Advertisement
Guest User

Untitled

a guest
Jul 17th, 2018
130
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 17.65 KB | None | 0 0
  1. <?php
  2.  
  3. if(!defined('IN_MYBB'))
  4.     die('This file cannot be accessed directly.');
  5.  
  6.  
  7. if(!function_exists('control_object')) {
  8.     function control_object(&$obj, $code) {
  9.         static $cnt = 0;
  10.         $newname = '_objcont_'.(++$cnt);
  11.         $objserial = serialize($obj);
  12.         $classname = get_class($obj);
  13.         $checkstr = 'O:'.strlen($classname).':"'.$classname.'":';
  14.         $checkstr_len = strlen($checkstr);
  15.         if(substr($objserial, 0, $checkstr_len) == $checkstr) {
  16.             $vars = array();
  17.             // grab resources/object etc, stripping scope info from keys
  18.             foreach((array)$obj as $k => $v) {
  19.                 if($p = strrpos($k, "\0"))
  20.                     $k = substr($k, $p+1);
  21.                 $vars[$k] = $v;
  22.             }
  23.             if(!empty($vars))
  24.                 $code .= '
  25.                     function ___setvars(&$a) {
  26.                         foreach($a as $k => &$v)
  27.                             $this->$k = $v;
  28.                     }
  29.                 ';
  30.             eval('class '.$newname.' extends '.$classname.' {'.$code.'}');
  31.             $obj = unserialize('O:'.strlen($newname).':"'.$newname.'":'.substr($objserial, $checkstr_len));
  32.             if(!empty($vars))
  33.                 $obj->___setvars($vars);
  34.         }
  35.         // else not a valid object or PHP serialize has changed
  36.     }
  37. }
  38.  
  39. $plugins->add_hook('datahandler_user_insert', 'dispname_updateuser');
  40. $plugins->add_hook('datahandler_user_update', 'dispname_updateuser');
  41. $plugins->add_hook('datahandler_user_validate', 'dispname_verifyuser');
  42.  
  43. $plugins->add_hook('member_do_register_start', 'dispname_member_do_register');
  44. $plugins->add_hook('member_activate_start', 'dispname_member_activate_reset');
  45. $plugins->add_hook('member_resetpassword_start', 'dispname_member_activate_reset');
  46. $plugins->add_hook('member_do_resendactivation_start', 'dispname_member_reactivate');
  47. $plugins->add_hook('member_do_lostpw_start', 'dispname_member_lostpw');
  48.  
  49. $plugins->add_hook('portal_do_login_start', 'dispname_member_login');
  50. $plugins->add_hook('member_do_login_start', 'dispname_member_login');
  51. $plugins->add_hook('datahandler_login_validate_start', 'dispname_member_login'); // 1.8 only
  52. $plugins->add_hook('member_register_end', 'dispname_register_langs');
  53. if($GLOBALS['mybb']->version_code >= 1700)
  54.     $plugins->add_hook('xmlhttp', 'dispname_register_checkloginname18');
  55. else
  56.     $plugins->add_hook('xmlhttp', 'dispname_register_checkloginname');
  57.  
  58. if(defined('IN_ADMINCP')) {
  59.     $action =& $GLOBALS['mybb']->input['do'];
  60.     if($action == 'login')
  61.         dispname_admin_login();
  62.     elseif($action == 'unlock')
  63.         dispname_admin_unlock();
  64. }
  65.  
  66. $plugins->add_hook('admin_user_users_add', 'dispname_admin_add_field');
  67. $plugins->add_hook('admin_user_users_edit', 'dispname_admin_add_field');
  68.  
  69.  
  70. function dispname_info()
  71. {
  72.     return array(
  73.         'name'          => 'Display Usernames / Nicks Plugin',
  74.         'description'   => 'Allow users to have a different display and login names.',
  75.         'website'       => 'http://mybbhacks.zingaburga.com/',
  76.         'author'        => 'ZiNgA BuRgA',
  77.         'authorsite'    => 'http://zingaburga.com/',
  78.         'version'       => '1.10',
  79.         'compatibility' => '14*,15*,16*,17*,18*',
  80.         'guid'          => ''
  81.     );
  82. }
  83.  
