/**
* Verifies that the provided username is valid, and attempts to correct it if it is not valid
*
* @param string Username
*
* @return boolean Returns true if the username is valid, or has been corrected to be valid
*/
function verify_username(&$username)
{
// fix extra whitespace and invisible ascii stuff
$username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
$username_raw = $username;
if (strtolower(vB_String::getCharset()) !== 'utf-8') {
// Following lines don't work for UTF-8. See VBV-3225.
$username = vB_String::cleanUserName($username);
}
$username = str_replace(chr(0), '', $username);
$username = trim($username);
if (empty($this->existing['userid'])) {
$this->existing['userid'] = false;
}
if (empty($this->existing['username'])) {
if ($this->existing['userid']) {
$userInfo = $this->assertor->getRow('user', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'userid' => $this->existing['userid']));
$this->existing['username'] = $userInfo['username'];
} else {
$this->existing['username'] = false;
}
}
// check length only if it's a new user or if the username changed
if ($this->existing['username'] === false or $username != $this->existing['username']) {
$length = iconv_strlen($username, vB_String::getCharset());
// We shouldn't use vB_String::vbStrlen() as it will count &xxx; as one character.
if ($length == 0) {
// check for empty string
$this->error('fieldmissing_username');
return false;
} else {
if ($length < $this->options['minuserlength'] and !$this->adminoverride) {
// name too short
$this->error('usernametooshort', $this->options['minuserlength']);
return false;
} else {
if ($length > $this->options['maxuserlength'] and !$this->adminoverride) {
// name too long
$this->error('usernametoolong', $this->options['maxuserlength']);
return false;
} else {
if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
// name contains semicolons
$this->error('username_contains_semi_colons');
return false;
} else {
if ($username != fetch_censored_text($username) and !$this->adminoverride) {
// name contains censored words
$this->error('censorfield');
return false;
}
}
}
}
}
/*else if (vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username'] AND $user = $this->dbobject->query_first("
SELECT userid, username FROM " . TABLE_PREFIX . "user
WHERE userid != " . intval($this->existing['userid']) . "
AND
(
username = '******'
OR
username = '******'
)
"))*/
}
if ((empty($this->existing['username']) or vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username']) and $user = $this->assertor->getRow('getUsernameAndId', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => intval($this->existing['userid']), 'username' => vB_String::htmlSpecialCharsUni($username), 'username_raw' => vB_String::htmlSpecialCharsUni($username_raw)))) {
// name is already in use
if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_CP) {
$this->error('usernametaken_edit_here', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'), $user['userid']);
} else {
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'));
}
return false;
}
if (!empty($this->options['usernameregex']) and !$this->adminoverride) {
// check for regex compliance
if (!preg_match('#' . str_replace('#', '\\#', $this->options['usernameregex']) . '#siU', $username)) {
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
return false;
}
}
if (!empty($this->existing['username']) and (vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username'] and !$this->adminoverride and $this->options['usernamereusedelay'] > 0)) {
require_once DIR . '/includes/class_userchangelog.php';
$userchangelog = new vB_UserChangeLog($this->registry);
$userchangelog->set_execute(true);
$userchangelog->set_just_count(true);
if ($userchangelog->sql_select_by_username(vB_String::htmlSpecialCharsUni($username), vB::getRequest()->getTimeNow() - $this->options['usernamereusedelay'] * 86400)) {
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
return false;
}
}
if ((empty($this->existing['username']) or vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username']) and !empty($this->options['illegalusernames']) and !$this->adminoverride) {
// check for illegal username
$usernames = preg_split('/[ \\r\\n\\t]+/', $this->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($usernames as $val) {
if (strpos(strtolower($username), strtolower($val)) !== false) {
// wierd error to show, but hey...
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
return false;
}
}
}
$unregisteredphrases = $this->assertor->getRows('phrase', array('varname' => 'unregistered', 'fieldname' => 'global'));
//while ($unregisteredphrase = $this->registry->db->fetch_array($unregisteredphrases))
foreach ($unregisteredphrases as $unregisteredphrase) {
if (strtolower($unregisteredphrase['text']) == strtolower($username) or strtolower($unregisteredphrase['text']) == strtolower($username_raw)) {
//$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'));
return false;
}
}
// if we got here, everything is okay
$username = vB_String::htmlSpecialCharsUni($username);
// remove any trailing HTML entities that will be cut off when we stick them in the DB.
// if we don't do this, the affected person won't be able to login, be banned, etc...
