2011-10-13, 02:02 PM
I modified the /inc/datahandlers/user.php.
What I wanted the modification to do was ban a user that selects Bot as their division which is profile field 4 when they register. When someone tries to register or update options on User CP, it gives a 500 error code. I didn't modify the update_user function at all.
url: http://www.teamrogue.info/forums
/**
* Inserts a user into the database.
*/
function insert_user()
{
global $db, $cache, $plugins;
// Yes, validating is required.
if(!$this->get_validated())
{
die("The user needs to be validated before inserting it into the DB.");
}
if(count($this->get_errors()) > 0)
{
die("The user is not valid.");
}
$user = &$this->data;
$this->user_insert_data = array(
"username" => $db->escape_string($user['username']),
"password" => $user['saltedpw'],
"salt" => $user['salt'],
"loginkey" => $user['loginkey'],
"email" => $db->escape_string($user['email']),
"postnum" => intval($user['postnum']),
"avatar" => $db->escape_string($user['avatar']),
"avatartype" => $db->escape_string($user['avatartype']),
"usergroup" => intval($user['usergroup']),
"additionalgroups" => $db->escape_string($user['additionalgroups']),
"displaygroup" => intval($user['displaygroup']),
"usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])),
"regdate" => intval($user['regdate']),
"lastactive" => intval($user['lastactive']),
"lastvisit" => intval($user['lastvisit']),
"website" => $db->escape_string(htmlspecialchars($user['website'])),
"icq" => intval($user['icq']),
"aim" => $db->escape_string(htmlspecialchars($user['aim'])),
"yahoo" => $db->escape_string(htmlspecialchars($user['yahoo'])),
"msn" => $db->escape_string(htmlspecialchars($user['msn'])),
"birthday" => $user['bday'],
"signature" => $db->escape_string($user['signature']),
"allownotices" => $user['options']['allownotices'],
"hideemail" => $user['options']['hideemail'],
"subscriptionmethod" => intval($user['options']['subscriptionmethod']),
"receivepms" => $user['options']['receivepms'],
"receivefrombuddy" => $user['options']['receivefrombuddy'],
"pmnotice" => $user['options']['pmnotice'],
"pmnotify" => $user['options']['emailpmnotify'],
"showsigs" => $user['options']['showsigs'],
"showavatars" => $user['options']['showavatars'],
"showquickreply" => $user['options']['showquickreply'],
"showredirect" => $user['options']['showredirect'],
"tpp" => intval($user['options']['tpp']),
"ppp" => intval($user['options']['ppp']),
"invisible" => $user['options']['invisible'],
"style" => intval($user['style']),
"timezone" => $db->escape_string($user['timezone']),
"dstcorrection" => intval($user['options']['dstcorrection']),
"threadmode" => $user['options']['threadmode'],
"daysprune" => intval($user['options']['daysprune']),
"dateformat" => $db->escape_string($user['dateformat']),
"timeformat" => $db->escape_string($user['timeformat']),
"regip" => $db->escape_string($user['regip']),
"longregip" => intval(my_ip2long($user['regip'])),
"language" => $db->escape_string($user['language']),
"showcodebuttons" => $user['options']['showcodebuttons'],
"away" => $user['away']['away'],
"awaydate" => $user['away']['date'],
"returndate" => $user['away']['returndate'],
"awayreason" => $db->escape_string($user['away']['awayreason']),
"notepad" => $db->escape_string($user['notepad']),
"referrer" => intval($user['referrer_uid']),
"referrals" => 0,
"buddylist" => '',
"ignorelist" => '',
"pmfolders" => '',
"notepad" => '',
"warningpoints" => 0,
"moderateposts" => 0,
"moderationtime" => 0,
"suspendposting" => 0,
"suspensiontime" => 0,
"coppauser" => intval($user['coppa_user']),
"classicpostbit" => $user['options']['classicpostbit'],
"usernotes" => ''
);
if($user['options']['dstcorrection'] == 1)
{
$this->user_insert_data['dst'] = 1;
}
else if($user['options']['dstcorrection'] == 0)
{
$this->user_insert_data['dst'] = 0;
}
if(method_exists($plugins, "run_hooks_by_ref"))
{
$plugins->run_hooks_by_ref("datahandler_user_insert", $this);
}
$this->uid = $db->insert_query("users", $this->user_insert_data);
$user['user_fields']['ufid'] = $this->uid;
$query = $db->simple_select("profilefields", "fid");
while($profile_field = $db->fetch_array($query))
{
if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields']))
{
continue;
}
$user['user_fields']["fid{$profile_field['fid']}"] = '';
}
$division = $db->escape_string($_POST['profile_fields[fid4]']);
$username = $db->escape_string($_POST['username']);
if ($division=="Bot) /* Time to KO bots
{
$db->write_query("UPDATE ".TABLE_PREFIX."users
SET usergroup='7'
WHERE username='$username'");
$query = $db->query("SELECT uid, username
FROM ".TABLE_PREFIX."users
WHERE username ='$username'");
$userinfo = $db->fetch_array($query);
$ban = array(
"uid" = $userinfo['uid'],
"gid" = 7,
"oldgroup" = 2,
"olddisplaygroup" = 0,
"admin" = 78,
"dateline" = TIME_NOW,
"bantime" = "---",
"lifted" = 0,
"reason" = "*Arceus used Judgment!*"
);
$db->insert_query("banned", $ban);
$cache->update_banned();
$cache->update_user();
}
$db->insert_query("userfields", $user['user_fields'], false);
if($this->user_insert_data['referrer'] != 0)
{
$db->write_query("
UPDATE ".TABLE_PREFIX."users
SET referrals=referrals+1
WHERE uid='{$this->user_insert_data['referrer']}'
");
}
// Update forum stats
update_stats(array('numusers' => '+1'));
return array(
"uid" => $this->uid,
"username" => $user['username'],
"loginkey" => $user['loginkey'],
"email" => $user['email'],
"password" => $user['password'],
"usergroup" => $user['usergroup']
);
}
What I wanted the modification to do was ban a user that selects Bot as their division which is profile field 4 when they register. When someone tries to register or update options on User CP, it gives a 500 error code. I didn't modify the update_user function at all.
url: http://www.teamrogue.info/forums