function validate_username($username)
{
global $db, $lang, $userdata;
// Remove doubled up spaces
$username = preg_replace('#\\s+#', ' ', trim($username));
$username = phpbb_clean_username($username);
$sql = "SELECT username \r\n\t\tFROM " . USERS_TABLE . "\r\n\t\tWHERE LOWER(username) = '" . strtolower($username) . "'";
if ($result = $db->sql_query($sql)) {
while ($row = $db->sql_fetchrow($result)) {
if ($userdata['session_logged_in'] && $row['username'] != $userdata['username'] || !$userdata['session_logged_in']) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
}
$db->sql_freeresult($result);
$sql = "SELECT group_name\r\n\t\tFROM " . GROUPS_TABLE . " \r\n\t\tWHERE LOWER(group_name) = '" . strtolower($username) . "'";
if ($result = $db->sql_query($sql)) {
if ($row = $db->sql_fetchrow($result)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
$db->sql_freeresult($result);
$sql = "SELECT disallow_username\r\n\t\tFROM " . DISALLOW_TABLE;
if ($result = $db->sql_query($sql)) {
if ($row = $db->sql_fetchrow($result)) {
do {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\\b#i", $username)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
$sql = "SELECT word \r\n\t\tFROM " . WORDS_TABLE;
if ($result = $db->sql_query($sql)) {
if ($row = $db->sql_fetchrow($result)) {
do {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['word'], '#')) . ")\\b#i", $username)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
// Don't allow " and ALT-255 in username.
if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)) || strstr($username, chr(173))) {
return array('error' => true, 'error_msg' => $lang['Username_invalid']);
}
return array('error' => false, 'error_msg' => '');
}
function get_userdata($user, $force_str = false)
{
global $db;
if (intval($user) == 0 || $force_str) {
$user = phpbb_clean_username($user);
} else {
$user = intval($user);
}
$sql = "SELECT *\n\t\tFROM " . USERS_TABLE . " \n\t\tWHERE ";
$sql .= (is_integer($user) ? "user_id = {$user}" : "username = '******'") . " AND user_id <> " . ANONYMOUS;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);
}
return ($row = $db->sql_fetchrow($result)) ? $row : false;
}
function get_userdata_notifications($target_user, $force_str = false)
{
global $db;
$target_user = !is_numeric($target_user) || $force_str ? phpbb_clean_username($target_user) : intval($target_user);
$sql = "SELECT *\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE ";
$sql .= (is_integer($target_user) ? "user_id = " . $target_user : "******" . $db->sql_escape($target_user) . "'") . " AND user_id <> " . ANONYMOUS;
$result = $db->sql_query($sql);
$return_value = ($row = $db->sql_fetchrow($result)) ? $row : false;
$db->sql_freeresult($result);
return $return_value;
}
message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql);
}
if (!($row = $db->sql_fetchrow($result))) {
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
$db->sql_freeresult($result);
unset($row);
}
if ($submit) {
// session id check
if ($sid == '' || $sid != $userdata['session_id']) {
$error = true;
$error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['Session_invalid'];
}
if (!empty($HTTP_POST_VARS['username'])) {
$to_username = phpbb_clean_username($HTTP_POST_VARS['username']);
$sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active \r\n\t\t\t\tFROM " . USERS_TABLE . "\r\n\t\t\t\tWHERE username = '******'", "''", $to_username) . "'\r\n\t\t\t\t\tAND user_id <> " . ANONYMOUS;
if (!($result = $db->sql_query($sql))) {
$error = TRUE;
$error_msg = $lang['No_such_user'];
}
if (!($to_userdata = $db->sql_fetchrow($result))) {
$error = TRUE;
$error_msg = $lang['No_such_user'];
}
} else {
$error = TRUE;
$error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['No_to_user'];
}
$privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));
if (empty($privmsg_subject)) {
}
if (count($mark_list)) {
$delete_sql_id = implode(', ', $mark_list);
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "\n\t\t\t\t\tWHERE privmsgs_text_id IN ({$delete_sql_id})";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "\n\t\t\t\t\tWHERE privmsgs_id IN ({$delete_sql_id})";
if (!$db->sql_query($delete_sql)) {
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if (!$db->sql_query($delete_text_sql)) {
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
$message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.{$phpEx}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.{$phpEx}?pane=right") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$username = !empty($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$email = !empty($HTTP_POST_VARS['email']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
$password = !empty($HTTP_POST_VARS['password']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password']))) : '';
$password_confirm = !empty($HTTP_POST_VARS['password_confirm']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password_confirm']))) : '';
$icq = !empty($HTTP_POST_VARS['icq']) ? trim(strip_tags($HTTP_POST_VARS['icq'])) : '';
$aim = !empty($HTTP_POST_VARS['aim']) ? trim(strip_tags($HTTP_POST_VARS['aim'])) : '';
$msn = !empty($HTTP_POST_VARS['msn']) ? trim(strip_tags($HTTP_POST_VARS['msn'])) : '';
$yim = !empty($HTTP_POST_VARS['yim']) ? trim(strip_tags($HTTP_POST_VARS['yim'])) : '';
$website = !empty($HTTP_POST_VARS['website']) ? trim(strip_tags($HTTP_POST_VARS['website'])) : '';
$location = !empty($HTTP_POST_VARS['location']) ? trim(strip_tags($HTTP_POST_VARS['location'])) : '';
