| 130 |
kaklik |
1 |
<?php |
|
|
2 |
/*************************************************************************** |
|
|
3 |
* functions_validate.php |
|
|
4 |
* ------------------- |
|
|
5 |
* begin : Saturday, Feb 13, 2001 |
|
|
6 |
* copyright : (C) 2001 The phpBB Group |
|
|
7 |
* email : support@phpbb.com |
|
|
8 |
* |
|
|
9 |
* $Id: functions_validate.php,v 1.6.2.15 2005/10/30 15:17:14 acydburn Exp $ |
|
|
10 |
* |
|
|
11 |
* |
|
|
12 |
***************************************************************************/ |
|
|
13 |
|
|
|
14 |
/*************************************************************************** |
|
|
15 |
* |
|
|
16 |
* This program is free software; you can redistribute it and/or modify |
|
|
17 |
* it under the terms of the GNU General Public License as published by |
|
|
18 |
* the Free Software Foundation; either version 2 of the License, or |
|
|
19 |
* (at your option) any later version. |
|
|
20 |
* |
|
|
21 |
***************************************************************************/ |
|
|
22 |
|
|
|
23 |
// |
|
|
24 |
// Check to see if the username has been taken, or if it is disallowed. |
|
|
25 |
// Also checks if it includes the " character, which we don't allow in usernames. |
|
|
26 |
// Used for registering, changing names, and posting anonymously with a username |
|
|
27 |
// |
|
|
28 |
function validate_username($username) |
|
|
29 |
{ |
|
|
30 |
global $db, $lang, $userdata; |
|
|
31 |
|
|
|
32 |
// Remove doubled up spaces |
|
|
33 |
$username = preg_replace('#\s+#', ' ', trim($username)); |
|
|
34 |
$username = phpbb_clean_username($username); |
|
|
35 |
|
|
|
36 |
$sql = "SELECT username |
|
|
37 |
FROM " . USERS_TABLE . " |
|
|
38 |
WHERE LOWER(username) = '" . strtolower($username) . "'"; |
|
|
39 |
if ($result = $db->sql_query($sql)) |
|
|
40 |
{ |
|
|
41 |
while ($row = $db->sql_fetchrow($result)) |
|
|
42 |
{ |
|
|
43 |
if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) |
|
|
44 |
{ |
|
|
45 |
$db->sql_freeresult($result); |
|
|
46 |
return array('error' => true, 'error_msg' => $lang['Username_taken']); |
|
|
47 |
} |
|
|
48 |
} |
|
|
49 |
} |
|
|
50 |
$db->sql_freeresult($result); |
|
|
51 |
|
|
|
52 |
$sql = "SELECT group_name |
|
|
53 |
FROM " . GROUPS_TABLE . " |
|
|
54 |
WHERE LOWER(group_name) = '" . strtolower($username) . "'"; |
|
|
55 |
if ($result = $db->sql_query($sql)) |
|
|
56 |
{ |
|
|
57 |
if ($row = $db->sql_fetchrow($result)) |
|
|
58 |
{ |
|
|
59 |
$db->sql_freeresult($result); |
|
|
60 |
return array('error' => true, 'error_msg' => $lang['Username_taken']); |
|
|
61 |
} |
|
|
62 |
} |
|
|
63 |
$db->sql_freeresult($result); |
|
|
64 |
|
|
|
65 |
$sql = "SELECT disallow_username |
|
|
66 |
FROM " . DISALLOW_TABLE; |
|
|
67 |
if ($result = $db->sql_query($sql)) |
|
|
68 |
{ |
|
|
69 |
if ($row = $db->sql_fetchrow($result)) |
|
|
70 |
{ |
|
|
71 |
do |
|
|
72 |
{ |
|
|
73 |
if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) |
|
|
74 |
{ |
|
|
75 |
$db->sql_freeresult($result); |
|
|
76 |
return array('error' => true, 'error_msg' => $lang['Username_disallowed']); |
|
|
77 |
} |
|
|
78 |
} |
|
|
79 |
while($row = $db->sql_fetchrow($result)); |
|
|
80 |
} |
|
|
81 |
} |
|
|
82 |
$db->sql_freeresult($result); |
|
|
83 |
|
|
|
84 |
$sql = "SELECT word |
|
|
85 |
FROM " . WORDS_TABLE; |
|
|
86 |
if ($result = $db->sql_query($sql)) |
|
|
87 |
{ |
|
|
88 |
if ($row = $db->sql_fetchrow($result)) |
|
|
89 |
{ |
|
|
90 |
do |
|
|
91 |
{ |
|
|
92 |
if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username)) |
|
|
93 |
{ |
|
|
94 |
$db->sql_freeresult($result); |
|
|
95 |
