn
-acydburn
+        $username_clean = utf8_clean_string($user_row['username']);
 acydburn
-acydburn
+        if (empty($username_clean))
 acydburn
-acydburn
+                return false;
 acydburn
 acydburn
-acydburn
+        $sql_ary = array(
-acydburn
+                'username'                        => $user_row['username'],
-acydburn
+                'username_clean'        => $username_clean,
-acydburn
+                'user_password'                => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
-davidmj
+                'user_pass_convert'        => 0,
-acydburn
+                'user_email'                => strtolower($user_row['user_email']),
-nickvergessen
+                'user_email_hash'        => phpbb_email_hash($user_row['user_email']),
-acydburn
+                'group_id'                        => $user_row['group_id'],
-acydburn
+                'user_type'                        => $user_row['user_type'],
-acydburn
+        );
 acydburn
-acydburn
+        // These are the additional vars able to be specified
-acydburn
+        $additional_vars = array(
-acydburn
+                'user_permissions'        => '',
-naderman
+                'user_timezone'                => $config['board_timezone'],
-acydburn
+                'user_dateformat'        => $config['default_dateformat'],
-acydburn
+                'user_lang'                        => $config['default_lang'],
-acydburn
+                'user_style'                => (int) $config['default_style'],
-acydburn
+                'user_actkey'                => '',
-acydburn
+                'user_ip'                        => '',
-acydburn
+                'user_regdate'                => time(),
-acydburn
+                'user_passchg'                => time(),
-rxu
+                'user_options'                => 230271,
-acydburn
+                // We do not set the new flag here - registration scripts need to specify it
-acydburn
+                'user_new'                        => 0,
 acydburn
-grahamje
+                'user_inactive_reason'        => 0,
-grahamje
+                'user_inactive_time'        => 0,
-acydburn
+                'user_lastmark'                        => time(),
-acydburn
+                'user_lastvisit'                => 0,
-acydburn
+                'user_lastpost_time'        => 0,
-acydburn
+                'user_lastpage'                        => '',
-acydburn
+                'user_posts'                        => 0,
-acydburn
+                'user_dst'                                => (int) $config['board_dst'],
-acydburn
+                'user_colour'                        => '',
-acydburn
+                'user_occ'                                => '',
-davidmj
+                'user_interests'                => '',
-acydburn
+                'user_avatar'                        => '',
-acydburn
+                'user_avatar_type'                => 0,
-acydburn
+                'user_avatar_width'                => 0,
-acydburn
+                'user_avatar_height'        => 0,
-acydburn
+                'user_new_privmsg'                => 0,
-acydburn
+                'user_unread_privmsg'        => 0,
-acydburn
+                'user_last_privmsg'                => 0,
-acydburn
+                'user_message_rules'        => 0,
-acydburn
+                'user_full_folder'                => PRIVMSGS_NO_BOX,
-acydburn
+                'user_emailtime'                => 0,
 acydburn
-acydburn
+                'user_notify'                        => 0,
-acydburn
+                'user_notify_pm'                => 1,
-acydburn
+                'user_notify_type'                => NOTIFY_EMAIL,
-acydburn
+                'user_allow_pm'                        => 1,
-acydburn
+                'user_allow_viewonline'        => 1,
-acydburn
+                'user_allow_viewemail'        => 1,
-acydburn
+                'user_allow_massemail'        => 1,
 acydburn
-acydburn
+                'user_sig'                                        => '',
-acydburn
+                'user_sig_bbcode_uid'                => '',
-davidmj
+                'user_sig_bbcode_bitfield'        => '',
 acydburn
-kellanved
+                'user_form_salt'                        => unique_id(),
-acydburn
+        );
 acydburn
-acydburn
+        // Now fill the sql array with not required variables
-acydburn
+        foreach ($additional_vars as $key => $default_value)
 acydburn
-acydburn
+                $sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;
 acydburn
 acydburn
-acydburn
+        // Any additional variables in $user_row not covered above?
-acydburn
+        $remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
 acydburn
-acydburn
+        // Now fill our sql array with the remaining vars
-acydburn
+        if (sizeof($remaining_vars))
 acydburn
-acydburn
+                foreach ($remaining_vars as $key)
 acydburn
-acydburn
+                        $sql_ary[$key] = $user_row[$key];
 acydburn
 acydburn
 acydburn
-davidmj
+        $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
-acydburn
+        $db->sql_query($sql);
 acydburn
-acydburn
+        $user_id = $db->sql_nextid();
 acydburn
-acydburn
+        // Insert Custom Profile Fields
-acydburn
+        if ($cp_data !== false && sizeof($cp_data))
 acydburn
-acydburn
+                $cp_data['user_id'] = (int) $user_id;
 acydburn
-acydburn
+                if (!class_exists('custom_profile'))
 acydburn
-acydburn
+                        include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
 acydburn
 acydburn
-acydburn
+                $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
-acydburn
+                        $db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
-acydburn
+                $db->sql_query($sql);
 acydburn
 acydburn
-acydburn
+        // Place into appropriate group...
-acydburn
+        $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
-acydburn
+                'user_id'                => (int) $user_id,
-acydburn
+                'group_id'                => (int) $user_row['group_id'],
-acydburn
+                'user_pending'        => 0)
-acydburn
+        );
-acydburn
+        $db->sql_query($sql);
 acydburn
-acydburn
+        // Now make it the users default group...
-davidmj
+        group_set_user_default($user_row['group_id'], array($user_id), false);
 acydburn
-acydburn
+        // Add to newly registered users group if user_new is 1
-acydburn
+        if ($config['new_member_post_limit'] && $sql_ary['user_new'])
 acydburn
-acydburn
+                $sql = 'SELECT group_id
-acydburn
+                        FROM ' . GROUPS_TABLE . "
-acydburn
+                        WHERE group_name = 'NEWLY_REGISTERED'
-acydburn
+                                AND group_type = " . GROUP_SPECIAL;
-acydburn
+                $result = $db->sql_query($sql);
-acydburn
+                $add_group_id = (int) $db->sql_fetchfield('group_id');
-acydburn
+                $db->sql_freeresult($result);
 acydburn
-acydburn
+                if ($add_group_id)
 acydburn
-acydburn
+                        // Because these actions only fill the log unneccessarily we skip the add_log() entry with a little hack. :/
-acydburn
+                        $GLOBALS['skip_add_log'] = true;
 acydburn
-acydburn
+                        // Add user to "newly registered users" group and set to default group if admin specified so.
-acydburn
+                        if ($config['new_member_group_default'])
 acydburn
-acydburn
+                                group_user_add($add_group_id, $user_id, false, false, true);
-git-gate
+                                $user_row['group_id'] = $add_group_id;
 acydburn
-acydburn
+                        else
 acydburn
-acydburn
+                                group_user_add($add_group_id, $user_id);
 acydburn
 acydburn
-acydburn
+                        unset($GLOBALS['skip_add_log']);
 acydburn
 acydburn
 acydburn
-naderman
+        // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
-bantu
+        if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER)
 naderman
-naderman
+                set_config('newest_user_id', $user_id, true);
-naderman
+                set_config('newest_username', $user_row['username'], true);
-acydburn
+                set_config_count('num_users', 1, true);
 davidmj
-davidmj
+                $sql = 'SELECT group_colour
-davidmj
+                        FROM ' . GROUPS_TABLE . '
-Kellanved
+                        WHERE group_id = ' . (int) $user_row['group_id'];
-davidmj
+                $result = $db->sql_query_limit($sql, 1);
-davidmj
+                $row = $db->sql_fetchrow($result);
-davidmj
+                $db->sql_freeresult($result);
 davidmj
-davidmj
+                set_config('newest_user_colour', $row['group_colour'], true);
 naderman
 naderman
-acydburn
+        return $user_id;
 acydburn
 acydburn
-acydburn
+/**
-acydburn
+* Remove User
-acydburn
+*/
-acydburn
+function user_delete($mode, $user_id, $post_username = false)
 psotfx
-grahamje
+        global $cache, $config, $db, $user, $auth;
-acydburn
+        global $phpbb_root_path, $phpEx;
 psotfx
-acydburn
+        $sql = 'SELECT *
-acydburn
+                FROM ' . USERS_TABLE . '
-acydburn
+                WHERE user_id = ' . $user_id;
-acydburn
+        $result = $db->sql_query($sql);
-acydburn
+        $user_row = $db->sql_fetchrow($result);
-acydburn
+        $db->sql_freeresult($result);
 acydburn
-acydburn
+        if (!$user_row)
 acydburn
-acydburn
+                return false;
 acydburn
 acydburn
-acydburn
+        // Before we begin, we will remove the reports the user issued.
-acydburn
+        $sql = 'SELECT r.post_id, p.topic_id
-acydburn
+                FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
-acydburn
+                WHERE r.user_id = ' . $user_id . '
-acydburn
+                        AND p.post_id = r.post_id';
-acydburn
+        $result = $db->sql_query($sql);
 acydburn
-acydburn
+        $report_posts = $report_topics = array();
-acydburn
+        while ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                $report_posts[] = $row['post_id'];
-acydburn
+                $report_topics[] = $row['topic_id'];
 acydburn
-acydburn
+        $db->sql_freeresult($result);
 acydburn
-acydburn
+        if (sizeof($report_posts))
 acydburn
-acydburn
+                $report_posts = array_unique($report_posts);
-acydburn
+                $report_topics = array_unique($report_topics);
 acydburn
-acydburn
+                // Get a list of topics that still contain reported posts
-acydburn
+                $sql = 'SELECT DISTINCT topic_id
-acydburn
+                        FROM ' . POSTS_TABLE . '
-acydburn
+                        WHERE ' . $db->sql_in_set('topic_id', $report_topics) . '
-acydburn
+                                AND post_reported = 1
-acydburn
+                                AND ' . $db->sql_in_set('post_id', $report_posts, true);
-acydburn
+                $result = $db->sql_query($sql);
 acydburn
-acydburn
+                $keep_report_topics = array();
-acydburn
+                while ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                        $keep_report_topics[] = $row['topic_id'];
 acydburn
-acydburn
+                $db->sql_freeresult($result);
 acydburn
-acydburn
+                if (sizeof($keep_report_topics))
 acydburn
-acydburn
+                        $report_topics = array_diff($report_topics, $keep_report_topics);
 acydburn
-acydburn
+                unset($keep_report_topics);
 acydburn
-acydburn
+                // Now set the flags back
-acydburn
+                $sql = 'UPDATE ' . POSTS_TABLE . '
-acydburn
+                        SET post_reported = 0
-acydburn
+                        WHERE ' . $db->sql_in_set('post_id', $report_posts);
-acydburn
+                $db->sql_query($sql);
 acydburn
-acydburn
+                if (sizeof($report_topics))
 acydburn
-acydburn
+                        $sql = 'UPDATE ' . TOPICS_TABLE . '
-acydburn
+                                SET topic_reported = 0
-acydburn
+                                WHERE ' . $db->sql_in_set('topic_id', $report_topics);
-acydburn
+                        $db->sql_query($sql);
 acydburn
 acydburn
 acydburn
-acydburn
+        // Remove reports
-acydburn
+        $db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);
 acydburn
-kellanved
+        if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
 kellanved
-kellanved
+                avatar_delete('user', $user_row);
 kellanved
 acydburn
-psotfx
+        switch ($mode)
 psotfx
-psotfx
+                case 'retain':
 acydburn
-acydburn
+                        $db->sql_transaction('begin');
 acydburn
-acydburn
+                        if ($post_username === false)
 acydburn
-acydburn
+                                $post_username = $user->lang['GUEST'];
 acydburn
 acydburn
-acydburn
+                        // If the user is inactive and newly registered we assume no posts from this user being there...
-acydburn
+                        if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
 acydburn
 acydburn
-acydburn
+                        else
 acydburn
-acydburn
+                                $sql = 'UPDATE ' . FORUMS_TABLE . '
-acydburn
+                                        SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
-acydburn
+                                        WHERE forum_last_poster_id = $user_id";
-acydburn
+                                $db->sql_query($sql);
 psotfx
-acydburn
+                                $sql = 'UPDATE ' . POSTS_TABLE . '
-acydburn
+                                        SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
-acydburn
+                                        WHERE poster_id = $user_id";
-acydburn
+                                $db->sql_query($sql);
 psotfx
-acydburn
+                                $sql = 'UPDATE ' . POSTS_TABLE . '
-acydburn
+                                        SET post_edit_user = ' . ANONYMOUS . "
-acydburn
+                                        WHERE post_edit_user = $user_id";
-acydburn
+                                $db->sql_query($sql);
 acydburn
-acydburn
+                                $sql = 'UPDATE ' . TOPICS_TABLE . '
-acydburn
+                                        SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
-acydburn
+                                        WHERE topic_poster = $user_id";
-acydburn
+                                $db->sql_query($sql);
 psotfx
-acydburn
+                                $sql = 'UPDATE ' . TOPICS_TABLE . '
-acydburn
+                                        SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
-acydburn
+                                        WHERE topic_last_poster_id = $user_id";
-acydburn
+                                $db->sql_query($sql);
 acydburn
-rxu
+                                $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
-rxu
+                                        SET poster_id = ' . ANONYMOUS . "
-rxu
+                                        WHERE poster_id = $user_id";
-rxu
+                                $db->sql_query($sql);
 rxu
-acydburn
+                                // Since we change every post by this author, we need to count this amount towards the anonymous user
 acydburn
-acydburn
+                                // Update the post count for the anonymous user
-acydburn
+                                if ($user_row['user_posts'])
 acydburn
-acydburn
+                                        $sql = 'UPDATE ' . USERS_TABLE . '
-acydburn
+                                                SET user_posts = user_posts + ' . $user_row['user_posts'] . '
-acydburn
+                                                WHERE user_id = ' . ANONYMOUS;
-acydburn
+                                        $db->sql_query($sql);
 acydburn
 acydburn
 acydburn
-acydburn
+                        $db->sql_transaction('commit');
 acydburn
-acydburn
+                break;
 psotfx
-psotfx
+                case 'remove':
 psotfx
-psotfx
+                        if (!function_exists('delete_posts'))
 psotfx
-acydburn
+                                include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 psotfx
 psotfx
-psotfx
+                        // Delete posts, attachments, etc.
-psotfx
+                        delete_posts('poster_id', $user_id);
 psotfx
-acydburn
+                break;
 psotfx
 psotfx
-acydburn
+        $db->sql_transaction('begin');
 acydburn
-git-gate
+        $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);
 psotfx
-psotfx
+        foreach ($table_ary as $table)
 psotfx
-bartvb
+                $sql = "DELETE FROM $table
-psotfx
+                        WHERE user_id = $user_id";
-psotfx
+                $db->sql_query($sql);
 psotfx
 psotfx
-acydburn
+        $cache->destroy('sql', MODERATOR_CACHE_TABLE);
 acydburn
-acydburn
+        // Delete user log entries about this user
-acydburn
+        $sql = 'DELETE FROM ' . LOG_TABLE . '
-acydburn
+                WHERE reportee_id = ' . $user_id;
-acydburn
+        $db->sql_query($sql);
 acydburn
-acydburn
+        // Change user_id to anonymous for this users triggered events
-acydburn
+        $sql = 'UPDATE ' . LOG_TABLE . '
-acydburn
+                SET user_id = ' . ANONYMOUS . '
-acydburn
+                WHERE user_id = ' . $user_id;
-acydburn
+        $db->sql_query($sql);
 acydburn
-bantu
+        // Delete the user_id from the zebra table
-bantu
+        $sql = 'DELETE FROM ' . ZEBRA_TABLE . '
-bantu
+                WHERE user_id = ' . $user_id . '
-bantu
+                        OR zebra_id = ' . $user_id;
-bantu
+        $db->sql_query($sql);
 bantu
-terrafrost
+        // Delete the user_id from the banlist
-acydburn
+        $sql = 'DELETE FROM ' . BANLIST_TABLE . '
-terrafrost
+                WHERE ban_userid = ' . $user_id;
-terrafrost
+        $db->sql_query($sql);
 terrafrost
-terrafrost
+        // Delete the user_id from the session table
-terrafrost
+        $sql = 'DELETE FROM ' . SESSIONS_TABLE . '
-terrafrost
+                WHERE session_user_id = ' . $user_id;
-terrafrost
+        $db->sql_query($sql);
 terrafrost
-acydburn
+        // Remove any undelivered mails...
