]> git.vanrenterghem.biz Git - www.vanrenterghem.biz.git/blob - phpBB2_old/includes/functions_validate.php
bd7767e585c00e81046dbcb83069463bdeb73079
[www.vanrenterghem.biz.git] / phpBB2_old / includes / functions_validate.php
1 <?php
2 /***************************************************************************
3  *                          functions_validate.php
4  *                            -------------------
5  *   begin                : Saturday, Feb 13, 2001
6  *   copyright            : (C) 2001 The phpBB Group
7  *   email                : support@phpbb.com
8  *
9  *   $Id: functions_validate.php,v 1.6.2.12 2003/06/09 19:13:05 psotfx Exp $
10  *
11  *
12  ***************************************************************************/
14 /***************************************************************************
15  *
16  *   This program is free software; you can redistribute it and/or modify
17  *   it under the terms of the GNU General Public License as published by
18  *   the Free Software Foundation; either version 2 of the License, or
19  *   (at your option) any later version.
20  *
21  ***************************************************************************/
23 //
24 // Check to see if the username has been taken, or if it is disallowed.
25 // Also checks if it includes the " character, which we don't allow in usernames.
26 // Used for registering, changing names, and posting anonymously with a username
27 //
28 function validate_username($username)
29 {
30         global $db, $lang, $userdata;
32         // Remove doubled up spaces
33         $username = preg_replace('#\s+#', ' ', $username); 
34         // Limit username length
35         $username = substr(str_replace("\'", "'", $username), 0, 25);
36         $username = str_replace("'", "''", $username);
38         $sql = "SELECT username 
39                 FROM " . USERS_TABLE . " 
40                 WHERE LOWER(username) = '" . strtolower($username) . "'";
41         if ($result = $db->sql_query($sql))
42         {
43                 if ($row = $db->sql_fetchrow($result))
44                 {
45                         if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
46                         {
47                                 $db->sql_freeresult($result);
48                                 return array('error' => true, 'error_msg' => $lang['Username_taken']);
49                         }
50                 }
51         }
52         $db->sql_freeresult($result);
54         $sql = "SELECT group_name
55                 FROM " . GROUPS_TABLE . " 
56                 WHERE LOWER(group_name) = '" . strtolower($username) . "'";
57         if ($result = $db->sql_query($sql))
58         {
59                 if ($row = $db->sql_fetchrow($result))
60                 {
61                         $db->sql_freeresult($result);
62                         return array('error' => true, 'error_msg' => $lang['Username_taken']);
63                 }
64         }
65         $db->sql_freeresult($result);
67         $sql = "SELECT disallow_username
68                 FROM " . DISALLOW_TABLE;
69         if ($result = $db->sql_query($sql))
70         {
71                 if ($row = $db->sql_fetchrow($result))
72                 {
73                         do
74                         {
75                                 if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
76                                 {
77                                         $db->sql_freeresult($result);
78                                         return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
79                                 }
80                         }
81                         while($row = $db->sql_fetchrow($result));
82                 }
83         }
84         $db->sql_freeresult($result);
86         $sql = "SELECT word 
87                 FROM  " . WORDS_TABLE;
88         if ($result = $db->sql_query($sql))
89         {
90                 if ($row = $db->sql_fetchrow($result))
91                 {
92                         do
93                         {
94                                 if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username))
95                                 {
96                                         $db->sql_freeresult($result);
97                                         return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
98                                 }
99                         }
100                         while ($row = $db->sql_fetchrow($result));
101                 }
102         }
103         $db->sql_freeresult($result);
105         // Don't allow " and ALT-255 in username.
106         if (strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)))
107         {
108                 return array('error' => true, 'error_msg' => $lang['Username_invalid']);
109         }
111         return array('error' => false, 'error_msg' => '');
114 //
115 // Check to see if email address is banned
116 // or already present in the DB
117 //
118 function validate_email($email)
120         global $db, $lang;
122         if ($email != '')
123         {
124                 if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
125                 {
126                         $sql = "SELECT ban_email
127                                 FROM " . BANLIST_TABLE;
128                         if ($result = $db->sql_query($sql))
129                         {
130                                 if ($row = $db->sql_fetchrow($result))
131                                 {
132                                         do
133                                         {
134                                                 $match_email = str_replace('*', '.*?', $row['ban_email']);
135                                                 if (preg_match('/^' . $match_email . '$/is', $email))
136                                                 {
137                                                         $db->sql_freeresult($result);
138                                                         return array('error' => true, 'error_msg' => $lang['Email_banned']);
139                                                 }
140                                         }
141                                         while($row = $db->sql_fetchrow($result));
142                                 }
143                         }
144                         $db->sql_freeresult($result);
146                         $sql = "SELECT user_email
147                                 FROM " . USERS_TABLE . "
148                                 WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
149                         if (!($result = $db->sql_query($sql)))
150                         {
151                                 message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
152                         }
153                 
154                         if ($row = $db->sql_fetchrow($result))
155                         {
156                                 return array('error' => true, 'error_msg' => $lang['Email_taken']);
157                         }
158                         $db->sql_freeresult($result);
160                         return array('error' => false, 'error_msg' => '');
161                 }
162         }
164         return array('error' => true, 'error_msg' => $lang['Email_invalid']);
167 //
168 // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
169 // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
170 //
171 function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
173         $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
175         for($i = 0; $i < count($check_var_length); $i++)
176         {
177                 if (strlen($$check_var_length[$i]) < 2)
178                 {
179                         $$check_var_length[$i] = '';
180                 }
181         }
183         // ICQ number has to be only numbers.
184         if (!preg_match('/^[0-9]+$/', $icq))
185         {
186                 $icq = '';
187         }
188         
189         // website has to start with http://, followed by something with length at least 3 that
190         // contains at least one dot.
191         if ($website != "")
192         {
193                 if (!preg_match('#^http[s]?:\/\/#i', $website))
194                 {
195                         $website = 'http://' . $website;
196                 }
198                 if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
199                 {
200                         $website = '';
201                 }
202         }
204         return;
207 ?>