1 rizwank 1.1 <?php
2 /***************************************************************************
3 * functions_validate.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: functions_validate.php,v 1.6.2.5 2002/12/21 12:56:07 psotfx Exp $
10 *
11 *
12 ***************************************************************************/
13
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 ***************************************************************************/
22 rizwank 1.1
23 //
24 // Check to see if the username has been taken, or if it is disallowed.
25 // Also checks if it includes the " character, which we don't allow in usernames.
26 // Used for registering, changing names, and posting anonymously with a username
27 //
28 function validate_username($username)
29 {
30 global $db, $lang, $userdata;
31
32 $username = str_replace("\'", "''", $username);
33
34 $sql = "SELECT username
35 FROM " . USERS_TABLE . "
36 WHERE LOWER(username) = '" . strtolower($username) . "'";
37 if ($result = $db->sql_query($sql))
38 {
39 if ($row = $db->sql_fetchrow($result))
40 {
41 if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
42 {
43 rizwank 1.1 $db->sql_freeresult($result);
44 return array('error' => true, 'error_msg' => $lang['Username_taken']);
45 }
46 }
47 }
48 $db->sql_freeresult($result);
49
50 $sql = "SELECT group_name
51 FROM " . GROUPS_TABLE . "
52 WHERE LOWER(group_name) = '" . strtolower($username) . "'";
53 if ($result = $db->sql_query($sql))
54 {
55 if ($row = $db->sql_fetchrow($result))
56 {
57 $db->sql_freeresult($result);
58 return array('error' => true, 'error_msg' => $lang['Username_taken']);
59 }
60 }
61 $db->sql_freeresult($result);
62
63 $sql = "SELECT disallow_username
64 rizwank 1.1 FROM " . DISALLOW_TABLE;
65 if ($result = $db->sql_query($sql))
66 {
67 if ($row = $db->sql_fetchrow($result))
68 {
69 do
70 {
71 if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
72 {
73 $db->sql_freeresult($result);
74 return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
75 }
76 }
77 while($row = $db->sql_fetchrow($result));
78 }
79 }
80 $db->sql_freeresult($result);
81
82 $sql = "SELECT word
83 FROM " . WORDS_TABLE;
84 if ($result = $db->sql_query($sql))
85 rizwank 1.1 {
86 if ($row = $db->sql_fetchrow($result))
87 {
88 do
89 {
90 if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username))
91 {
92 $db->sql_freeresult($result);
93 return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
94 }
95 }
96 while ($row = $db->sql_fetchrow($result));
97 }
98 }
99 $db->sql_freeresult($result);
100
101 // Don't allow " in username.
102 if (strstr($username, '"'))
103 {
104 return array('error' => true, 'error_msg' => $lang['Username_invalid']);
105 }
106 rizwank 1.1
107 return array('error' => false, 'error_msg' => '');
108 }
109
110 //
111 // Check to see if email address is banned
112 // or already present in the DB
113 //
114 function validate_email($email)
115 {
116 global $db, $lang;
117
118 if ($email != '')
119 {
120 if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email))
121 {
122 $sql = "SELECT ban_email
123 FROM " . BANLIST_TABLE;
124 if ($result = $db->sql_query($sql))
125 {
126 if ($row = $db->sql_fetchrow($result))
127 rizwank 1.1 {
128 do
129 {
130 $match_email = str_replace('*', '.*?', $row['ban_email']);
131 if (preg_match('/^' . $match_email . '$/is', $email))
132 {
133 $db->sql_freeresult($result);
134 return array('error' => true, 'error_msg' => $lang['Email_banned']);
135 }
136 }
137 while($row = $db->sql_fetchrow($result));
138 }
139 }
140 $db->sql_freeresult($result);
141
142 $sql = "SELECT user_email
143 FROM " . USERS_TABLE . "
144 WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
145 if (!($result = $db->sql_query($sql)))
146 {
147 message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
148 rizwank 1.1 }
149
150 if ($row = $db->sql_fetchrow($result))
151 {
152 return array('error' => true, 'error_msg' => $lang['Email_taken']);
153 }
154 $db->sql_freeresult($result);
155
156 return array('error' => false, 'error_msg' => '');
157 }
158 }
159
160 return array('error' => true, 'error_msg' => $lang['Email_invalid']);
161 }
162
163 //
164 // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
165 // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
166 //
167 function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
168 {
169 rizwank 1.1 $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
170
171 for($i = 0; $i < count($check_var_length); $i++)
172 {
173 if (strlen($$check_var_length[$i]) < 2)
174 {
175 $$check_var_length[$i] = '';
176 }
177 }
178
179 // ICQ number has to be only numbers.
180 if (!preg_match('/^[0-9]+$/', $icq))
181 {
182 $icq = '';
183 }
184
185 // website has to start with http://, followed by something with length at least 3 that
186 // contains at least one dot.
187 if ($website != "")
188 {
189 if (!preg_match('#^http[s]?:\/\/#i', $website))
190 rizwank 1.1 {
191 $website = 'http://' . $website;
192 }
193
194 if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
195 {
196 $website = '';
197 }
198 }
199
200 return;
201 }
202
203 ?>
|
Return to
functions_validate.php
CVS log
Up to [RizwankCVS] / geekymedia_web / phpBB2 / includes