-acydburn
+        $sql = 'SELECT msg_id, user_id
-acydburn
+                FROM ' . PRIVMSGS_TO_TABLE . '
-acydburn
+                WHERE author_id = ' . $user_id . '
-acydburn
+                        AND folder_id = ' . PRIVMSGS_NO_BOX;
-acydburn
+        $result = $db->sql_query($sql);
 acydburn
-acydburn
+        $undelivered_msg = $undelivered_user = array();
-acydburn
+        while ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                $undelivered_msg[] = $row['msg_id'];
-acydburn
+                $undelivered_user[$row['user_id']][] = true;
 acydburn
-acydburn
+        $db->sql_freeresult($result);
 acydburn
-acydburn
+        if (sizeof($undelivered_msg))
 acydburn
-acydburn
+                $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
-acydburn
+                        WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
-acydburn
+                $db->sql_query($sql);
 acydburn
 acydburn
-acydburn
+        $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
-acydburn
+                WHERE author_id = ' . $user_id . '
-acydburn
+                        AND folder_id = ' . PRIVMSGS_NO_BOX;
-acydburn
+        $db->sql_query($sql);
 acydburn
-acydburn
+        // Delete all to-information
-acydburn
+        $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
-acydburn
+                WHERE user_id = ' . $user_id;
-acydburn
+        $db->sql_query($sql);
 acydburn
-acydburn
+        // Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
-acydburn
+        $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
-acydburn
+                SET author_id = ' . ANONYMOUS . '
-acydburn
+                WHERE author_id = ' . $user_id;
-acydburn
+        $db->sql_query($sql);
 acydburn
-acydburn
+        $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
-acydburn
+                SET author_id = ' . ANONYMOUS . '
-acydburn
+                WHERE author_id = ' . $user_id;
-acydburn
+        $db->sql_query($sql);
 acydburn
-acydburn
+        foreach ($undelivered_user as $_user_id => $ary)
 acydburn
-acydburn
+                if ($_user_id == $user_id)
 acydburn
-acydburn
+                        continue;
 acydburn
 acydburn
-acydburn
+                $sql = 'UPDATE ' . USERS_TABLE . '
-acydburn
+                        SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
-acydburn
+                                user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
-acydburn
+                        WHERE user_id = ' . $_user_id;
-acydburn
+                $db->sql_query($sql);
 acydburn
 acydburn
-acydburn
+        $db->sql_transaction('commit');
 acydburn
-psotfx
+        // Reset newest user info if appropriate
-psotfx
+        if ($config['newest_user_id'] == $user_id)
 psotfx
-acydburn
+                update_last_username();
 psotfx
 psotfx
-acydburn
+        // Decrement number of users if this user is active
-acydburn
+        if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
 acydburn
-acydburn
+                set_config_count('num_users', -1, true);
 acydburn
 psotfx
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Flips user_type from active to inactive and vice versa, handles group membership updates
 acydburn
-acydburn
+* @param string $mode can be flip for flipping from active/inactive, activate or deactivate
-acydburn
+*/
-acydburn
+function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
 psotfx
-acydburn
+        global $config, $db, $user, $auth;
 psotfx
-acydburn
+        $deactivated = $activated = 0;
-acydburn
+        $sql_statements = array();
 psotfx
-acydburn
+        if (!is_array($user_id_ary))
 psotfx
-acydburn
+                $user_id_ary = array($user_id_ary);
 psotfx
 psotfx
-acydburn
+        if (!sizeof($user_id_ary))
 acydburn
-acydburn
+                return;
 acydburn
 acydburn
-acydburn
+        $sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
-acydburn
+                FROM ' . USERS_TABLE . '
-acydburn
+                WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
-psotfx
+        $result = $db->sql_query($sql);
 psotfx
-psotfx
+        while ($row = $db->sql_fetchrow($result))
 psotfx
-acydburn
+                $sql_ary = array();
 acydburn
-acydburn
+                if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER ||
-acydburn
+                        ($mode == 'activate' && $row['user_type'] != USER_INACTIVE) ||
-acydburn
+                        ($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))
 psotfx
-acydburn
+                        continue;
 psotfx
 psotfx
-acydburn
+                if ($row['user_type'] == USER_INACTIVE)
 acydburn
-acydburn
+                        $activated++;
 acydburn
-acydburn
+                else
 acydburn
-acydburn
+                        $deactivated++;
 psotfx
-acydburn
+                        // Remove the users session key...
-acydburn
+                        $user->reset_login_keys($row['user_id']);
 acydburn
 psotfx
-acydburn
+                $sql_ary += array(
-acydburn
+                        'user_type'                                => ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,
-acydburn
+                        'user_inactive_time'        => ($row['user_type'] == USER_NORMAL) ? time() : 0,
-acydburn
+                        'user_inactive_reason'        => ($row['user_type'] == USER_NORMAL) ? $reason : 0,
-acydburn
+                );
 psotfx
-acydburn
+                $sql_statements[$row['user_id']] = $sql_ary;
 acydburn
-acydburn
+        $db->sql_freeresult($result);
 acydburn
-acydburn
+        if (sizeof($sql_statements))
 psotfx
-acydburn
+                foreach ($sql_statements as $user_id => $sql_ary)
 acydburn
-acydburn
+                        $sql = 'UPDATE ' . USERS_TABLE . '
-acydburn
+                                SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
-acydburn
+                                WHERE user_id = ' . $user_id;
-acydburn
+                        $db->sql_query($sql);
 acydburn
 acydburn
-acydburn
+                $auth->acl_clear_prefetch(array_keys($sql_statements));
 psotfx
 psotfx
-acydburn
+        if ($deactivated)
 acydburn
-acydburn
+                set_config_count('num_users', $deactivated * (-1), true);
 acydburn
 acydburn
-acydburn
+        if ($activated)
 acydburn
-acydburn
+                set_config_count('num_users', $activated, true);
 acydburn
 acydburn
-acydburn
+        // Update latest username
-acydburn
+        update_last_username();
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
 acydburn
-acydburn
+* @param string $mode Type of ban. One of the following: user, ip, email
-acydburn
+* @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
-acydburn
+* @param int $ban_len Ban length in minutes
-acydburn
+* @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
-acydburn
+* @param boolean $ban_exclude Exclude these entities from banning?
-acydburn
+* @param string $ban_reason String describing the reason for this ban
-acydburn
+* @return boolean
-acydburn
+*/
-acydburn
+function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
 psotfx
-acydburn
+        global $db, $user, $auth, $cache;
 psotfx
-psotfx
+        // Delete stale bans
-acydburn
+        $sql = 'DELETE FROM ' . BANLIST_TABLE . '
-acydburn
+                WHERE ban_end < ' . time() . '
-acydburn
+                        AND ban_end <> 0';
-psotfx
+        $db->sql_query($sql);
 psotfx
-psotfx
+        $ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
-psotfx
+        $ban_list_log = implode(', ', $ban_list);
 psotfx
-psotfx
+        $current_time = time();
 psotfx
-bartvb
+        // Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
-psotfx
+        if ($ban_len)
 psotfx
-psotfx
+                if ($ban_len != -1 || !$ban_len_other)
 psotfx
-psotfx
+                        $ban_end = max($current_time, $current_time + ($ban_len) * 60);
 psotfx
-psotfx
+                else
 psotfx
-psotfx
+                        $ban_other = explode('-', $ban_len_other);
-acydburn
+                        if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
-kellanved
+                                (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
 kellanved
-git-gate
+                                $time_offset = (isset($user->timezone) && isset($user->dst)) ? (int) $user->timezone + (int) $user->dst : 0;
-git-gate
+                                $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]) - $time_offset);
 kellanved
-kellanved
+                        else
 kellanved
-git-gate
+                                trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);
 kellanved
 psotfx
 psotfx
-psotfx
+        else
 psotfx
-psotfx
+                $ban_end = 0;
 psotfx
 psotfx
-davidmj
+        $founder = $founder_names = array();
 acydburn
-acydburn
+        if (!$ban_exclude)
 acydburn
-acydburn
+                // Create a list of founder...
-davidmj
+                $sql = 'SELECT user_id, user_email, username_clean
-acydburn
+                        FROM ' . USERS_TABLE . '
-acydburn
+                        WHERE user_type = ' . USER_FOUNDER;
-acydburn
+                $result = $db->sql_query($sql);
 acydburn
-acydburn
+                while ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                        $founder[$row['user_id']] = $row['user_email'];
-davidmj
+                        $founder_names[$row['user_id']] = $row['username_clean'];
 acydburn
-acydburn
+                $db->sql_freeresult($result);
 acydburn
 acydburn
-bartvb
+        $banlist_ary = array();
 psotfx
-psotfx
+        switch ($mode)
 psotfx
-psotfx
+                case 'user':
-psotfx
+                        $type = 'ban_userid';
 psotfx
-acydburn
+                        // At the moment we do not support wildcard username banning
 acydburn
-acydburn
+                        // Select the relevant user_ids.
-acydburn
+                        $sql_usernames = array();
 acydburn
-acydburn
+                        foreach ($ban_list as $username)
 acydburn
-acydburn
+                                $username = trim($username);
-acydburn
+                                if ($username != '')
 bartvb
-acydburn
+                                        $clean_name = utf8_clean_string($username);
-acydburn
+                                        if ($clean_name == $user->data['username_clean'])
 bartvb
-acydburn
+                                                trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
 bartvb
-acydburn
+                                        if (in_array($clean_name, $founder_names))
 acydburn
-acydburn
+                                                trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
 acydburn
-acydburn
+                                        $sql_usernames[] = $clean_name;
 bartvb
 acydburn
 acydburn
-acydburn
+                        // Make sure we have been given someone to ban
-acydburn
+                        if (!sizeof($sql_usernames))
 acydburn
-git-gate
+                                trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);
 acydburn
 grahamje
-acydburn
+                        $sql = 'SELECT user_id
-acydburn
+                                FROM ' . USERS_TABLE . '
-acydburn
+                                WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
 acydburn
-git-gate
+                        // Do not allow banning yourself, the guest account, or founders.
-git-gate
+                        $non_bannable = array($user->data['user_id'], ANONYMOUS);
-acydburn
+                        if (sizeof($founder))
 acydburn
-git-gate
+                                $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
 acydburn
-acydburn
+                        else
 acydburn
-git-gate
+                                $sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
 acydburn
 acydburn
-acydburn
+                        $result = $db->sql_query($sql);
 psotfx
-acydburn
+                        if ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                                do
 psotfx
-acydburn
+                                        $banlist_ary[] = (int) $row['user_id'];
 psotfx
-acydburn
+                                while ($row = $db->sql_fetchrow($result));
 acydburn
-acydburn
+                        else
 acydburn
-acydburn
+                                $db->sql_freeresult($result);
-git-gate
+                                trigger_error('NO_USERS', E_USER_WARNING);
 psotfx
-acydburn
+                        $db->sql_freeresult($result);
-acydburn
+                break;
 psotfx
-psotfx
+                case 'ip':
-psotfx
+                        $type = 'ban_ip';
 psotfx
-psotfx
+                        foreach ($ban_list as $ban_item)
 psotfx
-psotfx
+                                if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
 psotfx
-bartvb
+                                        // This is an IP range
-psotfx
+                                        // Don't ask about all this, just don't ask ... !
-psotfx
+                                        $ip_1_counter = $ip_range_explode[1];
-psotfx
+                                        $ip_1_end = $ip_range_explode[5];
 psotfx
-psotfx
+                                        while ($ip_1_counter <= $ip_1_end)
 psotfx
-psotfx
+                                                $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
-psotfx
+                                                $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
 psotfx
-acydburn
+                                                if ($ip_2_counter == 0 && $ip_2_end == 254)
 psotfx
-psotfx
+                                                        $ip_2_counter = 256;
-psotfx
+                                                        $ip_2_fragment = 256;
 psotfx
-bartvb
+                                                        $banlist_ary[] = "$ip_1_counter.*";
 psotfx
 psotfx
-psotfx
+                                                while ($ip_2_counter <= $ip_2_end)
 psotfx
-psotfx
+                                                        $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
-psotfx
+                                                        $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
 psotfx
-psotfx
+                                                        if ($ip_3_counter == 0 && $ip_3_end == 254)
 psotfx
-psotfx
+                                                                $ip_3_counter = 256;
-psotfx
+                                                                $ip_3_fragment = 256;
 psotfx
-bartvb
+                                                                $banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
 psotfx
 psotfx
-psotfx
+                                                        while ($ip_3_counter <= $ip_3_end)
 psotfx
-psotfx
+                                                                $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
-psotfx
+                                                                $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
 psotfx
-psotfx
+                                                                if ($ip_4_counter == 0 && $ip_4_end == 254)
 psotfx
-psotfx
+                                                                        $ip_4_counter = 256;
-psotfx
+                                                                        $ip_4_fragment = 256;
 psotfx
-bartvb
+                                                                        $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
 psotfx
 psotfx
-psotfx
+                                                                while ($ip_4_counter <= $ip_4_end)
 psotfx
-bartvb
+                                                                        $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
-psotfx
+                                                                        $ip_4_counter++;
 psotfx
-psotfx
+                                                                $ip_3_counter++;
 psotfx
-psotfx
+                                                        $ip_2_counter++;
 psotfx
-psotfx
+                                                $ip_1_counter++;
 psotfx
 psotfx
-acydburn
+                                else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
 acydburn
-acydburn
+                                        // Normal IP address
-acydburn
+                                        $banlist_ary[] = trim($ban_item);
 acydburn
-acydburn
+                                else if (preg_match('#^\*$#', trim($ban_item)))
 acydburn
-acydburn
+                                        // Ban all IPs
-acydburn
+                                        $banlist_ary[] = '*';
 acydburn
-psotfx
+                                else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
 psotfx
-bartvb
+                                        // hostname
-psotfx
+                                        $ip_ary = gethostbynamel(trim($ban_item));
 psotfx
-acydburn
+                                        if (!empty($ip_ary))
 psotfx
-acydburn
+                                                foreach ($ip_ary as $ip)
 psotfx
-acydburn
+                                                        if ($ip)
 acydburn
-davidmj
+                                                                if (strlen($ip) > 40)
 davidmj
-davidmj
+                                                                        continue;
 davidmj
 davidmj
-acydburn
+                                                                $banlist_ary[] = $ip;
 acydburn
 psotfx
 psotfx
 psotfx
 bantu
-bantu
+                                if (empty($banlist_ary))
 bartvb
-git-gate
+                                        trigger_error('NO_IPS_DEFINED', E_USER_WARNING);
 bartvb
 psotfx
-acydburn
+                break;
 psotfx
-psotfx
+                case 'email':
-psotfx
+                        $type = 'ban_email';
 psotfx
-psotfx
+                        foreach ($ban_list as $ban_item)
 psotfx
-acydburn
+                                $ban_item = trim($ban_item);
 acydburn
-acydburn
+                                if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
 psotfx
-davidmj
+                                        if (strlen($ban_item) > 100)
 davidmj
-davidmj
+                                                continue;
 davidmj
 davidmj
-acydburn
+                                        if (!sizeof($founder) || !in_array($ban_item, $founder))
 acydburn
-acydburn
+                                                $banlist_ary[] = $ban_item;
 acydburn
 psotfx
 psotfx
 bartvb
-bartvb
+                        if (sizeof($ban_list) == 0)
 bartvb
-git-gate
+                                trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);
 bartvb
-acydburn
+                break;
 acydburn
-acydburn
+                default:
-git-gate
+                        trigger_error('NO_MODE', E_USER_WARNING);
-acydburn
+                break;
 psotfx
 psotfx
-bartvb
+        // Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
-acydburn
+        $sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";
 acydburn
-psotfx
+        $sql = "SELECT $type
-psotfx
+                FROM " . BANLIST_TABLE . "
-acydburn
+                WHERE $sql_where
-toonarmy
+                        AND ban_exclude = " . (int) $ban_exclude;
-psotfx
+        $result = $db->sql_query($sql);
 psotfx
-acydburn
+        // Reset $sql_where, because we use it later...