$occupation = !empty($HTTP_POST_VARS['occupation']) ? trim(strip_tags($HTTP_POST_VARS['occupation'])) : '';
$interests = !empty($HTTP_POST_VARS['interests']) ? trim(strip_tags($HTTP_POST_VARS['interests'])) : '';
$signature = !empty($HTTP_POST_VARS['signature']) ? trim(str_replace('<br />', "\n", $HTTP_POST_VARS['signature'])) : '';
validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
$viewemail = isset($HTTP_POST_VARS['viewemail']) ? $HTTP_POST_VARS['viewemail'] ? TRUE : 0 : 0;
$allowviewonline = isset($HTTP_POST_VARS['hideonline']) ? $HTTP_POST_VARS['hideonline'] ? 0 : TRUE : TRUE;
//
if (!empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS['remove']) || isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny'])) {
if (!$userdata['session_logged_in']) {
redirect(append_sid("login.{$phpEx}?redirect=groupcp.{$phpEx}&" . POST_GROUPS_URL . "={$group_id}", true));
} else {
if ($sid !== $userdata['session_id']) {
message_die(GENERAL_ERROR, $lang['Session_invalid']);
}
}
if (!$is_moderator) {
$template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("index.{$phpEx}") . '">'));
$message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.{$phpEx}") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
if (isset($HTTP_POST_VARS['add'])) {
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$sql = "SELECT user_id, user_email, user_lang, user_level \n\t\t\t\t\tFROM " . USERS_TABLE . " \n\t\t\t\t\tWHERE username = '******'", "''", $username) . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql);
}
if (!($row = $db->sql_fetchrow($result))) {
$template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("groupcp.{$phpEx}?" . POST_GROUPS_URL . "={$group_id}") . '">'));
$message = $lang['Could_not_add_user'] . "<br /><br />" . sprintf($lang['Click_return_group'], "<a href=\"" . append_sid("groupcp.{$phpEx}?" . POST_GROUPS_URL . "={$group_id}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_index'], "<a href=\"" . append_sid("index.{$phpEx}") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
if ($row['user_id'] == ANONYMOUS) {
$template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("groupcp.{$phpEx}?" . POST_GROUPS_URL . "={$group_id}") . '">'));
$message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid("groupcp.{$phpEx}?" . POST_GROUPS_URL . "={$group_id}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.{$phpEx}") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$sql = "SELECT ug.user_id, u.user_level \n\t\t\t\t\tFROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u \n\t\t\t\t\tWHERE u.user_id = " . $row['user_id'] . " \n\t\t\t\t\t\tAND ug.user_id = u.user_id \n\t\t\t\t\t\tAND ug.group_id = {$group_id}";
//
// Define initial vars
//
if (isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode'])) {
$mode = isset($HTTP_POST_VARS['mode']) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
} else {
$mode = '';
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = isset($HTTP_POST_VARS['search_keywords']) ? $HTTP_POST_VARS['search_keywords'] : $HTTP_GET_VARS['search_keywords'];
} else {
$search_keywords = '';
}
if (isset($HTTP_POST_VARS['search_author']) || isset($HTTP_GET_VARS['search_author'])) {
$search_author = isset($HTTP_POST_VARS['search_author']) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];
$search_author = phpbb_clean_username($search_author);
} else {
$search_author = '';
}
$search_id = isset($HTTP_GET_VARS['search_id']) ? $HTTP_GET_VARS['search_id'] : '';
$show_results = isset($HTTP_POST_VARS['show_results']) ? $HTTP_POST_VARS['show_results'] : 'posts';
$show_results = $show_results == 'topics' ? 'topics' : 'posts';
if (isset($HTTP_POST_VARS['search_terms'])) {
$search_terms = $HTTP_POST_VARS['search_terms'] == 'all' ? 1 : 0;
} else {
$search_terms = 0;
}
if (isset($HTTP_POST_VARS['search_fields'])) {
$search_fields = $HTTP_POST_VARS['search_fields'] == 'all' ? 1 : 0;
} else {
$search_fields = 0;
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
if (!defined('IN_PHPBB')) {
die('Hacking attempt');
exit;
}
if (isset($_POST['submit'])) {
$username = !empty($_POST['username']) ? phpbb_clean_username($_POST['username']) : '';
$email = !empty($_POST['email']) ? trim(strip_tags(htmlspecialchars($_POST['email']))) : '';
$sql = "SELECT user_id, username, user_email, user_active, user_lang \n\t\tFROM " . USERS_TABLE . " \n\t\tWHERE user_email = '" . str_replace("\\'", "''", $email) . "' \n\t\t\tAND username = '******'", "''", $username) . "'";
if ($result = $db->sql_query($sql)) {
if ($row = $db->sql_fetchrow($result)) {
if (!$row['user_active']) {
message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']);
}
$username = $row['username'];
$user_id = $row['user_id'];
$user_actkey = gen_rand_string(true);
$key_len = 54 - strlen($server_url);
$key_len = $key_len > 6 ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
$user_password = gen_rand_string(false);
$sql = "UPDATE " . USERS_TABLE . " \n\t\t\t\tSET user_newpasswd = '" . md5($user_password) . "', user_actkey = '{$user_actkey}' \n\t\t\t\tWHERE user_id = " . $row['user_id'];
} else {
$_varary = $_POST['pending_members'];
}
$_data = '';
for ($i = 0; $i < sizeof($_varary); $i++) {
$_data .= ($_data != '' ? ', ' : '') . intval($_varary[$i]);
}
$content .= '[Group Edit: ' . $_tmp1 . ' ==> ' . $_data . ']';
if ($db_log_actions == true) {
$db_log = array('action' => 'GROUP_EDIT', 'desc' => $_tmp1, 'target' => $_data);
}
$update_log = true;
