Ejemplo n.º 1
0
    function main($id, $mode)
    {
        global $config, $src_root_path, $phpEx;
        global $db, $user, $auth, $template, $src_container;
        if (!$config['allow_password_reset']) {
            trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['srcrd_contact']) . '">', '</a>'));
        }
        $username = request_var('username', '', true);
        $email = strtolower(request_var('email', ''));
        $submit = isset($_POST['submit']) ? true : false;
        if ($submit) {
            $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
				FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE user_email_hash = '" . $db->sql_escape(src_email_hash($email)) . "'\n\t\t\t\t\tAND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
            $result = $db->sql_query($sql);
            $user_row = $db->sql_fetchrow($result);
            $db->sql_freeresult($result);
            if (!$user_row) {
                trigger_error('NO_EMAIL_USER');
            }
            if ($user_row['user_type'] == USER_IGNORE) {
                trigger_error('NO_USER');
            }
            if ($user_row['user_type'] == USER_INACTIVE) {
                if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) {
                    trigger_error('ACCOUNT_DEACTIVATED');
                } else {
                    trigger_error('ACCOUNT_NOT_ACTIVATED');
                }
            }
            // Check users permissions
            $auth2 = new \src\auth\auth();
            $auth2->acl($user_row);
            if (!$auth2->acl_get('u_chgpasswd')) {
                trigger_error('NO_AUTH_PASSWORD_REMINDER');
            }
            $server_url = generate_srcrd_url();
            // Make password at least 8 characters long, make it longer if admin wants to.
            // gen_rand_string() however has a limit of 12 or 13.
            $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
            // For the activation key a random length between 6 and 10 will do.
            $user_actkey = gen_rand_string(mt_rand(6, 10));
            // Instantiate passwords manager
            $passwords_manager = $src_container->get('passwords.manager');
            $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'\n\t\t\t\tWHERE user_id = " . $user_row['user_id'];
            $db->sql_query($sql);
            include_once $src_root_path . 'includes/functions_messenger.' . $phpEx;
            $messenger = new messenger(false);
            $messenger->template('user_activate_passwd', $user_row['user_lang']);
            $messenger->set_addresses($user_row);
            $messenger->anti_abuse_headers($config, $user);
            $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']), 'PASSWORD' => htmlspecialchars_decode($user_password), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_actkey}"));
            $messenger->send($user_row['user_notify_type']);
            meta_refresh(3, append_sid("{$src_root_path}index.{$phpEx}"));
            $message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$src_root_path}index.{$phpEx}") . '">', '</a>');
            trigger_error($message);
        }
        $template->assign_vars(array('USERNAME' => $username, 'EMAIL' => $email, 'S_PROFILE_ACTION' => append_sid($src_root_path . 'ucp.' . $phpEx, 'mode=sendpassword')));
        $this->tpl_name = 'ucp_remind';
        $this->page_title = 'UCP_REMIND';
    }
Ejemplo n.º 2
0
 /**
  * Run links through append_sid(), prepend generate_srcrd_url() and remove session id
  */
 public function get_srcrd_url()
 {
     static $srcrd_url;
     if (empty($srcrd_url)) {
         $srcrd_url = generate_srcrd_url();
     }
     return $srcrd_url;
 }
Ejemplo n.º 3
0
 /**
  * {inheritDoc}
  */
 public function submit(\messenger $messenger)
 {
     if (!$this->recipient_address || !preg_match('/^' . get_preg_expression('email') . '$/i', $this->recipient_address)) {
         $this->errors[] = $this->user->lang['EMPTY_ADDRESS_EMAIL'];
     }
     if (!$this->recipient_name) {
         $this->errors[] = $this->user->lang['EMPTY_NAME_EMAIL'];
     }
     $this->message->set_template('email_notify');
     $this->message->set_template_vars(array('TOPIC_NAME' => htmlspecialchars_decode($this->topic_row['topic_title']), 'U_TOPIC' => generate_srcrd_url() . '/viewtopic.' . $this->phpEx . '?f=' . $this->topic_row['forum_id'] . '&t=' . $this->topic_id));
     $this->message->set_body($this->body);
     $this->message->add_recipient($this->recipient_name, $this->recipient_address, $this->recipient_lang, NOTIFY_EMAIL);
     $this->message->set_sender_notify_type(NOTIFY_EMAIL);
     parent::submit($messenger);
 }
Ejemplo n.º 4
0
 /**
  * Notify using src messenger
  *
  * @param int $notify_method				Notify method for messenger (e.g. NOTIFY_IM)
  * @param string $template_dir_prefix	Base directory to prepend to the email template name
  *
  * @return null
  */
 protected function notify_using_messenger($notify_method, $template_dir_prefix = '')
 {
     if (empty($this->queue)) {
         return;
     }
     // Load all users we want to notify (we need their email address)
     $user_ids = $users = array();
     foreach ($this->queue as $notification) {
         $user_ids[] = $notification->user_id;
     }
     // We do not send emails to banned users
     if (!function_exists('src_get_banned_user_ids')) {
         include $this->src_root_path . 'includes/functions_user.' . $this->php_ext;
     }
     $banned_users = src_get_banned_user_ids($user_ids);
     // Load all the users we need
     $this->user_loader->load_users($user_ids);
     // Load the messenger
     if (!class_exists('messenger')) {
         include $this->src_root_path . 'includes/functions_messenger.' . $this->php_ext;
     }
     $messenger = new \messenger();
     $srcrd_url = generate_srcrd_url();
     // Time to go through the queue and send emails
     foreach ($this->queue as $notification) {
         if ($notification->get_email_template() === false) {
             continue;
         }
         $user = $this->user_loader->get_user($notification->user_id);
         if ($user['user_type'] == USER_IGNORE || in_array($notification->user_id, $banned_users)) {
             continue;
         }
         $messenger->template($template_dir_prefix . $notification->get_email_template(), $user['user_lang']);
         $messenger->set_addresses($user);
         $messenger->assign_vars(array_merge(array('USERNAME' => $user['username'], 'U_NOTIFICATION_SETTINGS' => generate_srcrd_url() . '/ucp.' . $this->php_ext . '?i=ucp_notifications'), $notification->get_email_template_variables()));
         $messenger->send($notify_method);
     }
     // Save the queue in the messenger class (has to be called or these emails could be lost?)
     $messenger->save_queue();
     // We're done, empty the queue
     $this->empty_queue();
 }
Ejemplo n.º 5
0
 /**
  * {@inheritdoc}
  */
 public function get_email_template_variables()
 {
     $srcrd_url = generate_srcrd_url();
     $username = $this->user_loader->get_username($this->item_id, 'username');
     return array('USERNAME' => htmlspecialchars_decode($username), 'U_USER_DETAILS' => "{$srcrd_url}/memberlist.{$this->php_ext}?mode=viewprofile&u={$this->item_id}", 'U_ACTIVATE' => "{$srcrd_url}/ucp.{$this->php_ext}?mode=activate&u={$this->item_id}&k={$this->get_data('user_actkey')}");
 }
Ejemplo n.º 6
0
/**
* Get the srcrd contact details (e.g. for emails)
*
* @param \src\config\config	$config
* @param string					$phpEx
* @return string
*/
function src_get_srcrd_contact(\src\config\config $config, $phpEx)
{
    if ($config['contact_admin_form_enable']) {
        return generate_srcrd_url() . '/memberlist.' . $phpEx . '?mode=contactadmin';
    } else {
        return $config['srcrd_contact'];
    }
}
Ejemplo n.º 7
0
 /**
  * Return the current url
  *
  * @return string
  */
 public function get_current_url()
 {
     return generate_srcrd_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true);
 }
Ejemplo n.º 8
0
 /**
  * Get email template variables
  *
  * @return array
  */
 public function get_email_template_variables()
 {
     return array('AUTHOR_NAME' => htmlspecialchars_decode($user_data['username']), 'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))), 'U_VIEW_REPORT' => generate_srcrd_url() . "mcp.{$this->php_ext}?r={$this->item_parent_id}&amp;i=pm_reports&amp;mode=pm_report_details");
 }
Ejemplo n.º 9
0
 /**
  * Get email template variables
  *
  * @return array
  */
 public function get_email_template_variables()
 {
     if ($this->get_data('post_username')) {
         $username = $this->get_data('post_username');
     } else {
         $username = $this->user_loader->get_username($this->get_data('poster_id'), 'username');
     }
     return array('AUTHOR_NAME' => htmlspecialchars_decode($username), 'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject'))), 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title'))), 'U_VIEW_POST' => generate_srcrd_url() . "/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}", 'U_NEWEST_POST' => generate_srcrd_url() . "/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}&e=1&view=unread#unread", 'U_TOPIC' => generate_srcrd_url() . "/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}", 'U_VIEW_TOPIC' => generate_srcrd_url() . "/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}", 'U_FORUM' => generate_srcrd_url() . "/viewforum.{$this->php_ext}?f={$this->get_data('forum_id')}", 'U_STOP_WATCHING_TOPIC' => generate_srcrd_url() . "/viewtopic.{$this->php_ext}?uid={$this->user_id}&f={$this->get_data('forum_id')}&t={$this->item_parent_id}&unwatch=topic");
 }
Ejemplo n.º 10
0
    function main($id, $mode)
    {
        global $config, $src_root_path, $phpEx;
        global $db, $user, $auth, $template;
        $username = request_var('username', '', true);
        $email = strtolower(request_var('email', ''));
        $submit = isset($_POST['submit']) ? true : false;
        add_form_key('ucp_resend');
        if ($submit) {
            if (!check_form_key('ucp_resend')) {
                trigger_error('FORM_INVALID');
            }
            $sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
				FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE user_email_hash = '" . $db->sql_escape(src_email_hash($email)) . "'\n\t\t\t\t\tAND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
            $result = $db->sql_query($sql);
            $user_row = $db->sql_fetchrow($result);
            $db->sql_freeresult($result);
            if (!$user_row) {
                trigger_error('NO_EMAIL_USER');
            }
            if ($user_row['user_type'] == USER_IGNORE) {
                trigger_error('NO_USER');
            }
            if (!$user_row['user_actkey'] && $user_row['user_type'] != USER_INACTIVE) {
                trigger_error('ACCOUNT_ALREADY_ACTIVATED');
            }
            if (!$user_row['user_actkey'] || $user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_MANUAL) {
                trigger_error('ACCOUNT_DEACTIVATED');
            }
            // Determine coppa status on group (REGISTERED(_COPPA))
            $sql = 'SELECT group_name, group_type
				FROM ' . GROUPS_TABLE . '
				WHERE group_id = ' . $user_row['group_id'];
            $result = $db->sql_query($sql);
            $row = $db->sql_fetchrow($result);
            $db->sql_freeresult($result);
            if (!$row) {
                trigger_error('NO_GROUP');
            }
            $coppa = $row['group_name'] == 'REGISTERED_COPPA' && $row['group_type'] == GROUP_SPECIAL ? true : false;
            include_once $src_root_path . 'includes/functions_messenger.' . $phpEx;
            $messenger = new messenger(false);
            if ($config['require_activation'] == USER_ACTIVATION_SELF || $coppa) {
                $messenger->template($coppa ? 'coppa_resend_inactive' : 'user_resend_inactive', $user_row['user_lang']);
                $messenger->set_addresses($user_row);
                $messenger->anti_abuse_headers($config, $user);
                $messenger->assign_vars(array('WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'U_ACTIVATE' => generate_srcrd_url() . "/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}"));
                if ($coppa) {
                    $messenger->assign_vars(array('FAX_INFO' => $config['coppa_fax'], 'MAIL_INFO' => $config['coppa_mail'], 'EMAIL_ADDRESS' => $user_row['user_email']));
                }
                $messenger->send(NOTIFY_EMAIL);
            }
            if ($config['require_activation'] == USER_ACTIVATION_ADMIN) {
                // Grab an array of user_id's with a_user permissions ... these users can activate a user
                $admin_ary = $auth->acl_get_list(false, 'a_user', false);
                $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
					FROM ' . USERS_TABLE . '
					WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']);
                $result = $db->sql_query($sql);
                while ($row = $db->sql_fetchrow($result)) {
                    $messenger->template('admin_activate', $row['user_lang']);
                    $messenger->set_addresses($row);
                    $messenger->anti_abuse_headers($config, $user);
                    $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']), 'U_USER_DETAILS' => generate_srcrd_url() . "/memberlist.{$phpEx}?mode=viewprofile&u={$user_row['user_id']}", 'U_ACTIVATE' => generate_srcrd_url() . "/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}"));
                    $messenger->send($row['user_notify_type']);
                }
                $db->sql_freeresult($result);
            }
            meta_refresh(3, append_sid("{$src_root_path}index.{$phpEx}"));
            $message = $config['require_activation'] == USER_ACTIVATION_ADMIN ? $user->lang['ACTIVATION_EMAIL_SENT_ADMIN'] : $user->lang['ACTIVATION_EMAIL_SENT'];
            $message .= '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$src_root_path}index.{$phpEx}") . '">', '</a>');
            trigger_error($message);
        }
        $template->assign_vars(array('USERNAME' => $username, 'EMAIL' => $email, 'S_PROFILE_ACTION' => append_sid($src_root_path . 'ucp.' . $phpEx, 'mode=resend_act')));
        $this->tpl_name = 'ucp_resend';
        $this->page_title = 'UCP_RESEND';
    }
Ejemplo n.º 11
0
* @var	int		post_id				Post ID
* @var	array	quickmod_array		Array with quick moderation options data
* @var	int		start				Pagination information
* @var	array	topic_data			Array with topic data
* @var	int		topic_id			Topic ID
* @var	array	topic_tracking_info	Array with topic tracking data
* @var	int		total_posts			Topic total posts count
* @var	string	viewtopic_url		URL to the topic page
* @since 3.1.0-RC4
* @change 3.1.2-RC1 Added viewtopic_url
*/
$vars = array('base_url', 'forum_id', 'post_id', 'quickmod_array', 'start', 'topic_data', 'topic_id', 'topic_tracking_info', 'total_posts', 'viewtopic_url');
extract($src_dispatcher->trigger_event('core.viewtopic_assign_template_vars_before', compact($vars)));
$pagination->generate_template_pagination($base_url, 'pagination', 'start', $total_posts, $config['posts_per_page'], $start);
// Send vars to template
$template->assign_vars(array('FORUM_ID' => $forum_id, 'FORUM_NAME' => $topic_data['forum_name'], 'FORUM_DESC' => generate_text_for_display($topic_data['forum_desc'], $topic_data['forum_desc_uid'], $topic_data['forum_desc_bitfield'], $topic_data['forum_desc_options']), 'TOPIC_ID' => $topic_id, 'TOPIC_TITLE' => $topic_data['topic_title'], 'TOPIC_POSTER' => $topic_data['topic_poster'], 'TOPIC_AUTHOR_FULL' => get_username_string('full', $topic_data['topic_poster'], $topic_data['topic_first_poster_name'], $topic_data['topic_first_poster_colour']), 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $topic_data['topic_poster'], $topic_data['topic_first_poster_name'], $topic_data['topic_first_poster_colour']), 'TOPIC_AUTHOR' => get_username_string('username', $topic_data['topic_poster'], $topic_data['topic_first_poster_name'], $topic_data['topic_first_poster_colour']), 'TOTAL_POSTS' => $user->lang('VIEW_TOPIC_POSTS', (int) $total_posts), 'U_MCP' => $auth->acl_get('m_', $forum_id) ? append_sid("{$src_root_path}mcp.{$phpEx}", "i=main&amp;mode=topic_view&amp;f={$forum_id}&amp;t={$topic_id}" . ($start == 0 ? '' : "&amp;start={$start}") . (strlen($u_sort_param) ? "&amp;{$u_sort_param}" : ''), true, $user->session_id) : '', 'MODERATORS' => isset($forum_moderators[$forum_id]) && sizeof($forum_moderators[$forum_id]) ? implode($user->lang['COMMA_SEPARATOR'], $forum_moderators[$forum_id]) : '', 'POST_IMG' => $topic_data['forum_status'] == ITEM_LOCKED ? $user->img('button_topic_locked', 'FORUM_LOCKED') : $user->img('button_topic_new', 'POST_NEW_TOPIC'), 'QUOTE_IMG' => $user->img('icon_post_quote', 'REPLY_WITH_QUOTE'), 'REPLY_IMG' => $topic_data['forum_status'] == ITEM_LOCKED || $topic_data['topic_status'] == ITEM_LOCKED ? $user->img('button_topic_locked', 'TOPIC_LOCKED') : $user->img('button_topic_reply', 'REPLY_TO_TOPIC'), 'EDIT_IMG' => $user->img('icon_post_edit', 'EDIT_POST'), 'DELETE_IMG' => $user->img('icon_post_delete', 'DELETE_POST'), 'DELETED_IMG' => $user->img('icon_topic_deleted', 'POST_DELETED_RESTORE'), 'INFO_IMG' => $user->img('icon_post_info', 'VIEW_INFO'), 'PROFILE_IMG' => $user->img('icon_user_profile', 'READ_PROFILE'), 'SEARCH_IMG' => $user->img('icon_user_search', 'SEARCH_USER_POSTS'), 'PM_IMG' => $user->img('icon_contact_pm', 'SEND_PRIVATE_MESSAGE'), 'EMAIL_IMG' => $user->img('icon_contact_email', 'SEND_EMAIL'), 'JABBER_IMG' => $user->img('icon_contact_jabber', 'JABBER'), 'REPORT_IMG' => $user->img('icon_post_report', 'REPORT_POST'), 'REPORTED_IMG' => $user->img('icon_topic_reported', 'POST_REPORTED'), 'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', 'POST_UNAPPROVED'), 'WARN_IMG' => $user->img('icon_user_warn', 'WARN_USER'), 'S_IS_LOCKED' => $topic_data['topic_status'] == ITEM_UNLOCKED && $topic_data['forum_status'] == ITEM_UNLOCKED ? false : true, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_SINGLE_MODERATOR' => !empty($forum_moderators[$forum_id]) && sizeof($forum_moderators[$forum_id]) > 1 ? false : true, 'S_TOPIC_ACTION' => append_sid("{$src_root_path}viewtopic.{$phpEx}", "f={$forum_id}&amp;t={$topic_id}" . ($start == 0 ? '' : "&amp;start={$start}")), 'S_MOD_ACTION' => $s_quickmod_action, 'L_RETURN_TO_FORUM' => $user->lang('RETURN_TO', $topic_data['forum_name']), 'S_VIEWTOPIC' => true, 'S_UNREAD_VIEW' => $view == 'unread', 'S_DISPLAY_SEARCHBOX' => $auth->acl_get('u_search') && $auth->acl_get('f_search', $forum_id) && $config['load_search'] ? true : false, 'S_SEARCHBOX_ACTION' => append_sid("{$src_root_path}search.{$phpEx}"), 'S_SEARCH_LOCAL_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields), 'S_DISPLAY_POST_INFO' => $topic_data['forum_type'] == FORUM_POST && ($auth->acl_get('f_post', $forum_id) || $user->data['user_id'] == ANONYMOUS) ? true : false, 'S_DISPLAY_REPLY_INFO' => $topic_data['forum_type'] == FORUM_POST && ($auth->acl_get('f_reply', $forum_id) || $user->data['user_id'] == ANONYMOUS) ? true : false, 'S_ENABLE_FEEDS_TOPIC' => $config['feed_topic'] && !src_optionget(FORUM_OPTION_FEED_EXCLUDE, $topic_data['forum_options']) ? true : false, 'U_TOPIC' => "{$server_path}viewtopic.{$phpEx}?f={$forum_id}&amp;t={$topic_id}", 'U_FORUM' => $server_path, 'U_VIEW_TOPIC' => $viewtopic_url, 'U_CANONICAL' => generate_srcrd_url() . '/' . append_sid("viewtopic.{$phpEx}", "t={$topic_id}" . ($start ? "&amp;start={$start}" : ''), true, ''), 'U_VIEW_FORUM' => append_sid("{$src_root_path}viewforum.{$phpEx}", 'f=' . $forum_id), 'U_VIEW_OLDER_TOPIC' => append_sid("{$src_root_path}viewtopic.{$phpEx}", "f={$forum_id}&amp;t={$topic_id}&amp;view=previous"), 'U_VIEW_NEWER_TOPIC' => append_sid("{$src_root_path}viewtopic.{$phpEx}", "f={$forum_id}&amp;t={$topic_id}&amp;view=next"), 'U_PRINT_TOPIC' => $auth->acl_get('f_print', $forum_id) ? $viewtopic_url . '&amp;view=print' : '', 'U_EMAIL_TOPIC' => $auth->acl_get('f_email', $forum_id) && $config['email_enable'] ? append_sid("{$src_root_path}memberlist.{$phpEx}", "mode=email&amp;t={$topic_id}") : '', 'U_WATCH_TOPIC' => $s_watching_topic['link'], 'U_WATCH_TOPIC_TOGGLE' => $s_watching_topic['link_toggle'], 'S_WATCH_TOPIC_TITLE' => $s_watching_topic['title'], 'S_WATCH_TOPIC_TOGGLE' => $s_watching_topic['title_toggle'], 'S_WATCHING_TOPIC' => $s_watching_topic['is_watching'], 'U_BOOKMARK_TOPIC' => $user->data['is_registered'] && $config['allow_bookmarks'] ? $viewtopic_url . '&amp;bookmark=1&amp;hash=' . generate_link_hash("topic_{$topic_id}") : '', 'S_BOOKMARK_TOPIC' => $user->data['is_registered'] && $config['allow_bookmarks'] && $topic_data['bookmarked'] ? $user->lang['BOOKMARK_TOPIC_REMOVE'] : $user->lang['BOOKMARK_TOPIC'], 'S_BOOKMARK_TOGGLE' => !$user->data['is_registered'] || !$config['allow_bookmarks'] || !$topic_data['bookmarked'] ? $user->lang['BOOKMARK_TOPIC_REMOVE'] : $user->lang['BOOKMARK_TOPIC'], 'S_BOOKMARKED_TOPIC' => $user->data['is_registered'] && $config['allow_bookmarks'] && $topic_data['bookmarked'] ? true : false, 'U_POST_NEW_TOPIC' => $auth->acl_get('f_post', $forum_id) || $user->data['user_id'] == ANONYMOUS ? append_sid("{$src_root_path}posting.{$phpEx}", "mode=post&amp;f={$forum_id}") : '', 'U_POST_REPLY_TOPIC' => $auth->acl_get('f_reply', $forum_id) || $user->data['user_id'] == ANONYMOUS ? append_sid("{$src_root_path}posting.{$phpEx}", "mode=reply&amp;f={$forum_id}&amp;t={$topic_id}") : '', 'U_BUMP_TOPIC' => bump_topic_allowed($forum_id, $topic_data['topic_bumped'], $topic_data['topic_last_post_time'], $topic_data['topic_poster'], $topic_data['topic_last_poster_id']) ? append_sid("{$src_root_path}posting.{$phpEx}", "mode=bump&amp;f={$forum_id}&amp;t={$topic_id}&amp;hash=" . generate_link_hash("topic_{$topic_id}")) : ''));
// Does this topic contain a poll?
if (!empty($topic_data['poll_start'])) {
    $sql = 'SELECT o.*, p.bbcode_bitfield, p.bbcode_uid
		FROM ' . POLL_OPTIONS_TABLE . ' o, ' . POSTS_TABLE . " p\n\t\tWHERE o.topic_id = {$topic_id}\n\t\t\tAND p.post_id = {$topic_data['topic_first_post_id']}\n\t\t\tAND p.topic_id = o.topic_id\n\t\tORDER BY o.poll_option_id";
    $result = $db->sql_query($sql);
    $poll_info = $vote_counts = array();
    while ($row = $db->sql_fetchrow($result)) {
        $poll_info[] = $row;
        $option_id = (int) $row['poll_option_id'];
        $vote_counts[$option_id] = (int) $row['poll_option_total'];
    }
    $db->sql_freeresult($result);
    $cur_voted_id = array();
    if ($user->data['is_registered']) {
        $sql = 'SELECT poll_option_id
Ejemplo n.º 12
0
    function main($id, $mode)
    {
        global $cache, $config, $db, $user, $auth, $template, $src_root_path, $phpEx;
        global $request, $src_container, $src_dispatcher;
        $user->add_lang('posting');
        $preview = $request->variable('preview', false, false, \src\request\request_interface::POST);
        $submit = $request->variable('submit', false, false, \src\request\request_interface::POST);
        $delete = $request->variable('delete', false, false, \src\request\request_interface::POST);
        $error = $data = array();
        $s_hidden_fields = '';
        switch ($mode) {
            case 'reg_details':
                $data = array('username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)), 'email' => strtolower(request_var('email', $user->data['user_email'])), 'new_password' => $request->variable('new_password', '', true), 'cur_password' => $request->variable('cur_password', '', true), 'password_confirm' => $request->variable('password_confirm', '', true));
                /**
                 * Modify user registration data on editing account settings in UCP
                 *
                 * @event core.ucp_profile_reg_details_data
                 * @var	array	data		Array with current or updated user registration data
                 * @var	bool	submit		Flag indicating if submit button has been pressed
                 * @since 3.1.4-RC1
                 */
                $vars = array('data', 'submit');
                extract($src_dispatcher->trigger_event('core.ucp_profile_reg_details_data', compact($vars)));
                add_form_key('ucp_reg_details');
                if ($submit) {
                    // Do not check cur_password, it is the old one.