-acydburn
+        $sql_where = '';
 acydburn
-psotfx
+        if ($row = $db->sql_fetchrow($result))
 psotfx
-bartvb
+                $banlist_ary_tmp = array();
-psotfx
+                do
 psotfx
-psotfx
+                        switch ($mode)
 psotfx
-psotfx
+                                case 'user':
-bartvb
+                                        $banlist_ary_tmp[] = $row['ban_userid'];
-acydburn
+                                break;
 psotfx
-psotfx
+                                case 'ip':
-bartvb
+                                        $banlist_ary_tmp[] = $row['ban_ip'];
-acydburn
+                                break;
 psotfx
-psotfx
+                                case 'email':
-bartvb
+                                        $banlist_ary_tmp[] = $row['ban_email'];
-acydburn
+                                break;
 psotfx
 psotfx
-psotfx
+                while ($row = $db->sql_fetchrow($result));
 psotfx
-nickvergessen
+                $banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);
 nickvergessen
-nickvergessen
+                if (sizeof($banlist_ary_tmp))
 nickvergessen
-nickvergessen
+                        // One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length
-nickvergessen
+                        $sql = 'DELETE FROM ' . BANLIST_TABLE . '
-nickvergessen
+                                WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . '
-nickvergessen
+                                        AND ban_exclude = ' . (int) $ban_exclude;
-nickvergessen
+                        $db->sql_query($sql);
 nickvergessen
 nickvergessen
-bartvb
+                unset($banlist_ary_tmp);
 psotfx
-acydburn
+        $db->sql_freeresult($result);
 psotfx
-bartvb
+        // We have some entities to ban
-bartvb
+        if (sizeof($banlist_ary))
 psotfx
-bartvb
+                $sql_ary = array();
 acydburn
-bartvb
+                foreach ($banlist_ary as $ban_entry)
 psotfx
-bartvb
+                        $sql_ary[] = array(
-acydburn
+                                $type                                => $ban_entry,
-acydburn
+                                'ban_start'                        => (int) $current_time,
-acydburn
+                                'ban_end'                        => (int) $ban_end,
-acydburn
+                                'ban_exclude'                => (int) $ban_exclude,
-acydburn
+                                'ban_reason'                => (string) $ban_reason,
-acydburn
+                                'ban_give_reason'        => (string) $ban_give_reason,
-acydburn
+                        );
 psotfx
 acydburn
-acydburn
+                $db->sql_multi_insert(BANLIST_TABLE, $sql_ary);
 psotfx
-bartvb
+                // If we are banning we want to logout anyone matching the ban
-psotfx
+                if (!$ban_exclude)
 psotfx
-psotfx
+                        switch ($mode)
 psotfx
-psotfx
+                                case 'user':
-acydburn
+                                        $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
-acydburn
+                                break;
 psotfx
-psotfx
+                                case 'ip':
-acydburn
+                                        $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
-acydburn
+                                break;
 psotfx
-psotfx
+                                case 'email':
-bartvb
+                                        $banlist_ary_sql = array();
 acydburn
-acydburn
+                                        foreach ($banlist_ary as $ban_entry)
 bartvb
-acydburn
+                                                $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
 bartvb
 bartvb
-psotfx
+                                        $sql = 'SELECT user_id
-psotfx
+                                                FROM ' . USERS_TABLE . '
-acydburn
+                                                WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
-psotfx
+                                        $result = $db->sql_query($sql);
 psotfx
-psotfx
+                                        $sql_in = array();
 acydburn
-psotfx
+                                        if ($row = $db->sql_fetchrow($result))
 psotfx
-psotfx
+                                                do
 psotfx
-psotfx
+                                                        $sql_in[] = $row['user_id'];
 psotfx
-psotfx
+                                                while ($row = $db->sql_fetchrow($result));
 psotfx
-acydburn
+                                                $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
 psotfx
-acydburn
+                                        $db->sql_freeresult($result);
-acydburn
+                                break;
 psotfx
 psotfx
-acydburn
+                        if (isset($sql_where) && $sql_where)
 psotfx
-psotfx
+                                $sql = 'DELETE FROM ' . SESSIONS_TABLE . "
-bartvb
+                                        $sql_where";
-psotfx
+                                $db->sql_query($sql);
 acydburn
-acydburn
+                                if ($mode == 'user')
 acydburn
-acydburn
+                                        $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
-acydburn
+                                        $db->sql_query($sql);
 acydburn
 psotfx
 psotfx
 psotfx
-psotfx
+                // Update log
-psotfx
+                $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
 acydburn
-nickvergessen
+                // Add to moderator log, admin log and user notes
-psotfx
+                add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
-acydburn
+                add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
-nickvergessen
+                if ($mode == 'user')
 nickvergessen
-nickvergessen
+                        foreach ($banlist_ary as $user_id)
 nickvergessen
-nickvergessen
+                                add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
 nickvergessen
 nickvergessen
 acydburn
-acydburn
+                $cache->destroy('sql', BANLIST_TABLE);
 acydburn
-bartvb
+                return true;
 psotfx
 psotfx
-acydburn
+        // There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans.
-acydburn
+        $cache->destroy('sql', BANLIST_TABLE);
 acydburn
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Unban User
-acydburn
+*/
-psotfx
+function user_unban($mode, $ban)
 psotfx
-acydburn
+        global $db, $user, $auth, $cache;
 psotfx
-psotfx
+        // Delete stale bans
-acydburn
+        $sql = 'DELETE FROM ' . BANLIST_TABLE . '
-acydburn
+                WHERE ban_end < ' . time() . '
-acydburn
+                        AND ban_end <> 0';
-psotfx
+        $db->sql_query($sql);
 psotfx
-acydburn
+        if (!is_array($ban))
 acydburn
-acydburn
+                $ban = array($ban);
 acydburn
 acydburn
-acydburn
+        $unban_sql = array_map('intval', $ban);
 psotfx
-acydburn
+        if (sizeof($unban_sql))
 psotfx
-psotfx
+                // Grab details of bans for logging information later
-psotfx
+                switch ($mode)
 psotfx
-psotfx
+                        case 'user':
-nickvergessen
+                                $sql = 'SELECT u.username AS unban_info, u.user_id
-acydburn
+                                        FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
-acydburn
+                                        WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
-acydburn
+                                                AND u.user_id = b.ban_userid';
-acydburn
+                        break;
 psotfx
-psotfx
+                        case 'email':
-bartvb
+                                $sql = 'SELECT ban_email AS unban_info
-acydburn
+                                        FROM ' . BANLIST_TABLE . '
-acydburn
+                                        WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
-acydburn
+                        break;
 psotfx
-psotfx
+                        case 'ip':
-bartvb
+                                $sql = 'SELECT ban_ip AS unban_info
-acydburn
+                                        FROM ' . BANLIST_TABLE . '
-acydburn
+                                        WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
-acydburn
+                        break;
 psotfx
-psotfx
+                $result = $db->sql_query($sql);
 psotfx
-bartvb
+                $l_unban_list = '';
-nickvergessen
+                $user_ids_ary = array();
-psotfx
+                while ($row = $db->sql_fetchrow($result))
 psotfx
-psotfx
+                        $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
-nickvergessen
+                        if ($mode == 'user')
 nickvergessen
-nickvergessen
+                                $user_ids_ary[] = $row['user_id'];
 nickvergessen
 psotfx
-acydburn
+                $db->sql_freeresult($result);
 psotfx
-acydburn
+                $sql = 'DELETE FROM ' . BANLIST_TABLE . '
-acydburn
+                        WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
-acydburn
+                $db->sql_query($sql);
 acydburn
-nickvergessen
+                // Add to moderator log, admin log and user notes
-psotfx
+                add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
-acydburn
+                add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
-nickvergessen
+                if ($mode == 'user')
 nickvergessen
-nickvergessen
+                        foreach ($user_ids_ary as $user_id)
 nickvergessen
-nickvergessen
+                                add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
 nickvergessen
 nickvergessen
 psotfx
 psotfx
-acydburn
+        $cache->destroy('sql', BANLIST_TABLE);
 acydburn
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-git-gate
+* Internet Protocol Address Whois
-git-gate
+* RFC3912: WHOIS Protocol Specification
 toonarmy
-git-gate
+* @param string $ip                Ip address, either IPv4 or IPv6.
 git-gate
-git-gate
+* @return string                Empty string if not a valid ip address.
-git-gate
+*                                                Otherwise make_clickable()'ed whois result.
-acydburn
+*/
-psotfx
+function user_ipwhois($ip)
 psotfx
-git-gate
+        if (empty($ip))
 git-gate
-git-gate
+                return '';
 git-gate
 psotfx
-git-gate
+        if (preg_match(get_preg_expression('ipv4'), $ip))
 acydburn
-git-gate
+                // IPv4 address
-git-gate
+                $whois_host = 'whois.arin.net.';
 git-gate
-git-gate
+        else if (preg_match(get_preg_expression('ipv6'), $ip))
 git-gate
-git-gate
+                // IPv6 address
-git-gate
+                $whois_host = 'whois.sixxs.net.';
 git-gate
-git-gate
+        else
 git-gate
-acydburn
+                return '';
 acydburn
 acydburn
-git-gate
+        $ipwhois = '';
 git-gate
-git-gate
+        if (($fsk = @fsockopen($whois_host, 43)))
 psotfx
-toonarmy
+                // CRLF as per RFC3912
-toonarmy
+                fputs($fsk, "$ip\r\n");
-psotfx
+                while (!feof($fsk))
 psotfx
-psotfx
+                        $ipwhois .= fgets($fsk, 1024);
 psotfx
-psotfx
+                @fclose($fsk);
 psotfx
 psotfx
-toonarmy
+        $match = array();
 toonarmy
-git-gate
+        // Test for referrals from $whois_host to other whois databases, roll on rwhois
-toonarmy
+        if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))
 psotfx
-toonarmy
+                if (strpos($match[1], ':') !== false)
 psotfx
-toonarmy
+                        $pos        = strrpos($match[1], ':');
-toonarmy
+                        $server        = substr($match[1], 0, $pos);
-toonarmy
+                        $port        = (int) substr($match[1], $pos + 1);
-toonarmy
+                        unset($pos);
 toonarmy
-toonarmy
+                else
 toonarmy
-toonarmy
+                        $server        = $match[1];
-toonarmy
+                        $port        = 43;
 toonarmy
 toonarmy
-toonarmy
+                $buffer = '';
 toonarmy
-toonarmy
+                if (($fsk = @fsockopen($server, $port)))
 toonarmy
-toonarmy
+                        fputs($fsk, "$ip\r\n");
-toonarmy
+                        while (!feof($fsk))
 psotfx
-toonarmy
+                                $buffer .= fgets($fsk, 1024);
 psotfx
-toonarmy
+                        @fclose($fsk);
 psotfx
 toonarmy
-git-gate
+                // Use the result from $whois_host if we don't get any result here
-toonarmy
+                $ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
 psotfx
 psotfx
-acydburn
+        $ipwhois = htmlspecialchars($ipwhois);
 acydburn
-acydburn
+        // Magic URL ;)
-acydburn
+        return trim(make_clickable($ipwhois, false, ''));
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Data validation ... used primarily but not exclusively by ucp modules
 acydburn
-acydburn
+* "Master" function for validating a range of data types
-acydburn
+*/
-psotfx
+function validate_data($data, $val_ary)
 psotfx
-acydburn
+        global $user;
 acydburn
-psotfx
+        $error = array();
 psotfx
-psotfx
+        foreach ($val_ary as $var => $val_seq)
 psotfx
-psotfx
+                if (!is_array($val_seq[0]))
 psotfx
-psotfx
+                        $val_seq = array($val_seq);
 psotfx
 psotfx
-psotfx
+                foreach ($val_seq as $validate)
 psotfx
-psotfx
+                        $function = array_shift($validate);
-psotfx
+                        array_unshift($validate, $data[$var]);
 psotfx
-psotfx
+                        if ($result = call_user_func_array('validate_' . $function, $validate))
 psotfx
-acydburn
+                                // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
-acydburn
+                                $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
 psotfx
 psotfx
 psotfx
 psotfx
-psotfx
+        return $error;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Validate String
 naderman
-naderman
+* @return        boolean|string        Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-acydburn
+*/
-psotfx
+function validate_string($string, $optional = false, $min = 0, $max = 0)
 psotfx
-psotfx
+        if (empty($string) && $optional)
 psotfx
-psotfx
+                return false;
 psotfx
 psotfx
-acydburn
+        if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
 psotfx
-psotfx
+                return 'TOO_SHORT';
 psotfx
-acydburn
+        else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
 psotfx
-psotfx
+                return 'TOO_LONG';
 psotfx
 psotfx
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Validate Number
 naderman
-naderman
+* @return        boolean|string        Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-acydburn
+*/
-psotfx
+function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 psotfx
-psotfx
+        if (empty($num) && $optional)
 psotfx
-psotfx
+                return false;
 psotfx
 psotfx
-psotfx
+        if ($num < $min)
 psotfx
-psotfx
+                return 'TOO_SMALL';
 psotfx
-bartvb
+        else if ($num > $max)
 psotfx
-psotfx
+                return 'TOO_LARGE';
 psotfx
 psotfx
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-kellanved
+* Validate Date
-kellanved
+* @param String $string a date in the dd-mm-yyyy format
-kellanved
+* @return        boolean
-kellanved
+*/
-kellanved
+function validate_date($date_string, $optional = false)
 kellanved
-kellanved
+        $date = explode('-', $date_string);
-kellanved
+        if ((empty($date) || sizeof($date) != 3) && $optional)
 kellanved
-kellanved
+                return false;
 kellanved
-kellanved
+        else if ($optional)
 kellanved
-kellanved
+                for ($field = 0; $field <= 1; $field++)
 kellanved
-kellanved
+                        $date[$field] = (int) $date[$field];
-kellanved
+                        if (empty($date[$field]))
 kellanved
-kellanved
+                                $date[$field] = 1;
 kellanved
 kellanved
-kellanved
+                $date[2] = (int) $date[2];
-kellanved
+                // assume an arbitrary leap year
-kellanved
+                if (empty($date[2]))
 kellanved
-kellanved
+                        $date[2] = 1980;
 kellanved
 kellanved
 acydburn
-kellanved
+        if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
 kellanved
-kellanved
+                return 'INVALID';
 kellanved
 kellanved
-kellanved
+        return false;
 kellanved
 kellanved
 kellanved
-kellanved
+/**
-acydburn
+* Validate Match
 naderman
-naderman
+* @return        boolean|string        Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-acydburn
+*/
-acydburn
+function validate_match($string, $optional = false, $match = '')
 psotfx
-psotfx
+        if (empty($string) && $optional)
 psotfx
-psotfx
+                return false;
 psotfx
 psotfx
-acydburn
+        if (empty($match))
 acydburn
-acydburn
+                return false;
 acydburn
 acydburn
-psotfx
+        if (!preg_match($match, $string))
 psotfx
-psotfx
+                return 'WRONG_DATA';
 psotfx
 acydburn
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-git-gate
+* Validate Language Pack ISO Name
 git-gate
-git-gate
+* Tests whether a language name is valid and installed
 git-gate
-git-gate
+* @param string $lang_iso        The language string to test
 git-gate
-git-gate
+* @return bool|string                Either false if validation succeeded or
-git-gate
+*                                                        a string which will be used as the error message
-git-gate
+*                                                        (with the variable name appended)
-git-gate
+*/
-git-gate
+function validate_language_iso_name($lang_iso)
 git-gate
-git-gate
+        global $db;
 git-gate
-git-gate
+        $sql = 'SELECT lang_id
-git-gate
+                FROM ' . LANG_TABLE . "
-git-gate
+                WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
-git-gate
+        $result = $db->sql_query($sql);
-git-gate
+        $lang_id = (int) $db->sql_fetchfield('lang_id');
-git-gate
+        $db->sql_freeresult($result);
 git-gate
-git-gate
+        return ($lang_id) ? false : 'WRONG_DATA';
 git-gate
 git-gate
-git-gate
+/**
-acydburn
+* Check to see if the username has been taken, or if it is disallowed.
-acydburn
+* Also checks if it includes the " character, which we don't allow in usernames.
-acydburn
+* Used for registering, changing names, and posting anonymously with a username
 naderman
-acydburn
+* @param string $username The username to check
-acydburn
+* @param string $allowed_username An allowed username, default being $user->data['username']
 acydburn
-acydburn
+* @return        mixed        Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-acydburn
+*/
-acydburn
+function validate_username($username, $allowed_username = false)
 psotfx
-davidmj
+        global $config, $db, $user, $cache;
 psotfx
-davidmj
+        $clean_username = utf8_clean_string($username);
-acydburn
+        $allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);
 davidmj
-acydburn
+        if ($allowed_username == $clean_username)
 psotfx
-psotfx
+                return false;
 psotfx
 psotfx
-acydburn
+        // ... fast checks first.
-acydburn
+        if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
 acydburn
-acydburn
+                return 'INVALID_CHARS';
 acydburn
 acydburn
-davidmj
+        $mbstring = $pcre = false;
 davidmj
-davidmj
+        // generic UTF-8 character types supported?