} elseif (isset($_POST['add']) && isset($_POST['username'])) {
$content .= '[Group Add: ' . $_tmp1 . ' ==> ' . $_POST['username'] . ']';
if ($db_log_actions == true) {
$sql = get_users_sql(phpbb_clean_username($_POST['username']), false, false, true, true);
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$db_log = array('action' => 'GROUP_ADD', 'desc' => $_tmp1, 'target' => $user_row['user_id']);
}
$update_log = true;
} elseif (isset($_POST['groupstatus']) && isset($_POST['group_type'])) {
$content .= '[Group Type: ' . $_tmp1 . ' ==> ' . intval($_POST['group_type']) . ']';
if ($db_log_actions == true) {
$db_log = array('action' => 'GROUP_TYPE', 'desc' => $_tmp1 . ';' . intval($_POST['group_type']), 'target' => '');
}
$update_log = true;
}
}
break;
}
$db->sql_freeresult($result);
// remove friends from the username array
$n = sizeof($data['add']);
$data['add'] = array_diff($data['add'], $friends);
// remove foes from the username array
$n = sizeof($data['add']);
$data['add'] = array_diff($data['add'], $foes);
// remove the user himself from the username array
$n = sizeof($data['add']);
$data['add'] = array_diff($data['add'], array($user->data['username']));
unset($friends, $foes, $n);
if (sizeof($data['add'])) {
$users_to_add = '';
foreach ($data['add'] as $user_tmp) {
$username_tmp = phpbb_clean_username($user_tmp);
//$users_to_add .= (($users_to_add == '') ? '' : ', ') . "'" . $db->sql_escape($username_tmp) . "'";
$users_to_add .= ($users_to_add == '' ? '' : ', ') . "'" . $db->sql_escape(utf8_clean_string($username_tmp)) . "'";
}
//$users_to_add = implode('\',\'', $data['add']);
$sql = "SELECT user_id, user_level\n\t\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\t\tWHERE username_clean IN (" . $users_to_add . ")\n\t\t\t\t\t\tAND user_active = 1";
//die($sql);
$result = $db->sql_query($sql);
$user_id_ary = array();
$user_id_level = array();
while ($row = $db->sql_fetchrow($result)) {
if ($row['user_id'] != ANONYMOUS) {
$user_id_ary[$row['user_id']] = $row['user_id'];
$user_id_level[$row['user_id']] = $row['user_level'];
}
}
}
$params[] = 'users_per_page=' . $users_per_page;
$sort_params[] = 'users_per_page=' . $users_per_page;
$params[] = 'mode=' . $mode;
$sort_params[] = 'mode=' . $mode;
}
$pagination_url = append_sid(CMS_PAGE_MEMBERLIST, false, false, implode('&', $params));
$sort_url = append_sid(CMS_PAGE_MEMBERLIST, false, false, implode('&', $sort_params));
unset($search_params, $sort_params);
if (!empty($alphanum))
{
$alphanum = ($alphanum == '#') ? '#' : (phpbb_clean_username(ip_clean_username(strtolower(urldecode($alphanum)))));
$sql_where = ($alphanum == '#') ? "AND LOWER(username) NOT RLIKE '^[a-z]'" : "AND LOWER(username) LIKE '" . $db->sql_escape($alphanum) . "%'";
}
if (($action == 'searchuser') && ($user->data['user_level'] == ADMIN))
{
$template->assign_vars(array(
'USERNAME' => $username,
'EMAIL' => $email,
'AIM' => $aim,
'ICQ' => $icq,
'JABBER' => $jabber,
'MSNM' => $msn,
'SKYPE' => $skype,
'YAHOO' => $yahoo,
'JOINED' => implode('-', $joined),
function rss_get_user()
{
global $db, $HTTP_SERVER_VARS, $HTTP_GET_VARS;
if ((!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || !isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) && isset($HTTP_SERVER_VARS['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $HTTP_SERVER_VARS['REMOTE_USER'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$HTTP_SERVER_VARS['PHP_AUTH_USER'] = strip_tags($name);
$HTTP_SERVER_VARS['PHP_AUTH_PW'] = strip_tags($password);
}
if (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
$username = phpbb_clean_username($HTTP_SERVER_VARS['PHP_AUTH_USER']);
$password = md5($HTTP_SERVER_VARS['PHP_AUTH_PW']);
if (isset($HTTP_GET_VARS['uid'])) {
$uid = intval($HTTP_GET_VARS['uid']);
$sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = {$uid}";
} else {
$sql = "SELECT user_id, username, user_password, user_active, user_level\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE username = '******'", "''", $username) . "'";
}
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result)) {
if ($password == $row['user_password'] && $row['user_active']) {
// Yes!!! It's good user
return $row['user_id'];
} else {
GetHTTPPasswd();
}
}
} else {
GetHTTPPasswd();
}
return ANONYMOUS;
}
function get_users_sql($username, $sql_like = false, $all_data = false, $data_escape = true, $clean_username = false)
{
global $config, $cache, $db;
$username = !empty($clean_username) ? phpbb_clean_username($username) : $username;
$sql = "SELECT " . (!empty($all_data) ? "*" : "user_id, username, username_clean, user_active, user_color, user_level") . " FROM " . USERS_TABLE . "\n\t\tWHERE username_clean " . (!empty($sql_like) ? " LIKE " : " = ") . "'" . (!empty($data_escape) ? $db->sql_escape(utf8_clean_string($username)) : $username) . "'" . (!empty($sql_like) ? "" : " LIMIT 1");
return $sql;
}
}
if (count($mark_list)) {
$delete_sql_id = implode(', ', $mark_list);
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "\n\t\t\t\t\tWHERE privmsgs_text_id IN ({$delete_sql_id})";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "\n\t\t\t\t\tWHERE privmsgs_id IN ({$delete_sql_id})";
if (!$db->sql_query($delete_sql)) {
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if (!$db->sql_query($delete_text_sql)) {
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
