PHP NUKE 7.9 : /includes/functions

[Sommaire] [Imprimer]
   1  <?php
   2  /***************************************************************************
   3   *                          functions_validate.php
   4   *                            -------------------
   5   *   begin                : Saturday, Feb 13, 2001
   6   *   copyright            : (C) 2001 The phpBB Group
   7   *   email                : support@phpbb.com
   8   *
   9   *   Id: functions_validate.php,v 1.6.2.13 2005/07/19 20:01:15 acydburn Exp
  10   *
  11   *
  12   ***************************************************************************/
  13  
  14  /***************************************************************************
  15   *
  16   *   This program is free software; you can redistribute it and/or modify
  17   *   it under the terms of the GNU General Public License as published by
  18   *   the Free Software Foundation; either version 2 of the License, or
  19   *   (at your option) any later version.
  20   *
  21   ***************************************************************************/
  22  
  23  //
  24  // Check to see if the username has been taken, or if it is disallowed.
  25  // Also checks if it includes the " character, which we don't allow in usernames.
  26  // Used for registering, changing names, and posting anonymously with a username
  27  //
  28  
  29  if (!defined('IN_PHPBB')) {
  30      die();
  31  }
  32  
  33  function validate_username($username)
  34  {
  35          global $db, $lang, $userdata;
  36  
  37          // Remove doubled up spaces
  38      $username = preg_replace('#\s+#', ' ', trim($username)); 
  39      $username = phpbb_clean_username($username);
  40  
  41          $sql = "SELECT username
  42                  FROM " . USERS_TABLE . "
  43                  WHERE LOWER(username) = '" . strtolower($username) . "'";
  44          if ($result = $db->sql_query($sql))
  45          {
  46                  if ($row = $db->sql_fetchrow($result))
  47                  {
  48                          if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
  49                          {
  50                                  $db->sql_freeresult($result);
  51                                  return array('error' => true, 'error_msg' => $lang['Username_taken']);
  52                          }
  53                  }
  54          }
  55          $db->sql_freeresult($result);
  56  
  57          $sql = "SELECT group_name
  58                  FROM " . GROUPS_TABLE . "
  59                  WHERE LOWER(group_name) = '" . strtolower($username) . "'";
  60          if ($result = $db->sql_query($sql))
  61          {
  62                  if ($row = $db->sql_fetchrow($result))
  63                  {
  64                          $db->sql_freeresult($result);
  65                          return array('error' => true, 'error_msg' => $lang['Username_taken']);
  66                  }
  67          }
  68          $db->sql_freeresult($result);
  69  
  70          $sql = "SELECT disallow_username
  71                  FROM " . DISALLOW_TABLE;
  72          if ($result = $db->sql_query($sql))
  73          {
  74                  if ($row = $db->sql_fetchrow($result))
  75                  {
  76                          do
  77                          {
  78                                  if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
  79                                  {
  80                                          $db->sql_freeresult($result);
  81                                          return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
  82                                  }
  83                          }
  84                          while($row = $db->sql_fetchrow($result));
  85                  }
  86          }
  87          $db->sql_freeresult($result);
  88  
  89          $sql = "SELECT word
  90                  FROM  " . WORDS_TABLE;
  91          if ($result = $db->sql_query($sql))
  92          {
  93                  if ($row = $db->sql_fetchrow($result))
  94                  {
  95                          do
  96                          {
  97                                  if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username))
  98                                  {
  99                                          $db->sql_freeresult($result);
 100                                          return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
 101                                  }
 102                          }
 103                          while ($row = $db->sql_fetchrow($result));
 104                  }
 105          }
 106          $db->sql_freeresult($result);
 107  
 108          // Don't allow " and ALT-255 in username.
 109          if (strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)))
 110          {
 111                  return array('error' => true, 'error_msg' => $lang['Username_invalid']);
 112          }
 113  
 114          return array('error' => false, 'error_msg' => '');
 115  }
 116  
 117  //
 118  // Check to see if email address is banned
 119  // or already present in the DB
 120  //
 121  function validate_email($email)
 122  {
 123          global $db, $lang;
 124  
 125          if (!empty($email))
 126          {
 127                  if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
 128                  {
 129                          $sql = "SELECT ban_email
 130                                  FROM " . BANLIST_TABLE;
 131                          if ($result = $db->sql_query($sql))
 132                          {
 133                                  if ($row = $db->sql_fetchrow($result))
 134                                  {
 135                                          do
 136                                          {
 137                                                  $match_email = str_replace('*', '.*?', $row['ban_email']);
 138                                                  if (preg_match('/^' . $match_email . '$/is', $email))
 139                                                  {
 140                                                          $db->sql_freeresult($result);
 141                                                          return array('error' => true, 'error_msg' => $lang['Email_banned']);
 142                                                  }
 143                                          }
 144                                          while($row = $db->sql_fetchrow($result));
 145                                  }
 146                          }
 147                          $db->sql_freeresult($result);
 148  
 149                          $sql = "SELECT user_email
 150                                  FROM " . USERS_TABLE . "
 151                                  WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
 152                          if (!($result = $db->sql_query($sql)))
 153                          {
 154                                  message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
 155                          }
 156  
 157                          if ($row = $db->sql_fetchrow($result))
 158                          {
 159                                  return array('error' => true, 'error_msg' => $lang['Email_taken']);
 160                          }
 161                          $db->sql_freeresult($result);
 162  
 163                          return array('error' => false, 'error_msg' => '');
 164                  }
 165          }
 166  
 167          return array('error' => true, 'error_msg' => $lang['Email_invalid']);
 168  }
 169  
 170  //
 171  // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
 172  // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
 173  //
 174  function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
 175  {
 176          $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
 177  
 178          for($i = 0; $i < count($check_var_length); $i++)
 179          {
 180                  if (strlen($$check_var_length[$i]) < 2)
 181                  {
 182                          $$check_var_length[$i] = '';
 183                  }
 184          }
 185  
 186          // ICQ number has to be only numbers.
 187          if (!preg_match('/^[0-9]+$/', $icq))
 188          {
 189                  $icq = '';
 190          }
 191  
 192          // website has to start with http://, followed by something with length at least 3 that
 193          // contains at least one dot.
 194          if ($website != "")
 195          {
 196                  if (!preg_match('#^http[s]?:\/\/#i', $website))
 197                  {
 198                          $website = 'http://' . $website;
 199                  }
 200  
 201                  if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
 202                  {
 203                          $website = '';
 204                  }
 205          }
 206  
 207          return;
 208  }
 209  
 210  ?>
Code source de PHP NUKE 7.9

/includes/ -> functions_validate.php (source)
