[Phpbb-checkins] CVS: phpBB2 profile.php,1.172,1.173

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phpbb/phpBB2
In directory usw-pr-cvs1:/tmp/cvs-serv10592

Modified Files:
	profile.php 
Log Message:
Fix various bugs; password length warning, proper warnings for username/email errors

Index: profile.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/profile.php,v
retrieving revision 1.172
retrieving revision 1.173
diff -C2 -r1.172 -r1.173
*** profile.php	2002/01/25 02:37:04	1.172
--- profile.php	2002/01/27 03:10:12	1.173
***************
*** 46,50 ****
  function validate_email($email)
  {
! 	global $db;
  
  	if($email != "")
--- 46,50 ----
  function validate_email($email)
  {
! 	global $db, $lang;
  
  	if($email != "")
***************
*** 54,94 ****
  			$sql = "SELECT ban_email
  				FROM " . BANLIST_TABLE;
! 			if(!$result = $db->sql_query($sql))
  			{
! 				message_die(GENERAL_ERROR, "Couldn't obtain email ban information.", "", __LINE__, __FILE__, $sql);
! 			}
! 			$ban_email_list = $db->sql_fetchrowset($result);
! 			for($i = 0; $i < count($ban_email_list); $i++)
! 			{
! 				$match_email = str_replace("*@", ".*@", $ban_email_list[$i]['ban_email']);
! 				if( preg_match("/^" . $match_email . "$/is", $email) )
  				{
! 					return(0);
  				}
  			}
  			$sql = "SELECT user_email
  				FROM " . USERS_TABLE . "
  				WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
! 			if(!$result = $db->sql_query($sql))
  			{
  				message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
  			}
! 			$email_taken = $db->sql_fetchrow($result);
! 			if($email_taken['user_email'] != "")
  			{
! 				return false;
  			}
  
! 			return true;
  		}
- 		else
- 		{
- 			return false;
- 		}
- 	}
- 	else
- 	{
- 		return false;
  	}
  }
  
--- 54,87 ----
  			$sql = "SELECT ban_email
  				FROM " . BANLIST_TABLE;
! 			if ( $result = $db->sql_query($sql) )
  			{
! 				while( $row = $db->sql_fetchrow($result) )
  				{
! 					$match_email = str_replace("*@", ".*@", $row['ban_email']);
! 					if ( preg_match("/^" . $match_email . "$/is", $email) )
! 					{
! 						return array('error' => $lang['Email_banned']);
! 					}
  				}
  			}
+ 
  			$sql = "SELECT user_email
  				FROM " . USERS_TABLE . "
  				WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
! 			if ( !($result = $db->sql_query($sql)) )
  			{
  				message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
  			}
! 
! 			if ( $email_taken = $db->sql_fetchrow($result) )
  			{
! 				return array('error' => $lang['Email_taken']);
  			}
  
! 			return array('error' => '');
  		}
  	}
+ 
+ 	return array('error' => $lang['Email_invalid']);
  }
  
***************
*** 584,587 ****
--- 577,585 ----
  					$error_msg = $lang['Password_mismatch'];
  				}
+ 				else if( strlen($password) > 32 )
+ 				{
+ 					$error = TRUE;
+ 					$error_msg = $lang['Password_long'];
+ 				}
  				else
  				{
***************
*** 625,636 ****
  			if( $email != $userdata['user_email'] || $mode == "register" )
  			{
! 				if( !validate_email($email) )
  				{
  					$error = TRUE;
  					if(isset($error_msg))
  					{
  						$error_msg .= "<br />";
  					}
- 					$error_msg .= $lang['Sorry_banned_or_taken_email'];
  				}
  			}
--- 623,660 ----
  			if( $email != $userdata['user_email'] || $mode == "register" )
  			{
! 				$result = validate_email($email);
! 				if( $result['error'] != '' )
  				{
+ 					$email = $userdata['user_email'];
+ 
  					$error = TRUE;
  					if(isset($error_msg))
  					{
  						$error_msg .= "<br />";
+ 					}
+ 					$error_msg .= $result['error'];
+ 				}
+ 					
+ 				if ( $mode == "editprofile" )
+ 				{
+ 					$sql = "SELECT user_password 
+ 						FROM " . USERS_TABLE . " 
+ 						WHERE user_id = $user_id";
+ 					if( $result = $db->sql_query($sql) )
+ 					{
+ 						$row = $db->sql_fetchrow($result);
+ 
+ 						if( $row['user_password'] != md5($password_current) )
+ 						{
+ 							$email = $userdata['user_email'];
+ 
+ 							$error = TRUE;
+ 							$error_msg = $lang['Current_password_mismatch'];
+ 						}
+ 					}
+ 					else
+ 					{
+ 						message_die(GENERAL_ERROR, "Couldn't obtain user_password information.", "", __LINE__, __FILE__, $sql);
  					}
  				}
  			}
***************
*** 641,652 ****
  				if( $username != $userdata['username'] || $mode == "register" )
  				{
! 					if( !validate_username($username) )
  					{
  						$error = TRUE;
! 						if( isset($error_msg) )
  						{
  							$error_msg .= "<br />";
  						}
! 						$error_msg .= $lang['Invalid_username'];
  					}
  					else
--- 665,677 ----
  				if( $username != $userdata['username'] || $mode == "register" )
  				{
! 					$result = validate_username($username);
! 					if( $result['error'] != '' )
  					{
  						$error = TRUE;
! 						if(isset($error_msg))
  						{
  							$error_msg .= "<br />";
  						}
! 						$error_msg .= $result['error'];
  					}
  					else
***************
*** 1579,1582 ****
--- 1604,1608 ----
  				"L_NEW_PASSWORD" => ( $mode == "register" ) ? $lang['Password'] : $lang['New_password'], 
  				"L_CONFIRM_PASSWORD" => $lang['Confirm_password'],
+ 				"L_CONFIRM_PASSWORD_EXPLAIN" => ($mode == "editprofile") ? $lang['Confirm_password_explain'] : "",
  				"L_PASSWORD_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_if_changed'] : "",
  				"L_PASSWORD_CONFIRM_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_confirm_if_changed'] : "",

[Phpbb-checkins] CVS: phpBB2 profile.php,1.172,1.173

phpBB is the world's leading open source discussion forum software.

[Phpbb-checkins] CVS: phpBB2 profile.php,1.172,1.173