$message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.{$phpEx}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.{$phpEx}?pane=right") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$username = !empty($HTTP_POST_VARS['username']) ? ereg_replace("&", "&", phpbb_clean_username($HTTP_POST_VARS['username'])) : '';
$email = !empty($HTTP_POST_VARS['email']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
$password = !empty($HTTP_POST_VARS['password']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password']))) : '';
$password_confirm = !empty($HTTP_POST_VARS['password_confirm']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password_confirm']))) : '';
$icq = !empty($HTTP_POST_VARS['icq']) ? trim(strip_tags($HTTP_POST_VARS['icq'])) : '';
$aim = !empty($HTTP_POST_VARS['aim']) ? trim(strip_tags($HTTP_POST_VARS['aim'])) : '';
$msn = !empty($HTTP_POST_VARS['msn']) ? trim(strip_tags($HTTP_POST_VARS['msn'])) : '';
$yim = !empty($HTTP_POST_VARS['yim']) ? trim(strip_tags($HTTP_POST_VARS['yim'])) : '';
$skype = !empty($HTTP_POST_VARS['skype']) ? trim(strip_tags($HTTP_POST_VARS['skype'])) : '';
$website = !empty($HTTP_POST_VARS['website']) ? trim(strip_tags($HTTP_POST_VARS['website'])) : '';
$location = !empty($HTTP_POST_VARS['location']) ? trim(strip_tags($HTTP_POST_VARS['location'])) : '';
$occupation = !empty($HTTP_POST_VARS['occupation']) ? trim(strip_tags($HTTP_POST_VARS['occupation'])) : '';
$interests = !empty($HTTP_POST_VARS['interests']) ? trim(strip_tags($HTTP_POST_VARS['interests'])) : '';
$gender = isset($HTTP_POST_VARS['gender']) ? intval($HTTP_POST_VARS['gender']) : 0;
if (isset($HTTP_POST_VARS['birthday'])) {
$birthday = intval($HTTP_POST_VARS['birthday']);
AND privmsgs_from_userid = ' . $userdata['user_id'];
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql);
}
if (!($row = $db->sql_fetchrow($result))) {
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
$db->sql_freeresult($result);
unset($row);
}
if ($submit) {
if (!empty($HTTP_POST_VARS['username'])) {
$to_username_array = explode(";", $HTTP_POST_VARS['username']);
usort($to_username_array, create_function('$a,$b', 'return strcasecmp($a,$b);'));
foreach ($to_username_array as $name) {
$to_usernames .= "'" . phpbb_clean_username($name) . "',";
}
$to_usernames[strlen($to_usernames) - 1] = " ";
$sql = "SELECT user_id, username, user_notify_pm, user_email, user_lang, user_active \n\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\tWHERE username IN (" . str_replace("\\'", "''", $to_usernames) . ")\n\t\t\t\t\tAND user_id <> " . ANONYMOUS . " \n\t\t\t\tORDER BY username ASC";
if (!($result2 = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not obtain users PM information', '', __LINE__, __FILE__, $sql);
}
if (!($to_users = $db->sql_fetchrowset($result2))) {
$error = TRUE;
$error_msg = $lang['No_such_user'];
}
$n = 0;
while ($to_username_array[$n] && !$error) {
if (strcasecmp($to_users[$n]['username'], str_replace("\\'", "'", $to_username_array[$n]))) {
$error = TRUE;
$error_msg .= $lang['No_such_user'] . " '" . str_replace("\\'", "'", $to_username_array[$n]);
function search_attachments($order_by, &$total_rows)
{
global $db, $HTTP_POST_VARS, $HTTP_GET_VARS, $lang;
$where_sql = array();
// Get submitted Vars
$search_vars = array('search_keyword_fname', 'search_keyword_comment', 'search_author', 'search_size_smaller', 'search_size_greater', 'search_count_smaller', 'search_count_greater', 'search_days_greater', 'search_forum', 'search_cat');
for ($i = 0; $i < sizeof($search_vars); $i++) {
${$search_vars}[$i] = get_var($search_vars[$i], '');
}
// Author name search
if ($search_author != '') {
// Bring in line with 2.0.x expected username
$search_author = addslashes(html_entity_decode($search_author));
$search_author = stripslashes(phpbb_clean_username($search_author));
// Prepare for directly going into sql query
$search_author = str_replace('*', '%', attach_mod_sql_escape($search_author));
// We need the post_id's, because we want to query the Attachment Table
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . "\n\t\t\tWHERE username LIKE '{$search_author}'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t obtain list of matching users (searching for: ' . $search_author . ')', '', __LINE__, __FILE__, $sql);
}
$matching_userids = '';
if ($row = $db->sql_fetchrow($result)) {
do {
$matching_userids .= ($matching_userids != '' ? ', ' : '') . intval($row['user_id']);
} while ($row = $db->sql_fetchrow($result));
$db->sql_freeresult($result);
} else {
message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
}
$where_sql[] = ' (t.user_id_1 IN (' . $matching_userids . ')) ';
}
// Search Keyword
if ($search_keyword_fname != '') {
$match_word = str_replace('*', '%', $search_keyword_fname);
$where_sql[] = " (a.real_filename LIKE '" . attach_mod_sql_escape($match_word) . "') ";
}
if ($search_keyword_comment != '') {
$match_word = str_replace('*', '%', $search_keyword_comment);
$where_sql[] = " (a.comment LIKE '" . attach_mod_sql_escape($match_word) . "') ";
}
// Search Download Count
if ($search_count_smaller != '' || $search_count_greater != '') {
if ($search_count_smaller != '') {
$where_sql[] = ' (a.download_count < ' . (int) $search_count_smaller . ') ';
} else {
if ($search_count_greater != '') {
$where_sql[] = ' (a.download_count > ' . (int) $search_count_greater . ') ';
}
}
}
// Search Filesize
if ($search_size_smaller != '' || $search_size_greater != '') {
if ($search_size_smaller != '') {
$where_sql[] = ' (a.filesize < ' . (int) $search_size_smaller . ') ';
} else {
if ($search_size_greater != '') {
$where_sql[] = ' (a.filesize > ' . (int) $search_size_greater . ') ';
