[ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /*************************************************************************** 3 * functions_validate.php 4 * ------------------- 5 * begin : Saturday, Feb 13, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * $Id: functions_validate.php 8361 2008-02-01 12:49:38Z acydburn $ 10 * 11 * 12 ***************************************************************************/ 13 14 /*************************************************************************** 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License as published by 18 * the Free Software Foundation; either version 2 of the License, or 19 * (at your option) any later version. 20 * 21 ***************************************************************************/ 22 23 // 24 // Check to see if the username has been taken, or if it is disallowed. 25 // Also checks if it includes the " character, which we don't allow in usernames. 26 // Used for registering, changing names, and posting anonymously with a username 27 // 28 function validate_username($username) 29 { 30 global $db, $lang, $userdata; 31 32 // Remove doubled up spaces 33 $username = preg_replace('#\s+#', ' ', trim($username)); 34 $username = phpbb_clean_username($username); 35 36 $sql = "SELECT username 37 FROM " . USERS_TABLE . " 38 WHERE LOWER(username) = '" . strtolower($username) . "'"; 39 if ($result = $db->sql_query($sql)) 40 { 41 while ($row = $db->sql_fetchrow($result)) 42 { 43 if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) 44 { 45 $db->sql_freeresult($result); 46 return array('error' => true, 'error_msg' => $lang['Username_taken']); 47 } 48 } 49 } 50 $db->sql_freeresult($result); 51 52 $sql = "SELECT group_name 53 FROM " . GROUPS_TABLE . " 54 WHERE LOWER(group_name) = '" . strtolower($username) . "'"; 55 if ($result = $db->sql_query($sql)) 56 { 57 if ($row = $db->sql_fetchrow($result)) 58 { 59 $db->sql_freeresult($result); 60 return array('error' => true, 'error_msg' => $lang['Username_taken']); 61 } 62 } 63 $db->sql_freeresult($result); 64 65 $sql = "SELECT disallow_username 66 FROM " . DISALLOW_TABLE; 67 if ($result = $db->sql_query($sql)) 68 { 69 if ($row = $db->sql_fetchrow($result)) 70 { 71 do 72 { 73 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) 74 { 75 $db->sql_freeresult($result); 76 return array('error' => true, 'error_msg' => $lang['Username_disallowed']); 77 } 78 } 79 while($row = $db->sql_fetchrow($result)); 80 } 81 } 82 $db->sql_freeresult($result); 83 84 $sql = "SELECT word 85 FROM " . WORDS_TABLE; 86 if ($result = $db->sql_query($sql)) 87 { 88 if ($row = $db->sql_fetchrow($result)) 89 { 90 do 91 { 92 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username)) 93 { 94 $db->sql_freeresult($result); 95 return array('error' => true, 'error_msg' => $lang['Username_disallowed']); 96 } 97 } 98 while ($row = $db->sql_fetchrow($result)); 99 } 100 } 101 $db->sql_freeresult($result); 102 103 // Don't allow " and ALT-255 in username. 104 if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)) || strstr($username, chr(173))) 105 { 106 return array('error' => true, 'error_msg' => $lang['Username_invalid']); 107 } 108 109 return array('error' => false, 'error_msg' => ''); 110 } 111 112 // 113 // Check to see if email address is banned 114 // or already present in the DB 115 // 116 function validate_email($email) 117 { 118 global $db, $lang; 119 120 if ($email != '') 121 { 122 if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)) 123 { 124 $sql = "SELECT ban_email 125 FROM " . BANLIST_TABLE; 126 if ($result = $db->sql_query($sql)) 127 { 128 if ($row = $db->sql_fetchrow($result)) 129 { 130 do 131 { 132 $match_email = str_replace('*', '.*?', $row['ban_email']); 133 if (preg_match('/^' . $match_email . '$/is', $email)) 134 { 135 $db->sql_freeresult($result); 136 return array('error' => true, 'error_msg' => $lang['Email_banned']); 137 } 138 } 139 while($row = $db->sql_fetchrow($result)); 140 } 141 } 142 $db->sql_freeresult($result); 143 144 $sql = "SELECT user_email 145 FROM " . USERS_TABLE . " 146 WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; 147 if (!($result = $db->sql_query($sql))) 148 { 149 message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); 150 } 151 152 if ($row = $db->sql_fetchrow($result)) 153 { 154 return array('error' => true, 'error_msg' => $lang['Email_taken']); 155 } 156 $db->sql_freeresult($result); 157 158 return array('error' => false, 'error_msg' => ''); 159 } 160 } 161 162 return array('error' => true, 'error_msg' => $lang['Email_invalid']); 163 } 164 165 // 166 // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags() 167 // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail. 168 // 169 function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig) 170 { 171 $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig'); 172 173 for($i = 0; $i < count($check_var_length); $i++) 174 { 175 if (strlen($$check_var_length[$i]) < 2) 176 { 177 $$check_var_length[$i] = ''; 178 } 179 } 180 181 // ICQ number has to be only numbers. 182 if (!preg_match('/^[0-9]+$/', $icq)) 183 { 184 $icq = ''; 185 } 186 187 // website has to start with http://, followed by something with length at least 3 that 188 // contains at least one dot. 189 if ($website != "") 190 { 191 if (!preg_match('#^http[s]?:\/\/#i', $website)) 192 { 193 $website = 'http://' . $website; 194 } 195 196 if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) 197 { 198 $website = ''; 199 } 200 } 201 202 return; 203 } 204 205 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Mon Jan 14 19:21:40 2013 | Cross-referenced by PHPXref 0.7.1 |