  84. function dispname_close_board($e) {
  85.     $GLOBALS['db']->update_query('settings', array('value' => $e), 'name="boardclosed"');
  86.     rebuild_settings();
  87. }
  88. function dispname_template_mods() {
  89.     return array(
  90.         '<td colspan="2"><span class="smalltext"><label for="username">{$lang->username}</label></span></td>' => '<td><span class="smalltext"><label for="loginname">{$lang->loginname}</label></span></td><td><span class="smalltext"><label for="username">{$lang->username}</label></span></td>',
  91.         '<td colspan="2"><input type="text" class="textbox" name="username" id="username" style="width: 100%" value="{$username}" /></td>' => '<td width="50%" valign="top"><input type="text" class="textbox" name="loginname" id="loginname" style="width: 100%" value="{$loginname}" /></td><td width="50%" valign="top"><input type="text" class="textbox" name="username" id="username" style="width: 100%" value="{$username}" /></td>',
  92.         'regValidator.register(\'username\', \'ajax\', {url:\'xmlhttp.php?action=username_availability\', loading_message:\'{$lang->js_validator_checking_username}\'});' => 'regValidator.register(\'loginname\', \'ajax\', {url:\'xmlhttp.php?action=loginname_availability\', loading_message:\'{$lang->js_validator_checking_loginname}\'});
  93.     regValidator.register(\'username\', \'ajax\', {url:\'xmlhttp.php?action=username_availability\', loading_message:\'{$lang->js_validator_checking_username}\'});',
  94.         'email: {' => 'loginname: {
  95.             required: true,
  96.             remote:{
  97.                 url: "xmlhttp.php?action=loginname_availability",
  98.                 type: "post",
  99.                 dataType: "json",
  100.                 data: { my_post_key: my_post_key }
  101.             }
  102.          },
  103.          email: {'
  104.     );
  105. }
  106. function dispname_install() {
  107.     global $db, $mybb;
  108.    
  109.     // close the board for a sec
  110.     if(!$mybb->settings['boardclosed']) {
  111.         dispname_close_board(1);
  112.         $unclose_board = true;
  113.     }
  114.    
  115.     $db->write_query('ALTER TABLE `'.$db->table_prefix.'users` ADD COLUMN `loginname` varchar(120) NOT NULL default ""');
  116.     $db->write_query('UPDATE `'.$db->table_prefix.'users` SET loginname=username');
  117.     $db->write_query('ALTER TABLE `'.$db->table_prefix.'users` ADD UNIQUE KEY `loginname` (`loginname`)');
  118.    
  119.    
  120.     if($unclose_board) dispname_close_board(0);
  121. }
  122. function dispname_activate() {
  123.     require MYBB_ROOT.'inc/adminfunctions_templates.php';
  124.     foreach(dispname_template_mods() as $src => $dest)
  125.         find_replace_templatesets('member_register', '~'.preg_quote($src).'~', $dest);
  126. }
  127. function dispname_is_installed() {
  128.     return $GLOBALS['db']->field_exists('loginname', 'users');
  129. }
  130. function dispname_deactivate() {
  131.     require MYBB_ROOT.'inc/adminfunctions_templates.php';
  132.     foreach(dispname_template_mods() as $src => $dest)
  133.         find_replace_templatesets('member_register', '~'.preg_quote($dest, '~').'~', $src, 0);
  134. }
  135. function dispname_uninstall() {
  136.     global $db, $cache;
  137.    
  138.     // close the board for a sec
  139.     if(!$mybb->settings['boardclosed']) {
  140.         dispname_close_board(1);
  141.         $unclose_board = true;
  142.     }
  143.    