}
}
}
// Search Attachment Time
if ($search_days_greater != '') {
$where_sql[] = ' (a.filetime < ' . (time() - (int) $search_days_greater * 86400) . ') ';
}
// Search Forum
if ($search_forum) {
$where_sql[] = ' (p.forum_id = ' . intval($search_forum) . ') ';
}
// Search Cat... nope... sorry :(
$sql = 'SELECT a.*, t.post_id, p.post_time, p.topic_id
FROM ' . ATTACHMENTS_TABLE . ' t, ' . ATTACHMENTS_DESC_TABLE . ' a, ' . POSTS_TABLE . ' p WHERE ';
if (sizeof($where_sql) > 0) {
$sql .= implode('AND', $where_sql) . ' AND ';
}
$sql .= 't.post_id = p.post_id AND a.attach_id = t.attach_id ';
$total_rows_sql = $sql;
$sql .= $order_by;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
}
$attachments = $db->sql_fetchrowset($result);
$num_attach = $db->sql_numrows($result);
$db->sql_freeresult($result);
if ($num_attach == 0) {
message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
}
if (!($result = $db->sql_query($total_rows_sql))) {
message_die(GENERAL_ERROR, 'Could not query attachments', '', __LINE__, __FILE__, $sql);
}
$total_rows = $db->sql_numrows($result);
$db->sql_freeresult($result);
return $attachments;
}
message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql);
}
if (!($row = $db->sql_fetchrow($result))) {
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
$db->sql_freeresult($result);
unset($row);
}
if ($submit) {
// session id check
if ($sid == '' || $sid != $userdata['session_id']) {
$error = true;
$error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['Session_invalid'];
}
if (!empty($_POST['username'])) {
$to_username = phpbb_clean_username($_POST['username']);
// Begin PNphpBB2 Module
// $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active
// FROM " . USERS_TABLE . "
// WHERE username = '******'", "''", $to_username) . "'
// AND user_id <> " . ANONYMOUS;
$sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active \n\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\tWHERE username = '******'\n\t\t\t\t\tAND user_id <> " . ANONYMOUS;
// End PNphpBB2 Module
if (!($result = $db->sql_query($sql))) {
$error = TRUE;
$error_msg = $lang['No_such_user'];
}
if (!($to_userdata = $db->sql_fetchrow($result))) {
$error = TRUE;
$error_msg = $lang['No_such_user'];
}
include $phpbb_root_path . 'includes/bbcode.' . $phpEx;
include $phpbb_root_path . 'includes/functions_post.' . $phpEx;
if ($mode == 'editprofile') {
$user_id = intval($HTTP_POST_VARS['user_id']);
$current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
}
$strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'skype' => 'skype', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code');
// Strip all tags from data ... may p**s some people off, bah, strip_tags is
// doing the job but can still break HTML output ... have no choice, have
// to use htmlspecialchars ... be prepared to be moaned at.
while (list($var, $param) = @each($strip_var_list)) {
if (!empty($HTTP_POST_VARS[$param])) {
${$var} = str_replace("&", "&", trim(htmlspecialchars($HTTP_POST_VARS[$param])));
}
}
$username = !empty($HTTP_POST_VARS['username']) ? str_replace('&', '&', phpbb_clean_username($HTTP_POST_VARS['username'])) : '';
$trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
while (list($var, $param) = @each($trim_var_list)) {
if (!empty($HTTP_POST_VARS[$param])) {
${$var} = trim($HTTP_POST_VARS[$param]);
}
}
$signature = isset($signature) ? str_replace('<br />', "\n", $signature) : '';
$signature_bbcode_uid = '';
$allow_mass_pm = isset($HTTP_POST_VARS['allow_mass_pm']) ? intval($HTTP_POST_VARS['allow_mass_pm']) : 2;
$gender = isset($HTTP_POST_VARS['gender']) ? intval($HTTP_POST_VARS['gender']) : 0;
if (isset($HTTP_POST_VARS['birthday'])) {
$birthday = intval($HTTP_POST_VARS['birthday']);
if ($birthday != 999999) {
$b_day = realdate('j', $birthday);
$b_md = realdate('n', $birthday);
function validate_username($username)
{
global $db, $user, $lang;
// Remove doubled up spaces
$username = preg_replace('#\\s+#', ' ', trim($username));
$username = phpbb_clean_username($username);
$sql = get_users_sql($username, false, false, true, false);
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
while ($row = $db->sql_fetchrow($result)) {
if ($user->data['session_logged_in'] && $row['username'] != $user->data['username'] || !$user->data['session_logged_in']) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
}
$db->sql_freeresult($result);
$sql = "SELECT group_name\n\t\tFROM " . GROUPS_TABLE . "\n\t\tWHERE LOWER(group_name) = '" . $db->sql_escape(strtolower($username)) . "'";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
if ($row = $db->sql_fetchrow($result)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
$db->sql_freeresult($result);
$sql = "SELECT disallow_username\n\t\tFROM " . DISALLOW_TABLE;
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
if ($row = $db->sql_fetchrow($result)) {
do {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\\b#i", $username)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
$sql = "SELECT word\n\t\tFROM " . WORDS_TABLE;
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
if ($row = $db->sql_fetchrow($result)) {
do {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['word'], '#')) . ")\\b#i", $username)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
if (!preg_match("/^[a-z0-9&\\-_ ]+\$/i", $username)) {
return array('error' => true, 'error_msg' => $lang['Forbidden_characters']);
}
// Disallow " and ALT-255 in username.
