From 7afdb8e56178524cfa8e1665d7a6db76aff3d125 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 28 Oct 2009 19:44:55 +0000 Subject: [PATCH] Fixes for mydata --- inc/filter-functions.php | 1 + inc/filters.php | 15 +++++++++++ inc/modules/guest/what-register.php | 38 +++++++++++++++------------- inc/modules/member/what-mydata.php | 39 ++++++++++++++++++----------- inc/mysql-connect.php | 9 ------- 5 files changed, 60 insertions(+), 42 deletions(-) diff --git a/inc/filter-functions.php b/inc/filter-functions.php index dca5b9ec6c..d76cad43ed 100644 --- a/inc/filter-functions.php +++ b/inc/filter-functions.php @@ -123,6 +123,7 @@ ORDER BY registerFilter('init', 'CHECK_SVN_REVISION'); registerFilter('init', 'RUN_DAILY_RESET'); registerFilter('init', 'INIT_RANDOMIZER'); + registerFilter('init', 'INIT_RANDOM_NUMBER'); registerFilter('init', 'TRIGGER_SENDING_POOL'); registerFilter('init', 'DETERMINE_USERNAME'); registerFilter('init', 'DETERMINE_WHAT_ACTION'); diff --git a/inc/filters.php b/inc/filters.php index c90cdea9be..1b7eb19dae 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -681,5 +681,20 @@ function FILTER_CHECK_ADMIN_ACL () { $GLOBALS['acl_allow'] = $ret; } +// Init random number/cache buster +function FILTER_INIT_RANDOM_NUMBER () { + // Is the extension sql_patches installed and at least 0.3.6? + if ((isExtensionActive('sql_patches')) && (getExtensionVersion('sql_patches') >= '0.3.6')) { + // Generate random number + setConfigEntry('RAND_NUMBER', generateRandomCode(10, mt_rand(10000, 32766), getUserId(), '')); + } else { + // Generate weak (!!!) code + setConfigEntry('RAND_NUMBER', mt_rand(1000000, 9999999)); + } + + // Copy it to CACHE_BUSTER + setConfigEntry('CACHE_BUSTER', getConfig('RAND_NUMBER')); +} + // [EOF] ?> diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index ee33a91fde..cbd1d658ed 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -53,7 +53,7 @@ if (!isExtensionActive('register')) { } // Initialize variables -$isFailed = false; +$isOkay = true; $shortPass = false; $cats = 0; $ipTimedOut = false; @@ -83,31 +83,31 @@ if (isFormSent()) { // Did he agree to our Terms Of Usage? if (postRequestElement('agree') != 'Y') { setRequestPostElement('agree', '!'); - $isFailed = true; + $isOkay = false; } // END - if // Did he enter a valid email address? (we really don't care about // that, he has to click on a confirmation link :P ) if ((!isPostRequestElementSet('email')) || (!isEmailValid(postRequestElement('email')))) { setRequestPostElement('email', '!'); - $isFailed = true; + $isOkay = false; } // END - if // And what about surname and family's name? if (!isPostRequestElementSet('surname')) { setRequestPostElement('surname', '!'); - $isFailed = true; + $isOkay = false; } // END - if if (!isPostRequestElementSet('family')) { setRequestPostElement('family', '!'); - $isFailed = true; + $isOkay = false; } // END - if // Get temporary array for modification $postArray = postRequestArray(); // Check for required fields - if ($isFailed === false) $isFailed = ifRequiredRegisterFieldsAreSet($postArray); + if ($isOkay === true) $isOkay = ifRequiredRegisterFieldsAreSet($postArray); // Set it back in request setPostRequestArray($postArray); @@ -121,13 +121,13 @@ if (isFormSent()) { if (!isPostRequestElementSet('pass1')) { setRequestPostElement('pass1', '!'); } else { setRequestPostElement('pass1', ''); } if (!isPostRequestElementSet('pass2')) { setRequestPostElement('pass2', '!'); } else { setRequestPostElement('pass2', ''); } } - $isFailed = true; + $isOkay = false; } // END - if // Is the password long enouth? - if ((strlen(postRequestElement('pass1')) < getConfig('pass_len')) && ($isFailed === false)) { + if ((strlen(postRequestElement('pass1')) < getConfig('pass_len')) && ($isOkay === true)) { $shortPass = true; - $isFailed = true; + $isOkay = false; } // END - if // No admin? Admins can always register! @@ -139,7 +139,7 @@ if (isFormSent()) { if ($cats < getConfig('least_cats')) { // ... nope! - $isFailed = true; + $isOkay = false; } // END - if } // END - if @@ -148,7 +148,7 @@ if (isFormSent()) { $CHK = isEmailTaken(postRequestElement('email')); if ($CHK === true) { setRequestPostElement('email', '?'); - $isFailed = true; + $isOkay = false; } // END - if } // END - if @@ -168,15 +168,17 @@ LIMIT 1", // Same IP in timeout range and different email address entered... Eat this, faker! ;-) // But admins are allowed to fake their own exchange service. $ipTimedOut = true; - $isFailed = true; + $isOkay = false; } // END - if - } // END - if - // Free memory - SQL_FREERESULT($result); + // Free memory + SQL_FREERESULT($result); + } // END - if } // END - if -if ((isFormSent()) && (($isFailed === false) || (isAdmin()))) { +// Is the form sent and all went fine or admin logged in? +//* DEBUG: */ print intval(isFormSent()).'/'.intval($isOkay).'/'.intval(isAdmin()).'