-git-gate
+        if (phpbb_pcre_utf8_support())
 psotfx
-davidmj
+                $pcre = true;
 davidmj
-davidmj
+        else if (function_exists('mb_ereg_match'))
 davidmj
-davidmj
+                mb_regex_encoding('UTF-8');
-davidmj
+                $mbstring = true;
 davidmj
 davidmj
-davidmj
+        switch ($config['allow_name_chars'])
 davidmj
-davidmj
+                case 'USERNAME_CHARS_ANY':
-davidmj
+                        $pcre = true;
-davidmj
+                        $regex = '.+';
-davidmj
+                break;
 davidmj
-davidmj
+                case 'USERNAME_ALPHA_ONLY':
-davidmj
+                        $pcre = true;
-davidmj
+                        $regex = '[A-Za-z0-9]+';
-davidmj
+                break;
 davidmj
-davidmj
+                case 'USERNAME_ALPHA_SPACERS':
-davidmj
+                        $pcre = true;
-davidmj
+                        $regex = '[A-Za-z0-9-[\]_+ ]+';
-davidmj
+                break;
 davidmj
-davidmj
+                case 'USERNAME_LETTER_NUM':
-davidmj
+                        if ($pcre)
 davidmj
-davidmj
+                                $regex = '[\p{Lu}\p{Ll}\p{N}]+';
 davidmj
-davidmj
+                        else if ($mbstring)
 davidmj
-davidmj
+                                $regex = '[[:upper:][:lower:][:digit:]]+';
 davidmj
-davidmj
+                        else
 davidmj
-davidmj
+                                $pcre = true;
-davidmj
+                                $regex = '[a-zA-Z0-9]+';
 davidmj
-davidmj
+                break;
 davidmj
-davidmj
+                case 'USERNAME_LETTER_NUM_SPACERS':
-davidmj
+                        if ($pcre)
 davidmj
-davidmj
+                                $regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
 davidmj
-davidmj
+                        else if ($mbstring)
 davidmj
-toonarmy
+                                $regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';
 davidmj
-davidmj
+                        else
 davidmj
-davidmj
+                                $pcre = true;
-davidmj
+                                $regex = '[-\]_+ [a-zA-Z0-9]+';
 davidmj
-davidmj
+                break;
 davidmj
-davidmj
+                case 'USERNAME_ASCII':
-acydburn
+                default:
-davidmj
+                        $pcre = true;
-davidmj
+                        $regex = '[\x01-\x7F]+';
-davidmj
+                break;
 davidmj
 davidmj
-davidmj
+        if ($pcre)
 davidmj
-davidmj
+                if (!preg_match('#^' . $regex . '$#u', $username))
 davidmj
-davidmj
+                        return 'INVALID_CHARS';
 davidmj
 davidmj
-davidmj
+        else if ($mbstring)
 davidmj
-acydburn
+                mb_ereg_search_init($username, '^' . $regex . '$');
-davidmj
+                if (!mb_ereg_search())
 davidmj
-davidmj
+                        return 'INVALID_CHARS';
 davidmj
 davidmj
 davidmj
-psotfx
+        $sql = 'SELECT username
-psotfx
+                FROM ' . USERS_TABLE . "
-davidmj
+                WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
-psotfx
+        $result = $db->sql_query($sql);
-acydburn
+        $row = $db->sql_fetchrow($result);
-acydburn
+        $db->sql_freeresult($result);
 psotfx
-acydburn
+        if ($row)
 psotfx
-psotfx
+                return 'USERNAME_TAKEN';
 psotfx
 psotfx
-psotfx
+        $sql = 'SELECT group_name
-psotfx
+                FROM ' . GROUPS_TABLE . "
-naderman
+                WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
-psotfx
+        $result = $db->sql_query($sql);
-acydburn
+        $row = $db->sql_fetchrow($result);
-acydburn
+        $db->sql_freeresult($result);
 psotfx
-acydburn
+        if ($row)
 psotfx
-psotfx
+                return 'USERNAME_TAKEN';
 psotfx
 psotfx
-acydburn
+        $bad_usernames = $cache->obtain_disallowed_usernames();
 davidmj
-davidmj
+        foreach ($bad_usernames as $bad_username)
 psotfx
-acydburn
+                if (preg_match('#^' . $bad_username . '$#', $clean_username))
 psotfx
-psotfx
+                        return 'USERNAME_DISALLOWED';
 psotfx
 psotfx
 psotfx
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Check to see if the password meets the complexity settings
 acydburn
-acydburn
+* @return        boolean|string        Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-acydburn
+*/
-acydburn
+function validate_password($password)
 acydburn
-acydburn
+        global $config, $db, $user;
 acydburn
-git-gate
+        if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
 acydburn
-git-gate
+                // Password empty or no password complexity required.
-acydburn
+                return false;
 acydburn
 acydburn
-davidmj
+        $pcre = $mbstring = false;
 davidmj
-naderman
+        // generic UTF-8 character types supported?
-git-gate
+        if (phpbb_pcre_utf8_support())
 acydburn
-naderman
+                $upp = '\p{Lu}';
-naderman
+                $low = '\p{Ll}';
-naderman
+                $num = '\p{N}';
-naderman
+                $sym = '[^\p{Lu}\p{Ll}\p{N}]';
-davidmj
+                $pcre = true;
 acydburn
-davidmj
+        else if (function_exists('mb_ereg_match'))
 davidmj
-davidmj
+                mb_regex_encoding('UTF-8');
-davidmj
+                $upp = '[[:upper:]]';
-davidmj
+                $low = '[[:lower:]]';
-davidmj
+                $num = '[[:digit:]]';
-davidmj
+                $sym = '[^[:upper:][:lower:][:digit:]]';
-davidmj
+                $mbstring = true;
 davidmj
-naderman
+        else
 naderman
-naderman
+                $upp = '[A-Z]';
-naderman
+                $low = '[a-z]';
-naderman
+                $num = '[0-9]';
-naderman
+                $sym = '[^A-Za-z0-9]';
-davidmj
+                $pcre = true;
 naderman
 acydburn
-naderman
+        $chars = array();
 naderman
-naderman
+        switch ($config['pass_complex'])
 naderman
-git-gate
+                // No break statements below ...
-git-gate
+                // We require strong passwords in case pass_complex is not set or is invalid
-git-gate
+                default:
 naderman
-git-gate
+                // Require mixed case letters, numbers and symbols
-git-gate
+                case 'PASS_TYPE_SYMBOL':
-git-gate
+                        $chars[] = $sym;
 git-gate
-git-gate
+                // Require mixed case letters and numbers
-naderman
+                case 'PASS_TYPE_ALPHA':
-naderman
+                        $chars[] = $num;
 naderman
-git-gate
+                // Require mixed case letters
-git-gate
+                case 'PASS_TYPE_CASE':
-naderman
+                        $chars[] = $low;
-naderman
+                        $chars[] = $upp;
 naderman
 naderman
-davidmj
+        if ($pcre)
 naderman
-davidmj
+                foreach ($chars as $char)
 naderman
-davidmj
+                        if (!preg_match('#' . $char . '#u', $password))
 acydburn
-davidmj
+                                return 'INVALID_CHARS';
 davidmj
 naderman
 naderman
-davidmj
+        else if ($mbstring)
 davidmj
-davidmj
+                foreach ($chars as $char)
 davidmj
-davidmj
+                        if (mb_ereg($char, $password) === false)
 davidmj
-davidmj
+                                return 'INVALID_CHARS';
 davidmj
 davidmj
 davidmj
 naderman
-acydburn
+        return false;
 acydburn
 acydburn
-acydburn
+/**
-acydburn
+* Check to see if email address is banned or already present in the DB
 naderman
-acydburn
+* @param string $email The email to check
-acydburn
+* @param string $allowed_email An allowed email, default being $user->data['user_email']
 acydburn
-acydburn
+* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-acydburn
+*/
-acydburn
+function validate_email($email, $allowed_email = false)
 psotfx
-psotfx
+        global $config, $db, $user;
 psotfx
-acydburn
+        $email = strtolower($email);
-acydburn
+        $allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email);
 acydburn
-acydburn
+        if ($allowed_email == $email)
 psotfx
-psotfx
+                return false;
 psotfx
 psotfx
-acydburn
+        if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
 psotfx
-psotfx
+                return 'EMAIL_INVALID';
 psotfx
 psotfx
-acydburn
+        // Check MX record.
-acydburn
+        // The idea for this is from reading the UseBB blog/announcement. :)
-acydburn
+        if ($config['email_check_mx'])
 acydburn
-acydburn
+                list(, $domain) = explode('@', $email);
 acydburn
-acydburn
+                if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
 acydburn
-acydburn
+                        return 'DOMAIN_NO_MX_RECORD';
 acydburn
 acydburn
 acydburn
-acydburn
+        if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
 psotfx
-acydburn
+                return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
 bartvb
 bartvb
-psotfx
+        if (!$config['allow_emailreuse'])
 psotfx
-psotfx
+                $sql = 'SELECT user_email_hash
-psotfx
+                        FROM ' . USERS_TABLE . "
-nickvergessen
+                        WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
-psotfx
+                $result = $db->sql_query($sql);
-acydburn
+                $row = $db->sql_fetchrow($result);
-acydburn
+                $db->sql_freeresult($result);
 psotfx
-acydburn
+                if ($row)
 psotfx
-psotfx
+                        return 'EMAIL_TAKEN';
 psotfx
 psotfx
 psotfx
-psotfx
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Validate jabber address
-acydburn
+* Taken from the jabber class within flyspray (see author notes)
 acydburn
-acydburn
+* @author flyspray.org
-acydburn
+*/
-acydburn
+function validate_jabber($jid)
 acydburn
-acydburn
+        if (!$jid)
 acydburn
-acydburn
+                return false;
 acydburn
 kellanved
-git-gate
+        $separator_pos = strpos($jid, '@');
 kellanved
-git-gate
+        if ($separator_pos === false)
 acydburn
-acydburn
+                return 'WRONG_DATA';
 acydburn
 acydburn
-git-gate
+        $username = substr($jid, 0, $separator_pos);
-git-gate
+        $realm = substr($jid, $separator_pos + 1);
 acydburn
-acydburn
+        if (strlen($username) == 0 || strlen($realm) < 3)
 acydburn
-acydburn
+                return 'WRONG_DATA';
 acydburn
 acydburn
-acydburn
+        $arr = explode('.', $realm);
 acydburn
-acydburn
+        if (sizeof($arr) == 0)
 acydburn
-acydburn
+                return 'WRONG_DATA';
 acydburn
 acydburn
-acydburn
+        foreach ($arr as $part)
 acydburn
-acydburn
+                if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')
 acydburn
-acydburn
+                        return 'WRONG_DATA';
 acydburn
 acydburn
-acydburn
+                if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
 acydburn
-acydburn
+                        return 'WRONG_DATA';
 acydburn
 acydburn
 acydburn
-acydburn
+        $boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
 acydburn
-acydburn
+        // Prohibited Characters RFC3454 + RFC3920
-acydburn
+        $prohibited = array(
-acydburn
+                // Table C.1.1
-acydburn
+                array(0x0020, 0x0020),                // SPACE
-acydburn
+                // Table C.1.2
-acydburn
+                array(0x00A0, 0x00A0),                // NO-BREAK SPACE
-acydburn
+                array(0x1680, 0x1680),                // OGHAM SPACE MARK
-acydburn
+                array(0x2000, 0x2001),                // EN QUAD
-acydburn
+                array(0x2001, 0x2001),                // EM QUAD
-acydburn
+                array(0x2002, 0x2002),                // EN SPACE
-acydburn
+                array(0x2003, 0x2003),                // EM SPACE
-acydburn
+                array(0x2004, 0x2004),                // THREE-PER-EM SPACE
-acydburn
+                array(0x2005, 0x2005),                // FOUR-PER-EM SPACE
-acydburn
+                array(0x2006, 0x2006),                // SIX-PER-EM SPACE
-acydburn
+                array(0x2007, 0x2007),                // FIGURE SPACE
-acydburn
+                array(0x2008, 0x2008),                // PUNCTUATION SPACE
-acydburn
+                array(0x2009, 0x2009),                // THIN SPACE
-acydburn
+                array(0x200A, 0x200A),                // HAIR SPACE
-acydburn
+                array(0x200B, 0x200B),                // ZERO WIDTH SPACE
-acydburn
+                array(0x202F, 0x202F),                // NARROW NO-BREAK SPACE
-acydburn
+                array(0x205F, 0x205F),                // MEDIUM MATHEMATICAL SPACE
-acydburn
+                array(0x3000, 0x3000),                // IDEOGRAPHIC SPACE
-acydburn
+                // Table C.2.1
-acydburn
+                array(0x0000, 0x001F),                // [CONTROL CHARACTERS]
-acydburn
+                array(0x007F, 0x007F),                // DELETE
-acydburn
+                // Table C.2.2
-acydburn
+                array(0x0080, 0x009F),                // [CONTROL CHARACTERS]
-acydburn
+                array(0x06DD, 0x06DD),                // ARABIC END OF AYAH
-acydburn
+                array(0x070F, 0x070F),                // SYRIAC ABBREVIATION MARK
-acydburn
+                array(0x180E, 0x180E),                // MONGOLIAN VOWEL SEPARATOR
-acydburn
+                array(0x200C, 0x200C),                 // ZERO WIDTH NON-JOINER
-acydburn
+                array(0x200D, 0x200D),                // ZERO WIDTH JOINER
-acydburn
+                array(0x2028, 0x2028),                // LINE SEPARATOR
-acydburn
+                array(0x2029, 0x2029),                // PARAGRAPH SEPARATOR
-acydburn
+                array(0x2060, 0x2060),                // WORD JOINER
-acydburn
+                array(0x2061, 0x2061),                // FUNCTION APPLICATION
-acydburn
+                array(0x2062, 0x2062),                // INVISIBLE TIMES
-acydburn
+                array(0x2063, 0x2063),                // INVISIBLE SEPARATOR
-acydburn
+                array(0x206A, 0x206F),                // [CONTROL CHARACTERS]
-acydburn
+                array(0xFEFF, 0xFEFF),                // ZERO WIDTH NO-BREAK SPACE
-acydburn
+                array(0xFFF9, 0xFFFC),                // [CONTROL CHARACTERS]
-acydburn
+                array(0x1D173, 0x1D17A),        // [MUSICAL CONTROL CHARACTERS]
-acydburn
+                // Table C.3
-acydburn
+                array(0xE000, 0xF8FF),                // [PRIVATE USE, PLANE 0]
-acydburn
+                array(0xF0000, 0xFFFFD),        // [PRIVATE USE, PLANE 15]
-acydburn
+                array(0x100000, 0x10FFFD),        // [PRIVATE USE, PLANE 16]
-acydburn
+                // Table C.4
-acydburn
+                array(0xFDD0, 0xFDEF),                // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0xFFFE, 0xFFFF),                // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x1FFFE, 0x1FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x2FFFE, 0x2FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x3FFFE, 0x3FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x4FFFE, 0x4FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x5FFFE, 0x5FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x6FFFE, 0x6FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x7FFFE, 0x7FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x8FFFE, 0x8FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x9FFFE, 0x9FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0xAFFFE, 0xAFFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0xBFFFE, 0xBFFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0xCFFFE, 0xCFFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0xDFFFE, 0xDFFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0xEFFFE, 0xEFFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0xFFFFE, 0xFFFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                array(0x10FFFE, 0x10FFFF),        // [NONCHARACTER CODE POINTS]
-acydburn
+                // Table C.5
-acydburn
+                array(0xD800, 0xDFFF),                // [SURROGATE CODES]
-acydburn
+                // Table C.6
-acydburn
+                array(0xFFF9, 0xFFF9),                // INTERLINEAR ANNOTATION ANCHOR
-acydburn
+                array(0xFFFA, 0xFFFA),                // INTERLINEAR ANNOTATION SEPARATOR
-acydburn
+                array(0xFFFB, 0xFFFB),                // INTERLINEAR ANNOTATION TERMINATOR
-acydburn
+                array(0xFFFC, 0xFFFC),                // OBJECT REPLACEMENT CHARACTER
-acydburn
+                array(0xFFFD, 0xFFFD),                // REPLACEMENT CHARACTER
-acydburn
+                // Table C.7
-acydburn
+                array(0x2FF0, 0x2FFB),                // [IDEOGRAPHIC DESCRIPTION CHARACTERS]
-acydburn
+                // Table C.8
-acydburn
+                array(0x0340, 0x0340),                // COMBINING GRAVE TONE MARK
-acydburn
+                array(0x0341, 0x0341),                // COMBINING ACUTE TONE MARK
-acydburn
+                array(0x200E, 0x200E),                // LEFT-TO-RIGHT MARK
-acydburn
+                array(0x200F, 0x200F),                // RIGHT-TO-LEFT MARK
-acydburn
+                array(0x202A, 0x202A),                // LEFT-TO-RIGHT EMBEDDING
-acydburn
+                array(0x202B, 0x202B),                // RIGHT-TO-LEFT EMBEDDING
-acydburn
+                array(0x202C, 0x202C),                // POP DIRECTIONAL FORMATTING
-acydburn
+                array(0x202D, 0x202D),                // LEFT-TO-RIGHT OVERRIDE
-acydburn
+                array(0x202E, 0x202E),                // RIGHT-TO-LEFT OVERRIDE
-acydburn
+                array(0x206A, 0x206A),                // INHIBIT SYMMETRIC SWAPPING
-acydburn
+                array(0x206B, 0x206B),                // ACTIVATE SYMMETRIC SWAPPING
-acydburn
+                array(0x206C, 0x206C),                // INHIBIT ARABIC FORM SHAPING
-acydburn
+                array(0x206D, 0x206D),                // ACTIVATE ARABIC FORM SHAPING
-acydburn
+                array(0x206E, 0x206E),                // NATIONAL DIGIT SHAPES
-acydburn
+                array(0x206F, 0x206F),                // NOMINAL DIGIT SHAPES
-acydburn
+                // Table C.9
-acydburn
+                array(0xE0001, 0xE0001),        // LANGUAGE TAG
-acydburn
+                array(0xE0020, 0xE007F),        // [TAGGING CHARACTERS]
-acydburn
+                // RFC3920
-acydburn
+                array(0x22, 0x22),                        // "
-acydburn
+                array(0x26, 0x26),                        // &
-acydburn
+                array(0x27, 0x27),                        // '
-acydburn
+                array(0x2F, 0x2F),                        // /
-acydburn
+                array(0x3A, 0x3A),                        // :
-acydburn
+                array(0x3C, 0x3C),                        // <
-acydburn
+                array(0x3E, 0x3E),                        // >
-acydburn
+                array(0x40, 0x40)                        // @
-acydburn
+        );
 acydburn
-acydburn
+        $pos = 0;
-acydburn
+        $result = true;
 acydburn
-acydburn
+        while ($pos < strlen($username))
 acydburn
-acydburn
+                $len = $uni = 0;
-acydburn
+                for ($i = 0; $i <= 5; $i++)
 acydburn
-acydburn
+                        if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])
 acydburn
-acydburn
+                                $len = $i + 1;
-acydburn
+                                $uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);
 acydburn
-acydburn
+                                for ($k = 1; $k < $len; $k++)
 acydburn
-acydburn
+                                        $uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);
 acydburn
 acydburn
-acydburn
+                                break;
 acydburn
 acydburn
 acydburn
-acydburn
+                if ($len == 0)
 acydburn
-acydburn
+                        return 'WRONG_DATA';
 acydburn
 acydburn
-acydburn
+                foreach ($prohibited as $pval)
 acydburn
-acydburn
+                        if ($uni >= $pval[0] && $uni <= $pval[1])
 acydburn
-acydburn
+                                $result = false;
-acydburn
+                                break 2;
 acydburn
 acydburn
 acydburn
-acydburn
+                $pos = $pos + $len;
 acydburn
 acydburn
-acydburn
+        if (!$result)
 acydburn
-acydburn
+                return 'WRONG_DATA';
 acydburn
 acydburn
-acydburn
+        return false;
 acydburn
 acydburn
-acydburn
+/**
-acydburn
+* Remove avatar
-acydburn
+*/
-kellanved
+function avatar_delete($mode, $row, $clean_db = false)
 psotfx
-psotfx
+        global $phpbb_root_path, $config, $db, $user;
 psotfx
-acydburn
+        // Check if the users avatar is actually *not* a group avatar
-acydburn
+        if ($mode == 'user')
 psotfx
-kellanved
+                if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
 acydburn
-acydburn
+                        return false;
 acydburn
 psotfx
 acydburn
-kellanved
+        if ($clean_db)
 kellanved
-kellanved
+                avatar_remove_db($row[$mode . '_avatar']);
 kellanved
-kellanved
+        $filename = get_avatar_filename($row[$mode . '_avatar']);
-kellanved
+        if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
 acydburn
-kellanved
+                @unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
-acydburn
+                return true;
 acydburn
 acydburn
-psotfx
+        return false;
 acydburn
 psotfx
-acydburn
+/**
-acydburn
+* Remote avatar linkage
-acydburn
+*/
-psotfx
+function avatar_remote($data, &$error)
 psotfx
-acydburn
+        global $config, $db, $user, $phpbb_root_path, $phpEx;
 psotfx
-bartvb
+        if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
 psotfx
-psotfx
+                $data['remotelink'] = 'http://' . $data['remotelink'];
 psotfx
-kellanved
+        if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
 psotfx
-psotfx
+                $error[] = $user->lang['AVATAR_URL_INVALID'];
-psotfx
+                return false;
 psotfx
 psotfx
-acydburn
+        // Make sure getimagesize works...
