public function get_new_author_info($username)
{
// Who is the new uploader?
if (!$username) {
return false;
}
$user_id = 0;
if ($username) {
if (!function_exists('user_get_id_name')) {
$this->url->_include('functions_user', 'phpbb');
}
user_get_id_name($user_id, $username);
}
if (empty($user_id)) {
return false;
}
$sql = 'SELECT username, user_colour, user_id
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id[0];
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
return $row;
}
/**
* For composing messages, handle list actions
*/
function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_to, $add_bcc)
{
global $auth, $db;
// Delete User [TO/BCC]
if ($remove_u) {
$remove_user_id = array_keys($_REQUEST['remove_u']);
unset($address_list['u'][(int) $remove_user_id[0]]);
}
// Delete Group [TO/BCC]
if ($remove_g) {
$remove_group_id = array_keys($_REQUEST['remove_g']);
unset($address_list['g'][(int) $remove_group_id[0]]);
}
// Add User/Group [TO]
if ($add_to || $add_bcc) {
$type = $add_to ? 'to' : 'bcc';
// Add Selected Groups
$group_list = request_var('group_list', array(0));
if (sizeof($group_list)) {
foreach ($group_list as $group_id) {
$address_list['g'][$group_id] = $type;
}
}
// User ID's to add...
$user_id_ary = array();
// Build usernames to add
$usernames = isset($_REQUEST['username']) ? array(request_var('username', '', true)) : array();
$username_list = request_var('username_list', '', true);
if ($username_list) {
$usernames = array_merge($usernames, explode("\n", $username_list));
}
// Reveal the correct user_ids
if (sizeof($usernames)) {
$user_id_ary = array();
user_get_id_name($user_id_ary, $usernames);
}
// Add Friends if specified
$friend_list = is_array($_REQUEST['add_' . $type]) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
$user_id_ary = array_merge($user_id_ary, $friend_list);
if (sizeof($user_id_ary)) {
// We need to check their PM status (do they want to receive PM's?)
// Only check if not a moderator or admin, since they are allowed to override this user setting
if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) {
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
AND user_allow_pm = 1';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$address_list['u'][$row['user_id']] = $type;
}
$db->sql_freeresult($result);
} else {
foreach ($user_id_ary as $user_id) {
$address_list['u'][$user_id] = $type;
}
}
}
}
}
function cleanup()
{
global $auth, $cache, $db, $template, $user, $phpbb_ext_gallery, $table_prefix, $phpbb_container, $request;
$delete = isset($_POST['delete']) ? true : false;
$prune = isset($_POST['prune']) ? true : false;
$submit = isset($_POST['submit']) ? true : false;
$missing_sources = $request->variable('source', array(0));
$missing_entries = $request->variable('entry', array(''), true);
$missing_authors = $request->variable('author', array(0), true);
$missing_comments = $request->variable('comment', array(0), true);
$missing_personals = $request->variable('personal', array(0), true);
$personals_bad = $request->variable('personal_bad', array(0), true);
$prune_pattern = $request->variable('prune_pattern', array('' => ''), true);
$move_to_import = $request->variable('move_to_import', 0);
$new_author = $request->variable('new_author', '');
$gallery_album = $phpbb_container->get('phpbbgallery.core.album');
$core_cleanup = $phpbb_container->get('phpbbgallery.acpcleanup.cleanup');
$gallery_auth = $phpbb_container->get('phpbbgallery.core.auth');
$gallery_config = $phpbb_container->get('phpbbgallery.core.config');
// Lets detect if ACP Import exists (find if directory is with RW access)
$acp_import_installed = false;
$acp_import_dir = $phpbb_ext_gallery->url->path('import');
if (file_exists($acp_import_dir) && is_writable($acp_import_dir)) {
$acp_import_installed = true;
}
if ($prune && empty($prune_pattern)) {
$prune_pattern['image_album_id'] = implode(',', $request->variable('prune_album_ids', array(0)));
if (isset($_POST['prune_username_check'])) {
$usernames = $request->variable('prune_usernames', '', true);
$usernames = explode("\n", $usernames);
$prune_pattern['image_user_id'] = array();
if (!empty($usernames)) {
if (!function_exists('user_get_id_name')) {
$phpbb_ext_gallery->url->_include('functions_user', 'phpbb');
}
user_get_id_name($user_ids, $usernames);
$prune_pattern['image_user_id'] = $user_ids;
}
if (isset($_POST['prune_anonymous'])) {
$prune_pattern['image_user_id'][] = ANONYMOUS;
}
$prune_pattern['image_user_id'] = implode(',', $prune_pattern['image_user_id']);
}
if (isset($_POST['prune_time_check'])) {
$prune_time = explode('-', $request->variable('prune_time', ''));
if (sizeof($prune_time) == 3) {
$prune_pattern['image_time'] = @gmmktime(0, 0, 0, (int) $prune_time[1], (int) $prune_time[2], (int) $prune_time[0]);
}
}
if (isset($_POST['prune_comments_check'])) {
$prune_pattern['image_comments'] = $request->variable('prune_comments', 0);
}
if (isset($_POST['prune_ratings_check'])) {
$prune_pattern['image_rates'] = $request->variable('prune_ratings', 0);
}
if (isset($_POST['prune_rating_avg_check'])) {
$prune_pattern['image_rate_avg'] = (int) ($request->variable('prune_rating_avg', 0.0) * 100);
}
}
$s_hidden_fields = build_hidden_fields(array('source' => $missing_sources, 'entry' => $missing_entries, 'author' => $missing_authors, 'comment' => $missing_comments, 'personal' => $missing_personals, 'personal_bad' => $personals_bad, 'prune_pattern' => $prune_pattern, 'move_to_import' => $move_to_import));
if ($submit) {
$user_id = 1;
if ($new_author) {
$user_id = 0;
if (!function_exists('user_get_id_name')) {
$phpbb_ext_gallery->url->_include('functions_user', 'phpbb');
}
user_get_id_name($user_id, $new_author);
if (is_array($user_id) && !empty($user_id)) {
$user_id = $user_id[0];
}
if (!$user_id) {
trigger_error($user->lang('CLEAN_USER_NOT_FOUND', $new_author) . adm_back_link($this->u_action), E_USER_WARNING);
}
}
if ($missing_authors) {
$sql = 'UPDATE ' . $table_prefix . 'gallery_images
SET image_user_id = ' . $user_id . ",\n\t\t\t\t\t\timage_user_colour = ''\n\t\t\t\t\tWHERE " . $db->sql_in_set('image_id', $missing_authors);
$db->sql_query($sql);
}
if ($missing_comments) {
$sql = 'UPDATE ' . $table_prefix . 'gallery_comments
SET comment_user_id = ' . $user_id . ",\n\t\t\t\t\t\tcomment_user_colour = ''\n\t\t\t\t\tWHERE " . $db->sql_in_set('comment_id', $missing_comments);
$db->sql_query($sql);
}
trigger_error($user->lang['CLEAN_CHANGED'] . adm_back_link($this->u_action));
}
if (confirm_box(true)) {
$message = array();
if ($missing_entries) {
if ($acp_import_installed && $move_to_import) {
foreach ($missing_entries as $entrie) {
copy($phpbb_ext_gallery->url->path('upload') . '/' . $entrie, $phpbb_ext_gallery->url->path('import') . '/' . $entrie);
}
}
$message[] = $core_cleanup->delete_files($missing_entries);
}
if ($missing_sources) {
$message[] = $core_cleanup->delete_images($missing_sources);
}
if ($missing_authors) {
$message[] = $core_cleanup->delete_author_images($missing_entries);
}
if ($missing_comments) {
$message[] = $core_cleanup->delete_author_comments($missing_comments);
}
if ($missing_personals || $personals_bad) {
$message = array_merge($message, $core_cleanup->delete_pegas($personals_bad, $missing_personals));
// Only do this, when we changed something about the albums
$cache->destroy('_albums');
$gallery_auth->set_user_permissions('all', '');
}
if ($prune_pattern) {
$message[] = $core_cleanup->prune($prune_pattern);
}
if (empty($message)) {
trigger_error($user->lang['CLEAN_NO_ACTION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
// Make sure the overall image & comment count is correct...
$sql = 'SELECT COUNT(image_id) AS num_images, SUM(image_comments) AS num_comments
FROM ' . $table_prefix . 'gallery_images
WHERE image_status <> ' . \phpbbgallery\core\image\image::STATUS_UNAPPROVED;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$gallery_config->set('num_images', $row['num_images']);
$gallery_config->set('num_comments', $row['num_comments']);
$cache->destroy('sql', $table_prefix . 'gallery_albums');
$cache->destroy('sql', $table_prefix . 'gallery_comments');
$cache->destroy('sql', $table_prefix . 'gallery_images');
$cache->destroy('sql', $table_prefix . 'gallery_rates');
$cache->destroy('sql', $table_prefix . 'gallery_reports');
$cache->destroy('sql', $table_prefix . 'gallery_watch');
$message_string = '';
foreach ($message as $lang_key) {
$message_string .= ($message_string ? '<br />' : '') . $user->lang[$lang_key];
}
trigger_error($message_string . adm_back_link($this->u_action));
} else {
if ($delete || $prune || isset($_POST['cancel'])) {
if (isset($_POST['cancel'])) {
trigger_error($user->lang['CLEAN_GALLERY_ABORT'] . adm_back_link($this->u_action), E_USER_WARNING);
} else {
$user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN'];
if ($missing_sources) {
$user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN_SOURCES'] . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM'];
}
if ($missing_entries) {
$user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN_ENTRIES'] . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM'];
}
if ($missing_authors) {
$core_cleanup->delete_author_images($missing_authors);
$user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN_AUTHORS'] . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM'];
}
if ($missing_comments) {
$user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang['CONFIRM_CLEAN_COMMENTS'] . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM'];
}
if ($personals_bad || $missing_personals) {
$sql = 'SELECT album_name, album_user_id
FROM ' . $table_prefix . 'gallery_albums
WHERE ' . $db->sql_in_set('album_user_id', array_merge($missing_personals, $personals_bad));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if (in_array($row['album_user_id'], $personals_bad)) {
$personals_bad_names[] = $row['album_name'];
} else {
$missing_personals_names[] = $row['album_name'];
}
}
$db->sql_freeresult($result);
}
if ($missing_personals) {
$user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang('CONFIRM_CLEAN_PERSONALS', implode(', ', $missing_personals_names)) . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM'];
}
if ($personals_bad) {
$user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang('CONFIRM_CLEAN_PERSONALS_BAD', implode(', ', $personals_bad_names)) . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM'];
}
if ($prune && empty($prune_pattern)) {
trigger_error($user->lang['CLEAN_PRUNE_NO_PATTERN'] . adm_back_link($this->u_action), E_USER_WARNING);
} elseif ($prune && $prune_pattern) {
$user->lang['CLEAN_GALLERY_CONFIRM'] = $user->lang('CONFIRM_PRUNE', $core_cleanup->lang_prune_pattern($prune_pattern)) . '<br />' . $user->lang['CLEAN_GALLERY_CONFIRM'];
}
confirm_box(false, 'CLEAN_GALLERY', $s_hidden_fields);
}
}
}
$requested_source = array();
$sql_array = array('SELECT' => 'i.image_id, i.image_name, i.image_filemissing, i.image_filename, i.image_username, u.user_id', 'FROM' => array($table_prefix . 'gallery_images' => 'i'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = i.image_user_id')));
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if ($row['image_filemissing']) {
$template->assign_block_vars('sourcerow', array('IMAGE_ID' => $row['image_id'], 'IMAGE_NAME' => $row['image_name']));
}
if (!$row['user_id']) {
$template->assign_block_vars('authorrow', array('IMAGE_ID' => $row['image_id'], 'AUTHOR_NAME' => $row['image_username']));
}
$requested_source[] = $row['image_filename'];
}
$db->sql_freeresult($result);
$check_mode = $request->variable('check_mode', '');
if ($check_mode == 'source') {
$source_missing = array();
// Reset the status: a image might have been viewed without file but the file is back
$sql = 'UPDATE ' . $table_prefix . 'gallery_images
SET image_filemissing = 0';
$db->sql_query($sql);
$sql = 'SELECT image_id, image_filename, image_filemissing
FROM ' . $table_prefix . 'gallery_images';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if (!file_exists($phpbb_ext_gallery->url->path('upload') . $row['image_filename'])) {
$source_missing[] = $row['image_id'];
}
}
$db->sql_freeresult($result);
if ($source_missing) {
$sql = 'UPDATE ' . $table_prefix . "gallery_images\n\t\t\t\t\tSET image_filemissing = 1\n\t\t\t\t\tWHERE " . $db->sql_in_set('image_id', $source_missing);
$db->sql_query($sql);
}
}
if ($check_mode == 'entry') {
$directory = $phpbb_ext_gallery->url->path('upload');
$handle = opendir($directory);
while ($file = readdir($handle)) {
if (!is_dir($directory . $file) && (substr(strtolower($file), '-4') == '.png' || substr(strtolower($file), '-4') == '.gif' || substr(strtolower($file), '-4') == '.jpg') && !in_array($file, $requested_source)) {
if (strpos($file, 'image_not_exist') !== false || strpos($file, 'not_authorised') !== false || strpos($file, 'no_hotlinking') !== false) {
continue;
}
$template->assign_block_vars('entryrow', array('FILE_NAME' => utf8_encode($file)));
}
}
closedir($handle);
}
$sql_array = array('SELECT' => 'c.comment_id, c.comment_image_id, c.comment_username, u.user_id', 'FROM' => array($table_prefix . 'gallery_comments' => 'c'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = c.comment_user_id')));
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if (!$row['user_id']) {
$template->assign_block_vars('commentrow', array('COMMENT_ID' => $row['comment_id'], 'IMAGE_ID' => $row['comment_image_id'], 'AUTHOR_NAME' => $row['comment_username']));
}
}
$db->sql_freeresult($result);
$sql_array = array('SELECT' => 'a.album_id, a.album_user_id, a.album_name, u.user_id, a.album_images_real', 'FROM' => array($table_prefix . 'gallery_albums' => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = a.album_user_id')), 'WHERE' => 'a.album_user_id <> ' . $gallery_album->get_public() . ' AND a.parent_id = 0');
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);
$personalrow = $personal_bad_row = array();
while ($row = $db->sql_fetchrow($result)) {
$album = array('user_id' => $row['album_user_id'], 'album_id' => $row['album_id'], 'album_name' => $row['album_name'], 'images' => $row['album_images_real']);
if (!$row['user_id']) {
$personalrow[$row['album_user_id']] = $album;
}
$personal_bad_row[$row['album_user_id']] = $album;
}
$db->sql_freeresult($result);
$sql = 'SELECT ga.album_user_id, ga.album_images_real
FROM ' . $table_prefix . 'gallery_albums ga
WHERE ga.album_user_id <> ' . $gallery_album->get_public() . '
AND ga.parent_id <> 0';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if (isset($personalrow[$row['album_user_id']])) {
$personalrow[$row['album_user_id']]['images'] = $personalrow[$row['album_user_id']]['images'] + $row['album_images_real'];
}
$personal_bad_row[$row['album_user_id']]['images'] = $personal_bad_row[$row['album_user_id']]['images'] + $row['album_images_real'];
}
$db->sql_freeresult($result);
foreach ($personalrow as $key => $row) {
$template->assign_block_vars('personalrow', array('USER_ID' => $row['user_id'], 'ALBUM_ID' => $row['album_id'], 'AUTHOR_NAME' => $row['album_name']));
}
foreach ($personal_bad_row as $key => $row) {
$template->assign_block_vars('personal_bad_row', array('USER_ID' => $row['user_id'], 'ALBUM_ID' => $row['album_id'], 'AUTHOR_NAME' => $row['album_name'], 'IMAGES' => $row['images']));
}
$template->assign_vars(array('S_GALLERY_MANAGE_RESTS' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_GALLERY_CLEANUP'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_GALLERY_CLEANUP_EXPLAIN'], 'ACP_IMPORT_INSTALLED' => $acp_import_installed, 'CHECK_SOURCE' => $this->u_action . '&check_mode=source', 'CHECK_ENTRY' => $this->u_action . '&check_mode=entry', 'U_FIND_USERNAME' => $phpbb_ext_gallery->url->append_sid('phpbb', 'memberlist', 'mode=searchuser&form=acp_gallery&field=prune_usernames'), 'S_SELECT_ALBUM' => $gallery_album->get_albumbox(false, '', false, false, false, $gallery_album->get_public(), $gallery_album->get_type_upload()), 'S_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false));
}
function main($id, $mode)
{
global $db, $user, $auth, $template, $phpbb_container, $request;
global $config, $phpbb_root_path, $phpEx;
if (!function_exists('user_get_id_name')) {
include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
}
if (!class_exists('auth_admin')) {
include $phpbb_root_path . 'includes/acp/auth.' . $phpEx;
}
$this->permissions = $phpbb_container->get('acl.permissions');
$auth_admin = new auth_admin();
$user->add_lang('acp/permissions');
add_permission_language();
$this->tpl_name = 'acp_permissions';
// Trace has other vars
if ($mode == 'trace') {
$user_id = $request->variable('u', 0);
$forum_id = $request->variable('f', 0);
$permission = $request->variable('auth', '');
$this->tpl_name = 'permission_trace';
if ($user_id && isset($auth_admin->acl_options['id'][$permission]) && $auth->acl_get('a_viewauth')) {
$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $this->permissions->get_permission_lang($permission));
$this->permission_trace($user_id, $forum_id, $permission);
return;
}
trigger_error('NO_MODE', E_USER_ERROR);
}
// Copy forum permissions
if ($mode == 'setting_forum_copy') {
$this->tpl_name = 'permission_forum_copy';
if ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth')) {
$this->page_title = 'ACP_FORUM_PERMISSIONS_COPY';
$this->copy_forum_permissions();
return;
}
trigger_error('NO_MODE', E_USER_ERROR);
}
// Set some vars
$action = $request->variable('action', array('' => 0));
$action = key($action);
$action = isset($_POST['psubmit']) ? 'apply_permissions' : $action;
$all_forums = $request->variable('all_forums', 0);
$subforum_id = $request->variable('subforum_id', 0);
$forum_id = $request->variable('forum_id', array(0));
$username = $request->variable('username', array(''), true);
$usernames = $request->variable('usernames', '', true);
$user_id = $request->variable('user_id', array(0));
$group_id = $request->variable('group_id', array(0));
$select_all_groups = $request->variable('select_all_groups', 0);
$form_name = 'acp_permissions';
add_form_key($form_name);
// If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen)
if ($select_all_groups) {
// Add default groups to selection
$sql_and = !$config['coppa_enable'] ? " AND group_name <> 'REGISTERED_COPPA'" : '';
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . '
WHERE group_type = ' . GROUP_SPECIAL . "\n\t\t\t\t{$sql_and}";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$group_id[] = $row['group_id'];
}
$db->sql_freeresult($result);
}
// Map usernames to ids and vice versa
if ($usernames) {
$username = explode("\n", $usernames);
}
unset($usernames);
if (sizeof($username) && !sizeof($user_id)) {
user_get_id_name($user_id, $username);
if (!sizeof($user_id)) {
trigger_error($user->lang['SELECTED_USER_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING);
}
}
unset($username);
// Build forum ids (of all forums are checked or subforum listing used)
if ($all_forums) {
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE . '
ORDER BY left_id';
$result = $db->sql_query($sql);
$forum_id = array();
while ($row = $db->sql_fetchrow($result)) {
$forum_id[] = (int) $row['forum_id'];
}
$db->sql_freeresult($result);
} else {
if ($subforum_id) {
$forum_id = array();
foreach (get_forum_branch($subforum_id, 'children') as $row) {
$forum_id[] = (int) $row['forum_id'];
}
}
}
// Define some common variables for every mode
$permission_scope = strpos($mode, '_global') !== false ? 'global' : 'local';
// Showing introductionary page?
if ($mode == 'intro') {
$this->page_title = 'ACP_PERMISSIONS';
$template->assign_vars(array('S_INTRO' => true));
return;
}
switch ($mode) {
case 'setting_user_global':
case 'setting_group_global':
$this->permission_dropdown = array('u_', 'm_', 'a_');
$permission_victim = $mode == 'setting_user_global' ? array('user') : array('group');
$this->page_title = $mode == 'setting_user_global' ? 'ACP_USERS_PERMISSIONS' : 'ACP_GROUPS_PERMISSIONS';
break;
case 'setting_user_local':
case 'setting_group_local':
$this->permission_dropdown = array('f_', 'm_');
$permission_victim = $mode == 'setting_user_local' ? array('user', 'forums') : array('group', 'forums');
$this->page_title = $mode == 'setting_user_local' ? 'ACP_USERS_FORUM_PERMISSIONS' : 'ACP_GROUPS_FORUM_PERMISSIONS';
break;
case 'setting_admin_global':
case 'setting_mod_global':
$this->permission_dropdown = strpos($mode, '_admin_') !== false ? array('a_') : array('m_');
$permission_victim = array('usergroup');
$this->page_title = $mode == 'setting_admin_global' ? 'ACP_ADMINISTRATORS' : 'ACP_GLOBAL_MODERATORS';
break;
case 'setting_mod_local':
case 'setting_forum_local':
$this->permission_dropdown = $mode == 'setting_mod_local' ? array('m_') : array('f_');
$permission_victim = array('forums', 'usergroup');
$this->page_title = $mode == 'setting_mod_local' ? 'ACP_FORUM_MODERATORS' : 'ACP_FORUM_PERMISSIONS';
break;
case 'view_admin_global':
case 'view_user_global':
case 'view_mod_global':
$this->permission_dropdown = $mode == 'view_admin_global' ? array('a_') : ($mode == 'view_user_global' ? array('u_') : array('m_'));
$permission_victim = array('usergroup_view');
$this->page_title = $mode == 'view_admin_global' ? 'ACP_VIEW_ADMIN_PERMISSIONS' : ($mode == 'view_user_global' ? 'ACP_VIEW_USER_PERMISSIONS' : 'ACP_VIEW_GLOBAL_MOD_PERMISSIONS');
break;
case 'view_mod_local':
case 'view_forum_local':
$this->permission_dropdown = $mode == 'view_mod_local' ? array('m_') : array('f_');
$permission_victim = array('forums', 'usergroup_view');
$this->page_title = $mode == 'view_mod_local' ? 'ACP_VIEW_FORUM_MOD_PERMISSIONS' : 'ACP_VIEW_FORUM_PERMISSIONS';
break;
default:
trigger_error('NO_MODE', E_USER_ERROR);
break;
}
$template->assign_vars(array('L_TITLE' => $user->lang[$this->page_title], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN']));
// Get permission type
$permission_type = $request->variable('type', $this->permission_dropdown[0]);
if (!in_array($permission_type, $this->permission_dropdown)) {
trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
}
// Handle actions
if (strpos($mode, 'setting_') === 0 && $action) {
switch ($action) {
case 'delete':
if (confirm_box(true)) {
// All users/groups selected?