'; +if ((isFormSent()) && (($isOkay === true) || (isAdmin()))) { // Prepapre month and day of birth if (strlen(postRequestElement('day')) == 1) setRequestPostElement('day' , '0'.postRequestElement('day')); if (strlen(postRequestElement('month')) == 1) setRequestPostElement('month', '0'.postRequestElement('month')); @@ -321,7 +323,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF // Start with the gender... $content = array( 'hash' => $hash, - 'userid' => $userid, + 'userid' => $userid, 'gender' => $gender, 'surname' => SQL_ESCAPE(postRequestElement('surname')), 'family' => SQL_ESCAPE(postRequestElement('family')), @@ -337,7 +339,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF // No ZIP code entered $content = array( 'hash' => $hash, - 'userid' => $userid, + 'userid' => $userid, 'gender' => $gender, 'surname' => SQL_ESCAPE(postRequestElement('surname')), 'family' => SQL_ESCAPE(postRequestElement('family')), diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php index c18d46bc83..17a435539a 100644 --- a/inc/modules/member/what-mydata.php +++ b/inc/modules/member/what-mydata.php @@ -51,8 +51,10 @@ if ((!isExtensionActive('mydata')) && (!isAdmin())) { return; } // END - if -// Remember userid -$content['userid'] = getUserId(); +// Add userid +$content = array( + 'userid' => getUserId() +); // Init variable to prevent notices $URL = ''; @@ -66,15 +68,19 @@ if (isPostRequestElementSet('notify')) $mode = 'notify'; // Switch off notificat switch ($mode) { case 'show': // Show his data if (isExtensionActive('country', true)) { - // New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 - $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", + // New way 1 2 3 4 5 6 7 8 9 10 11 12 13 14 + $result = SQL_QUERY_ESC("SELECT `surname`, `family`, `street_nr`, `country_code`, `zip`, `city`, `email`, `birth_day`, `birth_month`, `birth_year`, `gender`, `max_mails`, `receive_mails`, `last_update` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); } else { - // Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 - $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", + // Old way 1 2 3 4 5 6 7 8 9 10 11 12 13 14 + $result = SQL_QUERY_ESC("SELECT `surname`, `family`, `street_nr`, `country`, `zip`, `city`, `email`, `birth_day`, `birth_month`, `birth_year`, `gender`, `max_mails`, `receive_mails`, `last_update` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); } - $content = SQL_FETCHARRAY($result, 0, false); + + // Get line + $content = merge_array($content, SQL_FETCHARRAY($result, 0, false)); + + // Free result SQL_FREERESULT($result); // Translate some things @@ -103,9 +109,6 @@ switch ($mode) { $content['country'] = generateCountryInfo($content['country_code']); } // END - if - // Merge data in - $content = merge_array($content, $content); - // Load template loadTemplate('member_mydata_overview', false, $content); break; @@ -131,8 +134,12 @@ LIMIT 1", array(getUserId()), __FILE__, __LINE__); } - $content = SQL_FETCHARRAY($result, 0, false); + // Get line + $content = merge_array($content, SQL_FETCHARRAY($result, 0, false)); + + // Free result SQL_FREERESULT($result); + $content['update_check'] = $content['last_update'] + getConfig('profile_lock'); // How far is last change on his profile away from now? @@ -188,9 +195,6 @@ LIMIT 1", $content['country'] = ""; } - // Merge data in - $content = merge_array($content, $content); - // Load template loadTemplate('member_mydata_edit', false, $content); } @@ -200,8 +204,13 @@ LIMIT 1", // Load old email / password: 0 1 2 $result = SQL_QUERY_ESC("SELECT `email`, `password`, `last_update` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", array(getUserId()), __FILE__, __LINE__); - $content = SQL_FETCHARRAY($result, 0, false); + + // Get line + $content = merge_array($content, SQL_FETCHARRAY($result, 0, false)); + + // Free result SQL_FREERESULT($result); + $content['last_change'] = $content['last_update'] + getConfig('profile_lock'); // How far is last change on his profile away from now? diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php index 09c836ba70..eaa939dc58 100644 --- a/inc/mysql-connect.php +++ b/inc/mysql-connect.php @@ -112,15 +112,6 @@ if ((!isInstalling()) && (!isInstallationPhase())) { // Run the init filter chain runFilterChain('init'); - // Is the extension sql_patches installed and at least 0.3.6? - if ((isExtensionActive('sql_patches')) && (getExtensionVersion('sql_patches') >= '0.3.6')) { - // Generate random number - setConfigEntry('RAND_NUMBER', generateRandomCode(10, mt_rand(10000, 32766), getUserId(), '')); - } else { - // Generate weak (!!!) code - setConfigEntry('RAND_NUMBER', mt_rand(1000000, 9999999)); - } - // Check module for permissions $checkModule = checkModulePermissions(); -- 2.30.2