                    $check_ary = array('new_password' => array(array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('user_email')));
                    if ($auth->acl_get('u_chgname') && $config['allow_namechange']) {
                        $check_ary['username'] = array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username'));
                    }
                    $error = validate_data($data, $check_ary);
                    if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) {
                        $error[] = $data['password_confirm'] ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
                    }
                    // Instantiate passwords manager
                    $passwords_manager = $src_container->get('passwords.manager');
                    // Only check the new password against the previous password if there have been no errors
                    if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password'])) {
                        $error[] = 'SAME_PASSWORD_ERROR';
                    }
                    if (!$passwords_manager->check($data['cur_password'], $user->data['user_password'])) {
                        $error[] = $data['cur_password'] ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
                    }
                    if (!check_form_key('ucp_reg_details')) {
                        $error[] = 'FORM_INVALID';
                    }
                    /**
                     * Validate user data on editing registration data in UCP
                     *
                     * @event core.ucp_profile_reg_details_validate
                     * @var	array	data			Array with user profile data
                     * @var	bool	submit			Flag indicating if submit button has been pressed
                     * @var array	error			Array of any generated errors
                     * @since 3.1.4-RC1
                     */
                    $vars = array('data', 'submit', 'error');
                    extract($src_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars)));
                    if (!sizeof($error)) {
                        $sql_ary = array('username' => $auth->acl_get('u_chgname') && $config['allow_namechange'] ? $data['username'] : $user->data['username'], 'username_clean' => $auth->acl_get('u_chgname') && $config['allow_namechange'] ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => $auth->acl_get('u_chgemail') ? $data['email'] : $user->data['user_email'], 'user_email_hash' => $auth->acl_get('u_chgemail') ? src_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => $auth->acl_get('u_chgpasswd') && $data['new_password'] ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'], 'user_passchg' => $auth->acl_get('u_chgpasswd') && $data['new_password'] ? time() : 0);
                        if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) {
                            add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
                        }
                        if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password'])) {
                            $user->reset_login_keys();
                            add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
                        }
                        if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) {
                            add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']);
                        }
                        $message = 'PROFILE_UPDATED';
                        if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN)) {
                            $message = $config['require_activation'] == USER_ACTIVATION_SELF ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
                            include_once $src_root_path . 'includes/functions_messenger.' . $phpEx;
                            $server_url = generate_srcrd_url();
                            $user_actkey = gen_rand_string(mt_rand(6, 10));
                            $messenger = new messenger(false);
                            $template_file = $config['require_activation'] == USER_ACTIVATION_ADMIN ? 'user_activate_inactive' : 'user_activate';
                            $messenger->template($template_file, $user->data['user_lang']);
                            $messenger->to($data['email'], $data['username']);
                            $messenger->anti_abuse_headers($config, $user);
                            $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user->data['user_id']}&k={$user_actkey}"));
                            $messenger->send(NOTIFY_EMAIL);
                            if ($config['require_activation'] == USER_ACTIVATION_ADMIN) {
                                // Grab an array of user_id's with a_user permissions ... these users can activate a user
                                $admin_ary = $auth->acl_get_list(false, 'a_user', false);
                                $admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array();
                                // Also include founders
                                $where_sql = ' WHERE user_type = ' . USER_FOUNDER;
                                if (sizeof($admin_ary)) {
                                    $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
                                }
                                $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
									FROM ' . USERS_TABLE . ' ' . $where_sql;
                                $result = $db->sql_query($sql);
                                while ($row = $db->sql_fetchrow($result)) {
                                    $messenger->template('admin_activate', $row['user_lang']);
                                    $messenger->set_addresses($row);
                                    $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user->data['user_id']}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user->data['user_id']}&k={$user_actkey}"));
                                    $messenger->send($row['user_notify_type']);
                                }
                                $db->sql_freeresult($result);
                            }
                            user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
                            // Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
                            $sql_ary['user_actkey'] = $user_actkey;
                            $sql_ary['user_newpasswd'] = '';
                        }
                        /**
                         * Modify user registration data before submitting it to the database
                         *
                         * @event core.ucp_profile_reg_details_sql_ary
                         * @var	array	data		Array with current or updated user registration data
                         * @var	array	sql_ary		Array with user registration data to submit to the database
                         * @since 3.1.4-RC1
                         */
                        $vars = array('data', 'sql_ary');
                        extract($src_dispatcher->trigger_event('core.ucp_profile_reg_details_sql_ary', compact($vars)));
                        if (sizeof($sql_ary)) {
                            $sql = 'UPDATE ' . USERS_TABLE . '
								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
								WHERE user_id = ' . $user->data['user_id'];
                            $db->sql_query($sql);
                        }
                        // Need to update config, forum, topic, posting, messages, etc.
                        if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange']) {
                            user_update_name($user->data['username'], $data['username']);
                        }
                        // Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
                        if (!empty($sql_ary['user_actkey'])) {
                            meta_refresh(5, append_sid($src_root_path . 'index.' . $phpEx));
                            $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($src_root_path . 'index.' . $phpEx) . '">', '</a>');
                            // Because the user gets deactivated we log him out too, killing his session
                            $user->session_kill();
                        } else {
                            meta_refresh(3, $this->u_action);
                            $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                        }
                        trigger_error($message);
                    }
                    // Replace "error" strings with their real, localised form
                    $error = array_map(array($user, 'lang'), $error);
                }
                $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'EMAIL' => $data['email'], 'PASSWORD_CONFIRM' => $data['password_confirm'], 'NEW_PASSWORD' => $data['new_password'], 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), 'S_FORCE_PASSWORD' => $auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - $config['chg_passforce'] * 86400 ? true : false, 'S_CHANGE_USERNAME' => $config['allow_namechange'] && $auth->acl_get('u_chgname') ? true : false, 'S_CHANGE_EMAIL' => $auth->acl_get('u_chgemail') ? true : false, 'S_CHANGE_PASSWORD' => $auth->acl_get('u_chgpasswd') ? true : false));
                break;
            case 'profile_info':
                // Do not display profile information panel if not authed to do so
                if (!$auth->acl_get('u_chgprofileinfo')) {
                    trigger_error('NO_AUTH_PROFILEINFO');
                }
                $cp = $src_container->get('profilefields.manager');
                $cp_data = $cp_error = array();
                $data = array('jabber' => utf8_normalize_nfc(request_var('jabber', $user->data['user_jabber'], true)));
                if ($config['allow_birthdays']) {
                    $data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0;
                    if ($user->data['user_birthday']) {
                        list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
                    }
                    $data['bday_day'] = request_var('bday_day', $data['bday_day']);
                    $data['bday_month'] = request_var('bday_month', $data['bday_month']);
                    $data['bday_year'] = request_var('bday_year', $data['bday_year']);
                    $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
                }
                /**
                 * Modify user data on editing profile in UCP
                 *
                 * @event core.ucp_profile_modify_profile_info
                 * @var	array	data		Array with user profile data
                 * @var	bool	submit		Flag indicating if submit button has been pressed
                 * @since 3.1.4-RC1
                 */
                $vars = array('data', 'submit');
                extract($src_dispatcher->trigger_event('core.ucp_profile_modify_profile_info', compact($vars)));
                add_form_key('ucp_profile_info');
                if ($submit) {
                    $validate_array = array('jabber' => array(array('string', true, 5, 255), array('jabber')));
                    if ($config['allow_birthdays']) {
                        $validate_array = array_merge($validate_array, array('bday_day' => array('num', true, 1, 31), 'bday_month' => array('num', true, 1, 12), 'bday_year' => array('num', true, 1901, gmdate('Y', time()) + 50), 'user_birthday' => array('date', true)));
                    }
                    $error = validate_data($data, $validate_array);
                    // validate custom profile fields
                    $cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
                    if (sizeof($cp_error)) {
                        $error = array_merge($error, $cp_error);
                    }
                    if (!check_form_key('ucp_profile_info')) {
                        $error[] = 'FORM_INVALID';
                    }
                    /**
                     * Validate user data on editing profile in UCP
                     *
                     * @event core.ucp_profile_validate_profile_info
                     * @var	array	data			Array with user profile data
                     * @var	bool	submit			Flag indicating if submit button has been pressed
                     * @var array	error			Array of any generated errors
                     * @since 3.1.4-RC1
                     */
                    $vars = array('data', 'submit', 'error');
                    extract($src_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars)));
                    if (!sizeof($error)) {
                        $data['notify'] = $user->data['user_notify_type'];
                        if ($data['notify'] == NOTIFY_IM && (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml'))) {
                            // User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
                            // Disable notify by Jabber now for this user.
                            $data['notify'] = NOTIFY_EMAIL;
                        }
                        $sql_ary = array('user_jabber' => $data['jabber'], 'user_notify_type' => $data['notify']);
                        if ($config['allow_birthdays']) {
                            $sql_ary['user_birthday'] = $data['user_birthday'];
                        }
                        /**
                         * Modify profile data in UCP before submitting to the database
                         *
                         * @event core.ucp_profile_info_modify_sql_ary
                         * @var	array	cp_data		Array with the user custom profile fields data
                         * @var	array	data		Array with user profile data
                         * @var  array	sql_ary		user options data we update
                         * @since 3.1.4-RC1
                         */
                        $vars = array('cp_data', 'data', 'sql_ary');
                        extract($src_dispatcher->trigger_event('core.ucp_profile_info_modify_sql_ary', compact($vars)));
                        $sql = 'UPDATE ' . USERS_TABLE . '
							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
							WHERE user_id = ' . $user->data['user_id'];
                        $db->sql_query($sql);
                        // Update Custom Fields
                        $cp->update_profile_field_data($user->data['user_id'], $cp_data);
                        meta_refresh(3, $this->u_action);
                        $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                        trigger_error($message);
                    }
                    // Replace "error" strings with their real, localised form
                    $error = array_map(array($user, 'lang'), $error);
                }
                if ($config['allow_birthdays']) {
                    $s_birthday_day_options = '<option value="0"' . (!$data['bday_day'] ? ' selected="selected"' : '') . '>--</option>';
                    for ($i = 1; $i < 32; $i++) {
                        $selected = $i == $data['bday_day'] ? ' selected="selected"' : '';
                        $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                    }
                    $s_birthday_month_options = '<option value="0"' . (!$data['bday_month'] ? ' selected="selected"' : '') . '>--</option>';
                    for ($i = 1; $i < 13; $i++) {
                        $selected = $i == $data['bday_month'] ? ' selected="selected"' : '';
                        $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                    }
                    $s_birthday_year_options = '';
                    $now = getdate();
                    $s_birthday_year_options = '<option value="0"' . (!$data['bday_year'] ? ' selected="selected"' : '') . '>--</option>';
                    for ($i = $now['year'] - 100; $i <= $now['year']; $i++) {
                        $selected = $i == $data['bday_year'] ? ' selected="selected"' : '';
                        $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                    }
                    unset($now);
                    $template->assign_vars(array('S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 'S_BIRTHDAYS_ENABLED' => true));
                }
                $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'S_JABBER_ENABLED' => $config['jab_enable'], 'JABBER' => $data['jabber']));
                // Get additional profile fields and assign them to the template block var 'profile_fields'
                $user->get_profile_fields($user->data['user_id']);
                $cp->generate_profile_fields('profile', $user->get_iso_lang_id());
                break;
            case 'signature':
                if (!$auth->acl_get('u_sig')) {
                    trigger_error('NO_AUTH_SIGNATURE');
                }
                include $src_root_path . 'includes/functions_posting.' . $phpEx;
                include $src_root_path . 'includes/functions_display.' . $phpEx;
                $enable_bbcode = $config['allow_sig_bbcode'] ? (bool) $user->optionget('sig_bbcode') : false;
                $enable_smilies = $config['allow_sig_smilies'] ? (bool) $user->optionget('sig_smilies') : false;
                $enable_urls = $config['allow_sig_links'] ? (bool) $user->optionget('sig_links') : false;
                $signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true));
                add_form_key('ucp_sig');
                if ($submit || $preview) {
                    include $src_root_path . 'includes/message_parser.' . $phpEx;
                    $enable_bbcode = $config['allow_sig_bbcode'] ? request_var('disable_bbcode', false) ? false : true : false;
                    $enable_smilies = $config['allow_sig_smilies'] ? request_var('disable_smilies', false) ? false : true : false;
                    $enable_urls = $config['allow_sig_links'] ? request_var('disable_magic_url', false) ? false : true : false;
                    if (!sizeof($error)) {
                        $message_parser = new parse_message($signature);
                        // Allowing Quote BBCode
                        $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
                        if (sizeof($message_parser->warn_msg)) {
                            $error[] = implode('<br />', $message_parser->warn_msg);
                        }
                        if (!check_form_key('ucp_sig')) {
                            $error[] = 'FORM_INVALID';
                        }
                        if (!sizeof($error) && $submit) {
                            $user->optionset('sig_bbcode', $enable_bbcode);
                            $user->optionset('sig_smilies', $enable_smilies);
                            $user->optionset('sig_links', $enable_urls);
                            $sql_ary = array('user_sig' => (string) $message_parser->message, 'user_options' => $user->data['user_options'], 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => $message_parser->bbcode_bitfield);
                            $sql = 'UPDATE ' . USERS_TABLE . '
								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
								WHERE user_id = ' . $user->data['user_id'];
                            $db->sql_query($sql);
                            $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                            trigger_error($message);
                        }
                    }
                    // Replace "error" strings with their real, localised form
                    $error = array_map(array($user, 'lang'), $error);
                }
                $signature_preview = '';
                if ($preview) {
                    // Now parse it for displaying
                    $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false);
                    unset($message_parser);
                }
                decode_message($signature, $user->data['user_sig_bbcode_uid']);
                $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => !$enable_bbcode ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => !$enable_smilies ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => !$enable_urls ? ' checked="checked"' : '', 'BBCODE_STATUS' => $config['allow_sig_bbcode'] ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$src_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$src_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'SMILIES_STATUS' => $config['allow_sig_smilies'] ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => $config['allow_sig_img'] ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $config['allow_sig_flash'] ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'URL_STATUS' => $config['allow_sig_links'] ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_sig_font_size'], 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 'S_BBCODE_IMG' => $config['allow_sig_img'] ? true : false, 'S_BBCODE_FLASH' => $config['allow_sig_flash'] ? true : false, 'S_LINKS_ALLOWED' => $config['allow_sig_links'] ? true : false));
                // Build custom bbcodes array
                display_custom_bbcodes();
                // Generate smiley listing
                generate_smilies('inline', 0);
                break;
            case 'avatar':
                add_form_key('ucp_avatar');
                $avatars_enabled = false;
                if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar')) {
                    $src_avatar_manager = $src_container->get('avatar.manager');
                    $avatar_drivers = $src_avatar_manager->get_enabled_drivers();
                    // This is normalised data, without the user_ prefix
                    $avatar_data = \src\avatar\manager::clean_row($user->data, 'user');
                    if ($submit) {
                        if (check_form_key('ucp_avatar')) {
                            $driver_name = $src_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
                            if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) {
                                $driver = $src_avatar_manager->get_driver($driver_name);
                                $result = $driver->process_form($request, $template, $user, $avatar_data, $error);
                                if ($result && empty($error)) {
                                    // Success! Lets save the result in the database
                                    $result = array('user_avatar_type' => $driver_name, 'user_avatar' => $result['avatar'], 'user_avatar_width' => $result['avatar_width'], 'user_avatar_height' => $result['avatar_height']);
                                    $sql = 'UPDATE ' . USERS_TABLE . '
										SET ' . $db->sql_build_array('UPDATE', $result) . '
										WHERE user_id = ' . (int) $user->data['user_id'];
                                    $db->sql_query($sql);
                                    meta_refresh(3, $this->u_action);
                                    $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                                    trigger_error($message);
                                }
                            }
                        } else {
                            $error[] = 'FORM_INVALID';
                        }
                    }
                    // Handle deletion of avatars
                    if ($request->is_set_post('avatar_delete')) {
                        if (!confirm_box(true)) {
                            confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array('avatar_delete' => true, 'i' => $id, 'mode' => $mode)));
                        } else {
                            $src_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
                            meta_refresh(3, $this->u_action);
                            $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                            trigger_error($message);
                        }
                    }
                    $selected_driver = $src_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type']));
                    foreach ($avatar_drivers as $current_driver) {
                        $driver = $src_avatar_manager->get_driver($current_driver);
                        $avatars_enabled = true;
                        $template->set_filenames(array('avatar' => $driver->get_template_name()));
                        if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) {
                            $driver_name = $src_avatar_manager->prepare_driver_name($current_driver);
                            $driver_upper = strtoupper($driver_name);
                            $template->assign_block_vars('avatar_drivers', array('L_TITLE' => $user->lang($driver_upper . '_TITLE'), 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 'DRIVER' => $driver_name, 'SELECTED' => $current_driver == $selected_driver, 'OUTPUT' => $template->assign_display('avatar')));
                        }
                    }
                    // Replace "error" strings with their real, localised form
                    $error = $src_avatar_manager->localize_errors($user, $error);
                }
                $avatar = src_get_user_avatar($user->data, 'USER_AVATAR', true);
                $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'AVATAR' => $avatar, 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 'L_AVATAR_EXPLAIN' => src_avatar_explanation_string(), 'S_AVATARS_ENABLED' => $config['allow_avatar'] && $avatars_enabled));
                break;
            case 'autologin_keys':
                add_form_key('ucp_autologin_keys');
                if ($submit) {
                    $keys = request_var('keys', array(''));
                    if (!check_form_key('ucp_autologin_keys')) {
                        $error[] = 'FORM_INVALID';
                    }
                    if (!sizeof($error)) {
                        if (!empty($keys)) {
                            foreach ($keys as $key => $id) {
                                $keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
                            }
                            $sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
                            $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
								WHERE user_id = ' . (int) $user->data['user_id'] . '
								AND ' . $sql_where;
                            $db->sql_query($sql);
                            meta_refresh(3, $this->u_action);
                            $message = $user->lang['AUTOLOGIN_SESSION_KEYS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                            trigger_error($message);
                        }
                    }
                    // Replace "error" strings with their real, localised form
                    $error = array_map(array($user, 'lang'), $error);
                }
                $sql = 'SELECT key_id, last_ip, last_login
					FROM ' . SESSIONS_KEYS_TABLE . '
					WHERE user_id = ' . (int) $user->data['user_id'] . '
					ORDER BY last_login ASC';
                $result = $db->sql_query($sql);
                while ($row = $db->sql_fetchrow($result)) {
                    $template->assign_block_vars('sessions', array('KEY' => substr($row['key_id'], 0, 8), 'IP' => $row['last_ip'], 'LOGIN_TIME' => $user->format_date($row['last_login'])));
                }
                $db->sql_freeresult($result);
                break;
        }
        $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'L_TITLE' => $user->lang['UCP_PROFILE_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => $this->u_action));
        // Set desired template
        $this->tpl_name = 'ucp_profile_' . $mode;
        $this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
    }
Ejemplo n.º 13
0
/**
* Generate Topic Icons for display
*/
function posting_gen_topic_icons($mode, $icon_id)
{
    global $src_root_path, $config, $template, $cache;
    // Grab icons
    $icons = $cache->obtain_icons();
    if (!$icon_id) {
        $template->assign_var('S_NO_ICON_CHECKED', ' checked="checked"');
    }
    if (sizeof($icons)) {
        $root_path = defined('src_USE_srcRD_URL_PATH') && src_USE_srcRD_URL_PATH ? generate_srcrd_url() . '/' : $src_root_path;
        foreach ($icons as $id => $data) {
            if ($data['display']) {
                $template->assign_block_vars('topic_icon', array('ICON_ID' => $id, 'ICON_IMG' => $root_path . $config['icons_path'] . '/' . $data['img'], 'ICON_WIDTH' => $data['width'], 'ICON_HEIGHT' => $data['height'], 'S_CHECKED' => $id == $icon_id ? true : false, 'S_ICON_CHECKED' => $id == $icon_id ? ' checked="checked"' : ''));
            }
        }
        return true;
    }
    return false;
}
Ejemplo n.º 14
0
 /**
  * Get email template variables
  *
  * @return array
  */
 public function get_email_template_variables()
 {
     $srcrd_url = generate_srcrd_url();
     return array('POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject'))), 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title'))), 'U_VIEW_REPORT' => "{$srcrd_url}/mcp.{$this->php_ext}?f={$this->get_data('forum_id')}&amp;p={$this->item_id}&amp;i=reports&amp;mode=report_details#reports", 'U_VIEW_POST' => "{$srcrd_url}/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}", 'U_NEWEST_POST' => "{$srcrd_url}/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}&view=unread#unread", 'U_TOPIC' => "{$srcrd_url}/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}", 'U_VIEW_TOPIC' => "{$srcrd_url}/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}", 'U_FORUM' => "{$srcrd_url}/viewforum.{$this->php_ext}?f={$this->get_data('forum_id')}");
 }
Ejemplo n.º 15
0
     redirect(append_sid("{$src_root_path}index.{$phpEx}"));
     break;
 case 'terms':
 case 'privacy':
     $message = $mode == 'terms' ? 'TERMS_OF_USE_CONTENT' : 'PRIVACY_POLICY';
     $title = $mode == 'terms' ? 'TERMS_USE' : 'PRIVACY';
     if (empty($user->lang[$message])) {
         if ($user->data['is_registered']) {
             redirect(append_sid("{$src_root_path}index.{$phpEx}"));
         }
         login_box();
     }
     $template->set_filenames(array('body' => 'ucp_agreement.html'));
     // Disable online list
     page_header($user->lang[$title]);
     $template->assign_vars(array('S_AGREEMENT' => true, 'AGREEMENT_TITLE' => $user->lang[$title], 'AGREEMENT_TEXT' => sprintf($user->lang[$message], $config['sitename'], generate_srcrd_url()), 'U_BACK' => append_sid("{$src_root_path}ucp.{$phpEx}", 'mode=login'), 'L_BACK' => $user->lang['BACK_TO_LOGIN']));
     page_footer();
     break;
 case 'delete_cookies':
     // Delete Cookies with dynamic names (do NOT delete poll cookies)
     if (confirm_box(true)) {
         $set_time = time() - 31536000;
         foreach ($request->variable_names(\src\request\request_interface::COOKIE) as $cookie_name) {
             $cookie_data = $request->variable($cookie_name, '', true, \src\request\request_interface::COOKIE);
             // Only delete srcrd cookies, no other ones...