$all_users = isset($_POST['all_users']) ? true : false;
$all_groups = isset($_POST['all_groups']) ? true : false;
if ($all_users || $all_groups) {
$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
if ($all_users && sizeof($items['user_ids'])) {
$user_id = $items['user_ids'];
} else {
if ($all_groups && sizeof($items['group_ids'])) {
$group_id = $items['group_ids'];
}
}
}
if (sizeof($user_id) || sizeof($group_id)) {
$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
} else {
trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
}
} else {
if (isset($_POST['cancel'])) {
$u_redirect = $this->u_action . '&type=' . $permission_type;
foreach ($forum_id as $fid) {
$u_redirect .= '&forum_id[]=' . $fid;
}
redirect($u_redirect);
}
$s_hidden_fields = array('i' => $id, 'mode' => $mode, 'action' => array($action => 1), 'user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'type' => $permission_type);
if (isset($_POST['all_users'])) {
$s_hidden_fields['all_users'] = 1;
}
if (isset($_POST['all_groups'])) {
$s_hidden_fields['all_groups'] = 1;
}
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
}
break;
case 'apply_permissions':
if (!isset($_POST['setting'])) {
send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (!check_form_key($form_name)) {
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id);
break;
case 'apply_all_permissions':
if (!isset($_POST['setting'])) {
send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (!check_form_key($form_name)) {
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id);
break;
}
}
// Go through the screens/options needed and present them in correct order
foreach ($permission_victim as $victim) {
switch ($victim) {
case 'forum_dropdown':
if (sizeof($forum_id)) {
$this->check_existence('forum', $forum_id);
continue 2;
}
$template->assign_vars(array('S_SELECT_FORUM' => true, 'S_FORUM_OPTIONS' => make_forum_select(false, false, true, false, false)));
break;
case 'forums':
if (sizeof($forum_id)) {
$this->check_existence('forum', $forum_id);
continue 2;
}
$forum_list = make_forum_select(false, false, true, false, false, false, true);
// Build forum options
$s_forum_options = '';
foreach ($forum_list as $f_id => $f_row) {
$s_forum_options .= '<option value="' . $f_id . '"' . ($f_row['selected'] ? ' selected="selected"' : '') . ($f_row['disabled'] ? ' disabled="disabled" class="disabled-option"' : '') . '>' . $f_row['padding'] . $f_row['forum_name'] . '</option>';
}
// Build subforum options
$s_subforum_options = $this->build_subforum_options($forum_list);
$template->assign_vars(array('S_SELECT_FORUM' => true, 'S_FORUM_OPTIONS' => $s_forum_options, 'S_SUBFORUM_OPTIONS' => $s_subforum_options, 'S_FORUM_ALL' => true, 'S_FORUM_MULTIPLE' => true));
break;
case 'user':
if (sizeof($user_id)) {
$this->check_existence('user', $user_id);
continue 2;
}
$template->assign_vars(array('S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=select_victim&field=username&select_single=true')));
break;
case 'group':
if (sizeof($group_id)) {
$this->check_existence('group', $group_id);
continue 2;
}
$template->assign_vars(array('S_SELECT_GROUP' => true, 'S_GROUP_OPTIONS' => group_select_options(false, false, false)));
break;
case 'usergroup':
case 'usergroup_view':
$all_users = isset($_POST['all_users']) ? true : false;
$all_groups = isset($_POST['all_groups']) ? true : false;
if (sizeof($user_id) && !$all_users || sizeof($group_id) && !$all_groups) {
if (sizeof($user_id)) {
$this->check_existence('user', $user_id);
}
if (sizeof($group_id)) {
$this->check_existence('group', $group_id);
}
continue 2;
}
// Now we check the users... because the "all"-selection is different here (all defined users/groups)
$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
if ($all_users && sizeof($items['user_ids'])) {
$user_id = $items['user_ids'];
continue 2;
}
if ($all_groups && sizeof($items['group_ids'])) {
$group_id = $items['group_ids'];
continue 2;
}
$template->assign_vars(array('S_SELECT_USERGROUP' => $victim == 'usergroup' ? true : false, 'S_SELECT_USERGROUP_VIEW' => $victim == 'usergroup_view' ? true : false, 'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'], 'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'], 'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids'], false), 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=add_user&field=username&select_single=true')));
break;
}
// The S_ALLOW_SELECT parameter below is a measure to lower memory usage.
// If there are more than 5 forums selected the admin is not able to select all users/groups too.
// We need to see if the number of forums can be increased or need to be decreased.
// Setting permissions screen
$s_hidden_fields = build_hidden_fields(array('user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'type' => $permission_type));
$template->assign_vars(array('U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_VICTIM' => true, 'S_ALLOW_ALL_SELECT' => sizeof($forum_id) > 5 ? false : true, 'S_CAN_SELECT_USER' => $auth->acl_get('a_authusers') ? true : false, 'S_CAN_SELECT_GROUP' => $auth->acl_get('a_authgroups') ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
// Let the forum names being displayed
if (sizeof($forum_id)) {
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_id) . '
ORDER BY left_id ASC';
$result = $db->sql_query($sql);
$forum_names = array();
while ($row = $db->sql_fetchrow($result)) {
$forum_names[] = $row['forum_name'];
}
$db->sql_freeresult($result);
$template->assign_vars(array('S_FORUM_NAMES' => sizeof($forum_names) ? true : false, 'FORUM_NAMES' => implode($user->lang['COMMA_SEPARATOR'], $forum_names)));
}
return;
}
// Setting permissions screen
$s_hidden_fields = build_hidden_fields(array('user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'type' => $permission_type));
// Do not allow forum_ids being set and no other setting defined (will bog down the server too much)
if (sizeof($forum_id) && !sizeof($user_id) && !sizeof($group_id)) {
trigger_error($user->lang['ONLY_FORUM_DEFINED'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$template->assign_vars(array('S_PERMISSION_DROPDOWN' => sizeof($this->permission_dropdown) > 1 ? $this->build_permission_dropdown($this->permission_dropdown, $permission_type, $permission_scope) : false, 'L_PERMISSION_TYPE' => $this->permissions->get_type_lang($permission_type), 'U_ACTION' => $this->u_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
if (strpos($mode, 'setting_') === 0) {
$template->assign_vars(array('S_SETTING_PERMISSIONS' => true));
$hold_ary = $auth_admin->get_mask('set', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
$auth_admin->display_mask('set', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false);
} else {
$template->assign_vars(array('S_VIEWING_PERMISSIONS' => true));
$hold_ary = $auth_admin->get_mask('view', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NEVER);
$auth_admin->display_mask('view', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false);
}
}
/**
* Get user_ids/usernames from those being pruned
*/
function get_prune_users(&$user_ids, &$usernames)
{
global $user, $db, $request;
$users_by_name = $request->variable('users', '', true);
$users_by_id = $request->variable('user_ids', array(0));
$group_id = $request->variable('group_id', 0);
$posts_on_queue = trim($request->variable('posts_on_queue', '')) === '' ? false : $request->variable('posts_on_queue', 0);
if ($users_by_name) {
$users = explode("\n", $users_by_name);
$where_sql = ' AND ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', $users));
} else {
if (!empty($users_by_id)) {
$user_ids = $users_by_id;
user_get_id_name($user_ids, $usernames);
$where_sql = ' AND ' . $db->sql_in_set('user_id', $user_ids);
} else {
$username = $request->variable('username', '', true);
$email = $request->variable('email', '');
$active_select = $request->variable('active_select', 'lt');
$count_select = $request->variable('count_select', 'eq');
$queue_select = $request->variable('queue_select', 'gt');
$joined_before = $request->variable('joined_before', '');
$joined_after = $request->variable('joined_after', '');
$active = $request->variable('active', '');
$count = $request->variable('count', '') === '' ? false : $request->variable('count', 0);
$active = $active ? explode('-', $active) : array();
$joined_before = $joined_before ? explode('-', $joined_before) : array();
$joined_after = $joined_after ? explode('-', $joined_after) : array();
// calculate the conditions required by the join time criteria
$joined_sql = '';
if (!empty($joined_before) && !empty($joined_after)) {
// if the two entered dates are equal, we need to adjust
// so that our time range is a full day instead of 1 second
if ($joined_after == $joined_before) {
$joined_after[2] += 1;
}
$joined_sql = ' AND user_regdate BETWEEN ' . gmmktime(0, 0, 0, (int) $joined_after[1], (int) $joined_after[2], (int) $joined_after[0]) . ' AND ' . gmmktime(0, 0, 0, (int) $joined_before[1], (int) $joined_before[2], (int) $joined_before[0]);
} else {
if (empty($joined_before) && !empty($joined_after)) {
$joined_sql = ' AND user_regdate > ' . gmmktime(0, 0, 0, (int) $joined_after[1], (int) $joined_after[2], (int) $joined_after[0]);
} else {
if (empty($joined_after) && !empty($joined_before)) {
$joined_sql = ' AND user_regdate < ' . gmmktime(0, 0, 0, (int) $joined_before[1], (int) $joined_before[2], (int) $joined_before[0]);
}
}
}
// implicit else when both arrays are empty do nothing
if (sizeof($active) && sizeof($active) != 3 || sizeof($joined_before) && sizeof($joined_before) != 3 || sizeof($joined_after) && sizeof($joined_after) != 3) {
trigger_error($user->lang['WRONG_ACTIVE_JOINED_DATE'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$key_match = array('lt' => '<', 'gt' => '>', 'eq' => '=');
$sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit');
$where_sql = '';
$where_sql .= $username ? ' AND username_clean ' . $db->sql_like_expression(str_replace('*', $db->get_any_char(), utf8_clean_string($username))) : '';
$where_sql .= $email ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->get_any_char(), $email)) . ' ' : '';
$where_sql .= $joined_sql;
$where_sql .= $count !== false ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : '';
// First handle pruning of users who never logged in, last active date is 0000-00-00
if (sizeof($active) && (int) $active[0] == 0 && (int) $active[1] == 0 && (int) $active[2] == 0) {
$where_sql .= ' AND user_lastvisit = 0';
} else {
if (sizeof($active) && $active_select != 'lt') {
$where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]);
} else {
if (sizeof($active)) {
$where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')';
}
}
}
}
}
// If no search criteria were provided, go no further.
if (!$where_sql && !$group_id && $posts_on_queue === false) {
return;
}
// Get bot ids
$sql = 'SELECT user_id
FROM ' . BOTS_TABLE;
$result = $db->sql_query($sql);
$bot_ids = array();
while ($row = $db->sql_fetchrow($result)) {
$bot_ids[] = $row['user_id'];
}
$db->sql_freeresult($result);
// Protect the admin, do not prune if no options are given...
if ($where_sql) {
// Do not prune founder members
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
WHERE user_id <> ' . ANONYMOUS . '
AND user_type <> ' . USER_FOUNDER . "\n\t\t\t\t{$where_sql}";
$result = $db->sql_query($sql);
$user_ids = $usernames = array();
while ($row = $db->sql_fetchrow($result)) {
// Do not prune bots and the user currently pruning.
if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids)) {
$user_ids[] = $row['user_id'];
$usernames[$row['user_id']] = $row['username'];
}
}
$db->sql_freeresult($result);
}
if ($group_id) {
$sql = 'SELECT u.user_id, u.username
FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
WHERE ug.group_id = ' . (int) $group_id . '
AND ug.user_id <> ' . ANONYMOUS . '
AND u.user_type <> ' . USER_FOUNDER . '
AND ug.user_pending = 0
AND u.user_id = ug.user_id
' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
$result = $db->sql_query($sql);
// we're performing an intersection operation, so all the relevant users
// come from this most recent query (which was limited to the results of the
// previous query)
$user_ids = $usernames = array();
while ($row = $db->sql_fetchrow($result)) {
// Do not prune bots and the user currently pruning.
if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids)) {
$user_ids[] = $row['user_id'];
$usernames[$row['user_id']] = $row['username'];
}
}
$db->sql_freeresult($result);
}
if ($posts_on_queue !== false) {
$sql = 'SELECT u.user_id, u.username, COUNT(p.post_id) AS queue_posts
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE u.user_id <> ' . ANONYMOUS . '
AND u.user_type <> ' . USER_FOUNDER . '
AND ' . $db->sql_in_set('p.post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)) . '
AND u.user_id = p.poster_id
' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('p.poster_id', $user_ids) : '') . '
GROUP BY p.poster_id
HAVING queue_posts ' . $key_match[$queue_select] . ' ' . $posts_on_queue;
$result = $db->sql_query($sql);
// same intersection logic as the above group ID portion
$user_ids = $usernames = array();
while ($row = $db->sql_fetchrow($result)) {
// Do not prune bots and the user currently pruning.
