public function get_new_author_info($username) { // Who is the new uploader? if (!$username) { return false; } $user_id = 0; if ($username) { if (!function_exists('user_get_id_name')) { $this->url->_include('functions_user', 'phpbb'); } user_get_id_name($user_id, $username); } if (empty($user_id)) { return false; } $sql = 'SELECT username, user_colour, user_id FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id[0]; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); return $row; }
/** * For composing messages, handle list actions */ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_to, $add_bcc) { global $auth, $db; // Delete User [TO/BCC] if ($remove_u) { $remove_user_id = array_keys($_REQUEST['remove_u']); unset($address_list['u'][(int) $remove_user_id[0]]); } // Delete Group [TO/BCC] if ($remove_g) { $remove_group_id = array_keys($_REQUEST['remove_g']); unset($address_list['g'][(int) $remove_group_id[0]]); } // Add User/Group [TO] if ($add_to || $add_bcc) { $type = $add_to ? 'to' : 'bcc'; // Add Selected Groups $group_list = request_var('group_list', array(0)); if (sizeof($group_list)) { foreach ($group_list as $group_id) { $address_list['g'][$group_id] = $type; } } // User ID's to add... $user_id_ary = array(); // Build usernames to add $usernames = isset($_REQUEST['username']) ? array(request_var('username', '', true)) : array(); $username_list = request_var('username_list', '', true); if ($username_list) { $usernames = array_merge($usernames, explode("\n", $username_list)); } // Reveal the correct user_ids if (sizeof($usernames)) { $user_id_ary = array(); user_get_id_name($user_id_ary, $usernames); } // Add Friends if specified $friend_list = is_array($_REQUEST['add_' . $type]) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array(); $user_id_ary = array_merge($user_id_ary, $friend_list); if (sizeof($user_id_ary)) { // We need to check their PM status (do they want to receive PM's?) // Only check if not a moderator or admin, since they are allowed to override this user setting if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE user_id IN (' . implode(', ', $user_id_ary) . ') AND user_allow_pm = 1'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $address_list['u'][$row['user_id']] = $type; } $db->sql_freeresult($result); } else { foreach ($user_id_ary as $user_id) { $address_list['u'][$user_id] = $type; } } } } }
function cleanup() { global $auth, $cache, $db, $template, $user, $phpbb_ext_gallery, $table_prefix, $phpbb_container, $request; $delete = isset($_POST['delete']) ? true : false; $prune = isset($_POST['prune']) ? true : false; $submit = isset($_POST['submit']) ? true : false; $missing_sources = $request->variable('source', array(0)); $missing_entries = $request->variable('entry', array(''), true); $missing_authors = $request->variable('author', array(0), true); $missing_comments = $request->variable('comment', array(0), true); $missing_personals = $request->variable('personal', array(0), true); $personals_bad = $request->variable('personal_bad', array(0), true); $prune_pattern = $request->variable('prune_pattern', array('' => ''), true); $move_to_import = $request->variable('move_to_import', 0); $new_author = $request->variable('new_author', ''); $gallery_album = $phpbb_container->get('phpbbgallery.core.album'); $core_cleanup = $phpbb_container->get('phpbbgallery.acpcleanup.cleanup'); $gallery_auth = $phpbb_container->get('phpbbgallery.core.auth'); $gallery_config = $phpbb_container->get('phpbbgallery.core.config'); // Lets detect if ACP Import exists (find if directory is with RW access) $acp_import_installed = false; $acp_import_dir = $phpbb_ext_gallery->url->path('import'); if (file_exists($acp_import_dir) && is_writable($acp_import_dir)) { $acp_import_installed = true; } if ($prune && empty($prune_pattern)) { $prune_pattern['image_album_id'] = implode(',', $request->variable('prune_album_ids', array(0))); if (isset($_POST['prune_username_check'])) { $usernames = $request->variable('prune_usernames', '', true); $usernames = explode("\n", $usernames); $prune_pattern['image_user_id'] = array(); if (!empty($usernames)) { if (!function_exists('user_get_id_name')) { $phpbb_ext_gallery->url->_include('functions_user', 'phpbb'); } user_get_id_name($user_ids, $usernames); $prune_pattern['image_user_id'] = $user_ids; } if (isset($_POST['prune_anonymous'])) { $prune_pattern['image_user_id'][] = ANONYMOUS; } $prune_pattern['image_user_id'] = implode(',', $prune_pattern['image_user_id']); } if (isset($_POST['prune_time_check'])) { $prune_time = explode('-', $request->variable('prune_time', '')); if (sizeof($prune_time) == 3) { $prune_pattern['image_time'] = @gmmktime(0, 0, 0, (int) $prune_time[1], (int) $prune_time[2], (int) $prune_time[0]); } } if (isset($_POST['prune_comments_check'])) { $prune_pattern['image_comments'] = $request->variable('prune_comments', 0); } if (isset($_POST['prune_ratings_check'])) { $prune_pattern['image_rates'] = $request->variable('prune_ratings', 0); } if (isset($_POST['prune_rating_avg_check'])) { $prune_pattern['image_rate_avg'] = (int) ($request->variable('prune_rating_avg', 0.0) * 100); } } $s_hidden_fields = build_hidden_fields(array('source' => $missing_sources, 'entry' => $missing_entries, 'author' => $missing_authors, 'comment' => $missing_comments, 'personal' => $missing_personals, 'personal_bad' => $personals_bad, 'prune_pattern' => $prune_pattern, 'move_to_import' => $move_to_import)); if ($submit) { $user_id = 1; if ($new_author) { $user_id = 0; if (!function_exists('user_get_id_name')) { $phpbb_ext_gallery->url->_include('functions_user', 'phpbb'); } user_get_id_name($user_id, $new_author); if (is_array($user_id) && !empty($user_id)) { $user_id = $user_id[0]; } if (!$user_id) { trigger_error($user->lang('CLEAN_USER_NOT_FOUND', $new_author) . adm_back_link($this->u_action), E_USER_WARNING); } } if ($missing_authors) { $sql = 'UPDATE ' . $table_prefix . 'gallery_images SET image_user_id = ' . $user_id . ",\n\t\t\t\t\t\timage_user_colour = ''\n\t\t\t\t\tWHERE " . $db->sql_in_set('image_id', $missing_authors); $db->sql_query($sql); } if ($missing_comments) { $sql = 'UPDATE ' . $table_prefix . 'gallery_comments SET comment_user_id = ' . $user_id . ",\n\t\t\t\t\t\tcomment_user_colour = ''\n\t\t\t\t\tWHERE " . $db->sql_in_set('comment_id', $missing_comments); $db->sql_query($sql); } trigger_error($user->lang['CLEAN_CHANGED'] . adm_back_link($this->u_action)); } if (confirm_box(true)) { $message = array(); if ($missing_entries) { if ($acp_import_installed && $move_to_import) { foreach ($missing_entries as $entrie) { copy($phpbb_ext_gallery->url->path('upload') . '/' . $entrie, $phpbb_ext_gallery->url->path('import') . '/' . $entrie); } } $message[] = $core_cleanup->delete_files($missing_entries); } if ($missing_sources) { $message[] = $core_cleanup->delete_images($missing_sources); } if ($missing_authors) { $message[] = $core_cleanup->delete_author_images($missing_entries); } if ($missing_comments) { $message[] = $core_cleanup->delete_author_comments($missing_comments); } if ($missing_personals || $personals_bad) { $message = array_merge($message, $core_cleanup->delete_pegas($personals_bad, $missing_personals)); // Only do this, when we changed something about the albums $cache->destroy('_albums'); $gallery_auth->set_user_permissions('all', ''); } if ($prune_pattern) { $message[] = $core_cleanup->prune($prune_pattern); } if (empty($message)) { trigger_error($user->lang['CLEAN_NO_ACTION'] . adm_back_link($this->u_action), E_USER_WARNING); } // Make sure the overall image & comment count is correct... $sql = 'SELECT COUNT(image_id) AS num_images, SUM(image_comments) AS num_comments FROM ' . $table_prefix . 'gallery_images WHERE image_status <> ' . \phpbbgallery\core\image\image::STATUS_UNAPPROVED; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $gallery_config->set('num_images', $row['num_images']); $gallery_config->set('num_comments', $row['num_comments']); $cache->destroy('sql', $table_prefix . 'gallery_albums'); $cache->destroy('sql', $table_prefix . 'gallery_comments'); $cache->destroy('sql', $table_prefix . 'gallery_images'); $cache->destroy('sql', $table_prefix . 'gallery_rates'); $cache->destroy('sql', $table_prefix . 'gallery_reports'); $cache->destroy('sql', $table_prefix . 'gallery_watch'); $message_string = ''; foreach ($message as $lang_key) { $message_string .= ($message_string ? '<br />' : '') . $user->lang[$lang_key]; } trigger_error($message_string . adm_back_link($this->u_action)); } else { if ($delete || $prune || isset($_POST['cancel'])) { if (isset($_POST['cancel'])) { trigger_error($user->lang['CLEAN_GALLERY_ABORT'] . adm_back_link($this->u_action), E_USER_WARNING); } else { $user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN']; if ($missing_sources) { $user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN_SOURCES'] . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM']; } if ($missing_entries) { $user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN_ENTRIES'] . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM']; } if ($missing_authors) { $core_cleanup->delete_author_images($missing_authors); $user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN_AUTHORS'] . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM']; } if ($missing_comments) { $user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN_COMMENTS'] . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM']; } if ($personals_bad || $missing_personals) { $sql = 'SELECT album_name, album_user_id FROM ' . $table_prefix . 'gallery_albums WHERE ' . $db->sql_in_set('album_user_id', array_merge($missing_personals, $personals_bad)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (in_array($row['album_user_id'], $personals_bad)) { $personals_bad_names[] = $row['album_name']; } else { $missing_personals_names[] = $row['album_name']; } } $db->sql_freeresult($result); } if ($missing_personals) { $user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang('CONFIRM_CLEAN_PERSONALS', implode(', ', $missing_personals_names)) . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM']; } if ($personals_bad) { $user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang('CONFIRM_CLEAN_PERSONALS_BAD', implode(', ', $personals_bad_names)) . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM']; } if ($prune && empty($prune_pattern)) { trigger_error($user->lang['CLEAN_PRUNE_NO_PATTERN'] . adm_back_link($this->u_action), E_USER_WARNING); } elseif ($prune && $prune_pattern) { $user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang('CONFIRM_PRUNE', $core_cleanup->lang_prune_pattern($prune_pattern)) . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM']; } confirm_box(false, 'CLEAN_GALLERY', $s_hidden_fields); } } } $requested_source = array(); $sql_array = array('SELECT' => 'i.image_id, i.image_name, i.image_filemissing, i.image_filename, i.image_username, u.user_id', 'FROM' => array($table_prefix . 'gallery_images' => 'i'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = i.image_user_id'))); $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if ($row['image_filemissing']) { $template->assign_block_vars('sourcerow', array('IMAGE_ID' => $row['image_id'], 'IMAGE_NAME' => $row['image_name'])); } if (!$row['user_id']) { $template->assign_block_vars('authorrow', array('IMAGE_ID' => $row['image_id'], 'AUTHOR_NAME' => $row['image_username'])); } $requested_source[] = $row['image_filename']; } $db->sql_freeresult($result); $check_mode = $request->variable('check_mode', ''); if ($check_mode == 'source') { $source_missing = array(); // Reset the status: a image might have been viewed without file but the file is back $sql = 'UPDATE ' . $table_prefix . 'gallery_images SET image_filemissing = 0'; $db->sql_query($sql); $sql = 'SELECT image_id, image_filename, image_filemissing FROM ' . $table_prefix . 'gallery_images'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (!file_exists($phpbb_ext_gallery->url->path('upload') . $row['image_filename'])) { $source_missing[] = $row['image_id']; } } $db->sql_freeresult($result); if ($source_missing) { $sql = 'UPDATE ' . $table_prefix . "gallery_images\n\t\t\t\t\tSET image_filemissing = 1\n\t\t\t\t\tWHERE " . $db->sql_in_set('image_id', $source_missing); $db->sql_query($sql); } } if ($check_mode == 'entry') { $directory = $phpbb_ext_gallery->url->path('upload'); $handle = opendir($directory); while ($file = readdir($handle)) { if (!is_dir($directory . $file) && (substr(strtolower($file), '-4') == '.png' || substr(strtolower($file), '-4') == '.gif' || substr(strtolower($file), '-4') == '.jpg') && !in_array($file, $requested_source)) { if (strpos($file, 'image_not_exist') !== false || strpos($file, 'not_authorised') !== false || strpos($file, 'no_hotlinking') !== false) { continue; } $template->assign_block_vars('entryrow', array('FILE_NAME' => utf8_encode($file))); } } closedir($handle); } $sql_array = array('SELECT' => 'c.comment_id, c.comment_image_id, c.comment_username, u.user_id', 'FROM' => array($table_prefix . 'gallery_comments' => 'c'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = c.comment_user_id'))); $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (!$row['user_id']) { $template->assign_block_vars('commentrow', array('COMMENT_ID' => $row['comment_id'], 'IMAGE_ID' => $row['comment_image_id'], 'AUTHOR_NAME' => $row['comment_username'])); } } $db->sql_freeresult($result); $sql_array = array('SELECT' => 'a.album_id, a.album_user_id, a.album_name, u.user_id, a.album_images_real', 'FROM' => array($table_prefix . 'gallery_albums' => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = a.album_user_id')), 'WHERE' => 'a.album_user_id <> ' . $gallery_album->get_public() . ' AND a.parent_id = 0'); $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $personalrow = $personal_bad_row = array(); while ($row = $db->sql_fetchrow($result)) { $album = array('user_id' => $row['album_user_id'], 'album_id' => $row['album_id'], 'album_name' => $row['album_name'], 'images' => $row['album_images_real']); if (!$row['user_id']) { $personalrow[$row['album_user_id']] = $album; } $personal_bad_row[$row['album_user_id']] = $album; } $db->sql_freeresult($result); $sql = 'SELECT ga.album_user_id, ga.album_images_real FROM ' . $table_prefix . 'gallery_albums ga WHERE ga.album_user_id <> ' . $gallery_album->get_public() . ' AND ga.parent_id <> 0'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (isset($personalrow[$row['album_user_id']])) { $personalrow[$row['album_user_id']]['images'] = $personalrow[$row['album_user_id']]['images'] + $row['album_images_real']; } $personal_bad_row[$row['album_user_id']]['images'] = $personal_bad_row[$row['album_user_id']]['images'] + $row['album_images_real']; } $db->sql_freeresult($result); foreach ($personalrow as $key => $row) { $template->assign_block_vars('personalrow', array('USER_ID' => $row['user_id'], 'ALBUM_ID' => $row['album_id'], 'AUTHOR_NAME' => $row['album_name'])); } foreach ($personal_bad_row as $key => $row) { $template->assign_block_vars('personal_bad_row', array('USER_ID' => $row['user_id'], 'ALBUM_ID' => $row['album_id'], 'AUTHOR_NAME' => $row['album_name'], 'IMAGES' => $row['images'])); } $template->assign_vars(array('S_GALLERY_MANAGE_RESTS' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_GALLERY_CLEANUP'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_GALLERY_CLEANUP_EXPLAIN'], 'ACP_IMPORT_INSTALLED' => $acp_import_installed, 'CHECK_SOURCE' => $this->u_action . '&check_mode=source', 'CHECK_ENTRY' => $this->u_action . '&check_mode=entry', 'U_FIND_USERNAME' => $phpbb_ext_gallery->url->append_sid('phpbb', 'memberlist', 'mode=searchuser&form=acp_gallery&field=prune_usernames'), 'S_SELECT_ALBUM' => $gallery_album->get_albumbox(false, '', false, false, false, $gallery_album->get_public(), $gallery_album->get_type_upload()), 'S_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false)); }
function main($id, $mode) { global $db, $user, $auth, $template, $phpbb_container, $request; global $config, $phpbb_root_path, $phpEx; if (!function_exists('user_get_id_name')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } if (!class_exists('auth_admin')) { include $phpbb_root_path . 'includes/acp/auth.' . $phpEx; } $this->permissions = $phpbb_container->get('acl.permissions'); $auth_admin = new auth_admin(); $user->add_lang('acp/permissions'); add_permission_language(); $this->tpl_name = 'acp_permissions'; // Trace has other vars if ($mode == 'trace') { $user_id = $request->variable('u', 0); $forum_id = $request->variable('f', 0); $permission = $request->variable('auth', ''); $this->tpl_name = 'permission_trace'; if ($user_id && isset($auth_admin->acl_options['id'][$permission]) && $auth->acl_get('a_viewauth')) { $this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $this->permissions->get_permission_lang($permission)); $this->permission_trace($user_id, $forum_id, $permission); return; } trigger_error('NO_MODE', E_USER_ERROR); } // Copy forum permissions if ($mode == 'setting_forum_copy') { $this->tpl_name = 'permission_forum_copy'; if ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth')) { $this->page_title = 'ACP_FORUM_PERMISSIONS_COPY'; $this->copy_forum_permissions(); return; } trigger_error('NO_MODE', E_USER_ERROR); } // Set some vars $action = $request->variable('action', array('' => 0)); $action = key($action); $action = isset($_POST['psubmit']) ? 'apply_permissions' : $action; $all_forums = $request->variable('all_forums', 0); $subforum_id = $request->variable('subforum_id', 0); $forum_id = $request->variable('forum_id', array(0)); $username = $request->variable('username', array(''), true); $usernames = $request->variable('usernames', '', true); $user_id = $request->variable('user_id', array(0)); $group_id = $request->variable('group_id', array(0)); $select_all_groups = $request->variable('select_all_groups', 0); $form_name = 'acp_permissions'; add_form_key($form_name); // If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen) if ($select_all_groups) { // Add default groups to selection $sql_and = !$config['coppa_enable'] ? " AND group_name <> 'REGISTERED_COPPA'" : ''; $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . ' WHERE group_type = ' . GROUP_SPECIAL . "\n\t\t\t\t{$sql_and}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $group_id[] = $row['group_id']; } $db->sql_freeresult($result); } // Map usernames to ids and vice versa if ($usernames) { $username = explode("\n", $usernames); } unset($usernames); if (sizeof($username) && !sizeof($user_id)) { user_get_id_name($user_id, $username); if (!sizeof($user_id)) { trigger_error($user->lang['SELECTED_USER_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING); } } unset($username); // Build forum ids (of all forums are checked or subforum listing used) if ($all_forums) { $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' ORDER BY left_id'; $result = $db->sql_query($sql); $forum_id = array(); while ($row = $db->sql_fetchrow($result)) { $forum_id[] = (int) $row['forum_id']; } $db->sql_freeresult($result); } else { if ($subforum_id) { $forum_id = array(); foreach (get_forum_branch($subforum_id, 'children') as $row) { $forum_id[] = (int) $row['forum_id']; } } } // Define some common variables for every mode $permission_scope = strpos($mode, '_global') !== false ? 'global' : 'local'; // Showing introductionary page? if ($mode == 'intro') { $this->page_title = 'ACP_PERMISSIONS'; $template->assign_vars(array('S_INTRO' => true)); return; } switch ($mode) { case 'setting_user_global': case 'setting_group_global': $this->permission_dropdown = array('u_', 'm_', 'a_'); $permission_victim = $mode == 'setting_user_global' ? array('user') : array('group'); $this->page_title = $mode == 'setting_user_global' ? 