             if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0) {
                 continue;
             }
             $cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);
             /**
              * Event to save custom cookies from deletion
Ejemplo n.º 16
0
        $vars = array('member', 'user_notes_enabled', 'warn_user_enabled', 'zebra_enabled', 'friends_enabled', 'foes_enabled', 'friend', 'foe', 'profile_fields');
        extract($src_dispatcher->trigger_event('core.memberlist_view_profile', compact($vars)));
        $template->assign_vars(src_show_profile($member, $user_notes_enabled, $warn_user_enabled));
        // If the user has m_approve permission or a_user permission, then list then display unapproved posts
        if ($auth->acl_getf_global('m_approve') || $auth->acl_get('a_user')) {
            $sql = 'SELECT COUNT(post_id) as posts_in_queue
				FROM ' . POSTS_TABLE . '
				WHERE poster_id = ' . $user_id . '
					AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
            $result = $db->sql_query($sql);
            $member['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
            $db->sql_freeresult($result);
        } else {
            $member['posts_in_queue'] = 0;
        }
        $template->assign_vars(array('L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $member['posts_in_queue']), 'POSTS_DAY' => $user->lang('POST_DAY', $posts_per_day), 'POSTS_PCT' => $user->lang('POST_PCT', $percentage), 'SIGNATURE' => $member['user_sig'], 'POSTS_IN_QUEUE' => $member['posts_in_queue'], 'PM_IMG' => $user->img('icon_contact_pm', $user->lang['SEND_PRIVATE_MESSAGE']), 'L_SEND_EMAIL_USER' => $user->lang('SEND_EMAIL_USER', $member['username']), 'EMAIL_IMG' => $user->img('icon_contact_email', $user->lang['EMAIL']), 'JABBER_IMG' => $user->img('icon_contact_jabber', $user->lang['JABBER']), 'SEARCH_IMG' => $user->img('icon_user_search', $user->lang['SEARCH']), 'S_PROFILE_ACTION' => append_sid("{$src_root_path}memberlist.{$phpEx}", 'mode=group'), 'S_GROUP_OPTIONS' => $group_options, 'S_CUSTOM_FIELDS' => isset($profile_fields['row']) && sizeof($profile_fields['row']) ? true : false, 'U_USER_ADMIN' => $auth->acl_get('a_user') ? append_sid("{$src_admin_path}index.{$phpEx}", 'i=users&amp;mode=overview&amp;u=' . $user_id, true, $user->session_id) : '', 'U_USER_BAN' => $auth->acl_get('m_ban') && $user_id != $user->data['user_id'] ? append_sid("{$src_root_path}mcp.{$phpEx}", 'i=ban&amp;mode=user&amp;u=' . $user_id, true, $user->session_id) : '', 'U_MCP_QUEUE' => $auth->acl_getf_global('m_approve') ? append_sid("{$src_root_path}mcp.{$phpEx}", 'i=queue', true, $user->session_id) : '', 'U_SWITCH_PERMISSIONS' => $auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id ? append_sid("{$src_root_path}ucp.{$phpEx}", "mode=switch_perm&amp;u={$user_id}&amp;hash=" . generate_link_hash('switchperm')) : '', 'U_EDIT_SELF' => $user_id == $user->data['user_id'] && $auth->acl_get('u_chgprofileinfo') ? append_sid("{$src_root_path}ucp.{$phpEx}", 'i=ucp_profile&amp;mode=profile_info') : '', 'S_USER_NOTES' => $user_notes_enabled ? true : false, 'S_WARN_USER' => $warn_user_enabled ? true : false, 'S_ZEBRA' => $user->data['user_id'] != $user_id && $user->data['is_registered'] && $zebra_enabled ? true : false, 'U_ADD_FRIEND' => !$friend && !$foe && $friends_enabled ? append_sid("{$src_root_path}ucp.{$phpEx}", 'i=zebra&amp;add=' . urlencode(htmlspecialchars_decode($member['username']))) : '', 'U_ADD_FOE' => !$friend && !$foe && $foes_enabled ? append_sid("{$src_root_path}ucp.{$phpEx}", 'i=zebra&amp;mode=foes&amp;add=' . urlencode(htmlspecialchars_decode($member['username']))) : '', 'U_REMOVE_FRIEND' => $friend && $friends_enabled ? append_sid("{$src_root_path}ucp.{$phpEx}", 'i=zebra&amp;remove=1&amp;usernames[]=' . $user_id) : '', 'U_REMOVE_FOE' => $foe && $foes_enabled ? append_sid("{$src_root_path}ucp.{$phpEx}", 'i=zebra&amp;remove=1&amp;mode=foes&amp;usernames[]=' . $user_id) : '', 'U_CANONICAL' => generate_srcrd_url() . '/' . append_sid("memberlist.{$phpEx}", 'mode=viewprofile&amp;u=' . $user_id, true, '')));
        if (!empty($profile_fields['row'])) {
            $template->assign_vars($profile_fields['row']);
        }
        if (!empty($profile_fields['blockrow'])) {
            foreach ($profile_fields['blockrow'] as $field_data) {
                $template->assign_block_vars('custom_fields', $field_data);
            }
        }
        // Inactive reason/account?
        if ($member['user_type'] == USER_INACTIVE) {
            $user->add_lang('acp/common');
            $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
            switch ($member['user_inactive_reason']) {
                case INACTIVE_REGISTER:
                    $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
Ejemplo n.º 17
0
}
// Basic pagewide vars
$post_alt = $forum_data['forum_status'] == ITEM_LOCKED ? $user->lang['FORUM_LOCKED'] : $user->lang['POST_NEW_TOPIC'];
// Display active topics?
$s_display_active = $forum_data['forum_type'] == FORUM_CAT && $forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS ? true : false;
$s_search_hidden_fields = array('fid' => array($forum_id));
if ($_SID) {
    $s_search_hidden_fields['sid'] = $_SID;
}
if (!empty($_EXTRA_URL)) {
    foreach ($_EXTRA_URL as $url_param) {
        $url_param = explode('=', $url_param, 2);
        $s_search_hidden_fields[$url_param[0]] = $url_param[1];
    }
}
$template->assign_vars(array('MODERATORS' => !empty($moderators[$forum_id]) ? implode($user->lang['COMMA_SEPARATOR'], $moderators[$forum_id]) : '', 'POST_IMG' => $forum_data['forum_status'] == ITEM_LOCKED ? $user->img('button_topic_locked', $post_alt) : $user->img('button_topic_new', $post_alt), 'NEWEST_POST_IMG' => $user->img('icon_topic_newest', 'VIEW_NEWEST_POST'), 'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'), 'FOLDER_IMG' => $user->img('topic_read', 'NO_UNREAD_POSTS'), 'FOLDER_UNREAD_IMG' => $user->img('topic_unread', 'UNREAD_POSTS'), 'FOLDER_HOT_IMG' => $user->img('topic_read_hot', 'NO_UNREAD_POSTS_HOT'), 'FOLDER_HOT_UNREAD_IMG' => $user->img('topic_unread_hot', 'UNREAD_POSTS_HOT'), 'FOLDER_LOCKED_IMG' => $user->img('topic_read_locked', 'NO_UNREAD_POSTS_LOCKED'), 'FOLDER_LOCKED_UNREAD_IMG' => $user->img('topic_unread_locked', 'UNREAD_POSTS_LOCKED'), 'FOLDER_STICKY_IMG' => $user->img('sticky_read', 'POST_STICKY'), 'FOLDER_STICKY_UNREAD_IMG' => $user->img('sticky_unread', 'POST_STICKY'), 'FOLDER_ANNOUNCE_IMG' => $user->img('announce_read', 'POST_ANNOUNCEMENT'), 'FOLDER_ANNOUNCE_UNREAD_IMG' => $user->img('announce_unread', 'POST_ANNOUNCEMENT'), 'FOLDER_MOVED_IMG' => $user->img('topic_moved', 'TOPIC_MOVED'), 'REPORTED_IMG' => $user->img('icon_topic_reported', 'TOPIC_REPORTED'), 'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', 'TOPIC_UNAPPROVED'), 'DELETED_IMG' => $user->img('icon_topic_deleted', 'TOPIC_DELETED'), 'POLL_IMG' => $user->img('icon_topic_poll', 'TOPIC_POLL'), 'GOTO_PAGE_IMG' => $user->img('icon_post_target', 'GOTO_PAGE'), 'L_NO_TOPICS' => $forum_data['forum_status'] == ITEM_LOCKED ? $user->lang['POST_FORUM_LOCKED'] : $user->lang['NO_TOPICS'], 'S_DISPLAY_POST_INFO' => $forum_data['forum_type'] == FORUM_POST && ($auth->acl_get('f_post', $forum_id) || $user->data['user_id'] == ANONYMOUS) ? true : false, 'S_IS_POSTABLE' => $forum_data['forum_type'] == FORUM_POST ? true : false, 'S_USER_CAN_POST' => $auth->acl_get('f_post', $forum_id) ? true : false, 'S_DISPLAY_ACTIVE' => $s_display_active, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_TOPIC_ICONS' => $s_display_active && sizeof($active_forum_ary) ? max($active_forum_ary['enable_icons']) : ($forum_data['enable_icons'] ? true : false), 'U_WATCH_FORUM_LINK' => $s_watching_forum['link'], 'U_WATCH_FORUM_TOGGLE' => $s_watching_forum['link_toggle'], 'S_WATCH_FORUM_TITLE' => $s_watching_forum['title'], 'S_WATCH_FORUM_TOGGLE' => $s_watching_forum['title_toggle'], 'S_WATCHING_FORUM' => $s_watching_forum['is_watching'], 'S_FORUM_ACTION' => append_sid("{$src_root_path}viewforum.{$phpEx}", "f={$forum_id}" . ($start == 0 ? '' : "&amp;start={$start}")), 'S_DISPLAY_SEARCHBOX' => $auth->acl_get('u_search') && $auth->acl_get('f_search', $forum_id) && $config['load_search'] ? true : false, 'S_SEARCHBOX_ACTION' => append_sid("{$src_root_path}search.{$phpEx}"), 'S_SEARCH_LOCAL_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields), 'S_SINGLE_MODERATOR' => !empty($moderators[$forum_id]) && sizeof($moderators[$forum_id]) > 1 ? false : true, 'S_IS_LOCKED' => $forum_data['forum_status'] == ITEM_LOCKED ? true : false, 'S_VIEWFORUM' => true, 'U_MCP' => $auth->acl_get('m_', $forum_id) ? append_sid("{$src_root_path}mcp.{$phpEx}", "f={$forum_id}&amp;i=main&amp;mode=forum_view", true, $user->session_id) : '', 'U_POST_NEW_TOPIC' => $auth->acl_get('f_post', $forum_id) || $user->data['user_id'] == ANONYMOUS ? append_sid("{$src_root_path}posting.{$phpEx}", 'mode=post&amp;f=' . $forum_id) : '', 'U_VIEW_FORUM' => append_sid("{$src_root_path}viewforum.{$phpEx}", "f={$forum_id}" . (strlen($u_sort_param) ? "&amp;{$u_sort_param}" : '') . ($start == 0 ? '' : "&amp;start={$start}")), 'U_CANONICAL' => generate_srcrd_url() . '/' . append_sid("viewforum.{$phpEx}", "f={$forum_id}" . ($start ? "&amp;start={$start}" : ''), true, ''), 'U_MARK_TOPICS' => $user->data['is_registered'] || $config['load_anon_lastread'] ? append_sid("{$src_root_path}viewforum.{$phpEx}", 'hash=' . generate_link_hash('global') . "&amp;f={$forum_id}&amp;mark=topics&amp;mark_time=" . time()) : ''));
// Grab icons
$icons = $cache->obtain_icons();
// Grab all topic data
$rowset = $announcement_list = $topic_list = $global_announce_forums = array();
$sql_array = array('SELECT' => 't.*', 'FROM' => array(TOPICS_TABLE => 't'), 'LEFT_JOIN' => array());
/**
* Event to modify the SQL query before the topic data is retrieved
*
* It may also be used to override the above assigned template vars
*
* @event core.viewforum_get_topic_data
* @var	array	forum_data			Array with forum data
* @var	array	sql_array			The SQL array to get the data of all topics
* @var	array	forum_id			The forum_id whose topics are being listed
* @var	array	topics_count		The total number of topics for display
Ejemplo n.º 18
0
    function main($id, $mode)
    {
        global $config, $db, $user, $auth, $template, $cache;
        global $src_root_path, $src_admin_path, $phpEx, $table_prefix, $file_uploads;
        global $src_dispatcher, $request;
        global $src_container;
        $user->add_lang(array('posting', 'ucp', 'acp/users'));
        $this->tpl_name = 'acp_users';
        $error = array();
        $username = utf8_normalize_nfc(request_var('username', '', true));
        $user_id = request_var('u', 0);
        $action = request_var('action', '');
        $submit = isset($_POST['update']) && !isset($_POST['cancel']) ? true : false;
        $form_name = 'acp_users';
        add_form_key($form_name);
        // Whois (special case)
        if ($action == 'whois') {
            include $src_root_path . 'includes/functions_user.' . $phpEx;
            $this->page_title = 'WHOIS';
            $this->tpl_name = 'simple_body';
            $user_ip = src_ip_normalise(request_var('user_ip', ''));
            $domain = gethostbyaddr($user_ip);
            $ipwhois = user_ipwhois($user_ip);
            $template->assign_vars(array('MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), 'MESSAGE_TEXT' => nl2br($ipwhois)));
            return;
        }
        // Show user selection mask
        if (!$username && !$user_id) {
            $this->page_title = 'SELECT_USER';
            $template->assign_vars(array('U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$src_root_path}memberlist.{$phpEx}", 'mode=searchuser&amp;form=select_user&amp;field=username&amp;select_single=true')));
            return;
        }
        if (!$user_id) {
            $sql = 'SELECT user_id
				FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
            $result = $db->sql_query($sql);
            $user_id = (int) $db->sql_fetchfield('user_id');
            $db->sql_freeresult($result);
            if (!$user_id) {
                trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
            }
        }
        // Generate content for all modes
        $sql = 'SELECT u.*, s.*
			FROM ' . USERS_TABLE . ' u
				LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
			WHERE u.user_id = ' . $user_id . '
			ORDER BY s.session_time DESC';
        $result = $db->sql_query_limit($sql, 1);
        $user_row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if (!$user_row) {
            trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
        }
        // Generate overall "header" for user admin
        $s_form_options = '';
        // Build modes dropdown list
        $sql = 'SELECT module_mode, module_auth
			FROM ' . MODULES_TABLE . "\n\t\t\tWHERE module_basename = 'acp_users'\n\t\t\t\tAND module_enabled = 1\n\t\t\t\tAND module_class = 'acp'\n\t\t\tORDER BY left_id, module_mode";
        $result = $db->sql_query($sql);
        $dropdown_modes = array();
        while ($row = $db->sql_fetchrow($result)) {
            if (!$this->p_master->module_auth_self($row['module_auth'])) {
                continue;
            }
            $dropdown_modes[$row['module_mode']] = true;
        }
        $db->sql_freeresult($result);
        foreach ($dropdown_modes as $module_mode => $null) {
            $selected = $mode == $module_mode ? ' selected="selected"' : '';
            $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>';
        }
        $template->assign_vars(array('U_BACK' => $this->u_action, 'U_MODE_SELECT' => append_sid("{$src_admin_path}index.{$phpEx}", "i={$id}&amp;u={$user_id}"), 'U_ACTION' => $this->u_action . '&amp;u=' . $user_id, 'S_FORM_OPTIONS' => $s_form_options, 'MANAGED_USERNAME' => $user_row['username']));
        // Prevent normal users/admins change/view founders if they are not a founder by themselves
        if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) {
            trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING);
        }
        $this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode));
        switch ($mode) {
            case 'overview':
                include $src_root_path . 'includes/functions_user.' . $phpEx;
                $user->add_lang('acp/ban');
                $delete = request_var('delete', 0);
                $delete_type = request_var('delete_type', '');
                $ip = request_var('ip', 'ip');
                /**
                 * Run code at beginning of ACP users overview
                 *
                 * @event core.acp_users_overview_before
                 * @var	array   user_row    Current user data
                 * @var	string  mode        Active module
                 * @var	string  action      Module that should be run
                 * @var	bool    submit      Do we display the form only
                 *                          or did the user press submit
                 * @var	array   error       Array holding error messages
                 * @since 3.1.3-RC1
                 */
                $vars = array('user_row', 'mode', 'action', 'submit', 'error');
                extract($src_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars)));
                if ($submit) {
                    if ($delete) {
                        if (!$auth->acl_get('a_userdel')) {
                            trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                        }
                        // Check if the user wants to remove himself or the guest user account
                        if ($user_id == ANONYMOUS) {
                            trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                        }
                        // Founders can not be deleted.
                        if ($user_row['user_type'] == USER_FOUNDER) {
                            trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                        }
                        if ($user_id == $user->data['user_id']) {
                            trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                        }
                        if ($delete_type) {
                            if (confirm_box(true)) {
                                user_delete($delete_type, $user_id, $user_row['username']);
                                add_log('admin', 'LOG_USER_DELETED', $user_row['username']);
                                trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action));
                            } else {
                                confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true, 'delete' => 1, 'delete_type' => $delete_type)));
                            }
                        } else {
                            trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                        }
                    }
                    // Handle quicktool actions
                    switch ($action) {
                        case 'banuser':
                        case 'banemail':
                        case 'banip':
                            if ($user_id == $user->data['user_id']) {
                                trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($user_id == ANONYMOUS) {
                                trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($user_row['user_type'] == USER_FOUNDER) {
                                trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if (!check_form_key($form_name)) {
                                trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            $ban = array();
                            switch ($action) {
                                case 'banuser':
                                    $ban[] = $user_row['username'];
                                    $reason = 'USER_ADMIN_BAN_NAME_REASON';
                                    $log = 'LOG_USER_BAN_USER';
                                    break;
                                case 'banemail':
                                    $ban[] = $user_row['user_email'];
                                    $reason = 'USER_ADMIN_BAN_EMAIL_REASON';
                                    $log = 'LOG_USER_BAN_EMAIL';
                                    break;
                                case 'banip':
                                    $ban[] = $user_row['user_ip'];
                                    $sql = 'SELECT DISTINCT poster_ip
										FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\tWHERE poster_id = {$user_id}";
                                    $result = $db->sql_query($sql);
                                    while ($row = $db->sql_fetchrow($result)) {
                                        $ban[] = $row['poster_ip'];
                                    }
                                    $db->sql_freeresult($result);
                                    $reason = 'USER_ADMIN_BAN_IP_REASON';
                                    $log = 'LOG_USER_BAN_IP';
                                    break;
                            }
                            $ban_reason = utf8_normalize_nfc(request_var('ban_reason', $user->lang[$reason], true));
                            $ban_give_reason = utf8_normalize_nfc(request_var('ban_give_reason', '', true));
                            // Log not used at the moment, we simply utilize the ban function.
                            $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
                            trigger_error(($result === false ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            break;
                        case 'reactivate':
                            if ($user_id == $user->data['user_id']) {
                                trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if (!check_form_key($form_name)) {
                                trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($user_row['user_type'] == USER_FOUNDER) {
                                trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($user_row['user_type'] == USER_IGNORE) {
                                trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($config['email_enable']) {
                                include_once $src_root_path . 'includes/functions_messenger.' . $phpEx;
                                $server_url = generate_srcrd_url();
                                $user_actkey = gen_rand_string(mt_rand(6, 10));
                                $email_template = $user_row['user_type'] == USER_NORMAL ? 'user_reactivate_account' : 'user_resend_inactive';
                                if ($user_row['user_type'] == USER_NORMAL) {
                                    user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
                                    $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\t\t\t\t\t\t\tSET user_actkey = '" . $db->sql_escape($user_actkey) . "'\n\t\t\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}";
                                    $db->sql_query($sql);
                                } else {
                                    // Grabbing the last confirm key - we only send a reminder
                                    $sql = 'SELECT user_actkey
										FROM ' . USERS_TABLE . '
										WHERE user_id = ' . $user_id;
                                    $result = $db->sql_query($sql);
                                    $user_actkey = (string) $db->sql_fetchfield('user_actkey');
                                    $db->sql_freeresult($result);
                                }
                                $messenger = new messenger(false);
                                $messenger->template($email_template, $user_row['user_lang']);
                                $messenger->set_addresses($user_row);
                                $messenger->anti_abuse_headers($config, $user);
                                $messenger->assign_vars(array('WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_actkey}"));
                                $messenger->send(NOTIFY_EMAIL);
                                add_log('admin', 'LOG_USER_REACTIVATE', $user_row['username']);
                                add_log('user', $user_id, 'LOG_USER_REACTIVATE_USER');
                                trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            }
                            break;
                        case 'active':
                            if ($user_id == $user->data['user_id']) {
                                // It is only deactivation since the user is already activated (else he would not have reached this page)
                                trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if (!check_form_key($form_name)) {
                                trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($user_row['user_type'] == USER_FOUNDER) {
                                trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($user_row['user_type'] == USER_IGNORE) {
                                trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            user_active_flip('flip', $user_id);
                            if ($user_row['user_type'] == USER_INACTIVE) {
                                if ($config['require_activation'] == USER_ACTIVATION_ADMIN) {
                                    $src_notifications = $src_container->get('notification_manager');
                                    $src_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
                                    include_once $src_root_path . 'includes/functions_messenger.' . $phpEx;
                                    $messenger = new messenger(false);
                                    $messenger->template('admin_welcome_activated', $user_row['user_lang']);
                                    $messenger->set_addresses($user_row);
                                    $messenger->anti_abuse_headers($config, $user);
                                    $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username'])));
                                    $messenger->send(NOTIFY_EMAIL);
                                }
                            }
                            $message = $user_row['user_type'] == USER_INACTIVE ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
                            $log = $user_row['user_type'] == USER_INACTIVE ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';
                            add_log('admin', $log, $user_row['username']);
                            add_log('user', $user_id, $log . '_USER');
                            trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            break;
                        case 'delsig':
                            if (!check_form_key($form_name)) {
                                trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            $sql_ary = array('user_sig' => '', 'user_sig_bbcode_uid' => '', 'user_sig_bbcode_bitfield' => '');
                            $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}";
                            $db->sql_query($sql);
                            add_log('admin', 'LOG_USER_DEL_SIG', $user_row['username']);
                            add_log('user', $user_id, 'LOG_USER_DEL_SIG_USER');
                            trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            break;
                        case 'delavatar':
                            if (!check_form_key($form_name)) {
                                trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            // Delete old avatar if present
                            $src_avatar_manager = $src_container->get('avatar.manager');
                            $src_avatar_manager->handle_avatar_delete($db, $user, $src_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_');
                            add_log('admin', 'LOG_USER_DEL_AVATAR', $user_row['username']);
                            add_log('user', $user_id, 'LOG_USER_DEL_AVATAR_USER');
                            trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            break;
                        case 'delposts':
                            if (confirm_box(true)) {
                                // Delete posts, attachments, etc.
                                delete_posts('poster_id', $user_id);
                                add_log('admin', 'LOG_USER_DEL_POSTS', $user_row['username']);
                                trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            } else {
                                confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true)));
                            }
                            break;
                        case 'delattach':
                            if (confirm_box(true)) {
                                delete_attachments('user', $user_id);
                                add_log('admin', 'LOG_USER_DEL_ATTACH', $user_row['username']);
                                trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            } else {
                                confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true)));
                            }
                            break;
                        case 'deloutbox':
                            if (confirm_box(true)) {
                                $msg_ids = array();
                                $lang = 'EMPTY';
                                $sql = 'SELECT msg_id
									FROM ' . PRIVMSGS_TO_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE author_id = {$user_id}\n\t\t\t\t\t\t\t\t\t\tAND folder_id = " . PRIVMSGS_OUTBOX;
                                $result = $db->sql_query($sql);
                                if ($row = $db->sql_fetchrow($result)) {
                                    if (!function_exists('delete_pm')) {
                                        include $src_root_path . 'includes/functions_privmsgs.' . $phpEx;
                                    }
                                    do {
                                        $msg_ids[] = (int) $row['msg_id'];
                                    } while ($row = $db->sql_fetchrow($result));
                                    $db->sql_freeresult($result);
                                    delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX);
                                    add_log('admin', 'LOG_USER_DEL_OUTBOX', $user_row['username']);
                                    $lang = 'EMPTIED';
                                }
                                $db->sql_freeresult($result);
                                trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            } else {
                                confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true)));
                            }
                            break;
                        case 'moveposts':
                            if (!check_form_key($form_name)) {
                                trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            $user->add_lang('acp/forums');
                            $new_forum_id = request_var('new_f', 0);
                            if (!$new_forum_id) {
                                $this->page_title = 'USER_ADMIN_MOVE_POSTS';
                                $template->assign_vars(array('S_SELECT_FORUM' => true, 'U_ACTION' => $this->u_action . "&amp;action={$action}&amp;u={$user_id}", 'U_BACK' => $this->u_action . "&amp;u={$user_id}", 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true)));
                                return;
                            }
                            // Is the new forum postable to?