if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids)) {
$user_ids[] = $row['user_id'];
$usernames[$row['user_id']] = $row['username'];
}
}
$db->sql_freeresult($result);
}
}
function overview()
{
global $auth, $config, $db, $template, $user, $phpbb_ext_gallery, $table_prefix, $phpbb_dispatcher, $phpbb_root_path;
global $phpbb_container, $request;
$phpbbgallery_core_file = $phpbb_root_path . 'files/phpbbgallery/core';
$phpbbgallery_core_file_medium = $phpbb_root_path . 'files/phpbbgallery/core/medium';
$phpbbgallery_core_file_mini = $phpbb_root_path . 'files/phpbbgallery/core/mini';
$phpbbgallery_core_file_source = $phpbb_root_path . 'files/phpbbgallery/core/source';
$albums_table = $table_prefix . 'gallery_albums';
$roles_table = $table_prefix . 'gallery_roles';
$permissions_table = $table_prefix . 'gallery_permissions';
$modscache_table = $table_prefix . 'gallery_modscache';
$contests_table = $table_prefix . 'gallery_contests';
$users_table = $table_prefix . 'gallery_users';
$images_table = $table_prefix . 'gallery_images';
// Init album
$phpbb_ext_gallery_core_album = $phpbb_container->get('phpbbgallery.core.album');
// init users
$phpbb_gallery_user = $phpbb_container->get('phpbbgallery.core.user');
// init image
$phpbb_gallery_image = $phpbb_container->get('phpbbgallery.core.image');
// init config
$phpbb_ext_gallery_config = $phpbb_container->get('phpbbgallery.core.config');
$action = $request->variable('action', '');
$id = $request->variable('i', '');
$mode = 'overview';
// before we start let's check if directory structure is OK
if (!is_writable($phpbb_root_path . 'files')) {
$template->assign_vars(array('U_FILE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_FILE_DIR_STATE_ERROR' => 1, 'U_CORE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_CORE_DIR_STATE_ERROR' => 1, 'U_MEDIUM_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_MEDIUM_DIR_STATE_ERROR' => 1, 'U_MINI_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_MINI_DIR_STATE_ERROR' => 1, 'U_SOURCE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_SOURCE_DIR_STATE_ERROR' => 1));
} else {
$template->assign_vars(array('U_FILE_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_FILE_DIR_STATE_ERROR' => 0));
if (!file_exists($phpbbgallery_core_file)) {
mkdir($phpbbgallery_core_file, 0755, true);
$template->assign_vars(array('U_CORE_DIR_STATE' => $user->lang['DIR_CREATED'], 'U_CORE_DIR_STATE_ERROR' => 0));
} else {
if (is_writable($phpbbgallery_core_file)) {
$template->assign_vars(array('U_CORE_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_CORE_DIR_STATE_ERROR' => 0));
} else {
$template->assign_vars(array('U_CORE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_CORE_DIR_STATE_ERROR' => 1));
}
}
if (!file_exists($phpbbgallery_core_file_medium)) {
mkdir($phpbbgallery_core_file_medium, 0755, true);
$template->assign_vars(array('U_MEDIUM_DIR_STATE' => $user->lang['DIR_CREATED'], 'U_MEDIUM_DIR_STATE_ERROR' => 0));
} else {
if (is_writable($phpbbgallery_core_file_medium)) {
$template->assign_vars(array('U_MEDIUM_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_MEDIUM_DIR_STATE_ERROR' => 0));
} else {
$template->assign_vars(array('U_MEDIUM_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_MEDIUM_DIR_STATE_ERROR' => 1));
}
}
if (!file_exists($phpbbgallery_core_file_mini)) {
mkdir($phpbbgallery_core_file_mini, 0755, true);
$template->assign_vars(array('U_MINI_DIR_STATE' => $user->lang['DIR_CREATED'], 'U_MINI_DIR_STATE_ERROR' => 0));
} else {
if (is_writable($phpbbgallery_core_file_mini)) {
$template->assign_vars(array('U_MINI_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_MINI_DIR_STATE_ERROR' => 0));
} else {
$template->assign_vars(array('U_MINI_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_MINI_DIR_STATE_ERROR' => 1));
}
}
if (!file_exists($phpbbgallery_core_file_source)) {
mkdir($phpbbgallery_core_file_source, 0755, true);
$template->assign_vars(array('U_SOURCE_DIR_STATE' => $user->lang['DIR_CREATED'], 'U_SOURCE_DIR_STATE_ERROR' => 0));
} else {
if (is_writable($phpbbgallery_core_file_source)) {
$template->assign_vars(array('U_SOURCE_DIR_STATE' => $user->lang['WRITE_ACCESS'], 'U_SOURCE_DIR_STATE_ERROR' => 0));
} else {
$template->assign_vars(array('U_SOURCE_DIR_STATE' => $user->lang['NO_WRITE_ACCESS'], 'U_SOURCE_DIR_STATE_ERROR' => 1));
}
}
}
if (!confirm_box(true)) {
$confirm = false;
$album_id = 0;
switch ($action) {
case 'images':
$confirm = true;
$confirm_lang = 'RESYNC_IMAGECOUNTS_CONFIRM';
break;
case 'personals':
$confirm = true;
$confirm_lang = 'CONFIRM_OPERATION';
break;
case 'stats':
$confirm = true;
$confirm_lang = 'CONFIRM_OPERATION';
break;
case 'last_images':
$confirm = true;
$confirm_lang = 'CONFIRM_OPERATION';
break;
case 'reset_rating':
$album_id = $request->variable('reset_album_id', 0);
$album_data = $phpbb_ext_gallery_core_album->get_info($album_id);
$confirm = true;
$confirm_lang = sprintf($user->lang['RESET_RATING_CONFIRM'], $album_data['album_name']);
break;
case 'purge_cache':
$confirm = true;
$confirm_lang = 'GALLERY_PURGE_CACHE_EXPLAIN';
break;
case 'create_pega':
$confirm = false;
if (!$auth->acl_get('a_board')) {
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$username = $request->variable('username', '', true);
$user_id = 0;
if ($username) {
if (!function_exists('user_get_id_name')) {
$phpbb_ext_gallery->url->_include('functions_user', 'phpbb');
}
user_get_id_name($user_id, $username);
}
if (is_array($user_id)) {
$user_id = isset($user_id[0]) ? $user_id[0] : 0;
}
$sql = 'SELECT username, user_colour, user_id
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$user_row) {
trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$image_user = $phpbb_gallery_user->set_user_id($user_row['user_id']);
$album_id = $phpbb_gallery_user->get_data('personal_album_id');
if ($album_id) {
trigger_error($user->lang('PEGA_ALREADY_EXISTS', $user_row['username']) . adm_back_link($this->u_action), E_USER_WARNING);
}
$phpbb_ext_gallery_core_album->generate_personal_album($user_row['username'], $user_row['user_id'], $user_row['user_colour'], $phpbb_gallery_user);
trigger_error($user->lang('PEGA_CREATED', $user_row['username']) . adm_back_link($this->u_action));
break;
}
if ($confirm) {
confirm_box(false, $album_id ? $confirm_lang : $user->lang[$confirm_lang], build_hidden_fields(array('i' => $id, 'mode' => $mode, 'action' => $action, 'reset_album_id' => $album_id)));
}
} else {
switch ($action) {
case 'images':
if (!$auth->acl_get('a_board')) {
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$total_images = $total_comments = 0;
$phpbb_gallery_user->update_users('all', array('user_images' => 0));
$sql = 'SELECT COUNT(image_id) AS num_images, image_user_id AS user_id, SUM(image_comments) AS num_comments
FROM ' . $images_table . '
WHERE image_status <> ' . $phpbb_gallery_image::STATUS_UNAPPROVED . '
AND image_status <> ' . $phpbb_gallery_image::STATUS_ORPHAN . '
GROUP BY image_user_id';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$total_images += $row['num_images'];
$total_comments += $row['num_comments'];
$image_user = $phpbb_container->get('phpbbgallery.core.user');
$image_user->set_user_id($row['user_id'], false);
$image_user->update_data(array('user_images' => $row['num_images']));
}
$db->sql_freeresult($result);
$phpbb_ext_gallery_config->set('num_images', $total_images);
$phpbb_ext_gallery_config->set('num_comments', $total_comments);
trigger_error($user->lang['RESYNCED_IMAGECOUNTS'] . adm_back_link($this->u_action));
break;
case 'personals':
if (!$auth->acl_get('a_board')) {
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$phpbb_gallery_user->update_users('all', array('personal_album_id' => 0));
$sql = 'SELECT album_id, album_user_id
FROM ' . $albums_table . '
WHERE album_user_id <> ' . $phpbb_ext_gallery_core_album::PUBLIC_ALBUM . '
AND parent_id = 0
GROUP BY album_user_id, album_id';
$result = $db->sql_query($sql);
$number_of_personals = 0;
while ($row = $db->sql_fetchrow($result)) {
$image_user = $phpbb_gallery_user->set_user_id($row['album_user_id'], false);
$phpbb_gallery_user->update_data(array('personal_album_id' => $row['album_id']));
$number_of_personals++;
}
$db->sql_freeresult($result);
$phpbb_ext_gallery_config->set('num_pegas', $number_of_personals);
// Update the config for the statistic on the index
$sql_array = array('SELECT' => 'a.album_id, u.user_id, u.username, u.user_colour', 'FROM' => array($albums_table => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = a.album_user_id')), 'WHERE' => 'a.album_user_id <> ' . $phpbb_ext_gallery_core_album::PUBLIC_ALBUM . ' AND a.parent_id = 0', 'ORDER_BY' => 'a.album_id DESC');
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query_limit($sql, 1);
$newest_pgallery = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$phpbb_ext_gallery_config->set('newest_pega_user_id', $newest_pgallery['user_id']);
$phpbb_ext_gallery_config->set('newest_pega_username', $newest_pgallery['username']);
$phpbb_ext_gallery_config->set('newest_pega_user_colour', $newest_pgallery['user_colour']);
$phpbb_ext_gallery_config->set('newest_pega_album_id', $newest_pgallery['album_id']);
trigger_error($user->lang['RESYNCED_PERSONALS'] . adm_back_link($this->u_action));
break;
case 'stats':
if (!$auth->acl_get('a_board')) {
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
// Hopefully this won't take to long! >> I think we must make it batchwise
$sql = 'SELECT image_id, image_filename
FROM ' . $images_table . '
WHERE filesize_upload = 0';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$sql_ary = array('filesize_upload' => @filesize($phpbb_ext_gallery->url->path('upload') . $row['image_filename']), 'filesize_medium' => @filesize($phpbb_ext_gallery->url->path('medium') . $row['image_filename']), 'filesize_cache' => @filesize($phpbb_ext_gallery->url->path('thumbnail') . $row['image_filename']));
$sql = 'UPDATE ' . $images_table . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE ' . $db->sql_in_set('image_id', $row['image_id']);
$db->sql_query($sql);
}
$db->sql_freeresult($result);
redirect($this->u_action);
break;
case 'last_images':
$sql = 'SELECT album_id
FROM ' . $albums_table;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
// 5 sql's per album, but you don't run this daily ;)
$phpbb_ext_gallery_core_album::update_info($row['album_id']);
}
$db->sql_freeresult($result);
trigger_error($user->lang['RESYNCED_LAST_IMAGES'] . adm_back_link($this->u_action));
break;
case 'reset_rating':
$album_id = $request->variable('reset_album_id', 0);
$image_ids = array();
$sql = 'SELECT image_id
FROM ' . $images_table . '
WHERE image_album_id = ' . $album_id;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$image_ids[] = $row['image_id'];
}
$db->sql_freeresult($result);
if (!empty($image_ids)) {
phpbb_gallery_image_rating::delete_ratings($image_ids, true);
}
trigger_error($user->lang['RESET_RATING_COMPLETED'] . adm_back_link($this->u_action));
break;
case 'purge_cache':
if ($user->data['user_type'] != USER_FOUNDER) {
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$cache_dir = @opendir($phpbb_ext_gallery->url->path('thumbnail'));
while ($cache_file = @readdir($cache_dir)) {
if (preg_match('/(\\.gif$|\\.png$|\\.jpg|\\.jpeg)$/is', $cache_file)) {
@unlink($phpbb_ext_gallery->url->path('thumbnail') . $cache_file);
}
}
@closedir($cache_dir);
$medium_dir = @opendir($phpbb_ext_gallery->url->path('medium'));
while ($medium_file = @readdir($medium_dir)) {
if (preg_match('/(\\.gif$|\\.png$|\\.jpg|\\.jpeg)$/is', $medium_file)) {
@unlink($phpbb_ext_gallery->url->path('medium') . $medium_file);
}
}
@closedir($medium_dir);
for ($i = 1; $i <= $phpbb_ext_gallery_config->get('current_upload_dir'); $i++) {
$cache_dir = @opendir($phpbb_ext_gallery->url->path('thumbnail') . $i . '/');
while ($cache_file = @readdir($cache_dir)) {
if (preg_match('/(\\.gif$|\\.png$|\\.jpg|\\.jpeg)$/is', $cache_file)) {
@unlink($phpbb_ext_gallery->url->path('thumbnail') . $i . '/' . $cache_file);
}
}
@closedir($cache_dir);
$medium_dir = @opendir($phpbb_ext_gallery->url->path('medium') . $i . '/');
while ($medium_file = @readdir($medium_dir)) {
if (preg_match('/(\\.gif$|\\.png$|\\.jpg|\\.jpeg)$/is', $medium_file)) {
@unlink($phpbb_ext_gallery->url->path('medium') . $i . '/' . $medium_file);
}
}
@closedir($medium_dir);
}
$sql_ary = array('filesize_medium' => 0, 'filesize_cache' => 0);
$sql = 'UPDATE ' . $images_table . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary);
$db->sql_query($sql);
trigger_error($user->lang['PURGED_CACHE'] . adm_back_link($this->u_action));
break;
}
}
//@todo: phpbb_gallery_modversioncheck::check();
$boarddays = (time() - $config['board_startdate']) / 86400;
$images_per_day = sprintf('%.2f', $config['num_images'] / $boarddays);
$sql = 'SELECT COUNT(album_user_id) AS num_albums
FROM ' . $albums_table . '
WHERE album_user_id = 0';
$result = $db->sql_query($sql);
$num_albums = (int) $db->sql_fetchfield('num_albums');
$db->sql_freeresult($result);
$sql = 'SELECT SUM(filesize_upload) AS stat, SUM(filesize_medium) AS stat_medium, SUM(filesize_cache) AS stat_cache
FROM ' . $images_table;
$result = $db->sql_query($sql);
$dir_sizes = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$template->assign_vars(array('S_GALLERY_OVERVIEW' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_GALLERY_OVERVIEW'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_GALLERY_OVERVIEW_EXPLAIN'], 'TOTAL_IMAGES' => $config['phpbb_gallery_num_images'], 'IMAGES_PER_DAY' => $images_per_day, 'TOTAL_ALBUMS' => $num_albums, 'TOTAL_PERSONALS' => $config['phpbb_gallery_num_pegas'], 'GUPLOAD_DIR_SIZE' => get_formatted_filesize($dir_sizes['stat']), 'MEDIUM_DIR_SIZE' => get_formatted_filesize($dir_sizes['stat_medium']), 'CACHE_DIR_SIZE' => get_formatted_filesize($dir_sizes['stat_cache']), 'GALLERY_VERSION' => $config['phpbb_gallery_version'], 'U_FIND_USERNAME' => $phpbb_ext_gallery->url->append_sid('phpbb', 'memberlist', 'mode=searchuser&form=action_create_pega_form&field=username&select_single=true'), 'S_SELECT_ALBUM' => $phpbb_ext_gallery_core_album->get_albumbox(false, 'reset_album_id', false, false, false, $phpbb_ext_gallery_core_album::PUBLIC_ALBUM, $phpbb_ext_gallery_core_album::TYPE_UPLOAD), 'S_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false, 'U_ACTION' => $this->u_action));
}
function display_options()
{
global $template, $user, $db;
$submit = request_var('sa', false);
$source_name = request_var('source_name', '', true);
$target_name = request_var('target_name', '', true);
$source_id = request_var('source_id', '');
$target_id = request_var('target_id', '');
if ($submit) {
// Check that at least one field is filled in.
if (!$source_name && empty($source_id) || !$target_name && empty($target_id)) {
trigger_error('NO_USER', E_USER_WARNING);
}
// Not allowed to have both username and user_id filled.
if ($source_name && $source_id || $target_name && $target_id) {
trigger_error('BOTH_FIELDS_FILLED', E_USER_WARNING);
}
if ($source_name && empty($source_id)) {
// Get the correct user data and make sure that he exists
if (!function_exists('user_get_id_name')) {
include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT;
}
$result = user_get_id_name($source_id, $source_name);
// Was a user_id found?
if (!sizeof($source_id) || $result !== false) {
trigger_error('NO_USER', E_USER_WARNING);
}
// Drop the arrays
$source_id = array_shift($source_id);
$source_name = array_shift($source_name);
$result = user_get_id_name($target_id, $target_name);
// Was a user_id found?
if (!sizeof($target_id) || $result !== false) {
trigger_error('NO_USER', E_USER_WARNING);
}
// Drop the arrays
$target_id = array_shift($target_id);
$target_name = array_shift($target_name);
}
if ($target_id == $source_id || $source_name == $target_name) {
trigger_error('USERS_IDENTICAL', E_USER_WARNING);
}
$permissions = array();
$sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
FROM ' . ACL_USERS_TABLE . '
WHERE user_id = ' . $source_id;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$row['user_id'] = $target_id;
$permissions[] = $row;
}
$db->sql_freeresult($result);
$sql = 'SELECT user_permissions
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $source_id . '
AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
$result = $db->sql_query($sql);
$user_permissions = $db->sql_fetchfield('user_permissions');
$db->sql_freeresult($result);
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_permissions = \'' . $user_permissions . '\'
WHERE user_id = ' . $target_id;
$db->sql_query($sql);
if (sizeof($permissions)) {
$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
WHERE user_id = ' . $target_id . '';
$db->sql_query($sql);
foreach ($permissions as $key => $data_sql) {
$sql = 'INSERT INTO ' . ACL_USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $data_sql);
$db->sql_query($sql);
}
}
trigger_error('COPY_USER_PERMISSIONS_OK');
}
$template->assign_vars(array('SOURCE_NAME' => $source_name, 'SOURCE_ID' => $source_id, 'TARGET_NAME' => $target_name, 'TARGED_ID' => $target_id, 'U_FIND_USER' => append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, array('mode' => 'searchuser', 'form' => 'stk', 'field' => 'source_name')), 'U_FIND_TO_USER' => append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, array('mode' => 'searchuser', 'form' => 'stk', 'field' => 'target_name'))));
$template->set_filenames(array('body' => 'tools/user_copy_perm.html'));
page_header($user->lang['USER_COPY_PERM'], false);
page_footer();
}
function import()
{
global $db, $template, $user, $phpbb_dispatcher, $phpbb_container, $gallery_url, $request, $table_prefix, $gallery_config, $gallery_album, $request;
$import_schema = $request->variable('import_schema', '');
$images = $request->variable('images', array(''), true);
$submit = isset($_POST['submit']) ? true : (empty($images) ? false : true);
if ($import_schema) {
if ($gallery_url->_file_exists($import_schema, 'import', '')) {
include $gallery_url->_return_file($import_schema, 'import', '');
// Replace the md5 with the ' again and remove the space at the end to prevent \' troubles
$user_data['username'] = utf8_substr(str_replace("{{$import_schema}}", "'", $user_data['username']), 0, -1);
$image_name = utf8_substr(str_replace("{{$import_schema}}", "'", $image_name), 0, -1);
} else {
global $phpEx;
trigger_error($user->lang('MISSING_IMPORT_SCHEMA', $import_schema . '.' . $phpEx), E_USER_WARNING);
}
$images_loop = 0;
foreach ($images as $image_src) {
/**
* Import the images
*/
$image_src = str_replace("{{$import_schema}}", "'", $image_src);
$image_src_full = $gallery_url->path('import') . utf8_decode($image_src);
if (file_exists($image_src_full)) {
$filetype = getimagesize($image_src_full);
$filetype_ext = '';
$error_occured = false;
switch ($filetype['mime']) {
case 'image/jpeg':
case 'image/jpg':
case 'image/pjpeg':
$filetype_ext = '.jpg';
$read_function = 'imagecreatefromjpeg';
if (substr(strtolower($image_src), -4) != '.jpg' && substr(strtolower($image_src), -5) != '.jpeg') {
$this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']));
$error_occured = true;
}
break;
case 'image/png':
case 'image/x-png':
$filetype_ext = '.png';
$read_function = 'imagecreatefrompng';
if (substr(strtolower($image_src), -4) != '.png') {
$this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']));
$error_occured = true;
}
break;
case 'image/gif':
case 'image/giff':
$filetype_ext = '.gif';
$read_function = 'imagecreatefromgif';
if (substr(strtolower($image_src), -4) != '.gif') {
$this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']));
$error_occured = true;
}
break;
default:
$this->log_import_error($import_schema, $user->lang['NOT_ALLOWED_FILE_TYPE']);
$error_occured = true;
break;
}
$image_filename = md5(unique_id()) . $filetype_ext;
if (!$error_occured || !@move_uploaded_file($image_src_full, $gallery_url->path('upload') . $image_filename)) {
if (!@copy($image_src_full, $gallery_url->path('upload') . $image_filename)) {
$user->add_lang('posting');
$this->log_import_error($import_schema, sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $gallery_url->path('upload') . $image_filename));
$error_occured = true;
}
}
if (!$error_occured) {
@chmod($gallery_url->path('upload') . $image_filename, 0777);
// The source image is imported, so we delete it.
@unlink($image_src_full);
$sql_ary = array('image_filename' => $image_filename, 'image_desc' => '', 'image_desc_uid' => '', 'image_desc_bitfield' => '', 'image_user_id' => $user_data['user_id'], 'image_username' => $user_data['username'], 'image_username_clean' => utf8_clean_string($user_data['username']), 'image_user_colour' => $user_data['user_colour'], 'image_user_ip' => $user->ip, 'image_time' => $start_time + $done_images, 'image_album_id' => $album_id, 'image_status' => \phpbbgallery\core\image\image::STATUS_APPROVED);
$image_tools = new \phpbbgallery\core\file\file();
$image_tools->set_image_options($gallery_config->get('max_filesize'), $gallery_config->get('max_height'), $gallery_config->get('max_width'));
$image_tools->set_image_data($gallery_url->path('upload') . $image_filename);
$additional_sql_data = array();
$file_link = $gallery_url->path('upload') . $image_filename;
/**
* Event to trigger before mass update
*
* @event phpbbgallery.acpimport.update_image_before
* @var array additional_sql_data array of additional sql_data
* @var string file_link String with real file link
* @since 1.2.0
*/
$vars = array('additional_sql_data', 'file_link');
extract($phpbb_dispatcher->trigger_event('phpbbgallery.acpimport.update_image_before', compact($vars)));
if ($filetype[0] > $gallery_config->get('max_width') || $filetype[1] > $gallery_config->get('max_height')) {
/**
* Resize overside images
*/
if ($gallery_config->get('allow_resize')) {
$image_tools->resize_image($gallery_config->get('max_width'), $gallery_config->get('max_height'));
if ($image_tools->resized) {
$image_tools->write_image($gallery_url->path('upload') . $image_filename, $gallery_config->get('jpg_quality'), true);
}
}
}
$file_updated = (bool) $image_tools->resized;
/**
* Event to trigger before mass update
*
* @event phpbbgallery.acpimport.update_image
* @var array additional_sql_data array of additional sql_data
* @var bool file_updated is file resized
* @since 1.2.0
*/
$vars = array('additional_sql_data', 'file_updated');
extract($phpbb_dispatcher->trigger_event('phpbbgallery.acpimport.update_image', compact($vars)));
$sql_ary = array_merge($sql_ary, $additional_sql_data);
// Try to get real filesize from temporary folder (not always working) ;)
$sql_ary['filesize_upload'] = @filesize($gallery_url->path('upload') . $image_filename) ? @filesize($gallery_url->path('upload') . $image_filename) : 0;
if ($filename || $image_name == '') {
$sql_ary['image_name'] = str_replace("_", " ", utf8_substr($image_src, 0, utf8_strrpos($image_src, '.')));
} else {
$sql_ary['image_name'] = str_replace('{NUM}', $num_offset + $done_images, $image_name);
}
$sql_ary['image_name_clean'] = utf8_clean_string($sql_ary['image_name']);
// Put the images into the database
$db->sql_query('INSERT INTO ' . $table_prefix . 'gallery_images ' . $db->sql_build_array('INSERT', $sql_ary));
}
$done_images++;
}
// Remove the image from the list
unset($images[$images_loop]);
$images_loop++;
if ($images_loop == 10) {
// We made 10 images, so we end for this turn
break;
}
}
if ($images_loop) {
$image_user = $phpbb_container->get('phpbbgallery.core.user');
$image_user->set_user_id($user_data['user_id']);
$image_user->update_images($images_loop);
$gallery_config->inc('num_images', $images_loop);
$todo_images = $todo_images - $images_loop;
}
\phpbbgallery\core\album\album::update_info($album_id);
if (!$todo_images) {
unlink($gallery_url->_return_file($import_schema, 'import', ''));
$errors = @file_get_contents($gallery_url->_return_file($import_schema . '_errors', 'import', ''));
@unlink($gallery_url->_return_file($import_schema . '_errors', 'import', ''));
if (!$errors) {
trigger_error(sprintf($user->lang['IMPORT_FINISHED'], $done_images) . adm_back_link($this->u_action));
} else {
$errors = explode("\n", $errors);
trigger_error(sprintf($user->lang['IMPORT_FINISHED_ERRORS'], $done_images - sizeof($errors)) . implode('<br />', $errors) . adm_back_link($this->u_action), E_USER_WARNING);
}
} else {
// Write the new list
$this->create_import_schema($import_schema, $album_id, $user_data, $start_time, $num_offset, $done_images, $todo_images, $image_name, $filename, $images);
// Redirect
$forward_url = $this->u_action . "&import_schema={$import_schema}";
meta_refresh(1, $forward_url);
trigger_error(sprintf($user->lang['IMPORT_DEBUG_MES'], $done_images, $todo_images));
}
} else {
if ($submit) {
if (!check_form_key('acp_gallery')) {
trigger_error('FORM_INVALID', E_USER_WARNING);
}
if (!$images) {
trigger_error('NO_FILE_SELECTED', E_USER_WARNING);
}
// Who is the uploader?
