<?php/**************************************************************************** functions_validate.php* -------------------* begin : Saturday, Feb 13, 2001* copyright : (C) 2001 The phpBB Group* email : support@phpbb.com** $Id: functions_validate.php,v 1.6.2.15 2005/10/30 15:17:14 acydburn Exp $*****************************************************************************//***************************************************************************** This program is free software; you can redistribute it and/or modify* it under the terms of the GNU General Public License as published by* the Free Software Foundation; either version 2 of the License, or* (at your option) any later version.****************************************************************************///// Check to see if the username has been taken, or if it is disallowed.// Also checks if it includes the " character, which we don't allow in usernames.// Used for registering, changing names, and posting anonymously with a username//function validate_username($username){global $db, $lang, $userdata;// Remove doubled up spaces$username = preg_replace('#\s+#', ' ', trim($username));$username = phpbb_clean_username($username);$sql = "SELECT usernameFROM " . USERS_TABLE . "WHERE LOWER(username) = '" . strtolower($username) . "'";if ($result = $db->sql_query($sql)){while ($row = $db->sql_fetchrow($result)){if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']){$db->sql_freeresult($result);return array('error' => true, 'error_msg' => $lang['Username_taken']);}}}$db->sql_freeresult($result);$sql = "SELECT group_nameFROM " . GROUPS_TABLE . "WHERE LOWER(group_name) = '" . strtolower($username) . "'";if ($result = $db->sql_query($sql)){if ($row = $db->sql_fetchrow($result)){$db->sql_freeresult($result);return array('error' => true, 'error_msg' => $lang['Username_taken']);}}$db->sql_freeresult($result);$sql = "SELECT disallow_usernameFROM " . DISALLOW_TABLE;if ($result = $db->sql_query($sql)){if ($row = $db->sql_fetchrow($result)){do{if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)){$db->sql_freeresult($result);return array('error' => true, 'error_msg' => $lang['Username_disallowed']);}}while($row = $db->sql_fetchrow($result));}}$db->sql_freeresult($result);$sql = "SELECT wordFROM " . WORDS_TABLE;if ($result = $db->sql_query($sql)){if ($row = $db->sql_fetchrow($result)){do{if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username)){$db->sql_freeresult($result);return array('error' => true, 'error_msg' => $lang['Username_disallowed']);}}while ($row = $db->sql_fetchrow($result));}}$db->sql_freeresult($result);// Don't allow " and ALT-255 in username.if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160))){return array('error' => true, 'error_msg' => $lang['Username_invalid']);}return array('error' => false, 'error_msg' => '');}//// Check to see if email address is banned// or already present in the DB//function validate_email($email){global $db, $lang;if ($email != ''){if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)){$sql = "SELECT ban_emailFROM " . BANLIST_TABLE;if ($result = $db->sql_query($sql)){if ($row = $db->sql_fetchrow($result)){do{$match_email = str_replace('*', '.*?', $row['ban_email']);if (preg_match('/^' . $match_email . '$/is', $email)){$db->sql_freeresult($result);return array('error' => true, 'error_msg' => $lang['Email_banned']);}}while($row = $db->sql_fetchrow($result));}}$db->sql_freeresult($result);$sql = "SELECT user_emailFROM " . USERS_TABLE . "WHERE user_email = '" . str_replace("\'", "''", $email) . "'";if (!($result = $db->sql_query($sql))){message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);}if ($row = $db->sql_fetchrow($result)){return array('error' => true, 'error_msg' => $lang['Email_taken']);}$db->sql_freeresult($result);return array('error' => false, 'error_msg' => '');}}return array('error' => true, 'error_msg' => $lang['Email_invalid']);}//// Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()// to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.//function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig){$check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');for($i = 0; $i < count($check_var_length); $i++){if (strlen($$check_var_length[$i]) < 2){$$check_var_length[$i] = '';}}// ICQ number has to be only numbers.if (!preg_match('/^[0-9]+$/', $icq)){$icq = '';}// website has to start with http://, followed by something with length at least 3 that// contains at least one dot.if ($website != ""){if (!preg_match('#^http[s]?:\/\/#i', $website)){$website = 'http://' . $website;}if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)){$website = '';}}return;}?>