                            $sql = 'SELECT forum_name, forum_type
								FROM ' . FORUMS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE forum_id = {$new_forum_id}";
                            $result = $db->sql_query($sql);
                            $forum_info = $db->sql_fetchrow($result);
                            $db->sql_freeresult($result);
                            if (!$forum_info) {
                                trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($forum_info['forum_type'] != FORUM_POST) {
                                trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            // Two stage?
                            // Move topics comprising only posts from this user
                            $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array();
                            $forum_id_ary = array($new_forum_id);
                            $sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts
								FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE poster_id = {$user_id}\n\t\t\t\t\t\t\t\t\tAND forum_id <> {$new_forum_id}\n\t\t\t\t\t\t\t\tGROUP BY topic_id, post_visibility";
                            $result = $db->sql_query($sql);
                            while ($row = $db->sql_fetchrow($result)) {
                                $topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts'];
                            }
                            $db->sql_freeresult($result);
                            if (sizeof($topic_id_ary)) {
                                $sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment
									FROM ' . TOPICS_TABLE . '
									WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
                                $result = $db->sql_query($sql);
                                while ($row = $db->sql_fetchrow($result)) {
                                    if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved'] && $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved'] && $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved'] && $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted']) {
                                        $move_topic_ary[] = $row['topic_id'];
                                    } else {
                                        $move_post_ary[$row['topic_id']]['title'] = $row['topic_title'];
                                        $move_post_ary[$row['topic_id']]['attach'] = $row['topic_attachment'] ? 1 : 0;
                                    }
                                    $forum_id_ary[] = $row['forum_id'];
                                }
                                $db->sql_freeresult($result);
                            }
                            // Entire topic comprises posts by this user, move these topics
                            if (sizeof($move_topic_ary)) {
                                move_topics($move_topic_ary, $new_forum_id, false);
                            }
                            if (sizeof($move_post_ary)) {
                                // Create new topic
                                // Update post_ids, report_ids, attachment_ids
                                foreach ($move_post_ary as $topic_id => $post_ary) {
                                    // Create new topic
                                    $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array('topic_poster' => $user_id, 'topic_time' => time(), 'forum_id' => $new_forum_id, 'icon_id' => 0, 'topic_visibility' => ITEM_APPROVED, 'topic_title' => $post_ary['title'], 'topic_first_poster_name' => $user_row['username'], 'topic_type' => POST_NORMAL, 'topic_time_limit' => 0, 'topic_attachment' => $post_ary['attach']));
                                    $db->sql_query($sql);
                                    $new_topic_id = $db->sql_nextid();
                                    // Move posts
                                    $sql = 'UPDATE ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\tSET forum_id = {$new_forum_id}, topic_id = {$new_topic_id}\n\t\t\t\t\t\t\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\t\t\t\t\t\t\t\tAND poster_id = {$user_id}";
                                    $db->sql_query($sql);
                                    if ($post_ary['attach']) {
                                        $sql = 'UPDATE ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\t\tSET topic_id = {$new_topic_id}\n\t\t\t\t\t\t\t\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\t\t\t\t\t\t\t\t\tAND poster_id = {$user_id}";
                                        $db->sql_query($sql);
                                    }
                                    $new_topic_id_ary[] = $new_topic_id;
                                }
                            }
                            $forum_id_ary = array_unique($forum_id_ary);
                            $topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
                            if (sizeof($topic_id_ary)) {
                                sync('topic_reported', 'topic_id', $topic_id_ary);
                                sync('topic', 'topic_id', $topic_id_ary);
                            }
                            if (sizeof($forum_id_ary)) {
                                sync('forum', 'forum_id', $forum_id_ary, false, true);
                            }
                            add_log('admin', 'LOG_USER_MOVE_POSTS', $user_row['username'], $forum_info['forum_name']);
                            add_log('user', $user_id, 'LOG_USER_MOVE_POSTS_USER', $forum_info['forum_name']);
                            trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            break;
                        case 'leave_nr':
                            if (confirm_box(true)) {
                                remove_newly_registered($user_id, $user_row);
                                add_log('admin', 'LOG_USER_REMOVED_NR', $user_row['username']);
                                trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                            } else {
                                confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true)));
                            }
                            break;
                        default:
                            /**
                             * Run custom quicktool code
                             *
                             * @event core.acp_users_overview_run_quicktool
                             * @var	array	user_row	Current user data
                             * @var	string	action		Quick tool that should be run
                             * @since 3.1.0-a1
                             */
                            $vars = array('action', 'user_row');
                            extract($src_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));
                            break;
                    }
                    // Handle registration info updates
                    $data = array('username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)), 'user_founder' => request_var('user_founder', $user_row['user_type'] == USER_FOUNDER ? 1 : 0), 'email' => strtolower(request_var('user_email', $user_row['user_email'])), 'new_password' => $request->variable('new_password', '', true), 'password_confirm' => $request->variable('password_confirm', '', true));
                    // Validation data - we do not check the password complexity setting here
                    $check_ary = array('new_password' => array(array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']));
                    // Check username if altered
                    if ($data['username'] != $user_row['username']) {
                        $check_ary += array('username' => array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', $user_row['username'])));
                    }
                    // Check email if altered
                    if ($data['email'] != $user_row['user_email']) {
                        $check_ary += array('email' => array(array('string', false, 6, 60), array('user_email', $user_row['user_email'])));
                    }
                    $error = validate_data($data, $check_ary);
                    if ($data['new_password'] && $data['password_confirm'] != $data['new_password']) {
                        $error[] = 'NEW_PASSWORD_ERROR';
                    }
                    if (!check_form_key($form_name)) {
                        $error[] = 'FORM_INVALID';
                    }
                    // Instantiate passwords manager
                    $passwords_manager = $src_container->get('passwords.manager');
                    // Which updates do we need to do?
                    $update_username = $user_row['username'] != $data['username'] ? $data['username'] : false;
                    $update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']);
                    $update_email = $data['email'] != $user_row['user_email'] ? $data['email'] : false;
                    if (!sizeof($error)) {
                        $sql_ary = array();
                        if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER) {
                            // Only allow founders updating the founder status...
                            if ($user->data['user_type'] == USER_FOUNDER) {
                                // Setting a normal member to be a founder
                                if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER) {
                                    // Make sure the user is not setting an Inactive or ignored user to be a founder
                                    if ($user_row['user_type'] == USER_IGNORE) {
                                        trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                                    }
                                    if ($user_row['user_type'] == USER_INACTIVE) {
                                        trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                                    }
                                    $sql_ary['user_type'] = USER_FOUNDER;
                                } else {
                                    if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER) {
                                        // Check if at least one founder is present
                                        $sql = 'SELECT user_id
										FROM ' . USERS_TABLE . '
										WHERE user_type = ' . USER_FOUNDER . '
											AND user_id <> ' . $user_id;
                                        $result = $db->sql_query_limit($sql, 1);
                                        $row = $db->sql_fetchrow($result);
                                        $db->sql_freeresult($result);
                                        if ($row) {
                                            $sql_ary['user_type'] = USER_NORMAL;
                                        } else {
                                            trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                                        }
                                    }
                                }
                            }
                        }
                        /**
                         * Modify user data before we update it
                         *
                         * @event core.acp_users_overview_modify_data
                         * @var	array	user_row	Current user data
                         * @var	array	data		Submitted user data
                         * @var	array	sql_ary		User data we udpate
                         * @since 3.1.0-a1
                         */
                        $vars = array('user_row', 'data', 'sql_ary');
                        extract($src_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars)));
                        if ($update_username !== false) {
                            $sql_ary['username'] = $update_username;
                            $sql_ary['username_clean'] = utf8_clean_string($update_username);
                            add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
                        }
                        if ($update_email !== false) {
                            $sql_ary += array('user_email' => $update_email, 'user_email_hash' => src_email_hash($update_email));
                            add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email);
                        }
                        if ($update_password) {
                            $sql_ary += array('user_password' => $passwords_manager->hash($data['new_password']), 'user_passchg' => time());
                            $user->reset_login_keys($user_id);
                            add_log('user', $user_id, 'LOG_USER_NEW_PASSWORD', $user_row['username']);
                        }
                        if (sizeof($sql_ary)) {
                            $sql = 'UPDATE ' . USERS_TABLE . '
								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
								WHERE user_id = ' . $user_id;
                            $db->sql_query($sql);
                        }
                        if ($update_username) {
                            user_update_name($user_row['username'], $update_username);
                        }
                        // Let the users permissions being updated
                        $auth->acl_clear_prefetch($user_id);
                        add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']);
                        trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                    }
                    // Replace "error" strings with their real, localised form
                    $error = array_map(array($user, 'lang'), $error);
                }
                if ($user_id == $user->data['user_id']) {
                    $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
                    if ($user_row['user_new']) {
                        $quick_tool_ary['leave_nr'] = 'LEAVE_NR';
                    }
                } else {
                    $quick_tool_ary = array();
                    if ($user_row['user_type'] != USER_FOUNDER) {
                        $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP');
                    }
                    if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE) {
                        $quick_tool_ary += array('active' => $user_row['user_type'] == USER_INACTIVE ? 'ACTIVATE' : 'DEACTIVATE');
                    }
                    $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
                    if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE)) {
                        $quick_tool_ary['reactivate'] = 'FORCE';
                    }
                    if ($user_row['user_new']) {
                        $quick_tool_ary['leave_nr'] = 'LEAVE_NR';
                    }
                }
                if ($config['load_onlinetrack']) {
                    $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
						FROM ' . SESSIONS_TABLE . "\n\t\t\t\t\t\tWHERE session_user_id = {$user_id}";
                    $result = $db->sql_query($sql);
                    $row = $db->sql_fetchrow($result);
                    $db->sql_freeresult($result);
                    $user_row['session_time'] = isset($row['session_time']) ? $row['session_time'] : 0;
                    $user_row['session_viewonline'] = isset($row['session_viewonline']) ? $row['session_viewonline'] : 0;
                    unset($row);
                }
                /**
                 * Add additional quick tool options and overwrite user data
                 *
                 * @event core.acp_users_display_overview
                 * @var	array	user_row			Array with user data
                 * @var	array	quick_tool_ary		Ouick tool options
                 * @since 3.1.0-a1
                 */
                $vars = array('user_row', 'quick_tool_ary');
                extract($src_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars)));
                $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
                foreach ($quick_tool_ary as $value => $lang) {
                    $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
                }
                $last_active = !empty($user_row['session_time']) ? $user_row['session_time'] : $user_row['user_lastvisit'];
                $inactive_reason = '';
                if ($user_row['user_type'] == USER_INACTIVE) {
                    $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
                    switch ($user_row['user_inactive_reason']) {
                        case INACTIVE_REGISTER:
                            $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
                            break;
                        case INACTIVE_PROFILE:
                            $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];
                            break;
                        case INACTIVE_MANUAL:
                            $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];
                            break;
                        case INACTIVE_REMIND:
                            $inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];
                            break;
                    }
                }
                // Posts in Queue
                $sql = 'SELECT COUNT(post_id) as posts_in_queue
					FROM ' . POSTS_TABLE . '
					WHERE poster_id = ' . $user_id . '
						AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
                $result = $db->sql_query($sql);
                $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
                $db->sql_freeresult($result);
                $sql = 'SELECT post_id
					FROM ' . POSTS_TABLE . '
					WHERE poster_id = ' . $user_id;
                $result = $db->sql_query_limit($sql, 1);
                $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
                $db->sql_freeresult($result);
                $template->assign_vars(array('L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']), 'S_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false, 'S_OVERVIEW' => true, 'S_USER_IP' => $user_row['user_ip'] ? true : false, 'S_USER_FOUNDER' => $user_row['user_type'] == USER_FOUNDER ? true : false, 'S_ACTION_OPTIONS' => $s_action_options, 'S_OWN_ACCOUNT' => $user_id == $user->data['user_id'] ? true : false, 'S_USER_INACTIVE' => $user_row['user_type'] == USER_INACTIVE ? true : false, 'U_SHOW_IP' => $this->u_action . "&amp;u={$user_id}&amp;ip=" . ($ip == 'ip' ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&amp;action=whois&amp;user_ip={$user_row['user_ip']}", 'U_MCP_QUEUE' => $auth->acl_getf_global('m_approve') ? append_sid("{$src_root_path}mcp.{$phpEx}", 'i=queue', true, $user->session_id) : '', 'U_SEARCH_USER' => $config['load_search'] && $auth->acl_get('u_search') ? append_sid("{$src_root_path}search.{$phpEx}", "author_id={$user_row['user_id']}&amp;sr=posts") : '', 'U_SWITCH_PERMISSIONS' => $auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id'] ? append_sid("{$src_root_path}ucp.{$phpEx}", "mode=switch_perm&amp;u={$user_row['user_id']}&amp;hash=" . generate_link_hash('switchperm')) : '', 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'], 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 'REGISTERED_IP' => $ip == 'hostname' ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], 'USER_LASTACTIVE' => $last_active ? $user->format_date($last_active) : ' - ', 'USER_EMAIL' => $user_row['user_email'], 'USER_WARNINGS' => $user_row['user_warnings'], 'USER_POSTS' => $user_row['user_posts'], 'USER_HAS_POSTS' => $user_row['user_has_posts'], 'USER_INACTIVE_REASON' => $inactive_reason));
                break;
            case 'feedback':
                $user->add_lang('mcp');
                // Set up general vars
                $start = request_var('start', 0);
                $deletemark = isset($_POST['delmarked']) ? true : false;
                $deleteall = isset($_POST['delall']) ? true : false;
                $marked = request_var('mark', array(0));
                $message = utf8_normalize_nfc(request_var('message', '', true));
                $pagination = $src_container->get('pagination');
                // Sort keys
                $sort_days = request_var('st', 0);
                $sort_key = request_var('sk', 't');
                $sort_dir = request_var('sd', 'd');
                // Delete entries if requested and able
                if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) {
                    if (!check_form_key($form_name)) {
                        trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                    }
                    $where_sql = '';
                    if ($deletemark && $marked) {
                        $sql_in = array();
                        foreach ($marked as $mark) {
                            $sql_in[] = $mark;
                        }
                        $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
                        unset($sql_in);
                    }
                    if ($where_sql || $deleteall) {
                        $sql = 'DELETE FROM ' . LOG_TABLE . '
							WHERE log_type = ' . LOG_USERS . "\n\t\t\t\t\t\t\tAND reportee_id = {$user_id}\n\t\t\t\t\t\t\t{$where_sql}";
                        $db->sql_query($sql);
                        add_log('admin', 'LOG_CLEAR_USER', $user_row['username']);
                    }
                }
                if ($submit && $message) {
                    if (!check_form_key($form_name)) {
                        trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                    }
                    add_log('admin', 'LOG_USER_FEEDBACK', $user_row['username']);
                    add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $user_row['username']);
                    add_log('user', $user_id, 'LOG_USER_GENERAL', $message);
                    trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                }
                // Sorting
                $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
                $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
                $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
                $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
                gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
                // Define where and sort sql for use in displaying logs
                $sql_where = $sort_days ? time() - $sort_days * 86400 : 0;
                $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC');
                // Grab log data
                $log_data = array();
                $log_count = 0;
                $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
                $base_url = $this->u_action . "&amp;u={$user_id}&amp;{$u_sort_param}";
                $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start);
                $template->assign_vars(array('S_FEEDBACK' => true, 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs')));
                foreach ($log_data as $row) {
                    $template->assign_block_vars('log', array('USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => nl2br($row['action']), 'ID' => $row['id']));
                }
                break;
            case 'warnings':
                $user->add_lang('mcp');
                // Set up general vars
                $start = request_var('start', 0);
                $deletemark = isset($_POST['delmarked']) ? true : false;
                $deleteall = isset($_POST['delall']) ? true : false;
                $confirm = isset($_POST['confirm']) ? true : false;
                $marked = request_var('mark', array(0));
                $message = utf8_normalize_nfc(request_var('message', '', true));
                // Sort keys
                $sort_days = request_var('st', 0);
                $sort_key = request_var('sk', 't');
                $sort_dir = request_var('sd', 'd');
                // Delete entries if requested and able
                if ($deletemark || $deleteall || $confirm) {
                    if (confirm_box(true)) {
                        $where_sql = '';
                        $deletemark = request_var('delmarked', 0);
                        $deleteall = request_var('delall', 0);
                        if ($deletemark && $marked) {
                            $where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
                        }
                        if ($where_sql || $deleteall) {
                            $sql = 'DELETE FROM ' . WARNINGS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}\n\t\t\t\t\t\t\t\t\t{$where_sql}";
                            $db->sql_query($sql);
                            if ($deleteall) {
                                $log_warnings = $deleted_warnings = 0;
                            } else {
                                $num_warnings = (int) $db->sql_affectedrows();
                                $deleted_warnings = ' user_warnings - ' . $num_warnings;
                                $log_warnings = $num_warnings > 2 ? 2 : $num_warnings;
                            }
                            $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\t\t\t\t\tSET user_warnings = {$deleted_warnings}\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}";
                            $db->sql_query($sql);
                            if ($log_warnings) {
                                add_log('admin', 'LOG_WARNINGS_DELETED', $user_row['username'], $num_warnings);
                            } else {
                                add_log('admin', 'LOG_WARNINGS_DELETED_ALL', $user_row['username']);
                            }
                        }
                    } else {
                        $s_hidden_fields = array('i' => $id, 'mode' => $mode, 'u' => $user_id, 'mark' => $marked);
                        if (isset($_POST['delmarked'])) {
                            $s_hidden_fields['delmarked'] = 1;
                        }
                        if (isset($_POST['delall'])) {
                            $s_hidden_fields['delall'] = 1;
                        }
                        if (isset($_POST['delall']) || isset($_POST['delmarked']) && sizeof($marked)) {
                            confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
                        }
                    }
                }
                $sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour
					FROM ' . WARNINGS_TABLE . ' w
					LEFT JOIN ' . LOG_TABLE . ' l
						ON (w.log_id = l.log_id)
					LEFT JOIN ' . USERS_TABLE . ' m
						ON (l.user_id = m.user_id)
					WHERE w.user_id = ' . $user_id . '
					ORDER BY w.warning_time DESC';
                $result = $db->sql_query($sql);
                while ($row = $db->sql_fetchrow($result)) {
                    if (!$row['log_operation']) {
                        // We do not have a log-entry anymore, so there is no data available
                        $row['action'] = $user->lang['USER_WARNING_LOG_DELETED'];
                    } else {
                        $row['action'] = isset($user->lang[$row['log_operation']]) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}';
                        if (!empty($row['log_data'])) {
                            $log_data_ary = @unserialize($row['log_data']);
                            $log_data_ary = $log_data_ary === false ? array() : $log_data_ary;
                            if (isset($user->lang[$row['log_operation']])) {
                                // Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
                                // It doesn't matter if we add more arguments than placeholders
                                if (substr_count($row['action'], '%') - sizeof($log_data_ary) > 0) {
                                    $log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - sizeof($log_data_ary), ''));
                                }
                                $row['action'] = vsprintf($row['action'], $log_data_ary);
                                $row['action'] = bbcode_nl2br(censor_text($row['action']));
                            } else {
                                if (!empty($log_data_ary)) {
                                    $row['action'] .= '<br />' . implode('', $log_data_ary);
                                }
                            }
                        }
                    }
                    $template->assign_block_vars('warn', array('ID' => $row['warning_id'], 'USERNAME' => $row['log_operation'] ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-', 'ACTION' => make_clickable($row['action']), 'DATE' => $user->format_date($row['warning_time'])));
                }
                $db->sql_freeresult($result);
                $template->assign_vars(array('S_WARNINGS' => true));
                break;
            case 'profile':
                include $src_root_path . 'includes/functions_user.' . $phpEx;
                $cp = $src_container->get('profilefields.manager');
                $cp_data = $cp_error = array();
                $sql = 'SELECT lang_id
					FROM ' . LANG_TABLE . "\n\t\t\t\t\tWHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
                $result = $db->sql_query($sql);
                $row = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                $user_row['iso_lang_id'] = $row['lang_id'];
                $data = array('jabber' => utf8_normalize_nfc(request_var('jabber', $user_row['user_jabber'], true)), 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0);
                if ($user_row['user_birthday']) {
                    list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
                }
                $data['bday_day'] = request_var('bday_day', $data['bday_day']);
                $data['bday_month'] = request_var('bday_month', $data['bday_month']);
                $data['bday_year'] = request_var('bday_year', $data['bday_year']);
                $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
                /**
                 * Modify user data on editing profile in ACP
                 *
                 * @event core.acp_users_modify_profile
                 * @var	array	data		Array with user profile data
                 * @var	bool	submit		Flag indicating if submit button has been pressed
                 * @var	int		user_id		The user id
                 * @var	array	user_row	Array with the full user data
                 * @since 3.1.4-RC1
                 */
                $vars = array('data', 'submit', 'user_id', 'user_row');
                extract($src_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars)));
                if ($submit) {
                    $error = validate_data($data, array('jabber' => array(array('string', true, 5, 255), array('jabber')), 'bday_day' => array('num', true, 1, 31), 'bday_month' => array('num', true, 1, 12), 'bday_year' => array('num', true, 1901, gmdate('Y', time())), 'user_birthday' => array('date', true)));
                    // validate custom profile fields
                    $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error);
                    if (sizeof($cp_error)) {
                        $error = array_merge($error, $cp_error);
                    }
                    if (!check_form_key($form_name)) {
                        $error[] = 'FORM_INVALID';
                    }
                    /**
                     * Validate profile data in ACP before submitting to the database
                     *
                     * @event core.acp_users_profile_validate
                     * @var	bool	submit		Flag indicating if submit button has been pressed
                     * @var	array	data		Array with user profile data
                     * @var	array	error		Array with the form errors
                     * @since 3.1.4-RC1
                     */
                    $vars = array('submit', 'data', 'error');
                    extract($src_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars)));
                    if (!sizeof($error)) {
                        $sql_ary = array('user_jabber' => $data['jabber'], 'user_birthday' => $data['user_birthday']);
                        /**
                         * Modify profile data in ACP before submitting to the database
                         *
                         * @event core.acp_users_profile_modify_sql_ary
                         * @var	array	cp_data		Array with the user custom profile fields data
                         * @var	array	data		Array with user profile data
                         * @var	int		user_id		The user id
                         * @var	array	user_row	Array with the full user data
                         * @var	array	sql_ary		Array with sql data
                         * @since 3.1.4-RC1
                         */
                        $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary');
                        extract($src_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars)));
                        $sql = 'UPDATE ' . USERS_TABLE . '
							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\tWHERE user_id = {$user_id}";
                        $db->sql_query($sql);
                        // Update Custom Fields
                        $cp->update_profile_field_data($user_id, $cp_data);
                        trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                    }
                    // Replace "error" strings with their real, localised form
                    $error = array_map(array($user, 'lang'), $error);
                }
                $s_birthday_day_options = '<option value="0"' . (!$data['bday_day'] ? ' selected="selected"' : '') . '>--</option>';
                for ($i = 1; $i < 32; $i++) {
                    $selected = $i == $data['bday_day'] ? ' selected="selected"' : '';
                    $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                $s_birthday_month_options = '<option value="0"' . (!$data['bday_month'] ? ' selected="selected"' : '') . '>--</option>';
                for ($i = 1; $i < 13; $i++) {
                    $selected = $i == $data['bday_month'] ? ' selected="selected"' : '';
                    $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                $s_birthday_year_options = '';
                $now = getdate();
                $s_birthday_year_options = '<option value="0"' . (!$data['bday_year'] ? ' selected="selected"' : '') . '>--</option>';
                for ($i = $now['year'] - 100; $i <= $now['year']; $i++) {
                    $selected = $i == $data['bday_year'] ? ' selected="selected"' : '';
                    $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                }
                unset($now);
                $template->assign_vars(array('JABBER' => $data['jabber'], 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 'S_PROFILE' => true));
                // Get additional profile fields and assign them to the template block var 'profile_fields'
                $user->get_profile_fields($user_id);
                $cp->generate_profile_fields('profile', $user_row['iso_lang_id']);
                break;
            case 'prefs':
                include $src_root_path . 'includes/functions_user.' . $phpEx;
                $data = array('dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)), 'lang' => basename(request_var('lang', $user_row['user_lang'])), 'tz' => request_var('tz', $user_row['user_timezone']), 'style' => request_var('style', $user_row['user_style']), 'viewemail' => request_var('viewemail', $user_row['user_allow_viewemail']), 'massemail' => request_var('massemail', $user_row['user_allow_massemail']), 'hideonline' => request_var('hideonline', !$user_row['user_allow_viewonline']), 'notifymethod' => request_var('notifymethod', $user_row['user_notify_type']), 'notifypm' => request_var('notifypm', $user_row['user_notify_pm']), 'allowpm' => request_var('allowpm', $user_row['user_allow_pm']), 'topic_sk' => request_var('topic_sk', $user_row['user_topic_sortby_type'] ? $user_row['user_topic_sortby_type'] : 't'), 'topic_sd' => request_var('topic_sd', $user_row['user_topic_sortby_dir'] ? $user_row['user_topic_sortby_dir'] : 'd'), 'topic_st' => request_var('topic_st', $user_row['user_topic_show_days'] ? $user_row['user_topic_show_days'] : 0), 'post_sk' => request_var('post_sk', $user_row['user_post_sortby_type'] ? $user_row['user_post_sortby_type'] : 't'), 'post_sd' => request_var('post_sd', $user_row['user_post_sortby_dir'] ? $user_row['user_post_sortby_dir'] : 'a'), 'post_st' => request_var('post_st', $user_row['user_post_show_days'] ? $user_row['user_post_show_days'] : 0), 'view_images' => request_var('view_images', $this->optionget($user_row, 'viewimg')), 'view_flash' => request_var('view_flash', $this->optionget($user_row, 'viewflash')), 'view_smilies' => request_var('view_smilies', $this->optionget($user_row, 'viewsmilies')), 'view_sigs' => request_var('view_sigs', $this->optionget($user_row, 'viewsigs')), 'view_avatars' => request_var('view_avatars', $this->optionget($user_row, 'viewavatars')), 'view_wordcensor' => request_var('view_wordcensor', $this->optionget($user_row, 'viewcensors')), 'bbcode' => request_var('bbcode', $this->optionget($user_row, 'bbcode')), 'smilies' => request_var('smilies', $this->optionget($user_row, 'smilies')), 'sig' => request_var('sig', $this->optionget($user_row, 'attachsig')), 'notify' => request_var('notify', $user_row['user_notify']));
                /**
                 * Modify users preferences data
                 *
                 * @event core.acp_users_prefs_modify_data
                 * @var	array	data			Array with users preferences data
                 * @var	array	user_row		Array with user data
                 * @since 3.1.0-b3
                 */
                $vars = array('data', 'user_row');
                extract($src_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars)));
                if ($submit) {
                    $error = validate_data($data, array('dateformat' => array('string', false, 1, 30), 'lang' => array('match', false, '#^[a-z_\\-]{2,}$#i'), 'tz' => array('timezone'), 'topic_sk' => array('string', false, 1, 1), 'topic_sd' => array('string', false, 1, 1), 'post_sk' => array('string', false, 1, 1), 'post_sd' => array('string', false, 1, 1)));
                    if (!check_form_key($form_name)) {
                        $error[] = 'FORM_INVALID';
                    }
                    if (!sizeof($error)) {
                        $this->optionset($user_row, 'viewimg', $data['view_images']);
                        $this->optionset($user_row, 'viewflash', $data['view_flash']);
                        $this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
                        $this->optionset($user_row, 'viewsigs', $data['view_sigs']);
                        $this->optionset($user_row, 'viewavatars', $data['view_avatars']);
                        $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']);
                        $this->optionset($user_row, 'bbcode', $data['bbcode']);
                        $this->optionset($user_row, 'smilies', $data['smilies']);
                        $this->optionset($user_row, 'attachsig', $data['sig']);
                        $sql_ary = array('user_options' => $user_row['user_options'], 'user_allow_pm' => $data['allowpm'], 'user_allow_viewemail' => $data['viewemail'], 'user_allow_massemail' => $data['massemail'], 'user_allow_viewonline' => !$data['hideonline'], 'user_notify_type' => $data['notifymethod'], 'user_notify_pm' => $data['notifypm'], 'user_dateformat' => $data['dateformat'], 'user_lang' => $data['lang'], 'user_timezone' => $data['tz'], 'user_style' => $data['style'], 'user_topic_sortby_type' => $data['topic_sk'], 'user_post_sortby_type' => $data['post_sk'], 'user_topic_sortby_dir' => $data['topic_sd'], 'user_post_sortby_dir' => $data['post_sd'], 'user_topic_show_days' => $data['topic_st'], 'user_post_show_days' => $data['post_st'], 'user_notify' => $data['notify']);
                        /**
                         * Modify SQL query before users preferences are updated
                         *
                         * @event core.acp_users_prefs_modify_sql
                         * @var	array	data			Array with users preferences data
                         * @var	array	user_row		Array with user data
                         * @var	array	sql_ary			SQL array with users preferences data to update
                         * @var	array	error			Array with errors data
                         * @since 3.1.0-b3
                         */
                        $vars = array('data', 'user_row', 'sql_ary', 'error');
                        extract($src_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars)));
                        if (!sizeof($error)) {
                            $sql = 'UPDATE ' . USERS_TABLE . '
								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}";
                            $db->sql_query($sql);
                            // Check if user has an active session
                            if ($user_row['session_id']) {
                                // We'll update the session if user_allow_viewonline has changed and the user is a bot
                                // Or if it's a regular user and the admin set it to hide the session
                                if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) {
                                    // We also need to check if the user has the permission to cloak.