$username = $request->variable('username', '', true);
$user_id = 0;
if ($username) {
if (!function_exists('user_get_id_name')) {
$gallery_url->_include('functions_user', 'phpbb');
}
user_get_id_name($user_id, $username);
}
if (is_array($user_id)) {
$user_id = $user_id[0];
}
if (!$user_id) {
$user_id = $user->data['user_id'];
}
$sql = 'SELECT username, user_colour, user_id
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$user_row) {
trigger_error('HACKING_ATTEMPT', E_USER_WARNING);
}
$album_id = $request->variable('album_id', 0);
if (isset($_POST['users_pega'])) {
$image_user = $phpbb_container->get('phpbbgallery.core.user');
$image_user->set_user_id($user_row['user_id']);
if ($user->data['user_id'] != $user_row['user_id']) {
$album_id = $image_user->get_data('personal_album_id');
if (!$album_id) {
// The User has no personal album
$album_id = $gallery_album->generate_personal_album($user_row['username'], $user_row['user_id'], $user_row['user_colour'], $image_user);
}
unset($image_user);
} else {
$album_id = $image_user->get_data('personal_album_id');
if (!$album_id) {
$album_id = $gallery_album->generate_personal_album($user_row['username'], $user_row['user_id'], $user_row['user_colour'], $image_user);
}
}
}
// Where do we put them to?
$sql = 'SELECT album_id, album_name
FROM ' . $table_prefix . 'gallery_albums
WHERE album_id = ' . $album_id;
$result = $db->sql_query($sql);
$album_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$album_row) {
trigger_error('HACKING_ATTEMPT', E_USER_WARNING);
}
$start_time = time();
$import_schema = md5($start_time);
$filename = $request->variable('filename', '') == 'filename' ? true : false;
$image_name = $request->variable('image_name', '', true);
$num_offset = $request->variable('image_num', 0);
$this->create_import_schema($import_schema, $album_row['album_id'], $user_row, $start_time, $num_offset, 0, sizeof($images), $image_name, $filename, $images);
$forward_url = $this->u_action . "&import_schema={$import_schema}";
meta_refresh(2, $forward_url);
trigger_error('IMPORT_SCHEMA_CREATED');
}
}
$handle = opendir($gallery_url->path('import'));
$files = array();
while ($file = readdir($handle)) {
if (!is_dir($gallery_url->path('import') . $file) && (substr(strtolower($file), -4) == '.png' && $gallery_config->get('allow_png') || substr(strtolower($file), -4) == '.gif' && $gallery_config->get('allow_gif') || substr(strtolower($file), -4) == '.jpg' && $gallery_config->get('allow_jpg') || substr(strtolower($file), -5) == '.jpeg' && $gallery_config->get('allow_jpg'))) {
$files[utf8_strtolower($file)] = $file;
}
}
closedir($handle);
// Sort the files by name again
ksort($files);
foreach ($files as $file) {
$template->assign_block_vars('imagerow', array('FILE_NAME' => utf8_encode($file)));
}
$template->assign_vars(array('S_IMPORT_IMAGES' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_IMPORT_ALBUMS'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_IMPORT_ALBUMS_EXPLAIN'], 'L_IMPORT_DIR_EMPTY' => sprintf($user->lang['IMPORT_DIR_EMPTY'], $gallery_url->path('import')), 'S_ALBUM_IMPORT_ACTION' => $this->u_action, 'S_SELECT_IMPORT' => $gallery_album->get_albumbox(false, 'album_id', false, false, false, \phpbbgallery\core\album\album::PUBLIC_ALBUM, \phpbbgallery\core\album\album::TYPE_UPLOAD), 'U_FIND_USERNAME' => $gallery_url->append_sid('phpbb', 'memberlist', 'mode=searchuser&form=acp_gallery&field=username&select_single=true')));
}
/**
* This is used to promote (to leader), demote or set as default a member/s
*/
function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
{
global $db, $auth, $phpbb_root_path, $phpEx, $config;
// We need both username and user_id info
user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary)) {
return false;
}
if (!$group_name) {
$group_name = get_group_name($group_id);
}
switch ($action) {
case 'demote':
case 'promote':
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = ' . ($action == 'promote' ? 1 : 0) . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_id IN (" . implode(', ', $user_id_ary) . ')';
$db->sql_query($sql);
$log = $action == 'promote' ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
break;
case 'approve':
// Make sure we only approve those which are pending ;)
$sql = 'SELECT u.user_id, u.user_email, u.username, u.user_notify_type, u.user_jabber, u.user_lang
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
WHERE ug.group_id = ' . $group_id . '
AND ug.user_pending = 1
AND ug.user_id = u.user_id
AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')';
$result = $db->sql_query($sql);
$user_id_ary = $email_users = array();
while ($row = $db->sql_fetchrow($result)) {
$user_id_ary[] = $row['user_id'];
$email_users[] = $row;
}
$db->sql_freeresult($result);
if (!sizeof($user_id_ary)) {
return false;
}
$sql = 'UPDATE ' . USER_GROUP_TABLE . "\n\t\t\t\tSET user_pending = 0\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_id IN (" . implode(', ', $user_id_ary) . ')';
$db->sql_query($sql);
// Send approved email to users...
include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
$messenger = new messenger();
$email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']);
foreach ($email_users as $row) {
$messenger->template('group_approved', $row['user_lang']);
$messenger->replyto($config['board_email']);
$messenger->to($row['user_email'], $row['username']);
$messenger->im($row['user_jabber'], $row['username']);
$messenger->assign_vars(array('EMAIL_SIG' => $email_sig, 'SITENAME' => $config['sitename'], 'USERNAME' => html_entity_decode($row['username']), 'GROUP_NAME' => html_entity_decode($group_name), 'U_GROUP' => generate_board_url() . "/ucp.{$phpEx}?i=groups&mode=membership"));
$messenger->send($row['user_notify_type']);
$messenger->reset();
}
$messenger->save_queue();
$log = 'LOG_USERS_APPROVED';
break;
case 'default':
group_set_user_default($group_id, $user_id_ary, $group_attributes);
$log = 'LOG_GROUP_DEFAULTS';
break;
}
// Clear permissions cache of relevant users
$auth->acl_clear_prefetch($user_id_ary);
add_log('admin', $log, $group_name, implode(', ', $username_ary));
return true;
}
/**
* Run Tool
*
* Does the actual stuff we want the tool to do after submission
*/
function run_tool(&$error)
{
global $db, $user;
if (!check_form_key('manage_founders')) {
trigger_error('FORM_INVALID');
}
// Lets do something
$mode = request_var('mode', '');
switch ($mode) {
case 'demote':
$req_founders = request_var('founders', array(0 => ''));
if (!sizeof($req_founders)) {
trigger_error('NO_USER');
}
// Make sure we only have users that do exist
$req_founders = array_keys($req_founders);
$founder_ids = array();
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $req_founders) . '
AND user_type = ' . USER_FOUNDER;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$founder_ids[] = $row['user_id'];
}
$db->sql_freeresult($result);
// Remove founder status from these users
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', array('user_type' => USER_NORMAL)) . '
WHERE ' . $db->sql_in_set('user_id', $founder_ids);
$db->sql_query($sql);
// Did everything to right?
if (sizeof($founder_ids) == $db->sql_affectedrows()) {
trigger_error(sprintf($user->lang['DEMOTE_SUCCESSFULL'], $db->sql_affectedrows()));
}
trigger_error($user->lang['DEMOTE_FAILED']);
break;
case 'promote':
$req_username = utf8_normalize_nfc(request_var('username', '', true));
$req_user_id = utf8_normalize_nfc(request_var('user_id', 0));
// Check that at least one field is filled in.
if (!$req_username && empty($req_user_id)) {
trigger_error('NO_USER');
}
// Not allowed to have both username and user_id filled.
if ($req_username && $req_user_id) {
$error[] = 'BOTH_FIELDS_FILLED';
return;
}
// Get the correct user data and make sure that he exists
if (!function_exists('user_get_id_name')) {
include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT;
}
$user_id = $username = $user_type = array();
if (!empty($req_user_id)) {
$user_id[] = $req_user_id;
}
if (!empty($req_username)) {
$username[] = $req_username;
}
$user_type[] = USER_NORMAL;
// Get user_id
$result = user_get_id_name($user_id, $username, $user_type);
// Was a user_id found?
if (!sizeof($user_id) || $result !== false) {
trigger_error('NO_USER');
}
// Drop the arrays
$user_id = array_shift($user_id);
$username = array_shift($username);
// No user found
if (!$user_id) {
$error[] = 'NO_USER';
return;
}
// Now promote the guy
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', array('user_type' => USER_FOUNDER)) . '
WHERE user_id = ' . (int) $user_id;
$db->sql_query($sql);
// Success?
if ($db->sql_affectedrows() == 1) {
trigger_error(sprintf($user->lang['MAKE_FOUNDER_SUCCESS'], append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, array('mode' => 'viewprofile', 'u' => $user_id[0])), $username));
}
trigger_error($user->lang['MAKE_FOUNDER_FAILED']);
break;
default:
trigger_error('NO_MODE');
}
}
function main($id, $mode)
{
global $db, $cache, $config, $user, $lang, $auth, $template, $cms_admin;
add_permission_language();
include_once IP_ROOT_PATH . 'includes/class_auth_admin.' . PHP_EXT;
$auth_admin = new auth_admin();
// Set some vars
$action = request_var('paction', array('' => 0));
$action = key($action);
$action = isset($_POST['psubmit']) ? 'apply_permissions' : $action;
$all_forums = request_var('all_forums', 0);
$subforum_id = request_var('subforum_id', 0);
$forum_id = request_var('forum_id', array(0));
$id_type = request_var('id_type', '');
$id_types_array = array('forum', 'block', 'layout', 'layout_special');
$id_type = in_array($id_type, $id_types_array) ? $id_type : $id_types_array[0];
$this->id_type = $id_type;
$username = request_var('username', array(''), true);
$usernames = request_var('usernames', '', true);
$user_id = request_var('user_id', array(0));
$group_id = request_var('group_id', array(0));
$select_all_groups = request_var('select_all_groups', 0);
$form_name = 'acp_permissions';
add_form_key($form_name);
$this->tpl_name = 'cms_permissions.tpl';
$this->u_action = append_sid($cms_admin->root . '?mode=auth&pmode=' . $mode);
/*
// Trace has other vars
if ($mode == 'trace')
{
$user_id = request_var('u', 0);
$forum_id = request_var('f', 0);
$permission = request_var('auth', '');
$this->tpl_name = 'cms_permission_trace.tpl';
if ($user_id && isset($auth_admin->acl_options['id'][$permission]))
{
$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
$this->permission_trace($user_id, $forum_id, $permission);
return;
}
trigger_error('NO_MODE', E_USER_ERROR);
}
*/
// If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen)
if ($select_all_groups) {
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . '
WHERE group_single_user = 0';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$group_id[] = $row['group_id'];
}
$db->sql_freeresult($result);
}
// Map usernames to ids and vice versa
if ($usernames) {
$username = explode("\n", $usernames);
}
unset($usernames);
if (sizeof($username) && !sizeof($user_id)) {
user_get_id_name($user_id, $username);
if (!sizeof($user_id)) {
trigger_error($user->lang['SELECTED_USER_NOT_EXIST'] . page_back_link($this->u_action), E_USER_WARNING);
}
}
unset($username);
// Define some common variables for every mode
$error = array();
$permission_scope = strpos($mode, '_global') !== false ? 'global' : 'local';
// Showing introductionary page?
if ($mode == 'intro') {
$this->page_title = 'CMS_PERMISSIONS';
$template->assign_vars(array('S_INTRO' => true));
return;
}
switch ($mode) {
case 'setting_admin_global':
case 'setting_mod_global':
$this->permission_dropdown = strpos($mode, '_admin_') !== false ? array('a_') : array('m_');
$permission_victim = array('usergroup');
$this->page_title = $mode == 'setting_admin_global' ? 'CMS_PERMISSIONS_ADMINS' : 'CMS_PERMISSIONS_MODS';
break;
case 'setting_cms_user_global':
case 'setting_cms_group_global':
$this->permission_dropdown = array('cms_', 'pl_', 'u_');
$permission_victim = array('usergroup');
//$permission_victim = ($mode == 'setting_cms_user_global') ? array('user') : array('group');
$this->page_title = $mode == 'setting_cms_user_global' ? 'CMS_PERMISSIONS_CMS_USERS' : 'CMS_PERMISSIONS_CMS_GROUPS';
break;
case 'setting_cms_user_local':
case 'setting_cms_group_local':
$this->permission_dropdown = $this->id_type == 'layout' ? array('cmsl_') : ($this->id_type == 'layout_special' ? array('cmss_') : array('cmsb_'));
$permission_victim = array('cms', 'usergroup');
//$permission_victim = ($mode == 'setting_cms_user_local') ? array('user') : array('group');
$this->page_title = $mode == 'setting_cms_user_local' ? 'CMS_PERMISSIONS_CMS_USERS' : 'CMS_PERMISSIONS_CMS_GROUPS';
break;
case 'setting_plugins_user_global':
case 'setting_plugins_group_global':
$this->permission_dropdown = array('pl_', 'cms_', 'u_');
$permission_victim = array('usergroup');
//$permission_victim = ($mode == 'setting_plugins_user_global') ? array('user') : array('group');
$this->page_title = $mode == 'setting_plugins_user_global' ? 'CMS_PERMISSIONS_PLUGINS_USERS' : 'CMS_PERMISSIONS_PLUGINS_GROUPS';
break;
case 'setting_user_global':
case 'setting_group_global':
$this->permission_dropdown = array('u_', 'cms_', 'pl_');
$permission_victim = $mode == 'setting_user_global' ? array('user') : array('group');
$this->page_title = $mode == 'setting_user_global' ? 'CMS_PERMISSIONS_USERS' : 'CMS_PERMISSIONS_GROUPS';
break;
case 'setting_user_local':
case 'setting_group_local':
$this->permission_dropdown = array('f_', 'm_');
$permission_victim = $mode == 'setting_user_local' ? array('user') : array('group');
$this->page_title = $mode == 'setting_user_local' ? 'ACP_USERS_FORUM_PERMISSIONS' : 'ACP_GROUPS_FORUM_PERMISSIONS';
break;
case 'setting_mod_local':
case 'setting_forum_local':
$this->permission_dropdown = $mode == 'setting_mod_local' ? array('m_') : array('f_');
$permission_victim = array('forums', 'usergroup');
$this->page_title = $mode == 'setting_mod_local' ? 'ACP_FORUM_MODERATORS' : 'ACP_FORUM_PERMISSIONS';
break;
case 'view_admin_global':
case 'view_user_global':
case 'view_mod_global':
$this->permission_dropdown = $mode == 'view_admin_global' ? array('a_') : ($mode == 'view_user_global' ? array('u_') : array('m_'));
$permission_victim = array('usergroup_view');
$this->page_title = $mode == 'view_admin_global' ? 'CMS_PERMISSIONS_ADMINS' : ($mode == 'view_user_global' ? 'CMS_PERMISSIONS_USERS' : 'CMS_PERMISSIONS_MODS');
break;
case 'view_mod_local':
case 'view_forum_local':
$this->permission_dropdown = $mode == 'view_mod_local' ? array('m_') : array('f_');
$permission_victim = array('usergroup_view');
$this->page_title = $mode == 'view_mod_local' ? 'ACP_VIEW_FORUM_MOD_PERMISSIONS' : 'ACP_VIEW_FORUM_PERMISSIONS';
break;
default:
trigger_error('NO_MODE', E_USER_ERROR);
break;
}
$template->assign_vars(array('L_TITLE' => $lang[$this->page_title], 'L_EXPLAIN' => $lang[$this->page_title . '_EXPLAIN']));
// Get permission type
$permission_type = request_var('type', $this->permission_dropdown[0]);
if (!in_array($permission_type, $this->permission_dropdown)) {
trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . page_back_link($this->u_action), E_USER_WARNING);
}
// Handle actions
if (strpos($mode, 'setting_') === 0 && $action) {
switch ($action) {
case 'delete':
if (confirm_box(true)) {
// All users/groups selected?
$all_users = isset($_POST['all_users']) ? true : false;
$all_groups = isset($_POST['all_groups']) ? true : false;
if ($all_users || $all_groups) {
$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
if ($all_users && sizeof($items['user_ids'])) {
$user_id = $items['user_ids'];
} elseif ($all_groups && sizeof($items['group_ids'])) {
$group_id = $items['group_ids'];
}
}
if (sizeof($user_id) || sizeof($group_id)) {
$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
} else {
trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . page_back_link($this->u_action), E_USER_WARNING);
}
} else {
if (isset($_POST['cancel'])) {
$u_redirect = $this->u_action . '&type=' . $permission_type;
foreach ($forum_id as $fid) {
$u_redirect .= '&forum_id[]=' . $fid;
}
redirect($u_redirect);
}
$s_hidden_fields = array('i' => $id, 'pmode' => $mode, 'paction' => array($action => 1), 'user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'id_type' => $this->id_type, 'type' => $permission_type);
if (isset($_POST['all_users'])) {
$s_hidden_fields['all_users'] = 1;
}
if (isset($_POST['all_groups'])) {
$s_hidden_fields['all_groups'] = 1;
}
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
}
break;
case 'apply_permissions':
if (!isset($_POST['setting'])) {
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . page_back_link($this->u_action), E_USER_WARNING);
}
if (!check_form_key($form_name)) {
trigger_error($user->lang['FORM_INVALID'] . page_back_link($this->u_action), E_USER_WARNING);
}
$this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id);
break;
case 'apply_all_permissions':
if (!isset($_POST['setting'])) {
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . page_back_link($this->u_action), E_USER_WARNING);
}
if (!check_form_key($form_name)) {
trigger_error($user->lang['FORM_INVALID'] . page_back_link($this->u_action), E_USER_WARNING);
}
$this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id);
break;
}
}
// Setting permissions screen
$s_hidden_fields_array = array('user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id);
$s_hidden_fields = build_hidden_fields($s_hidden_fields_array);
$s_hidden_fields_extra = true;
// Go through the screens/options needed and present them in correct order
foreach ($permission_victim as $victim) {
switch ($victim) {
case 'cms':
if (sizeof($forum_id)) {
$this->check_existence($this->id_type, $forum_id);
continue 2;
}
// We don't have anything selected, so we need to unset these types, because they will be set properly in template...
$s_hidden_fields_extra = false;
unset($s_hidden_fields_array['id_type']);
unset($s_hidden_fields_array['type']);
$ids = array();
$ids_data = array();
$types_array = array('l' => 'layout', 's' => 'layout_special', 'b' => 'block');
foreach ($types_array as $type_key => $type_value) {
$s_options = '';
$ids_data = $this->check_existence($type_value, $ids, true);
foreach ($ids_data as $id_data) {
$option_name = $id_data['name'];
if ($type_key == 's') {
$option_name = isset($lang['auth_view_' . strtolower($option_name)]) ? $lang['auth_view_' . strtolower($option_name)] : (isset($lang['cms_page_name_' . strtolower($option_name)]) ? $lang['cms_page_name_' . strtolower($option_name)] : ucfirst($option_name));
}
$s_options .= '<option value="' . (int) $id_data['id'] . '">' . $option_name . ' [' . (int) $id_data['id'] . ']' . '</option>';
}
$template->assign_vars(array('S_CMS_' . strtoupper($type_key) . '_OPTIONS' => $s_options));
}
$template->assign_vars(array('S_SELECT_CMS' => true));
break;
case 'user':
case 'group':
if (sizeof($user_id)) {
$this->check_existence('user', $user_id);
continue 2;
}
if (sizeof($group_id)) {
$this->check_existence('group', $group_id);
continue 2;
}
$template->assign_vars(array('S_SELECT_USER' => true, 'S_SELECT_GROUP' => true, 'U_FIND_USERNAME' => append_sid(IP_ROOT_PATH . CMS_PAGE_SEARCH . '?mode=searchuser'), 'S_GROUP_OPTIONS' => group_select_options(false, false, false)));
break;
case 'usergroup':
case 'usergroup_view':
$all_users = isset($_POST['all_users']) ? true : false;
$all_groups = isset($_POST['all_groups']) ? true : false;
if (sizeof($user_id) && !$all_users || sizeof($group_id) && !$all_groups) {
if (sizeof($user_id)) {
$this->check_existence('user', $user_id);
}
if (sizeof($group_id)) {
$this->check_existence('group', $group_id);
}
continue 2;
}
// Now we check the users... because the "all"-selection is different here (all defined users/groups)
$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
if ($all_users && sizeof($items['user_ids'])) {
$user_id = $items['user_ids'];
continue 2;
}
if ($all_groups && sizeof($items['group_ids'])) {
$group_id = $items['group_ids'];
continue 2;
}
$template->assign_vars(array('S_SELECT_USERGROUP' => $victim == 'usergroup' ? true : false, 'S_SELECT_USERGROUP_VIEW' => $victim == 'usergroup_view' ? true : false, 'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'], 'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'], 'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids'], false), 'U_FIND_USERNAME' => append_sid(IP_ROOT_PATH . CMS_PAGE_SEARCH . '?mode=searchuser')));
break;
}
// Let the item names being displayed
if (sizeof($forum_id)) {
$ids_data = $this->check_existence($this->id_type, $forum_id);
$forum_names = array();
foreach ($ids_data as $id_data) {
$forum_names[] = $id_data['name'];
}
$template->assign_vars(array('S_FORUM_NAMES' => sizeof($forum_names) ? true : false, 'FORUM_NAMES' => implode(', ', $forum_names)));
}
if (!empty($s_hidden_fields_extra)) {
// Setting other hidden fields
$s_hidden_fields_array = array('id_type' => $this->id_type, 'type' => $permission_type);
$s_hidden_fields .= build_hidden_fields($s_hidden_fields_array);
}
// The S_ALLOW_SELECT parameter below is a measure to lower memory usage.