'ACP_USERS_PERMISSIONS' : 'ACP_GROUPS_PERMISSIONS'; break; case 'setting_user_local': case 'setting_group_local': $this->permission_dropdown = array('f_', 'm_'); $permission_victim = $mode == 'setting_user_local' ? array('user', 'forums') : array('group', 'forums'); $this->page_title = $mode == 'setting_user_local' ? 'ACP_USERS_FORUM_PERMISSIONS' : 'ACP_GROUPS_FORUM_PERMISSIONS'; break; case 'setting_admin_global': case 'setting_mod_global': $this->permission_dropdown = strpos($mode, '_admin_') !== false ? array('a_') : array('m_'); $permission_victim = array('usergroup'); $this->page_title = $mode == 'setting_admin_global' ? 'ACP_ADMINISTRATORS' : 'ACP_GLOBAL_MODERATORS'; break; case 'setting_mod_local': case 'setting_forum_local': $this->permission_dropdown = $mode == 'setting_mod_local' ? array('m_') : array('f_'); $permission_victim = array('forums', 'usergroup'); $this->page_title = $mode == 'setting_mod_local' ? 'ACP_FORUM_MODERATORS' : 'ACP_FORUM_PERMISSIONS'; break; case 'view_admin_global': case 'view_user_global': case 'view_mod_global': $this->permission_dropdown = $mode == 'view_admin_global' ? array('a_') : ($mode == 'view_user_global' ? array('u_') : array('m_')); $permission_victim = array('usergroup_view'); $this->page_title = $mode == 'view_admin_global' ? 'ACP_VIEW_ADMIN_PERMISSIONS' : ($mode == 'view_user_global' ? 'ACP_VIEW_USER_PERMISSIONS' : 'ACP_VIEW_GLOBAL_MOD_PERMISSIONS'); break; case 'view_mod_local': case 'view_forum_local': $this->permission_dropdown = $mode == 'view_mod_local' ? array('m_') : array('f_'); $permission_victim = array('forums', 'usergroup_view'); $this->page_title = $mode == 'view_mod_local' ? 'ACP_VIEW_FORUM_MOD_PERMISSIONS' : 'ACP_VIEW_FORUM_PERMISSIONS'; break; default: trigger_error('NO_MODE', E_USER_ERROR); break; } $template->assign_vars(array('L_TITLE' => $user->lang[$this->page_title], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'])); // Get permission type $permission_type = $request->variable('type', $this->permission_dropdown[0]); if (!in_array($permission_type, $this->permission_dropdown)) { trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING); } // Handle actions if (strpos($mode, 'setting_') === 0 && $action) { switch ($action) { case 'delete': if (confirm_box(true)) { // All users/groups selected? $all_users = isset($_POST['all_users']) ? true : false; $all_groups = isset($_POST['all_groups']) ? true : false; if ($all_users || $all_groups) { $items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type); if ($all_users && sizeof($items['user_ids'])) { $user_id = $items['user_ids']; } else { if ($all_groups && sizeof($items['group_ids'])) { $group_id = $items['group_ids']; } } } if (sizeof($user_id) || sizeof($group_id)) { $this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id); } else { trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING); } } else { if (isset($_POST['cancel'])) { $u_redirect = $this->u_action . '&type=' . $permission_type; foreach ($forum_id as $fid) { $u_redirect .= '&forum_id[]=' . $fid; } redirect($u_redirect); } $s_hidden_fields = array('i' => $id, 'mode' => $mode, 'action' => array($action => 1), 'user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'type' => $permission_type); if (isset($_POST['all_users'])) { $s_hidden_fields['all_users'] = 1; } if (isset($_POST['all_groups'])) { $s_hidden_fields['all_groups'] = 1; } confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); } break; case 'apply_permissions': if (!isset($_POST['setting'])) { send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; case 'apply_all_permissions': if (!isset($_POST['setting'])) { send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; } } // Go through the screens/options needed and present them in correct order foreach ($permission_victim as $victim) { switch ($victim) { case 'forum_dropdown': if (sizeof($forum_id)) { $this->check_existence('forum', $forum_id); continue 2; } $template->assign_vars(array('S_SELECT_FORUM' => true, 'S_FORUM_OPTIONS' => make_forum_select(false, false, true, false, false))); break; case 'forums': if (sizeof($forum_id)) { $this->check_existence('forum', $forum_id); continue 2; } $forum_list = make_forum_select(false, false, true, false, false, false, true); // Build forum options $s_forum_options = ''; foreach ($forum_list as $f_id => $f_row) { $s_forum_options .= '<option value="' . $f_id . '"' . ($f_row['selected'] ? ' selected="selected"' : '') . ($f_row['disabled'] ? ' disabled="disabled" class="disabled-option"' : '') . '>' . $f_row['padding'] . $f_row['forum_name'] . '</option>'; } // Build subforum options $s_subforum_options = $this->build_subforum_options($forum_list); $template->assign_vars(array('S_SELECT_FORUM' => true, 'S_FORUM_OPTIONS' => $s_forum_options, 'S_SUBFORUM_OPTIONS' => $s_subforum_options, 'S_FORUM_ALL' => true, 'S_FORUM_MULTIPLE' => true)); break; case 'user': if (sizeof($user_id)) { $this->check_existence('user', $user_id); continue 2; } $template->assign_vars(array('S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=select_victim&field=username&select_single=true'))); break; case 'group': if (sizeof($group_id)) { $this->check_existence('group', $group_id); continue 2; } $template->assign_vars(array('S_SELECT_GROUP' => true, 'S_GROUP_OPTIONS' => group_select_options(false, false, false))); break; case 'usergroup': case 'usergroup_view': $all_users = isset($_POST['all_users']) ? true : false; $all_groups = isset($_POST['all_groups']) ? true : false; if (sizeof($user_id) && !$all_users || sizeof($group_id) && !$all_groups) { if (sizeof($user_id)) { $this->check_existence('user', $user_id); } if (sizeof($group_id)) { $this->check_existence('group', $group_id); } continue 2; } // Now we check the users... because the "all"-selection is different here (all defined users/groups) $items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type); if ($all_users && sizeof($items['user_ids'])) { $user_id = $items['user_ids']; continue 2; } if ($all_groups && sizeof($items['group_ids'])) { $group_id = $items['group_ids']; continue 2; } $template->assign_vars(array('S_SELECT_USERGROUP' => $victim == 'usergroup' ? true : false, 'S_SELECT_USERGROUP_VIEW' => $victim == 'usergroup_view' ? true : false, 'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'], 'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'], 'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids'], false), 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=add_user&field=username&select_single=true'))); break; } // The S_ALLOW_SELECT parameter below is a measure to lower memory usage. // If there are more than 5 forums selected the admin is not able to select all users/groups too. // We need to see if the number of forums can be increased or need to be decreased. // Setting permissions screen $s_hidden_fields = build_hidden_fields(array('user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'type' => $permission_type)); $template->assign_vars(array('U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_VICTIM' => true, 'S_ALLOW_ALL_SELECT' => sizeof($forum_id) > 5 ? false : true, 'S_CAN_SELECT_USER' => $auth->acl_get('a_authusers') ? true : false, 'S_CAN_SELECT_GROUP' => $auth->acl_get('a_authgroups') ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); // Let the forum names being displayed if (sizeof($forum_id)) { $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $forum_id) . ' ORDER BY left_id ASC'; $result = $db->sql_query($sql); $forum_names = array(); while ($row = $db->sql_fetchrow($result)) { $forum_names[] = $row['forum_name']; } $db->sql_freeresult($result); $template->assign_vars(array('S_FORUM_NAMES' => sizeof($forum_names) ? true : false, 'FORUM_NAMES' => implode($user->lang['COMMA_SEPARATOR'], $forum_names))); } return; } // Setting permissions screen $s_hidden_fields = build_hidden_fields(array('user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'type' => $permission_type)); // Do not allow forum_ids being set and no other setting defined (will bog down the server too much) if (sizeof($forum_id) && !sizeof($user_id) && !sizeof($group_id)) { trigger_error($user->lang['ONLY_FORUM_DEFINED'] . adm_back_link($this->u_action), E_USER_WARNING); } $template->assign_vars(array('S_PERMISSION_DROPDOWN' => sizeof($this->permission_dropdown) > 1 ? $this->build_permission_dropdown($this->permission_dropdown, $permission_type, $permission_scope) : false, 'L_PERMISSION_TYPE' => $this->permissions->get_type_lang($permission_type), 'U_ACTION' => $this->u_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); if (strpos($mode, 'setting_') === 0) { $template->assign_vars(array('S_SETTING_PERMISSIONS' => true)); $hold_ary = $auth_admin->get_mask('set', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO); $auth_admin->display_mask('set', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false); } else { $template->assign_vars(array('S_VIEWING_PERMISSIONS' => true)); $hold_ary = $auth_admin->get_mask('view', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NEVER); $auth_admin->display_mask('view', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false); } }
/** * Get user_ids/usernames from those being pruned */ function get_prune_users(&$user_ids, &$usernames) { global $user, $db, $request; $users_by_name = $request->variable('users', '', true); $users_by_id = $request->variable('user_ids', array(0)); $group_id = $request->variable('group_id', 0); $posts_on_queue = trim($request->variable('posts_on_queue', '')) === '' ? false : $request->variable('posts_on_queue', 0); if ($users_by_name) { $users = explode("\n", $users_by_name); $where_sql = ' AND ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', $users)); } else { if (!empty($users_by_id)) { $user_ids = $users_by_id; user_get_id_name($user_ids, $usernames); $where_sql = ' AND ' . $db->sql_in_set('user_id', $user_ids); } else { $username = $request->variable('username', '', true); $email = $request->variable('email', ''); $active_select = $request->variable('active_select', 'lt'); $count_select = $request->variable('count_select', 'eq'); $queue_select = $request->variable('queue_select', 'gt'); $joined_before = $request->variable('joined_before', ''); $joined_after = $request->variable('joined_after', ''); $active = $request->variable('active', ''); $count = $request->variable('count', '') === '' ? false : $request->variable('count', 0); $active = $active ? explode('-', $active) : array(); $joined_before = $joined_before ? explode('-', $joined_before) : array(); $joined_after = $joined_after ? explode('-', $joined_after) : array(); // calculate the conditions required by the join time criteria $joined_sql = ''; if (!empty($joined_before) && !empty($joined_after)) { // if the two entered dates are equal, we need to adjust // so that our time range is a full day instead of 1 second if ($joined_after == $joined_before) { $joined_after[2] += 1; } $joined_sql = ' AND user_regdate BETWEEN ' . gmmktime(0, 0, 0, (int) $joined_after[1], (int) $joined_after[2], (int) $joined_after[0]) . ' AND ' . gmmktime(0, 0, 0, (int) $joined_before[1], (int) $joined_before[2], (int) $joined_before[0]); } else { if (empty($joined_before) && !empty($joined_after)) { $joined_sql = ' AND user_regdate > ' . gmmktime(0, 0, 0, (int) $joined_after[1], (int) $joined_after[2], (int) $joined_after[0]); } else { if (empty($joined_after) && !empty($joined_before)) { $joined_sql = ' AND user_regdate < ' . gmmktime(0, 0, 0, (int) $joined_before[1], (int) $joined_before[2], (int) $joined_before[0]); } } } // implicit else when both arrays are empty do nothing if (sizeof($active) && sizeof($active) != 3 || sizeof($joined_before) && sizeof($joined_before) != 3 || sizeof($joined_after) && sizeof($joined_after) != 3) { trigger_error($user->lang['WRONG_ACTIVE_JOINED_DATE'] . adm_back_link($this->u_action), E_USER_WARNING); } $key_match = array('lt' => '<', 'gt' => '>', 'eq' => '='); $sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit'); $where_sql = ''; $where_sql .= $username ? ' AND username_clean ' . $db->sql_like_expression(str_replace('*', $db->get_any_char(), utf8_clean_string($username))) : ''; $where_sql .= $email ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->get_any_char(), $email)) . ' ' : ''; $where_sql .= $joined_sql; $where_sql .= $count !== false ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : ''; // First handle pruning of users who never logged in, last active date is 0000-00-00 if (sizeof($active) && (int) $active[0] == 0 && (int) $active[1] == 0 && (int) $active[2] == 0) { $where_sql .= ' AND user_lastvisit = 0'; } else { if (sizeof($active) && $active_select != 'lt') { $where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]); } else { if (sizeof($active)) { $where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')'; } } } } } // If no search criteria were provided, go no further. if (!$where_sql && !$group_id && $posts_on_queue === false) { return; } // Get bot ids $sql = 'SELECT user_id FROM ' . BOTS_TABLE; $result = $db->sql_query($sql); $bot_ids = array(); while ($row = $db->sql_fetchrow($result)) { $bot_ids[] = $row['user_id']; } $db->sql_freeresult($result); // Protect the admin, do not prune if no options are given... if ($where_sql) { // Do not prune founder members $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' WHERE user_id <> ' . ANONYMOUS . ' AND user_type <> ' . USER_FOUNDER . "\n\t\t\t\t{$where_sql}"; $result = $db->sql_query($sql); $user_ids = $usernames = array(); while ($row = $db->sql_fetchrow($result)) { // Do not prune bots and the user currently pruning. if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids)) { $user_ids[] = $row['user_id']; $usernames[$row['user_id']] = $row['username']; } } $db->sql_freeresult($result); } if ($group_id) { $sql = 'SELECT u.user_id, u.username FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u WHERE ug.group_id = ' . (int) $group_id . ' AND ug.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ug.user_pending = 0 AND u.user_id = ug.user_id ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : ''); $result = $db->sql_query($sql); // we're performing an intersection operation, so all the relevant users // come from this most recent query (which was limited to the results of the // previous query) $user_ids = $usernames = array(); while ($row = $db->sql_fetchrow($result)) { // Do not prune bots and the user currently pruning. if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids)) { $user_ids[] = $row['user_id']; $usernames[$row['user_id']] = $row['username']; } } $db->sql_freeresult($result); } if ($posts_on_queue !== false) { $sql = 'SELECT u.user_id, u.username, COUNT(p.post_id) AS queue_posts FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u WHERE u.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ' . $db->sql_in_set('p.post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)) . ' AND u.user_id = p.poster_id ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('p.poster_id', $user_ids) : '') . ' GROUP BY p.poster_id HAVING queue_posts ' . $key_match[$queue_select] . ' ' . $posts_on_queue; $result = $db->sql_query($sql); // same intersection logic as the above group ID portion $user_ids = $usernames = array(); while ($row = $db->sql_fetchrow($result)) { // Do not prune bots and the user currently pruning. if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids)) { $user_ids[] = $row['user_id']; $usernames[$row['user_id']] = $row['username']; } } $db->sql_freeresult($result); } }
function overview() { global $auth, $config, $db, $template, $user, $phpbb_ext_gallery, $table_prefix, $phpbb_dispatcher, $phpbb_root_path; global $phpbb_container, $request; $phpbbgallery_core_file = $phpbb_root_path . 'files/phpbbgallery/core'; $phpbbgallery_core_file_medium = $phpbb_root_path . 'files/phpbbgallery/core/medium'; $phpbbgallery_core_file_mini = $phpbb_root_path . 'files/phpbbgallery/core/mini'; $phpbbgallery_core_file_source = $phpbb_root_path . 'files/phpbbgallery/core/source'; $albums_table = $table_prefix . 'gallery_albums'; $roles_table = $table_prefix . 'gallery_roles'; $permissions_table = $table_prefix . 'gallery_permissions'; $modscache_table = $table_prefix . 'gallery_modscache'; $contests_table = $table_prefix . 'gallery_contests'; $users_table = $table_prefix . 'gallery_users'; $images_table = $table_prefix . 'gallery_images'; // Init album $phpbb_ext_gallery_core_album = $phpbb_container->get('phpbbgallery.core.album'); // init users $phpbb_gallery_user = $phpbb_container->get('phpbbgallery.core.user'); // init image $phpbb_gallery_image = $phpbb_container->get('phpbbgallery.core.image'); // init config $phpbb_ext_gallery_config = $phpbb_container->get('phpbbgallery.core.config'); $action = $request->variable('action', ''); $id = $request->variable('i', ''); $mode = 'overview'; // before we start let's check if directory structure is OK if (!is_writable($phpbb_root_path . 