                                    $user_auth = new \src\auth\auth();
                                    $user_auth->acl($user_row);
                                    $session_sql_ary = array('session_viewonline' => $user_auth->acl_get('u_hideonline') ? $sql_ary['user_allow_viewonline'] : true);
                                    $sql = 'UPDATE ' . SESSIONS_TABLE . '
										SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "\n\t\t\t\t\t\t\t\t\t\tWHERE session_user_id = {$user_id}";
                                    $db->sql_query($sql);
                                    unset($user_auth);
                                }
                            }
                            trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                        }
                    }
                    // Replace "error" strings with their real, localised form
                    $error = array_map(array($user, 'lang'), $error);
                }
                $dateformat_options = '';
                foreach ($user->lang['dateformats'] as $format => $null) {
                    $dateformat_options .= '<option value="' . $format . '"' . ($format == $data['dateformat'] ? ' selected="selected"' : '') . '>';
                    $dateformat_options .= $user->format_date(time(), $format, false) . (strpos($format, '|') !== false ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : '');
                    $dateformat_options .= '</option>';
                }
                $s_custom = false;
                $dateformat_options .= '<option value="custom"';
                if (!isset($user->lang['dateformats'][$data['dateformat']])) {
                    $dateformat_options .= ' selected="selected"';
                    $s_custom = true;
                }
                $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
                $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
                // Topic ordering options
                $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
                $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
                // Post ordering options
                $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
                $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
                $_options = array('topic', 'post');
                foreach ($_options as $sort_option) {
                    ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
                    foreach (${'limit_' . $sort_option . '_days'} as $day => $text) {
                        $selected = $data[$sort_option . '_st'] == $day ? ' selected="selected"' : '';
                        ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
                    }
                    ${'s_limit_' . $sort_option . '_days'} .= '</select>';
                    ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
                    foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) {
                        $selected = $data[$sort_option . '_sk'] == $key ? ' selected="selected"' : '';
                        ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
                    }
                    ${'s_sort_' . $sort_option . '_key'} .= '</select>';
                    ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
                    foreach ($sort_dir_text as $key => $value) {
                        $selected = $data[$sort_option . '_sd'] == $key ? ' selected="selected"' : '';
                        ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
                    }
                    ${'s_sort_' . $sort_option . '_dir'} .= '</select>';
                }
                src_timezone_select($template, $user, $data['tz'], true);
                $user_prefs_data = array('S_PREFS' => true, 'S_JABBER_DISABLED' => $config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml') ? false : true, 'VIEW_EMAIL' => $data['viewemail'], 'MASS_EMAIL' => $data['massemail'], 'ALLOW_PM' => $data['allowpm'], 'HIDE_ONLINE' => $data['hideonline'], 'NOTIFY_EMAIL' => $data['notifymethod'] == NOTIFY_EMAIL ? true : false, 'NOTIFY_IM' => $data['notifymethod'] == NOTIFY_IM ? true : false, 'NOTIFY_BOTH' => $data['notifymethod'] == NOTIFY_BOTH ? true : false, 'NOTIFY_PM' => $data['notifypm'], 'BBCODE' => $data['bbcode'], 'SMILIES' => $data['smilies'], 'ATTACH_SIG' => $data['sig'], 'NOTIFY' => $data['notify'], 'VIEW_IMAGES' => $data['view_images'], 'VIEW_FLASH' => $data['view_flash'], 'VIEW_SMILIES' => $data['view_smilies'], 'VIEW_SIGS' => $data['view_sigs'], 'VIEW_AVATARS' => $data['view_avatars'], 'VIEW_WORDCENSOR' => $data['view_wordcensor'], 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days, 'S_TOPIC_SORT_KEY' => $s_sort_topic_key, 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir, 'S_POST_SORT_DAYS' => $s_limit_post_days, 'S_POST_SORT_KEY' => $s_sort_post_key, 'S_POST_SORT_DIR' => $s_sort_post_dir, 'DATE_FORMAT' => $data['dateformat'], 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 'S_CUSTOM_DATEFORMAT' => $s_custom, 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_STYLE_OPTIONS' => style_select($data['style']));
                /**
                 * Modify users preferences data before assigning it to the template
                 *
                 * @event core.acp_users_prefs_modify_template_data
                 * @var	array	data				Array with users preferences data
                 * @var	array	user_row			Array with user data
                 * @var	array	user_prefs_data		Array with users preferences data to be assigned to the template
                 * @since 3.1.0-b3
                 */
                $vars = array('data', 'user_row', 'user_prefs_data');
                extract($src_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars)));
                $template->assign_vars($user_prefs_data);
                break;
            case 'avatar':
                include $src_root_path . 'includes/functions_display.' . $phpEx;
                $avatars_enabled = false;
                if ($config['allow_avatar']) {
                    $src_avatar_manager = $src_container->get('avatar.manager');
                    $avatar_drivers = $src_avatar_manager->get_enabled_drivers();
                    // This is normalised data, without the user_ prefix
                    $avatar_data = \src\avatar\manager::clean_row($user_row, 'user');
                    if ($submit) {
                        if (check_form_key($form_name)) {
                            $driver_name = $src_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
                            if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) {
                                $driver = $src_avatar_manager->get_driver($driver_name);
                                $result = $driver->process_form($request, $template, $user, $avatar_data, $error);
                                if ($result && empty($error)) {
                                    // Success! Lets save the result in the database
                                    $result = array('user_avatar_type' => $driver_name, 'user_avatar' => $result['avatar'], 'user_avatar_width' => $result['avatar_width'], 'user_avatar_height' => $result['avatar_height']);
                                    $sql = 'UPDATE ' . USERS_TABLE . '
										SET ' . $db->sql_build_array('UPDATE', $result) . '
										WHERE user_id = ' . (int) $user_id;
                                    $db->sql_query($sql);
                                    trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                                }
                            }
                        } else {
                            trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                        }
                    }
                    // Handle deletion of avatars
                    if ($request->is_set_post('avatar_delete')) {
                        if (!confirm_box(true)) {
                            confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array('avatar_delete' => true)));
                        } else {
                            $src_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
                            trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                        }
                    }
                    $selected_driver = $src_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
                    foreach ($avatar_drivers as $current_driver) {
                        $driver = $src_avatar_manager->get_driver($current_driver);
                        $avatars_enabled = true;
                        $config_name = $src_avatar_manager->get_driver_config_name($driver);
                        $template->set_filenames(array('avatar' => "acp_avatar_options_{$config_name}.html"));
                        if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) {
                            $driver_name = $src_avatar_manager->prepare_driver_name($current_driver);
                            $driver_upper = strtoupper($driver_name);
                            $template->assign_block_vars('avatar_drivers', array('L_TITLE' => $user->lang($driver_upper . '_TITLE'), 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 'DRIVER' => $driver_name, 'SELECTED' => $current_driver == $selected_driver, 'OUTPUT' => $template->assign_display('avatar')));
                        }
                    }
                }
                // Replace "error" strings with their real, localised form
                $error = $src_avatar_manager->localize_errors($user, $error);
                $avatar = src_get_user_avatar($user_row, 'USER_AVATAR', true);
                $template->assign_vars(array('S_AVATAR' => true, 'ERROR' => !empty($error) ? implode('<br />', $error) : '', 'AVATAR' => empty($avatar) ? '<img src="' . $src_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar, 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024), 'S_AVATARS_ENABLED' => $config['allow_avatar'] && $avatars_enabled));
                break;
            case 'rank':
                if ($submit) {
                    if (!check_form_key($form_name)) {
                        trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                    }
                    $rank_id = request_var('user_rank', 0);
                    $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\t\t\tSET user_rank = {$rank_id}\n\t\t\t\t\t\tWHERE user_id = {$user_id}";
                    $db->sql_query($sql);
                    trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                }
                $sql = 'SELECT *
					FROM ' . RANKS_TABLE . '
					WHERE rank_special = 1
					ORDER BY rank_title';
                $result = $db->sql_query($sql);
                $s_rank_options = '<option value="0"' . (!$user_row['user_rank'] ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>';
                while ($row = $db->sql_fetchrow($result)) {
                    $selected = $user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank'] ? ' selected="selected"' : '';
                    $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
                }
                $db->sql_freeresult($result);
                $template->assign_vars(array('S_RANK' => true, 'S_RANK_OPTIONS' => $s_rank_options));
                break;
            case 'sig':
                include_once $src_root_path . 'includes/functions_posting.' . $phpEx;
                include_once $src_root_path . 'includes/functions_display.' . $phpEx;
                $enable_bbcode = $config['allow_sig_bbcode'] ? (bool) $this->optionget($user_row, 'sig_bbcode') : false;
                $enable_smilies = $config['allow_sig_smilies'] ? (bool) $this->optionget($user_row, 'sig_smilies') : false;
                $enable_urls = $config['allow_sig_links'] ? (bool) $this->optionget($user_row, 'sig_links') : false;
                $signature = utf8_normalize_nfc(request_var('signature', (string) $user_row['user_sig'], true));
                $preview = isset($_POST['preview']) ? true : false;
                if ($submit || $preview) {
                    include_once $src_root_path . 'includes/message_parser.' . $phpEx;
                    $enable_bbcode = $config['allow_sig_bbcode'] ? request_var('disable_bbcode', false) ? false : true : false;
                    $enable_smilies = $config['allow_sig_smilies'] ? request_var('disable_smilies', false) ? false : true : false;
                    $enable_urls = $config['allow_sig_links'] ? request_var('disable_magic_url', false) ? false : true : false;
                    $message_parser = new parse_message($signature);
                    // Allowing Quote BBCode
                    $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
                    if (sizeof($message_parser->warn_msg)) {
                        $error[] = implode('<br />', $message_parser->warn_msg);
                    }
                    if (!check_form_key($form_name)) {
                        $error = 'FORM_INVALID';
                    }
                    if (!sizeof($error) && $submit) {
                        $this->optionset($user_row, 'sig_bbcode', $enable_bbcode);
                        $this->optionset($user_row, 'sig_smilies', $enable_smilies);
                        $this->optionset($user_row, 'sig_links', $enable_urls);
                        $sql_ary = array('user_sig' => (string) $message_parser->message, 'user_options' => $user_row['user_options'], 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => (string) $message_parser->bbcode_bitfield);
                        $sql = 'UPDATE ' . USERS_TABLE . '
							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
							WHERE user_id = ' . $user_id;
                        $db->sql_query($sql);
                        trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                    }
                    // Replace "error" strings with their real, localised form
                    $error = array_map(array($user, 'lang'), $error);
                }
                $signature_preview = '';
                if ($preview) {
                    // Now parse it for displaying
                    $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false);
                    unset($message_parser);
                }
                decode_message($signature, $user_row['user_sig_bbcode_uid']);
                $template->assign_vars(array('S_SIGNATURE' => true, 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => !$enable_bbcode ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => !$enable_smilies ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => !$enable_urls ? ' checked="checked"' : '', 'BBCODE_STATUS' => $config['allow_sig_bbcode'] ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$src_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$src_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'SMILIES_STATUS' => $config['allow_sig_smilies'] ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => $config['allow_sig_img'] ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $config['allow_sig_flash'] ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'URL_STATUS' => $config['allow_sig_links'] ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 'S_BBCODE_IMG' => $config['allow_sig_img'] ? true : false, 'S_BBCODE_FLASH' => $config['allow_sig_flash'] ? true : false, 'S_LINKS_ALLOWED' => $config['allow_sig_links'] ? true : false));
                // Assigning custom bbcodes
                display_custom_bbcodes();
                break;
            case 'attach':
                $start = request_var('start', 0);
                $deletemark = isset($_POST['delmarked']) ? true : false;
                $marked = request_var('mark', array(0));
                $pagination = $src_container->get('pagination');
                // Sort keys
                $sort_key = request_var('sk', 'a');
                $sort_dir = request_var('sd', 'd');
                if ($deletemark && sizeof($marked)) {
                    $sql = 'SELECT attach_id
						FROM ' . ATTACHMENTS_TABLE . '
						WHERE poster_id = ' . $user_id . '
							AND is_orphan = 0
							AND ' . $db->sql_in_set('attach_id', $marked);
                    $result = $db->sql_query($sql);
                    $marked = array();
                    while ($row = $db->sql_fetchrow($result)) {
                        $marked[] = $row['attach_id'];
                    }
                    $db->sql_freeresult($result);
                }
                if ($deletemark && sizeof($marked)) {
                    if (confirm_box(true)) {
                        $sql = 'SELECT real_filename
							FROM ' . ATTACHMENTS_TABLE . '
							WHERE ' . $db->sql_in_set('attach_id', $marked);
                        $result = $db->sql_query($sql);
                        $log_attachments = array();
                        while ($row = $db->sql_fetchrow($result)) {
                            $log_attachments[] = $row['real_filename'];
                        }
                        $db->sql_freeresult($result);
                        delete_attachments('attach', $marked);
                        $message = sizeof($log_attachments) == 1 ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
                        add_log('admin', 'LOG_ATTACHMENTS_DELETED', implode($user->lang['COMMA_SEPARATOR'], $log_attachments));
                        trigger_error($message . adm_back_link($this->u_action . '&amp;u=' . $user_id));
                    } else {
                        confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'delmarked' => true, 'mark' => $marked)));
                    }
                }
                $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
                $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
                $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
                $s_sort_key = '';
                foreach ($sk_text as $key => $value) {
                    $selected = $sort_key == $key ? ' selected="selected"' : '';
                    $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
                }
                $s_sort_dir = '';
                foreach ($sd_text as $key => $value) {
                    $selected = $sort_dir == $key ? ' selected="selected"' : '';
                    $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
                }
                if (!isset($sk_sql[$sort_key])) {
                    $sort_key = 'a';
                }
                $order_by = $sk_sql[$sort_key] . ' ' . ($sort_dir == 'a' ? 'ASC' : 'DESC');
                $sql = 'SELECT COUNT(attach_id) as num_attachments
					FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\tWHERE poster_id = {$user_id}\n\t\t\t\t\t\tAND is_orphan = 0";
                $result = $db->sql_query_limit($sql, 1);
                $num_attachments = (int) $db->sql_fetchfield('num_attachments');
                $db->sql_freeresult($result);
                $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
					FROM ' . ATTACHMENTS_TABLE . ' a
						LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id
							AND a.in_message = 0)
						LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id
							AND a.in_message = 1)
					WHERE a.poster_id = ' . $user_id . "\n\t\t\t\t\t\tAND a.is_orphan = 0\n\t\t\t\t\tORDER BY {$order_by}";
                $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
                while ($row = $db->sql_fetchrow($result)) {
                    if ($row['in_message']) {
                        $view_topic = append_sid("{$src_root_path}ucp.{$phpEx}", "i=pm&amp;p={$row['post_msg_id']}");
                    } else {
                        $view_topic = append_sid("{$src_root_path}viewtopic.{$phpEx}", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
                    }
                    $template->assign_block_vars('attach', array('REAL_FILENAME' => $row['real_filename'], 'COMMENT' => nl2br($row['attach_comment']), 'EXTENSION' => $row['extension'], 'SIZE' => get_formatted_filesize($row['filesize']), 'DOWNLOAD_COUNT' => $row['download_count'], 'POST_TIME' => $user->format_date($row['filetime']), 'TOPIC_TITLE' => $row['in_message'] ? $row['message_title'] : $row['topic_title'], 'ATTACH_ID' => $row['attach_id'], 'POST_ID' => $row['post_msg_id'], 'TOPIC_ID' => $row['topic_id'], 'S_IN_MESSAGE' => $row['in_message'], 'U_DOWNLOAD' => append_sid("{$src_root_path}download/file.{$phpEx}", 'mode=view&amp;id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic));
                }
                $db->sql_freeresult($result);
                $base_url = $this->u_action . "&amp;u={$user_id}&amp;sk={$sort_key}&amp;sd={$sort_dir}";
                $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
                $template->assign_vars(array('S_ATTACHMENTS' => true, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir));
                break;
            case 'groups':
                include $src_root_path . 'includes/functions_user.' . $phpEx;
                $user->add_lang(array('groups', 'acp/groups'));
                $group_id = request_var('g', 0);
                if ($group_id) {
                    // Check the founder only entry for this group to make sure everything is well
                    $sql = 'SELECT group_founder_manage
						FROM ' . GROUPS_TABLE . '
						WHERE group_id = ' . $group_id;
                    $result = $db->sql_query($sql);
                    $founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
                    $db->sql_freeresult($result);
                    if ($user->data['user_type'] != USER_FOUNDER && $founder_manage) {
                        trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                    }
                } else {
                    $founder_manage = 0;
                }
                switch ($action) {
                    case 'demote':
                    case 'promote':
                    case 'default':
                        if (!$group_id) {
                            trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                        }
                        group_user_attributes($action, $group_id, $user_id);
                        if ($action == 'default') {
                            $user_row['group_id'] = $group_id;
                        }
                        break;
                    case 'delete':
                        if (confirm_box(true)) {
                            if (!$group_id) {
                                trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            if ($error = group_user_del($group_id, $user_id)) {
                                trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            $error = array();
                            // The delete action was successful - therefore update the user row...