-kellanved
+        if (($image_data = @getimagesize($data['remotelink'])) === false && (empty($data['width']) || empty($data['height'])))
 psotfx
-acydburn
+                $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
-acydburn
+                return false;
 acydburn
 psotfx
-kellanved
+        if (!empty($image_data) && ($image_data[0] < 2 || $image_data[1] < 2))
 acydburn
-acydburn
+                $error[] = $user->lang['AVATAR_NO_SIZE'];
-acydburn
+                return false;
 acydburn
 acydburn
-acydburn
+        $width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
-acydburn
+        $height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
 acydburn
-acydburn
+        if ($width < 2 || $height < 2)
 acydburn
-acydburn
+                $error[] = $user->lang['AVATAR_NO_SIZE'];
-acydburn
+                return false;
 acydburn
 acydburn
-acydburn
+        // Check image type
-acydburn
+        include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-acydburn
+        $types = fileupload::image_types();
-acydburn
+        $extension = strtolower(filespec::get_extension($data['remotelink']));
 acydburn
-kellanved
+        if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))
 acydburn
-acydburn
+                if (!isset($types[$image_data[2]]))
 acydburn
-acydburn
+                        $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
 acydburn
-acydburn
+                else
 acydburn
-acydburn
+                        $error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
 acydburn
-acydburn
+                return false;
 acydburn
 acydburn
-acydburn
+        if ($config['avatar_max_width'] || $config['avatar_max_height'])
 acydburn
-acydburn
+                if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
 psotfx
-git-gate
+                        $error[] = phpbb_avatar_error_wrong_size($width, $height);
-psotfx
+                        return false;
 psotfx
 acydburn
 acydburn
-acydburn
+        if ($config['avatar_min_width'] || $config['avatar_min_height'])
 acydburn
-acydburn
+                if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height'])
 psotfx
-git-gate
+                        $error[] = phpbb_avatar_error_wrong_size($width, $height);
-psotfx
+                        return false;
 psotfx
 psotfx
 psotfx
-acydburn
+        return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Avatar upload using the upload class
-acydburn
+*/
-psotfx
+function avatar_upload($data, &$error)
 psotfx
-acydburn
+        global $phpbb_root_path, $config, $db, $user, $phpEx;
 psotfx
-acydburn
+        // Init upload class
-acydburn
+        include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-git-gate
+        $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));
 bartvb
-bartvb
+        if (!empty($_FILES['uploadfile']['name']))
 psotfx
-acydburn
+                $file = $upload->form_upload('uploadfile');
 psotfx
-acydburn
+        else
 psotfx
-acydburn
+                $file = $upload->remote_upload($data['uploadurl']);
 psotfx
 acydburn
-kellanved
+        $prefix = $config['avatar_salt'] . '_';
-kellanved
+        $file->clean_filename('avatar', $prefix, $data['user_id']);
 psotfx
-acydburn
+        $destination = $config['avatar_path'];
 acydburn
-acydburn
+        // Adjust destination path (no trailing slash)
-acydburn
+        if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\')
 acydburn
-davidmj
+                $destination = substr($destination, 0, -1);
 acydburn
 acydburn
-acydburn
+        $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
-acydburn
+        if ($destination && ($destination[0] == '/' || $destination[0] == "\\"))
 acydburn
-acydburn
+                $destination = '';
 acydburn
 acydburn
-acydburn
+        // Move file and overwrite any existing image
-acydburn
+        $file->move_file($destination, true);
 acydburn
-acydburn
+        if (sizeof($file->error))
 psotfx
-acydburn
+                $file->remove();
-acydburn
+                $error = array_merge($error, $file->error);
 psotfx
 bartvb
-kellanved
+        return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
 psotfx
 psotfx
-acydburn
+/**
-kellanved
+* Generates avatar filename from the database entry
-kellanved
+*/
-kellanved
+function get_avatar_filename($avatar_entry)
 kellanved
-kellanved
+        global $config;
 kellanved
 acydburn
-kellanved
+        if ($avatar_entry[0] === 'g')
 kellanved
-kellanved
+                $avatar_group = true;
-kellanved
+                $avatar_entry = substr($avatar_entry, 1);
 kellanved
-kellanved
+        else
 kellanved
-kellanved
+                $avatar_group = false;
 kellanved
-kellanved
+        $ext                         = substr(strrchr($avatar_entry, '.'), 1);
-kellanved
+        $avatar_entry        = intval($avatar_entry);
-kellanved
+        return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
 kellanved
 kellanved
-kellanved
+/**
-acydburn
+* Avatar Gallery
-acydburn
+*/
-acydburn
+function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')
 psotfx
-acydburn
+        global $user, $cache, $template;
-acydburn
+        global $config, $phpbb_root_path;
 psotfx
-acydburn
+        $avatar_list = array();
 acydburn
-psotfx
+        $path = $phpbb_root_path . $config['avatar_gallery_path'];
 psotfx
-acydburn
+        if (!file_exists($path) || !is_dir($path))
 acydburn
-naderman
+                $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
 acydburn
-acydburn
+        else
 acydburn
-acydburn
+                // Collect images
-acydburn
+                $dp = @opendir($path);
 acydburn
-acydburn
+                if (!$dp)
 acydburn
-acydburn
+                        return array($user->lang['NO_AVATAR_CATEGORY'] => array());
 acydburn
 acydburn
-davidmj
+                while (($file = readdir($dp)) !== false)
 psotfx
-kellanved
+                        if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))
 psotfx
-acydburn
+                                $avatar_row_count = $avatar_col_count = 0;
 acydburn
-acydburn
+                                if ($dp2 = @opendir("$path/$file"))
 psotfx
-acydburn
+                                        while (($sub_file = readdir($dp2)) !== false)
 acydburn
-acydburn
+                                                if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))
 acydburn
-acydburn
+                                                        $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
-acydburn
+                                                                'file'                => rawurlencode($file) . '/' . rawurlencode($sub_file),
-acydburn
+                                                                'filename'        => rawurlencode($sub_file),
-acydburn
+                                                                'name'                => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
-acydburn
+                                                        );
-acydburn
+                                                        $avatar_col_count++;
-acydburn
+                                                        if ($avatar_col_count == $items_per_column)
 acydburn
-acydburn
+                                                                $avatar_row_count++;
-acydburn
+                                                                $avatar_col_count = 0;
 acydburn
 acydburn
 psotfx
-acydburn
+                                        closedir($dp2);
 psotfx
 psotfx
 psotfx
-acydburn
+                closedir($dp);
 psotfx
 psotfx
-acydburn
+        if (!sizeof($avatar_list))
 acydburn
-naderman
+                $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
 acydburn
 bartvb
-acydburn
+        @ksort($avatar_list);
 acydburn
-acydburn
+        $category = (!$category) ? key($avatar_list) : $category;
-acydburn
+        $avatar_categories = array_keys($avatar_list);
 acydburn
-acydburn
+        $s_category_options = '';
-acydburn
+        foreach ($avatar_categories as $cat)
 acydburn
-acydburn
+                $s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ? ' selected="selected"' : '') . '>' . $cat . '</option>';
 acydburn
 acydburn
-acydburn
+        $template->assign_vars(array(
-kellanved
+                'S_AVATARS_ENABLED'                => true,
-acydburn
+                'S_IN_AVATAR_GALLERY'        => true,
-acydburn
+                'S_CAT_OPTIONS'                        => $s_category_options)
-acydburn
+        );
 acydburn
-kellanved
+        $avatar_list = (isset($avatar_list[$category])) ? $avatar_list[$category] : array();
 acydburn
-acydburn
+        foreach ($avatar_list as $avatar_row_ary)
 acydburn
-acydburn
+                $template->assign_block_vars($block_var, array());
 acydburn
-acydburn
+                foreach ($avatar_row_ary as $avatar_col_ary)
 acydburn
-acydburn
+                        $template->assign_block_vars($block_var . '.avatar_column', array(
-acydburn
+                                'AVATAR_IMAGE'        => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
-acydburn
+                                'AVATAR_NAME'        => $avatar_col_ary['name'],
-acydburn
+                                'AVATAR_FILE'        => $avatar_col_ary['filename'])
-acydburn
+                        );
 acydburn
-acydburn
+                        $template->assign_block_vars($block_var . '.avatar_option_column', array(
-acydburn
+                                'AVATAR_IMAGE'        => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
-acydburn
+                                'S_OPTIONS_AVATAR'        => $avatar_col_ary['filename'])
-acydburn
+                        );
 acydburn
 acydburn
 acydburn
-acydburn
+        return $avatar_list;
 psotfx
 psotfx
 kellanved
-acydburn
+/**
-kellanved
+* Tries to (re-)establish avatar dimensions
-kellanved
+*/
-kellanved
+function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $current_y = 0)
 kellanved
-kellanved
+        global $config, $phpbb_root_path, $user;
 acydburn
-kellanved
+        switch ($avatar_type)
 kellanved
-kellanved
+                case AVATAR_REMOTE :
-kellanved
+                        break;
 kellanved
-kellanved
+                case AVATAR_UPLOAD :
-kellanved
+                        $avatar = $phpbb_root_path . $config['avatar_path'] . '/' . get_avatar_filename($avatar);
-kellanved
+                        break;
 acydburn
-kellanved
+                case AVATAR_GALLERY :
-kellanved
+                        $avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;
-kellanved
+                        break;
 kellanved
 acydburn
-kellanved
+        // Make sure getimagesize works...
-kellanved
+        if (($image_data = @getimagesize($avatar)) === false)
 kellanved
-kellanved
+                $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
-kellanved
+                return false;
 kellanved
 acydburn
-kellanved
+        if ($image_data[0] < 2 || $image_data[1] < 2)
 kellanved
-kellanved
+                $error[] = $user->lang['AVATAR_NO_SIZE'];
-kellanved
+                return false;
 kellanved
 acydburn
-kellanved
+        // try to maintain ratio
-kellanved
+        if (!(empty($current_x) && empty($current_y)))
 kellanved
-kellanved
+                if ($current_x != 0)
 kellanved
-kellanved
+                        $image_data[1] = (int) floor(($current_x / $image_data[0]) * $image_data[1]);
-kellanved
+                        $image_data[1] = min($config['avatar_max_height'], $image_data[1]);
-kellanved
+                        $image_data[1] = max($config['avatar_min_height'], $image_data[1]);
 kellanved
-kellanved
+                if ($current_y != 0)
 kellanved
-kellanved
+                        $image_data[0] = (int) floor(($current_y / $image_data[1]) * $image_data[0]);
-kellanved
+                        $image_data[0] = min($config['avatar_max_width'], $image_data[1]);
-kellanved
+                        $image_data[0] = max($config['avatar_min_width'], $image_data[1]);
 kellanved
 kellanved
-kellanved
+        return array($image_data[0], $image_data[1]);
 kellanved
 kellanved
-kellanved
+/**
-acydburn
+* Uploading/Changing user avatar
-acydburn
+*/
-git-gate
+function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null)
 acydburn
-acydburn
+        global $config, $phpbb_root_path, $auth, $user, $db;
 acydburn
-acydburn
+        $data = array(
-acydburn
+                'uploadurl'                => request_var('uploadurl', ''),
-acydburn
+                'remotelink'        => request_var('remotelink', ''),
-kellanved
+                'width'                        => request_var('width', 0),
-kellanved
+                'height'                => request_var('height', 0),
-acydburn
+        );
 acydburn
-acydburn
+        $error = validate_data($data, array(
-acydburn
+                'uploadurl'                => array('string', true, 5, 255),
-acydburn
+                'remotelink'        => array('string', true, 5, 255),
-acydburn
+                'width'                        => array('string', true, 1, 3),
-acydburn
+                'height'                => array('string', true, 1, 3),
-acydburn
+        ));
 acydburn
-acydburn
+        if (sizeof($error))
 acydburn
-acydburn
+                return false;
 acydburn
 acydburn
-acydburn
+        $sql_ary = array();
 acydburn
-acydburn
+        if ($custom_userdata === false)
 acydburn
-acydburn
+                $userdata = &$user->data;
 acydburn
-acydburn
+        else
 acydburn
-acydburn
+                $userdata = &$custom_userdata;
 acydburn
 acydburn
-acydburn
+        $data['user_id'] = $userdata['user_id'];
-acydburn
+        $change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;
-acydburn
+        $avatar_select = basename(request_var('avatar_select', ''));
 acydburn
-acydburn
+        // Can we upload?
-git-gate
+        if (is_null($can_upload))
 git-gate
-git-gate
+                $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
 git-gate
 acydburn
-acydburn
+        if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
 acydburn
-acydburn
+                list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
 acydburn
-acydburn
+        else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])
 acydburn
-acydburn
+                list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);
 acydburn
-acydburn
+        else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])
 acydburn
-acydburn
+                $category = basename(request_var('category', ''));
 acydburn
-acydburn
+                $sql_ary['user_avatar_type'] = AVATAR_GALLERY;
-acydburn
+                $sql_ary['user_avatar'] = $avatar_select;
 acydburn
-acydburn
+                // check avatar gallery
-acydburn
+                if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
 acydburn
-acydburn
+                        $sql_ary['user_avatar'] = '';
-acydburn
+                        $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
 acydburn
-acydburn
+                else
 acydburn
-git-gate
+                        list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . urldecode($sql_ary['user_avatar']));
-acydburn
+                        $sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
 acydburn
 acydburn
-acydburn
+        else if (isset($_POST['delete']) && $change_avatar)
 acydburn
-acydburn
+                $sql_ary['user_avatar'] = '';
-acydburn
+                $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
 acydburn
-kellanved
+        else if (!empty($userdata['user_avatar']))
 acydburn
-kellanved
+                // Only update the dimensions
 acydburn
-kellanved
+                if (empty($data['width']) || empty($data['height']))
 kellanved
-kellanved
+                        if ($dims = avatar_get_dimensions($userdata['user_avatar'], $userdata['user_avatar_type'], $error, $data['width'], $data['height']))
 kellanved
-kellanved
+                                list($guessed_x, $guessed_y) = $dims;
-kellanved
+                                if (empty($data['width']))
 kellanved
-kellanved
+                                        $data['width'] = $guessed_x;
 kellanved
-kellanved
+                                if (empty($data['height']))
 kellanved
-kellanved
+                                        $data['height'] = $guessed_y;
 kellanved
 kellanved
 kellanved
-acydburn
+                if (($config['avatar_max_width'] || $config['avatar_max_height']) &&
-kellanved
+                        (($data['width'] != $userdata['user_avatar_width']) || $data['height'] != $userdata['user_avatar_height']))
 acydburn
-acydburn
+                        if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
 acydburn
-git-gate
+                                $error[] = phpbb_avatar_error_wrong_size($data['width'], $data['height']);
 acydburn
 acydburn
 acydburn
-acydburn
+                if (!sizeof($error))
 acydburn
-acydburn
+                        if ($config['avatar_min_width'] || $config['avatar_min_height'])
 acydburn
-acydburn
+                                if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height'])
 acydburn
-git-gate
+                                        $error[] = phpbb_avatar_error_wrong_size($data['width'], $data['height']);
 acydburn
 acydburn
 acydburn
 acydburn
-acydburn
+                if (!sizeof($error))
 acydburn
-acydburn
+                        $sql_ary['user_avatar_width'] = $data['width'];
-acydburn
+                        $sql_ary['user_avatar_height'] = $data['height'];
 acydburn
 acydburn
 acydburn
-acydburn
+        if (!sizeof($error))
 acydburn
-acydburn
+                // Do we actually have any data to update?