'files')) { $template->assign_vars(array('U_FILE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_FILE_DIR_STATE_ERROR' => 1, 'U_CORE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_CORE_DIR_STATE_ERROR' => 1, 'U_MEDIUM_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_MEDIUM_DIR_STATE_ERROR' => 1, 'U_MINI_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_MINI_DIR_STATE_ERROR' => 1, 'U_SOURCE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_SOURCE_DIR_STATE_ERROR' => 1)); } else { $template->assign_vars(array('U_FILE_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_FILE_DIR_STATE_ERROR' => 0)); if (!file_exists($phpbbgallery_core_file)) { mkdir($phpbbgallery_core_file, 0755, true); $template->assign_vars(array('U_CORE_DIR_STATE' => $user->lang['DIR_CREATED'], 'U_CORE_DIR_STATE_ERROR' => 0)); } else { if (is_writable($phpbbgallery_core_file)) { $template->assign_vars(array('U_CORE_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_CORE_DIR_STATE_ERROR' => 0)); } else { $template->assign_vars(array('U_CORE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_CORE_DIR_STATE_ERROR' => 1)); } } if (!file_exists($phpbbgallery_core_file_medium)) { mkdir($phpbbgallery_core_file_medium, 0755, true); $template->assign_vars(array('U_MEDIUM_DIR_STATE' => $user->lang['DIR_CREATED'], 'U_MEDIUM_DIR_STATE_ERROR' => 0)); } else { if (is_writable($phpbbgallery_core_file_medium)) { $template->assign_vars(array('U_MEDIUM_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_MEDIUM_DIR_STATE_ERROR' => 0)); } else { $template->assign_vars(array('U_MEDIUM_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_MEDIUM_DIR_STATE_ERROR' => 1)); } } if (!file_exists($phpbbgallery_core_file_mini)) { mkdir($phpbbgallery_core_file_mini, 0755, true); $template->assign_vars(array('U_MINI_DIR_STATE' => $user->lang['DIR_CREATED'], 'U_MINI_DIR_STATE_ERROR' => 0)); } else { if (is_writable($phpbbgallery_core_file_mini)) { $template->assign_vars(array('U_MINI_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_MINI_DIR_STATE_ERROR' => 0)); } else { $template->assign_vars(array('U_MINI_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_MINI_DIR_STATE_ERROR' => 1)); } } if (!file_exists($phpbbgallery_core_file_source)) { mkdir($phpbbgallery_core_file_source, 0755, true); $template->assign_vars(array('U_SOURCE_DIR_STATE' => $user->lang['DIR_CREATED'], 'U_SOURCE_DIR_STATE_ERROR' => 0)); } else { if (is_writable($phpbbgallery_core_file_source)) { $template->assign_vars(array('U_SOURCE_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_SOURCE_DIR_STATE_ERROR' => 0)); } else { $template->assign_vars(array('U_SOURCE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_SOURCE_DIR_STATE_ERROR' => 1)); } } } if (!confirm_box(true)) { $confirm = false; $album_id = 0; switch ($action) { case 'images': $confirm = true; $confirm_lang = 'RESYNC_IMAGECOUNTS_CONFIRM'; break; case 'personals': $confirm = true; $confirm_lang = 'CONFIRM_OPERATION'; break; case 'stats': $confirm = true; $confirm_lang = 'CONFIRM_OPERATION'; break; case 'last_images': $confirm = true; $confirm_lang = 'CONFIRM_OPERATION'; break; case 'reset_rating': $album_id = $request->variable('reset_album_id', 0); $album_data = $phpbb_ext_gallery_core_album->get_info($album_id); $confirm = true; $confirm_lang = sprintf($user->lang['RESET_RATING_CONFIRM'], $album_data['album_name']); break; case 'purge_cache': $confirm = true; $confirm_lang = 'GALLERY_PURGE_CACHE_EXPLAIN'; break; case 'create_pega': $confirm = false; if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } $username = $request->variable('username', '', true); $user_id = 0; if ($username) { if (!function_exists('user_get_id_name')) { $phpbb_ext_gallery->url->_include('functions_user', 'phpbb'); } user_get_id_name($user_id, $username); } if (is_array($user_id)) { $user_id = isset($user_id[0]) ? $user_id[0] : 0; } $sql = 'SELECT username, user_colour, user_id FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); } $image_user = $phpbb_gallery_user->set_user_id($user_row['user_id']); $album_id = $phpbb_gallery_user->get_data('personal_album_id'); if ($album_id) { trigger_error($user->lang('PEGA_ALREADY_EXISTS', $user_row['username']) . adm_back_link($this->u_action), E_USER_WARNING); } $phpbb_ext_gallery_core_album->generate_personal_album($user_row['username'], $user_row['user_id'], $user_row['user_colour'], $phpbb_gallery_user); trigger_error($user->lang('PEGA_CREATED', $user_row['username']) . adm_back_link($this->u_action)); break; } if ($confirm) { confirm_box(false, $album_id ? $confirm_lang : $user->lang[$confirm_lang], build_hidden_fields(array('i' => $id, 'mode' => $mode, 'action' => $action, 'reset_album_id' => $album_id))); } } else { switch ($action) { case 'images': if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } $total_images = $total_comments = 0; $phpbb_gallery_user->update_users('all', array('user_images' => 0)); $sql = 'SELECT COUNT(image_id) AS num_images, image_user_id AS user_id, SUM(image_comments) AS num_comments FROM ' . $images_table . ' WHERE image_status <> ' . $phpbb_gallery_image::STATUS_UNAPPROVED . ' AND image_status <> ' . $phpbb_gallery_image::STATUS_ORPHAN . ' GROUP BY image_user_id'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $total_images += $row['num_images']; $total_comments += $row['num_comments']; $image_user = $phpbb_container->get('phpbbgallery.core.user'); $image_user->set_user_id($row['user_id'], false); $image_user->update_data(array('user_images' => $row['num_images'])); } $db->sql_freeresult($result); $phpbb_ext_gallery_config->set('num_images', $total_images); $phpbb_ext_gallery_config->set('num_comments', $total_comments); trigger_error($user->lang['RESYNCED_IMAGECOUNTS'] . adm_back_link($this->u_action)); break; case 'personals': if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } $phpbb_gallery_user->update_users('all', array('personal_album_id' => 0)); $sql = 'SELECT album_id, album_user_id FROM ' . $albums_table . ' WHERE album_user_id <> ' . $phpbb_ext_gallery_core_album::PUBLIC_ALBUM . ' AND parent_id = 0 GROUP BY album_user_id, album_id'; $result = $db->sql_query($sql); $number_of_personals = 0; while ($row = $db->sql_fetchrow($result)) { $image_user = $phpbb_gallery_user->set_user_id($row['album_user_id'], false); $phpbb_gallery_user->update_data(array('personal_album_id' => $row['album_id'])); $number_of_personals++; } $db->sql_freeresult($result); $phpbb_ext_gallery_config->set('num_pegas', $number_of_personals); // Update the config for the statistic on the index $sql_array = array('SELECT' => 'a.album_id, u.user_id, u.username, u.user_colour', 'FROM' => array($albums_table => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = a.album_user_id')), 'WHERE' => 'a.album_user_id <> ' . $phpbb_ext_gallery_core_album::PUBLIC_ALBUM . ' AND a.parent_id = 0', 'ORDER_BY' => 'a.album_id DESC'); $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query_limit($sql, 1); $newest_pgallery = $db->sql_fetchrow($result); $db->sql_freeresult($result); $phpbb_ext_gallery_config->set('newest_pega_user_id', $newest_pgallery['user_id']); $phpbb_ext_gallery_config->set('newest_pega_username', $newest_pgallery['username']); $phpbb_ext_gallery_config->set('newest_pega_user_colour', $newest_pgallery['user_colour']); $phpbb_ext_gallery_config->set('newest_pega_album_id', $newest_pgallery['album_id']); trigger_error($user->lang['RESYNCED_PERSONALS'] . adm_back_link($this->u_action)); break; case 'stats': if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } // Hopefully this won't take to long! >> I think we must make it batchwise $sql = 'SELECT image_id, image_filename FROM ' . $images_table . ' WHERE filesize_upload = 0'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $sql_ary = array('filesize_upload' => @filesize($phpbb_ext_gallery->url->path('upload') . $row['image_filename']), 'filesize_medium' => @filesize($phpbb_ext_gallery->url->path('medium') . $row['image_filename']), 'filesize_cache' => @filesize($phpbb_ext_gallery->url->path('thumbnail') . $row['image_filename'])); $sql = 'UPDATE ' . $images_table . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE ' . $db->sql_in_set('image_id', $row['image_id']); $db->sql_query($sql); } $db->sql_freeresult($result); redirect($this->u_action); break; case 'last_images': $sql = 'SELECT album_id FROM ' . $albums_table; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { // 5 sql's per album, but you don't run this daily ;) $phpbb_ext_gallery_core_album::update_info($row['album_id']); } $db->sql_freeresult($result); trigger_error($user->lang['RESYNCED_LAST_IMAGES'] . adm_back_link($this->u_action)); break; case 'reset_rating': $album_id = $request->variable('reset_album_id', 0); $image_ids = array(); $sql = 'SELECT image_id FROM ' . $images_table . ' WHERE image_album_id = ' . $album_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $image_ids[] = $row['image_id']; } $db->sql_freeresult($result); if (!empty($image_ids)) { phpbb_gallery_image_rating::delete_ratings($image_ids, true); } trigger_error($user->lang['RESET_RATING_COMPLETED'] . adm_back_link($this->u_action)); break; case 'purge_cache': if ($user->data['user_type'] != USER_FOUNDER) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } $cache_dir = @opendir($phpbb_ext_gallery->url->path('thumbnail')); while ($cache_file = @readdir($cache_dir)) { if (preg_match('/(\\.gif$|\\.png$|\\.jpg|\\.jpeg)$/is', $cache_file)) { @unlink($phpbb_ext_gallery->url->path('thumbnail') . $cache_file); } } @closedir($cache_dir); $medium_dir = @opendir($phpbb_ext_gallery->url->path('medium')); while ($medium_file = @readdir($medium_dir)) { if (preg_match('/(\\.gif$|\\.png$|\\.jpg|\\.jpeg)$/is', $medium_file)) { @unlink($phpbb_ext_gallery->url->path('medium') . $medium_file); } } @closedir($medium_dir); for ($i = 1; $i <= $phpbb_ext_gallery_config->get('current_upload_dir'); $i++) { $cache_dir = @opendir($phpbb_ext_gallery->url->path('thumbnail') . $i . '/'); while ($cache_file = @readdir($cache_dir)) { if (preg_match('/(\\.gif$|\\.png$|\\.jpg|\\.jpeg)$/is', $cache_file)) { @unlink($phpbb_ext_gallery->url->path('thumbnail') . $i . '/' . $cache_file); } } @closedir($cache_dir); $medium_dir = @opendir($phpbb_ext_gallery->url->path('medium') . $i . '/'); while ($medium_file = @readdir($medium_dir)) { if (preg_match('/(\\.gif$|\\.png$|\\.jpg|\\.jpeg)$/is', $medium_file)) { @unlink($phpbb_ext_gallery->url->path('medium') . $i . '/' . $medium_file); } } @closedir($medium_dir); } $sql_ary = array('filesize_medium' => 0, 'filesize_cache' => 0); $sql = 'UPDATE ' . $images_table . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary); $db->sql_query($sql); trigger_error($user->lang['PURGED_CACHE'] . adm_back_link($this->u_action)); break; } } //@todo: phpbb_gallery_modversioncheck::check(); $boarddays = (time() - $config['board_startdate']) / 86400; $images_per_day = sprintf('%.2f', $config['num_images'] / $boarddays); $sql = 'SELECT COUNT(album_user_id) AS num_albums FROM ' . $albums_table . ' WHERE album_user_id = 0'; $result = $db->sql_query($sql); $num_albums = (int) $db->sql_fetchfield('num_albums'); $db->sql_freeresult($result); $sql = 'SELECT SUM(filesize_upload) AS stat, SUM(filesize_medium) AS stat_medium, SUM(filesize_cache) AS stat_cache FROM ' . $images_table; $result = $db->sql_query($sql); $dir_sizes = $db->sql_fetchrow($result); $db->sql_freeresult($result); $template->assign_vars(array('S_GALLERY_OVERVIEW' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_GALLERY_OVERVIEW'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_GALLERY_OVERVIEW_EXPLAIN'], 'TOTAL_IMAGES' => $config['phpbb_gallery_num_images'], 'IMAGES_PER_DAY' => $images_per_day, 'TOTAL_ALBUMS' => $num_albums, 'TOTAL_PERSONALS' => $config['phpbb_gallery_num_pegas'], 'GUPLOAD_DIR_SIZE' => get_formatted_filesize($dir_sizes['stat']), 'MEDIUM_DIR_SIZE' => get_formatted_filesize($dir_sizes['stat_medium']), 'CACHE_DIR_SIZE' => get_formatted_filesize($dir_sizes['stat_cache']), 'GALLERY_VERSION' => $config['phpbb_gallery_version'], 'U_FIND_USERNAME' => $phpbb_ext_gallery->url->append_sid('phpbb', 'memberlist', 'mode=searchuser&form=action_create_pega_form&field=username&select_single=true'), 'S_SELECT_ALBUM' => $phpbb_ext_gallery_core_album->get_albumbox(false, 'reset_album_id', false, false, false, $phpbb_ext_gallery_core_album::PUBLIC_ALBUM, $phpbb_ext_gallery_core_album::TYPE_UPLOAD), 'S_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false, 'U_ACTION' => $this->u_action)); }
function display_options() { global $template, $user, $db; $submit = request_var('sa', false); $source_name = request_var('source_name', '', true); $target_name = request_var('target_name', '', true); $source_id = request_var('source_id', ''); $target_id = request_var('target_id', ''); if ($submit) { // Check that at least one field is filled in. if (!$source_name && empty($source_id) || !$target_name && empty($target_id)) { trigger_error('NO_USER', E_USER_WARNING); } // Not allowed to have both username and user_id filled. if ($source_name && $source_id || $target_name && $target_id) { trigger_error('BOTH_FIELDS_FILLED', E_USER_WARNING); } if ($source_name && empty($source_id)) { // Get the correct user data and make sure that he exists if (!function_exists('user_get_id_name')) { include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT; } $result = user_get_id_name($source_id, $source_name); // Was a user_id found? if (!sizeof($source_id) || $result !== false) { trigger_error('NO_USER', E_USER_WARNING); } // Drop the arrays $source_id = array_shift($source_id); $source_name = array_shift($source_name); $result = user_get_id_name($target_id, $target_name); // Was a user_id found? if (!sizeof($target_id) || $result !== false) { trigger_error('NO_USER', E_USER_WARNING); } // Drop the arrays $target_id = array_shift($target_id); $target_name = array_shift($target_name); } if ($target_id == $source_id || $source_name == $target_name) { trigger_error('USERS_IDENTICAL', E_USER_WARNING); } $permissions = array(); $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting FROM ' . ACL_USERS_TABLE . ' WHERE user_id = ' . $source_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $row['user_id'] = $target_id; $permissions[] = $row; } $db->sql_freeresult($result); $sql = 'SELECT user_permissions FROM ' . USERS_TABLE . ' WHERE user_id = ' . $source_id . ' AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; $result = $db->sql_query($sql); $user_permissions = $db->sql_fetchfield('user_permissions'); $db->sql_freeresult($result); $sql = 'UPDATE ' . USERS_TABLE . ' SET user_permissions = \'' . $user_permissions . '\' WHERE user_id = ' . $target_id; $db->sql_query($sql); if (sizeof($permissions)) { $sql = 'DELETE FROM ' . ACL_USERS_TABLE . ' WHERE user_id = ' . $target_id . ''; $db->sql_query($sql); foreach ($permissions as $key => $data_sql) { $sql = 'INSERT INTO ' . ACL_USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $data_sql); $db->sql_query($sql); } } trigger_error('COPY_USER_PERMISSIONS_OK'); } $template->assign_vars(array('SOURCE_NAME' => $source_name, 'SOURCE_ID' => $source_id, 'TARGET_NAME' => $target_name, 'TARGED_ID' => $target_id, 'U_FIND_USER' => append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, array('mode' => 'searchuser', 'form' => 'stk', 'field' => 'source_name')), 'U_FIND_TO_USER' => append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, array('mode' => 'searchuser', 'form' => 'stk', 'field' => 'target_name')))); $template->set_filenames(array('body' => 'tools/user_copy_perm.html')); page_header($user->lang['USER_COPY_PERM'], false); page_footer(); }
function import() { global $db, $template, $user, $phpbb_dispatcher, $phpbb_container, $gallery_url, $request, $table_prefix, $gallery_config, $gallery_album, $request; $import_schema = $request->variable('import_schema', ''); $images = $request->variable('images', array(''), true); $submit = isset($_POST['submit']) ? true : (empty($images) ? false : true); if ($import_schema) { if ($gallery_url->_file_exists($import_schema, 'import', '')) { include $gallery_url->_return_file($import_schema, 'import', ''); // Replace the md5 with the ' again and remove the space at the end to prevent \' troubles $user_data['username'] = utf8_substr(str_replace("{{$import_schema}}", "'", $user_data['username']), 0, -1); $image_name = utf8_substr(str_replace("{{$import_schema}}", "'", $image_name), 0, -1); } else { global $phpEx; trigger_error($user->lang('MISSING_IMPORT_SCHEMA', $import_schema . '.' . $phpEx), E_USER_WARNING); } $images_loop = 0; foreach ($images as $image_src) { /** * Import the images */ $image_src = str_replace("{{$import_schema}}", "'", $image_src); $image_src_full = $gallery_url->path('import') . utf8_decode($image_src); if (file_exists($image_src_full)) { $filetype = getimagesize($image_src_full); $filetype_ext = ''; $error_occured = false; switch ($filetype['mime']) { case 'image/jpeg': case 'image/jpg': case 'image/pjpeg': $filetype_ext = '.jpg'; $read_function = 'imagecreatefromjpeg'; if (substr(strtolower($image_src), -4) != '.jpg' && substr(strtolower($image_src), -5) != '.jpeg') { $this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime'])); $error_occured = true; } break; case 'image/png': case 'image/x-png': $filetype_ext = '.png'; $read_function = 'imagecreatefrompng'; if (substr(strtolower($image_src), -4) != '.png') { $this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime'])); $error_occured = true; } break; case 'image/gif': case 'image/giff': $filetype_ext = '.gif'; $read_function = 'imagecreatefromgif'; if (substr(strtolower($image_src), -4) != '.gif') { $this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime'])); $error_occured = true; } break; default: $this->log_import_error($import_schema, $user->lang['NOT_ALLOWED_FILE_TYPE']); $error_occured = true; break; } $image_filename = md5(unique_id()) . $filetype_ext; if (!$error_occured || !@move_uploaded_file($image_src_full, $gallery_url->path('upload') . $image_filename)) { if (!@copy($image_src_full, $gallery_url->path('upload') . $image_filename)) { $user->add_lang('posting'); $this->log_import_error($import_schema, sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $gallery_url->path('upload') . $image_filename)); $error_occured = true; } } if (!$error_occured) { @chmod($gallery_url->path('upload') . $image_filename, 0777); // The source image is imported, so we delete it. @unlink($image_src_full); $sql_ary = array('image_filename' => $image_filename, 'image_desc' => '', 'image_desc_uid' => '', 'image_desc_bitfield' => '', 'image_user_id' => $user_data['user_id'], 'image_username' => $user_data['username'], 'image_username_clean' => utf8_clean_string($user_data['username']), 'image_user_colour' => $user_data['user_colour'], 'image_user_ip' => $user->ip, 'image_time' => $start_time + $done_images, 'image_album_id' => $album_id, 'image_status' => \phpbbgallery\core\image\image::STATUS_APPROVED); $image_tools = new \phpbbgallery\core\file\file(); $image_tools->set_image_options($gallery_config->get('max_filesize'), $gallery_config->get('max_height'), $gallery_config->get('max_width')); $image_tools->set_image_data($gallery_url->path('upload') . $image_filename); $additional_sql_data = array(); $file_link = $gallery_url->path('upload') . $image_filename; /** * Event to trigger before mass update * * @event phpbbgallery.acpimport.update_image_before * @var array additional_sql_data array of additional sql_data * @var string file_link String with real file link * @since 1.2.0 */ $vars = array('additional_sql_data', 'file_link'); extract($phpbb_dispatcher->trigger_event('phpbbgallery.acpimport.update_image_before', compact($vars))); if ($filetype[0] > $gallery_config->get('max_width') || $filetype[1] > $gallery_config->get('max_height')) { /** * Resize overside images */ if ($gallery_config->get('allow_resize')) { $image_tools->resize_image($gallery_config->get('max_width'), $gallery_config->get('max_height')); if ($image_tools->resized) { $image_tools->write_image($gallery_url->path('upload') . $image_filename, $gallery_config->get('jpg_quality'), true); } } } $file_updated = (bool) $image_tools->resized; /** * Event to trigger before mass update * * @event phpbbgallery.acpimport.update_image * @var array additional_sql_data array of additional sql_data * @var bool file_updated is file resized * @since 1.2.0 */ $vars = array('additional_sql_data', 'file_updated'); extract($phpbb_dispatcher->trigger_event('phpbbgallery.acpimport.update_image', compact($vars))); $sql_ary = array_merge($sql_ary, $additional_sql_data); // Try to get real filesize from temporary folder (not always working) ;) $sql_ary['filesize_upload'] = @filesize($gallery_url->path('upload') . $image_filename) ? @filesize($gallery_url->path('upload') . $image_filename) : 0; if ($filename || $image_name == '') { $sql_ary['image_name'] = str_replace("_", " ", utf8_substr($image_src, 0, utf8_strrpos($image_src, '.'))); } else { $sql_ary['image_name'] = str_replace('{NUM}', $num_offset + $done_images, $image_name); } $sql_ary['image_name_clean'] = utf8_clean_string($sql_ary['image_name']); // Put the images into the database $db->sql_query('INSERT INTO ' . $table_prefix . 'gallery_images ' . $db->sql_build_array('INSERT', $sql_ary)); } $done_images++; } // Remove the image from the list unset($images[$images_loop]); $images_loop++; if ($images_loop == 10) { // We made 10 images, so we end for this turn break; } } if ($images_loop) { $image_user = $phpbb_container->get('phpbbgallery.core.user'); $image_user->set_user_id($user_data['user_id']); $image_user->update_images($images_loop); $gallery_config->inc('num_images', $images_loop); $todo_images = $todo_images - $images_loop; } \phpbbgallery\core\album\album::update_info($album_id); if (!$todo_images) { unlink($gallery_url->_return_file($import_schema, 'import', '')); $errors = @file_get_contents($gallery_url->_return_file($import_schema . '_errors', 'import', '')); @unlink($gallery_url->_return_file($import_schema . '_errors', 'import', '')); if (!