예제 #1
1
 /**
  * Verifies that the provided username is valid, and attempts to correct it if it is not valid
  *
  * @param	string	Username
  *
  * @return	boolean	Returns true if the username is valid, or has been corrected to be valid
  */
 function verify_username(&$username)
 {
     // fix extra whitespace and invisible ascii stuff
     $username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
     $username_raw = $username;
     if (strtolower(vB_String::getCharset()) !== 'utf-8') {
         // Following lines don't work for UTF-8. See VBV-3225.
         $username = vB_String::cleanUserName($username);
     }
     $username = str_replace(chr(0), '', $username);
     $username = trim($username);
     if (empty($this->existing['userid'])) {
         $this->existing['userid'] = false;
     }
     if (empty($this->existing['username'])) {
         if ($this->existing['userid']) {
             $userInfo = $this->assertor->getRow('user', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'userid' => $this->existing['userid']));
             $this->existing['username'] = $userInfo['username'];
         } else {
             $this->existing['username'] = false;
         }
     }
     // check length only if it's a new user or if the username changed
     if ($this->existing['username'] === false or $username != $this->existing['username']) {
         $length = iconv_strlen($username, vB_String::getCharset());
         // We shouldn't use vB_String::vbStrlen() as it will count &xxx; as one character.
         if ($length == 0) {
             // check for empty string
             $this->error('fieldmissing_username');
             return false;
         } else {
             if ($length < $this->options['minuserlength'] and !$this->adminoverride) {
                 // name too short
                 $this->error('usernametooshort', $this->options['minuserlength']);
                 return false;
             } else {
                 if ($length > $this->options['maxuserlength'] and !$this->adminoverride) {
                     // name too long
                     $this->error('usernametoolong', $this->options['maxuserlength']);
                     return false;
                 } else {
                     if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
                         // name contains semicolons
                         $this->error('username_contains_semi_colons');
                         return false;
                     } else {
                         if ($username != fetch_censored_text($username) and !$this->adminoverride) {
                             // name contains censored words
                             $this->error('censorfield');
                             return false;
                         }
                     }
                 }
             }
         }
         /*else if (vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username'] AND $user = $this->dbobject->query_first("
         			SELECT userid, username FROM " . TABLE_PREFIX . "user
         			WHERE userid != " . intval($this->existing['userid']) . "
         			AND
         			(
         				username = '******'
         				OR
         				username = '******'
         			)
         		"))*/
     }
     if ((empty($this->existing['username']) or vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username']) and $user = $this->assertor->getRow('getUsernameAndId', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => intval($this->existing['userid']), 'username' => vB_String::htmlSpecialCharsUni($username), 'username_raw' => vB_String::htmlSpecialCharsUni($username_raw)))) {
         // name is already in use
         if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_CP) {
             $this->error('usernametaken_edit_here', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'), $user['userid']);
         } else {
             $this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'));
         }
         return false;
     }
     if (!empty($this->options['usernameregex']) and !$this->adminoverride) {
         // check for regex compliance
         if (!preg_match('#' . str_replace('#', '\\#', $this->options['usernameregex']) . '#siU', $username)) {
             $this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
             return false;
         }
     }
     if (!empty($this->existing['username']) and (vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username'] and !$this->adminoverride and $this->options['usernamereusedelay'] > 0)) {
         require_once DIR . '/includes/class_userchangelog.php';
         $userchangelog = new vB_UserChangeLog($this->registry);
         $userchangelog->set_execute(true);
         $userchangelog->set_just_count(true);
         if ($userchangelog->sql_select_by_username(vB_String::htmlSpecialCharsUni($username), vB::getRequest()->getTimeNow() - $this->options['usernamereusedelay'] * 86400)) {
             $this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
             return false;
         }
     }
     if ((empty($this->existing['username']) or vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username']) and !empty($this->options['illegalusernames']) and !$this->adminoverride) {
         // check for illegal username
         $usernames = preg_split('/[ \\r\\n\\t]+/', $this->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
         foreach ($usernames as $val) {
             if (strpos(strtolower($username), strtolower($val)) !== false) {
                 // wierd error to show, but hey...
                 $this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
                 return false;
             }
         }
     }
     $unregisteredphrases = $this->assertor->getRows('phrase', array('varname' => 'unregistered', 'fieldname' => 'global'));
     //while ($unregisteredphrase = $this->registry->db->fetch_array($unregisteredphrases))
     foreach ($unregisteredphrases as $unregisteredphrase) {
         if (strtolower($unregisteredphrase['text']) == strtolower($username) or strtolower($unregisteredphrase['text']) == strtolower($username_raw)) {
             //$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
             $this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'));
             return false;
         }
     }
     // if we got here, everything is okay
     $username = vB_String::htmlSpecialCharsUni($username);
     // remove any trailing HTML entities that will be cut off when we stick them in the DB.
     // if we don't do this, the affected person won't be able to login, be banned, etc...