if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)) || strstr($username, chr(173))) {
return array('error' => true, 'error_msg' => $lang['Username_invalid']);
}
return array('error' => false, 'error_msg' => '');
}
}
// Handle Additions, removals, approvals and denials
if (!empty($_POST['add']) || !empty($_POST['remove']) || isset($_POST['approve']) || isset($_POST['deny']) || isset($_POST['mass_colorize'])) {
if (!$user->data['session_logged_in']) {
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=groupcp.' . PHP_EXT . '&' . POST_GROUPS_URL . '=' . $group_id, true));
} elseif ($sid !== $user->data['session_id']) {
message_die(GENERAL_ERROR, $lang['Session_invalid']);
}
if (!$is_moderator) {
$redirect_url = append_sid(CMS_PAGE_FORUM);
meta_refresh(3, $redirect_url);
$message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
if (isset($_POST['add'])) {
$username = isset($_POST['username']) ? phpbb_clean_username($_POST['username']) : '';
$sql = get_users_sql($username, false, true, true, false);
$result = $db->sql_query($sql);
if (!($row = $db->sql_fetchrow($result))) {
$redirect_url = append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id);
meta_refresh(3, $redirect_url);
$message = $lang['Could_not_add_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$row['user_level'] = $row['user_level'] == JUNIOR_ADMIN ? ADMIN : $row['user_level'];
if ($row['user_id'] == ANONYMOUS) {
$redirect_url = append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id);
meta_refresh(3, $redirect_url);
$message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
*/
/**
*
* @Extra credits for this file
* ycl6 (damian at phpbb dot cc)
*
*/
if (!defined('IN_ICYPHOENIX')) {
die('Hacking attempt');
exit;
}
if (intval($config['require_activation']) == USER_ACTIVATION_ADMIN) {
message_die(GENERAL_ERROR, 'Invalid_activation');
}
if (isset($_POST['submit'])) {
$username = phpbb_clean_username(request_post_var('username', '', true));
$username = htmlspecialchars_decode($username, ENT_COMPAT);
$email = request_post_var('email', '');
$sql = "SELECT user_id, user_email, user_active, user_actkey, user_lang, user_last_login_attempt\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
if (!($row = $db->sql_fetchrow($result))) {
// No such name
message_die(GENERAL_ERROR, 'User_not_exist');
}
if ($row['user_email'] != $email) {
// Wrong Email provided
message_die(GENERAL_ERROR, 'No_email_match');
}
if (!empty($row['user_active'])) {
// Already activated
message_die(GENERAL_ERROR, 'Already_activated');
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length)
{
global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path;
// Check username
if (!empty($username)) {
$username = phpbb_clean_username($username);
if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $userdata['username']) {
include $phpbb_root_path . 'includes/functions_validate.' . $phpEx;
$result = validate_username($username);
if ($result['error']) {
$error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg'];
}
} else {
$username = '';
}
}
// Check subject
if (!empty($subject)) {
$subject = htmlspecialchars(trim($subject));
} else {
if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
}
}
// Check message
if (!empty($message)) {
$bbcode_uid = $bbcode_on ? make_bbcode_uid() : '';
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
} else {
if ($mode != 'delete' && $mode != 'poll_delete') {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
}
}
//
// Handle poll stuff
//
if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
$poll_length = isset($poll_length) ? max(0, intval($poll_length)) : 0;
if (!empty($poll_title)) {
$poll_title = htmlspecialchars(trim($poll_title));
}
if (!empty($poll_options)) {
$temp_option_text = array();
while (list($option_id, $option_text) = @each($poll_options)) {
$option_text = trim($option_text);
if (!empty($option_text)) {
$temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
}
}
$option_text = $temp_option_text;
if (count($poll_options) < 2) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
} else {
if (count($poll_options) > $board_config['max_poll_options']) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
} else {
if ($poll_title == '') {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
}
}
}
}
}
return;
}
function username_search($search_match)
{
// Begin PNphpBB2 Module
// global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
global $db, $board_config, $template, $lang, $images, $phpbb_theme, $phpEx, $phpbb_root_path;
// End PNphpBB2 Module
global $starttime, $gen_simple_header;
$gen_simple_header = TRUE;
$username_list = '';
if (!empty($search_match)) {
// Begin PNphpBB2 Module
// $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match)));
$username_search = preg_replace('/\\*/', '%', phpbb_clean_username($search_match));
// $sql = "SELECT username
// FROM " . USERS_TABLE . "
// WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' AND user_id <> " . ANONYMOUS . "
// ORDER BY username";
$sql = "SELECT username \n\t\t\tFROM " . USERS_TABLE . " \n\t\t\tWHERE username LIKE '" . DataUtil::formatForStore($username_search) . "' AND user_id <> " . ANONYMOUS . "\n\t\t\tORDER BY username";
// End PNphpBB2 Module
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result)) {
do {
// Begin PNphpBB2 Module