$errors) { trigger_error(sprintf($user->lang['IMPORT_FINISHED'], $done_images) . adm_back_link($this->u_action)); } else { $errors = explode("\n", $errors); trigger_error(sprintf($user->lang['IMPORT_FINISHED_ERRORS'], $done_images - sizeof($errors)) . implode('<br />', $errors) . adm_back_link($this->u_action), E_USER_WARNING); } } else { // Write the new list $this->create_import_schema($import_schema, $album_id, $user_data, $start_time, $num_offset, $done_images, $todo_images, $image_name, $filename, $images); // Redirect $forward_url = $this->u_action . "&import_schema={$import_schema}"; meta_refresh(1, $forward_url); trigger_error(sprintf($user->lang['IMPORT_DEBUG_MES'], $done_images, $todo_images)); } } else { if ($submit) { if (!check_form_key('acp_gallery')) { trigger_error('FORM_INVALID', E_USER_WARNING); } if (!$images) { trigger_error('NO_FILE_SELECTED', E_USER_WARNING); } // Who is the uploader? $username = $request->variable('username', '', true); $user_id = 0; if ($username) { if (!function_exists('user_get_id_name')) { $gallery_url->_include('functions_user', 'phpbb'); } user_get_id_name($user_id, $username); } if (is_array($user_id)) { $user_id = $user_id[0]; } if (!$user_id) { $user_id = $user->data['user_id']; } $sql = 'SELECT username, user_colour, user_id FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error('HACKING_ATTEMPT', E_USER_WARNING); } $album_id = $request->variable('album_id', 0); if (isset($_POST['users_pega'])) { $image_user = $phpbb_container->get('phpbbgallery.core.user'); $image_user->set_user_id($user_row['user_id']); if ($user->data['user_id'] != $user_row['user_id']) { $album_id = $image_user->get_data('personal_album_id'); if (!$album_id) { // The User has no personal album $album_id = $gallery_album->generate_personal_album($user_row['username'], $user_row['user_id'], $user_row['user_colour'], $image_user); } unset($image_user); } else { $album_id = $image_user->get_data('personal_album_id'); if (!$album_id) { $album_id = $gallery_album->generate_personal_album($user_row['username'], $user_row['user_id'], $user_row['user_colour'], $image_user); } } } // Where do we put them to? $sql = 'SELECT album_id, album_name FROM ' . $table_prefix . 'gallery_albums WHERE album_id = ' . $album_id; $result = $db->sql_query($sql); $album_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$album_row) { trigger_error('HACKING_ATTEMPT', E_USER_WARNING); } $start_time = time(); $import_schema = md5($start_time); $filename = $request->variable('filename', '') == 'filename' ? true : false; $image_name = $request->variable('image_name', '', true); $num_offset = $request->variable('image_num', 0); $this->create_import_schema($import_schema, $album_row['album_id'], $user_row, $start_time, $num_offset, 0, sizeof($images), $image_name, $filename, $images); $forward_url = $this->u_action . "&import_schema={$import_schema}"; meta_refresh(2, $forward_url); trigger_error('IMPORT_SCHEMA_CREATED'); } } $handle = opendir($gallery_url->path('import')); $files = array(); while ($file = readdir($handle)) { if (!is_dir($gallery_url->path('import') . $file) && (substr(strtolower($file), -4) == '.png' && $gallery_config->get('allow_png') || substr(strtolower($file), -4) == '.gif' && $gallery_config->get('allow_gif') || substr(strtolower($file), -4) == '.jpg' && $gallery_config->get('allow_jpg') || substr(strtolower($file), -5) == '.jpeg' && $gallery_config->get('allow_jpg'))) { $files[utf8_strtolower($file)] = $file; } } closedir($handle); // Sort the files by name again ksort($files); foreach ($files as $file) { $template->assign_block_vars('imagerow', array('FILE_NAME' => utf8_encode($file))); } $template->assign_vars(array('S_IMPORT_IMAGES' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_IMPORT_ALBUMS'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_IMPORT_ALBUMS_EXPLAIN'], 'L_IMPORT_DIR_EMPTY' => sprintf($user->lang['IMPORT_DIR_EMPTY'], $gallery_url->path('import')), 'S_ALBUM_IMPORT_ACTION' => $this->u_action, 'S_SELECT_IMPORT' => $gallery_album->get_albumbox(false, 'album_id', false, false, false, \phpbbgallery\core\album\album::PUBLIC_ALBUM, \phpbbgallery\core\album\album::TYPE_UPLOAD), 'U_FIND_USERNAME' => $gallery_url->append_sid('phpbb', 'memberlist', 'mode=searchuser&form=acp_gallery&field=username&select_single=true'))); }
/** * This is used to promote (to leader), demote or set as default a member/s */ function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false) { global $db, $auth, $phpbb_root_path, $phpEx, $config; // We need both username and user_id info user_get_id_name($user_id_ary, $username_ary); if (!sizeof($user_id_ary)) { return false; } if (!$group_name) { $group_name = get_group_name($group_id); } switch ($action) { case 'demote': case 'promote': $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = ' . ($action == 'promote' ? 1 : 0) . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_id IN (" . implode(', ', $user_id_ary) . ')'; $db->sql_query($sql); $log = $action == 'promote' ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED'; break; case 'approve': // Make sure we only approve those which are pending ;) $sql = 'SELECT u.user_id, u.user_email, u.username, u.user_notify_type, u.user_jabber, u.user_lang FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 1 AND ug.user_id = u.user_id AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')'; $result = $db->sql_query($sql); $user_id_ary = $email_users = array(); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = $row['user_id']; $email_users[] = $row; } $db->sql_freeresult($result); if (!sizeof($user_id_ary)) { return false; } $sql = 'UPDATE ' . USER_GROUP_TABLE . "\n\t\t\t\tSET user_pending = 0\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_id IN (" . implode(', ', $user_id_ary) . ')'; $db->sql_query($sql); // Send approved email to users... include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(); $email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']); foreach ($email_users as $row) { $messenger->template('group_approved', $row['user_lang']); $messenger->replyto($config['board_email']); $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array('EMAIL_SIG' => $email_sig, 'SITENAME' => $config['sitename'], 'USERNAME' => html_entity_decode($row['username']), 'GROUP_NAME' => html_entity_decode($group_name), 'U_GROUP' => generate_board_url() . "/ucp.{$phpEx}?i=groups&mode=membership")); $messenger->send($row['user_notify_type']); $messenger->reset(); } $messenger->save_queue(); $log = 'LOG_USERS_APPROVED'; break; case 'default': group_set_user_default($group_id, $user_id_ary, $group_attributes); $log = 'LOG_GROUP_DEFAULTS'; break; } // Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); add_log('admin', $log, $group_name, implode(', ', $username_ary)); return true; }
/** * Run Tool * * Does the actual stuff we want the tool to do after submission */ function run_tool(&$error) { global $db, $user; if (!check_form_key('manage_founders')) { trigger_error('FORM_INVALID'); } // Lets do something $mode = request_var('mode', ''); switch ($mode) { case 'demote': $req_founders = request_var('founders', array(0 => '')); if (!sizeof($req_founders)) { trigger_error('NO_USER'); } // Make sure we only have users that do exist $req_founders = array_keys($req_founders); $founder_ids = array(); $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $req_founders) . ' AND user_type = ' . USER_FOUNDER; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $founder_ids[] = $row['user_id']; } $db->sql_freeresult($result); // Remove founder status from these users $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array('user_type' => USER_NORMAL)) . ' WHERE ' . $db->sql_in_set('user_id', $founder_ids); $db->sql_query($sql); // Did everything to right? if (sizeof($founder_ids) == $db->sql_affectedrows()) { trigger_error(sprintf($user->lang['DEMOTE_SUCCESSFULL'], $db->sql_affectedrows())); } trigger_error($user->lang['DEMOTE_FAILED']); break; case 'promote': $req_username = utf8_normalize_nfc(request_var('username', '', true)); $req_user_id = utf8_normalize_nfc(request_var('user_id', 0)); // Check that at least one field is filled in. if (!$req_username && empty($req_user_id)) { trigger_error('NO_USER'); } // Not allowed to have both username and user_id filled. if ($req_username && $req_user_id) { $error[] = 'BOTH_FIELDS_FILLED'; return; } // Get the correct user data and make sure that he exists if (!function_exists('user_get_id_name')) { include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT; } $user_id = $username = $user_type = array(); if (!empty($req_user_id)) { $user_id[] = $req_user_id; } if (!empty($req_username)) { $username[] = $req_username; } $user_type[] = USER_NORMAL; // Get user_id $result = user_get_id_name($user_id, $username, $user_type); // Was a user_id found? if (!sizeof($user_id) || $result !== false) { trigger_error('NO_USER'); } // Drop the arrays $user_id = array_shift($user_id); $username = array_shift($username); // No user found if (!$user_id) { $error[] = 'NO_USER'; return; } // Now promote the guy $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array('user_type' => USER_FOUNDER)) . ' WHERE user_id = ' . (int) $user_id; $db->sql_query($sql); // Success? if ($db->sql_affectedrows() == 1) { trigger_error(sprintf($user->lang['MAKE_FOUNDER_SUCCESS'], append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, array('mode' => 'viewprofile', 'u' => $user_id[0])), $username)); } trigger_error($user->lang['MAKE_FOUNDER_FAILED']); break; default: trigger_error('NO_MODE'); } }
function main($id, $mode) { global $db, $cache, $config, $user, $lang, $auth, $template, $cms_admin; add_permission_language(); include_once IP_ROOT_PATH . 'includes/class_auth_admin.' . PHP_EXT; $auth_admin = new auth_admin(); // Set some vars $action = request_var('paction', array('' => 0)); $action = key($action); $action = isset($_POST['psubmit']) ? 'apply_permissions' : $action; $all_forums = request_var('all_forums', 0); $subforum_id = request_var('subforum_id', 0); $forum_id = request_var('forum_id', array(0)); $id_type = request_var('id_type', ''); $id_types_array = array('forum', 'block', 'layout', 'layout_special'); $id_type = in_array($id_type, $id_types_array) ? $id_type : $id_types_array[0]; $this->id_type = $id_type; $username = request_var('username', array(''), true); $usernames = request_var('usernames', '', true); $user_id = request_var('user_id', array(0)); $group_id = request_var('group_id', array(0)); $select_all_groups = request_var('select_all_groups', 0); $form_name = 'acp_permissions'; add_form_key($form_name); $this->tpl_name = 'cms_permissions.tpl'; $this->u_action = append_sid($cms_admin->root . '?mode=auth&pmode=' . $mode); /* // Trace has other vars if ($mode == 'trace') { $user_id = request_var('u', 0); $forum_id = request_var('f', 0); $permission = request_var('auth', ''); $this->tpl_name = 'cms_permission_trace.tpl'; if ($user_id && isset($auth_admin->acl_options['id'][$permission])) { $this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']); $this->permission_trace($user_id, $forum_id, $permission); return; } trigger_error('NO_MODE', E_USER_ERROR); } */ // If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen) if ($select_all_groups) { $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . ' WHERE group_single_user = 0'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $group_id[] = $row['group_id']; } $db->sql_freeresult($result); } // Map usernames to ids and vice versa if ($usernames) { $username = explode("\n", $usernames); } unset($usernames); if (sizeof($username) && !sizeof($user_id)) { user_get_id_name($user_id, $username); if (!sizeof($user_id)) { trigger_error($user->lang['SELECTED_USER_NOT_EXIST'] . page_back_link($this->u_action), E_USER_WARNING); } } unset($username); // Define some common variables for every mode $error = array(); $permission_scope = strpos($mode, '_global') !== false ? 'global' : 'local'; // Showing introductionary page? if ($mode == 'intro') { $this->page_title = 'CMS_PERMISSIONS'; $template->assign_vars(array('S_INTRO' => true)); return; } switch ($mode) { case 'setting_admin_global': case 'setting_mod_global': $this->permission_dropdown = strpos($mode, '_admin_') !== false ? array('a_') : array('m_'); $permission_victim = array('usergroup'); $this->page_title = $mode == 'setting_admin_global' ? 'CMS_PERMISSIONS_ADMINS' : 'CMS_PERMISSIONS_MODS'; break; case 'setting_cms_user_global': case 'setting_cms_group_global': $this->permission_dropdown = array('cms_', 'pl_', 'u_'); $permission_victim = array('usergroup'); //$permission_victim = ($mode == 'setting_cms_user_global') ? array('user') : array('group'); $this->page_title = $mode == 'setting_cms_user_global' ? 'CMS_PERMISSIONS_CMS_USERS' : 'CMS_PERMISSIONS_CMS_GROUPS'; break; case 'setting_cms_user_local': case 'setting_cms_group_local': $this->permission_dropdown = $this->id_type == 'layout' ? array('cmsl_') : ($this->id_type == 'layout_special' ? array('cmss_') : array('cmsb_')); $permission_victim = array('cms', 'usergroup'); //$permission_victim = ($mode == 'setting_cms_user_local') ? array('user') : array('group'); $this->page_title = $mode == 'setting_cms_user_local' ? 'CMS_PERMISSIONS_CMS_USERS' : 'CMS_PERMISSIONS_CMS_GROUPS'; break; case 'setting_plugins_user_global': case 'setting_plugins_group_global': $this->permission_dropdown = array('pl_', 'cms_', 'u_'); $permission_victim = array('usergroup'); //$permission_victim = ($mode == 'setting_plugins_user_global') ? array('user') : array('group'); $this->page_title = $mode == 'setting_plugins_user_global' ? 'CMS_PERMISSIONS_PLUGINS_USERS' : 'CMS_PERMISSIONS_PLUGINS_GROUPS'; break; case 'setting_user_global': case 'setting_group_global': $this->permission_dropdown = array('u_', 'cms_', 'pl_'); $permission_victim = $mode == 'setting_user_global' ? array('user') : array('group'); $this->page_title = $mode == 'setting_user_global' ? 'CMS_PERMISSIONS_USERS' : 'CMS_PERMISSIONS_GROUPS'; break; case 'setting_user_local': case 'setting_group_local': $this->permission_dropdown = array('f_', 'm_'); $permission_victim = $mode == 'setting_user_local' ? array('user') : array('group'); $this->page_title = $mode == 'setting_user_local' ? 'ACP_USERS_FORUM_PERMISSIONS' : 'ACP_GROUPS_FORUM_PERMISSIONS'; break; case 'setting_mod_local': case 'setting_forum_local': $this->permission_dropdown = $mode == 'setting_mod_local' ? array('m_') : array('f_'); $permission_victim = array('forums', 'usergroup'); $this->page_title = $mode == 'setting_mod_local' ? 'ACP_FORUM_MODERATORS' : 'ACP_FORUM_PERMISSIONS'; break; case 'view_admin_global': case 'view_user_global': case 'view_mod_global': $this->permission_dropdown = $mode == 'view_admin_global' ? array('a_') : ($mode == 'view_user_global' ? array('u_') : array('m_')); $permission_victim = array('usergroup_view'); $this->page_title = $mode == 'view_admin_global' ? 'CMS_PERMISSIONS_ADMINS' : ($mode == 'view_user_global' ? 'CMS_PERMISSIONS_USERS' : 'CMS_PERMISSIONS_MODS'); break; case 'view_mod_local': case 'view_forum_local': $this->permission_dropdown = $mode == 'view_mod_local' ? array('m_') : array('f_'); $permission_victim = array('usergroup_view'); $this->page_title = $mode == 'view_mod_local' ? 'ACP_VIEW_FORUM_MOD_PERMISSIONS' : 'ACP_VIEW_FORUM_PERMISSIONS'; break; default: trigger_error('NO_MODE', E_USER_ERROR); break; } $template->assign_vars(array('L_TITLE' => $lang[$this->page_title], 'L_EXPLAIN' => $lang[$this->page_title . '_EXPLAIN'])); // Get permission type $permission_type = request_var('type', $this->permission_dropdown[0]); if (!in_array($permission_type, $this->permission_dropdown)) { trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . page_back_link($this->u_action), E_USER_WARNING); } // Handle actions if (strpos($mode, 'setting_') === 0 && $action) { switch ($action) { case 'delete': if (confirm_box(true)) { // All users/groups selected? $all_users = isset($_POST['all_users']) ? true : false; $all_groups = isset($_POST['all_groups']) ? true : false; if ($all_users || $all_groups) { $items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type); if ($all_users && sizeof($items['user_ids'])) { $user_id = $items['user_ids']; } elseif ($all_groups && sizeof($items['group_ids'])) { $group_id = $items['group_ids']; } } if (sizeof($user_id) || sizeof($group_id)) { $this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id); } else { trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . page_back_link($this->u_action), E_USER_WARNING); } } else { if (isset($_POST['cancel'])) { $u_redirect = $this->u_action . '&type=' . $permission_type; foreach ($forum_id as $fid) { $u_redirect .= '&forum_id[]=' . $fid; } redirect($u_redirect); } $s_hidden_fields = array('i' => $id, 'pmode' => $mode, 'paction' => array($action => 1), 'user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'id_type' => $this->id_type, 'type' => $permission_type); if (isset($_POST['all_users'])) { $s_hidden_fields['all_users'] = 1; } if (isset($_POST['all_groups'])) { $s_hidden_fields['all_groups'] = 1; } confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); } break; case 'apply_permissions': if (!isset($_POST['setting'])) { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . page_back_link($this->u_action), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . page_back_link($this->u_action), E_USER_WARNING); } $this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; case 'apply_all_permissions': if (!isset($_POST['setting'])) { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . page_back_link($this->u_action), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . page_back_link($this->u_action), E_USER_WARNING); } $this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; } } // Setting permissions screen $s_hidden_fields_array = array('user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id); $s_hidden_fields = build_hidden_fields($s_hidden_fields_array); $s_hidden_fields_extra = true; // Go through the screens/options needed and present them in correct order foreach ($permission_victim as $victim) { switch ($victim) { case 'cms': if (sizeof($forum_id)) { $this->check_existence($this->id_type, $forum_id); continue 2; } // We don't have anything selected, so we need to unset these types, because they will be set properly in template... $s_hidden_fields_extra = false; unset($s_hidden_fields_array['id_type']); unset($s_hidden_fields_array['type']); $ids = array(); $ids_data = array(); $types_array = array('l' => 'layout', 's' => 'layout_special', 'b' => 'block'); foreach ($types_array as $type_key => $type_value) { $s_options = ''; $ids_data = $this->check_existence($type_value, $ids, true); foreach ($ids_data as $id_data) { $option_name = $id_data['name']; if ($type_key == 's') { $option_name = isset($lang['auth_view_' . strtolower($option_name)]) ? $lang['auth_view_' . strtolower($option_name)] : (isset($lang['cms_page_name_' . strtolower($option_name)]) ? $lang['cms_page_name_' . strtolower($option_name)] : ucfirst($option_name)); } $s_options .= '<option value="' . (int) $id_data['id'] . '">' . $option_name . ' [' . (int) $id_data['id'] . ']' . '</option>'; } $template->assign_vars(array('S_CMS_' . strtoupper($type_key) . '_OPTIONS' => $s_options)); } $template->assign_vars(array('S_SELECT_CMS' => true)); break; case 'user': case 'group': if (sizeof($user_id)) { $this->check_existence('user', $user_id); continue 2; } if (sizeof($group_id)) { $this->check_existence('group', $group_id); continue 2; } $template->assign_vars(array('S_SELECT_USER' => true, 'S_SELECT_GROUP' => true, 'U_FIND_USERNAME' => append_sid(IP_ROOT_PATH . CMS_PAGE_SEARCH . '?mode=searchuser'), 'S_GROUP_OPTIONS' => group_select_options(false, false, false))); break; case 'usergroup': case 'usergroup_view': $all_users = isset($_POST['all_users']) ? true : false; $all_groups = isset($_POST['all_groups']) ? true : false; if (sizeof($user_id) && !