// If there are more than 5 forums selected the admin is not able to select all users/groups too.
// We need to see if the number of forums can be increased or need to be decreased.
$template->assign_vars(array('U_ACTION' => $this->u_action, 'U_ACTION_USERS' => str_replace('_group_global', '_user_global', $this->u_action), 'U_ACTION_GROUPS' => str_replace('_user_global', '_group_global', $this->u_action), 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_VICTIM' => true, 'S_ALLOW_ALL_SELECT' => false, 'S_CAN_SELECT_USER' => true, 'S_CAN_SELECT_GROUP' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
return;
}
$template->assign_vars(array('S_PERMISSION_DROPDOWN' => sizeof($this->permission_dropdown) > 1 ? $this->build_permission_dropdown($this->permission_dropdown, $permission_type, $permission_scope) : false, 'L_PERMISSION_TYPE' => $user->lang['ACL_TYPE_' . strtoupper($permission_type)], 'U_ACTION' => $this->u_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
if (strpos($mode, 'setting_') === 0) {
$template->assign_vars(array('S_SETTING_PERMISSIONS' => true));
$hold_ary = $auth_admin->get_mask('set', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
$auth_admin->display_mask('set', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false);
} else {
$template->assign_vars(array('S_VIEWING_PERMISSIONS' => true));
$hold_ary = $auth_admin->get_mask('view', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NEVER);
$auth_admin->display_mask('view', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false);
}
}
/**
* View log
*/
function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC')
{
global $db, $user, $auth, $phpEx, $phpbb_root_path, $phpbb_admin_path;
$topic_id_list = $reportee_id_list = $is_auth = $is_mod = array();
$profile_url = defined('IN_ADMIN') ? append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=users&mode=overview') : append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=viewprofile');
switch ($mode) {
case 'admin':
$log_type = LOG_ADMIN;
$sql_forum = '';
break;
case 'mod':
$log_type = LOG_MOD;
if ($topic_id) {
$sql_forum = 'AND l.topic_id = ' . intval($topic_id);
} else {
if (is_array($forum_id)) {
$sql_forum = 'AND l.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
} else {
$sql_forum = $forum_id ? 'AND l.forum_id = ' . intval($forum_id) : '';
}
}
break;
case 'user':
$log_type = LOG_USERS;
$sql_forum = 'AND l.reportee_id = ' . intval($user_id);
break;
case 'users':
$log_type = LOG_USERS;
$sql_forum = '';
break;
case 'critical':
$log_type = LOG_CRITICAL;
$sql_forum = '';
break;
default:
return;
}
$sql = "SELECT l.*, u.username\n\t\tFROM " . LOG_TABLE . " l, " . USERS_TABLE . " u\n\t\tWHERE l.log_type = {$log_type}\n\t\t\tAND u.user_id = l.user_id\n\t\t\t" . ($limit_days ? "AND l.log_time >= {$limit_days}" : '') . "\n\t\t\t{$sql_forum}\n\t\tORDER BY {$sort_by}";
$result = $db->sql_query_limit($sql, $limit, $offset);
$i = 0;
$log = array();
while ($row = $db->sql_fetchrow($result)) {
if ($row['topic_id']) {
$topic_id_list[] = $row['topic_id'];
}
if ($row['reportee_id']) {
$reportee_id_list[] = $row['reportee_id'];
}
$log[$i] = array('id' => $row['log_id'], 'reportee_id' => $row['reportee_id'], 'reportee_username' => '', 'user_id' => $row['user_id'], 'username' => '<a href="' . $profile_url . '&u=' . $row['user_id'] . '">' . $row['username'] . '</a>', 'ip' => $row['log_ip'], 'time' => $row['log_time'], 'forum_id' => $row['forum_id'], 'topic_id' => $row['topic_id'], 'viewforum' => $row['forum_id'] && $auth->acl_get('f_read', $row['forum_id']) ? append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $row['forum_id']) : false, 'action' => isset($user->lang[$row['log_operation']]) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}');
if (!empty($row['log_data'])) {
$log_data_ary = unserialize($row['log_data']);
if (isset($user->lang[$row['log_operation']])) {
foreach ($log_data_ary as $log_data) {
$log_data = str_replace("\n", '<br />', censor_text($log_data));
$log[$i]['action'] = preg_replace('#%s#', $log_data, $log[$i]['action'], 1);
}
} else {
$log[$i]['action'] .= '<br />' . implode('', $log_data_ary);
}
}
$i++;
}
$db->sql_freeresult($result);
if (sizeof($topic_id_list)) {
$topic_id_list = array_unique($topic_id_list);
// This query is not really needed if move_topics() updates the forum_id field,
// although it's also used to determine if the topic still exists in the database
$sql = 'SELECT topic_id, forum_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')';
$result = $db->sql_query($sql);
$default_forum_id = 0;
while ($row = $db->sql_fetchrow($result)) {
if (!$row['forum_id']) {
if ($auth->acl_getf_global('f_read')) {
if (!$default_forum_id) {
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE . '
WHERE forum_type = ' . FORUM_POST;
$f_result = $db->sql_query_limit($sql, 1);
$default_forum_id = (int) $db->sql_fetchfield('forum_id', false, $f_result);
$db->sql_freeresult($f_result);
}
$is_auth[$row['topic_id']] = $default_forum_id;
}
} else {
if ($auth->acl_get('f_read', $row['forum_id'])) {
$is_auth[$row['topic_id']] = $row['forum_id'];
}
}
if ($auth->acl_gets('a_', 'm_', $row['forum_id'])) {
$is_mod[$row['topic_id']] = $row['forum_id'];
}
}
$db->sql_freeresult($result);
foreach ($log as $key => $row) {
$log[$key]['viewtopic'] = isset($is_auth[$row['topic_id']]) ? append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $is_auth[$row['topic_id']] . '&t=' . $row['topic_id']) : false;
$log[$key]['viewlogs'] = isset($is_mod[$row['topic_id']]) ? append_sid("{$phpbb_root_path}mcp.{$phpEx}", 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $user->session_id) : false;
}
}
if ($reportee_id_list) {
$reportee_id_list = array_unique($reportee_id_list);
$reportee_names_list = array();
if (!function_exists('user_get_id_name')) {
include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx;
}
user_get_id_name($reportee_id_list, $reportee_names_list);
foreach ($log as $key => $row) {
$log[$key]['reportee_username'] = isset($reportee_names_list[$row['reportee_id']]) ? '<a href="' . $profile_url . '&u=' . $row['reportee_id'] . '">' . $reportee_names_list[$row['reportee_id']] . '</a>' : false;
}
}
$sql = 'SELECT COUNT(l.log_id) AS total_entries
FROM ' . LOG_TABLE . " l\n\t\tWHERE l.log_type = {$log_type}\n\t\t\tAND l.log_time >= {$limit_days}\n\t\t\t{$sql_forum}";
$result = $db->sql_query($sql);
$log_count = (int) $db->sql_fetchfield('total_entries');
$db->sql_freeresult($result);
return;
}
$type = request_var('type', "");
$result = false;
if ($type != "" && $config['eveapi_jabber_masterswitch'] && $config['eveapi_ejabber_switch']) {
$challenge = request_var('challenge', '');
if ($challenge == $secret) {
if ($type == "checkAuth") {
$user = urldecode(request_var('user', ''));
$pass = urldecode(request_var('pass', ''));
$user = str_replace("_", " ", base64_decode($user));
$pass = base64_decode($pass);
$result = checkAuth($user, $pass);
} elseif ($type == "isUser") {
$user = urldecode(request_var('user', ''));
$user = base64_decode($user);
$userArray = array($user);
$id = user_get_id_name(array(), $userArray, array(0, 3));
if ($id === false) {
$result = true;
}
}
}
}
$response_text = $result ? "true" : "false";
header("Content-Type:text/xml");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<result>\n";
echo "<response>{$response_text}</response>\n";
echo "</result>\n";
// --------------------------------------------
function checkAuth($username, $password)
{
/**
* Process modification of own entry
*
* @return array errors
*/
protected function process_entry_modification()
{
if (!check_form_key($this->form_key_name)) {
return array($this->user->lang('FORM_INVALID'));
}
if (!$this->request->is_set_post('entries_to_modify')) {
return array();
}
$entry_ids = array_unique(explode(",", $this->request->variable('entries_to_modify', '')));
$entry_user_id = $real_user_id = $this->user->data['user_id'];
$errors = array();
foreach ($entry_ids as $entry_id) {
$changed = $filled_out = false;
if ($entry_id == self::ADDUSER_ENTRY_ID) {
$username = utf8_normalize_nfc($this->request->variable('answer_adduser_username', '', true));
if ($username == '') {
continue;
}
$adduser_id = array();
if (user_get_id_name($adduser_id, $username) == 'NO_USERS') {
$errors[] = $this->user->lang('NO_USER');
continue;
}
$entry_user_id = $adduser_id[0];
if (!$this->survey->can_add_new_entry($real_user_id, $entry_user_id)) {
$errors[] = $this->user->lang('NO_AUTH_OPERATION');
continue;
}
} else {
$entry_id = (int) $entry_id;
if ($entry_id == self::NEW_ENTRY_ID && !$this->survey->can_add_new_entry($real_user_id)) {
$errors[] = $this->user->lang('NO_AUTH_OPERATION');
continue;
} else {
if ($entry_id != self::NEW_ENTRY_ID && !$this->survey->entry_exists($entry_id)) {
continue;
} else {
if ($entry_id != self::NEW_ENTRY_ID && !$this->survey->can_modify_entry($real_user_id, $this->survey->entries[$entry_id]['user_id'])) {
$errors[] = $this->user->lang('NO_AUTH_OPERATION');
continue;
}
}
}
}
$answers = array();
$abort = false;
foreach ($this->survey->questions as $question_id => $question) {
$answers[$question_id] = $this->request->is_set_post("answer_{$entry_id}_{$question_id}") ? $this->request->variable("answer_{$entry_id}_{$question_id}", '', true) : '';
if ($question['type'] == survey::$QUESTION_TYPES['DROP_DOWN_MENU']) {
if (isset($question['choices'][$answers[$question_id]])) {
$answers[$question_id] = $question['choices'][$answers[$question_id]]['text'];
} else {
$answers[$question_id] = '';
}
} else {
if ($question['type'] == survey::$QUESTION_TYPES['MULTIPLE_CHOICE']) {
$answers_choice_array = array_unique($this->request->variable("answer_{$entry_id}_{$question_id}", array(0)));
$answers[$question_id] = array();
foreach ($answers_choice_array as $choice_id) {
if (isset($question['choices'][$choice_id])) {
$answers[$question_id][] = $question['choices'][$choice_id]['text'];
}
}
$answers[$question_id] = implode(",", $answers[$question_id]);
}
}
$old_exists = $entry_id != self::ADDUSER_ENTRY_ID && $entry_id != self::NEW_ENTRY_ID && isset($this->survey->entries[$entry_id]['answers'][$question_id]);
$old_value = $old_exists ? $this->survey->entries[$entry_id]['answers'][$question_id] : 0;
if ($answers[$question_id] != '') {
if (!$this->survey->check_answer($answers[$question_id], $question_id)) {
$errors[] = $this->user->lang('SURVEY_INVALID_ANSWER');
$abort = true;
continue;
}
$filled_out = true;
if ($this->survey->has_cap($question_id) && !$this->survey->can_manage($real_user_id)) {
$diff = $this->survey->modify_sum_entry($question_id, false, true, $answers[$question_id], $old_exists, $old_value);
if ($diff != 0 && $this->survey->cap_exceeded($question_id, $diff)) {
$errors[] = $this->user->lang('SURVEY_CAP_EXEEDED', $this->survey->questions[$question_id]['label']);
$abort = true;
continue;
}
}
if (!$old_exists || $old_value != $answers[$question_id]) {
$changed = true;
}
} else {
if ($old_exists && $old_value != '') {
$changed = true;
}
}
}
if ($abort) {
continue;
}
if ($filled_out) {
if ($entry_id == self::ADDUSER_ENTRY_ID || $entry_id == self::NEW_ENTRY_ID) {
$this->survey->add_entry($entry_user_id, $answers);
} else {
if ($changed) {
$this->survey->modify_entry($entry_id, $answers);
}
}
} else {
if ($entry_id != self::ADDUSER_ENTRY_ID && $entry_id != self::NEW_ENTRY_ID) {
$this->survey->delete_entry($entry_id);
}
}
}
return $errors;
}
private function phpBBchangePassword($u_name, $new_password)
{
$save_sytem_config = $GLOBALS['config'];
global $phpbb_root_path;
global $phpEx;
global $db;
$phpbb_root_path = $this->_phpbb_src;
$phpEx = 'php';
ob_start();
if (is_readable($this->_phpbb_src . 'config.php') and is_executable($this->_phpbb_src . 'config.php') and is_readable($this->_phpbb_src . 'common.php') and is_executable($this->_phpbb_src . 'common.php') and is_readable($this->_phpbb_src . 'includes/functions_user.php') and is_executable($this->_phpbb_src . 'includes/functions_user.php')) {
require_once $this->_phpbb_src . 'config.php';
require_once $this->_phpbb_src . 'common.php';
require_once $this->_phpbb_src . 'includes/functions_user.php';
} else {
return false;
}
$username_ary = $u_name;
user_get_id_name($user_id_ary, $username_ary);
$isOK = false;
if (!empty($user_id_ary) && isset($user_id_ary[0])) {
$uid = $user_id_ary[0];
$q = "UPDATE " . USERS_TABLE . " SET `user_password` = '" . phpbb_hash($new_password) . "' WHERE `user_id` = " . $uid . " LIMIT 1";
$isOK = $db->sql_query($q);
}
ob_end_clean();
$GLOBALS['config'] = $save_sytem_config;
return $isOK;
}
function main($id, $mode)
{
global $db, $user, $auth, $template, $cache;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx;
include_once $phpbb_root_path . 'includes/acp/auth.' . $phpEx;
$auth_admin = new auth_admin();
$user->add_lang('acp/permissions');
$user->add_lang('acp/permissions_phpbb');
$this->tpl_name = 'acp_permissions';
// Trace has other vars
if ($mode == 'trace') {
$user_id = request_var('u', 0);
$forum_id = request_var('f', 0);
$permission = request_var('auth', '');
$this->tpl_name = 'permission_trace';
if ($user_id && isset($auth_admin->option_ids[$permission]) && $auth->acl_get('a_viewauth')) {
$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
$this->permission_trace($user_id, $forum_id, $permission);
return;
}
trigger_error('NO_MODE');
}
// Set some vars
$action = request_var('action', array('' => 0));
$action = key($action);
$action = isset($_POST['psubmit']) ? 'apply_permissions' : $action;
$all_forums = request_var('all_forums', 0);
$subforum_id = request_var('subforum_id', 0);
$forum_id = request_var('forum_id', array(0));
$username = request_var('username', array(''), true);
$usernames = request_var('usernames', '', true);
$user_id = request_var('user_id', array(0));
$group_id = request_var('group_id', array(0));
$select_all_groups = request_var('select_all_groups', 0);
// If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen)
if ($select_all_groups) {
// Add default groups to selection
$sql_and = $config['coppa_hide_groups'] ? " AND group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . '
WHERE group_type = ' . GROUP_SPECIAL . "\n\t\t\t\t{$sql_and}";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$group_id[] = $row['group_id'];
}
$db->sql_freeresult($result);
}
// Map usernames to ids and vice versa
if ($usernames) {
$username = explode("\n", $usernames);
}
unset($usernames);
if (sizeof($username) && !sizeof($user_id)) {
user_get_id_name($user_id, $username);
if (!sizeof($user_id)) {
trigger_error($user->lang['SELECTED_USER_NOT_EXIST'] . adm_back_link($this->u_action));
}
}
unset($username);
// Build forum ids (of all forums are checked or subforum listing used)
if ($all_forums) {
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE . '
ORDER BY left_id';
$result = $db->sql_query($sql);
$forum_id = array();
while ($row = $db->sql_fetchrow($result)) {
$forum_id[] = $row['forum_id'];
}
$db->sql_freeresult($result);
} else {
if ($subforum_id) {
$forum_id = array();
foreach (get_forum_branch($subforum_id, 'children') as $row) {
$forum_id[] = $row['forum_id'];
}
}
}
// Define some common variables for every mode
$error = array();
$permission_scope = strpos($mode, '_global') !== false ? 'global' : 'local';
// Showing introductionary page?
