Viewing file: functions_validate.php (5.79 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php /*************************************************************************** * functions_validate.php * ------------------- * begin : Saturday, Feb 13, 2001 * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * * $Id: functions_validate.php,v 1.6.2.12 2003/06/09 19:13:05 psotfx Exp $ * * ***************************************************************************/
/*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/
// // Check to see if the username has been taken, or if it is disallowed. // Also checks if it includes the " character, which we don't allow in usernames. // Used for registering, changing names, and posting anonymously with a username // function validate_username($username) { global $db, $lang, $userdata;
// Remove doubled up spaces $username = preg_replace('#\s+#', ' ', $username); // Limit username length $username = substr(str_replace("\'", "'", $username), 0, 25); $username = str_replace("'", "''", $username);
$sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } $db->sql_freeresult($result);
$sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } $db->sql_freeresult($result);
$sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { do { if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result);
$sql = "SELECT word FROM " . WORDS_TABLE; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { do { if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while ($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result);
// Don't allow " and ALT-255 in username. if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160))) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); }
return array('error' => false, 'error_msg' => ''); }
// // Check to see if email address is banned // or already present in the DB // function validate_email($email) { global $db, $lang;
if ($email != '') { if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { do { $match_email = str_replace('*', '.*?', $row['ban_email']); if (preg_match('/^' . $match_email . '$/is', $email)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Email_banned']); } } while($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result);
$sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } $db->sql_freeresult($result);
return array('error' => false, 'error_msg' => ''); } }
return array('error' => true, 'error_msg' => $lang['Email_invalid']); }
// // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags() // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail. // function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig) { $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
for($i = 0; $i < count($check_var_length); $i++) { if (strlen($$check_var_length[$i]) < 2) { $$check_var_length[$i] = ''; } }
// ICQ number has to be only numbers. if (!preg_match('/^[0-9]+$/', $icq)) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. if ($website != "") { if (!preg_match('#^http[s]?:\/\/#i', $website)) { $website = 'http://' . $website; }
if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) { $website = ''; } }
return; }
?>
|