-acydburn
+                if (sizeof($sql_ary))
 acydburn
-Kellanved
+                        $ext_new = $ext_old = '';
-acydburn
+                        if (isset($sql_ary['user_avatar']))
 acydburn
-acydburn
+                                $userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
-Kellanved
+                                $ext_new = (empty($sql_ary['user_avatar'])) ? '' : substr(strrchr($sql_ary['user_avatar'], '.'), 1);
-Kellanved
+                                $ext_old = (empty($userdata['user_avatar'])) ? '' : substr(strrchr($userdata['user_avatar'], '.'), 1);
 acydburn
-Kellanved
+                                if ($userdata['user_avatar_type'] == AVATAR_UPLOAD)
 acydburn
-Kellanved
+                                        // Delete old avatar if present
-Kellanved
+                                        if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']))
-Kellanved
+                                           || ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $ext_new !== $ext_old))
 Kellanved
-Kellanved
+                                                avatar_delete('user', $userdata);
 Kellanved
 acydburn
 acydburn
 acydburn
-Kellanved
+                        $sql = 'UPDATE ' . USERS_TABLE . '
-Kellanved
+                                SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
-Kellanved
+                                WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
-Kellanved
+                        $db->sql_query($sql);
 Kellanved
 acydburn
 acydburn
 acydburn
-acydburn
+        return (sizeof($error)) ? false : true;
 acydburn
 acydburn
-git-gate
+/**
-git-gate
+* Returns a language string with the avatar size of the new avatar and the allowed maximum and minimum
 git-gate
-git-gate
+* @param $width                int                The width of the new uploaded/selected avatar
-git-gate
+* @param $height        int                The height of the new uploaded/selected avatar
-git-gate
+* @return string
-git-gate
+*/
-git-gate
+function phpbb_avatar_error_wrong_size($width, $height)
 git-gate
-git-gate
+        global $config, $user;
 git-gate
-git-gate
+        return $user->lang('AVATAR_WRONG_SIZE',
-git-gate
+                $user->lang('PIXELS', (int) $config['avatar_min_width']),
-git-gate
+                $user->lang('PIXELS', (int) $config['avatar_min_height']),
-git-gate
+                $user->lang('PIXELS', (int) $config['avatar_max_width']),
-git-gate
+                $user->lang('PIXELS', (int) $config['avatar_max_height']),
-git-gate
+                $user->lang('PIXELS', (int) $width),
-git-gate
+                $user->lang('PIXELS', (int) $height));
 git-gate
 git-gate
-git-gate
+/**
-git-gate
+* Returns an explanation string with maximum avatar settings
 git-gate
-git-gate
+* @return string
-git-gate
+*/
-git-gate
+function phpbb_avatar_explanation_string()
 git-gate
-git-gate
+        global $config, $user;
 git-gate
-git-gate
+        return $user->lang('AVATAR_EXPLAIN',
-git-gate
+                $user->lang('PIXELS', (int) $config['avatar_max_width']),
-git-gate
+                $user->lang('PIXELS', (int) $config['avatar_max_height']),
-git-gate
+                round($config['avatar_filesize'] / 1024));
 git-gate
 git-gate
-psotfx
+//
-psotfx
+// Usergroup functions
-psotfx
+//
 bartvb
-acydburn
+/**
-acydburn
+* Add or edit a group. If we're editing a group we only update user
-acydburn
+* parameters such as rank, etc. if they are changed
-acydburn
+*/
-acydburn
+function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
 psotfx
-psotfx
+        global $phpbb_root_path, $config, $db, $user, $file_upload;
 psotfx
-psotfx
+        $error = array();
 psotfx
-acydburn
+        // Attributes which also affect the users table
-acydburn
+        $user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height');
 acydburn
-acydburn
+        // Check data. Limit group name length.
-acydburn
+        if (!utf8_strlen($name) || utf8_strlen($name) > 60)
 psotfx
-acydburn
+                $error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];
 psotfx
 acydburn
-kellanved
+        $err = group_validate_groupname($group_id, $name);
-kellanved
+        if (!empty($err))
 kellanved
-kellanved
+                $error[] = $user->lang[$err];
 kellanved
 acydburn
-psotfx
+        if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))
 psotfx
-psotfx
+                $error[] = $user->lang['GROUP_ERR_TYPE'];
 psotfx
 psotfx
-psotfx
+        if (!sizeof($error))
 psotfx
-git-gate
+                $current_legend = phpbb_group_positions::GROUP_DISABLED;
-git-gate
+                $current_teampage = phpbb_group_positions::GROUP_DISABLED;
 git-gate
-git-gate
+                $legend = new phpbb_group_positions($db, 'legend');
-git-gate
+                $teampage = new phpbb_group_positions($db, 'teampage');
-git-gate
+                if ($group_id)
 git-gate
-git-gate
+                        $current_legend = $legend->get_group_value($group_id);
-git-gate
+                        $current_teampage = $teampage->get_group_value($group_id);
 git-gate
 git-gate
-git-gate
+                if (!empty($group_attributes['group_legend']))
 git-gate
-git-gate
+                        if (($group_id && ($current_legend == phpbb_group_positions::GROUP_DISABLED)) || !$group_id)
 git-gate
-git-gate
+                                // Old group currently not in the legend or new group, add at the end.
-git-gate
+                                $group_attributes['group_legend'] = 1 + $legend->get_group_count();
 git-gate
-git-gate
+                        else
 git-gate
-git-gate
+                                // Group stayes in the legend
-git-gate
+                                $group_attributes['group_legend'] = $current_legend;
 git-gate
 git-gate
-git-gate
+                else if ($group_id && ($current_legend > phpbb_group_positions::GROUP_DISABLED))
 git-gate
-git-gate
+                        // Group is removed from the legend
-git-gate
+                        $legend->delete_group($group_id, true);
-git-gate
+                        $group_attributes['group_legend'] = phpbb_group_positions::GROUP_DISABLED;
 git-gate
-git-gate
+                else
 git-gate
-git-gate
+                        $group_attributes['group_legend'] = phpbb_group_positions::GROUP_DISABLED;
 git-gate
 git-gate
-git-gate
+                if (!empty($group_attributes['group_teampage']))
 git-gate
-git-gate
+                        if (($group_id && ($current_teampage == phpbb_group_positions::GROUP_DISABLED)) || !$group_id)
 git-gate
-git-gate
+                                // Old group currently not on the teampage or new group, add at the end.
-git-gate
+                                $group_attributes['group_teampage'] = 1 + $teampage->get_group_count();
 git-gate
-git-gate
+                        else
 git-gate
-git-gate
+                                // Group stayes on the teampage
-git-gate
+                                $group_attributes['group_teampage'] = $current_teampage;
 git-gate
 git-gate
-git-gate
+                else if ($group_id && ($current_teampage > phpbb_group_positions::GROUP_DISABLED))
 git-gate
-git-gate
+                        // Group is removed from the teampage
-git-gate
+                        $teampage->delete_group($group_id, true);
-git-gate
+                        $group_attributes['group_teampage'] = phpbb_group_positions::GROUP_DISABLED;
 git-gate
-git-gate
+                else
 git-gate
-git-gate
+                        $group_attributes['group_teampage'] = phpbb_group_positions::GROUP_DISABLED;
 git-gate
 git-gate
-git-gate
+                // Unset the objects, we don't need them anymore.
-git-gate
+                unset($legend);
-git-gate
+                unset($teampage);
 git-gate
-kellanved
+                $user_ary = array();
-psotfx
+                $sql_ary = array(
-psotfx
+                        'group_name'                        => (string) $name,
-acydburn
+                        'group_desc'                        => (string) $desc,
-acydburn
+                        'group_desc_uid'                => '',
-davidmj
+                        'group_desc_bitfield'        => '',
-psotfx
+                        'group_type'                        => (int) $type,
-psotfx
+                );
 psotfx
-acydburn
+                // Parse description
-acydburn
+                if ($desc)
 acydburn
-davidmj
+                        generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
 acydburn
 acydburn
-acydburn
+                if (sizeof($group_attributes))
 psotfx
-acydburn
+                        // Merge them with $sql_ary to properly update the group
-acydburn
+                        $sql_ary = array_merge($sql_ary, $group_attributes);
 psotfx
 psotfx
-acydburn
+                // Setting the log message before we set the group id (if group gets added)
-acydburn
+                $log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
 acydburn
-davidmj
+                $query = '';
 davidmj
-acydburn
+                if ($group_id)
 acydburn
-kellanved
+                        $sql = 'SELECT user_id
-kellanved
+                                FROM ' . USERS_TABLE . '
-kellanved
+                                WHERE group_id = ' . $group_id;
-kellanved
+                        $result = $db->sql_query($sql);
 kellanved
-kellanved
+                        while ($row = $db->sql_fetchrow($result))
 kellanved
-kellanved
+                                $user_ary[] = $row['user_id'];
 kellanved
-kellanved
+                        $db->sql_freeresult($result);
 kellanved
-kellanved
+                        if (isset($sql_ary['group_avatar']) && !$sql_ary['group_avatar'])
 kellanved
-kellanved
+                                remove_default_avatar($group_id, $user_ary);
 kellanved
 acydburn
-kellanved
+                        if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
 kellanved
-kellanved
+                                remove_default_rank($group_id, $user_ary);
 kellanved
 kellanved
-acydburn
+                        $sql = 'UPDATE ' . GROUPS_TABLE . '
-davidmj
+                                SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
-acydburn
+                                WHERE group_id = $group_id";
-acydburn
+                        $db->sql_query($sql);
 acydburn
-acydburn
+                        // Since we may update the name too, we need to do this on other tables too...
-acydburn
+                        $sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . "
-acydburn
+                                SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
-acydburn
+                                WHERE group_id = $group_id";
-acydburn
+                        $db->sql_query($sql);
 acydburn
-acydburn
+                        // One special case is the group skip auth setting. If this was changed we need to purge permissions for this group
-acydburn
+                        if (isset($group_attributes['group_skip_auth']))
 acydburn
-acydburn
+                                // Get users within this group...
-acydburn
+                                $sql = 'SELECT user_id
-acydburn
+                                        FROM ' . USER_GROUP_TABLE . '
-acydburn
+                                        WHERE group_id = ' . $group_id . '
-acydburn
+                                                AND user_pending = 0';
-acydburn
+                                $result = $db->sql_query($sql);
 acydburn
-acydburn
+                                $user_id_ary = array();
-acydburn
+                                while ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                                        $user_id_ary[] = $row['user_id'];
 acydburn
-acydburn
+                                $db->sql_freeresult($result);
 acydburn
-acydburn
+                                if (!empty($user_id_ary))
 acydburn
-acydburn
+                                        global $auth;
 acydburn
-acydburn
+                                        // Clear permissions cache of relevant users
-acydburn
+                                        $auth->acl_clear_prefetch($user_id_ary);
 acydburn
 acydburn
 acydburn
-acydburn
+                else
 acydburn
-davidmj
+                        $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
-acydburn
+                        $db->sql_query($sql);
 acydburn
 psotfx
-acydburn
+                if (!$group_id)
 acydburn
-acydburn
+                        $group_id = $db->sql_nextid();
 acydburn
-kellanved
+                        if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
 kellanved
-kellanved
+                                group_correct_avatar($group_id, $sql_ary['group_avatar']);
 kellanved
 acydburn
 acydburn
-acydburn
+                // Set user attributes
-psotfx
+                $sql_ary = array();
-acydburn
+                if (sizeof($group_attributes))
 psotfx
-acydburn
+                        // Go through the user attributes array, check if a group attribute matches it and then set it. ;)
-acydburn
+                        foreach ($user_attribute_ary as $attribute)
 psotfx
-acydburn
+                                if (!isset($group_attributes[$attribute]))
 acydburn
-acydburn
+                                        continue;
 acydburn
 acydburn
-acydburn
+                                // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
-acydburn
+                                if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
 acydburn
-acydburn
+                                        continue;
 acydburn
 acydburn
-acydburn
+                                $sql_ary[$attribute] = $group_attributes[$attribute];
 psotfx
 psotfx
 psotfx
-kellanved
+                if (sizeof($sql_ary) && sizeof($user_ary))
 psotfx
-kellanved
+                        group_set_user_default($group_id, $user_ary, $sql_ary);
 psotfx
 psotfx
-acydburn
+                $name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;
-psotfx
+                add_log('admin', $log, $name);
 acydburn
-acydburn
+                group_update_listings($group_id);
 psotfx
 psotfx
-psotfx
+        return (sizeof($error)) ? $error : false;
 psotfx
 psotfx
 kellanved
-acydburn
+/**
-kellanved
+* Changes a group avatar's filename to conform to the naming scheme
-kellanved
+*/
-kellanved
+function group_correct_avatar($group_id, $old_entry)
 kellanved
-kellanved
+        global $config, $db, $phpbb_root_path;
 kellanved
-kellanved
+        $group_id                = (int)$group_id;
-kellanved
+        $ext                         = substr(strrchr($old_entry, '.'), 1);
-kellanved
+        $old_filename         = get_avatar_filename($old_entry);
-kellanved
+        $new_filename         = $config['avatar_salt'] . "_g$group_id.$ext";
-kellanved
+        $new_entry                 = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
 acydburn
-kellanved
+        $avatar_path = $phpbb_root_path . $config['avatar_path'];
-kellanved
+        if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
 kellanved
-kellanved
+                $sql = 'UPDATE ' . GROUPS_TABLE . '
-kellanved
+                        SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
-kellanved
+                        WHERE group_id = $group_id";
-kellanved
+                $db->sql_query($sql);
 kellanved
 kellanved
 kellanved
 kellanved
-kellanved
+/**
-kellanved
+* Remove avatar also for users not having the group as default
-kellanved
+*/
-kellanved
+function avatar_remove_db($avatar_name)
 kellanved
-kellanved
+        global $config, $db;
 acydburn
-kellanved
+        $sql = 'UPDATE ' . USERS_TABLE . "
-kellanved
+                SET user_avatar = '',
-acydburn
+                user_avatar_type = 0
-kellanved
+                WHERE user_avatar = '" . $db->sql_escape($avatar_name) . '\'';
-kellanved
+        $db->sql_query($sql);
 kellanved
 kellanved
 kellanved
-kellanved
+/**
-acydburn
+* Group Delete
-acydburn
+*/
-psotfx
+function group_delete($group_id, $group_name = false)
 psotfx
-acydburn
+        global $db, $phpbb_root_path, $phpEx;
 psotfx
-psotfx
+        if (!$group_name)
 psotfx
-acydburn
+                $group_name = get_group_name($group_id);
 psotfx
 psotfx
-psotfx
+        $start = 0;
 psotfx
-psotfx
+        do
 psotfx
-psotfx
+                $user_id_ary = $username_ary = array();
 psotfx
-psotfx
+                // Batch query for group members, call group_user_del
-psotfx
+                $sql = 'SELECT u.user_id, u.username
-psotfx
+                        FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u
-psotfx
+                        WHERE ug.group_id = $group_id
-acydburn
+                                AND u.user_id = ug.user_id";
-acydburn
+                $result = $db->sql_query_limit($sql, 200, $start);
 psotfx
-psotfx
+                if ($row = $db->sql_fetchrow($result))
 psotfx
-psotfx
+                        do
 psotfx
-psotfx
+                                $user_id_ary[] = $row['user_id'];
-psotfx
+                                $username_ary[] = $row['username'];
 psotfx
-psotfx
+                                $start++;
 psotfx
-psotfx
+                        while ($row = $db->sql_fetchrow($result));
 psotfx
-psotfx
+                        group_user_del($group_id, $user_id_ary, $username_ary, $group_name);
 psotfx
-psotfx
+                else
 psotfx
-psotfx
+                        $start = 0;
 psotfx
-psotfx
+                $db->sql_freeresult($result);
 psotfx
-psotfx
+        while ($start);
 bartvb
-git-gate
+        // Delete group from legend and teampage
-git-gate
+        $legend = new phpbb_group_positions($db, 'legend');
-git-gate
+        $legend->delete_group($group_id);
-git-gate
+        unset($legend);
-git-gate
+        $teampage = new phpbb_group_positions($db, 'teampage');
-git-gate
+        $teampage->delete_group($group_id);
-git-gate
+        unset($teampage);
 git-gate
-psotfx
+        // Delete group
-bartvb
+        $sql = 'DELETE FROM ' . GROUPS_TABLE . "
-psotfx
+                WHERE group_id = $group_id";
-psotfx
+        $db->sql_query($sql);
 psotfx
-acydburn
+        // Delete auth entries from the groups table
-acydburn
+        $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "
-acydburn
+                WHERE group_id = $group_id";
-acydburn
+        $db->sql_query($sql);
 acydburn
-acydburn
+        // Re-cache moderators
-acydburn
+        if (!function_exists('cache_moderators'))
 acydburn
-acydburn
+                include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 acydburn
 acydburn
-acydburn
+        cache_moderators();
 acydburn
-psotfx
+        add_log('admin', 'LOG_GROUP_DELETE', $group_name);
 psotfx
-davidmj
+        // Return false - no error
-davidmj
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Add user(s) to group
 acydburn
-acydburn
+* @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
-acydburn
+*/
-acydburn
+function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
 psotfx
-psotfx
+        global $db, $auth;
 psotfx
-psotfx
+        // We need both username and user_id info
-acydburn
+        $result = user_get_id_name($user_id_ary, $username_ary);
 psotfx
-acydburn
+        if (!sizeof($user_id_ary) || $result !== false)
 acydburn
-acydburn
+                return 'NO_USER';
 acydburn
 acydburn
-psotfx
+        // Remove users who are already members of this group
-bartvb
+        $sql = 'SELECT user_id, group_leader
-bartvb
+                FROM ' . USER_GROUP_TABLE . '
-acydburn
+                WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
-psotfx
+                        AND group_id = $group_id";
-psotfx
+        $result = $db->sql_query($sql);
 psotfx
-psotfx
+        $add_id_ary = $update_id_ary = array();
-acydburn
+        while ($row = $db->sql_fetchrow($result))
 psotfx
-acydburn
+                $add_id_ary[] = (int) $row['user_id'];
 acydburn
-acydburn
+                if ($leader && !$row['group_leader'])
 psotfx
-acydburn
+                        $update_id_ary[] = (int) $row['user_id'];
 psotfx
 psotfx
-psotfx
+        $db->sql_freeresult($result);
 psotfx
-psotfx
+        // Do all the users exist in this group?