if ($mode == 'intro') {
$this->page_title = 'ACP_PERMISSIONS';
$template->assign_vars(array('S_INTRO' => true));
return;
}
switch ($mode) {
case 'setting_user_global':
case 'setting_group_global':
$this->permission_dropdown = array('u_', 'm_', 'a_');
$permission_victim = $mode == 'setting_user_global' ? array('user') : array('group');
$this->page_title = $mode == 'setting_user_global' ? 'ACP_USERS_PERMISSIONS' : 'ACP_GROUPS_PERMISSIONS';
break;
case 'setting_user_local':
case 'setting_group_local':
$this->permission_dropdown = array('f_', 'm_');
$permission_victim = $mode == 'setting_user_local' ? array('user', 'forums') : array('group', 'forums');
$this->page_title = $mode == 'setting_user_local' ? 'ACP_USERS_FORUM_PERMISSIONS' : 'ACP_GROUPS_FORUM_PERMISSIONS';
break;
case 'setting_admin_global':
case 'setting_mod_global':
$this->permission_dropdown = strpos($mode, '_admin_') !== false ? array('a_') : array('m_');
$permission_victim = array('usergroup');
$this->page_title = $mode == 'setting_admin_global' ? 'ACP_ADMINISTRATORS' : 'ACP_GLOBAL_MODERATORS';
break;
case 'setting_mod_local':
case 'setting_forum_local':
$this->permission_dropdown = $mode == 'setting_mod_local' ? array('m_') : array('f_');
$permission_victim = array('forums', 'usergroup');
$this->page_title = $mode == 'setting_mod_local' ? 'ACP_FORUM_MODERATORS' : 'ACP_FORUM_PERMISSIONS';
break;
case 'view_admin_global':
case 'view_user_global':
case 'view_mod_global':
$this->permission_dropdown = $mode == 'view_admin_global' ? array('a_') : ($mode == 'view_user_global' ? array('u_') : array('m_'));
$permission_victim = array('usergroup_view');
$this->page_title = $mode == 'view_admin_global' ? 'ACP_VIEW_ADMIN_PERMISSIONS' : ($mode == 'view_user_global' ? 'ACP_VIEW_USER_PERMISSIONS' : 'ACP_VIEW_GLOBAL_MOD_PERMISSIONS');
break;
case 'view_mod_local':
case 'view_forum_local':
$this->permission_dropdown = $mode == 'view_mod_local' ? array('m_') : array('f_');
$permission_victim = array('forums', 'usergroup_view');
$this->page_title = $mode == 'view_mod_local' ? 'ACP_VIEW_FORUM_MOD_PERMISSIONS' : 'ACP_VIEW_FORUM_PERMISSIONS';
break;
default:
trigger_error('INVALID_MODE');
}
$template->assign_vars(array('L_TITLE' => $user->lang[$this->page_title], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN']));
// Get permission type
$permission_type = request_var('type', $this->permission_dropdown[0]);
if (!in_array($permission_type, $this->permission_dropdown)) {
trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . adm_back_link($this->u_action));
}
// Handle actions
if (strpos($mode, 'setting_') === 0 && $action) {
switch ($action) {
case 'delete':
$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
break;
case 'apply_permissions':
if (!isset($_POST['setting'])) {
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action));
}
$this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id);
break;
case 'apply_all_permissions':
if (!isset($_POST['setting'])) {
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action));
}
$this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id);
break;
}
}
// Setting permissions screen
$s_hidden_fields = build_hidden_fields(array('user_id' => $user_id, 'group_id' => $group_id, 'forum_id' => $forum_id, 'type' => $permission_type));
// Go through the screens/options needed and present them in correct order
foreach ($permission_victim as $victim) {
switch ($victim) {
case 'forum_dropdown':
if (sizeof($forum_id)) {
$this->check_existence('forum', $forum_id);
continue 2;
}
$template->assign_vars(array('S_SELECT_FORUM' => true, 'S_FORUM_OPTIONS' => make_forum_select(false, false, true, false, false)));
break;
case 'forums':
if (sizeof($forum_id)) {
$this->check_existence('forum', $forum_id);
continue 2;
}
$forum_list = make_forum_select(false, false, true, false, false, true);
// Build forum options
$s_forum_options = '';
foreach ($forum_list as $f_id => $f_row) {
$s_forum_options .= '<option value="' . $f_id . '"' . $f_row['selected'] . '>' . $f_row['padding'] . $f_row['forum_name'] . '</option>';
}
// Build subforum options
$s_subforum_options = $this->build_subforum_options($forum_list);
$template->assign_vars(array('S_SELECT_FORUM' => true, 'S_FORUM_OPTIONS' => $s_forum_options, 'S_SUBFORUM_OPTIONS' => $s_subforum_options, 'S_FORUM_ALL' => true, 'S_FORUM_MULTIPLE' => true));
break;
case 'user':
if (sizeof($user_id)) {
$this->check_existence('user', $user_id);
continue 2;
}
$template->assign_vars(array('S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=select_victim&field=username')));
break;
case 'group':
if (sizeof($group_id)) {
$this->check_existence('group', $group_id);
continue 2;
}
$template->assign_vars(array('S_SELECT_GROUP' => true, 'S_GROUP_OPTIONS' => group_select_options(false)));
break;
case 'usergroup':
case 'usergroup_view':
if (sizeof($user_id) || sizeof($group_id)) {
if (sizeof($user_id)) {
$this->check_existence('user', $user_id);
}
if (sizeof($group_id)) {
$this->check_existence('group', $group_id);
}
continue 2;
}
$sql_forum_id = $permission_scope == 'global' ? 'AND a.forum_id = 0' : (sizeof($forum_id) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0');
$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
$sql = $db->sql_build_query('SELECT_DISTINCT', array('SELECT' => 'u.username, u.user_regdate, u.user_id', 'FROM' => array(USERS_TABLE => 'u', ACL_OPTIONS_TABLE => 'o', ACL_USERS_TABLE => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(ACL_ROLES_DATA_TABLE => 'r'), 'ON' => 'a.auth_role_id = r.role_id')), 'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)\n\t\t\t\t\t\t\t{$sql_permission_option}\n\t\t\t\t\t\t\t{$sql_forum_id}\n\t\t\t\t\t\t\tAND u.user_id = a.user_id", 'ORDER_BY' => 'u.username, u.user_regdate ASC'));
$result = $db->sql_query($sql);
$s_defined_user_options = '';
$defined_user_ids = array();
while ($row = $db->sql_fetchrow($result)) {
$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
$defined_user_ids[] = $row['user_id'];
}
$db->sql_freeresult($result);
$sql = $db->sql_build_query('SELECT_DISTINCT', array('SELECT' => 'g.group_type, g.group_name, g.group_id', 'FROM' => array(GROUPS_TABLE => 'g', ACL_OPTIONS_TABLE => 'o', ACL_GROUPS_TABLE => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(ACL_ROLES_DATA_TABLE => 'r'), 'ON' => 'a.auth_role_id = r.role_id')), 'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)\n\t\t\t\t\t\t\t{$sql_permission_option}\n\t\t\t\t\t\t\t{$sql_forum_id}\n\t\t\t\t\t\t\tAND g.group_id = a.group_id", 'ORDER_BY' => 'g.group_type DESC, g.group_name ASC'));
$result = $db->sql_query($sql);
$s_defined_group_options = '';
$defined_group_ids = array();
while ($row = $db->sql_fetchrow($result)) {
$s_defined_group_options .= '<option' . ($row['group_type'] == GROUP_SPECIAL ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . ($row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
$defined_group_ids[] = $row['group_id'];
}
$db->sql_freeresult($result);
// Now we check the users... because the "all"-selection is different here (all defined users/groups)
$all_users = isset($_POST['all_users']) ? true : false;
$all_groups = isset($_POST['all_groups']) ? true : false;
if ($all_users && sizeof($defined_user_ids)) {
$user_id = $defined_user_ids;
continue 2;
}
if ($all_groups && sizeof($defined_group_ids)) {
$group_id = $defined_group_ids;
continue 2;
}
$template->assign_vars(array('S_SELECT_USERGROUP' => $victim == 'usergroup' ? true : false, 'S_SELECT_USERGROUP_VIEW' => $victim == 'usergroup_view' ? true : false, 'S_DEFINED_USER_OPTIONS' => $s_defined_user_options, 'S_DEFINED_GROUP_OPTIONS' => $s_defined_group_options, 'S_ADD_GROUP_OPTIONS' => group_select_options(false, $defined_group_ids), 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=add_user&field=username')));
break;
}
$template->assign_vars(array('U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_VICTIM' => true, 'S_CAN_SELECT_USER' => $auth->acl_get('a_authusers') ? true : false, 'S_CAN_SELECT_GROUP' => $auth->acl_get('a_authgroups') ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
// Let the forum names being displayed
if (sizeof($forum_id)) {
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_id) . ')
ORDER BY forum_name ASC';
$result = $db->sql_query($sql);
$forum_names = array();
while ($row = $db->sql_fetchrow($result)) {
$forum_names[] = $row['forum_name'];
}
$db->sql_freeresult($result);
$template->assign_vars(array('S_FORUM_NAMES' => sizeof($forum_names) ? true : false, 'FORUM_NAMES' => implode(', ', $forum_names)));
}
return;
}
// Do not allow forum_ids being set and no other setting defined (will bog down the server too much)
if (sizeof($forum_id) && !sizeof($user_id) && !sizeof($group_id)) {
trigger_error($user->lang['ONLY_FORUM_DEFINED'] . adm_back_link($this->u_action));
}
$template->assign_vars(array('S_PERMISSION_DROPDOWN' => sizeof($this->permission_dropdown) > 1 ? $this->build_permission_dropdown($this->permission_dropdown, $permission_type) : false, 'L_PERMISSION_TYPE' => $user->lang['ACL_TYPE_' . strtoupper($permission_type)], 'U_ACTION' => $this->u_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
if (strpos($mode, 'setting_') === 0) {
$template->assign_vars(array('S_SETTING_PERMISSIONS' => true));
$hold_ary = $auth_admin->get_mask('set', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_UNSET);
$auth_admin->display_mask('set', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false);
} else {
$template->assign_vars(array('S_VIEWING_PERMISSIONS' => true));
$hold_ary = $auth_admin->get_mask('view', sizeof($user_id) ? $user_id : false, sizeof($group_id) ? $group_id : false, sizeof($forum_id) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
$auth_admin->display_mask('view', $permission_type, $hold_ary, sizeof($user_id) ? 'user' : 'group', $permission_scope == 'local' ? true : false);
}
}
/**
* This is used to promote (to leader), demote or set as default a member/s
*/
function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
{
global $db, $auth, $user, $phpbb_container, $phpbb_log, $phpbb_dispatcher;
// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary) || $result !== false) {
return 'NO_USERS';
}
if (!$group_name) {
$group_name = get_group_name($group_id);
}
switch ($action) {
case 'demote':
case 'promote':
$sql = 'SELECT user_id
FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 1\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$result = $db->sql_query_limit($sql, 1);
$not_empty = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($not_empty) {
return 'NO_VALID_USERS';
}
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = ' . ($action == 'promote' ? 1 : 0) . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
$log = $action == 'promote' ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
break;
case 'approve':
// Make sure we only approve those which are pending ;)
$sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
WHERE ug.group_id = ' . $group_id . '
AND ug.user_pending = 1
AND ug.user_id = u.user_id
AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
$result = $db->sql_query($sql);
$user_id_ary = array();
while ($row = $db->sql_fetchrow($result)) {
$user_id_ary[] = $row['user_id'];
}
$db->sql_freeresult($result);
if (!sizeof($user_id_ary)) {
return false;
}
$sql = 'UPDATE ' . USER_GROUP_TABLE . "\n\t\t\t\tSET user_pending = 0\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
/* @var $phpbb_notifications \phpbb\notification\manager */
$phpbb_notifications = $phpbb_container->get('notification_manager');
$phpbb_notifications->add_notifications('notification.type.group_request_approved', array('user_ids' => $user_id_ary, 'group_id' => $group_id, 'group_name' => $group_name));
$phpbb_notifications->delete_notifications('notification.type.group_request', $user_id_ary, $group_id);
$log = 'LOG_USERS_APPROVED';
break;
case 'default':
// We only set default group for approved members of the group
$sql = 'SELECT user_id
FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$result = $db->sql_query($sql);
$user_id_ary = $username_ary = array();
while ($row = $db->sql_fetchrow($result)) {
$user_id_ary[] = $row['user_id'];
}
$db->sql_freeresult($result);
$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary) || $result !== false) {
return 'NO_USERS';
}
$sql = 'SELECT user_id, group_id
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
$result = $db->sql_query($sql);
$groups = array();
while ($row = $db->sql_fetchrow($result)) {
if (!isset($groups[$row['group_id']])) {
$groups[$row['group_id']] = array();
}
$groups[$row['group_id']][] = $row['user_id'];
}
$db->sql_freeresult($result);
foreach ($groups as $gid => $uids) {
remove_default_rank($gid, $uids);
remove_default_avatar($gid, $uids);
}
group_set_user_default($group_id, $user_id_ary, $group_attributes);
$log = 'LOG_GROUP_DEFAULTS';
break;
}
/**
* Event to perform additional actions on setting user group attributes
*
* @event core.user_set_group_attributes
* @var int group_id ID of the group
* @var string group_name Name of the group
* @var array user_id_ary IDs of the users to set group attributes
* @var array username_ary Names of the users to set group attributes
* @var array group_attributes Group attributes which were changed
* @var string action Action to perform over the group members
* @since 3.1.10-RC1
*/
$vars = array('group_id', 'group_name', 'user_id_ary', 'username_ary', 'group_attributes', 'action');
extract($phpbb_dispatcher->trigger_event('core.user_set_group_attributes', compact($vars)));
// Clear permissions cache of relevant users
$auth->acl_clear_prefetch($user_id_ary);
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($group_name, implode(', ', $username_ary)));
group_update_listings($group_id);
return false;
}
$pwd = $_GET['p'];
$username = $_GET['u'];
$changingPwd = false;
$changingEmail = false;
if (strlen($pwd) > 0) {
$changingPwd = true;
}
if ($oldEmail != $email) {
$changingEmail = true;
}
//$password = md5($pwd);
$password = md5($pwd);
//get the userid for the (old) email address
$user_id_ary = NULL;
$user_name_ary = array($username);
user_get_id_name($user_id_ary, $user_name_ary);
$phpbb_user_id = $user_id_ary[0];
echo 'username: '******' userid: ', $user_id_ary[0];
//update the user
$aSql = array();
if ($changingPwd) {
$aSql["user_password"] = phpbb_hash($pwd);
$aSql["user_passchg"] = time();
}
if ($changingEmail) {
$aSql["user_email"] = $email;
$aSql["user_email_hash"] = phpbb_email_hash($email);
}
// Execute update
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $aSql) . '
/**
* sends a personal message with the contents of the form
* @todo make this work
*/
private function pm_sendform($message, $user_id = 2, $sender_id = 2)
{
global $user, $config;
global $phpEx, $phpbb_root_path;
global $messenger;
include_once $phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx;
include_once $phpbb_root_path . 'includes/message_parser.' . $phpEx;
$sender = $this->get_user_info($sender_id);
$message_parser = new parse_message();
$data = array();
//$messenger->template('raidplan_delete', $row['user_lang']);
$subject = '[' . $user->lang['RAIDPLANNER'] . '] ' . $user->lang['DELRAID'] . ': ' . $this->eventlist->events[$this->event_type]['event_name'] . ' ' . $user->format_date($this->start_time, $config['rp_date_time_format'], true);
$userids = array($this->poster);
$rlname = array();
user_get_id_name($userids, $rlname);
$messenger->assign_vars(array('RAIDLEADER' => $rlname[$this->poster], 'USERNAME' => htmlspecialchars_decode($row['username']), 'EVENT_SUBJECT' => $subject, 'EVENT' => $this->eventlist->events[$this->event_type]['event_name'], 'INVITE_TIME' => $user->format_date($this->invite_time, $config['rp_date_time_format'], true), 'START_TIME' => $user->format_date($this->start_time, $config['rp_date_time_format'], true), 'END_TIME' => $user->format_date($this->end_time, $config['rp_date_time_format'], true), 'TZ' => $user->lang['tz'][(int) $user->data['user_timezone']], 'U_RAIDPLAN' => generate_board_url() . "/dkp.{$phpEx}?page=planner&view=raidplan&raidplanid=" . $this->id));
$messenger->msg = trim($messenger->tpl_obj->assign_display('body'));
$messenger->msg = str_replace("\r\n", "\n", $messenger->msg);
$messenger->msg = utf8_normalize_nfc($messenger->msg);
$uid = $bitfield = $options = '';
// will be modified by generate_text_for_storage
$allow_bbcode = $allow_smilies = $allow_urls = true;
generate_text_for_storage($messenger->msg, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies);
$messenger->msg = generate_text_for_display($messenger->msg, $uid, $bitfield, $options);
$data = array('address_list' => array('u' => array($row['user_id'] => 'to')), 'from_user_id' => $user->data['user_id'], 'from_username' => $user->data['username'], 'icon_id' => 0, 'from_user_ip' => $user->data['user_ip'], 'enable_bbcode' => true, 'enable_smilies' => true, 'enable_urls' => true, 'enable_sig' => true, 'message' => $messenger->msg, 'bbcode_bitfield' => $this->bbcode['bitfield'], 'bbcode_uid' => $this->bbcode['uid']);
if ($config['rp_pm_rpchange'] == 1 && (int) $row['user_allow_pm'] == 1) {
// send a PM
submit_pm('post', $subject, $data, false);
}
}
/**
* raidmessenger
*
* eventhandler for
* raidplan add send to all who have a dkp member with points
* raidplan update send to raidplan participants
* raidplan delete send to raidplan participants
*
* @param $trigger
*/
public function raidmessenger($trigger)
{
global $user, $config;
global $phpEx, $phpbb_root_path;
include_once $phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx;
include_once $phpbb_root_path . 'includes/functions.' . $phpEx;
include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx;
$rpm = new \bbdkp\controller\raidplanner\Raidmessenger();
$rpm->get_notifiable_users($trigger, $this->id);
$emailrecipients = array();
$messenger = new \messenger();
foreach ($rpm->send_user_data as $id => $row) {
$data = array();
// get template
switch ($trigger) {
case 1:
$messenger->template('raidplan_add', $row['user_lang']);
$subject = '[' . $user->lang['RAIDPLANNER'] . '] ' . $user->lang['NEWRAID'] . ': ' . $this->eventlist[$this->event_type]['event_name'] . ' ' . $user->format_date($this->start_time, $config['rp_date_time_format'], true);
break;
case 2:
$messenger->template('raidplan_update', $row['user_lang']);
$subject = '[' . $user->lang['RAIDPLANNER'] . '] ' . $user->lang['UPDRAID'] . ': ' . $this->eventlist[$this->event_type]['event_name'] . ' ' . $user->format_date($this->start_time, $config['rp_date_time_format'], true);
break;
case 3:
$messenger->template('raidplan_delete', $row['user_lang']);
$subject = '[' . $user->lang['RAIDPLANNER'] . '] ' . $user->lang['DELRAID'] . ': ' . $this->eventlist[$this->event_type]['event_name'] . ' ' . $user->format_date($this->start_time, $config['rp_date_time_format'], true);
break;
}
$userids = array($this->poster);
$rlname = array();
user_get_id_name($userids, $rlname);
$messenger->assign_vars(array('RAIDLEADER' => $rlname[$this->poster], 'USERNAME' => htmlspecialchars_decode($row['username']), 'EVENT_SUBJECT' => $subject, 'EVENT' => $this->eventlist[$this->event_type]['event_name'], 'INVITE_TIME' => $user->format_date($this->invite_time, $config['rp_date_time_format'], true), 'START_TIME' => $user->format_date($this->start_time, $config['rp_date_time_format'], true), 'END_TIME' => $user->format_date($this->end_time, $config['rp_date_time_format'], true), 'TZ' => $user->lang['tz'][(int) $user->data['user_timezone']], 'U_RAIDPLAN' => generate_board_url() . "/dkp.{$phpEx}?page=planner&view=raidplan&raidplanid=" . $this->id));
$messenger->msg = trim($messenger->tpl_obj->assign_display('body'));
$messenger->msg = str_replace("\r\n", "\n", $messenger->msg);
$messenger->msg = utf8_normalize_nfc($messenger->msg);
$uid = $bitfield = $options = '';
// will be modified by generate_text_for_storage
$allow_bbcode = $allow_smilies = $allow_urls = true;
generate_text_for_storage($messenger->msg, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies);
$messenger->msg = generate_text_for_display($messenger->msg, $uid, $bitfield, $options);
$data = array('address_list' => array('u' => array($row['user_id'] => 'to')), 'from_user_id' => $user->data['user_id'], 'from_username' => $user->data['username'], 'icon_id' => 0, 'from_user_ip' => $user->data['user_ip'], 'enable_bbcode' => true, 'enable_smilies' => true, 'enable_urls' => true, 'enable_sig' => true, 'message' => $messenger->msg, 'bbcode_bitfield' => $this->bbcode['bitfield'], 'bbcode_uid' => $this->bbcode['uid']);
if ($config['rp_pm_rpchange'] == 1 && (int) $row['user_allow_pm'] == 1) {
// send a PM
submit_pm('post', $subject, $data, false);
}
if ($config['rp_email_rpchange'] == 1 && $row['user_email'] != '') {
//send email, reuse messenger object
$email = $messenger;
$emailrecipients[] = $row['username'];
$email->to($row['user_email'], $row['username']);
$email->anti_abuse_headers($config, $user);
$email->send(0);
}
}
if ($config['rp_email_rpchange'] == 1 && isset($email)) {
$email->save_queue();
$emailrecipients = implode(', ', $emailrecipients);
add_log('admin', 'LOG_MASS_EMAIL', $emailrecipients);
}
}
/**
* For composing messages, handle list actions
*/
function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc)
{
global $auth, $db, $user;
// Delete User [TO/BCC]
if ($remove_u && !empty($_REQUEST['remove_u']) && is_array($_REQUEST['remove_u'])) {
$remove_user_id = array_keys($_REQUEST['remove_u']);
if (isset($remove_user_id[0])) {
unset($address_list['u'][(int) $remove_user_id[0]]);
}
}
// Delete Group [TO/BCC]
if ($remove_g && !empty($_REQUEST['remove_g']) && is_array($_REQUEST['remove_g'])) {
$remove_group_id = array_keys($_REQUEST['remove_g']);
if (isset($remove_group_id[0])) {
unset($address_list['g'][(int) $remove_group_id[0]]);
}
}
// Add Selected Groups
$group_list = request_var('group_list', array(0));
// Build usernames to add
$usernames = request_var('username', '', true);
$usernames = empty($usernames) ? array() : array($usernames);
$username_list = request_var('username_list', '', true);
if ($username_list) {
$usernames = array_merge($usernames, explode("\n", $username_list));
}
// If add to or add bcc not pressed, users could still have usernames listed they want to add...
if (!$add_to && !$add_bcc && (sizeof($group_list) || sizeof($usernames))) {
$add_to = true;
global $refresh, $submit, $preview;
$refresh = true;
$submit = false;
// Preview is only true if there was also a message entered
if (request_var('message', '')) {
$preview = true;
}
}
// Add User/Group [TO]
if ($add_to || $add_bcc) {
$type = $add_to ? 'to' : 'bcc';
if (sizeof($group_list)) {
foreach ($group_list as $group_id) {
$address_list['g'][$group_id] = $type;
}
}
// User ID's to add...