$all_users || sizeof($group_id) && !$all_groups) { if (sizeof($user_id)) { $this->check_existence('user', $user_id); } if (sizeof($group_id)) { $this->check_existence('group', $group_id); } continue 2; } // Now we check the users... because the "all"-selection is different here (all defined users/groups) $items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type); if ($all_users && sizeof($items['user_ids'])) { $user_id = $items['user_ids']; continue 2; } if ($all_groups && sizeof($items['group_ids'])) { $group_id = $items['group_ids']; continue 2; } $template->assign_vars(array('S_SELECT_USERGROUP' => $victim == 'usergroup' ? true : false, 'S_SELECT_USERGROUP_VIEW' => $victim == 'usergroup_view' ? true : false, 'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'], 'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'], 'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids'], false), 'U_FIND_USERNAME' => append_sid(IP_ROOT_PATH . CMS_PAGE_SEARCH . '?mode=searchuser'))); break; } // Let the item names being displayed if (sizeof($forum_id)) { $ids_data = $this->check_existence($this->id_type, $forum_id); $forum_names = array(); foreach ($ids_data as $id_data) { $forum_names[] = $id_data['name']; } $template->assign_vars(array('S_FORUM_NAMES' => sizeof($forum_names) ? true : false, 'FORUM_NAMES' => implode(', ', $forum_names))); } if (!empty($s_hidden_fields_extra)) { // Setting other hidden fields $s_hidden_fields_array = array('id_type' => $this->id_type, 'type' => $permission_type); $s_hidden_fields .= build_hidden_fields($s_hidden_fields_array); } // The S_ALLOW_SELECT parameter below is a measure to lower memory usage. // If there are more than 5 forums selected the admin is not able to select all users/groups too. // We need to see if the number of forums can be increased or need to be decreased. $template->assign_vars(array('U_ACTION' => $this->u_action, 'U_ACTION_USERS' => str_replace('_group_global', '_user_global', $this->u_action), 'U_ACTION_GROUPS' => str_replace('_user_global', '_group_global', $this->u_action), 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_VICTIM' => true, 'S_ALLOW_ALL_SELECT' => false, 'S_CAN_SELECT_USER' => true, 'S_CAN_SELECT_GROUP' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); return; } $template->assign_vars(array('S_PERMISSION_DROPDOWN' => sizeof($this->permission_dropdown) > 1 ? $this->build_permission_dropdown($this->permission_dropdown, $permission_type, $permission_scope) : false, 'L_PERMISSION_TYPE' => $user->lang['ACL_TYPE_' . strtoupper($permission_type)], 'U_ACTION' => $this->u_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); if (strpos($mode, 'setting_') === 0) { $template->assign_vars(array('S_SETTING_PERMISSIONS' => true)); $hold_ary = $auth_admin->get_mask('set', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO); $auth_admin->display_mask('set', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false); } else { $template->assign_vars(array('S_VIEWING_PERMISSIONS' => true)); $hold_ary = $auth_admin->get_mask('view', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NEVER); $auth_admin->display_mask('view', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false); } }
/** * View log */ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC') { global $db, $user, $auth, $phpEx, $phpbb_root_path, $phpbb_admin_path; $topic_id_list = $reportee_id_list = $is_auth = $is_mod = array(); $profile_url = defined('IN_ADMIN') ? append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=users&mode=overview') : append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=viewprofile'); switch ($mode) { case 'admin': $log_type = LOG_ADMIN; $sql_forum = ''; break; case 'mod': $log_type = LOG_MOD; if ($topic_id) { $sql_forum = 'AND l.topic_id = ' . intval($topic_id); } else { if (is_array($forum_id)) { $sql_forum = 'AND l.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')'; } else { $sql_forum = $forum_id ? 'AND l.forum_id = ' . intval($forum_id) : ''; } } break; case 'user': $log_type = LOG_USERS; $sql_forum = 'AND l.reportee_id = ' . intval($user_id); break; case 'users': $log_type = LOG_USERS; $sql_forum = ''; break; case 'critical': $log_type = LOG_CRITICAL; $sql_forum = ''; break; default: return; } $sql = "SELECT l.*, u.username\n\t\tFROM " . LOG_TABLE . " l, " . USERS_TABLE . " u\n\t\tWHERE l.log_type = {$log_type}\n\t\t\tAND u.user_id = l.user_id\n\t\t\t" . ($limit_days ? "AND l.log_time >= {$limit_days}" : '') . "\n\t\t\t{$sql_forum}\n\t\tORDER BY {$sort_by}"; $result = $db->sql_query_limit($sql, $limit, $offset); $i = 0; $log = array(); while ($row = $db->sql_fetchrow($result)) { if ($row['topic_id']) { $topic_id_list[] = $row['topic_id']; } if ($row['reportee_id']) { $reportee_id_list[] = $row['reportee_id']; } $log[$i] = array('id' => $row['log_id'], 'reportee_id' => $row['reportee_id'], 'reportee_username' => '', 'user_id' => $row['user_id'], 'username' => '<a href="' . $profile_url . '&u=' . $row['user_id'] . '">' . $row['username'] . '</a>', 'ip' => $row['log_ip'], 'time' => $row['log_time'], 'forum_id' => $row['forum_id'], 'topic_id' => $row['topic_id'], 'viewforum' => $row['forum_id'] && $auth->acl_get('f_read', $row['forum_id']) ? append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $row['forum_id']) : false, 'action' => isset($user->lang[$row['log_operation']]) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}'); if (!empty($row['log_data'])) { $log_data_ary = unserialize($row['log_data']); if (isset($user->lang[$row['log_operation']])) { foreach ($log_data_ary as $log_data) { $log_data = str_replace("\n", '<br />', censor_text($log_data)); $log[$i]['action'] = preg_replace('#%s#', $log_data, $log[$i]['action'], 1); } } else { $log[$i]['action'] .= '<br />' . implode('', $log_data_ary); } } $i++; } $db->sql_freeresult($result); if (sizeof($topic_id_list)) { $topic_id_list = array_unique($topic_id_list); // This query is not really needed if move_topics() updates the forum_id field, // although it's also used to determine if the topic still exists in the database $sql = 'SELECT topic_id, forum_id FROM ' . TOPICS_TABLE . ' WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')'; $result = $db->sql_query($sql); $default_forum_id = 0; while ($row = $db->sql_fetchrow($result)) { if (!$row['forum_id']) { if ($auth->acl_getf_global('f_read')) { if (!$default_forum_id) { $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' WHERE forum_type = ' . FORUM_POST; $f_result = $db->sql_query_limit($sql, 1); $default_forum_id = (int) $db->sql_fetchfield('forum_id', false, $f_result); $db->sql_freeresult($f_result); } $is_auth[$row['topic_id']] = $default_forum_id; } } else { if ($auth->acl_get('f_read', $row['forum_id'])) { $is_auth[$row['topic_id']] = $row['forum_id']; } } if ($auth->acl_gets('a_', 'm_', $row['forum_id'])) { $is_mod[$row['topic_id']] = $row['forum_id']; } } $db->sql_freeresult($result); foreach ($log as $key => $row) { $log[$key]['viewtopic'] = isset($is_auth[$row['topic_id']]) ? append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $is_auth[$row['topic_id']] . '&t=' . $row['topic_id']) : false; $log[$key]['viewlogs'] = isset($is_mod[$row['topic_id']]) ? append_sid("{$phpbb_root_path}mcp.{$phpEx}", 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $user->session_id) : false; } } if ($reportee_id_list) { $reportee_id_list = array_unique($reportee_id_list); $reportee_names_list = array(); if (!function_exists('user_get_id_name')) { include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx; } user_get_id_name($reportee_id_list, $reportee_names_list); foreach ($log as $key => $row) { $log[$key]['reportee_username'] = isset($reportee_names_list[$row['reportee_id']]) ? '<a href="' . $profile_url . '&u=' . $row['reportee_id'] . '">' . $reportee_names_list[$row['reportee_id']] . '</a>' : false; } } $sql = 'SELECT COUNT(l.log_id) AS total_entries FROM ' . LOG_TABLE . " l\n\t\tWHERE l.log_type = {$log_type}\n\t\t\tAND l.log_time >= {$limit_days}\n\t\t\t{$sql_forum}"; $result = $db->sql_query($sql); $log_count = (int) $db->sql_fetchfield('total_entries'); $db->sql_freeresult($result); return; }
$type = request_var('type', ""); $result = false; if ($type != "" && $config['eveapi_jabber_masterswitch'] && $config['eveapi_ejabber_switch']) { $challenge = request_var('challenge', ''); if ($challenge == $secret) { if ($type == "checkAuth") { $user = urldecode(request_var('user', '')); $pass = urldecode(request_var('pass', '')); $user = str_replace("_", " ", base64_decode($user)); $pass = base64_decode($pass); $result = checkAuth($user, $pass); } elseif ($type == "isUser") { $user = urldecode(request_var('user', '')); $user = base64_decode($user); $userArray = array($user); $id = user_get_id_name(array(), $userArray, array(0, 3)); if ($id === false) { $result = true; } } } } $response_text = $result ? "true" : "false"; header("Content-Type:text/xml"); echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"; echo "<result>\n"; echo "<response>{$response_text}</response>\n"; echo "</result>\n"; // -------------------------------------------- function checkAuth($username, $password) {
/** * Process modification of own entry * * @return array errors */ protected function process_entry_modification() { if (!check_form_key($this->form_key_name)) { return array($this->user->lang('FORM_INVALID')); } if (!$this->request->is_set_post('entries_to_modify')) { return array(); } $entry_ids = array_unique(explode(",", $this->request->variable('entries_to_modify', ''))); $entry_user_id = $real_user_id = $this->user->data['user_id']; $errors = array(); foreach ($entry_ids as $entry_id) { $changed = $filled_out = false; if ($entry_id == self::ADDUSER_ENTRY_ID) { $username = utf8_normalize_nfc($this->request->variable('answer_adduser_username', '', true)); if ($username == '') { continue; } $adduser_id = array(); if (user_get_id_name($adduser_id, $username) == 'NO_USERS') { $errors[] = $this->user->lang('NO_USER'); continue; } $entry_user_id = $adduser_id[0]; if (!$this->survey->can_add_new_entry($real_user_id, $entry_user_id)) { $errors[] = $this->user->lang('NO_AUTH_OPERATION'); continue; } } else { $entry_id = (int) $entry_id; if ($entry_id == self::NEW_ENTRY_ID && !$this->survey->can_add_new_entry($real_user_id)) { $errors[] = $this->user->lang('NO_AUTH_OPERATION'); continue; } else { if ($entry_id != self::NEW_ENTRY_ID && !$this->survey->entry_exists($entry_id)) { continue; } else { if ($entry_id != self::NEW_ENTRY_ID && !$this->survey->can_modify_entry($real_user_id, $this->survey->entries[$entry_id]['user_id'])) { $errors[] = $this->user->lang('NO_AUTH_OPERATION'); continue; } } } } $answers = array(); $abort = false; foreach ($this->survey->questions as $question_id => $question) { $answers[$question_id] = $this->request->is_set_post("answer_{$entry_id}_{$question_id}") ? $this->request->variable("answer_{$entry_id}_{$question_id}", '', true) : ''; if ($question['type'] == survey::$QUESTION_TYPES['DROP_DOWN_MENU']) { if (isset($question['choices'][$answers[$question_id]])) { $answers[$question_id] = $question['choices'][$answers[$question_id]]['text']; } else { $answers[$question_id] = ''; } } else { if ($question['type'] == survey::$QUESTION_TYPES['MULTIPLE_CHOICE']) { $answers_choice_array = array_unique($this->request->variable("answer_{$entry_id}_{$question_id}", array(0))); $answers[$question_id] = array(); foreach ($answers_choice_array as $choice_id) { if (isset($question['choices'][$choice_id])) { $answers[$question_id][] = $question['choices'][$choice_id]['text']; } } $answers[$question_id] = implode(",", $answers[$question_id]); } } $old_exists = $entry_id != self::ADDUSER_ENTRY_ID && $entry_id != self::NEW_ENTRY_ID && isset($this->survey->entries[$entry_id]['answers'][$question_id]); $old_value = $old_exists ? $this->survey->entries[$entry_id]['answers'][$question_id] : 0; if ($answers[$question_id] != '') { if (!$this->survey->check_answer($answers[$question_id], $question_id)) { $errors[] = $this->user->lang('SURVEY_INVALID_ANSWER'); $abort = true; continue; } $filled_out = true; if ($this->survey->has_cap($question_id) && !$this->survey->can_manage($real_user_id)) { $diff = $this->survey->modify_sum_entry($question_id, false, true, $answers[$question_id], $old_exists, $old_value); if ($diff != 0 && $this->survey->cap_exceeded($question_id, $diff)) { $errors[] = $this->user->lang('SURVEY_CAP_EXEEDED', $this->survey->questions[$question_id]['label']); $abort = true; continue; } } if (!$old_exists || $old_value != $answers[$question_id]) { $changed = true; } } else { if ($old_exists && $old_value != '') { $changed = true; } } } if ($abort) { continue; } if ($filled_out) { if ($entry_id == self::ADDUSER_ENTRY_ID || $entry_id == self::NEW_ENTRY_ID) { $this->survey->add_entry($entry_user_id, $answers); } else { if ($changed) { $this->survey->modify_entry($entry_id, $answers); } } } else { if ($entry_id != self::ADDUSER_ENTRY_ID && $entry_id != self::NEW_ENTRY_ID) { $this->survey->delete_entry($entry_id); } } } return $errors; }
private function phpBBchangePassword($u_name, $new_password) { $save_sytem_config = $GLOBALS['config']; global $phpbb_root_path; global $phpEx; global $db; $phpbb_root_path = $this->_phpbb_src; $phpEx = 'php'; ob_start(); if (is_readable($this->_phpbb_src . 'config.php') and is_executable($this->_phpbb_src . 'config.php') and is_readable($this->_phpbb_src . 'common.php') and is_executable($this->_phpbb_src . 'common.php') and is_readable($this->_phpbb_src . 'includes/functions_user.php') and is_executable($this->_phpbb_src . 'includes/functions_user.php')) { require_once $this->_phpbb_src . 'config.php'; require_once $this->_phpbb_src . 'common.php'; require_once $this->_phpbb_src . 'includes/functions_user.php'; } else { return false; } $username_ary = $u_name; user_get_id_name($user_id_ary, $username_ary); $isOK = false; if (!empty($user_id_ary) && isset($user_id_ary[0])) { $uid = $user_id_ary[0]; $q = "UPDATE " . USERS_TABLE . " SET `user_password` = '" . phpbb_hash($new_password) . "' WHERE `user_id` = " . $uid . " LIMIT 1"; $isOK = $db->sql_query($q); } ob_end_clean(); $GLOBALS['config'] = $save_sytem_config; return $isOK; }
function main($id, $mode) { global $db, $user, $auth, $template, $cache; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx; include_once $phpbb_root_path . 'includes/acp/auth.' . $phpEx; $auth_admin = new auth_admin(); $user->add_lang('acp/permissions'); $user->add_lang('acp/permissions_phpbb'); $this->tpl_name = 'acp_permissions'; // Trace has other vars if ($mode == 'trace') { $user_id = request_var('u', 0); $forum_id = request_var('f', 0); $permission = request_var('auth', ''); $this->tpl_name = 'permission_trace'; if ($user_id && isset($auth_admin->option_ids[$permission]) && $auth->acl_get('a_viewauth')) { $this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']); $this->permission_trace($user_id, $forum_id, $permission); return; } trigger_error('NO_MODE'); } // Set some vars $action = request_var('action', array('' => 0)); $action = key($action); $action = isset($_POST['psubmit']) ? 'apply_permissions' : $action; $all_forums = request_var('all_forums', 0); $subforum_id = request_var('subforum_id', 0); $forum_id = request_var('forum_id', array(0)); $username = request_var('username', array(''), true); $usernames = request_var('usernames', '', true); $user_id = request_var('user_id', array(0)); $group_id = request_var('group_id', array(0)); $select_all_groups = request_var('select_all_groups', 0); // If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen) if ($select_all_groups) { // Add default groups to selection $sql_and = $config['coppa_hide_groups'] ? " AND group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : ''; $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . ' WHERE group_type = ' . GROUP_SPECIAL . "\n\t\t\t\t{$sql_and}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $group_id[] = $row['group_id']; } $db->sql_freeresult($result); } // Map usernames to ids and vice versa if ($usernames) { $username = explode("\n", $usernames); } unset($usernames); if (sizeof($username) && !sizeof($user_id)) { user_get_id_name($user_id, $username); if (!sizeof($user_id)) { trigger_error($user->lang['SELECTED_USER_NOT_EXIST'] . adm_back_link($this->u_action)); } } unset($username); // Build forum ids (of all forums are checked or subforum listing used) if ($all_forums) { $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' ORDER BY left_id'; $result = $db->sql_query($sql); $forum_id = array(); while ($row = $db->sql_fetchrow($result)) { $forum_id[] = $row['forum_id']; } $db->sql_freeresult($result); } else { if ($subforum_id) { $forum_id = array(); foreach (get_forum_branch($subforum_id, 'children') as $row) { $forum_id[] = $row['forum_id']; } } } // Define some common variables for every mode $error = array(); $permission_scope = strpos($mode, '_global') !== false ? 'global' : 'local'; // Showing introductionary page? if ($mode == 'intro') { $this->page_title = 'ACP_PERMISSIONS'; $template->assign_vars(array('S_INTRO' => true)); return; } switch ($mode) { case 'setting_user_global': case 'setting_group_global': $this->permission_dropdown = array('u_', 'm_', 'a_'); $permission_victim = $mode == 'setting_user_global' ? array('user') : array('group'); $this->page_title = $mode == 'setting_user_global' ? 'ACP_USERS_PERMISSIONS' : 'ACP_GROUPS_PERMISSIONS'; break; case 'setting_user_local': case 'setting_group_local': $this->permission_dropdown = array('f_', 'm_'); $permission_victim = $mode == 'setting_user_local' ? array('user', 'forums') : array('group', 'forums'); $this->page_title = $mode == 'setting_user_local' ? 'ACP_USERS_FORUM_PERMISSIONS' : 'ACP_GROUPS_FORUM_PERMISSIONS'; break; case 'setting_admin_global': case 'setting_mod_global': $this->permission_dropdown = strpos($mode, '_admin_') !== false ? array('a_') : array('m_'); $permission_victim = array('usergroup'); $this->page_title = $mode == 'setting_admin_global' ? 'ACP_ADMINISTRATORS' : 'ACP_GLOBAL_MODERATORS'; break; case 'setting_mod_local': case 'setting_forum_local': $this->permission_dropdown = $mode == 'setting_mod_local' ? array('m_') : array('f_'); $permission_victim = array('forums', 'usergroup'); $this->page_title = $mode == 'setting_mod_local' ? 'ACP_FORUM_MODERATORS' : 'ACP_FORUM_PERMISSIONS'; break; case 'view_admin_global': case 'view_user_global': case 'view_mod_global': $this->permission_dropdown = $mode == 'view_admin_global' ? array('a_') : ($mode == 'view_user_global' ? array('u_') : array('m_')); $permission_victim = array('usergroup_view'); $this->page_title = $mode == 'view_admin_global' ? 'ACP_VIEW_ADMIN_PERMISSIONS' : ($mode == 'view_user_global' ? 'ACP_VIEW_USER_PERMISSIONS' : 'ACP_VIEW_GLOBAL_MOD_PERMISSIONS'); break; case 'view_mod_local': case 'view_forum_local': $this->permission_dropdown = $mode == 'view_mod_local' ? array('m_') : array('f_'); $permission_victim = array('forums', 'usergroup_view'); $this->page_title = $mode == 'view_mod_local' ? 