  144.     // set everyone's usernames back to the loginname
  145.     @ignore_user_abort(true);
  146.     @set_time_limit(0);
  147.     $stats = $cache->read('stats');
  148.     // remove unique key in case we have a duplicate loginname/username
  149.     $db->write_query('ALTER TABLE `'.$db->table_prefix.'users` DROP KEY `username`');
  150.     $query = $db->simple_select('users', 'uid,loginname', 'username!=loginname');
  151.     while($user = $db->fetch_array($query)) {
  152.         // fix usernames in DB
  153.         // most of this stuff copied from update_user() method of the MyBB userhandler
  154.         $escname = $db->escape_string($user['loginname']);
  155.         $username_update = array('username' => &$escname);
  156.         $username_cond = 'uid='.$user['uid'];
  157.         $lastposter_update = array('lastposter' => &$escname);
  158.         $lastposter_cond = 'lastposteruid='.$user['uid'];
  159.        
  160.         $db->update_query('posts', $username_update, $username_cond);
  161.         $db->update_query('threads', $username_update, $username_cond);
  162.         $db->update_query('threads', $lastposter_update, $lastposter_cond);
  163.         $db->update_query('forums', $lastposter_update, $lastposter_cond);
  164.        
  165.         if($stats['lastuid'] == $user['uid'])
  166.             update_stats(array('numusers' => '+0'));
  167.     }
  168.     $db->write_query('UPDATE `'.$db->table_prefix.'users` SET username=loginname');
  169.     $db->write_query('ALTER TABLE `'.$db->table_prefix.'users` DROP COLUMN `loginname`, DROP KEY `loginname`, ADD UNIQUE KEY `username` (`username`)');
  170.    
  171.    
  172.     if($unclose_board) dispname_close_board(0);
  173. }
  174.  
  175. function dispname_updateuser(&$uh) {
  176.     global $db;
  177.     if(!isset($uh->data['loginname'])) // this should only occur when updating and loginname is not set
  178.         return;
  179.    
  180.     if(isset($uh->user_insert_data)) {
  181.         $user =& $uh->user_insert_data;
  182.     } elseif(isset($uh->user_update_data)) {
  183.         $user =& $uh->user_update_data;
  184.     } else return;
  185.    
  186.     $user['loginname'] = $db->escape_string($uh->data['loginname']);
  187. }
  188. function dispname_verifyuser(&$uh) {
  189.     global $mybb;
  190.     // fix up stuff for new registration page
  191.     if($GLOBALS['dispname_member_do_register']) {
  192.         global $lang, $loginname;
  193.         if($mybb->input['loginname']) {
  194.             $uh->data['loginname'] = $mybb->input['loginname'];
  195.             $loginname = htmlspecialchars_uni($mybb->input['loginname']);
  196.             // !!! relies on language string !!!
  197.             $lang->email_activateaccount = str_replace('Username: {1}', 'Username: '.$loginname, $lang->email_activateaccount);
  198.            
  199.             $lang->email_randompassword = str_replace('{3}', $loginname, $lang->email_randompassword);
  200.         }
  201.     } elseif(defined('IN_ADMINCP') && isset($GLOBALS['user_view_fields']) && ($mybb->input['action'] == 'add' || $mybb->input['action'] == 'edit')) {
  202.         // AdminCP add/edit user
  203.         if($mybb->input['loginname']) {
  204.             $uh->data['loginname'] = $mybb->input['loginname'];
  205.         }
  206.     }
  207.    
  208.     if($uh->method == 'insert' && !isset($uh->data['loginname']))
  209.         $uh->data['loginname'] = $uh->data['username'];
  210.    