                            $sql = 'SELECT u.*, s.*
								FROM ' . USERS_TABLE . ' u
									LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
								WHERE u.user_id = ' . $user_id . '
								ORDER BY s.session_time DESC';
                            $result = $db->sql_query_limit($sql, 1);
                            $user_row = $db->sql_fetchrow($result);
                            $db->sql_freeresult($result);
                        } else {
                            confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'g' => $group_id)));
                        }
                        break;
                    case 'approve':
                        if (confirm_box(true)) {
                            if (!$group_id) {
                                trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                            }
                            group_user_attributes($action, $group_id, $user_id);
                        } else {
                            confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'g' => $group_id)));
                        }
                        break;
                }
                // Add user to group?
                if ($submit) {
                    if (!check_form_key($form_name)) {
                        trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                    }
                    if (!$group_id) {
                        trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                    }
                    // Add user/s to group
                    if ($error = group_user_add($group_id, $user_id)) {
                        trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
                    }
                    $error = array();
                }
                $sql = 'SELECT ug.*, g.*
					FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\tWHERE ug.user_id = {$user_id}\n\t\t\t\t\t\tAND g.group_id = ug.group_id\n\t\t\t\t\tORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name";
                $result = $db->sql_query($sql);
                $i = 0;
                $group_data = $id_ary = array();
                while ($row = $db->sql_fetchrow($result)) {
                    $type = $row['group_type'] == GROUP_SPECIAL ? 'special' : ($row['user_pending'] ? 'pending' : 'normal');
                    $group_data[$type][$i]['group_id'] = $row['group_id'];
                    $group_data[$type][$i]['group_name'] = $row['group_name'];
                    $group_data[$type][$i]['group_leader'] = $row['group_leader'] ? 1 : 0;
                    $id_ary[] = $row['group_id'];
                    $i++;
                }
                $db->sql_freeresult($result);
                // Select box for other groups
                $sql = 'SELECT group_id, group_name, group_type, group_founder_manage
					FROM ' . GROUPS_TABLE . '
					' . (sizeof($id_ary) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
					ORDER BY group_type DESC, group_name ASC';
                $result = $db->sql_query($sql);
                $s_group_options = '';
                while ($row = $db->sql_fetchrow($result)) {
                    if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA') {
                        continue;
                    }
                    // Do not display those groups not allowed to be managed
                    if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage']) {
                        continue;
                    }
                    $s_group_options .= '<option' . ($row['group_type'] == GROUP_SPECIAL ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . ($row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
                }
                $db->sql_freeresult($result);
                $current_type = '';
                foreach ($group_data as $group_type => $data_ary) {
                    if ($current_type != $group_type) {
                        $template->assign_block_vars('group', array('S_NEW_GROUP_TYPE' => true, 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)]));
                    }
                    foreach ($data_ary as $data) {
                        $template->assign_block_vars('group', array('U_EDIT_GROUP' => append_sid("{$src_admin_path}index.{$phpEx}", "i=groups&amp;mode=manage&amp;action=edit&amp;u={$user_id}&amp;g={$data['group_id']}&amp;back_link=acp_users_groups"), 'U_DEFAULT' => $this->u_action . "&amp;action=default&amp;u={$user_id}&amp;g=" . $data['group_id'], 'U_DEMOTE_PROMOTE' => $this->u_action . '&amp;action=' . ($data['group_leader'] ? 'demote' : 'promote') . "&amp;u={$user_id}&amp;g=" . $data['group_id'], 'U_DELETE' => $this->u_action . "&amp;action=delete&amp;u={$user_id}&amp;g=" . $data['group_id'], 'U_APPROVE' => $group_type == 'pending' ? $this->u_action . "&amp;action=approve&amp;u={$user_id}&amp;g=" . $data['group_id'] : '', 'GROUP_NAME' => $group_type == 'special' ? $user->lang['G_' . $data['group_name']] : $data['group_name'], 'L_DEMOTE_PROMOTE' => $data['group_leader'] ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'], 'S_IS_MEMBER' => $group_type != 'pending' ? true : false, 'S_NO_DEFAULT' => $user_row['group_id'] != $data['group_id'] ? true : false, 'S_SPECIAL_GROUP' => $group_type == 'special' ? true : false));
                    }
                }
                $template->assign_vars(array('S_GROUPS' => true, 'S_GROUP_OPTIONS' => $s_group_options));
                break;
            case 'perm':
                include_once $src_root_path . 'includes/acp/auth.' . $phpEx;
                $auth_admin = new auth_admin();
                $user->add_lang('acp/permissions');
                add_permission_language();
                $forum_id = request_var('f', 0);
                // Global Permissions
                if (!$forum_id) {
                    // Select auth options
                    $sql = 'SELECT auth_option, is_local, is_global
						FROM ' . ACL_OPTIONS_TABLE . '
						WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . '
							AND is_global = 1
						ORDER BY auth_option';
                    $result = $db->sql_query($sql);
                    $hold_ary = array();
                    while ($row = $db->sql_fetchrow($result)) {
                        $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
                        $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
                    }
                    $db->sql_freeresult($result);
                    unset($hold_ary);
                } else {
                    $sql = 'SELECT auth_option, is_local, is_global
						FROM ' . ACL_OPTIONS_TABLE . "\n\t\t\t\t\t\tWHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . "\n\t\t\t\t\t\t\tAND is_local = 1\n\t\t\t\t\t\tORDER BY is_global DESC, auth_option";
                    $result = $db->sql_query($sql);
                    while ($row = $db->sql_fetchrow($result)) {
                        $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER);
                        $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
                    }
                    $db->sql_freeresult($result);
                }
                $s_forum_options = '<option value="0"' . (!$forum_id ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>';
                $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false);
                $template->assign_vars(array('S_PERMISSIONS' => true, 'S_GLOBAL' => !$forum_id ? true : false, 'S_FORUM_OPTIONS' => $s_forum_options, 'U_ACTION' => $this->u_action . '&amp;u=' . $user_id, 'U_USER_PERMISSIONS' => append_sid("{$src_admin_path}index.{$phpEx}", 'i=permissions&amp;mode=setting_user_global&amp;user_id[]=' . $user_id), 'U_USER_FORUM_PERMISSIONS' => append_sid("{$src_admin_path}index.{$phpEx}", 'i=permissions&amp;mode=setting_user_local&amp;user_id[]=' . $user_id)));
                break;
        }
        // Assign general variables
        $template->assign_vars(array('S_ERROR' => sizeof($error) ? true : false, 'ERROR_MSG' => sizeof($error) ? implode('<br />', $error) : ''));
    }
Ejemplo n.º 19
0
 /**
  * Get email template variables
  *
  * @return array
  */
 public function get_email_template_variables()
 {
     $srcrd_url = generate_srcrd_url();
     if ($this->get_data('post_username')) {
         $username = $this->get_data('post_username');
     } else {
         $username = $this->user_loader->get_username($this->get_data('poster_id'), 'username');
     }
     return array('AUTHOR_NAME' => htmlspecialchars_decode($username), 'FORUM_NAME' => htmlspecialchars_decode($this->get_data('forum_name')), 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title'))), 'U_TOPIC' => "{$srcrd_url}/viewtopic.{$this->php_ext}?f={$this->item_parent_id}&t={$this->item_id}", 'U_VIEW_TOPIC' => "{$srcrd_url}/viewtopic.{$this->php_ext}?f={$this->item_parent_id}&t={$this->item_id}", 'U_FORUM' => "{$srcrd_url}/viewforum.{$this->php_ext}?f={$this->item_parent_id}", 'U_STOP_WATCHING_FORUM' => "{$srcrd_url}/viewforum.{$this->php_ext}?uid={$this->user_id}&f={$this->item_parent_id}&unwatch=forum");
 }
Ejemplo n.º 20
0
 function build_regexp(&$bbcode_match, &$bbcode_tpl)
 {
     $bbcode_match = trim($bbcode_match);
     $bbcode_tpl = trim($bbcode_tpl);
     // Allow unicode characters for URL|LOCAL_URL|RELATIVE_URL|INTTEXT tokens
     $utf8 = preg_match('/(URL|LOCAL_URL|RELATIVE_URL|INTTEXT)/', $bbcode_match);
     $utf8_pcre_properties = src_pcre_utf8_support();
     $fp_match = preg_quote($bbcode_match, '!');
     $fp_replace = preg_replace('#^\\[(.*?)\\]#', '[$1:$uid]', $bbcode_match);
     $fp_replace = preg_replace('#\\[/(.*?)\\]$#', '[/$1:$uid]', $fp_replace);
     $sp_match = preg_quote($bbcode_match, '!');
     $sp_match = preg_replace('#^\\\\\\[(.*?)\\\\\\]#', '\\[$1:$uid\\]', $sp_match);
     $sp_match = preg_replace('#\\\\\\[/(.*?)\\\\\\]$#', '\\[/$1:$uid\\]', $sp_match);
     $sp_replace = $bbcode_tpl;
     // @todo Make sure to change this too if something changed in message parsing
     $tokens = array('URL' => array('!(?:(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('url')) . ')|(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('www_url')) . '))!ie' => "\$this->bbcode_specialchars(('\$1') ? '\$1' : 'http://\$2')"), 'LOCAL_URL' => array('!(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('\$1')"), 'RELATIVE_URL' => array('!(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('\$1')"), 'EMAIL' => array('!(' . get_preg_expression('email') . ')!ie' => "\$this->bbcode_specialchars('\$1')"), 'TEXT' => array('!(.*?)!es' => "str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', '&#39;', '&#40;', '&#41;'), trim('\$1'))"), 'SIMPLETEXT' => array('!([a-zA-Z0-9-+.,_ ]+)!' => "\$1"), 'INTTEXT' => array($utf8_pcre_properties ? '!([\\p{L}\\p{N}\\-+,_. ]+)!u' : '!([a-zA-Z0-9\\-+,_. ]+)!u' => "\$1"), 'IDENTIFIER' => array('!([a-zA-Z0-9-_]+)!' => "\$1"), 'COLOR' => array('!([a-z]+|#[0-9abcdef]+)!i' => '$1'), 'NUMBER' => array('!([0-9]+)!' => '$1'));
     $sp_tokens = array('URL' => '(?i)((?:' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('www_url')) . '))(?-i)', 'LOCAL_URL' => '(?i)(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', 'RELATIVE_URL' => '(?i)(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', 'EMAIL' => '(' . get_preg_expression('email') . ')', 'TEXT' => '(.*?)', 'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)', 'INTTEXT' => $utf8_pcre_properties ? '([\\p{L}\\p{N}\\-+,_. ]+)' : '([a-zA-Z0-9\\-+,_. ]+)', 'IDENTIFIER' => '([a-zA-Z0-9-_]+)', 'COLOR' => '([a-zA-Z]+|#[0-9abcdefABCDEF]+)', 'NUMBER' => '([0-9]+)');
     $pad = 0;
     $modifiers = 'i';
     $modifiers .= $utf8 && $utf8_pcre_properties ? 'u' : '';
     if (preg_match_all('/\\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\\}/i', $bbcode_match, $m)) {
         foreach ($m[0] as $n => $token) {
             $token_type = $m[1][$n];
             reset($tokens[strtoupper($token_type)]);
             list($match, $replace) = each($tokens[strtoupper($token_type)]);
             // Pad backreference numbers from tokens
             if (preg_match_all('/(?<!\\\\)\\$([0-9]+)/', $replace, $repad)) {
                 $repad = $pad + sizeof(array_unique($repad[0]));
                 $replace = preg_replace('/(?<!\\\\)\\$([0-9]+)/e', "'\${' . (\$1 + \$pad) . '}'", $replace);
                 $pad = $repad;
             }
             // Obtain pattern modifiers to use and alter the regex accordingly
             $regex = preg_replace('/!(.*)!([a-z]*)/', '$1', $match);
             $regex_modifiers = preg_replace('/!(.*)!([a-z]*)/', '$2', $match);
             for ($i = 0, $size = strlen($regex_modifiers); $i < $size; ++$i) {
                 if (strpos($modifiers, $regex_modifiers[$i]) === false) {
                     $modifiers .= $regex_modifiers[$i];
                     if ($regex_modifiers[$i] == 'e') {
                         $fp_replace = "'" . str_replace("'", "\\'", $fp_replace) . "'";
                     }
                 }
                 if ($regex_modifiers[$i] == 'e') {
                     $replace = "'.{$replace}.'";
                 }
             }
             $fp_match = str_replace(preg_quote($token, '!'), $regex, $fp_match);
             $fp_replace = str_replace($token, $replace, $fp_replace);
             $sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match);
             // Prepend the srcrd url to local relative links
             $replace_prepend = $token_type === 'LOCAL_URL' ? generate_srcrd_url() . '/' : '';
             $sp_replace = str_replace($token, $replace_prepend . '${' . ($n + 1) . '}', $sp_replace);
         }
         $fp_match = '!' . $fp_match . '!' . $modifiers;
         $sp_match = '!' . $sp_match . '!s' . ($utf8 ? 'u' : '');
         if (strpos($fp_match, 'e') !== false) {
             $fp_replace = str_replace("'.'", '', $fp_replace);
             $fp_replace = str_replace(".''.", '.', $fp_replace);
         }
     } else {
         // No replacement is present, no need for a second-pass pattern replacement
         // A simple str_replace will suffice
         $fp_match = '!' . $fp_match . '!' . $modifiers;
         $sp_match = $fp_replace;
         $sp_replace = '';
     }
     // Lowercase tags
     $bbcode_tag = preg_replace('/.*?\\[([a-z0-9_-]+=?).*/i', '$1', $bbcode_match);
     $bbcode_search = preg_replace('/.*?\\[([a-z0-9_-]+)=?.*/i', '$1', $bbcode_match);
     if (!preg_match('/^[a-zA-Z0-9_-]+=?$/', $bbcode_tag)) {
         global $user;
         trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
     }
     $fp_match = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $fp_match);
     $fp_replace = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $fp_replace);
     $sp_match = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $sp_match);
     $sp_replace = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $sp_replace);
     return array('bbcode_tag' => $bbcode_tag, 'first_pass_match' => $fp_match, 'first_pass_replace' => $fp_replace, 'second_pass_match' => $sp_match, 'second_pass_replace' => $sp_replace);
 }
Ejemplo n.º 21
0
 /**
  * {@inheritdoc}
  */
 public function get_email_template_variables()
 {
     $user_data = $this->user_loader->get_user($this->item_id);
     return array('GROUP_NAME' => htmlspecialchars_decode($this->get_data('group_name')), 'REQUEST_USERNAME' => htmlspecialchars_decode($user_data['username']), 'U_PENDING' => generate_srcrd_url() . "/ucp.{$this->php_ext}?i=groups&mode=manage&action=list&g={$this->item_parent_id}", 'U_GROUP' => generate_srcrd_url() . "/memberlist.{$this->php_ext}?mode=group&g={$this->item_parent_id}");
 }
Ejemplo n.º 22
0
    /**
     * Handles warning the user when the warning is for a specific post
     */
    function mcp_warn_post_view($action)
    {
        global $phpEx, $src_root_path, $config;
        global $template, $db, $user, $auth, $src_dispatcher;
        $post_id = request_var('p', 0);
        $forum_id = request_var('f', 0);
        $notify = isset($_REQUEST['notify_user']) ? true : false;
        $warning = utf8_normalize_nfc(request_var('warning', '', true));
        $sql = 'SELECT u.*, p.*
			FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u\n\t\t\tWHERE p.post_id = {$post_id}\n\t\t\t\tAND u.user_id = p.poster_id";
        $result = $db->sql_query($sql);
        $user_row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if (!$user_row) {
            trigger_error('NO_POST');
        }
        // There is no point issuing a warning to ignored users (ie anonymous and bots)
        if ($user_row['user_type'] == USER_IGNORE) {
            trigger_error('CANNOT_WARN_ANONYMOUS');
        }
        // Prevent someone from warning themselves
        if ($user_row['user_id'] == $user->data['user_id']) {
            trigger_error('CANNOT_WARN_SELF');
        }
        // Check if there is already a warning for this post to prevent multiple
        // warnings for the same offence
        $sql = 'SELECT post_id
			FROM ' . WARNINGS_TABLE . "\n\t\t\tWHERE post_id = {$post_id}";
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if ($row) {
            trigger_error('ALREADY_WARNED');
        }
        $user_id = $user_row['user_id'];
        if (strpos($this->u_action, "&amp;f={$forum_id}&amp;p={$post_id}") === false) {
            $this->p_master->adjust_url("&amp;f={$forum_id}&amp;p={$post_id}");
            $this->u_action .= "&amp;f={$forum_id}&amp;p={$post_id}";
        }
        // Check if can send a notification
        if ($config['allow_privmsg']) {
            $auth2 = new \src\auth\auth();
            $auth2->acl($user_row);
            $s_can_notify = $auth2->acl_get('u_readpm') ? true : false;
            unset($auth2);
        } else {
            $s_can_notify = false;
        }
        // Prevent against clever people
        if ($notify && !$s_can_notify) {
            $notify = false;
        }
        if ($warning && $action == 'add_warning') {
            if (check_form_key('mcp_warn')) {
                $s_mcp_warn_post = true;
                /**
                 * Event for before warning a user for a post.
                 *
                 * @event core.mcp_warn_post_before
                 * @var array	user_row		The entire user row
                 * @var string	warning			The warning message
                 * @var bool		notify			If true, we notify the user for the warning
                 * @var int		post_id			The post id for which the warning is added
                 * @var bool		s_mcp_warn_post If true, we add the warning else we omit it
                 * @since 3.1.0-b4
                 */
                $vars = array('user_row', 'warning', 'notify', 'post_id', 's_mcp_warn_post');
                extract($src_dispatcher->trigger_event('core.mcp_warn_post_before', compact($vars)));
                if ($s_mcp_warn_post) {
                    add_warning($user_row, $warning, $notify, $post_id);
                    $message = $user->lang['USER_WARNING_ADDED'];
                    /**
                     * Event for after warning a user for a post.
                     *
                     * @event core.mcp_warn_post_after
                     * @var array	user_row	The entire user row
                     * @var string	warning		The warning message
                     * @var bool		notify		If true, the user was notified for the warning
                     * @var int		post_id		The post id for which the warning is added
                     * @var string	message		Message displayed to the moderator
                     * @since 3.1.0-b4
                     */
                    $vars = array('user_row', 'warning', 'notify', 'post_id', 'message');
                    extract($src_dispatcher->trigger_event('core.mcp_warn_post_after', compact($vars)));
                }
            } else {
                $message = $user->lang['FORM_INVALID'];
            }
            if (!empty($message)) {
                $redirect = append_sid("{$src_root_path}mcp.{$phpEx}", "i=notes&amp;mode=user_notes&amp;u={$user_id}");
                meta_refresh(2, $redirect);
                trigger_error($message . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
            }
        }
        // OK, they didn't submit a warning so lets build the page for them to do so
        // We want to make the message available here as a reminder
        // Parse the message and subject
        $parse_flags = OPTION_FLAG_SMILIES | ($user_row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0);
        $message = generate_text_for_display($user_row['post_text'], $user_row['bbcode_uid'], $user_row['bbcode_bitfield'], $parse_flags, true);
        // Generate the appropriate user information for the user we are looking at
        if (!function_exists('src_get_user_rank')) {
            include $src_root_path . 'includes/functions_display.' . $phpEx;
        }
        $user_rank_data = src_get_user_rank($user_row, $user_row['user_posts']);
        $avatar_img = src_get_user_avatar($user_row);
        $template->assign_vars(array('U_POST_ACTION' => $this->u_action, 'POST' => $message, 'USERNAME' => $user_row['username'], 'USER_COLOR' => !empty($user_row['user_colour']) ? $user_row['user_colour'] : '', 'RANK_TITLE' => $user_rank_data['title'], 'JOINED' => $user->format_date($user_row['user_regdate']), 'POSTS' => $user_row['user_posts'] ? $user_row['user_posts'] : 0, 'WARNINGS' => $user_row['user_warnings'] ? $user_row['user_warnings'] : 0, 'AVATAR_IMG' => $avatar_img, 'RANK_IMG' => $user_rank_data['img'], 'L_WARNING_POST_DEFAULT' => sprintf($user->lang['WARNING_POST_DEFAULT'], generate_srcrd_url() . "/viewtopic.{$phpEx}?f={$forum_id}&amp;p={$post_id}#p{$post_id}"), 'S_CAN_NOTIFY' => $s_can_notify));
    }
Ejemplo n.º 23
0
    function main($id, $mode)
    {
        global $config, $db, $user, $auth, $template, $src_container;
        global $src_root_path, $src_admin_path, $phpEx, $table_prefix;
        include $src_root_path . 'includes/functions_user.' . $phpEx;
        $user->add_lang('memberlist');
        $action = request_var('action', '');
        $mark = isset($_REQUEST['mark']) ? request_var('mark', array(0)) : array();
        $start = request_var('start', 0);
        $submit = isset($_POST['submit']);
        // Sort keys
        $sort_days = request_var('st', 0);
        $sort_key = request_var('sk', 'i');
        $sort_dir = request_var('sd', 'd');
        $form_key = 'acp_inactive';
        add_form_key($form_key);
        $pagination = $src_container->get('pagination');
        // We build the sort key and per page settings here, because they may be needed later
        // Number of entries to display
        $per_page = request_var('users_per_page', (int) $config['topics_per_page']);
        // Sorting
        $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
        $sort_by_text = array('i' => $user->lang['SORT_INACTIVE'], 'j' => $user->lang['SORT_REG_DATE'], 'l' => $user->lang['SORT_LAST_VISIT'], 'd' => $user->lang['SORT_LAST_REMINDER'], 'r' => $user->lang['SORT_REASON'], 'u' => $user->lang['SORT_USERNAME'], 'p' => $user->lang['SORT_POSTS'], 'e' => $user->lang['SORT_REMINDER']);
        $sort_by_sql = array('i' => 'user_inactive_time', 'j' => 'user_regdate', 'l' => 'user_lastvisit', 'd' => 'user_reminded_time', 'r' => 'user_inactive_reason', 'u' => 'username_clean', 'p' => 'user_posts', 'e' => 'user_reminded');
        $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
        gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
        if ($submit && sizeof($mark)) {
            if ($action !== 'delete' && !check_form_key($form_key)) {
                trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
            }
            switch ($action) {
                case 'activate':
                case 'delete':
                    $sql = 'SELECT user_id, username
						FROM ' . USERS_TABLE . '
						WHERE ' . $db->sql_in_set('user_id', $mark);
                    $result = $db->sql_query($sql);
                    $user_affected = array();
                    while ($row = $db->sql_fetchrow($result)) {
                        $user_affected[$row['user_id']] = $row['username'];
                    }
                    $db->sql_freeresult($result);
                    if ($action == 'activate') {
                        // Get those 'being activated'...