     $column_info = $this->assertor->getRow('getColumnUsername', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'field' => 'username'));
     if (preg_match('#char\\((\\d+)\\)#i', $column_info['Type'], $match) and $match[1] > 0) {
         $username = preg_replace('/&([a-z0-9#]*)$/i', '', substr($username, 0, $match[1]));
     }
     $username = trim($username);
     return true;
 }
예제 #2
0
 /**
  * Verifies that the provided username is valid, and attempts to correct it if it is not valid
  *
  * @param	string	Username
  *
  * @return	boolean	Returns true if the username is valid, or has been corrected to be valid
  */
 function verify_username(&$username)
 {
     // fix extra whitespace and invisible ascii stuff
     $username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
     $username_raw = $username;
     global $stylevar;
     $username = preg_replace('/&#([0-9]+);/ie', "convert_unicode_char_to_charset('\\1', \$stylevar['charset'])", $username);
     $username = preg_replace('/&#0*([0-9]{1,2}|1[01][0-9]|12[0-7]);/ie', "convert_int_to_utf8('\\1')", $username);
     $username = str_replace(chr(0), '', $username);
     $username = trim($username);
     $length = vbstrlen($username);
     if ($length == 0) {
         // check for empty string
         $this->error('fieldmissing_username');
         return false;
     } else {
         if ($length < $this->registry->options['minuserlength'] and !$this->adminoverride) {
             // name too short
             $this->error('usernametooshort', $this->registry->options['minuserlength']);
             return false;
         } else {
             if ($length > $this->registry->options['maxuserlength'] and !$this->adminoverride) {
                 // name too long
                 $this->error('usernametoolong', $this->registry->options['maxuserlength']);
                 return false;
             } else {
                 if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
                     // name contains semicolons
                     $this->error('username_contains_semi_colons');
                     return false;
                 } else {
                     if ($username != fetch_censored_text($username) and !$this->adminoverride) {
                         // name contains censored words
                         $this->error('censorfield', $this->registry->options['contactuslink']);
                         return false;
                     } else {
                         if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and $user = $this->dbobject->query_first("\n\t\t\tSELECT userid, username FROM " . TABLE_PREFIX . "user\n\t\t\tWHERE userid != " . intval($this->existing['userid']) . "\n\t\t\tAND\n\t\t\t(\n\t\t\t\tusername = '******'\n\t\t\t\tOR\n\t\t\t\tusername = '******'\n\t\t\t)\n\t\t")) {
                             // name is already in use
                             if ($this->error_handler == ERRTYPE_CP) {
                                 $this->error('usernametaken_edit_here', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl'], $user['userid']);
                             } else {
                                 $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
                             }
                             return false;
                         }
                     }
                 }
             }
         }
     }
     if (!empty($this->registry->options['usernameregex']) and !$this->adminoverride) {
         // check for regex compliance
         if (!preg_match('#' . str_replace('#', '\\#', $this->registry->options['usernameregex']) . '#siU', $username)) {
             $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
             return false;
         }
     }
     if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and !$this->adminoverride and $this->registry->options['usernamereusedelay'] > 0) {
         require_once DIR . '/includes/class_userchangelog.php';
         $userchangelog = new vB_UserChangeLog($this->registry);
         $userchangelog->set_execute(true);
         $userchangelog->set_just_count(true);
         if ($userchangelog->sql_select_by_username(htmlspecialchars_uni($username), TIMENOW - $this->registry->options['usernamereusedelay'] * 86400)) {
             $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
             return false;
         }
     }
     if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and !empty($this->registry->options['illegalusernames']) and !$this->adminoverride) {
         // check for illegal username
         $usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
         foreach ($usernames as $val) {
             if (strpos(strtolower($username), strtolower($val)) !== false) {
                 // wierd error to show, but hey...
                 $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
                 return false;
             }
         }
     }
     $unregisteredphrases = $this->registry->db->query_read("\n\t\t\tSELECT text\n\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\tWHERE varname = 'unregistered'\n\t\t\t\tAND fieldname = 'global'\n\t\t");
     while ($unregisteredphrase = $this->registry->db->fetch_array($unregisteredphrases)) {
         if (strtolower($unregisteredphrase['text']) == strtolower($username) or strtolower($unregisteredphrase['text']) == strtolower($username_raw)) {
             $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
             return false;
         }
     }
     // if we got here, everything is okay
     $username = htmlspecialchars_uni($username);
     // remove any trailing HTML entities that will be cut off when we stick them in the DB.
     // if we don't do this, the affected person won't be able to login, be banned, etc...
     $column_info = $this->dbobject->query_first("SHOW COLUMNS FROM " . TABLE_PREFIX . "user LIKE 'username'");
     if (preg_match('#char\\((\\d+)\\)#i', $column_info['Type'], $match) and $match[1] > 0) {
         $username = preg_replace('/&([a-z0-9#]*)$/i', '', substr($username, 0, $match[1]));
     }
     return true;
 }