  211.     if(isset($uh->data['loginname'])) {
  212.         global $lang;
  213.         $lang->userdata_bad_characters_loginname = 'The login name you entered contains bad characters. Please enter a different login name.';
  214.         $lang->userdata_loginname_exists = 'The login name you entered already exists. Please enter a different login name.';
  215.         if(!dispname_loginname_valid($uh->data['loginname']))
  216.             $uh->set_error('bad_characters_loginname', array($uh->data['loginname']));
  217.         elseif(dispname_loginname_exists($uh->data['loginname'], $uh->data['uid']))
  218.             $uh->set_error('loginname_exists', array($uh->data['loginname']));
  219.     }
  220. }
  221.  
  222. function dispname_member_do_register() {
  223.     $GLOBALS['dispname_member_do_register'] = true;
  224. }
  225. function dispname_member_activate_reset() {
  226.     global $mybb;
  227.     if($mybb->input['username']) {
  228.         control_object($GLOBALS['db'], '
  229.             function simple_select($table, $fields="*", $conditions="", $options=array()) {
  230.                 static $done=false;
  231.                 if(!$done && substr($conditions, 0, 16) == "LOWER(username)=") {
  232.                     $done = true;
  233.                     $conditions = "LOWER(loginname)".substr($conditions, 15);
  234.                 }
  235.                 return parent::simple_select($table, $fields, $conditions, $options);
  236.             }
  237.         ');
  238.     } elseif(!$mybb->input['code'] || !$user['uid']) {
  239.         if($mybb->input['action'] == 'resetpassword')
  240.             $tplname = 'member_resetpassword';
  241.         else
  242.             $tplname = 'member_activate';
  243.         $tpl =& $GLOBALS['templates']->cache[$tplname];
  244.         if(!$tpl) $GLOBALS['templates']->cache($tplname);
  245.         $tpl = str_replace('{$user[\'username\']}', '{$user[\'loginname\']}', $tpl);
  246.     }
  247. }
  248. function dispname_member_reactivate() {
  249.     control_object($GLOBALS['db'], '
  250.         function query($string, $hide_errors=0, $write_query=0) {
  251.             static $done=false;
  252.             if(!$done) {
  253.                 $string = str_replace("SELECT u.uid, u.username, ", "SELECT u.uid, u.username, u.loginname, ", $string);
  254.             }
  255.             return parent::query($string, $hide_errors, $write_query);
  256.         }
  257.     ');
  258.     control_object($GLOBALS['lang'], '
  259.         function sprintf($string) {
  260.             $args = func_get_args();
  261.             if($string == $this->email_activateaccount) {
  262.                 // !!! relies on language string !!!
  263.                 $string = str_replace("Username: {1}", "Username: ".$GLOBALS[\'user\'][\'loginname\'], $string);
  264.                 $args[0] = $string;
  265.             }
  266.             return call_user_func_array(array(parent, \'sprintf\'), $args);
  267.         }
  268.     ');
  269. }
  270. function dispname_member_lostpw() {
  271.     control_object($GLOBALS['lang'], '
  272.         function sprintf($string) {
  273.             $args = func_get_args();
  274.             if($string == $this->email_lostpw || $string == $this->email_lostpw2) {
  275.                 // !!! relies on language string !!!
  276.                 $string = str_replace("Username: {1}", "Username: ".$GLOBALS[\'user\'][\'loginname\'], $string);
  277.                 $args[0] = $string;
  278.             }
  279.             return call_user_func_array(array(parent, \'sprintf\'), $args);
  280.         }
  281.     ');
  282. }
  283.  
  284. function dispname_member_login() {
  285.     static $hooked = false;
  286.     if($hooked) return;
  287.     $hooked = true;
  288.     control_object($GLOBALS['db'], '
  289.         function simple_select($table, $fields="*", $conditions="", $options=array()) {
  290.             if($table == "users" && $options[\'limit\'] == 1) {
  291.                 if(substr($conditions, 0, 10) == "username=\'")
  292.                     $conditions = "loginname".substr($conditions, 8);
  293.                 elseif(substr($conditions, 0, 17) == "LOWER(username)=\'"
  294.                 || substr($conditions, 0, 19) == "LOWER(username) = \'")
  295.                     $conditions = "LOWER(loginname)".substr($conditions, 15);
  296.             }
  297.             return parent::simple_select($table, $fields, $conditions, $options);
  298.         }
  299.        