$user_id_ary = array();
// Reveal the correct user_ids
if (sizeof($usernames)) {
$user_id_ary = array();
user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE));
// If there are users not existing, we will at least print a notice...
if (!sizeof($user_id_ary)) {
$error[] = $user->lang['PM_NO_USERS'];
}
}
// Add Friends if specified
$friend_list = isset($_REQUEST['add_' . $type]) && is_array($_REQUEST['add_' . $type]) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
$user_id_ary = array_merge($user_id_ary, $friend_list);
foreach ($user_id_ary as $user_id) {
if ($user_id == ANONYMOUS) {
continue;
}
$address_list['u'][$user_id] = $type;
}
}
// Check for disallowed recipients
if (!empty($address_list['u'])) {
// We need to check their PM status (do they want to receive PM's?)
// Only check if not a moderator or admin, since they are allowed to override this user setting
if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) {
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . '
AND user_allow_pm = 0';
$result = $db->sql_query($sql);
$removed = false;
while ($row = $db->sql_fetchrow($result)) {
$removed = true;
unset($address_list['u'][$row['user_id']]);
}
$db->sql_freeresult($result);
// print a notice about users not being added who do not want to receive pms
if ($removed) {
$error[] = $user->lang['PM_USERS_REMOVED_NO_PM'];
}
}
}
}
function import()
{
global $db, $template, $user;
$import_schema = request_var('import_schema', '');
$images = request_var('images', array(''), true);
$submit = isset($_POST['submit']) ? true : (empty($images) ? false : true);
if ($import_schema) {
if (phpbb_gallery_url::_file_exists($import_schema, 'import', '')) {
include phpbb_gallery_url::_return_file($import_schema, 'import', '');
// Replace the md5 with the ' again and remove the space at the end to prevent \' troubles
$user_data['username'] = utf8_substr(str_replace("{{$import_schema}}", "'", $user_data['username']), 0, -1);
$image_name = utf8_substr(str_replace("{{$import_schema}}", "'", $image_name), 0, -1);
} else {
global $phpEx;
trigger_error(sprintf($user->lang['MISSING_IMPORT_SCHEMA'], $import_schema . '.' . $phpEx), E_USER_WARNING);
}
$images_loop = 0;
foreach ($images as $image_src) {
/**
* Import the images
*/
$image_src = str_replace("{{$import_schema}}", "'", $image_src);
$image_src_full = phpbb_gallery_url::path('import') . utf8_decode($image_src);
if (file_exists($image_src_full)) {
$filetype = getimagesize($image_src_full);
$filetype_ext = '';
switch ($filetype['mime']) {
case 'image/jpeg':
case 'image/jpg':
case 'image/pjpeg':
$filetype_ext = '.jpg';
$read_function = 'imagecreatefromjpeg';
if (substr(strtolower($image_src), -4) != '.jpg' && substr(strtolower($image_src), -5) != '.jpeg') {
trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING);
}
break;
case 'image/png':
case 'image/x-png':
$filetype_ext = '.png';
$read_function = 'imagecreatefrompng';
if (substr(strtolower($image_src), -4) != '.png') {
trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING);
}
break;
case 'image/gif':
case 'image/giff':
$filetype_ext = '.gif';
$read_function = 'imagecreatefromgif';
if (substr(strtolower($image_src), -4) != '.gif') {
trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING);
}
break;
default:
trigger_error('NOT_ALLOWED_FILE_TYPE');
break;
}
$image_filename = md5(unique_id()) . $filetype_ext;
if (!@move_uploaded_file($image_src_full, phpbb_gallery_url::path('upload') . $image_filename)) {
if (!@copy($image_src_full, phpbb_gallery_url::path('upload') . $image_filename)) {
$user->add_lang('posting');
trigger_error(sprintf($user->lang['GENERAL_UPLOAD_ERROR'], phpbb_gallery_url::path('upload') . $image_filename), E_USER_WARNING);
}
}
@chmod(phpbb_gallery_url::path('upload') . $image_filename, 0777);
// The source image is imported, so we delete it.
@unlink($image_src_full);
$sql_ary = array('image_filename' => $image_filename, 'image_thumbnail' => '', 'image_desc' => '', 'image_desc_uid' => '', 'image_desc_bitfield' => '', 'image_user_id' => $user_data['user_id'], 'image_username' => $user_data['username'], 'image_username_clean' => utf8_clean_string($user_data['username']), 'image_user_colour' => $user_data['user_colour'], 'image_user_ip' => $user->ip, 'image_time' => $start_time + $done_images, 'image_album_id' => $album_id, 'image_status' => phpbb_gallery_image::STATUS_APPROVED, 'image_exif_data' => '');
$image_tools = new phpbb_gallery_image_tools();
$image_tools->set_image_options(phpbb_gallery_config::get('max_filesize'), phpbb_gallery_config::get('max_height'), phpbb_gallery_config::get('max_width'));
$image_tools->set_image_data(phpbb_gallery_url::path('upload') . $image_filename);
// Read exif data from file
$image_tools->read_exif_data();
$sql_ary['image_exif_data'] = $image_tools->exif_data_serialized;
$sql_ary['image_has_exif'] = $image_tools->exif_data_exist;
if ($filetype[0] > phpbb_gallery_config::get('max_width') || $filetype[1] > phpbb_gallery_config::get('max_height')) {
/**
* Resize overside images
*/
if (phpbb_gallery_config::get('allow_resize')) {
$image_tools->resize_image(phpbb_gallery_config::get('max_width'), phpbb_gallery_config::get('max_height'));
if ($image_tools->resized) {
$image_tools->write_image(phpbb_gallery_url::path('upload') . $image_filename, phpbb_gallery_config::get('jpg_quality'), true);
}
}
}
if (!$image_tools->exif_data_force_db && $sql_ary['image_has_exif'] == phpbb_gallery_constants::EXIF_DBSAVED) {
// Image was not resized, so we can pull the Exif from the image to save db-memory.
$sql_ary['image_has_exif'] = phpbb_gallery_constants::EXIF_AVAILABLE;
$sql_ary['image_exif_data'] = '';
}
// Try to get real filesize from temporary folder (not always working) ;)
$sql_ary['filesize_upload'] = @filesize(phpbb_gallery_url::path('upload') . $image_filename) ? @filesize(phpbb_gallery_url::path('upload') . $image_filename) : 0;
if ($filename || $image_name == '') {
$sql_ary['image_name'] = str_replace("_", " ", utf8_substr($image_src, 0, -4));
} else {
$sql_ary['image_name'] = str_replace('{NUM}', $num_offset + $done_images, $image_name);
}
$sql_ary['image_name_clean'] = utf8_clean_string($sql_ary['image_name']);
// Put the images into the database
$db->sql_query('INSERT INTO ' . GALLERY_IMAGES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$done_images++;
}
// Remove the image from the list
unset($images[$images_loop]);
$images_loop++;
if ($images_loop == 10) {
// We made 10 images, so we end for this turn
break;
}
}
if ($images_loop) {
$image_user = new phpbb_gallery_user($db, $user_data['user_id'], false);
$image_user->update_images($images_loop);
phpbb_gallery_config::inc('num_images', $images_loop);
$todo_images = $todo_images - $images_loop;
}
phpbb_gallery_album::update_info($album_id);
if (!$todo_images) {
unlink(phpbb_gallery_url::_return_file($import_schema, 'import', ''));
trigger_error(sprintf($user->lang['IMPORT_FINISHED'], $done_images) . adm_back_link($this->u_action));
} else {
// Write the new list
$this->create_import_schema($import_schema, $album_id, $user_data, $start_time, $num_offset, $done_images, $todo_images, $image_name, $filename, $images);
// Redirect
$forward_url = $this->u_action . "&import_schema={$import_schema}";
meta_refresh(1, $forward_url);
trigger_error(sprintf($user->lang['IMPORT_DEBUG_MES'], $done_images, $todo_images));
}
} else {
if ($submit) {
if (!check_form_key('acp_gallery')) {
trigger_error('FORM_INVALID', E_USER_WARNING);
}
if (!$images) {
trigger_error('NO_FILE_SELECTED', E_USER_WARNING);
}
// Who is the uploader?
$username = request_var('username', '', true);
$user_id = 0;
if ($username) {
if (!function_exists('user_get_id_name')) {
phpbb_gallery_url::_include('functions_user', 'phpbb');
}
user_get_id_name($user_id, $username);
}
if (is_array($user_id)) {
$user_id = $user_id[0];
}
if (!$user_id) {
$user_id = $user->data['user_id'];
}
$sql = 'SELECT username, user_colour, user_id
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$user_row) {
trigger_error('HACKING_ATTEMPT', E_USER_WARNING);
}
// Where do we put them to?
$album_id = request_var('album_id', 0);
$sql = 'SELECT album_id, album_name
FROM ' . GALLERY_ALBUMS_TABLE . '
WHERE album_id = ' . $album_id;
$result = $db->sql_query($sql);
$album_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$album_row) {
trigger_error('HACKING_ATTEMPT', E_USER_WARNING);
}
$start_time = time();
$import_schema = md5($start_time);
$filename = request_var('filename', '') == 'filename' ? true : false;
$image_name = request_var('image_name', '', true);
$num_offset = request_var('image_num', 0);
$this->create_import_schema($import_schema, $album_row['album_id'], $user_row, $start_time, $num_offset, 0, sizeof($images), $image_name, $filename, $images);
$forward_url = $this->u_action . "&import_schema={$import_schema}";
meta_refresh(2, $forward_url);
trigger_error('IMPORT_SCHEMA_CREATED');
}
}
$handle = opendir(phpbb_gallery_url::path('import'));
$files = array();
while ($file = readdir($handle)) {
if (!is_dir(phpbb_gallery_url::path('import') . $file) && (substr(strtolower($file), -4) == '.png' && phpbb_gallery_config::get('allow_png') || substr(strtolower($file), -4) == '.gif' && phpbb_gallery_config::get('allow_gif') || substr(strtolower($file), -4) == '.jpg' && phpbb_gallery_config::get('allow_jpg') || substr(strtolower($file), -5) == '.jpeg' && phpbb_gallery_config::get('allow_jpg'))) {
$files[utf8_strtolower($file)] = $file;
}
}
closedir($handle);
// Sort the files by name again
ksort($files);
foreach ($files as $file) {
$template->assign_block_vars('imagerow', array('FILE_NAME' => utf8_encode($file)));
}
$template->assign_vars(array('S_IMPORT_IMAGES' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_IMPORT_ALBUMS'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_IMPORT_ALBUMS_EXPLAIN'], 'L_IMPORT_DIR_EMPTY' => sprintf($user->lang['IMPORT_DIR_EMPTY'], phpbb_gallery_url::path('import')), 'S_ALBUM_IMPORT_ACTION' => $this->u_action, 'S_SELECT_IMPORT' => phpbb_gallery_album::get_albumbox(false, 'album_id', false, false, false, phpbb_gallery_album::PUBLIC_ALBUM, phpbb_gallery_album::TYPE_UPLOAD), 'U_FIND_USERNAME' => phpbb_gallery_url::append_sid('phpbb', 'memberlist', 'mode=searchuser&form=acp_gallery&field=username&select_single=true')));
}
/**
* This is used to promote (to leader), demote or set as default a member/s
*/
function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
{
global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container;
// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary) || $result !== false) {
return 'NO_USERS';
}
if (!$group_name) {
$group_name = get_group_name($group_id);
}
switch ($action) {
case 'demote':
case 'promote':
$sql = 'SELECT user_id
FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 1\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$result = $db->sql_query_limit($sql, 1);
$not_empty = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($not_empty) {
return 'NO_VALID_USERS';
}
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = ' . ($action == 'promote' ? 1 : 0) . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
$log = $action == 'promote' ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
break;
case 'approve':
// Make sure we only approve those which are pending ;)
$sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
WHERE ug.group_id = ' . $group_id . '
AND ug.user_pending = 1
AND ug.user_id = u.user_id
AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
$result = $db->sql_query($sql);
$user_id_ary = array();
while ($row = $db->sql_fetchrow($result)) {
$user_id_ary[] = $row['user_id'];
}
$db->sql_freeresult($result);
if (!sizeof($user_id_ary)) {
return false;
}
$sql = 'UPDATE ' . USER_GROUP_TABLE . "\n\t\t\t\tSET user_pending = 0\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
$phpbb_notifications = $phpbb_container->get('notification_manager');
$phpbb_notifications->add_notifications('notification.type.group_request_approved', array('user_ids' => $user_id_ary, 'group_id' => $group_id, 'group_name' => $group_name));
$phpbb_notifications->delete_notifications('notification.type.group_request', $user_id_ary, $group_id);
$log = 'LOG_USERS_APPROVED';
break;
case 'default':
// We only set default group for approved members of the group
$sql = 'SELECT user_id
FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$result = $db->sql_query($sql);
$user_id_ary = $username_ary = array();
while ($row = $db->sql_fetchrow($result)) {
$user_id_ary[] = $row['user_id'];
}
$db->sql_freeresult($result);
$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary) || $result !== false) {
return 'NO_USERS';
}
$sql = 'SELECT user_id, group_id
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
$result = $db->sql_query($sql);
$groups = array();
while ($row = $db->sql_fetchrow($result)) {
if (!isset($groups[$row['group_id']])) {
$groups[$row['group_id']] = array();
}
$groups[$row['group_id']][] = $row['user_id'];
}
$db->sql_freeresult($result);
foreach ($groups as $gid => $uids) {
remove_default_rank($gid, $uids);
remove_default_avatar($gid, $uids);
}
group_set_user_default($group_id, $user_id_ary, $group_attributes);
$log = 'LOG_GROUP_DEFAULTS';
break;
}
// Clear permissions cache of relevant users
$auth->acl_clear_prefetch($user_id_ary);
add_log('admin', $log, $group_name, implode(', ', $username_ary));
group_update_listings($group_id);
return false;
}
*
*/
die("Please read the first lines of this script for instructions on how to enable it");
set_time_limit(0);
define('IN_PHPBB', true);
$phpbb_root_path = './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include $phpbb_root_path . 'common.' . $phpEx;
include $phpbb_root_path . '/includes/functions_user.' . $phpEx;
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
$bots = array('AdsBot [Google]' => array('AdsBot-Google', ''), 'Alexa [Bot]' => array('ia_archiver', ''), 'Alta Vista [Bot]' => array('Scooter/', ''), 'Ask Jeeves [Bot]' => array('Ask Jeeves', ''), 'Baidu [Spider]' => array('Baiduspider+(', ''), 'Exabot [Bot]' => array('Exabot/', ''), 'FAST Enterprise [Crawler]' => array('FAST Enterprise Crawler', ''), 'FAST WebCrawler [Crawler]' => array('FAST-WebCrawler/', ''), 'Francis [Bot]' => array('http://www.neomo.de/', ''), 'Gigabot [Bot]' => array('Gigabot/', ''), 'Google Adsense [Bot]' => array('Mediapartners-Google', ''), 'Google Desktop' => array('Google Desktop', ''), 'Google Feedfetcher' => array('Feedfetcher-Google', ''), 'Google [Bot]' => array('Googlebot', ''), 'Heise IT-Markt [Crawler]' => array('heise-IT-Markt-Crawler', ''), 'Heritrix [Crawler]' => array('heritrix/1.', ''), 'IBM Research [Bot]' => array('ibm.com/cs/crawler', ''), 'ICCrawler - ICjobs' => array('ICCrawler - ICjobs', ''), 'ichiro [Crawler]' => array('ichiro/2', ''), 'Majestic-12 [Bot]' => array('MJ12bot/', ''), 'Metager [Bot]' => array('MetagerBot/', ''), 'MSN NewsBlogs' => array('msnbot-NewsBlogs/', ''), 'MSN [Bot]' => array('msnbot/', ''), 'MSNbot Media' => array('msnbot-media/', ''), 'NG-Search [Bot]' => array('NG-Search/', ''), 'Nutch [Bot]' => array('http://lucene.apache.org/nutch/', ''), 'Nutch/CVS [Bot]' => array('NutchCVS/', ''), 'OmniExplorer [Bot]' => array('OmniExplorer_Bot/', ''), 'Online link [Validator]' => array('online link validator', ''), 'psbot [Picsearch]' => array('psbot/0', ''), 'Seekport [Bot]' => array('Seekbot/', ''), 'Sensis [Crawler]' => array('Sensis Web Crawler', ''), 'SEO Crawler' => array('SEO search Crawler/', ''), 'Seoma [Crawler]' => array('Seoma [SEO Crawler]', ''), 'SEOSearch [Crawler]' => array('SEOsearch/', ''), 'Snappy [Bot]' => array('Snappy/1.1 ( http://www.urltrends.com/ )', ''), 'Steeler [Crawler]' => array('http://www.tkl.iis.u-tokyo.ac.jp/~crawler/', ''), 'Synoo [Bot]' => array('SynooBot/', ''), 'Telekom [Bot]' => array('*****@*****.**', ''), 'TurnitinBot [Bot]' => array('TurnitinBot/', ''), 'Voyager [Bot]' => array('voyager/1.0', ''), 'W3 [Sitesearch]' => array('W3 SiteSearch Crawler', ''), 'W3C [Linkcheck]' => array('W3C-checklink/', ''), 'W3C [Validator]' => array('W3C_*Validator', ''), 'WiseNut [Bot]' => array('http://www.WISEnutbot.com', ''), 'YaCy [Bot]' => array('yacybot', ''), 'Yahoo MMCrawler [Bot]' => array('Yahoo-MMCrawler/', ''), 'Yahoo Slurp [Bot]' => array('Yahoo! DE Slurp', ''), 'Yahoo [Bot]' => array('Yahoo! Slurp', ''), 'YahooSeeker [Bot]' => array('YahooSeeker/', ''));
$bot_ids = array();
user_get_id_name($bot_ids, array_keys($bots), USER_IGNORE);
foreach ($bot_ids as $bot) {
user_delete('remove', $bot);
}
// Done
add_bots($bots);
echo 'done';
/**
* Add the search bots into the database
* This code should be used in execute_last if the source database did not have bots
* If you are converting bots this function should not be called
* @todo We might want to look at sharing the bot list between the install code and this code for consistency
*/
function add_bots($bots)
{
global $db, $config;
$sql = 'INSERT INTO ' . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)\n\t\t\tVALUES ({$user->data['user_id']}, {$topic_id}, 1)";
$db->sql_query($sql);
$is_subscribed = true;
} elseif ($action == 'unsubscribe' && $is_subscribed && $user->data['is_registered'] && !$user->data['is_bot']) {
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . "\n\t\t\tWHERE user_id = {$user->data['user_id']} AND topic_id = {$topic_id}";
$db->sql_query($sql);
$is_subscribed = false;
} elseif ($action == 'assign') {
// Check form
if (!check_form_key('bug_modify')) {
trigger_error('FORM_INVALID');
}
include "{$phpbb_root_path}includes/functions_user.{$phpEx}";
$user_id_ary = array();
$usernames = array(request_var('assigned', '', true));
user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER));
$new_assigned = empty($user_id_ary) ? 0 : $user_id_ary[0];
if ($new_assigned == $report['assigned_id']) {
trigger_error('CANNOT_REASSIGN_SAME', E_USER_NOTICE);
}
// Perform the action
$sql = 'UPDATE ' . BUGS_REPORTS_TABLE . ' SET report_assigned = ' . $new_assigned . ' WHERE report_id = ' . $report_id;
$db->sql_query($sql);
// Update the data queried before
$old_assigned_name = $report['assigned_name'];
$report['assigned_id'] = $new_assigned;
$report['assigned_name'] = $usernames[0];
if ($new_assigned != 0) {
$sql = 'SELECT u.user_colour FROM ' . USERS_TABLE . ' u WHERE u.user_id = ' . $new_assigned;
$result = $db->sql_query($sql);
$assigned = $db->sql_fetchrow($result);
public function get_user_id_from_name($username)
{
global $phpbb_root_path, $phpEx, $db, $config, $user, $auth, $cache, $template;
//user functions
require_once $phpbb_root_path . "includes/functions_user." . $phpEx;
$user_id = false;
if (!isset($username)) {
return false;
}
user_get_id_name($user_id, $username);
if (!isset($user_id[0])) {
return false;
}
return $user_id[0];
}
/**
* For composing messages, handle list actions
*/
function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc)
{
global $auth, $db, $user;
global $request;
// Delete User [TO/BCC]
if ($remove_u && $request->variable('remove_u', array(0 => ''))) {
$remove_user_id = array_keys($request->variable('remove_u', array(0 => '')));
if (isset($remove_user_id[0])) {
unset($address_list['u'][(int) $remove_user_id[0]]);
}
}
// Delete Group [TO/BCC]
if ($remove_g && $request->variable('remove_g', array(0 => ''))) {
$remove_group_id = array_keys($request->variable('remove_g', array(0 => '')));
if (isset($remove_group_id[0])) {
unset($address_list['g'][(int) $remove_group_id[0]]);
}
}
// Add Selected Groups
$group_list = request_var('group_list', array(0));
// Build usernames to add
$usernames = request_var('username', '', true);
$usernames = empty($usernames) ? array() : array($usernames);
$username_list = request_var('username_list', '', true);
if ($username_list) {
$usernames = array_merge($usernames, explode("\n", $username_list));
}
// If add to or add bcc not pressed, users could still have usernames listed they want to add...
if (!$add_to && !$add_bcc && (sizeof($group_list) || sizeof($usernames))) {
$add_to = true;
global $refresh, $submit, $preview;
$refresh = true;
$submit = false;
// Preview is only true if there was also a message entered
if (request_var('message', '')) {
$preview = true;
}
}
// Add User/Group [TO]
if ($add_to || $add_bcc) {
$type = $add_to ? 'to' : 'bcc';
if (sizeof($group_list)) {
foreach ($group_list as $group_id) {
$address_list['g'][$group_id] = $type;
}
}
// User ID's to add...