$column_info = $this->assertor->getRow('getColumnUsername', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'field' => 'username'));
if (preg_match('#char\\((\\d+)\\)#i', $column_info['Type'], $match) and $match[1] > 0) {
$username = preg_replace('/&([a-z0-9#]*)$/i', '', substr($username, 0, $match[1]));
}
$username = trim($username);
return true;
}
/**
* Verifies that the provided username is valid, and attempts to correct it if it is not valid
*
* @param string Username
*
* @return boolean Returns true if the username is valid, or has been corrected to be valid
*/
function verify_username(&$username)
{
// fix extra whitespace and invisible ascii stuff
$username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
$username_raw = $username;
global $stylevar;
$username = preg_replace('/&#([0-9]+);/ie', "convert_unicode_char_to_charset('\\1', \$stylevar['charset'])", $username);
$username = preg_replace('/�*([0-9]{1,2}|1[01][0-9]|12[0-7]);/ie', "convert_int_to_utf8('\\1')", $username);
$username = str_replace(chr(0), '', $username);
$username = trim($username);
$length = vbstrlen($username);
if ($length == 0) {
// check for empty string
$this->error('fieldmissing_username');
return false;
} else {
if ($length < $this->registry->options['minuserlength'] and !$this->adminoverride) {
// name too short
$this->error('usernametooshort', $this->registry->options['minuserlength']);
return false;
} else {
if ($length > $this->registry->options['maxuserlength'] and !$this->adminoverride) {
// name too long
$this->error('usernametoolong', $this->registry->options['maxuserlength']);
return false;
} else {
if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
// name contains semicolons
$this->error('username_contains_semi_colons');
return false;
} else {
if ($username != fetch_censored_text($username) and !$this->adminoverride) {
// name contains censored words
$this->error('censorfield', $this->registry->options['contactuslink']);
return false;
} else {
if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and $user = $this->dbobject->query_first("\n\t\t\tSELECT userid, username FROM " . TABLE_PREFIX . "user\n\t\t\tWHERE userid != " . intval($this->existing['userid']) . "\n\t\t\tAND\n\t\t\t(\n\t\t\t\tusername = '******'\n\t\t\t\tOR\n\t\t\t\tusername = '******'\n\t\t\t)\n\t\t")) {
// name is already in use
if ($this->error_handler == ERRTYPE_CP) {
$this->error('usernametaken_edit_here', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl'], $user['userid']);
} else {
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
}
return false;
}
}
}
}
}
}
if (!empty($this->registry->options['usernameregex']) and !$this->adminoverride) {
// check for regex compliance
if (!preg_match('#' . str_replace('#', '\\#', $this->registry->options['usernameregex']) . '#siU', $username)) {
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and !$this->adminoverride and $this->registry->options['usernamereusedelay'] > 0) {
require_once DIR . '/includes/class_userchangelog.php';
$userchangelog = new vB_UserChangeLog($this->registry);
$userchangelog->set_execute(true);
$userchangelog->set_just_count(true);
if ($userchangelog->sql_select_by_username(htmlspecialchars_uni($username), TIMENOW - $this->registry->options['usernamereusedelay'] * 86400)) {
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and !empty($this->registry->options['illegalusernames']) and !$this->adminoverride) {
// check for illegal username
$usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($usernames as $val) {
if (strpos(strtolower($username), strtolower($val)) !== false) {
// wierd error to show, but hey...
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
}
$unregisteredphrases = $this->registry->db->query_read("\n\t\t\tSELECT text\n\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\tWHERE varname = 'unregistered'\n\t\t\t\tAND fieldname = 'global'\n\t\t");
while ($unregisteredphrase = $this->registry->db->fetch_array($unregisteredphrases)) {
if (strtolower($unregisteredphrase['text']) == strtolower($username) or strtolower($unregisteredphrase['text']) == strtolower($username_raw)) {
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
// if we got here, everything is okay
$username = htmlspecialchars_uni($username);
// remove any trailing HTML entities that will be cut off when we stick them in the DB.
// if we don't do this, the affected person won't be able to login, be banned, etc...
$column_info = $this->dbobject->query_first("SHOW COLUMNS FROM " . TABLE_PREFIX . "user LIKE 'username'");
if (preg_match('#char\\((\\d+)\\)#i', $column_info['Type'], $match) and $match[1] > 0) {
$username = preg_replace('/&([a-z0-9#]*)$/i', '', substr($username, 0, $match[1]));
}
return true;
}