                        $sql = 'SELECT user_id, username' . ($config['require_activation'] == USER_ACTIVATION_ADMIN ? ', user_email, user_lang' : '') . '
							FROM ' . USERS_TABLE . '
							WHERE ' . $db->sql_in_set('user_id', $mark) . '
								AND user_type = ' . USER_INACTIVE;
                        $result = $db->sql_query($sql);
                        $inactive_users = array();
                        while ($row = $db->sql_fetchrow($result)) {
                            $inactive_users[] = $row;
                        }
                        $db->sql_freeresult($result);
                        user_active_flip('activate', $mark);
                        if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !empty($inactive_users)) {
                            include_once $src_root_path . 'includes/functions_messenger.' . $phpEx;
                            $messenger = new messenger(false);
                            foreach ($inactive_users as $row) {
                                $messenger->template('admin_welcome_activated', $row['user_lang']);
                                $messenger->set_addresses($row);
                                $messenger->anti_abuse_headers($config, $user);
                                $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username'])));
                                $messenger->send(NOTIFY_EMAIL);
                            }
                            $messenger->save_queue();
                        }
                        if (!empty($inactive_users)) {
                            foreach ($inactive_users as $row) {
                                add_log('admin', 'LOG_USER_ACTIVE', $row['username']);
                                add_log('user', $row['user_id'], 'LOG_USER_ACTIVE_USER');
                            }
                            trigger_error(sprintf($user->lang['LOG_INACTIVE_ACTIVATE'], implode($user->lang['COMMA_SEPARATOR'], $user_affected) . ' ' . adm_back_link($this->u_action)));
                        }
                        // For activate we really need to redirect, else a refresh can result in users being deactivated again
                        $u_action = $this->u_action . "&amp;{$u_sort_param}&amp;start={$start}";
                        $u_action .= $per_page != $config['topics_per_page'] ? "&amp;users_per_page={$per_page}" : '';
                        redirect($u_action);
                    } else {
                        if ($action == 'delete') {
                            if (confirm_box(true)) {
                                if (!$auth->acl_get('a_userdel')) {
                                    trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
                                }
                                user_delete('retain', $mark, true);
                                add_log('admin', 'LOG_INACTIVE_' . strtoupper($action), implode(', ', $user_affected));
                                trigger_error(sprintf($user->lang['LOG_INACTIVE_DELETE'], implode($user->lang['COMMA_SEPARATOR'], $user_affected) . ' ' . adm_back_link($this->u_action)));
                            } else {
                                $s_hidden_fields = array('mode' => $mode, 'action' => $action, 'mark' => $mark, 'submit' => 1, 'start' => $start);
                                confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
                            }
                        }
                    }
                    break;
                case 'remind':
                    if (empty($config['email_enable'])) {
                        trigger_error($user->lang['EMAIL_DISABLED'] . adm_back_link($this->u_action), E_USER_WARNING);
                    }
                    $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey
						FROM ' . USERS_TABLE . '
						WHERE ' . $db->sql_in_set('user_id', $mark) . '
							AND user_inactive_reason';
                    $sql .= $config['require_activation'] == USER_ACTIVATION_ADMIN ? ' = ' . INACTIVE_REMIND : ' <> ' . INACTIVE_MANUAL;
                    $result = $db->sql_query($sql);
                    if ($row = $db->sql_fetchrow($result)) {
                        // Send the messages
                        include_once $src_root_path . 'includes/functions_messenger.' . $phpEx;
                        $messenger = new messenger();
                        $usernames = $user_ids = array();
                        do {
                            $messenger->template('user_remind_inactive', $row['user_lang']);
                            $messenger->set_addresses($row);
                            $messenger->anti_abuse_headers($config, $user);
                            $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username']), 'REGISTER_DATE' => $user->format_date($row['user_regdate'], false, true), 'U_ACTIVATE' => generate_srcrd_url() . "/ucp.{$phpEx}?mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey']));
                            $messenger->send($row['user_notify_type']);
                            $usernames[] = $row['username'];
                            $user_ids[] = (int) $row['user_id'];
                        } while ($row = $db->sql_fetchrow($result));
                        $messenger->save_queue();
                        // Add the remind state to the database
                        $sql = 'UPDATE ' . USERS_TABLE . '
							SET user_reminded = user_reminded + 1,
								user_reminded_time = ' . time() . '
							WHERE ' . $db->sql_in_set('user_id', $user_ids);
                        $db->sql_query($sql);
                        add_log('admin', 'LOG_INACTIVE_REMIND', implode(', ', $usernames));
                        trigger_error(sprintf($user->lang['LOG_INACTIVE_REMIND'], implode($user->lang['COMMA_SEPARATOR'], $usernames) . ' ' . adm_back_link($this->u_action)));
                    }
                    $db->sql_freeresult($result);
                    // For remind we really need to redirect, else a refresh can result in more than one reminder
                    $u_action = $this->u_action . "&amp;{$u_sort_param}&amp;start={$start}";
                    $u_action .= $per_page != $config['topics_per_page'] ? "&amp;users_per_page={$per_page}" : '';
                    redirect($u_action);
                    break;
            }
        }
        // Define where and sort sql for use in displaying logs
        $sql_where = $sort_days ? time() - $sort_days * 86400 : 0;
        $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC');
        $inactive = array();
        $inactive_count = 0;
        $start = view_inactive_users($inactive, $inactive_count, $per_page, $start, $sql_where, $sql_sort);
        foreach ($inactive as $row) {
            $template->assign_block_vars('inactive', array('INACTIVE_DATE' => $user->format_date($row['user_inactive_time']), 'REMINDED_DATE' => $user->format_date($row['user_reminded_time']), 'JOINED' => $user->format_date($row['user_regdate']), 'LAST_VISIT' => !$row['user_lastvisit'] ? ' - ' : $user->format_date($row['user_lastvisit']), 'REASON' => $row['inactive_reason'], 'USER_ID' => $row['user_id'], 'POSTS' => $row['user_posts'] ? $row['user_posts'] : 0, 'REMINDED' => $row['user_reminded'], 'REMINDED_EXPLAIN' => $user->lang('USER_LAST_REMINDED', (int) $row['user_reminded'], $user->format_date($row['user_reminded_time'])), 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, append_sid("{$src_admin_path}index.{$phpEx}", 'i=users&amp;mode=overview')), 'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']), 'USER_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']), 'U_USER_ADMIN' => append_sid("{$src_admin_path}index.{$phpEx}", "i=users&amp;mode=overview&amp;u={$row['user_id']}"), 'U_SEARCH_USER' => $auth->acl_get('u_search') ? append_sid("{$src_root_path}search.{$phpEx}", "author_id={$row['user_id']}&amp;sr=posts") : ''));
        }
        $option_ary = array('activate' => 'ACTIVATE', 'delete' => 'DELETE');
        if ($config['email_enable']) {
            $option_ary += array('remind' => 'REMIND');
        }
        $base_url = $this->u_action . "&amp;{$u_sort_param}&amp;users_per_page={$per_page}";
        $pagination->generate_template_pagination($base_url, 'pagination', 'start', $inactive_count, $per_page, $start);
        $template->assign_vars(array('S_INACTIVE_USERS' => true, 'S_INACTIVE_OPTIONS' => build_select($option_ary), 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'USERS_PER_PAGE' => $per_page, 'U_ACTION' => $this->u_action . "&amp;{$u_sort_param}&amp;users_per_page={$per_page}&amp;start={$start}"));
        $this->tpl_name = 'acp_inactive';
        $this->page_title = 'ACP_INACTIVE_USERS';
    }
Ejemplo n.º 24
0
 /**
  * {inheritDoc}
  */
 public function submit(\messenger $messenger)
 {
     if (!$this->subject) {
         $this->errors[] = $this->user->lang['EMPTY_SUBJECT_EMAIL'];
     }
     if (!$this->body) {
         $this->errors[] = $this->user->lang['EMPTY_MESSAGE_EMAIL'];
     }
     if ($this->user->data['is_registered']) {
         $this->message->set_sender_from_user($this->user);
         $this->sender_name = $this->user->data['username'];
         $this->sender_address = $this->user->data['user_email'];
     } else {
         if (!$this->sender_name) {
             $this->errors[] = $this->user->lang['EMPTY_SENDER_NAME'];
         }
         if (!function_exists('validate_data')) {
             require $this->src_root_path . 'includes/functions_user.' . $this->phpEx;
         }
         $validate_array = validate_data(array('email' => $this->sender_address), array('email' => array(array('string', false, 6, 60), array('email'))));
         foreach ($validate_array as $error) {
             $this->errors[] = $this->user->lang[$error];
         }
         $this->message->set_sender($this->user->ip, $this->sender_name, $this->sender_address, $this->user->lang_name);
         $this->message->set_sender_notify_type(NOTIFY_EMAIL);
     }
     $this->message->set_template('contact_admin');
     $this->message->set_subject($this->subject);
     $this->message->set_body($this->body);
     $this->message->add_recipient($this->user->lang['ADMINISTRATOR'], $this->config['srcrd_contact'], $this->config['default_lang'], NOTIFY_EMAIL);
     $this->message->set_template_vars(array('FROM_EMAIL_ADDRESS' => $this->sender_address, 'FROM_IP_ADDRESS' => $this->user->ip, 'S_IS_REGISTERED' => $this->user->data['is_registered'], 'U_FROM_PROFILE' => generate_srcrd_url() . '/memberlist.' . $this->phpEx . '?mode=viewprofile&u=' . $this->user->data['user_id']));
     parent::submit($messenger);
 }
Ejemplo n.º 25
0
/**
* Compose private message
* Called from ucp_pm with mode == 'compose'
*/
function compose_pm($id, $mode, $action, $user_folders = array())
{
    global $template, $db, $auth, $user, $cache;
    global $src_root_path, $phpEx, $config;
    global $request, $src_dispatcher, $src_container;
    // Damn php and globals - i know, this is horrible
    // Needed for handle_message_list_actions()
    global $refresh, $submit, $preview;
    include $src_root_path . 'includes/functions_posting.' . $phpEx;
    include $src_root_path . 'includes/functions_display.' . $phpEx;
    include $src_root_path . 'includes/message_parser.' . $phpEx;
    if (!$action) {
        $action = 'post';
    }
    add_form_key('ucp_pm_compose');
    // Grab only parameters needed here
    $to_user_id = request_var('u', 0);
    $to_group_id = request_var('g', 0);
    $msg_id = request_var('p', 0);
    $draft_id = request_var('d', 0);
    $lastclick = request_var('lastclick', 0);
    // Reply to all triggered (quote/reply)
    $reply_to_all = request_var('reply_to_all', 0);
    $address_list = $request->variable('address_list', array('' => array(0 => '')));
    $preview = isset($_POST['preview']) ? true : false;
    $save = isset($_POST['save']) ? true : false;
    $load = isset($_POST['load']) ? true : false;
    $cancel = isset($_POST['cancel']) && !isset($_POST['save']) ? true : false;
    $delete = isset($_POST['delete']) ? true : false;
    $remove_u = isset($_REQUEST['remove_u']) ? true : false;
    $remove_g = isset($_REQUEST['remove_g']) ? true : false;
    $add_to = isset($_REQUEST['add_to']) ? true : false;
    $add_bcc = isset($_REQUEST['add_bcc']) ? true : false;
    $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load || $remove_u || $remove_g || $add_to || $add_bcc;
    $submit = $request->is_set_post('post') && !$refresh && !$preview;
    $action = $delete && !$preview && !$refresh && $submit ? 'delete' : $action;
    $select_single = $config['allow_mass_pm'] && $auth->acl_get('u_masspm') ? false : true;
    $error = array();
    $current_time = time();
    // Was cancel pressed? If so then redirect to the appropriate page
    if ($cancel || $current_time - $lastclick < 2 && $submit) {
        if ($msg_id) {
            redirect(append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm&amp;mode=view&amp;action=view_message&amp;p=' . $msg_id));
        }
        redirect(append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm'));
    }
    // Since viewtopic.php language entries are used in several modes,
    // we include the language file here
    $user->add_lang('viewtopic');
    /**
     * Modify the default vars before composing a PM
     *
     * @event core.ucp_pm_compose_modify_data
     * @var	int		msg_id					post_id in the page request
     * @var	int		to_user_id				The id of whom the message is to
     * @var	int		to_group_id				The id of the group the message is to
     * @var	bool	submit					Whether the form has been submitted
     * @var	bool	preview					Whether the user is previewing the PM or not
     * @var	string	action					One of: post, reply, quote, forward, quotepost, edit, delete, smilies
     * @var	bool	delete					Whether the user is deleting the PM
     * @var	int		reply_to_all			Value of reply_to_all request variable.
     * @since 3.1.4-RC1
     */
    $vars = array('msg_id', 'to_user_id', 'to_group_id', 'submit', 'preview', 'action', 'delete', 'reply_to_all');
    extract($src_dispatcher->trigger_event('core.ucp_pm_compose_modify_data', compact($vars)));
    // Output PM_TO box if message composing
    if ($action != 'edit') {
        // Add groups to PM box
        if ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) {
            $sql = 'SELECT g.group_id, g.group_name, g.group_type
				FROM ' . GROUPS_TABLE . ' g';
            if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) {
                $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug
					ON (
						g.group_id = ug.group_id
						AND ug.user_id = ' . $user->data['user_id'] . '
						AND ug.user_pending = 0
					)
					WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')';
            }
            $sql .= $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? ' WHERE ' : ' AND ';
            $sql .= 'g.group_receive_pm = 1
				ORDER BY g.group_type DESC, g.group_name ASC';
            $result = $db->sql_query($sql);
            $group_options = '';
            while ($row = $db->sql_fetchrow($result)) {
                $group_options .= '<option' . ($row['group_type'] == GROUP_SPECIAL ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . ($row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
            }
            $db->sql_freeresult($result);
        }
        $template->assign_vars(array('S_SHOW_PM_BOX' => true, 'S_ALLOW_MASS_PM' => $config['allow_mass_pm'] && $auth->acl_get('u_masspm') ? true : false, 'S_GROUP_OPTIONS' => $config['allow_mass_pm'] && $auth->acl_get('u_masspm_group') ? $group_options : '', 'U_FIND_USERNAME' => append_sid("{$src_root_path}memberlist.{$phpEx}", "mode=searchuser&amp;form=postform&amp;field=username_list&amp;select_single={$select_single}")));
    }
    $sql = '';
    $folder_id = 0;
    // What is all this following SQL for? Well, we need to know
    // some basic information in all cases before we do anything.
    switch ($action) {
        case 'post':
            if (!$auth->acl_get('u_sendpm')) {
                trigger_error('NO_AUTH_SEND_MESSAGE');
            }
            break;
        case 'reply':
        case 'quote':
        case 'forward':
        case 'quotepost':
            if (!$msg_id) {
                trigger_error('NO_MESSAGE');
            }
            if (!$auth->acl_get('u_sendpm')) {
                trigger_error('NO_AUTH_SEND_MESSAGE');
            }
            if ($action == 'quotepost') {
                $sql = 'SELECT p.post_id as msg_id, p.forum_id, p.post_text as message_text, p.poster_id as author_id, p.post_time as message_time, p.bbcode_bitfield, p.bbcode_uid, p.enable_sig, p.enable_smilies, p.enable_magic_url, t.topic_title as message_subject, u.username as quote_username
					FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u\n\t\t\t\t\tWHERE p.post_id = {$msg_id}\n\t\t\t\t\t\tAND t.topic_id = p.topic_id\n\t\t\t\t\t\tAND u.user_id = p.poster_id";
            } else {
                $sql = 'SELECT t.folder_id, p.*, u.username as quote_username
					FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u
					WHERE t.user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\t\tAND p.author_id = u.user_id\n\t\t\t\t\t\tAND t.msg_id = p.msg_id\n\t\t\t\t\t\tAND p.msg_id = {$msg_id}";
            }
            break;
        case 'edit':
            if (!$msg_id) {
                trigger_error('NO_MESSAGE');
            }
            // check for outbox (not read) status, we do not allow editing if one user already having the message
            $sql = 'SELECT p.*, t.folder_id
				FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p
				WHERE t.user_id = ' . $user->data['user_id'] . '
					AND t.folder_id = ' . PRIVMSGS_OUTBOX . "\n\t\t\t\t\tAND t.msg_id = {$msg_id}\n\t\t\t\t\tAND t.msg_id = p.msg_id";
            break;
        case 'delete':
            if (!$auth->acl_get('u_pm_delete')) {
                trigger_error('NO_AUTH_DELETE_MESSAGE');
            }
            if (!$msg_id) {
                trigger_error('NO_MESSAGE');
            }
            $sql = 'SELECT msg_id, pm_unread, pm_new, author_id, folder_id
				FROM ' . PRIVMSGS_TO_TABLE . '
				WHERE user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\tAND msg_id = {$msg_id}";
            break;
        case 'smilies':
            generate_smilies('window', 0);
            break;
        default:
            trigger_error('NO_ACTION_MODE', E_USER_ERROR);
            break;
    }
    if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward'))) {
        trigger_error('NO_AUTH_FORWARD_MESSAGE');
    }
    if ($action == 'edit' && !$auth->acl_get('u_pm_edit')) {
        trigger_error('NO_AUTH_EDIT_MESSAGE');
    }
    if ($sql) {
        /**
         * Alter sql query to get message for user to write the PM
         *
         * @event core.ucp_pm_compose_compose_pm_basic_info_query_before
         * @var	string	sql						String with the query to be executed
         * @var	array	forum_list				List of forums that contain the posts
         * @var	int		visibility_const		Integer with one of the possible ITEM_* constant values
         * @var	int		msg_id					topic_id in the page request
         * @var	int		to_user_id				The id of whom the message is to
         * @var	int		to_group_id				The id of the group whom the message is to
         * @var	bool	submit					Whether the user is sending the PM or not
         * @var	bool	preview					Whether the user is previewing the PM or not
         * @var	string	action					One of: post, reply, quote, forward, quotepost, edit, delete, smilies
         * @var	bool	delete					Whether the user is deleting the PM
         * @var	int		reply_to_all			Value of reply_to_all request variable.
         * @var	string	limit_time_sql			String with the SQL code to limit the time interval of the post (Note: May be empty string)
         * @var	string	sort_order_sql			String with the ORDER BY SQL code used in this query
         * @since 3.1.0-RC5
         */
        $vars = array('sql', 'forum_list', 'visibility_const', 'msg_id', 'to_user_id', 'to_group_id', 'submit', 'preview', 'action', 'delete', 'reply_to_all', 'limit_time_sql', 'sort_order_sql');
        extract($src_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_before', compact($vars)));
        $result = $db->sql_query($sql);
        $post = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if (!$post) {
            // If editing it could be the recipient already read the message...
            if ($action == 'edit') {
                $sql = 'SELECT p.*, t.folder_id
					FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p
					WHERE t.user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\t\tAND t.msg_id = {$msg_id}\n\t\t\t\t\t\tAND t.msg_id = p.msg_id";
                $result = $db->sql_query($sql);
                $post = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                if ($post) {
                    trigger_error('NO_EDIT_READ_MESSAGE');
                }
            }
            trigger_error('NO_MESSAGE');
        }
        if ($action == 'quotepost') {
            if ($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id']) || !$post['forum_id'] && !$auth->acl_getf_global('f_read')) {
                trigger_error('NOT_AUTHORISED');
            }
            /**
             * Get the result of querying for the post to be quoted in the pm message
             *
             * @event core.ucp_pm_compose_quotepost_query_after
             * @var	string	sql					The original SQL used in the query
             * @var	array	post				Associative array with the data of the quoted post
             * @var	array	msg_id				The post_id that was searched to get the message for quoting
             * @var	int		visibility_const	Visibility of the quoted post (one of the possible ITEM_* constant values)
             * @var	int		topic_id			Topic ID of the quoted post
             * @var	int		to_user_id			Users the message is sent to
             * @var	int		to_group_id			Groups the message is sent to
             * @var	bool	submit				Whether the user is sending the PM or not
             * @var	bool	preview				Whether the user is previewing the PM or not
             * @var	string	action				One of: post, reply, quote, forward, quotepost, edit, delete, smilies
             * @var	bool	delete				If deleting message
             * @var	int		reply_to_all		Value of reply_to_all request variable.
             * @since 3.1.0-RC5
             */
            $vars = array('sql', 'post', 'msg_id', 'visibility_const', 'topic_id', 'to_user_id', 'to_group_id', 'submit', 'preview', 'action', 'delete', 'reply_to_all');
            extract($src_dispatcher->trigger_event('core.ucp_pm_compose_quotepost_query_after', compact($vars)));
            // Passworded forum?
            if ($post['forum_id']) {
                $sql = 'SELECT forum_id, forum_name, forum_password
					FROM ' . FORUMS_TABLE . '
					WHERE forum_id = ' . (int) $post['forum_id'];
                $result = $db->sql_query($sql);
                $forum_data = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                if (!empty($forum_data['forum_password'])) {
                    login_forum_box($forum_data);
                }
            }
        }
        $msg_id = (int) $post['msg_id'];
        $folder_id = isset($post['folder_id']) ? $post['folder_id'] : 0;
        $message_text = isset($post['message_text']) ? $post['message_text'] : '';
        if ((!$post['author_id'] || $post['author_id'] == ANONYMOUS && $action != 'delete') && $msg_id) {
            trigger_error('NO_AUTHOR');
        }
        if ($action == 'quotepost') {
            // Decode text for message display
            decode_message($message_text, $post['bbcode_uid']);
        }
        if ($action != 'delete') {
            $enable_urls = $post['enable_magic_url'];
            $enable_sig = isset($post['enable_sig']) ? $post['enable_sig'] : 0;
            $message_attachment = isset($post['message_attachment']) ? $post['message_attachment'] : 0;
            $message_subject = $post['message_subject'];
            $message_time = $post['message_time'];
            $bbcode_uid = $post['bbcode_uid'];
            $quote_username = isset($post['quote_username']) ? $post['quote_username'] : '';
            $icon_id = isset($post['icon_id']) ? $post['icon_id'] : 0;
            if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview) {
                // Add the original author as the recipient if quoting a post or only replying and not having checked "reply to all"
                if ($action == 'quotepost' || !$reply_to_all) {
                    $address_list = array('u' => array($post['author_id'] => 'to'));
                } else {
                    // We try to include every previously listed member from the TO Header - Reply to all
                    $address_list = rebuild_header(array('to' => $post['to_address']));
                    // Add the author (if he is already listed then this is no shame (it will be overwritten))
                    $address_list['u'][$post['author_id']] = 'to';
                    // Now, make sure the user itself is not listed. ;)
                    if (isset($address_list['u'][$user->data['user_id']])) {
                        unset($address_list['u'][$user->data['user_id']]);
                    }
                }
            } else {
                if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview) {
                    // Rebuild TO and BCC Header
                    $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address']));
                }
            }
            if ($action == 'quotepost') {
                $check_value = 0;
            } else {
                $check_value = ($post['enable_bbcode'] + 1 << 8) + ($post['enable_smilies'] + 1 << 4) + ($enable_urls + 1 << 2) + ($post['enable_sig'] + 1 << 1);
            }
        }
    } else {
        $message_attachment = 0;
        $message_text = $message_subject = '';
        if ($to_user_id && $to_user_id != ANONYMOUS && $action == 'post') {
            $address_list['u'][$to_user_id] = 'to';
        } else {
            if ($to_group_id && $action == 'post') {
                $address_list['g'][$to_group_id] = 'to';
            }
        }
        $check_value = 0;
    }
    if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group'))) {
        trigger_error('NO_AUTH_GROUP_MESSAGE');
    }
    if ($action == 'edit' && !$refresh && !$preview && !$submit) {
        if (!($message_time > time() - $config['pm_edit_time'] * 60 || !$config['pm_edit_time'])) {
            trigger_error('CANNOT_EDIT_MESSAGE_TIME');
        }
    }
    if ($action == 'post') {
        $template->assign_var('S_NEW_MESSAGE', true);
    }
    if (!isset($icon_id)) {
        $icon_id = 0;
    }
    $message_parser = new parse_message();
    $plupload = $src_container->get('plupload');
    $message_parser->set_plupload($plupload);
    $message_parser->message = $action == 'reply' ? '' : $message_text;
    unset($message_text);
    $s_action = append_sid("{$src_root_path}ucp.{$phpEx}", "i={$id}&amp;mode={$mode}&amp;action={$action}", true, $user->session_id);
    $s_action .= ($folder_id ? "&amp;f={$folder_id}" : '') . ($msg_id ? "&amp;p={$msg_id}" : '');
    // Delete triggered ?
    if ($action == 'delete') {
        // Folder id has been determined by the SQL Statement
        // $folder_id = request_var('f', PRIVMSGS_NO_BOX);
        // Do we need to confirm ?
        if (confirm_box(true)) {
            delete_pm($user->data['user_id'], $msg_id, $folder_id);
            // jump to next message in "history"? nope, not for the moment. But able to be included later.