-psotfx
+        $add_id_ary = array_diff($user_id_ary, $add_id_ary);
 psotfx
-bartvb
+        // If we have no users
-psotfx
+        if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
 psotfx
-psotfx
+                return 'GROUP_USERS_EXIST';
 psotfx
 psotfx
-acydburn
+        $db->sql_transaction('begin');
 acydburn
-acydburn
+        // Insert the new users
-psotfx
+        if (sizeof($add_id_ary))
 psotfx
-acydburn
+                $sql_ary = array();
 psotfx
-acydburn
+                foreach ($add_id_ary as $user_id)
 acydburn
-acydburn
+                        $sql_ary[] = array(
-acydburn
+                                'user_id'                => (int) $user_id,
-acydburn
+                                'group_id'                => (int) $group_id,
-acydburn
+                                'group_leader'        => (int) $leader,
-acydburn
+                                'user_pending'        => (int) $pending,
-acydburn
+                        );
 psotfx
 acydburn
-acydburn
+                $db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);
 psotfx
 psotfx
-psotfx
+        if (sizeof($update_id_ary))
 psotfx
-bartvb
+                $sql = 'UPDATE ' . USER_GROUP_TABLE . '
-bartvb
+                        SET group_leader = 1
-acydburn
+                        WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
-psotfx
+                                AND group_id = $group_id";
-psotfx
+                $db->sql_query($sql);
 psotfx
 psotfx
-psotfx
+        if ($default)
 psotfx
-rxu
+                group_user_attributes('default', $group_id, $user_id_ary, false, $group_name, $group_attributes);
 psotfx
 psotfx
-acydburn
+        $db->sql_transaction('commit');
 acydburn
-psotfx
+        // Clear permissions cache of relevant users
-psotfx
+        $auth->acl_clear_prefetch($user_id_ary);
 psotfx
-psotfx
+        if (!$group_name)
 psotfx
-acydburn
+                $group_name = get_group_name($group_id);
 psotfx
 psotfx
-nickvergessen
+        $log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED');
 psotfx
-psotfx
+        add_log('admin', $log, $group_name, implode(', ', $username_ary));
 psotfx
-acydburn
+        group_update_listings($group_id);
 acydburn
-acydburn
+        // Return false - no error
-acydburn
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Remove a user/s from a given group. When we remove users we update their
-acydburn
+* default group_id. We do this by examining which "special" groups they belong
-acydburn
+* to. The selection is made based on a reasonable priority system
 acydburn
-acydburn
+* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
-acydburn
+*/
-psotfx
+function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
 psotfx
-acydburn
+        global $db, $auth, $config;
 psotfx
-acydburn
+        if ($config['coppa_enable'])
 acydburn
-acydburn
+                $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
 acydburn
-acydburn
+        else
 acydburn
-acydburn
+                $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED', 'BOTS', 'GUESTS');
 acydburn
 psotfx
-psotfx
+        // We need both username and user_id info
-acydburn
+        $result = user_get_id_name($user_id_ary, $username_ary);
 psotfx
-acydburn
+        if (!sizeof($user_id_ary) || $result !== false)
 acydburn
-acydburn
+                return 'NO_USER';
 acydburn
 acydburn
-bartvb
+        $sql = 'SELECT *
-bartvb
+                FROM ' . GROUPS_TABLE . '
-acydburn
+                WHERE ' . $db->sql_in_set('group_name', $group_order);
-psotfx
+        $result = $db->sql_query($sql);
 psotfx
-psotfx
+        $group_order_id = $special_group_data = array();
-psotfx
+        while ($row = $db->sql_fetchrow($result))
 psotfx
-psotfx
+                $group_order_id[$row['group_name']] = $row['group_id'];
 psotfx
-acydburn
+                $special_group_data[$row['group_id']] = array(
-grahamje
+                        'group_colour'                        => $row['group_colour'],
-grahamje
+                        'group_rank'                                => $row['group_rank'],
-acydburn
+                );
 acydburn
-acydburn
+                // Only set the group avatar if one is defined...
-acydburn
+                if ($row['group_avatar'])
 acydburn
-acydburn
+                        $special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
-grahamje
+                                'group_avatar'                        => $row['group_avatar'],
-grahamje
+                                'group_avatar_type'                => $row['group_avatar_type'],
-grahamje
+                                'group_avatar_width'                => $row['group_avatar_width'],
-grahamje
+                                'group_avatar_height'        => $row['group_avatar_height'])
-acydburn
+                        );
 acydburn
 psotfx
-psotfx
+        $db->sql_freeresult($result);
 psotfx
-acydburn
+        // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
-acydburn
+        $sql = 'SELECT user_id, group_id
-acydburn
+                FROM ' . USERS_TABLE . '
-acydburn
+                WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
-acydburn
+        $result = $db->sql_query($sql);
 bartvb
-acydburn
+        $default_groups = array();
-acydburn
+        while ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                $default_groups[$row['user_id']] = $row['group_id'];
 acydburn
-acydburn
+        $db->sql_freeresult($result);
 bartvb
-psotfx
+        // What special group memberships exist for these users?
-acydburn
+        $sql = 'SELECT g.group_id, g.group_name, ug.user_id
-bartvb
+                FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
-acydburn
+                WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
-psotfx
+                        AND g.group_id = ug.group_id
-bartvb
+                        AND g.group_id <> $group_id
-psotfx
+                        AND g.group_type = " . GROUP_SPECIAL . '
-psotfx
+                ORDER BY ug.user_id, g.group_id';
-psotfx
+        $result = $db->sql_query($sql);
 psotfx
-psotfx
+        $temp_ary = array();
-psotfx
+        while ($row = $db->sql_fetchrow($result))
 psotfx
-acydburn
+                if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || $group_order_id[$row['group_name']] < $temp_ary[$row['user_id']]))
 psotfx
-psotfx
+                        $temp_ary[$row['user_id']] = $row['group_id'];
 psotfx
 psotfx
-psotfx
+        $db->sql_freeresult($result);
 psotfx
-acydburn
+        // sql_where_ary holds the new default groups and their users
-psotfx
+        $sql_where_ary = array();
-psotfx
+        foreach ($temp_ary as $uid => $gid)
 psotfx
-psotfx
+                $sql_where_ary[$gid][] = $uid;
 psotfx
-psotfx
+        unset($temp_ary);
 psotfx
-psotfx
+        foreach ($special_group_data as $gid => $default_data_ary)
 psotfx
-acydburn
+                if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
 psotfx
-acydburn
+                        remove_default_rank($group_id, $sql_where_ary[$gid]);
-kellanved
+                        remove_default_avatar($group_id, $sql_where_ary[$gid]);
-kellanved
+                        group_set_user_default($gid, $sql_where_ary[$gid], $default_data_ary);
 psotfx
 psotfx
-psotfx
+        unset($special_group_data);
 psotfx
-bartvb
+        $sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
-psotfx
+                WHERE group_id = $group_id
-acydburn
+                        AND " . $db->sql_in_set('user_id', $user_id_ary);
-psotfx
+        $db->sql_query($sql);
 psotfx
-psotfx
+        // Clear permissions cache of relevant users
-psotfx
+        $auth->acl_clear_prefetch($user_id_ary);
 psotfx
-psotfx
+        if (!$group_name)
 psotfx
-acydburn
+                $group_name = get_group_name($group_id);
 psotfx
 psotfx
-psotfx
+        $log = 'LOG_GROUP_REMOVE';
 psotfx
-acydburn
+        if ($group_name)
 acydburn
-acydburn
+                add_log('admin', $log, $group_name, implode(', ', $username_ary));
 acydburn
 psotfx
-acydburn
+        group_update_listings($group_id);
 acydburn
-acydburn
+        // Return false - no error
-acydburn
+        return false;
 psotfx
 psotfx
 kellanved
-acydburn
+/**
-kellanved
+* Removes the group avatar of the default group from the users in user_ids who have that group as default.
-kellanved
+*/
-kellanved
+function remove_default_avatar($group_id, $user_ids)
 kellanved
-kellanved
+        global $db;
 kellanved
-kellanved
+        if (!is_array($user_ids))
 kellanved
-kellanved
+                $user_ids = array($user_ids);
 kellanved
-kellanved
+        if (empty($user_ids))
 kellanved
-kellanved
+                return false;
 kellanved
 kellanved
-kellanved
+        $user_ids = array_map('intval', $user_ids);
 kellanved
-kellanved
+        $sql = 'SELECT *
-kellanved
+                FROM ' . GROUPS_TABLE . '
-kellanved
+                WHERE group_id = ' . (int)$group_id;
-kellanved
+        $result = $db->sql_query($sql);
-kellanved
+        if (!$row = $db->sql_fetchrow($result))
 kellanved
-kellanved
+                $db->sql_freeresult($result);
-kellanved
+                return false;
 kellanved
-kellanved
+        $db->sql_freeresult($result);
 acydburn
-acydburn
+        $sql = 'UPDATE ' . USERS_TABLE . "
-acydburn
+                SET user_avatar = '',
-acydburn
+                        user_avatar_type = 0,
-acydburn
+                        user_avatar_width = 0,
-acydburn
+                        user_avatar_height = 0
-acydburn
+                WHERE group_id = " . (int) $group_id . "
-acydburn
+                AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "'
-acydburn
+                AND " . $db->sql_in_set('user_id', $user_ids);
 acydburn
-kellanved
+        $db->sql_query($sql);
 kellanved
 kellanved
-kellanved
+/**
-kellanved
+* Removes the group rank of the default group from the users in user_ids who have that group as default.
-kellanved
+*/
-kellanved
+function remove_default_rank($group_id, $user_ids)
 kellanved
-kellanved
+        global $db;
 kellanved
-kellanved
+        if (!is_array($user_ids))
 kellanved
-kellanved
+                $user_ids = array($user_ids);
 kellanved
-kellanved
+        if (empty($user_ids))
 kellanved
-kellanved
+                return false;
 kellanved
 kellanved
-kellanved
+        $user_ids = array_map('intval', $user_ids);
 kellanved
-kellanved
+        $sql = 'SELECT *
-kellanved
+                FROM ' . GROUPS_TABLE . '
-kellanved
+                WHERE group_id = ' . (int)$group_id;
-kellanved
+        $result = $db->sql_query($sql);
-kellanved
+        if (!$row = $db->sql_fetchrow($result))
 kellanved
-kellanved
+                $db->sql_freeresult($result);
-kellanved
+                return false;
 kellanved
-kellanved
+        $db->sql_freeresult($result);
 kellanved
-kellanved
+        $sql = 'UPDATE ' . USERS_TABLE . '
-kellanved
+                SET user_rank = 0
-acydburn
+                WHERE group_id = ' . (int)$group_id . '
-acydburn
+                AND user_rank <> 0
-acydburn
+                AND user_rank = ' . (int)$row['group_rank'] . '
-kellanved
+                AND ' . $db->sql_in_set('user_id', $user_ids);
-kellanved
+        $db->sql_query($sql);
 kellanved
 kellanved
-kellanved
+/**
-acydburn
+* This is used to promote (to leader), demote or set as default a member/s
-acydburn
+*/
-acydburn
+function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
 psotfx
-acydburn
+        global $db, $auth, $phpbb_root_path, $phpEx, $config;
 psotfx
-psotfx
+        // We need both username and user_id info
-acydburn
+        $result = user_get_id_name($user_id_ary, $username_ary);
 psotfx
-acydburn
+        if (!sizeof($user_id_ary) || $result !== false)
 acydburn
-Kellanved
+                return 'NO_USERS';
 acydburn
 acydburn
-acydburn
+        if (!$group_name)
 acydburn
-acydburn
+                $group_name = get_group_name($group_id);
 acydburn
 acydburn
-psotfx
+        switch ($action)
 psotfx
-psotfx
+                case 'demote':
-psotfx
+                case 'promote':
 acydburn
-Kellanved
+                        $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
-Kellanved
+                                WHERE group_id = $group_id
-Kellanved
+                                        AND user_pending = 1
-Kellanved
+                                        AND " . $db->sql_in_set('user_id', $user_id_ary);
-Kellanved
+                        $result = $db->sql_query_limit($sql, 1);
-Kellanved
+                        $not_empty = ($db->sql_fetchrow($result));
-Kellanved
+                        $db->sql_freeresult($result);
-Kellanved
+                        if ($not_empty)
 Kellanved
-Kellanved
+                                return 'NO_VALID_USERS';
 Kellanved
 acydburn
-psotfx
+                        $sql = 'UPDATE ' . USER_GROUP_TABLE . '
-bartvb
+                                SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
-psotfx
+                                WHERE group_id = $group_id
-Kellanved
+                                        AND user_pending = 0
-acydburn
+                                        AND " . $db->sql_in_set('user_id', $user_id_ary);
-psotfx
+                        $db->sql_query($sql);
 psotfx
-psotfx
+                        $log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
-acydburn
+                break;
 psotfx
-psotfx
+                case 'approve':
-acydburn
+                        // Make sure we only approve those which are pending ;)
-acydburn
+                        $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
-acydburn
+                                FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
-acydburn
+                                WHERE ug.group_id = ' . $group_id . '
-acydburn
+                                        AND ug.user_pending = 1
-acydburn
+                                        AND ug.user_id = u.user_id
-acydburn
+                                        AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
-acydburn
+                        $result = $db->sql_query($sql);
 acydburn
-acydburn
+                        $user_id_ary = $email_users = array();
-acydburn
+                        while ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                                $user_id_ary[] = $row['user_id'];
-acydburn
+                                $email_users[] = $row;
 acydburn
-acydburn
+                        $db->sql_freeresult($result);
 acydburn
-acydburn
+                        if (!sizeof($user_id_ary))
 acydburn
-acydburn
+                                return false;
 acydburn
 acydburn
-bartvb
+                        $sql = 'UPDATE ' . USER_GROUP_TABLE . "
-bartvb
+                                SET user_pending = 0
-bartvb
+                                WHERE group_id = $group_id
-acydburn
+                                        AND " . $db->sql_in_set('user_id', $user_id_ary);
-psotfx
+                        $db->sql_query($sql);
 psotfx
-acydburn
+                        // Send approved email to users...