'ACP_VIEW_FORUM_MOD_PERMISSIONS' : 'ACP_VIEW_FORUM_PERMISSIONS'; break; default: trigger_error('INVALID_MODE'); } $template->assign_vars(array('L_TITLE' => $user->lang[$this->page_title], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'])); // Get permission type $permission_type = request_var('type', $this->permission_dropdown[0]); if (!in_array($permission_type, $this->permission_dropdown)) { trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . adm_back_link($this->u_action)); } // Handle actions if (strpos($mode, 'setting_') === 0 && $action) { switch ($action) { case 'delete': $this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id); break; case 'apply_permissions': if (!isset($_POST['setting'])) { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action)); } $this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; case 'apply_all_permissions': if (!isset($_POST['setting'])) { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action)); } $this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; } } // Setting permissions screen $s_hidden_fields = build_hidden_fields(array('user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'type' => $permission_type)); // Go through the screens/options needed and present them in correct order foreach ($permission_victim as $victim) { switch ($victim) { case 'forum_dropdown': if (sizeof($forum_id)) { $this->check_existence('forum', $forum_id); continue 2; } $template->assign_vars(array('S_SELECT_FORUM' => true, 'S_FORUM_OPTIONS' => make_forum_select(false, false, true, false, false))); break; case 'forums': if (sizeof($forum_id)) { $this->check_existence('forum', $forum_id); continue 2; } $forum_list = make_forum_select(false, false, true, false, false, true); // Build forum options $s_forum_options = ''; foreach ($forum_list as $f_id => $f_row) { $s_forum_options .= '<option value="' . $f_id . '"' . $f_row['selected'] . '>' . $f_row['padding'] . $f_row['forum_name'] . '</option>'; } // Build subforum options $s_subforum_options = $this->build_subforum_options($forum_list); $template->assign_vars(array('S_SELECT_FORUM' => true, 'S_FORUM_OPTIONS' => $s_forum_options, 'S_SUBFORUM_OPTIONS' => $s_subforum_options, 'S_FORUM_ALL' => true, 'S_FORUM_MULTIPLE' => true)); break; case 'user': if (sizeof($user_id)) { $this->check_existence('user', $user_id); continue 2; } $template->assign_vars(array('S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=select_victim&field=username'))); break; case 'group': if (sizeof($group_id)) { $this->check_existence('group', $group_id); continue 2; } $template->assign_vars(array('S_SELECT_GROUP' => true, 'S_GROUP_OPTIONS' => group_select_options(false))); break; case 'usergroup': case 'usergroup_view': if (sizeof($user_id) || sizeof($group_id)) { if (sizeof($user_id)) { $this->check_existence('user', $user_id); } if (sizeof($group_id)) { $this->check_existence('group', $group_id); } continue 2; } $sql_forum_id = $permission_scope == 'global' ? 'AND a.forum_id = 0' : (sizeof($forum_id) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0'); $sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'"; $sql = $db->sql_build_query('SELECT_DISTINCT', array('SELECT' => 'u.username, u.user_regdate, u.user_id', 'FROM' => array(USERS_TABLE => 'u', ACL_OPTIONS_TABLE => 'o', ACL_USERS_TABLE => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(ACL_ROLES_DATA_TABLE => 'r'), 'ON' => 'a.auth_role_id = r.role_id')), 'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)\n\t\t\t\t\t\t\t{$sql_permission_option}\n\t\t\t\t\t\t\t{$sql_forum_id}\n\t\t\t\t\t\t\tAND u.user_id = a.user_id", 'ORDER_BY' => 'u.username, u.user_regdate ASC')); $result = $db->sql_query($sql); $s_defined_user_options = ''; $defined_user_ids = array(); while ($row = $db->sql_fetchrow($result)) { $s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>'; $defined_user_ids[] = $row['user_id']; } $db->sql_freeresult($result); $sql = $db->sql_build_query('SELECT_DISTINCT', array('SELECT' => 'g.group_type, g.group_name, g.group_id', 'FROM' => array(GROUPS_TABLE => 'g', ACL_OPTIONS_TABLE => 'o', ACL_GROUPS_TABLE => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(ACL_ROLES_DATA_TABLE => 'r'), 'ON' => 'a.auth_role_id = r.role_id')), 'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)\n\t\t\t\t\t\t\t{$sql_permission_option}\n\t\t\t\t\t\t\t{$sql_forum_id}\n\t\t\t\t\t\t\tAND g.group_id = a.group_id", 'ORDER_BY' => 'g.group_type DESC, g.group_name ASC')); $result = $db->sql_query($sql); $s_defined_group_options = ''; $defined_group_ids = array(); while ($row = $db->sql_fetchrow($result)) { $s_defined_group_options .= '<option' . ($row['group_type'] == GROUP_SPECIAL ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . ($row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; $defined_group_ids[] = $row['group_id']; } $db->sql_freeresult($result); // Now we check the users... because the "all"-selection is different here (all defined users/groups) $all_users = isset($_POST['all_users']) ? true : false; $all_groups = isset($_POST['all_groups']) ? true : false; if ($all_users && sizeof($defined_user_ids)) { $user_id = $defined_user_ids; continue 2; } if ($all_groups && sizeof($defined_group_ids)) { $group_id = $defined_group_ids; continue 2; } $template->assign_vars(array('S_SELECT_USERGROUP' => $victim == 'usergroup' ? true : false, 'S_SELECT_USERGROUP_VIEW' => $victim == 'usergroup_view' ? true : false, 'S_DEFINED_USER_OPTIONS' => $s_defined_user_options, 'S_DEFINED_GROUP_OPTIONS' => $s_defined_group_options, 'S_ADD_GROUP_OPTIONS' => group_select_options(false, $defined_group_ids), 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=add_user&field=username'))); break; } $template->assign_vars(array('U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_VICTIM' => true, 'S_CAN_SELECT_USER' => $auth->acl_get('a_authusers') ? true : false, 'S_CAN_SELECT_GROUP' => $auth->acl_get('a_authgroups') ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); // Let the forum names being displayed if (sizeof($forum_id)) { $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . ' WHERE forum_id IN (' . implode(', ', $forum_id) . ') ORDER BY forum_name ASC'; $result = $db->sql_query($sql); $forum_names = array(); while ($row = $db->sql_fetchrow($result)) { $forum_names[] = $row['forum_name']; } $db->sql_freeresult($result); $template->assign_vars(array('S_FORUM_NAMES' => sizeof($forum_names) ? true : false, 'FORUM_NAMES' => implode(', ', $forum_names))); } return; } // Do not allow forum_ids being set and no other setting defined (will bog down the server too much) if (sizeof($forum_id) && !sizeof($user_id) && !sizeof($group_id)) { trigger_error($user->lang['ONLY_FORUM_DEFINED'] . adm_back_link($this->u_action)); } $template->assign_vars(array('S_PERMISSION_DROPDOWN' => sizeof($this->permission_dropdown) > 1 ? $this->build_permission_dropdown($this->permission_dropdown, $permission_type) : false, 'L_PERMISSION_TYPE' => $user->lang['ACL_TYPE_' . strtoupper($permission_type)], 'U_ACTION' => $this->u_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); if (strpos($mode, 'setting_') === 0) { $template->assign_vars(array('S_SETTING_PERMISSIONS' => true)); $hold_ary = $auth_admin->get_mask('set', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_UNSET); $auth_admin->display_mask('set', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false); } else { $template->assign_vars(array('S_VIEWING_PERMISSIONS' => true)); $hold_ary = $auth_admin->get_mask('view', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO); $auth_admin->display_mask('view', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false); } }
/** * This is used to promote (to leader), demote or set as default a member/s */ function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false) { global $db, $auth, $user, $phpbb_container, $phpbb_log, $phpbb_dispatcher; // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary); if (!sizeof($user_id_ary) || $result !== false) { return 'NO_USERS'; } if (!$group_name) { $group_name = get_group_name($group_id); } switch ($action) { case 'demote': case 'promote': $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 1\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query_limit($sql, 1); $not_empty = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($not_empty) { return 'NO_VALID_USERS'; } $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = ' . ($action == 'promote' ? 1 : 0) . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); $log = $action == 'promote' ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED'; break; case 'approve': // Make sure we only approve those which are pending ;) $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 1 AND ug.user_id = u.user_id AND ' . $db->sql_in_set('ug.user_id', $user_id_ary); $result = $db->sql_query($sql); $user_id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = $row['user_id']; } $db->sql_freeresult($result); if (!sizeof($user_id_ary)) { return false; } $sql = 'UPDATE ' . USER_GROUP_TABLE . "\n\t\t\t\tSET user_pending = 0\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->add_notifications('notification.type.group_request_approved', array('user_ids' => $user_id_ary, 'group_id' => $group_id, 'group_name' => $group_name)); $phpbb_notifications->delete_notifications('notification.type.group_request', $user_id_ary, $group_id); $log = 'LOG_USERS_APPROVED'; break; case 'default': // We only set default group for approved members of the group $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query($sql); $user_id_ary = $username_ary = array(); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = $row['user_id']; } $db->sql_freeresult($result); $result = user_get_id_name($user_id_ary, $username_ary); if (!sizeof($user_id_ary) || $result !== false) { return 'NO_USERS'; } $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true); $result = $db->sql_query($sql); $groups = array(); while ($row = $db->sql_fetchrow($result)) { if (!isset($groups[$row['group_id']])) { $groups[$row['group_id']] = array(); } $groups[$row['group_id']][] = $row['user_id']; } $db->sql_freeresult($result); foreach ($groups as $gid => $uids) { remove_default_rank($gid, $uids); remove_default_avatar($gid, $uids); } group_set_user_default($group_id, $user_id_ary, $group_attributes); $log = 'LOG_GROUP_DEFAULTS'; break; } /** * Event to perform additional actions on setting user group attributes * * @event core.user_set_group_attributes * @var int group_id ID of the group * @var string group_name Name of the group * @var array user_id_ary IDs of the users to set group attributes * @var array username_ary Names of the users to set group attributes * @var array group_attributes Group attributes which were changed * @var string action Action to perform over the group members * @since 3.1.10-RC1 */ $vars = array('group_id', 'group_name', 'user_id_ary', 'username_ary', 'group_attributes', 'action'); extract($phpbb_dispatcher->trigger_event('core.user_set_group_attributes', compact($vars))); // Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($group_name, implode(', ', $username_ary))); group_update_listings($group_id); return false; }
$pwd = $_GET['p']; $username = $_GET['u']; $changingPwd = false; $changingEmail = false; if (strlen($pwd) > 0) { $changingPwd = true; } if ($oldEmail != $email) { $changingEmail = true; } //$password = md5($pwd); $password = md5($pwd); //get the userid for the (old) email address $user_id_ary = NULL; $user_name_ary = array($username); user_get_id_name($user_id_ary, $user_name_ary); $phpbb_user_id = $user_id_ary[0]; echo 'username: '******' userid: ', $user_id_ary[0]; //update the user $aSql = array(); if ($changingPwd) { $aSql["user_password"] = phpbb_hash($pwd); $aSql["user_passchg"] = time(); } if ($changingEmail) { $aSql["user_email"] = $email; $aSql["user_email_hash"] = phpbb_email_hash($email); } // Execute update $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $aSql) . '
/** * sends a personal message with the contents of the form * @todo make this work */ private function pm_sendform($message, $user_id = 2, $sender_id = 2) { global $user, $config; global $phpEx, $phpbb_root_path; global $messenger; include_once $phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx; include_once $phpbb_root_path . 'includes/message_parser.' . $phpEx; $sender = $this->get_user_info($sender_id); $message_parser = new parse_message(); $data = array(); //$messenger->template('raidplan_delete', $row['user_lang']); $subject = '[' . $user->lang['RAIDPLANNER'] . '] ' . $user->lang['DELRAID'] . ': ' . $this->eventlist->events[$this->event_type]['event_name'] . ' ' . $user->format_date($this->start_time, $config['rp_date_time_format'], true); $userids = array($this->poster); $rlname = array(); user_get_id_name($userids, $rlname); $messenger->assign_vars(array('RAIDLEADER' => $rlname[$this->poster], 'USERNAME' => htmlspecialchars_decode($row['username']), 'EVENT_SUBJECT' => $subject, 'EVENT' => $this->eventlist->events[$this->event_type]['event_name'], 'INVITE_TIME' => $user->format_date($this->invite_time, $config['rp_date_time_format'], true), 'START_TIME' => $user->format_date($this->start_time, $config['rp_date_time_format'], true), 'END_TIME' => $user->format_date($this->end_time, $config['rp_date_time_format'], true), 'TZ' => $user->lang['tz'][(int) $user->data['user_timezone']], 'U_RAIDPLAN' => generate_board_url() . "/dkp.{$phpEx}?page=planner&view=raidplan&raidplanid=" . $this->id)); $messenger->msg = trim($messenger->tpl_obj->assign_display('body')); $messenger->msg = str_replace("\r\n", "\n", $messenger->msg); $messenger->msg = utf8_normalize_nfc($messenger->msg); $uid = $bitfield = $options = ''; // will be modified by generate_text_for_storage $allow_bbcode = $allow_smilies = $allow_urls = true; generate_text_for_storage($messenger->msg, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies); $messenger->msg = generate_text_for_display($messenger->msg, $uid, $bitfield, $options); $data = array('address_list' => array('u' => array($row['user_id'] => 'to')), 'from_user_id' => $user->data['user_id'], 'from_username' => $user->data['username'], 'icon_id' => 0, 'from_user_ip' => $user->data['user_ip'], 'enable_bbcode' => true, 'enable_smilies' => true, 'enable_urls' => true, 'enable_sig' => true, 'message' => $messenger->msg, 'bbcode_bitfield' => $this->bbcode['bitfield'], 'bbcode_uid' => $this->bbcode['uid']); if ($config['rp_pm_rpchange'] == 1 && (int) $row['user_allow_pm'] == 1) { // send a PM submit_pm('post', $subject, $data, false); } }
/** * raidmessenger * * eventhandler for * raidplan add send to all who have a dkp member with points * raidplan update send to raidplan participants * raidplan delete send to raidplan participants * * @param $trigger */ public function raidmessenger($trigger) { global $user, $config; global $phpEx, $phpbb_root_path; include_once $phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx; include_once $phpbb_root_path . 'includes/functions.' . $phpEx; include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx; $rpm = new \bbdkp\controller\raidplanner\Raidmessenger(); $rpm->get_notifiable_users($trigger, $this->id); $emailrecipients = array(); $messenger = new \messenger(); foreach ($rpm->send_user_data as $id => $row) { $data = array(); // get template switch ($trigger) { case 1: $messenger->template('raidplan_add', $row['user_lang']); $subject = '[' . $user->lang['RAIDPLANNER'] . '] ' . $user->lang['NEWRAID'] . ': ' . $this->eventlist[$this->event_type]['event_name'] . ' ' . $user->format_date($this->start_time, $config['rp_date_time_format'], true); break; case 2: $messenger->template('raidplan_update', $row['user_lang']); $subject = '[' . $user->lang['RAIDPLANNER'] . '] ' . $user->lang['UPDRAID'] . ': ' . $this->eventlist[$this->event_type]['event_name'] . ' ' . $user->format_date($this->start_time, $config['rp_date_time_format'], true); break; case 3: $messenger->template('raidplan_delete', $row['user_lang']); $subject = '[' . $user->lang['RAIDPLANNER'] . '] ' . $user->lang['DELRAID'] . ': ' . $this->eventlist[$this->event_type]['event_name'] . ' ' . $user->format_date($this->start_time, $config['rp_date_time_format'], true); break; } $userids = array($this->poster); $rlname = array(); user_get_id_name($userids, $rlname); $messenger->assign_vars(array('RAIDLEADER' => $rlname[$this->poster], 'USERNAME' => htmlspecialchars_decode($row['username']), 'EVENT_SUBJECT' => $subject, 'EVENT' => $this->eventlist[$this->event_type]['event_name'], 'INVITE_TIME' => $user->format_date($this->invite_time, $config['rp_date_time_format'], true), 'START_TIME' => $user->format_date($this->start_time, $config['rp_date_time_format'], true), 'END_TIME' => $user->format_date($this->end_time, $config['rp_date_time_format'], true), 'TZ' => $user->lang['tz'][(int) $user->data['user_timezone']], 'U_RAIDPLAN' => generate_board_url() . "/dkp.{$phpEx}?page=planner&view=raidplan&raidplanid=" . $this->id)); $messenger->msg = trim($messenger->tpl_obj->assign_display('body')); $messenger->msg = str_replace("\r\n", "\n", $messenger->msg); $messenger->msg = utf8_normalize_nfc($messenger->msg); $uid = $bitfield = $options = ''; // will be modified by generate_text_for_storage $allow_bbcode = $allow_smilies = $allow_urls = true; generate_text_for_storage($messenger->msg, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies); $messenger->msg = generate_text_for_display($messenger->msg, $uid, $bitfield, $options); $data = array('address_list' => array('u' => array($row['user_id'] => 'to')), 'from_user_id' => $user->data['user_id'], 'from_username' => $user->data['username'], 'icon_id' => 0, 'from_user_ip' => $user->data['user_ip'], 'enable_bbcode' => true, 'enable_smilies' => true, 'enable_urls' => true, 'enable_sig' => true, 'message' => $messenger->msg, 'bbcode_bitfield' => $this->bbcode['bitfield'], 'bbcode_uid' => $this->bbcode['uid']); if ($config['rp_pm_rpchange'] == 1 && (int) $row['user_allow_pm'] == 1) { // send a PM submit_pm('post', $subject, $data, false); } if ($config['rp_email_rpchange'] == 1 && $row['user_email'] != '') { //send email, reuse messenger object $email = $messenger; $emailrecipients[] = $row['username']; $email->to($row['user_email'], $row['username']); $email->anti_abuse_headers($config, $user); $email->send(0); } } if ($config['rp_email_rpchange'] == 1 && isset($email)) { $email->save_queue(); $emailrecipients = implode(', ', $emailrecipients); add_log('admin', 'LOG_MASS_EMAIL', $emailrecipients); } }