$user_id_ary = array();
// Reveal the correct user_ids
if (sizeof($usernames)) {
$user_id_ary = array();
user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE));
// If there are users not existing, we will at least print a notice...
if (!sizeof($user_id_ary)) {
$error[] = $user->lang['PM_NO_USERS'];
}
}
// Add Friends if specified
$friend_list = array_keys($request->variable('add_' . $type, array(0)));
$user_id_ary = array_merge($user_id_ary, $friend_list);
foreach ($user_id_ary as $user_id) {
if ($user_id == ANONYMOUS) {
continue;
}
$address_list['u'][$user_id] = $type;
}
}
// Check for disallowed recipients
if (!empty($address_list['u'])) {
$can_ignore_allow_pm = $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_');
// Administrator deactivated users check and we need to check their
// PM status (do they want to receive PM's?)
// Only check PM status if not a moderator or admin, since they
// are allowed to override this user setting
$sql = 'SELECT user_id, user_allow_pm
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . '
AND (
(user_type = ' . USER_INACTIVE . '
AND user_inactive_reason = ' . INACTIVE_MANUAL . ')
' . ($can_ignore_allow_pm ? '' : ' OR user_allow_pm = 0') . '
)';
$result = $db->sql_query($sql);
$removed_no_pm = $removed_no_permission = false;
while ($row = $db->sql_fetchrow($result)) {
if (!$can_ignore_allow_pm && !$row['user_allow_pm']) {
$removed_no_pm = true;
} else {
$removed_no_permission = true;
}
unset($address_list['u'][$row['user_id']]);
}
$db->sql_freeresult($result);
// print a notice about users not being added who do not want to receive pms
if ($removed_no_pm) {
$error[] = $user->lang['PM_USERS_REMOVED_NO_PM'];
}
// print a notice about users not being added who do not have permission to receive PMs
if ($removed_no_permission) {
$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
}
if (!sizeof(array_keys($address_list['u']))) {
return;
}
// Check if users have permission to read PMs
$can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm');
$can_read = empty($can_read) || !isset($can_read[0]['u_readpm']) ? array() : $can_read[0]['u_readpm'];
$cannot_read_list = array_diff(array_keys($address_list['u']), $can_read);
if (!empty($cannot_read_list)) {
foreach ($cannot_read_list as $cannot_read) {
unset($address_list['u'][$cannot_read]);
}
$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
}
// Check if users are banned
$banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false);
if (!empty($banned_user_list)) {
foreach ($banned_user_list as $banned_user) {
unset($address_list['u'][$banned_user]);
}
$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
}
}
}
public function convert_old_survey_data()
{
global $auth, $user;
if (!isset($this->config['survey_version'])) {
return;
}
if (!function_exists('user_get_id_name')) {
include "{$this->phpbb_root_path}includes/functions_user.{$this->php_ext}";
}
$user->add_lang_ext('kilianr/survey', 'survey');
$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' WHERE topic_survey = 1';
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result)) {
$topic_id = $row['topic_id'];
$sql = "SELECT * FROM {$this->table_prefix}survey WHERE topic_id = '{$topic_id}'";
$result2 = $this->db->sql_query($sql);
$old_settings = $this->db->sql_fetchrow($result2);
$this->db->sql_freeresult($result2);
if ($old_settings) {
$survey = new survey($this->db, $this->config, $user, $auth, $this->table_prefix . 'surveys', $this->table_prefix . 'surveys_questions', $this->table_prefix . 'surveys_q_choices', $this->table_prefix . 'surveys_entries', $this->table_prefix . 'surveys_answers');
$survey->enable($topic_id);
$survey->initialize($topic_id);
$survey->load_survey($topic_id);
// Convert the settings
$settings = array('caption' => $old_settings['survey_caption'] ? $old_settings['survey_caption'] : $user->lang('SURVEY'), 'show_order' => min(max((int) $old_settings['show_order'], 0), 2), 'reverse_order' => $old_settings['show_order'] == 3 ? 1 : 0, 'allow_change_answer' => $old_settings['allow_change_answers'] == 1 ? 1 : 0, 'allow_multiple_answer' => $old_settings['allow_change_answers'] == 2 ? 1 : 0, 'visibility' => $old_settings['hide_survey_results'] ? 3 : ($old_settings['hide_names_of_respondents'] ? 1 : 0), 'start_time' => $old_settings['survey_start'], 'stop_time' => $old_settings['survey_length'] == 0 ? null : $old_settings['survey_start'] + $old_settings['survey_length']);
$survey->change_config($settings);
// Convert the questions
$questions_skip = array();
$questions_label = array_map('trim', explode('|', $old_settings['questions']));
$questions_type = explode('|', $old_settings['question_types']);
$questions_choices = explode('|', htmlspecialchars_decode($old_settings['question_selections']));
$questions_sum_type = explode('|', $old_settings['question_sums']);
$questions_sum_by = array_map('trim', explode('|', $old_settings['question_selected_text']));
$questions_cap = explode('|', $old_settings['question_response_caps']);
$num_questions = min(sizeof($questions_label), sizeof($questions_type), sizeof($questions_choices), sizeof($questions_sum_type), sizeof($questions_sum_by), sizeof($questions_cap));
for ($i = 0; $i < $num_questions; $i++) {
$questions_skip[$i] = false;
if ($questions_label[$i] == '' || $survey->get_question_id_from_label($questions_label[$i], -1) != -1) {
$questions_skip[$i] = true;
continue;
}
$new_type = min(max((int) $questions_type[$i], 0), 5);
$new_type = $new_type == 2 ? 0 : $new_type;
$new_type = $new_type == 3 ? 4 : $new_type;
$question = array('label' => $questions_label[$i], 'example_answer' => '', 'type' => $new_type, 'random_choice_order' => 0, 'sum_type' => min(max((int) $questions_sum_type[$i] == 4 ? 2 : (int) $questions_sum_type[$i], 0), 3), 'sum_by' => $questions_sum_type[$i] == 3 ? $questions_sum_by[$i] : '', 'average' => $questions_sum_type[$i] == 4 ? 1 : 0, 'cap' => (int) $questions_cap[$i]);
$choices = array();
if ($new_type == 4 || $new_type == 5) {
if ($questions_choices[$i] == '') {
$questions_skip[$i] = true;
continue;
}
foreach (array_map('trim', array_unique(explode(";", $questions_choices[$i]))) as $choice) {
if ($choice == '') {
continue;
}
$choices[] = htmlspecialchars(str_replace(',', '', $choice));
}
}
$questions_type[$i] = $new_type;
$survey->add_question($question, $choices);
$questions_id[$i] = $survey->get_question_id_from_label($questions_label[$i], -1);
}
// Convert the answers
$sql = "SELECT user_id, answers FROM {$this->table_prefix}survey_answers WHERE survey_id = {$old_settings['survey_id']} ORDER BY response_order";
$result2 = $this->db->sql_query($sql);
while ($row2 = $this->db->sql_fetchrow($result2)) {
$username = array();
if (user_get_id_name($row2['user_id'], $username) == 'NO_USERS') {
continue;
}
$raw_answers = explode('|', $row2['answers']);
$answers = array();
$i = -1;
foreach ($raw_answers as $answer) {
++$i;
if ($i >= $num_questions || $questions_skip[$i]) {
continue;
}
if ($questions_type[$i] == 5) {
$answer = implode(',', array_map('trim', explode('&&', str_replace(',', '', $answer))));
}
if ($questions_type[$i] == 4) {
$answer = str_replace(',', '', trim($answer));
}
if (!$survey->check_answer($answer, $questions_id[$i])) {
continue;
}
$answers[$questions_id[$i]] = $answer;
}
$survey->add_entry($row2['user_id'], $answers);
}
$this->db->sql_freeresult($result2);
unset($survey);
}
}
$this->db->sql_freeresult($result);
}
/**
* This is used to promote (to leader), demote or set as default a member/s
*/
function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
{
global $db, $auth, $phpbb_root_path, $phpEx, $config;
// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary) || $result !== false) {
return 'NO_USERS';
}
if (!$group_name) {
$group_name = get_group_name($group_id);
}
switch ($action) {
case 'demote':
case 'promote':
$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 1\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$result = $db->sql_query_limit($sql, 1);
$not_empty = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($not_empty) {
return 'NO_VALID_USERS';
}
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = ' . ($action == 'promote' ? 1 : 0) . "\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND user_pending = 0\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
$log = $action == 'promote' ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
break;
case 'approve':
// Make sure we only approve those which are pending ;)
$sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
WHERE ug.group_id = ' . $group_id . '
AND ug.user_pending = 1
AND ug.user_id = u.user_id
AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
$result = $db->sql_query($sql);
$user_id_ary = $email_users = array();
while ($row = $db->sql_fetchrow($result)) {
$user_id_ary[] = $row['user_id'];
$email_users[] = $row;
}
$db->sql_freeresult($result);
if (!sizeof($user_id_ary)) {
return false;
}
$sql = 'UPDATE ' . USER_GROUP_TABLE . "\n\t\t\t\tSET user_pending = 0\n\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\tAND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
// Send approved email to users...
include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
$messenger = new messenger();
foreach ($email_users as $row) {
$messenger->template('group_approved', $row['user_lang']);
$messenger->to($row['user_email'], $row['username']);
$messenger->im($row['user_jabber'], $row['username']);
$messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username']), 'GROUP_NAME' => htmlspecialchars_decode($group_name), 'U_GROUP' => generate_board_url() . "/ucp.{$phpEx}?i=groups&mode=membership"));
$messenger->send($row['user_notify_type']);
}
$messenger->save_queue();
$log = 'LOG_USERS_APPROVED';
break;
case 'default':
$sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
$result = $db->sql_query($sql);
$groups = array();
while ($row = $db->sql_fetchrow($result)) {
if (!isset($groups[$row['group_id']])) {
$groups[$row['group_id']] = array();
}
$groups[$row['group_id']][] = $row['user_id'];
}
$db->sql_freeresult($result);
foreach ($groups as $gid => $uids) {
remove_default_rank($gid, $uids);
remove_default_avatar($gid, $uids);
}
group_set_user_default($group_id, $user_id_ary, $group_attributes);
$log = 'LOG_GROUP_DEFAULTS';
break;
}
// Clear permissions cache of relevant users
$auth->acl_clear_prefetch($user_id_ary);
add_log('admin', $log, $group_name, implode(', ', $username_ary));
group_update_listings($group_id);
return false;
}
private function add_sender($action)
{
include_once $this->phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $this->php_ext;
include_once $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext;
$this->user->add_lang(array('viewtopic'));
$this->user->add_lang(array('ucp'));
if (!$this->auth->acl_get('u_sendpm')) {
$this->error[] = array('error' => $this->user->lang['NO_AUTH_SEND_MESSAGE']);
return;
}
add_form_key('ucp_pm_compose');
// Grab only parameters needed here
$this->address_list = $this->request->variable('address_list', array('' => array(0 => '')));
//already exist recipients don't need to check permission
$this->user_list = array();
$usernames = array();
$username_list = $this->request->variable('username_list', '', true);
$message = '';
#region AddUsers
if ($username_list) {
$usernames = array_unique(explode("\n", $username_list));
if (sizeof($usernames)) {
$user_id_ary = array();
user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE));
$this->user_list = $this->get_user_list($usernames);
if (sizeof($this->user_list) < sizeof($usernames)) {
//find non-existing users
foreach ($usernames as $username) {
if (!$this->is_user_exists($username, $this->user_list)) {
$message .= sprintf($this->user->lang['NO_SUCH_USER'] . '<br />', $username);
}
}
}
if (sizeof($this->user_list)) {
// Now, make sure that new users not exist in address_list ;)
foreach ($this->user_list as $key => $user) {
if (isset($this->address_list['u'][$user['user_id']])) {
//user already recipient (don't need add and check it)
$message .= sprintf($this->user->lang['PMAJAX_USER_ALREADY_RECIPIENT'] . '<br />', $user['username']);
$user_id_ary = array_diff($user_id_ary, array($user['user_id']));
//remove ids of duplicate recipients
unset($this->user_list[$key]);
}
}
if (sizeof($user_id_ary)) {
// Check for disallowed recipients
$can_ignore_allow_pm = $this->auth->acl_gets('a_', 'm_') || $this->auth->acl_getf_global('m_');
// Administrator deactivated users check and we need to check their
// PM status (do they want to receive PM's?)
// Only check PM status if not a moderator or admin, since they
// are allowed to override this user setting
$sql = 'SELECT user_id, username, user_allow_pm
FROM ' . USERS_TABLE . '
WHERE ' . $this->db->sql_in_set('user_id', $user_id_ary) . '
AND (
(user_type = ' . USER_INACTIVE . '
AND user_inactive_reason = ' . INACTIVE_MANUAL . ')
' . ($can_ignore_allow_pm ? '' : ' OR user_allow_pm = 0') . '
)';
$result = $this->db->sql_query($sql);
$removed_no_pm = $removed_no_permission = false;
while ($row = $this->db->sql_fetchrow($result)) {
if (!$can_ignore_allow_pm && !$row['user_allow_pm']) {
$username = $this->remove_user_from_user_list($row['user_id']);
$message .= sprintf($this->user->lang['PMAJAX_USER_REMOVED_NO_PM'] . '<br />', $username);
} else {
$username = $this->remove_user_from_user_list($row['user_id']);
$message .= sprintf($this->user->lang['PMAJAX_USER_REMOVED_NO_PERMISSION'] . '<br />', $username);
}
$user_id_ary = array_diff($user_id_ary, array($row['user_id']));
//remove id for this user
}
$this->db->sql_freeresult($result);
}
//sizeof($user_id_ary))
if (sizeof($user_id_ary)) {
// Check if users have permission to read PMs
$can_read = $this->auth->acl_get_list($user_id_ary, 'u_readpm');
$can_read = empty($can_read) || !isset($can_read[0]['u_readpm']) ? array() : $can_read[0]['u_readpm'];
$cannot_read_list = array_diff($user_id_ary, $can_read);
if (!empty($cannot_read_list)) {
foreach ($cannot_read_list as $cannot_read) {
$username = $this->remove_user_from_user_list($cannot_read);
$user_id_ary = array_diff($user_id_ary, $cannot_read);
//remove id for this user
$message .= sprintf($this->user->lang['PMAJAX_USER_REMOVED_NO_PERMISSION'] . '<br />', $username);
}
}
}
if (sizeof($user_id_ary)) {
// Check if users are banned
$banned_user_list = phpbb_get_banned_user_ids($user_id_ary, false);
if (!empty($banned_user_list)) {
foreach ($banned_user_list as $banned_user) {
$username = $this->remove_user_from_user_list($banned_user);
$user_id_ary = array_diff($user_id_ary, $cannot_read);
//remove id for this user
$message .= sprintf($this->user->lang['PMAJAX_USER_REMOVED_NO_PERMISSION'] . '<br />', $username);
}
}
}
}
//sizeof($this->user_list
}
}
#endregion
$group_list = $this->request->variable('group_list', array(0));
$this->group_list = array();
#region AddGroups
// Check mass pm to group permission
if (sizeof($group_list) && (!$this->config['allow_mass_pm'] || !$this->auth->acl_get('u_masspm_group'))) {
$message .= $this->user->lang['NO_AUTH_GROUP_MESSAGE'] . '<br />';
$group_list = array();
}
if (sizeof($group_list)) {
$sql = 'SELECT g.group_id AS id, g.group_name AS name, g.group_colour AS colour, g.group_type
FROM ' . GROUPS_TABLE . ' g';
if (!$this->auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) {
$sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug
ON (
g.group_id = ug.group_id
AND ug.user_id = ' . $user->data['user_id'] . '
AND ug.user_pending = 0
)
WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $this->user->data['user_id'] . ')';
}
$sql .= $this->auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? ' WHERE ' : ' AND ';
$sql .= 'g.group_receive_pm = 1
AND ' . $this->db->sql_in_set('g.group_id', $group_list) . '
ORDER BY g.group_name ASC';
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result)) {
$row['name'] = $row['group_type'] == GROUP_SPECIAL ? $this->user->lang['G_' . $row['name']] : $row['name'];
// Now, make sure that group not exist in address_list
if (isset($this->address_list['g'][$row['id']])) {
$message .= sprintf($this->user->lang['PMAJAX_GROUP_ALREADY_RECIPIENT'] . '<br />', $row['name']);
} else {
$this->group_list[] = $row;
}
}
$this->db->sql_freeresult($result);
}
#endregion
#region Handle num recipients
$num_recipients = sizeof($this->user_list);
$pm_action = $this->request->variable('action', '');
$reply_to_all = $this->request->variable('reply_to_all', 0);
if (sizeof($this->user_list) + sizeof($this->group_list)) {
// Get maximum number of allowed recipients
$sql = 'SELECT MAX(g.group_max_recipients) as max_recipients
FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
WHERE ug.user_id = ' . $this->user->data['user_id'] . '
AND ug.user_pending = 0
AND ug.group_id = g.group_id';
$result = $this->db->sql_query($sql);
$max_recipients = (int) $this->db->sql_fetchfield('max_recipients');
$this->db->sql_freeresult($result);
$max_recipients = !$max_recipients ? $this->config['pm_max_recipients'] : $max_recipients;
// If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients
if (($pm_action == 'reply' || $pm_action == 'quote') && $max_recipients && $reply_to_all) {
$max_recipients = $max_recipients < sizeof($this->address_list['u']) ? sizeof($this->address_list['u']) : $max_recipients;
}
// Check for too many recipients
$num_recipients_exist = !empty($this->address_list['u']) ? sizeof($this->address_list['u']) : 0;
if ($max_recipients && $num_recipients_exist + $num_recipients > $max_recipients) {
$this->error[] = array('error' => $this->user->lang('PMAJAX_TOO_MANY_RECIPIENTS', $max_recipients));
return;
}
// Check mass pm to users permission
if ((!$this->config['allow_mass_pm'] || !$this->auth->acl_get('u_masspm')) && $num_recipients + $num_recipients_exist > 1) {
$this->error[] = array('error' => $this->user->lang('PMAJAX_TOO_MANY_RECIPIENTS', $max_recipients));
return;
}
}
#endregion
$add_to = $action == "add_to" ? true : false;
$add_bcc = $action == "add_bcc" ? true : false;
$type = $add_to ? 'to' : 'bcc';
//build output
$recipient_u = array();
$recipient_g = array();
foreach ($this->user_list as $user) {
$view_path = get_username_string('profile', $user['user_id'], $user['username'], $user['colour']);
$view_path = str_replace('../', '', $view_path);
$name_full = get_username_string('full', $user['user_id'], $user['username'], $user['colour']);
$name_full = str_replace('../', '', $name_full);
$row = array('UG_ID' => $user['user_id'], 'NAME' => $user['username'], 'COLOUR' => $user['colour'] ? '#' . $user['colour'] : '', 'NAME_FULL' => $name_full);
$recipient_u[] = $row;
}
$recipient_g = array();
foreach ($this->group_list as $group) {
$view_path = append_sid("{$this->phpbb_root_path}memberlist.{$this->php_ext}", 'mode=group&g=' . $group['id']);
$view_path = str_replace('../', '', $view_path);
$row = array('UG_ID' => $group['id'], 'NAME' => $group['name'], 'COLOUR' => $group['colour'] ? '#' . $group['colour'] : '#0000FF', 'U_VIEW' => $view_path);
$recipient_g[] = $row;
}
$this->return = array('RECIPIENT_U_LIST' => $recipient_u, 'RECIPIENT_G_LIST' => $recipient_g, 'NUM_RECIPIENTS' => sizeof($recipient_u) + sizeof($recipient_g), 'MESSAGE' => $message);
}