-acydburn
+                        include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
-acydburn
+                        $messenger = new messenger();
 acydburn
-acydburn
+                        foreach ($email_users as $row)
 acydburn
-acydburn
+                                $messenger->template('group_approved', $row['user_lang']);
 acydburn
-acydburn
+                                $messenger->to($row['user_email'], $row['username']);
-acydburn
+                                $messenger->im($row['user_jabber'], $row['username']);
 acydburn
-acydburn
+                                $messenger->assign_vars(array(
-acydburn
+                                        'USERNAME'                => htmlspecialchars_decode($row['username']),
-acydburn
+                                        'GROUP_NAME'        => htmlspecialchars_decode($group_name),
-acydburn
+                                        'U_GROUP'                => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
-acydburn
+                                );
 acydburn
-acydburn
+                                $messenger->send($row['user_notify_type']);
 acydburn
 acydburn
-acydburn
+                        $messenger->save_queue();
 acydburn
-acydburn
+                        $log = 'LOG_USERS_APPROVED';
-acydburn
+                break;
 psotfx
-psotfx
+                case 'default':
-nickvergessen
+                        // We only set default group for approved members of the group
-nickvergessen
+                        $sql = 'SELECT user_id
-nickvergessen
+                                FROM ' . USER_GROUP_TABLE . "
-nickvergessen
+                                WHERE group_id = $group_id
-nickvergessen
+                                        AND user_pending = 0
-nickvergessen
+                                        AND " . $db->sql_in_set('user_id', $user_id_ary);
-nickvergessen
+                        $result = $db->sql_query($sql);
 nickvergessen
-nickvergessen
+                        $user_id_ary = $username_ary = array();
-nickvergessen
+                        while ($row = $db->sql_fetchrow($result))
 nickvergessen
-nickvergessen
+                                $user_id_ary[] = $row['user_id'];
 nickvergessen
-nickvergessen
+                        $db->sql_freeresult($result);
 nickvergessen
-nickvergessen
+                        $result = user_get_id_name($user_id_ary, $username_ary);
-nickvergessen
+                        if (!sizeof($user_id_ary) || $result !== false)
 nickvergessen
-nickvergessen
+                                return 'NO_USERS';
 nickvergessen
 nickvergessen
-acydburn
+                        $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
-kellanved
+                                WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
-kellanved
+                        $result = $db->sql_query($sql);
 kellanved
-kellanved
+                        $groups = array();
-kellanved
+                        while ($row = $db->sql_fetchrow($result))
 kellanved
-kellanved
+                                if (!isset($groups[$row['group_id']]))
 kellanved
-kellanved
+                                        $groups[$row['group_id']] = array();
 kellanved
-kellanved
+                                $groups[$row['group_id']][] = $row['user_id'];
 kellanved
-kellanved
+                        $db->sql_freeresult($result);
 kellanved
-kellanved
+                        foreach ($groups as $gid => $uids)
 kellanved
-kellanved
+                                remove_default_rank($gid, $uids);
-kellanved
+                                remove_default_avatar($gid, $uids);
 kellanved
-acydburn
+                        group_set_user_default($group_id, $user_id_ary, $group_attributes);
-psotfx
+                        $log = 'LOG_GROUP_DEFAULTS';
-acydburn
+                break;
 psotfx
 psotfx
-psotfx
+        // Clear permissions cache of relevant users
-psotfx
+        $auth->acl_clear_prefetch($user_id_ary);
 psotfx
-psotfx
+        add_log('admin', $log, $group_name, implode(', ', $username_ary));
 psotfx
-acydburn
+        group_update_listings($group_id);
 acydburn
-Kellanved
+        return false;
 psotfx
 psotfx
-acydburn
+/**
-kellanved
+* A small version of validate_username to check for a group name's existence. To be called directly.
-kellanved
+*/
-acydburn
+function group_validate_groupname($group_id, $group_name)
 kellanved
-kellanved
+        global $config, $db;
 kellanved
-acydburn
+        $group_name =  utf8_clean_string($group_name);
 kellanved
-kellanved
+        if (!empty($group_id))
 kellanved
-kellanved
+                $sql = 'SELECT group_name
-acydburn
+                        FROM ' . GROUPS_TABLE . '
-acydburn
+                        WHERE group_id = ' . (int) $group_id;
-kellanved
+                $result = $db->sql_query($sql);
-kellanved
+                $row = $db->sql_fetchrow($result);
-kellanved
+                $db->sql_freeresult($result);
 acydburn
-acydburn
+                if (!$row)
 kellanved
-kellanved
+                        return false;
 kellanved
 acydburn
-acydburn
+                $allowed_groupname = utf8_clean_string($row['group_name']);
 acydburn
-acydburn
+                if ($allowed_groupname == $group_name)
 acydburn
-acydburn
+                        return false;
 acydburn
 kellanved
 kellanved
-kellanved
+        $sql = 'SELECT group_name
-kellanved
+                FROM ' . GROUPS_TABLE . "
-acydburn
+                WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'";
-kellanved
+        $result = $db->sql_query($sql);
-kellanved
+        $row = $db->sql_fetchrow($result);
-kellanved
+        $db->sql_freeresult($result);
 acydburn
-kellanved
+        if ($row)
 kellanved
-kellanved
+                return 'GROUP_NAME_TAKEN';
 kellanved
 acydburn
-kellanved
+        return false;
 kellanved
 kellanved
-kellanved
+/**
-acydburn
+* Set users default group
 acydburn
-acydburn
+* @access private
-acydburn
+*/
-kellanved
+function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
 acydburn
-nickvergessen
+        global $cache, $db;
 acydburn
-acydburn
+        if (empty($user_id_ary))
 acydburn
-acydburn
+                return;
 acydburn
 acydburn
-acydburn
+        $attribute_ary = array(
-acydburn
+                'group_colour'                        => 'string',
-bartvb
+                'group_rank'                        => 'int',
-acydburn
+                'group_avatar'                        => 'string',
-acydburn
+                'group_avatar_type'                => 'int',
-acydburn
+                'group_avatar_width'        => 'int',
-acydburn
+                'group_avatar_height'        => 'int',
-acydburn
+        );
 acydburn
-acydburn
+        $sql_ary = array(
-acydburn
+                'group_id'                => $group_id
-acydburn
+        );
 acydburn
-acydburn
+        // Were group attributes passed to the function? If not we need to obtain them
-acydburn
+        if ($group_attributes === false)
 acydburn
-acydburn
+                $sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
-bartvb
+                        FROM ' . GROUPS_TABLE . "
-acydburn
+                        WHERE group_id = $group_id";
-acydburn
+                $result = $db->sql_query($sql);
-acydburn
+                $group_attributes = $db->sql_fetchrow($result);
-acydburn
+                $db->sql_freeresult($result);
 acydburn
 bartvb
-acydburn
+        foreach ($attribute_ary as $attribute => $type)
 acydburn
-acydburn
+                if (isset($group_attributes[$attribute]))
 acydburn
-kellanved
+                        // If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group
-kellanved
+                        if ((strpos($attribute, 'group_avatar') === 0 || strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute])
 acydburn
-acydburn
+                                continue;
 acydburn
 acydburn
-acydburn
+                        settype($group_attributes[$attribute], $type);
-acydburn
+                        $sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
 acydburn
 acydburn
 bartvb
-acydburn
+        // Before we update the user attributes, we will make a list of those having now the group avatar assigned
-acydburn
+        if (isset($sql_ary['user_avatar']))
 acydburn
-acydburn
+                // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
-acydburn
+                $sql = 'SELECT user_id, group_id, user_avatar
-acydburn
+                        FROM ' . USERS_TABLE . '
-acydburn
+                        WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
-acydburn
+                                AND user_avatar_type = ' . AVATAR_UPLOAD;
-acydburn
+                $result = $db->sql_query($sql);
 acydburn
-acydburn
+                while ($row = $db->sql_fetchrow($result))
 acydburn
-acydburn
+                        avatar_delete('user', $row);
 acydburn
-acydburn
+                $db->sql_freeresult($result);
 acydburn
-kellanved
+        else
 kellanved
-kellanved
+                unset($sql_ary['user_avatar_type']);
-kellanved
+                unset($sql_ary['user_avatar_height']);
-kellanved
+                unset($sql_ary['user_avatar_width']);
 kellanved
 acydburn
-acydburn
+        $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
-acydburn
+                WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
-acydburn
+        $db->sql_query($sql);
 grahamje
-acydburn
+        if (isset($sql_ary['user_colour']))
 acydburn
-acydburn
+                // Update any cached colour information for these users
-acydburn
+                $sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
-acydburn
+                        WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);
-acydburn
+                $db->sql_query($sql);
 grahamje
-acydburn
+                $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
-acydburn
+                        WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);
-acydburn
+                $db->sql_query($sql);
 grahamje
-acydburn
+                $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
-acydburn
+                        WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
-acydburn
+                $db->sql_query($sql);
 davidmj
-davidmj
+                global $config;
 davidmj
-davidmj
+                if (in_array($config['newest_user_id'], $user_id_ary))
 davidmj
-davidmj
+                        set_config('newest_user_colour', $sql_ary['user_colour'], true);
 davidmj
 acydburn
 acydburn
-acydburn
+        if ($update_listing)
 acydburn
-acydburn
+                group_update_listings($group_id);
 acydburn
 nickvergessen
-nickvergessen
+        // Because some tables/caches use usercolour-specific data we need to purge this here.
-nickvergessen
+        $cache->destroy('sql', MODERATOR_CACHE_TABLE);
 acydburn
 acydburn
-acydburn
+/**
-acydburn
+* Get group name
-acydburn
+*/
-acydburn
+function get_group_name($group_id)
 acydburn
-acydburn
+        global $db, $user;
 acydburn
-acydburn
+        $sql = 'SELECT group_name, group_type
-acydburn
+                FROM ' . GROUPS_TABLE . '
-acydburn
+                WHERE group_id = ' . (int) $group_id;
-acydburn
+        $result = $db->sql_query($sql);
-acydburn
+        $row = $db->sql_fetchrow($result);
-acydburn
+        $db->sql_freeresult($result);
 acydburn
-acydburn
+        if (!$row || ($row['group_type'] == GROUP_SPECIAL && empty($user->lang)))
 acydburn
-acydburn
+                return '';
 acydburn
 acydburn
-acydburn
+        return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
 acydburn
 acydburn
-acydburn
+/**
-acydburn
+* Obtain either the members of a specified group, the groups the specified user is subscribed to
-acydburn
+* or checking if a specified user is in a specified group. This function does not return pending memberships.
 acydburn
-acydburn
+* Note: Never use this more than once... first group your users/groups
-acydburn
+*/
-acydburn
+function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)
 psotfx
-psotfx
+        global $db;
 psotfx
-acydburn
+        if (!$group_id_ary && !$user_id_ary)
 psotfx
-psotfx
+                return true;
 psotfx
 psotfx
-acydburn
+        if ($user_id_ary)
 acydburn
-acydburn
+                $user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
 acydburn
 acydburn
-acydburn
+        if ($group_id_ary)
 acydburn
-acydburn
+                $group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
 acydburn
 acydburn
-acydburn
+        $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
-acydburn
+                FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
-acydburn
+                WHERE ug.user_id = u.user_id
-acydburn
+                        AND ug.user_pending = 0 AND ';
 acydburn
-acydburn
+        if ($group_id_ary)
 psotfx
-acydburn
+                $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
 psotfx
 acydburn
-acydburn
+        if ($user_id_ary)
 acydburn
-acydburn
+                $sql .= ($group_id_ary) ? ' AND ' : ' ';
-acydburn
+                $sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
 acydburn
 bartvb
-acydburn
+        $result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);
 acydburn
-acydburn
+        $row = $db->sql_fetchrow($result);
 psotfx
-acydburn
+        if ($return_bool)
 acydburn
-acydburn
+                $db->sql_freeresult($result);
-acydburn
+                return ($row) ? true : false;
 acydburn
 acydburn
-acydburn
+        if (!$row)
 acydburn
-acydburn
+                return false;
 acydburn
 acydburn
-acydburn
+        $return = array();
 acydburn
-acydburn
+        do
 acydburn
-acydburn
+                $return[] = $row;
 acydburn
-acydburn
+        while ($row = $db->sql_fetchrow($result));
 acydburn
-acydburn
+        $db->sql_freeresult($result);
 acydburn
-acydburn
+        return $return;
 psotfx
 psotfx
-acydburn
+/**
-acydburn
+* Re-cache moderators and foes if group has a_ or m_ permissions
-acydburn
+*/
-acydburn
+function group_update_listings($group_id)
 acydburn
-acydburn
+        global $auth;
 acydburn
-acydburn
+        $hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
 acydburn
-acydburn
+        if (!sizeof($hold_ary))
 acydburn
-acydburn
+                return;
 acydburn
 acydburn
-acydburn
+        $mod_permissions = $admin_permissions = false;
 acydburn
-acydburn
+        foreach ($hold_ary as $g_id => $forum_ary)
 acydburn
-acydburn
+                foreach ($forum_ary as $forum_id => $auth_ary)
 acydburn
-acydburn
+                        foreach ($auth_ary as $auth_option => $setting)
 acydburn
-acydburn
+                                if ($mod_permissions && $admin_permissions)
 acydburn
-acydburn
+                                        break 3;
 acydburn
 acydburn
-acydburn
+                                if ($setting != ACL_YES)
 acydburn
-acydburn
+                                        continue;
 acydburn
 acydburn
-acydburn
+                                if ($auth_option == 'm_')
 acydburn
-acydburn
+                                        $mod_permissions = true;
 acydburn
 acydburn
-acydburn
+                                if ($auth_option == 'a_')
 acydburn
-acydburn
+                                        $admin_permissions = true;
 acydburn
 acydburn
 acydburn
 acydburn
 acydburn
-acydburn
+        if ($mod_permissions)
 acydburn
-acydburn
+                if (!function_exists('cache_moderators'))
 acydburn
-davidmj
+                        global $phpbb_root_path, $phpEx;
-acydburn
+                        include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 acydburn
-acydburn
+                cache_moderators();
 acydburn
 acydburn
-acydburn
+        if ($mod_permissions || $admin_permissions)
 acydburn
-acydburn
+                if (!function_exists('update_foes'))
 acydburn
-acydburn
+                        global $phpbb_root_path, $phpEx;
-acydburn
+                        include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 acydburn
-acydburn
+                update_foes(array($group_id));
 acydburn
 acydburn
 acydburn
 Kellanved
 Kellanved
-Kellanved
+/**
-Kellanved
+* Funtion to make a user leave the NEWLY_REGISTERED system group.
-Kellanved
+* @access public
-Kellanved
+* @param $user_id The id of the user to remove from the group
-Kellanved
+*/
-Kellanved
+function remove_newly_registered($user_id, $user_data = false)
 Kellanved
-Kellanved
+        global $db;
 Kellanved
-Kellanved
+        if ($user_data === false)
 Kellanved
-Kellanved
+                $sql = 'SELECT *
-Kellanved
+                        FROM ' . USERS_TABLE . '
-Kellanved
+                        WHERE user_id = ' . $user_id;
-Kellanved
+                $result = $db->sql_query($sql);
-Kellanved
+                $user_row = $db->sql_fetchrow($result);
-Kellanved
+                $db->sql_freeresult($result);
 Kellanved
-Kellanved
+                if (!$user_row)
 Kellanved
-Kellanved
+                        return false;
 Kellanved
-Kellanved
+                else
 Kellanved
-Kellanved
+                        $user_data  = $user_row;
 Kellanved
 Kellanved
 acydburn
-Kellanved
+        if (empty($user_data['user_new']))
 Kellanved
-Kellanved
+                return false;
 Kellanved
 acydburn
-Kellanved
+        $sql = 'SELECT group_id
-Kellanved
+                FROM ' . GROUPS_TABLE . "
-Kellanved
+                WHERE group_name = 'NEWLY_REGISTERED'
-Kellanved
+                        AND group_type = " . GROUP_SPECIAL;
-Kellanved
+        $result = $db->sql_query($sql);
-Kellanved
+        $group_id = (int) $db->sql_fetchfield('group_id');
-Kellanved
+        $db->sql_freeresult($result);
 Kellanved
-Kellanved
+        if (!$group_id)
 Kellanved
-Kellanved
+                return false;
 Kellanved
 Kellanved
-Kellanved
+        // We need to call group_user_del here, because this function makes sure everything is correctly changed.
-Kellanved
+        // A downside for a call within the session handler is that the language is not set up yet - so no log entry
-Kellanved
+        group_user_del($group_id, $user_id);
 Kellanved
-Kellanved
+        // Set user_new to 0 to let this not be triggered again
-Kellanved
+        $sql = 'UPDATE ' . USERS_TABLE . '
-Kellanved
+                SET user_new = 0
-Kellanved
+                WHERE user_id = ' . $user_id;
-Kellanved
+        $db->sql_query($sql);
 Kellanved
-Kellanved
+        // The new users group was the users default group?
-Kellanved
+        if ($user_data['group_id'] == $group_id)
 Kellanved
-Kellanved
+                // Which group is now the users default one?
-Kellanved
+                $sql = 'SELECT group_id
-Kellanved
+                        FROM ' . USERS_TABLE . '
-Kellanved
+                        WHERE user_id = ' . $user_id;
-Kellanved
+                $result = $db->sql_query($sql);
-Kellanved
+                $user_data['group_id'] = $db->sql_fetchfield('group_id');
-Kellanved
+                $db->sql_freeresult($result);
 Kellanved
 Kellanved
-Kellanved
+        return $user_data['group_id'];
 Kellanved

Code Forge

root / trunk / phpBB / includes / functions_user.php