/** * For composing messages, handle list actions */ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc) { global $auth, $db, $user; // Delete User [TO/BCC] if ($remove_u && !empty($_REQUEST['remove_u']) && is_array($_REQUEST['remove_u'])) { $remove_user_id = array_keys($_REQUEST['remove_u']); if (isset($remove_user_id[0])) { unset($address_list['u'][(int) $remove_user_id[0]]); } } // Delete Group [TO/BCC] if ($remove_g && !empty($_REQUEST['remove_g']) && is_array($_REQUEST['remove_g'])) { $remove_group_id = array_keys($_REQUEST['remove_g']); if (isset($remove_group_id[0])) { unset($address_list['g'][(int) $remove_group_id[0]]); } } // Add Selected Groups $group_list = request_var('group_list', array(0)); // Build usernames to add $usernames = request_var('username', '', true); $usernames = empty($usernames) ? array() : array($usernames); $username_list = request_var('username_list', '', true); if ($username_list) { $usernames = array_merge($usernames, explode("\n", $username_list)); } // If add to or add bcc not pressed, users could still have usernames listed they want to add... if (!$add_to && !$add_bcc && (sizeof($group_list) || sizeof($usernames))) { $add_to = true; global $refresh, $submit, $preview; $refresh = true; $submit = false; // Preview is only true if there was also a message entered if (request_var('message', '')) { $preview = true; } } // Add User/Group [TO] if ($add_to || $add_bcc) { $type = $add_to ? 'to' : 'bcc'; if (sizeof($group_list)) { foreach ($group_list as $group_id) { $address_list['g'][$group_id] = $type; } } // User ID's to add... $user_id_ary = array(); // Reveal the correct user_ids if (sizeof($usernames)) { $user_id_ary = array(); user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); // If there are users not existing, we will at least print a notice... if (!sizeof($user_id_ary)) { $error[] = $user->lang['PM_NO_USERS']; } } // Add Friends if specified $friend_list = isset($_REQUEST['add_' . $type]) && is_array($_REQUEST['add_' . $type]) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array(); $user_id_ary = array_merge($user_id_ary, $friend_list); foreach ($user_id_ary as $user_id) { if ($user_id == ANONYMOUS) { continue; } $address_list['u'][$user_id] = $type; } } // Check for disallowed recipients if (!empty($address_list['u'])) { // We need to check their PM status (do they want to receive PM's?) // Only check if not a moderator or admin, since they are allowed to override this user setting if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' AND user_allow_pm = 0'; $result = $db->sql_query($sql); $removed = false; while ($row = $db->sql_fetchrow($result)) { $removed = true; unset($address_list['u'][$row['user_id']]); } $db->sql_freeresult($result); // print a notice about users not being added who do not want to receive pms if ($removed) { $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; } } } }
function import() { global $db, $template, $user; $import_schema = request_var('import_schema', ''); $images = request_var('images', array(''), true); $submit = isset($_POST['submit']) ? true : (empty($images) ? false : true); if ($import_schema) { if (phpbb_gallery_url::_file_exists($import_schema, 'import', '')) { include phpbb_gallery_url::_return_file($import_schema, 'import', ''); // Replace the md5 with the ' again and remove the space at the end to prevent \' troubles $user_data['username'] = utf8_substr(str_replace("{{$import_schema}}", "'", $user_data['username']), 0, -1); $image_name = utf8_substr(str_replace("{{$import_schema}}", "'", $image_name), 0, -1); } else { global $phpEx; trigger_error(sprintf($user->lang['MISSING_IMPORT_SCHEMA'], $import_schema . '.' . $phpEx), E_USER_WARNING); } $images_loop = 0; foreach ($images as $image_src) { /** * Import the images */ $image_src = str_replace("{{$import_schema}}", "'", $image_src); $image_src_full = phpbb_gallery_url::path('import') . utf8_decode($image_src); if (file_exists($image_src_full)) { $filetype = getimagesize($image_src_full); $filetype_ext = ''; switch ($filetype['mime']) { case 'image/jpeg': case 'image/jpg': case 'image/pjpeg': $filetype_ext = '.jpg'; $read_function = 'imagecreatefromjpeg'; if (substr(strtolower($image_src), -4) != '.jpg' && substr(strtolower($image_src), -5) != '.jpeg') { trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING); } break; case 'image/png': case 'image/x-png': $filetype_ext = '.png'; $read_function = 'imagecreatefrompng'; if (substr(strtolower($image_src), -4) != '.png') { trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING); } break; case 'image/gif': case 'image/giff': $filetype_ext = '.gif'; $read_function = 'imagecreatefromgif'; if (substr(strtolower($image_src), -4) != '.gif') { trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING); } break; default: trigger_error('NOT_ALLOWED_FILE_TYPE'); break; } $image_filename = md5(unique_id()) . $filetype_ext; if (!@move_uploaded_file($image_src_full, phpbb_gallery_url::path('upload') . $image_filename)) { if (!@copy($image_src_full, phpbb_gallery_url::path('upload') . $image_filename)) { $user->add_lang('posting'); trigger_error(sprintf($user->lang['GENERAL_UPLOAD_ERROR'], phpbb_gallery_url::path('upload') . $image_filename), E_USER_WARNING); } } @chmod(phpbb_gallery_url::path('upload') . $image_filename, 0777); // The source image is imported, so we delete it. @unlink($image_src_full); $sql_ary = array('image_filename' => $image_filename, 'image_thumbnail' => '', 'image_desc' => '', 'image_desc_uid' => '', 'image_desc_bitfield' => '', 'image_user_id' => $user_data['user_id'], 'image_username' => $user_data['username'], 'image_username_clean' => utf8_clean_string($user_data['username']), 'image_user_colour' => $user_data['user_colour'], 'image_user_ip' => $user->ip, 'image_time' => $start_time + $done_images, 'image_album_id' => $album_id, 'image_status' => phpbb_gallery_image::STATUS_APPROVED, 'image_exif_data' => ''); $image_tools = new phpbb_gallery_image_tools(); $image_tools->set_image_options(phpbb_gallery_config::get('max_filesize'), phpbb_gallery_config::get('max_height'), phpbb_gallery_config::get('max_width')); $image_tools->set_image_data(phpbb_gallery_url::path('upload') . $image_filename); // Read exif data from file $image_tools->read_exif_data(); $sql_ary['image_exif_data'] = $image_tools->exif_data_serialized; $sql_ary['image_has_exif'] = $image_tools->exif_data_exist; if ($filetype[0] > phpbb_gallery_config::get('max_width') || $filetype[1] > phpbb_gallery_config::get('max_height')) { /** * Resize overside images */ if (phpbb_gallery_config::get('allow_resize')) { $image_tools->resize_image(phpbb_gallery_config::get('max_width'), phpbb_gallery_config::get('max_height')); if ($image_tools->resized) { $image_tools->write_image(phpbb_gallery_url::path('upload') . $image_filename, phpbb_gallery_config::get('jpg_quality'), true); } } } if (!$image_tools->exif_data_force_db && $sql_ary['image_has_exif'] == phpbb_gallery_constants::EXIF_DBSAVED) { // Image was not resized, so we can pull the Exif from the image to save db-memory. $sql_ary['image_has_exif'] = phpbb_gallery_constants::EXIF_AVAILABLE; $sql_ary['image_exif_data'] = ''; } // Try to get real filesize from temporary folder (not always working) ;) $sql_ary['filesize_upload'] = @filesize(phpbb_gallery_url::path('upload') . $image_filename) ? @filesize(phpbb_gallery_url::path('upload') . $image_filename) : 0; if ($filename || $image_name == '') { $sql_ary['image_name'] = str_replace("_", " ", utf8_substr($image_src, 0, -4)); } else { $sql_ary['image_name'] = str_replace('{NUM}', $num_offset + $done_images, $image_name); } $sql_ary['image_name_clean'] = utf8_clean_string($sql_ary['image_name']); // Put the images into the database $db->sql_query('INSERT INTO ' . GALLERY_IMAGES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $done_images++; } // Remove the image from the list unset($images[$images_loop]); $images_loop++; if ($images_loop == 10) { // We made 10 images, so we end for this turn break; } } if ($images_loop) { $image_user = new phpbb_gallery_user($db, $user_data['user_id'], false); $image_user->update_images($images_loop); phpbb_gallery_config::inc('num_images', $images_loop); $todo_images = $todo_images - $images_loop; } phpbb_gallery_album::update_info($album_id); if (!$todo_images) { unlink(phpbb_gallery_url::_return_file($import_schema, 'import', '')); trigger_error(sprintf($user->lang['IMPORT_FINISHED'], $done_images) . adm_back_link($this->u_action)); } else { // Write the new list $this->create_import_schema($import_schema, $album_id, $user_data, $start_time, $num_offset, $done_images, $todo_images, $image_name, $filename, $images); // Redirect $forward_url = $this->u_action . "&import_schema={$import_schema}"; meta_refresh(1, $forward_url); trigger_error(sprintf($user->lang['IMPORT_DEBUG_MES'], $done_images, $todo_images)); } } else { if ($submit) { if (!check_form_key('acp_gallery')) { trigger_error('FORM_INVALID', E_USER_WARNING); } if (!$images) { trigger_error('NO_FILE_SELECTED', E_USER_WARNING); } // Who is the uploader? $username = request_var('username', '', true); $user_id = 0; if ($username) { if (!function_exists('user_get_id_name')) { phpbb_gallery_url::_include('functions_user', 'phpbb'); } user_get_id_name($user_id, $username); } if (is_array($user_id)) { $user_id = $user_id[0]; } if (!$user_id) { $user_id = $user->data['user_id']; } $sql = 'SELECT username, user_colour, user_id FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error('HACKING_ATTEMPT', E_USER_WARNING); } // Where do we put them to? $album_id = request_var('album_id', 0); $sql = 'SELECT album_id, album_name FROM ' . GALLERY_ALBUMS_TABLE . ' WHERE album_id = ' . $album_id; $result = $db->sql_query($sql); $album_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$album_row) { trigger_error('HACKING_ATTEMPT', E_USER_WARNING); } $start_time = time(); $import_schema = md5($start_time); $filename = request_var('filename', '') == 'filename' ? true : false; $image_name = request_var('image_name', '', true); $num_offset = request_var('image_num', 0); $this->create_import_schema($import_schema, $album_row['album_id'], $user_row, $start_time, $num_offset, 0, sizeof($images), $image_name, $filename, $images); $forward_url = $this->u_action . "&import_schema={$import_schema}"; meta_refresh(2, $forward_url); trigger_error('IMPORT_SCHEMA_CREATED'); } } $handle = opendir(phpbb_gallery_url::path('import')); $files = array(); while ($file = readdir($handle)) { if (!is_dir(phpbb_gallery_url::path('import') . $file) && (substr(strtolower($file), -4) == '.png' && phpbb_gallery_config::get('allow_png') || substr(strtolower($file), -4) == '.gif' && phpbb_gallery_config::get('allow_gif') || substr(strtolower($file), -4) == '.jpg' && phpbb_gallery_config::get('allow_jpg') || substr(strtolower($file), -5) == '.jpeg' && phpbb_gallery_config::get('allow_jpg'))) { $files[utf8_strtolower($file)] = $file; } } closedir($handle); // Sort the files by name again ksort($files); foreach ($files as $file) { $template->assign_block_vars('imagerow', array('FILE_NAME' => utf8_encode($file))); } $template->assign_vars(array('S_IMPORT_IMAGES' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_IMPORT_ALBUMS'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_IMPORT_ALBUMS_EXPLAIN'], 'L_IMPORT_DIR_EMPTY' => sprintf($user->lang['IMPORT_DIR_EMPTY'], phpbb_gallery_url::path('import')), 'S_ALBUM_IMPORT_ACTION' => $this->u_action, 'S_SELECT_IMPORT' => phpbb_gallery_album::get_albumbox(false, 'album_id', false, false, false, phpbb_gallery_album::PUBLIC_ALBUM, phpbb_gallery_album::TYPE_UPLOAD), 'U_FIND_USERNAME' => phpbb_gallery_url::append_sid('phpbb', 'memberlist', 'mode=searchuser&form=acp_gallery&field=username&select_single=true'))); }
/** * This is used to promote (to leader), demote or set as default a member/s */ function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false) { global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container; // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary); if (!sizeof($user_id_ary) || $result !== false) { return 'NO_USERS'; } if (!$group_name) { $group_name = get_group_name($group_id); } switch ($action) { case 'demote': case 'promote': $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 1\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query_limit($sql, 1); $not_empty = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($not_empty) { return 'NO_VALID_USERS'; } $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = ' . ($action == 'promote' ? 1 : 0) . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); $log = $action == 'promote' ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED'; break; case 'approve': // Make sure we only approve those which are pending ;) $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 1 AND ug.user_id = u.user_id AND ' . $db->sql_in_set('ug.user_id', $user_id_ary); $result = $db->sql_query($sql); $user_id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = $row['user_id']; } $db->sql_freeresult($result); if (!sizeof($user_id_ary)) { return false; } $sql = 'UPDATE ' . USER_GROUP_TABLE . "\n\t\t\t\tSET user_pending = 0\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->add_notifications('notification.type.group_request_approved', array('user_ids' => $user_id_ary, 'group_id' => $group_id, 'group_name' => $group_name)); $phpbb_notifications->delete_notifications('notification.type.group_request', $user_id_ary, $group_id); $log = 'LOG_USERS_APPROVED'; break; case 'default': // We only set default group for approved members of the group $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query($sql); $user_id_ary = $username_ary = array(); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = $row['user_id']; } $db->sql_freeresult($result); $result = user_get_id_name($user_id_ary, $username_ary); if (!sizeof($user_id_ary) || $result !== false) { return 'NO_USERS'; } $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true); $result = $db->sql_query($sql); $groups = array(); while ($row = $db->sql_fetchrow($result)) { if (!isset($groups[$row['group_id']])) { $groups[$row['group_id']] = array(); } $groups[$row['group_id']][] = $row['user_id']; } $db->sql_freeresult($result); foreach ($groups as $gid => $uids) { remove_default_rank($gid, $uids); remove_default_avatar($gid, $uids); } group_set_user_default($group_id, $user_id_ary, $group_attributes); $log = 'LOG_GROUP_DEFAULTS'; break; } // Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); add_log('admin', $log, $group_name, implode(', ', $username_ary)); group_update_listings($group_id); return false; }
* */ die("Please read the first lines of this script for instructions on how to enable it"); set_time_limit(0); define('IN_PHPBB', true); $phpbb_root_path = './../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); include $phpbb_root_path . 'common.' . $phpEx; include $phpbb_root_path . '/includes/functions_user.' . $phpEx; // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup(); $bots = array('AdsBot [Google]' => array('AdsBot-Google', ''), 'Alexa [Bot]' => array('ia_archiver', ''), 'Alta Vista [Bot]' => array('Scooter/', ''), 'Ask Jeeves [Bot]' => array('Ask Jeeves', ''), 'Baidu [Spider]' => array('Baiduspider+(', ''), 'Exabot [Bot]' => array('Exabot/', ''), 'FAST Enterprise [Crawler]' => array('FAST Enterprise Crawler', ''), 'FAST WebCrawler [Crawler]' => array('FAST-WebCrawler/', ''), 'Francis [Bot]' => array('http://www.neomo.de/', ''), 'Gigabot [Bot]' => array('Gigabot/', ''), 'Google Adsense [Bot]' => array('Mediapartners-Google', ''), 'Google Desktop' => array('Google Desktop', ''), 'Google Feedfetcher' => array('Feedfetcher-Google', ''), 'Google [Bot]' => array('Googlebot', ''), 'Heise IT-Markt [Crawler]' => array('heise-IT-Markt-Crawler', ''), 'Heritrix [Crawler]' => array('heritrix/1.', ''), 'IBM Research [Bot]' => array('ibm.com/cs/crawler', ''), 'ICCrawler - ICjobs' => array('ICCrawler - ICjobs', ''), 'ichiro [Crawler]' => array('ichiro/2', ''), 'Majestic-12 [Bot]' => array('MJ12bot/', ''), 'Metager [Bot]' => array('MetagerBot/', ''), 'MSN NewsBlogs' => array('msnbot-NewsBlogs/', ''), 'MSN [Bot]' => array('msnbot/', ''), 'MSNbot Media' => array('msnbot-media/', ''), 'NG-Search [Bot]' => array('NG-Search/', ''), 'Nutch [Bot]' => array('http://lucene.apache.org/nutch/', ''), 'Nutch/CVS [Bot]' => array('NutchCVS/', ''), 'OmniExplorer [Bot]' => array('OmniExplorer_Bot/', ''), 'Online link [Validator]' => array('online link validator', ''), 'psbot [Picsearch]' => array('psbot/0', ''), 'Seekport [Bot]' => array('Seekbot/', ''), 'Sensis [Crawler]' => array('Sensis Web Crawler', ''), 'SEO Crawler' => array('SEO search Crawler/', ''), 'Seoma [Crawler]' => array('Seoma [SEO Crawler]', ''), 'SEOSearch [Crawler]' => array('SEOsearch/', ''), 'Snappy [Bot]' => array('Snappy/1.1 ( http://www.urltrends.com/ )', ''), 'Steeler [Crawler]' => array('http://www.tkl.iis.u-tokyo.ac.jp/~crawler/', ''), 'Synoo [Bot]' => array('SynooBot/', ''), 'Telekom [Bot]' => array('*****@*****.**', ''), 'TurnitinBot [Bot]' => array('TurnitinBot/', ''), 'Voyager [Bot]' => array('voyager/1.0', ''), 'W3 [Sitesearch]' => array('W3 SiteSearch Crawler', ''), 'W3C [Linkcheck]' => array('W3C-checklink/', ''), 'W3C [Validator]' => array('W3C_*Validator', ''), 'WiseNut [Bot]' => array('http://www.WISEnutbot.com', ''), 'YaCy [Bot]' => array('yacybot', ''), 'Yahoo MMCrawler [Bot]' => array('Yahoo-MMCrawler/', ''), 'Yahoo Slurp [Bot]' => array('Yahoo! DE Slurp', ''), 'Yahoo [Bot]' => array('Yahoo! Slurp', ''), 'YahooSeeker [Bot]' => array('YahooSeeker/', '')); $bot_ids = array(); user_get_id_name($bot_ids, array_keys($bots), USER_IGNORE); foreach ($bot_ids as $bot) { user_delete('remove', $bot); } // Done add_bots($bots); echo 'done'; /** * Add the search bots into the database * This code should be used in execute_last if the source database did not have bots * If you are converting bots this function should not be called * @todo We might want to look at sharing the bot list between the install code and this code for consistency */ function add_bots($bots) { global $db, $config;
$sql = 'INSERT INTO ' . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)\n\t\t\tVALUES ({$user->data['user_id']}, {$topic_id}, 1)"; $db->sql_query($sql); $is_subscribed = true; } elseif ($action == 'unsubscribe' && $is_subscribed && $user->data['is_registered'] && !$user->data['is_bot']) { $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . "\n\t\t\tWHERE user_id = {$user->data['user_id']} AND topic_id = {$topic_id}"; $db->sql_query($sql); $is_subscribed = false; } elseif ($action == 'assign') { // Check form if (!check_form_key('bug_modify')) { trigger_error('FORM_INVALID'); } include "{$phpbb_root_path}includes/functions_user.{$phpEx}"; $user_id_ary = array(); $usernames = array(request_var('assigned', '', true)); user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER)); $new_assigned = empty($user_id_ary) ? 0 : $user_id_ary[0]; if ($new_assigned == $report['assigned_id']) { trigger_error('CANNOT_REASSIGN_SAME', E_USER_NOTICE); } // Perform the action $sql = 'UPDATE ' . BUGS_REPORTS_TABLE . ' SET report_assigned = ' . $new_assigned . ' WHERE report_id = ' . $report_id; $db->sql_query($sql); // Update the data queried before $old_assigned_name = $report['assigned_name']; $report['assigned_id'] = $new_assigned; $report['assigned_name'] = $usernames[0]; if ($new_assigned != 0) { $sql = 'SELECT u.user_colour FROM ' . USERS_TABLE . ' u WHERE u.user_id = ' . $new_assigned; $result = $db->sql_query($sql); $assigned = $db->sql_fetchrow($result);
public function get_user_id_from_name($username) { global $phpbb_root_path, $phpEx, $db, $config, $user, $auth, $cache, $template; //user functions require_once $phpbb_root_path . "includes/functions_user." . $phpEx; $user_id = false; if (!isset($username)) { return false; } user_get_id_name($user_id, $username); if (!isset($user_id[0])) { return false; } return $user_id[0]; }
/** * For composing messages, handle list actions */ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc) { global $auth, $db, $user; global $request; // Delete User [TO/BCC] if ($remove_u && $request->variable('remove_u', array(0 => ''))) { $remove_user_id = array_keys($request->variable('remove_u', array(0 => ''))); if (isset($remove_user_id[0])) { unset($address_list['u'][(int) $remove_user_id[0]]); } } // Delete Group [TO/BCC] if ($remove_g && $request->variable('remove_g', array(0 => ''))) { $remove_group_id = array_keys($request->variable('remove_g', array(0 => ''))); if (isset($remove_group_id[0])) { unset($address_list['g'][(int) $remove_group_id[0]]); } } // Add Selected Groups $group_list = request_var('group_list', array(0)); // Build usernames to add $usernames = request_var('username', '', true); $usernames = empty($usernames) ? array() : array($usernames); $username_list = request_var('username_list', '', true); if ($username_list) { $usernames = array_merge($usernames, explode("\n", $username_list)); } // If add to or add bcc not pressed, users could still have usernames listed they want to add... if (!$add_to && !$add_bcc && (sizeof($group_list) || sizeof($usernames))) { $add_to = true; global $refresh, $submit, $preview; $refresh = true; $submit = false; // Preview is only true if there was also a message entered if (request_var('message', '')) { $preview = true; } } // Add User/Group [TO] if ($add_to || $add_bcc) { $type = $add_to ? 'to' : 'bcc'; if (sizeof($group_list)) { foreach ($group_list as $group_id) { $address_list['g'][$group_id] = $type; } } // User ID's to add... $user_id_ary = array(); // Reveal the correct user_ids if (sizeof($usernames)) { $user_id_ary = array(); user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); // If there are users not existing, we will at least print a notice... if (!sizeof($user_id_ary)) { $error[] = $user->lang['PM_NO_USERS']; } } // Add Friends if specified $friend_list = array_keys($request->variable('add_' . $type, array(0))); $user_id_ary = array_merge($user_id_ary, $friend_list); foreach ($user_id_ary as $user_id) { if ($user_id == ANONYMOUS) { continue; } $address_list['u'][$user_id] = $type; } } // Check for disallowed recipients if (!empty($address_list['u'])) { $can_ignore_allow_pm = $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'); // Administrator deactivated users check and we need to check their // PM status (do they want to receive PM's?) // Only check PM status if not a moderator or admin, since they // are allowed to override this user setting $sql = 'SELECT user_id, user_allow_pm FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' AND ( (user_type = ' . USER_INACTIVE . ' AND user_inactive_reason = ' . INACTIVE_MANUAL . ') ' . ($can_ignore_allow_pm ? '' : ' OR user_allow_pm = 0') . ' )'; $result = $db->sql_query($sql); $removed_no_pm = $removed_no_permission = false; while ($row = $db->sql_fetchrow($result)) { if (!$can_ignore_allow_pm && !$row['user_allow_pm']) { $removed_no_pm = true; } else { $removed_no_permission = true; } unset($address_list['u'][$row['user_id']]); } $db->sql_freeresult($result); // print a notice about users not being added who do not want to receive pms if ($removed_no_pm) { $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; } // print a notice about users not being added who do not have permission to receive PMs if ($removed_no_permission) { $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } if (!sizeof(array_keys($address_list['u']))) { return; } // Check if users have permission to read PMs $can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm'); $can_read = empty($can_read) || !isset($can_read[0]['u_readpm']) ? array() : $can_read[0]['u_readpm']; $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); if (!empty($cannot_read_list)) { foreach ($cannot_read_list as $cannot_read) { unset($address_list['u'][$cannot_read]); } $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } // Check if users are banned $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); if (!empty($banned_user_list)) { foreach ($banned_user_list as $banned_user) { unset($address_list['u'][$banned_user]); } $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } } }
public function convert_old_survey_data() { global $auth, $user; if (!isset($this->config['survey_version'])) { return; } if (!function_exists('user_get_id_name')) { include "{$this->phpbb_root_path}includes/functions_user.{$this->php_ext}"; } $user->add_lang_ext('kilianr/survey', 'survey'); $sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' WHERE topic_survey = 1'; $result = $this->db->sql_query($sql); while ($row = $this->db->sql_fetchrow($result)) { $topic_id = $row['topic_id']; $sql = "SELECT * FROM {$this->table_prefix}survey WHERE topic_id = '{$topic_id}'"; $result2 = $this->db->sql_query($sql); $old_settings = $this->db->sql_fetchrow($result2); $this->db->sql_freeresult($result2); if ($old_settings) { $survey = new survey($this->db, $this->config, $user, $auth, $this->table_prefix . 'surveys', $this->table_prefix . 'surveys_questions', $this->table_prefix . 'surveys_q_choices', $this->table_prefix . 'surveys_entries', $this->table_prefix . 'surveys_answers'); $survey->enable($topic_id); $survey->initialize($topic_id); $survey->load_survey($topic_id); // Convert the settings $settings = array('caption' => $old_settings['survey_caption'] ? $old_settings['survey_caption'] : $user->lang('SURVEY'), 'show_order' => min(max((int) $old_settings['show_order'], 0), 2), 'reverse_order' => $old_settings['show_order'] == 3 ? 1 : 0, 'allow_change_answer' => $old_settings['allow_change_answers'] == 1 ? 1 : 0, 'allow_multiple_answer' => $old_settings['allow_change_answers'] == 2 ? 1 : 0, 'visibility' => $old_settings['hide_survey_results'] ? 3 : ($old_settings['hide_names_of_respondents'] ? 1 : 0), 'start_time' => $old_settings['survey_start'], 'stop_time' => $old_settings['survey_length'] == 0 ? null : $old_settings['survey_start'] + $old_settings['survey_length']); $survey->change_config($settings); // Convert the questions $questions_skip = array(); $questions_label = array_map('trim', explode('|', $old_settings['questions'])); $questions_type = explode('|', $old_settings['question_types']); $questions_choices = explode('|', htmlspecialchars_decode($old_settings['question_selections'])); $questions_sum_type = explode('|', $old_settings['question_sums']); $questions_sum_by = array_map('trim', explode('|', $old_settings['question_selected_text'])); $questions_cap = explode('|', $old_settings['question_response_caps']); $num_questions = min(sizeof($questions_label), sizeof($questions_type), sizeof($questions_choices), sizeof($questions_sum_type), sizeof($questions_sum_by), sizeof($questions_cap)); for ($i = 0; $i < $num_questions; $i++) { $questions_skip[$i] = false; if ($questions_label[$i] == '' || $survey->get_question_id_from_label($questions_label[$i], -1) != -1) { $questions_skip[$i] = true; continue; } $new_type = min(max((int) $questions_type[$i], 0), 5); $new_type = $new_type == 2 ? 0 : $new_type; $new_type = $new_type == 3 ? 4 : $new_type; $question = array('label' => $questions_label[$i], 'example_answer' => '', 'type' => $new_type, 'random_choice_order' => 0, 'sum_type' => min(max((int) $questions_sum_type[$i] == 4 ? 2 : (int) $questions_sum_type[$i], 0), 3), 'sum_by' => $questions_sum_type[$i] == 3 ? $questions_sum_by[$i] : '', 'average' => $questions_sum_type[$i] == 4 ? 1 : 0, 'cap' => (int) $questions_cap[$i]); $choices = array(); if ($new_type == 4 || $new_type == 5) { if ($questions_choices[$i] == '') { $questions_skip[$i] = true; continue; } foreach (array_map('trim', array_unique(explode(";", $questions_choices[$i]))) as $choice) { if ($choice == '') { continue; } $choices[] = htmlspecialchars(str_replace(',', '', $choice)); } } $questions_type[$i] = $new_type; $survey->add_question($question, $choices); $questions_id[$i] = $survey->get_question_id_from_label($questions_label[$i], -1); } // Convert the answers $sql = "SELECT user_id, answers FROM {$this->table_prefix}survey_answers WHERE survey_id = {$old_settings['survey_id']} ORDER BY response_order"; $result2 = $this->db->sql_query($sql); while ($row2 = $this->db->sql_fetchrow($result2)) { $username = array(); if (user_get_id_name($row2['user_id'], $username) == 'NO_USERS') { continue; } $raw_answers = explode('|', $row2['answers']); $answers = array(); $i = -1; foreach ($raw_answers as $answer) { ++$i; if ($i >= $num_questions || $questions_skip[$i]) { continue; } if ($questions_type[$i] == 5) { $answer = implode(',', array_map('trim', explode('&&', str_replace(',', '', $answer)))); } if ($questions_type[$i] == 4) { $answer = str_replace(',', '', trim($answer)); } if (!$survey->check_answer($answer, $questions_id[$i])) { continue; } $answers[$questions_id[$i]] = $answer; } $survey->add_entry($row2['user_id'], $answers); } $this->db->sql_freeresult($result2); unset($survey); } } $this->db->sql_freeresult($result); }
/** * This is used to promote (to leader), demote or set as default a member/s */ function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false) { global $db, $auth, $phpbb_root_path, $phpEx, $config; // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary); if (!sizeof($user_id_ary) || $result !== false) { return 'NO_USERS'; } if (!$group_name) { $group_name = get_group_name($group_id); } switch ($action) { case 'demote': case 'promote': $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 1\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query_limit($sql, 1); $not_empty = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($not_empty) { return 'NO_VALID_USERS'; } $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = ' . ($action == 'promote' ? 1 : 0) . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); $log = $action == 'promote' ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED'; break; case 'approve': // Make sure we only approve those which are pending ;) $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 1 AND ug.user_id = u.user_id AND ' . $db->sql_in_set('ug.user_id', $user_id_ary); $result = $db->sql_query($sql); $user_id_ary = $email_users = array(); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = $row['user_id']; $email_users[] = $row; } $db->sql_freeresult($result); if (!sizeof($user_id_ary)) { return false; } $sql = 'UPDATE ' . USER_GROUP_TABLE . "\n\t\t\t\tSET user_pending = 0\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); // Send approved email to users... include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(); foreach ($email_users as $row) { $messenger->template('group_approved', $row['user_lang']); $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username']), 'GROUP_NAME' => htmlspecialchars_decode($group_name), 'U_GROUP' => generate_board_url() . "/ucp.{$phpEx}?i=groups&mode=membership")); $messenger->send($row['user_notify_type']); } $messenger->save_queue(); $log = 'LOG_USERS_APPROVED'; break; case 'default': $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true); $result = $db->sql_query($sql); $groups = array(); while ($row = $db->sql_fetchrow($result)) { if (!isset($groups[$row['group_id']])) { $groups[$row['group_id']] = array(); } $groups[$row['group_id']][] = $row['user_id']; } $db->sql_freeresult($result); foreach ($groups as $gid => $uids) { remove_default_rank($gid, $uids); remove_default_avatar($gid, $uids); } group_set_user_default($group_id, $user_id_ary, $group_attributes); $log = 'LOG_GROUP_DEFAULTS'; break; } // Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); add_log('admin', $log, $group_name, implode(', ', $username_ary)); group_update_listings($group_id); return false; }
private function add_sender($action) { include_once $this->phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $this->php_ext; include_once $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext; $this->user->add_lang(array('viewtopic')); $this->user->add_lang(array('ucp')); if (!$this->auth->acl_get('u_sendpm')) { $this->error[] = array('error' => $this->user->lang['NO_AUTH_SEND_MESSAGE']); return; } add_form_key('ucp_pm_compose'); // Grab only parameters needed here $this->address_list = $this->request->variable('address_list', array('' => array(0 => ''))); //already exist recipients don't need to check permission $this->user_list = array(); $usernames = array(); $username_list = $this->request->variable('username_list', '', true); $message = ''; #region AddUsers if ($username_list) { $usernames = array_unique(explode("\n", $username_list)); if (sizeof($usernames)) { $user_id_ary = array(); user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); $this->user_list = $this->get_user_list($usernames); if (sizeof($this->user_list) < sizeof($usernames)) { //find non-existing users foreach ($usernames as $username) { if (!$this->is_user_exists($username, $this->user_list)) { $message .= sprintf($this->user->lang['NO_SUCH_USER'] . '<br />', $username); } } } if (sizeof($this->user_list)) { // Now, make sure that new users not exist in address_list ;) foreach ($this->user_list as $key => $user) { if (isset($this->address_list['u'][$user['user_id']])) { //user already recipient (don't need add and check it) $message .= sprintf($this->user->lang['PMAJAX_USER_ALREADY_RECIPIENT'] . '<br />', $user['username']); $user_id_ary = array_diff($user_id_ary, array($user['user_id'])); //remove ids of duplicate recipients unset($this->user_list[$key]); } } if (sizeof($user_id_ary)) { // Check for disallowed recipients $can_ignore_allow_pm = $this->auth->acl_gets('a_', 'm_') || $this->auth->acl_getf_global('m_'); // Administrator deactivated users check and we need to check their // PM status (do they want to receive PM's?) // Only check PM status if not a moderator or admin, since they // are allowed to override this user setting $sql = 'SELECT user_id, username, user_allow_pm FROM ' . USERS_TABLE . ' WHERE ' . $this->db->sql_in_set('user_id', $user_id_ary) . ' AND ( (user_type = ' . USER_INACTIVE . ' AND user_inactive_reason = ' . INACTIVE_MANUAL . ') ' . ($can_ignore_allow_pm ? '' : ' OR user_allow_pm = 0') . ' )'; $result = $this->db->sql_query($sql); $removed_no_pm = $removed_no_permission = false; while ($row = $this->db->sql_fetchrow($result)) { if (!$can_ignore_allow_pm && !$row['user_allow_pm']) { $username = $this->remove_user_from_user_list($row['user_id']); $message .= sprintf($this->user->lang['PMAJAX_USER_REMOVED_NO_PM'] . '<br />', $username); } else { $username = $this->remove_user_from_user_list($row['user_id']); $message .= sprintf($this->user->lang['PMAJAX_USER_REMOVED_NO_PERMISSION'] . '<br />', $username); } $user_id_ary = array_diff($user_id_ary, array($row['user_id'])); //remove id for this user } $this->db->sql_freeresult($result); } //sizeof($user_id_ary)) if (sizeof($user_id_ary)) { // Check if users have permission to read PMs $can_read = $this->auth->acl_get_list($user_id_ary, 'u_readpm'); $can_read = empty($can_read) || !isset($can_read[0]['u_readpm']) ? array() : $can_read[0]['u_readpm']; $cannot_read_list = array_diff($user_id_ary, $can_read); if (!empty($cannot_read_list)) { foreach ($cannot_read_list as $cannot_read) { $username = $this->remove_user_from_user_list($cannot_read); $user_id_ary = array_diff($user_id_ary, $cannot_read); //remove id for this user $message .= sprintf($this->user->lang['PMAJAX_USER_REMOVED_NO_PERMISSION'] . '<br />', $username); } } } if (sizeof($user_id_ary)) { // Check if users are banned $banned_user_list = phpbb_get_banned_user_ids($user_id_ary, false); if (!empty($banned_user_list)) { foreach ($banned_user_list as $banned_user) { $username = $this->remove_user_from_user_list($banned_user); $user_id_ary = array_diff($user_id_ary, $cannot_read); //remove id for this user $message .= sprintf($this->user->lang['PMAJAX_USER_REMOVED_NO_PERMISSION'] . '<br />', $username); } } } } //sizeof($this->user_list } } #endregion $group_list = $this->request->variable('group_list', array(0)); $this->group_list = array(); #region AddGroups // Check mass pm to group permission if (sizeof($group_list) && (!$this->config['allow_mass_pm'] || !$this->auth->acl_get('u_masspm_group'))) { $message .= $this->user->lang['NO_AUTH_GROUP_MESSAGE'] . '<br />'; $group_list = array(); } if (sizeof($group_list)) { $sql = 'SELECT g.group_id AS id, g.group_name AS name, g.group_colour AS colour, g.group_type FROM ' . GROUPS_TABLE . ' g'; if (!$this->auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) { $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON ( g.group_id = ug.group_id AND ug.user_id = ' . $user->data['user_id'] . ' AND ug.user_pending = 0 ) WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $this->user->data['user_id'] . ')'; } $sql .= $this->auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? ' WHERE ' : ' AND '; $sql .= 'g.group_receive_pm = 1 AND ' . $this->db->sql_in_set('g.group_id', $group_list) . ' ORDER BY g.group_name ASC'; $result = $this->db->sql_query($sql); while ($row = $this->db->sql_fetchrow($result)) { $row['name'] = $row['group_type'] == GROUP_SPECIAL ? $this->user->lang['G_' . $row['name']] : $row['name']; // Now, make sure that group not exist in address_list if (isset($this->address_list['g'][$row['id']])) { $message .= sprintf($this->user->lang['PMAJAX_GROUP_ALREADY_RECIPIENT'] . '<br />', $row['name']); } else { $this->group_list[] = $row; } } $this->db->sql_freeresult($result); } #endregion #region Handle num recipients $num_recipients = sizeof($this->user_list); $pm_action = $this->request->variable('action', ''); $reply_to_all = $this->request->variable('reply_to_all', 0); if (sizeof($this->user_list) + sizeof($this->group_list)) { // Get maximum number of allowed recipients $sql = 'SELECT MAX(g.group_max_recipients) as max_recipients FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug WHERE ug.user_id = ' . $this->user->data['user_id'] . ' AND ug.user_pending = 0 AND ug.group_id = g.group_id'; $result = $this->db->sql_query($sql); $max_recipients = (int) $this->db->sql_fetchfield('max_recipients'); $this->db->sql_freeresult($result); $max_recipients = !$max_recipients ? $this->config['pm_max_recipients'] : $max_recipients; // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients if (($pm_action == 'reply' || $pm_action == 'quote') && $max_recipients && $reply_to_all) { $max_recipients = $max_recipients < sizeof($this->address_list['u']) ? sizeof($this->address_list['u']) : $max_recipients; } // Check for too many recipients $num_recipients_exist = !empty($this->address_list['u']) ? sizeof($this->address_list['u']) : 0; if ($max_recipients && $num_recipients_exist + $num_recipients > $max_recipients) { $this->error[] = array('error' => $this->user->lang('PMAJAX_TOO_MANY_RECIPIENTS', $max_recipients)); return; } // Check mass pm to users permission if ((!$this->config['allow_mass_pm'] || !$this->auth->acl_get('u_masspm')) && $num_recipients + $num_recipients_exist > 1) { $this->error[] = array('error' => $this->user->lang('PMAJAX_TOO_MANY_RECIPIENTS', $max_recipients)); return; } } #endregion $add_to = $action == "add_to" ? true : false; $add_bcc = $action == "add_bcc" ? true : false; $type = $add_to ? 'to' : 'bcc'; //build output $recipient_u = array(); $recipient_g = array(); foreach ($this->user_list as $user) { $view_path = get_username_string('profile', $user['user_id'], $user['username'], $user['colour']); $view_path = str_replace('../', '', $view_path); $name_full = get_username_string('full', $user['user_id'], $user['username'], $user['colour']); $name_full = str_replace('../', '', $name_full); $row = array('UG_ID' => $user['user_id'], 'NAME' => $user['username'], 'COLOUR' => $user['colour'] ? '#' . $user['colour'] : '', 'NAME_FULL' => $name_full); $recipient_u[] = $row; } $recipient_g = array(); foreach ($this->group_list as $group) { $view_path = append_sid("{$this->phpbb_root_path}memberlist.{$this->php_ext}", 'mode=group&g=' . $group['id']); $view_path = str_replace('../', '', $view_path); $row = array('UG_ID' => $group['id'], 'NAME' => $group['name'], 'COLOUR' => $group['colour'] ? '#' . $group['colour'] : '#0000FF', 'U_VIEW' => $view_path); $recipient_g[] = $row; } $this->return = array('RECIPIENT_U_LIST' => $recipient_u, 'RECIPIENT_G_LIST' => $recipient_g, 'NUM_RECIPIENTS' => sizeof($recipient_u) + sizeof($recipient_g), 'MESSAGE' => $message); }