[Summary view] [Print] [Text view]

   1  <?php
   2  /***************************************************************************
   3   *                          functions_validate.php
   4   *                            -------------------
   5   *   begin                : Saturday, Feb 13, 2001
   6   *   copyright            : (C) 2001 The phpBB Group
   7   *   email                : support@phpbb.com
   8   *
   9   *   $Id: functions_validate.php 8361 2008-02-01 12:49:38Z acydburn $
  10   *
  11   *
  12   ***************************************************************************/
  13  
  14  /***************************************************************************
  15   *
  16   *   This program is free software; you can redistribute it and/or modify
  17   *   it under the terms of the GNU General Public License as published by
  18   *   the Free Software Foundation; either version 2 of the License, or
  19   *   (at your option) any later version.
  20   *
  21   ***************************************************************************/
  22  
  23  //
  24  // Check to see if the username has been taken, or if it is disallowed.
  25  // Also checks if it includes the " character, which we don't allow in usernames.
  26  // Used for registering, changing names, and posting anonymously with a username
  27  //
  28  function validate_username($username)
  29  {
  30      global $db, $lang, $userdata;
  31  
  32      // Remove doubled up spaces
  33      $username = preg_replace('#\s+#', ' ', trim($username)); 
  34      $username = phpbb_clean_username($username);
  35  
  36      $sql = "SELECT username 
  37          FROM " . USERS_TABLE . "
  38          WHERE LOWER(username) = '" . strtolower($username) . "'";
  39      if ($result = $db->sql_query($sql))
  40      {
  41          while ($row = $db->sql_fetchrow($result))
  42          {
  43              if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
  44              {
  45                  $db->sql_freeresult($result);
  46                  return array('error' => true, 'error_msg' => $lang['Username_taken']);
  47              }
  48          }
  49      }
  50      $db->sql_freeresult($result);
  51  
  52      $sql = "SELECT group_name
  53          FROM " . GROUPS_TABLE . " 
  54          WHERE LOWER(group_name) = '" . strtolower($username) . "'";
  55      if ($result = $db->sql_query($sql))
  56      {
  57          if ($row = $db->sql_fetchrow($result))
  58          {
  59              $db->sql_freeresult($result);
  60              return array('error' => true, 'error_msg' => $lang['Username_taken']);
  61          }
  62      }
  63      $db->sql_freeresult($result);
  64  
  65      $sql = "SELECT disallow_username
  66          FROM " . DISALLOW_TABLE;
  67      if ($result = $db->sql_query($sql))
  68      {
  69          if ($row = $db->sql_fetchrow($result))
  70          {
  71              do
  72              {
  73                  if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
  74                  {
  75                      $db->sql_freeresult($result);
  76                      return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
  77                  }
  78              }
  79              while($row = $db->sql_fetchrow($result));
  80          }
  81      }
  82      $db->sql_freeresult($result);
  83  
  84      $sql = "SELECT word 
  85          FROM  " . WORDS_TABLE;
  86      if ($result = $db->sql_query($sql))
  87      {
  88          if ($row = $db->sql_fetchrow($result))
  89          {
  90              do
  91              {
  92                  if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username))
  93                  {
  94                      $db->sql_freeresult($result);
  95                      return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
  96                  }
  97              }
  98              while ($row = $db->sql_fetchrow($result));
  99          }
 100      }
 101      $db->sql_freeresult($result);
 102  
 103      // Don't allow " and ALT-255 in username.
 104      if (strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)) || strstr($username, chr(173)))
 105      {
 106          return array('error' => true, 'error_msg' => $lang['Username_invalid']);
 107      }
 108  
 109      return array('error' => false, 'error_msg' => '');
 110  }
 111  
 112  //
 113  // Check to see if email address is banned
 114  // or already present in the DB
 115  //
 116  function validate_email($email)
 117  {
 118      global $db, $lang;
 119  
 120      if ($email != '')
 121      {
 122          if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
 123          {
 124              $sql = "SELECT ban_email
 125                  FROM " . BANLIST_TABLE;
 126              if ($result = $db->sql_query($sql))
 127              {
 128                  if ($row = $db->sql_fetchrow($result))
 129                  {
 130                      do
 131                      {
 132                          $match_email = str_replace('*', '.*?', $row['ban_email']);
 133                          if (preg_match('/^' . $match_email . '$/is', $email))
 134                          {
 135                              $db->sql_freeresult($result);
 136                              return array('error' => true, 'error_msg' => $lang['Email_banned']);
 137                          }
 138                      }
 139                      while($row = $db->sql_fetchrow($result));
 140                  }
 141              }
 142              $db->sql_freeresult($result);
 143  
 144              $sql = "SELECT user_email
 145                  FROM " . USERS_TABLE . "
 146                  WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
 147              if (!($result = $db->sql_query($sql)))
 148              {
 149                  message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
 150              }
 151          
 152              if ($row = $db->sql_fetchrow($result))
 153              {
 154                  return array('error' => true, 'error_msg' => $lang['Email_taken']);
 155              }
 156              $db->sql_freeresult($result);
 157  
 158              return array('error' => false, 'error_msg' => '');
 159          }
 160      }
 161  
 162      return array('error' => true, 'error_msg' => $lang['Email_invalid']);
 163  }
 164  
 165  //
 166  // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
 167  // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
 168  //
 169  function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
 170  {
 171      $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
 172  
 173      for($i = 0; $i < count($check_var_length); $i++)
 174      {
 175          if (strlen($$check_var_length[$i]) < 2)
 176          {
 177              $$check_var_length[$i] = '';
 178          }
 179      }
 180  
 181      // ICQ number has to be only numbers.
 182      if (!preg_match('/^[0-9]+$/', $icq))
 183      {
 184          $icq = '';
 185      }
 186      
 187      // website has to start with http://, followed by something with length at least 3 that
 188      // contains at least one dot.
 189      if ($website != "")
 190      {
 191          if (!preg_match('#^http[s]?:\/\/#i', $website))
 192          {
 193              $website = 'http://' . $website;
 194          }
 195  
 196          if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
 197          {
 198              $website = '';
 199          }
 200      }
 201  
 202      return;
 203  }
 204  
 205  ?>