// $username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>';
$username_list .= '<option value="' . $row['username'] . '">' . DataUtil::formatForDisplay($row['username']) . '</option>';
// End PNphpBB2 Module
} while ($row = $db->sql_fetchrow($result));
} else {
$username_list .= '<option>' . $lang['No_match'] . '</option>';
}
$db->sql_freeresult($result);
}
$page_title = $lang['Search'];
include $phpbb_root_path . 'includes/page_header.' . $phpEx;
$template->set_filenames(array('search_user_body' => 'search_username.tpl'));
$template->assign_vars(array('USERNAME' => !empty($search_match) ? DataUtil::formatForDisplay($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], 'L_UPDATE_USERNAME' => $lang['Select_username'], 'L_SELECT' => $lang['Select'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_USERNAME_OPTIONS' => $username_list, 'S_SEARCH_ACTION' => append_sid("search.{$phpEx}?mode=searchuser")));
if ($username_list != '') {
$template->assign_block_vars('switch_select_name', array());
}
$template->pparse('search_user_body');
include $phpbb_root_path . 'includes/page_tail.' . $phpEx;
return;
}
function username_search($search_match, $ajax_search = false)
{
global $db, $config, $template, $images, $theme, $user, $lang;
global $starttime, $gen_simple_header;
$username_list = '';
if (!empty($search_match)) {
$username_search = preg_replace('/\\*/', '%', phpbb_clean_username($search_match));
$sql = "SELECT username\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE LOWER(username) LIKE '" . $db->sql_escape(strtolower($username_search)) . "' AND user_id <> " . ANONYMOUS . "\n\t\t\tORDER BY username";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) {
do {
$username_list .= '<option value="' . htmlspecialchars($row['username']) . '">' . htmlspecialchars($row['username']) . '</option>';
} while ($row = $db->sql_fetchrow($result));
} else {
$username_list .= '<option>' . $lang['No_match'] . '</option>';
}
$db->sql_freeresult($result);
}
$target_form_name = preg_replace('/[^A-Za-z0-9-_]+/', '', request_var('target_form_name', 'post'));
$target_element_name = preg_replace('/[^A-Za-z0-9-_]+/', '', request_var('target_element_name', 'username'));
$s_hidden_fields = build_hidden_fields(array('target_form_name' => $target_form_name, 'target_element_name' => $target_element_name));
$template->assign_vars(array('USERNAME' => !empty($search_match) ? phpbb_clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['FIND_USERNAME'], 'L_UPDATE_USERNAME' => $lang['Select_username'], 'L_SELECT' => $lang['Select'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_TARGET_FORM_NAME' => $target_form_name, 'S_TARGET_ELEMENT_NAME' => $target_element_name, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_USERNAME_OPTIONS' => $username_list, 'S_SEARCH_ACTION' => append_sid(CMS_PAGE_SEARCH . '?mode=searchuser')));
if ($ajax_search = true) {
if ($username_list == '') {
$template->assign_var('USERNAME_LIST_VIS', 'style="display: none;"');
}
} else {
if ($username_list != '') {
$template->assign_block_vars('switch_select_name', array());
}
}
$gen_simple_header = true;
full_page_generation('search_username.tpl', $lang['Search'], '', '');
return;
}
while (list($var, $param) = @each($strip_var_list)) {
${$var} = request_post_var($param, '', true);
}
if ($mode == 'editprofile') {
$user_id = request_post_var('user_id', 0);
$current_email = request_post_var('current_email', '', true);
$email_confirm = $cpl_mode == 'reg_info' ? $email_confirm : $current_email;
}
$trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature', 'selfdes' => 'selfdes', 'username' => 'username');
while (list($var, $param) = @each($trim_var_list)) {
${$var} = request_post_var($param, '', true);
${$var} = htmlspecialchars_decode(${$var}, ENT_COMPAT);
}
$signature = str_replace('<br />', "\n", $signature);
$selfdes = str_replace('<br />', "\n", $selfdes);
$username = phpbb_clean_username($username);
$gender = request_post_var('gender', 0);
// Birthday - BEGIN
if (isset($_POST['birthday'])) {
$birthday = intval($_POST['birthday']);
if ($birthday != 999999) {
$birthday_day = realdate('j', $birthday);
$birthday_month = realdate('n', $birthday);
$birthday_year = realdate('Y', $birthday);
}
} else {
$birthday_day = request_post_var('b_day', 0);
$birthday_month = request_post_var('b_md', 0);
$birthday_year = request_post_var('b_year', 0);
if ($birthday_day && $birthday_month && $birthday_year) {
$birthday = mkrealdate($birthday_day, $birthday_month, $birthday_year);
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length, &$max_vote, &$hide_vote, &$tothide_vote)
{
global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path;
// Check username
if (!empty($username)) {
$username = phpbb_clean_username($username);
if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $userdata['username']) {
include $phpbb_root_path . 'includes/functions_validate.' . $phpEx;
$result = validate_username($username);
if ($result['error']) {
$error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg'];
}
} else {
$username = '';
}
}
// Check subject
if (!empty($subject)) {
$subject = htmlspecialchars(trim($subject));
} else {
if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
}
}
// Start Smilies Invasion Mod
// Check Smiley Count
if ($userdata['user_level'] != ADMIN) {