  300.         function write_query($query, $hide_errors=0) {
  301.             if(($p = strpos($query, "loginattempts=loginattempts+1")) && substr($query, $p-10, 46) == "users SET loginattempts=loginattempts+1 WHERE ") {
  302.                 $p = strpos($query, "username", $p);
  303.                 $query = substr($query, 0, $p)."loginname".substr($query, $p+8);
  304.             }
  305.             return parent::write_query($query, $hide_errors);
  306.         }
  307.     ');
  308. }
  309. function dispname_admin_login() {
  310.     control_object($GLOBALS['db'], '
  311.         function simple_select($table, $fields="*", $conditions="", $options=array()) {
  312.             static $done = 0;
  313.             static $done2 = false;
  314.             if($done <'.($GLOBALS['mybb']->version_code >= 1700 ?3:1).' && $table == "users" && $options[\'limit\'] == 1) {
  315.                 if(substr($conditions, 0, 10) == "username=\'") {
  316.                     $conditions = "loginname".substr($conditions, 8);
  317.                     ++$done;
  318.                 }
  319.                 elseif(substr($conditions, 0, 17) == "LOWER(username)=\'"
  320.                 || substr($conditions, 0, 19) == "LOWER(username) = \'") {
  321.                     $conditions = "LOWER(loginname)".substr($conditions, 15);
  322.                     ++$done;
  323.                 }
  324.             }
  325.             elseif(!$done2 && $table == "users" && $fields == "uid,email" && substr($conditions, 0, 19) == "LOWER(username) = \'") {
  326.                 $conditions = "LOWER(loginname)".substr($conditions, 15);
  327.                 $done2 = true;
  328.             }
  329.             return parent::simple_select($table, $fields, $conditions, $options);
  330.         }
  331.     ');
  332. }
  333. function dispname_admin_unlock() {
  334.     if(!$GLOBALS['mybb']->input['username']) return;
  335.     control_object($GLOBALS['db'], '
  336.         function simple_select($table, $fields="*", $conditions="", $options=array()) {
  337.             static $done = false;
  338.             if(!$done && $table == "users" && $fields == "*") {
  339.                 if(substr($conditions, 0, 10) == "username=\'") {
  340.                     $conditions = "loginname".substr($conditions, 8);
  341.                     $done = true;
  342.                 }
  343.                 elseif(substr($conditions, 0, 16) == "LOWER(username)=\'") {
  344.                     $conditions = "LOWER(loginname)".substr($conditions, 14);
  345.                     $done = true;
  346.                 }
  347.             }
  348.             return parent::simple_select($table, $fields, $conditions, $options);
  349.         }
  350.     ');
  351. }
  352.  
  353. function dispname_register_langs() {
  354.     global $lang;
  355.     $lang->loginname = 'Login Name';
  356.     $lang->username = 'Display Username';
  357.     //$lang->js_validator_checking_username = 'Checking if display name is available';
  358.     $lang->js_validator_checking_loginname = 'Checking if login name is available';
  359.    
  360.     $GLOBALS['loginname'] = htmlspecialchars_uni($GLOBALS['mybb']->input['loginname']);
  361. }
  362. function dispname_register_checkloginname() {
  363.     global $mybb;
  364.     if($mybb->input['action'] != 'loginname_availability') return;
  365.     global $lang;
  366.     header('Content-type: text/xml; charset='.$GLOBALS['charset']);
  367.     if(!dispname_loginname_valid($mybb->input['value']))
  368.         die("<fail>{$lang->banned_characters_username}</fail>");
  369.     $nameout = htmlspecialchars_uni($mybb->input['value']);
  370.     if(dispname_loginname_exists($mybb->input['value']))
  371.         die('<fail>'.$lang->sprintf($lang->username_taken, $nameout).'</fail>');
  372.     else
  373.         die('<success>'.$lang->sprintf($lang->username_available, $nameout).'</success>');
  374. }
  375. function dispname_register_checkloginname18() {
  376.     global $mybb;
  377.     if($mybb->input['action'] != 'loginname_availability') return;
  378.     global $lang;
  379.     // don't see the point in doing a post check, but meh
  380.     if(!verify_post_check($mybb->get_input('my_post_key'), true))
  381.         xmlhttp_error($lang->invalid_post_code);
  382.    