return array('error' => true, 'error_msg' => $lang['Username_disallowed']); |
|
|
96 |
} |
|
|
97 |
} |
|
|
98 |
while ($row = $db->sql_fetchrow($result)); |
|
|
99 |
} |
|
|
100 |
} |
|
|
101 |
$db->sql_freeresult($result); |
|
|
102 |
|
|
|
103 |
// Don't allow " and ALT-255 in username. |
|
|
104 |
if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160))) |
|
|
105 |
{ |
|
|
106 |
return array('error' => true, 'error_msg' => $lang['Username_invalid']); |
|
|
107 |
} |
|
|
108 |
|
|
|
109 |
return array('error' => false, 'error_msg' => ''); |
|
|
110 |
} |
|
|
111 |
|
|
|
112 |
// |
|
|
113 |
// Check to see if email address is banned |
|
|
114 |
// or already present in the DB |
|
|
115 |
// |
|
|
116 |
function validate_email($email) |
|
|
117 |
{ |
|
|
118 |
global $db, $lang; |
|
|
119 |
|
|
|
120 |
if ($email != '') |
|
|
121 |
{ |
|
|
122 |
if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)) |
|
|
123 |
{ |
|
|
124 |
$sql = "SELECT ban_email |
|
|
125 |
FROM " . BANLIST_TABLE; |
|
|
126 |
if ($result = $db->sql_query($sql)) |
|
|
127 |
{ |
|
|
128 |
if ($row = $db->sql_fetchrow($result)) |
|
|
129 |
{ |
|
|
130 |
do |
|
|
131 |
{ |
|
|
132 |
$match_email = str_replace('*', '.*?', $row['ban_email']); |
|
|
133 |
if (preg_match('/^' . $match_email . '$/is', $email)) |
|
|
134 |
{ |
|
|
135 |
$db->sql_freeresult($result); |
|
|
136 |
return array('error' => true, 'error_msg' => $lang['Email_banned']); |
|
|
137 |
} |
|
|
138 |
} |
|
|
139 |
while($row = $db->sql_fetchrow($result)); |
|
|
140 |
} |
|
|
141 |
} |
|
|
142 |
$db->sql_freeresult($result); |
|
|
143 |
|
|
|
144 |
$sql = "SELECT user_email |
|
|
145 |
FROM " . USERS_TABLE . " |
|
|
146 |
WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; |
|
|
147 |
if (!($result = $db->sql_query($sql))) |
|
|
148 |
{ |
|
|
149 |
message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); |
|
|
150 |
} |
|
|
151 |
|
|
|
152 |
if ($row = $db->sql_fetchrow($result)) |
|
|
153 |
{ |
|
|
154 |
return array('error' => true, 'error_msg' => $lang['Email_taken']); |
|
|
155 |
} |
|
|
156 |
$db->sql_freeresult($result); |
|
|
157 |
|
|
|
158 |
return array('error' => false, 'error_msg' => ''); |
|
|
159 |
} |
|
|
160 |
} |
|
|
161 |
|
|
|
162 |
return array('error' => true, 'error_msg' => $lang['Email_invalid']); |
|
|
163 |
} |
|
|
164 |
|
|
|
165 |
// |
|
|
166 |
// Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags() |
|
|
167 |
// to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail. |
|
|
168 |
// |
|
|
169 |
function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig) |
|
|
170 |
{ |
|
|
171 |
$check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig'); |
|
|
172 |
|
|
|
173 |
for($i = 0; $i < count($check_var_length); $i++) |
|
|
174 |
{ |
|
|
175 |
if (strlen($$check_var_length[$i]) < 2) |
|
|
176 |
{ |
|
|
177 |
$$check_var_length[$i] = ''; |
|
|
178 |
} |
|
|
179 |
} |
|
|
180 |
|
|
|
181 |
// ICQ number has to be only numbers. |
|
|
182 |
if (!preg_match('/^[0-9]+$/', $icq)) |
|
|
183 |
{ |
|
|
184 |
$icq = ''; |
|
|
185 |
} |
|
|
186 |
|
|
|
187 |
// website has to start with http://, followed by something with length at least 3 that |
|
|
188 |
// contains at least one dot. |
|
|
189 |
if ($website != "") |
|
|
190 |
{ |
|
|
191 |
if (!preg_match('#^http[s]?:\/\/#i', $website)) |
|
|
192 |
{ |
|
|
193 |
$website = 'http://' . $website; |
|
|
194 |
} |
|
|
195 |
|
|
|
196 |
if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) |
|
|
197 |
{ |
|
|
198 |
$website = ''; |
|
|
199 |
} |
|
|
200 |
} |
|
|
201 |
|
|
|
202 |
return; |
|
|
203 |
} |
|
|
204 |
|
|
|
205 |
?> |