// -~= { Start User Configuration } =~- \\
$smilies_limit = 3;
// -~= { End User Configuration { =~- \\
$smilies_count = smilies_count($subject);
if ($smilies_count > $smilies_limit) {
$error_msg .= !empty($error_msg) ? '<br />' . sprintf($lang['Smilies_invasion_error_count'], $smilies_count, $smilies_limit) : sprintf($lang['Smilies_invasion_error_count'], $smilies_count, $smilies_limit);
}
}
// End Smilies Invasion Mod
// Check message
if (!empty($message)) {
$bbcode_uid = $bbcode_on ? make_bbcode_uid() : '';
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
} else {
if ($mode != 'delete' && $mode != 'poll_delete') {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
}
}
//
// Handle poll stuff
//
if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
$poll_length = isset($poll_length) ? max(0, $poll_length + $poll_length_h / 24) : 0;
${$max_vote} = isset($max_vote) ? max(0, intval($max_vote)) : 0;
${$hide_vote} = isset($hide_vote) ? max(0, intval($hide_vote)) : 0;
${$tothide_vote} = isset($tothide_vote) ? max(0, intval($tothide_vote)) : 0;
if (!empty($poll_title)) {
$poll_title = htmlspecialchars(trim($poll_title));
}
if (!empty($poll_options)) {
$temp_option_text = array();
while (list($option_id, $option_text) = @each($poll_options)) {
$option_text = trim($option_text);
if (!empty($option_text)) {
$temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
}
}
$option_text = $temp_option_text;
if (count($poll_options) < 2) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
} else {
if (count($poll_options) > $board_config['max_poll_options']) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
} else {
if ($poll_title == '') {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
}
}
}
}
}
return;
}
function username_search($search_match)
{
global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path, $starttime, $gen_simple_header;
$gen_simple_header = TRUE;
$username_list = '';
if (!empty($search_match)) {
$username_search = preg_replace('/\\*/', '%', phpbb_clean_username($search_match));
$sql = "SELECT username\r\n FROM " . USERS_TABLE . "\r\n WHERE username LIKE '" . str_replace("\\'", "''", $username_search) . "' AND user_id <> " . ANONYMOUS . "\r\n ORDER BY username";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result)) {
do {
$username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>';
} while ($row = $db->sql_fetchrow($result));
} else {
$username_list .= '<option>' . $lang['No_match'] . '</option>';
}
$db->sql_freeresult($result);
}
$page_title = $lang['Search'];
include "modules/Forums/includes/page_header_review.php";
$template->set_filenames(array('search_user_body' => 'search_username.tpl'));
$template->assign_vars(array('USERNAME' => !empty($search_match) ? phpbb_clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], 'L_UPDATE_USERNAME' => $lang['Select_username'], 'L_SELECT' => $lang['Select'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_USERNAME_OPTIONS' => $username_list, 'S_SEARCH_ACTION' => append_sid("search.{$phpEx}?mode=searchuser&popup=1")));
if ($username_list != '') {
$template->assign_block_vars('switch_select_name', array());
}
$template->pparse('search_user_body');
include "modules/Forums/includes/page_tail_review.php";
return;
}
function rss_get_user()
{
global $db;
if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) && isset($_SERVER['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$username = phpbb_clean_username($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
if (isset($_GET['uid'])) {
$uid = intval($_GET['uid']);
$uid = (int) $uid;
$user_data = get_userdata($uid, false);
if (!empty($user_data['username'])) {
$username = $user_data['username'];
} else {
GetHTTPPasswd();
}
}
if (!function_exists('login_db')) {
include IP_ROOT_PATH . 'includes/auth_db.' . PHP_EXT;
}
$login_result = login_db($username, $password, false, true);
if ($login_result['status'] === LOGIN_SUCCESS) {
return $row['user_id'];
} else {
GetHTTPPasswd();
}
} else {
GetHTTPPasswd();
}
return ANONYMOUS;
}
$s_months = '';
$s_year = '';
$s_hours = '';
$s_minutes = '';
$s_seconds = '';
$topic_post_time = '';
$topic_id = request_var(POST_TOPIC_URL, 0);
$topic_id = $topic_id < 0 ? 0 : $topic_id;
$post_id = request_var(POST_POST_URL, 0);
$post_id = $post_id < 0 ? 0 : $post_id;
// Get the submitted values, if a submit was send
$submit = !empty($_POST['submit']) ? $_POST['submit'] : $_GET['submit'];
// Submit if submit is given
if ($submit) {
$new_poster = request_var('username', '', true);
$new_poster = !empty($new_poster) ? phpbb_clean_username($new_poster) : '';
$topic_post = request_var('topic_post', '');
$twelve_hours = request_var('twelve_hours', '');
$new_day = request_var($topic_post . '_day', 0);
$month = request_var($topic_post . '_month', 0);
$year = request_var($topic_post . '_year', 0);
$hour = request_var($topic_post . '_hour', 0);
$minute = request_var($topic_post . '_minute', 0);
$second = request_var($topic_post . '_second', 0);
$am_pm_s = request_var($topic_post . '_ampm', '');
if ($am_pm_s == 'pm' && !empty($twelve_hours)) {
$hour += 12;
}
$edit_post_time = gmmktime($hour, $minute, $second, $month, $new_day, $year);
$dst_sec = get_dst($edit_post_time, $config['board_timezone']);
$edit_post_time = $edit_post_time - 3600 * $config['board_timezone'] - $dst_sec;