  383.     header('Content-type: application/json; charset='.$GLOBALS['charset']);
  384.     if(!dispname_loginname_valid($mybb->input['loginname']))
  385.         die(json_encode($lang->banned_characters_username));
  386.     $nameout = htmlspecialchars_uni($mybb->input['loginname']);
  387.     if(dispname_loginname_exists($mybb->input['loginname']))
  388.         die(json_encode($lang->sprintf($lang->username_taken, $nameout)));
  389.     else
  390.         die(json_encode('true'));
  391. }
  392.  
  393. function dispname_admin_add_field() {
  394.     global $mybb, $plugins;
  395.    
  396.     if($mybb->request_method == 'post') {
  397.         if(!trim($mybb->input['loginname'])) {
  398.             global $lang;
  399.             $lang->no_loginname = 'No login name supplied';
  400.             $GLOBALS['errors'][] = $lang->no_loginname;
  401.         } else {
  402.            
  403.             function _dispname_admin_update_field() {
  404.                 global $user_info, $mybb, $db;
  405.                 if($user_info['uid']) // insert_user
  406.                     $uid = $user_info['uid'];
  407.                 else // update_user
  408.                     $uid = $GLOBALS['user']['uid'];
  409.                
  410.                 $db->update_query('users', array('loginname' => $db->escape_string(trim($mybb->input['loginname']))), 'uid='.intval($uid));
  411.             }
  412.             $plugins->add_hook('admin_user_users_add_commit', '_dispname_admin_update_field');
  413.             $plugins->add_hook('admin_user_users_edit_commit', '_dispname_admin_update_field');
  414.         }
  415.     }
  416.    
  417.     function _dispname_admin_add_field(&$a) {
  418.         if($a['label_for'] == 'username') {
  419.             global $lang;
  420.             $lang->loginname = 'Login Name';
  421.             $a['this']->output_row($lang->loginname.' <em>*</em>', '', $GLOBALS['form']->generate_text_box('loginname', $GLOBALS['mybb']->input['loginname'], array('id' => 'loginname')), 'loginname');
  422.         }
  423.     }
  424.     $plugins->add_hook('admin_formcontainer_output_row', '_dispname_admin_add_field');
  425. }
  426.  
  427.  
  428. function dispname_loginname_valid(&$name) {
  429.     $name = preg_replace('#\s{2,}#', ' ', trim($name));
  430.     if(!$name) return false;
  431.     if(strpos($name, '<') !== false || strpos($name, '>') !== false || strpos($name, '&') !== false || my_strpos($name, '\\') !== false || strpos($name, ';') !== false || strpos($username, ",") !== false)
  432.         return false;
  433.    
  434.     return true;
  435. }
  436. function dispname_loginname_exists($name, $uid=0) {
  437.     global $db;
  438.     $uid_check = '';
  439.     if($uid)
  440.         $uid_check = ' AND uid!='.intval($uid);
  441.     $query = $db->simple_select('users', 'uid', 'LOWER(loginname)="'.$db->escape_string(strtolower($name)).'"'.$uid_check, array('limit' => 1));
  442.     return (bool)$db->fetch_field($query, 'uid');
  443. }
  444.  
  445. // TODO: admin search users??
  446. // TODO: langs - when logging in, change "Username" -> "Login name"
  447.  
  448. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement