Verzeichnisstruktur phpBB-2.0.0
- Veröffentlicht
- 03.04.2002
So funktioniert es
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
functions_validate.php
001 <?php
002 /***************************************************************************
003 * functions_validate.php
004 * -------------------
005 * begin : Saturday, Feb 13, 2001
006 * copyright : (C) 2001 The phpBB Group
007 * email : support@phpbb.com
008 *
009 * $Id$
010 *
011 *
012 ***************************************************************************/
013
014 /***************************************************************************
015 *
016 * This program is free software; you can redistribute it and/or modify
017 * it under the terms of the GNU General Public License as published by
018 * the Free Software Foundation; either version 2 of the License, or
019 * (at your option) any later version.
020 *
021 ***************************************************************************/
022
023 //
024 // Check to see if the username has been taken, or if it is disallowed.
025 // Also checks if it includes the " character, which we don't allow in usernames.
026 // Used for registering, changing names, and posting anonymously with a username
027 //
028 function validate_username($username)
029 {
030 global $db, $lang, $userdata;
031
032 // Remove doubled up spaces
033 $username = preg_replace('#\s+#', ' ', trim($username));
034 $username = phpbb_clean_username($username);
035
036 $sql = "SELECT username
037 FROM " . USERS_TABLE . "
038 WHERE LOWER(username) = '" . strtolower($username) . "'";
039 if ($result = $db->sql_query($sql))
040 {
041 while ($row = $db->sql_fetchrow($result))
042 {
043 if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
044 {
045 $db->sql_freeresult($result);
046 return array('error' => true, 'error_msg' => $lang['Username_taken']);
047 }
048 }
049 }
050 $db->sql_freeresult($result);
051
052 $sql = "SELECT group_name
053 FROM " . GROUPS_TABLE . "
054 WHERE LOWER(group_name) = '" . strtolower($username) . "'";
055 if ($result = $db->sql_query($sql))
056 {
057 if ($row = $db->sql_fetchrow($result))
058 {
059 $db->sql_freeresult($result);
060 return array('error' => true, 'error_msg' => $lang['Username_taken']);
061 }
062 }
063 $db->sql_freeresult($result);
064
065 $sql = "SELECT disallow_username
066 FROM " . DISALLOW_TABLE;
067 if ($result = $db->sql_query($sql))
068 {
069 if ($row = $db->sql_fetchrow($result))
070 {
071 do
072 {
073 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
074 {
075 $db->sql_freeresult($result);
076 return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
077 }
078 }
079 while($row = $db->sql_fetchrow($result));
080 }
081 }
082 $db->sql_freeresult($result);
083
084 $sql = "SELECT word
085 FROM " . WORDS_TABLE;
086 if ($result = $db->sql_query($sql))
087 {
088 if ($row = $db->sql_fetchrow($result))
089 {
090 do
091 {
092 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username))
093 {
094 $db->sql_freeresult($result);
095 return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
096 }
097 }
098 while ($row = $db->sql_fetchrow($result));
099 }
100 }
101 $db->sql_freeresult($result);
102
103 // Don't allow " and ALT-255 in username.
104 if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)) || strstr($username, chr(173)))
105 {
106 return array('error' => true, 'error_msg' => $lang['Username_invalid']);
107 }
108
109 return array('error' => false, 'error_msg' => '');
110 }
111
112 //
113 // Check to see if email address is banned
114 // or already present in the DB
115 //
116 function validate_email($email)
117 {
118 global $db, $lang;
119
120 if ($email != '')
121 {
122 if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
123 {
124 $sql = "SELECT ban_email
125 FROM " . BANLIST_TABLE;
126 if ($result = $db->sql_query($sql))
127 {
128 if ($row = $db->sql_fetchrow($result))
129 {
130 do
131 {
132 $match_email = str_replace('*', '.*?', $row['ban_email']);
133 if (preg_match('/^' . $match_email . '$/is', $email))
134 {
135 $db->sql_freeresult($result);
136 return array('error' => true, 'error_msg' => $lang['Email_banned']);
137 }
138 }
139 while($row = $db->sql_fetchrow($result));
140 }
141 }
142 $db->sql_freeresult($result);
143
144 $sql = "SELECT user_email
145 FROM " . USERS_TABLE . "
146 WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
147 if (!($result = $db->sql_query($sql)))
148 {
149 message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
150 }
151
152 if ($row = $db->sql_fetchrow($result))
153 {
154 return array('error' => true, 'error_msg' => $lang['Email_taken']);
155 }
156 $db->sql_freeresult($result);
157
158 return array('error' => false, 'error_msg' => '');
159 }
160 }
161
162 return array('error' => true, 'error_msg' => $lang['Email_invalid']);
163 }
164
165 //
166 // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
167 // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
168 //
169 function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
170 {
171 $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
172
173 for($i = 0; $i < count($check_var_length); $i++)
174 {
175 if (strlen($$check_var_length[$i]) < 2)
176 {
177 $$check_var_length[$i] = '';
178 }
179 }
180
181 // ICQ number has to be only numbers.
182 if (!preg_match('/^[0-9]+$/', $icq))
183 {
184 $icq = '';
185 }
186
187 // website has to start with http://, followed by something with length at least 3 that
188 // contains at least one dot.
189 if ($website != "")
190 {
191 if (!preg_match('#^http[s]?:\/\/#i', $website))
192 {
193 $website = 'http://' . $website;
194 }
195
196 if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
197 {
198 $website = '';
199 }
200 }
201
202 return;
203 }
204
205 ?>