            $meta_info = append_sid("{$src_root_path}ucp.{$phpEx}", "i=pm&amp;folder={$folder_id}");
            $message = $user->lang['MESSAGE_DELETED'];
            meta_refresh(3, $meta_info);
            $message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>');
            trigger_error($message);
        } else {
            $s_hidden_fields = array('p' => $msg_id, 'f' => $folder_id, 'action' => 'delete');
            // "{$src_root_path}ucp.$phpEx?i=pm&amp;mode=compose"
            confirm_box(false, 'DELETE_MESSAGE', build_hidden_fields($s_hidden_fields));
        }
        redirect(append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm&amp;mode=view&amp;action=view_message&amp;p=' . $msg_id));
    }
    // Get maximum number of allowed recipients
    $sql = 'SELECT MAX(g.group_max_recipients) as max_recipients
		FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
		WHERE ug.user_id = ' . $user->data['user_id'] . '
			AND ug.user_pending = 0
			AND ug.group_id = g.group_id';
    $result = $db->sql_query($sql);
    $max_recipients = (int) $db->sql_fetchfield('max_recipients');
    $db->sql_freeresult($result);
    $max_recipients = !$max_recipients ? $config['pm_max_recipients'] : $max_recipients;
    // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients
    if (($action == 'reply' || $action == 'quote') && $max_recipients && $reply_to_all) {
        // We try to include every previously listed member from the TO Header
        $list = rebuild_header(array('to' => $post['to_address']));
        // Can be an empty array too ;)
        $list = !empty($list['u']) ? $list['u'] : array();
        $list[$post['author_id']] = 'to';
        if (isset($list[$user->data['user_id']])) {
            unset($list[$user->data['user_id']]);
        }
        $max_recipients = $max_recipients < sizeof($list) ? sizeof($list) : $max_recipients;
        unset($list);
    }
    // Handle User/Group adding/removing
    handle_message_list_actions($address_list, $error, $remove_u, $remove_g, $add_to, $add_bcc);
    // Check mass pm to group permission
    if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')) && !empty($address_list['g'])) {
        $address_list = array();
        $error[] = $user->lang['NO_AUTH_GROUP_MESSAGE'];
    }
    // Check mass pm to users permission
    if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')) && num_recipients($address_list) > 1) {
        $address_list = get_recipients($address_list, 1);
        $error[] = $user->lang('TOO_MANY_RECIPIENTS', 1);
    }
    // Check for too many recipients
    if (!empty($address_list['u']) && $max_recipients && sizeof($address_list['u']) > $max_recipients) {
        $address_list = get_recipients($address_list, $max_recipients);
        $error[] = $user->lang('TOO_MANY_RECIPIENTS', $max_recipients);
    }
    // Always check if the submitted attachment data is valid and belongs to the user.
    // Further down (especially in submit_post()) we do not check this again.
    $message_parser->get_submitted_attachment_data();
    if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') {
        // Do not change to SELECT *
        $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize
			FROM ' . ATTACHMENTS_TABLE . "\n\t\t\tWHERE post_msg_id = {$msg_id}\n\t\t\t\tAND in_message = 1\n\t\t\t\tAND is_orphan = 0\n\t\t\tORDER BY filetime DESC";
        $result = $db->sql_query($sql);
        $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
        $db->sql_freeresult($result);
    }
    if (!in_array($action, array('quote', 'edit', 'delete', 'forward'))) {
        $enable_sig = $config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig') && $user->optionget('attachsig');
        $enable_smilies = $config['allow_smilies'] && $auth->acl_get('u_pm_smilies') && $user->optionget('smilies');
        $enable_bbcode = $config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') && $user->optionget('bbcode');
        $enable_urls = true;
    }
    $enable_magic_url = $drafts = false;
    // User own some drafts?
    if ($auth->acl_get('u_savedrafts') && $action != 'delete') {
        $sql = 'SELECT draft_id
			FROM ' . DRAFTS_TABLE . '
			WHERE forum_id = 0
				AND topic_id = 0
				AND user_id = ' . $user->data['user_id'] . ($draft_id ? " AND draft_id <> {$draft_id}" : '');
        $result = $db->sql_query_limit($sql, 1);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if ($row) {
            $drafts = true;
        }
    }
    if ($action == 'edit') {
        $message_parser->bbcode_uid = $bbcode_uid;
    }
    $bbcode_status = $config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode') ? true : false;
    $smilies_status = $config['allow_smilies'] && $config['auth_smilies_pm'] && $auth->acl_get('u_pm_smilies') ? true : false;
    $img_status = $config['auth_img_pm'] && $auth->acl_get('u_pm_img') ? true : false;
    $flash_status = $config['auth_flash_pm'] && $auth->acl_get('u_pm_flash') ? true : false;
    $url_status = $config['allow_post_links'] ? true : false;
    // Save Draft
    if ($save && $auth->acl_get('u_savedrafts')) {
        $subject = utf8_normalize_nfc(request_var('subject', '', true));
        $subject = !$subject && $action != 'post' ? $user->lang['NEW_MESSAGE'] : $subject;
        $message = utf8_normalize_nfc(request_var('message', '', true));
        if ($subject && $message) {
            if (confirm_box(true)) {
                $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $user->data['user_id'], 'topic_id' => 0, 'forum_id' => 0, 'save_time' => $current_time, 'draft_subject' => $subject, 'draft_message' => $message));
                $db->sql_query($sql);
                $redirect_url = append_sid("{$src_root_path}ucp.{$phpEx}", "i=pm&amp;mode={$mode}");
                meta_refresh(3, $redirect_url);
                $message = $user->lang['DRAFT_SAVED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
                trigger_error($message);
            } else {
                $s_hidden_fields = build_hidden_fields(array('mode' => $mode, 'action' => $action, 'save' => true, 'subject' => $subject, 'message' => $message, 'u' => $to_user_id, 'g' => $to_group_id, 'p' => $msg_id));
                $s_hidden_fields .= build_address_field($address_list);
                confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
            }
        } else {
            if (utf8_clean_string($subject) === '') {
                $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
            }
            if (utf8_clean_string($message) === '') {
                $error[] = $user->lang['TOO_FEW_CHARS'];
            }
        }
        unset($subject, $message);
    }
    // Load Draft
    if ($draft_id && $auth->acl_get('u_savedrafts')) {
        $sql = 'SELECT draft_subject, draft_message
			FROM ' . DRAFTS_TABLE . "\n\t\t\tWHERE draft_id = {$draft_id}\n\t\t\t\tAND topic_id = 0\n\t\t\t\tAND forum_id = 0\n\t\t\t\tAND user_id = " . $user->data['user_id'];
        $result = $db->sql_query_limit($sql, 1);
        if ($row = $db->sql_fetchrow($result)) {
            $message_parser->message = $row['draft_message'];
            $message_subject = $row['draft_subject'];
            $template->assign_var('S_DRAFT_LOADED', true);
        } else {
            $draft_id = 0;
        }
        $db->sql_freeresult($result);
    }
    // Load Drafts
    if ($load && $drafts) {
        load_drafts(0, 0, $id, $action, $msg_id);
    }
    if ($submit || $preview || $refresh) {
        if (($submit || $preview) && !check_form_key('ucp_pm_compose')) {
            $error[] = $user->lang['FORM_INVALID'];
        }
        $subject = utf8_normalize_nfc(request_var('subject', '', true));
        $message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
        $icon_id = request_var('icon', 0);
        $enable_bbcode = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true;
        $enable_smilies = !$smilies_status || isset($_POST['disable_smilies']) ? false : true;
        $enable_urls = isset($_POST['disable_magic_url']) ? 0 : 1;
        $enable_sig = !$config['allow_sig'] || !$config['allow_sig_pm'] ? false : (isset($_POST['attach_sig']) ? true : false);
        if ($submit) {
            $status_switch = ($enable_bbcode + 1 << 8) + ($enable_smilies + 1 << 4) + ($enable_urls + 1 << 2) + ($enable_sig + 1 << 1);
            $status_switch = $status_switch != $check_value;
        } else {
            $status_switch = 1;
        }
        // Parse Attachments - before checksum is calculated
        $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
        if (sizeof($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) {
            $error[] = implode('<br />', $message_parser->warn_msg);
            $message_parser->warn_msg = array();
        }
        // Parse message
        $message_parser->parse($enable_bbcode, $config['allow_post_links'] ? $enable_urls : false, $enable_smilies, $img_status, $flash_status, true, $config['allow_post_links']);
        // On a refresh we do not care about message parsing errors
        if (sizeof($message_parser->warn_msg) && !$refresh) {
            $error[] = implode('<br />', $message_parser->warn_msg);
        }
        if ($action != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_ignoreflood')) {
            // Flood check
            $last_post_time = $user->data['user_lastpost_time'];
            if ($last_post_time) {
                if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) {
                    $error[] = $user->lang['FLOOD_ERROR'];
                }
            }
        }
        // Subject defined
        if ($submit) {
            if (utf8_clean_string($subject) === '') {
                $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
            }
            if (!sizeof($address_list)) {
                $error[] = $user->lang['NO_RECIPIENT'];
            }
        }
        // Store message, sync counters
        if (!sizeof($error) && $submit) {
            $pm_data = array('msg_id' => (int) $msg_id, 'from_user_id' => $user->data['user_id'], 'from_user_ip' => $user->ip, 'from_username' => $user->data['username'], 'reply_from_root_level' => isset($post['root_level']) ? (int) $post['root_level'] : 0, 'reply_from_msg_id' => (int) $msg_id, 'icon_id' => (int) $icon_id, 'enable_sig' => (bool) $enable_sig, 'enable_bbcode' => (bool) $enable_bbcode, 'enable_smilies' => (bool) $enable_smilies, 'enable_urls' => (bool) $enable_urls, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'address_list' => $address_list);
            // ((!$message_subject) ? $subject : $message_subject)
            $msg_id = submit_pm($action, $subject, $pm_data);
            $return_message_url = append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm&amp;mode=view&amp;p=' . $msg_id);
            $inbox_folder_url = append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm&amp;folder=inbox');
            $outbox_folder_url = append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm&amp;folder=outbox');
            $folder_url = '';
            if ($folder_id > 0 && isset($user_folders[$folder_id])) {
                $folder_url = append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm&amp;folder=' . $folder_id);
            }
            $return_box_url = $action === 'post' || $action === 'edit' ? $outbox_folder_url : $inbox_folder_url;
            $return_box_lang = $action === 'post' || $action === 'edit' ? 'PM_OUTBOX' : 'PM_INBOX';
            $save_message = $action === 'edit' ? $user->lang['MESSAGE_EDITED'] : $user->lang['MESSAGE_STORED'];
            $message = $save_message . '<br /><br />' . $user->lang('VIEW_PRIVATE_MESSAGE', '<a href="' . $return_message_url . '">', '</a>');
            $last_click_type = 'CLICK_RETURN_FOLDER';
            if ($folder_url) {
                $message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']);
                $last_click_type = 'CLICK_GOTO_FOLDER';
            }
            $message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]);
            meta_refresh(3, $return_message_url);
            trigger_error($message);
        }
        $message_subject = $subject;
    }
    // Preview
    if (!sizeof($error) && $preview) {
        $preview_message = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false);
        $preview_signature = $user->data['user_sig'];
        $preview_signature_uid = $user->data['user_sig_bbcode_uid'];
        $preview_signature_bitfield = $user->data['user_sig_bbcode_bitfield'];
        // Signature
        if ($enable_sig && $config['allow_sig'] && $preview_signature) {
            $parse_sig = new parse_message($preview_signature);
            $parse_sig->bbcode_uid = $preview_signature_uid;
            $parse_sig->bbcode_bitfield = $preview_signature_bitfield;
            $parse_sig->format_display($config['allow_sig_bbcode'], $config['allow_sig_links'], $config['allow_sig_smilies']);
            $preview_signature = $parse_sig->message;
            unset($parse_sig);
        } else {
            $preview_signature = '';
        }
        // Attachment Preview
        if (sizeof($message_parser->attachment_data)) {
            $template->assign_var('S_HAS_ATTACHMENTS', true);
            $update_count = array();
            $attachment_data = $message_parser->attachment_data;
            parse_attachments(false, $preview_message, $attachment_data, $update_count, true);
            foreach ($attachment_data as $i => $attachment) {
                $template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $attachment));
            }
            unset($attachment_data);
        }
        $preview_subject = censor_text($subject);
        if (!sizeof($error)) {
            $template->assign_vars(array('PREVIEW_SUBJECT' => $preview_subject, 'PREVIEW_MESSAGE' => $preview_message, 'PREVIEW_SIGNATURE' => $preview_signature, 'S_DISPLAY_PREVIEW' => true));
        }
        unset($message_text);
    }
    // Decode text for message display
    $bbcode_uid = ($action == 'quote' || $action == 'forward') && !$preview && !$refresh && (!sizeof($error) || sizeof($error) && !$submit) ? $bbcode_uid : $message_parser->bbcode_uid;
    $message_parser->decode_message($bbcode_uid);
    if (($action == 'quote' || $action == 'quotepost') && !$preview && !$refresh && !$submit) {
        if ($action == 'quotepost') {
            $post_id = request_var('p', 0);
            if ($config['allow_post_links']) {
                $message_link = "[url=" . generate_srcrd_url() . "/viewtopic.{$phpEx}?p={$post_id}#p{$post_id}]{$user->lang['SUBJECT']}{$user->lang['COLON']} {$message_subject}[/url]\n\n";
            } else {
                $message_link = $user->lang['SUBJECT'] . $user->lang['COLON'] . ' ' . $message_subject . " (" . generate_srcrd_url() . "/viewtopic.{$phpEx}?p={$post_id}#p{$post_id})\n\n";
            }
        } else {
            $message_link = '';
        }
        $message_parser->message = $message_link . '[quote=&quot;' . $quote_username . '&quot;]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
    }
    if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) {
        $message_subject = (!preg_match('/^Re:/', $message_subject) ? 'Re: ' : '') . censor_text($message_subject);
    }
    if ($action == 'forward' && !$preview && !$refresh && !$submit) {
        $fwd_to_field = write_pm_addresses(array('to' => $post['to_address']), 0, true);
        if ($config['allow_post_links']) {
            $quote_username_text = '[url=' . generate_srcrd_url() . "/memberlist.{$phpEx}?mode=viewprofile&amp;u={$post['author_id']}]{$quote_username}[/url]";
        } else {
            $quote_username_text = $quote_username . ' (' . generate_srcrd_url() . "/memberlist.{$phpEx}?mode=viewprofile&amp;u={$post['author_id']})";
        }
        $forward_text = array();
        $forward_text[] = $user->lang['FWD_ORIGINAL_MESSAGE'];
        $forward_text[] = sprintf($user->lang['FWD_SUBJECT'], censor_text($message_subject));
        $forward_text[] = sprintf($user->lang['FWD_DATE'], $user->format_date($message_time, false, true));
        $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text);
        $forward_text[] = sprintf($user->lang['FWD_TO'], implode($user->lang['COMMA_SEPARATOR'], $fwd_to_field['to']));
        $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=&quot;{$quote_username}&quot;]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]";
        $message_subject = (!preg_match('/^Fwd:/', $message_subject) ? 'Fwd: ' : '') . censor_text($message_subject);
    }
    $attachment_data = $message_parser->attachment_data;
    $filename_data = $message_parser->filename_data;
    $message_text = $message_parser->message;
    // MAIN PM PAGE BEGINS HERE
    // Generate smiley listing
    generate_smilies('inline', 0);
    // Generate PM Icons
    $s_pm_icons = false;
    if ($config['enable_pm_icons']) {
        $s_pm_icons = posting_gen_topic_icons($action, $icon_id);
    }
    // Generate inline attachment select box
    posting_gen_inline_attachments($attachment_data);
    // Build address list for display
    // array('u' => array($author_id => 'to'));
    if (sizeof($address_list)) {
        // Get Usernames and Group Names
        $result = array();
        if (!empty($address_list['u'])) {
            $sql = 'SELECT user_id as id, username as name, user_colour as colour
				FROM ' . USERS_TABLE . '
				WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($address_list['u']))) . '
				ORDER BY username_clean ASC';
            $result['u'] = $db->sql_query($sql);
        }
        if (!empty($address_list['g'])) {
            $sql = 'SELECT g.group_id AS id, g.group_name AS name, g.group_colour AS colour, g.group_type
				FROM ' . GROUPS_TABLE . ' g';
            if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) {
                $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug
					ON (
						g.group_id = ug.group_id
						AND ug.user_id = ' . $user->data['user_id'] . '
						AND ug.user_pending = 0
					)
					WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')';
            }
            $sql .= $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? ' WHERE ' : ' AND ';
            $sql .= 'g.group_receive_pm = 1
				AND ' . $db->sql_in_set('g.group_id', array_map('intval', array_keys($address_list['g']))) . '
				ORDER BY g.group_name ASC';
            $result['g'] = $db->sql_query($sql);
        }
        $u = $g = array();
        $_types = array('u', 'g');
        foreach ($_types as $type) {
            if (isset($result[$type]) && $result[$type]) {
                while ($row = $db->sql_fetchrow($result[$type])) {
                    if ($type == 'g') {
                        $row['name'] = $row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['name']] : $row['name'];
                    }
                    ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']);
                }
                $db->sql_freeresult($result[$type]);
            }
        }
        // Now Build the address list
        $plain_address_field = '';
        foreach ($address_list as $type => $adr_ary) {
            foreach ($adr_ary as $id => $field) {
                if (!isset(${$type}[$id])) {
                    unset($address_list[$type][$id]);
                    continue;
                }
                $field = $field == 'to' ? 'to' : 'bcc';
                $type = $type == 'u' ? 'u' : 'g';
                $id = (int) $id;
                $tpl_ary = array('IS_GROUP' => $type == 'g' ? true : false, 'IS_USER' => $type == 'u' ? true : false, 'UG_ID' => $id, 'NAME' => ${$type}[$id]['name'], 'COLOUR' => ${$type}[$id]['colour'] ? '#' . ${$type}[$id]['colour'] : '', 'TYPE' => $type);
                if ($type == 'u') {
                    $tpl_ary = array_merge($tpl_ary, array('U_VIEW' => get_username_string('profile', $id, ${$type}[$id]['name'], ${$type}[$id]['colour']), 'NAME_FULL' => get_username_string('full', $id, ${$type}[$id]['name'], ${$type}[$id]['colour'])));
                } else {
                    $tpl_ary = array_merge($tpl_ary, array('U_VIEW' => append_sid("{$src_root_path}memberlist.{$phpEx}", 'mode=group&amp;g=' . $id)));
                }
                $template->assign_block_vars($field . '_recipient', $tpl_ary);
            }
        }
    }
    // Build hidden address list
    $s_hidden_address_field = build_address_field($address_list);
    $bbcode_checked = isset($enable_bbcode) ? !$enable_bbcode : ($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') ? !$user->optionget('bbcode') : 1);
    $smilies_checked = isset($enable_smilies) ? !$enable_smilies : ($config['allow_smilies'] && $auth->acl_get('u_pm_smilies') ? !$user->optionget('smilies') : 1);
    $urls_checked = isset($enable_urls) ? !$enable_urls : 0;
    $sig_checked = $enable_sig;
    switch ($action) {
        case 'post':
            $page_title = $user->lang['POST_NEW_PM'];
            break;
        case 'quote':
            $page_title = $user->lang['POST_QUOTE_PM'];
            break;
        case 'quotepost':
            $page_title = $user->lang['POST_PM_POST'];
            break;
        case 'reply':
            $page_title = $user->lang['POST_REPLY_PM'];
            break;
        case 'edit':
            $page_title = $user->lang['POST_EDIT_PM'];
            break;
        case 'forward':
            $page_title = $user->lang['POST_FORWARD_PM'];
            break;
        default:
            trigger_error('NO_ACTION_MODE', E_USER_ERROR);
            break;
    }
    $s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
    $s_hidden_fields .= isset($check_value) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : '';
    $s_hidden_fields .= $draft_id || isset($_REQUEST['draft_loaded']) ? '<input type="hidden" name="draft_loaded" value="' . (isset($_REQUEST['draft_loaded']) ? $request->variable('draft_loaded', 0) : $draft_id) . '" />' : '';
    $form_enctype = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach') ? '' : ' enctype="multipart/form-data"';
    // Start assigning vars for main posting page ...
    $template->assign_vars(array('L_POST_A' => $page_title, 'L_ICON' => $user->lang['PM_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']), 'SUBJECT' => isset($message_subject) ? $message_subject : '', 'MESSAGE' => $message_text, 'BBCODE_STATUS' => $bbcode_status ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$src_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$src_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => $img_status ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => $url_status ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']), 'ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'MAX_RECIPIENTS' => $config['allow_mass_pm'] && ($auth->acl_get('u_masspm') || $auth->acl_get('u_masspm_group')) ? $max_recipients : 0, 'S_COMPOSE_PM' => true, 'S_EDIT_POST' => $action == 'edit', 'S_SHOW_PM_ICONS' => $s_pm_icons, 'S_BBCODE_ALLOWED' => $bbcode_status ? 1 : 0, 'S_BBCODE_CHECKED' => $bbcode_checked ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => $smilies_checked ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => $config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig'), 'S_SIGNATURE_CHECKED' => $sig_checked ? ' checked="checked"' : '', 'S_LINKS_ALLOWED' => $url_status, 'S_MAGIC_URL_CHECKED' => $urls_checked ? ' checked="checked"' : '', 'S_SAVE_ALLOWED' => $auth->acl_get('u_savedrafts') && $action != 'edit' ? true : false, 'S_HAS_DRAFTS' => $auth->acl_get('u_savedrafts') && $drafts, 'S_FORM_ENCTYPE' => $form_enctype, 'S_ATTACH_DATA' => json_encode($message_parser->attachment_data), 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => true, 'S_BBCODE_URL' => $url_status, 'S_POST_ACTION' => $s_action, 'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']), 'U_PROGRESS_BAR' => append_sid("{$src_root_path}posting.{$phpEx}", 'f=0&amp;mode=popup'), 'UA_PROGRESS_BAR' => addslashes(append_sid("{$src_root_path}posting.{$phpEx}", 'f=0&amp;mode=popup'))));
    // Build custom bbcodes array
    display_custom_bbcodes();
    // Show attachment box for adding attachments if true
    $allowed = $auth->acl_get('u_pm_attach') && $config['allow_pm_attach'] && $form_enctype;
    if ($allowed) {
        $max_files = $auth->acl_gets('a_', 'm_') ? 0 : (int) $config['max_attachments_pm'];
        $plupload->configure($cache, $template, $s_action, false, $max_files);
    }
    // Attachment entry
    posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);
    // Message History
    if ($action == 'reply' || $action == 'quote' || $action == 'forward') {
        if (message_history($msg_id, $user->data['user_id'], $post, array(), true)) {
            $template->assign_var('S_DISPLAY_HISTORY', true);
        }
    }
}
Ejemplo n.º 26
0
 /**
  * Get email template variables
  *
  * @return array
  */
 public function get_email_template_variables()
 {
     $user_data = $this->user_loader->get_user($this->get_data('from_user_id'));
     return array('AUTHOR_NAME' => htmlspecialchars_decode($user_data['username']), 'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))), 'U_VIEW_MESSAGE' => generate_srcrd_url() . '/ucp.' . $this->php_ext . "?i=pm&mode=view&p={$this->item_id}");
 }
Ejemplo n.º 27
0
 /**
  * Parse Message
  */
 function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $update_this_message = true, $mode = 'post')
 {
     global $config, $db, $user, $src_dispatcher;
     $this->mode = $mode;
     foreach (array('chars', 'smilies', 'urls', 'font_size', 'img_height', 'img_width') as $key) {
         if (!isset($config['max_' . $mode . '_' . $key])) {
             $config['max_' . $mode . '_' . $key] = 0;
         }
     }
     $this->allow_img_bbcode = $allow_img_bbcode;
     $this->allow_flash_bbcode = $allow_flash_bbcode;
     $this->allow_quote_bbcode = $allow_quote_bbcode;
     $this->allow_url_bbcode = $allow_url_bbcode;
     // If false, then $this->message won't be altered, the text will be returned instead.
     if (!$update_this_message) {
         $tmp_message = $this->message;
         $return_message =& $this->message;
     }
     if ($this->message_status == 'display') {
         $this->decode_message();
     }
     // Do some general 'cleanup' first before processing message,
     // e.g. remove excessive newlines(?), smilies(?)
     $match = array('#(script|about|applet|activex|chrome):#i');
     $replace = array("\\1&#058;");
     $this->message = preg_replace($match, $replace, trim($this->message));
     // Store message length...
     $message_length = $mode == 'post' ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\\[\\/?[a-z\\*\\+\\-]+(=[\\S]+)?\\]#ius', ' ', $this->message));
     // Maximum message length check. 0 disables this check completely.
     if ((int) $config['max_' . $mode . '_chars'] > 0 && $message_length > (int) $config['max_' . $mode . '_chars']) {
         $this->warn_msg[] = $user->lang('CHARS_' . strtoupper($mode) . '_CONTAINS', $message_length) . '<br />' . $user->lang('TOO_MANY_CHARS_LIMIT', (int) $config['max_' . $mode . '_chars']);
         return !$update_this_message ? $return_message : $this->warn_msg;
     }
     // Minimum message length check for post only
     if ($mode === 'post') {
         if (!$message_length || $message_length < (int) $config['min_post_chars']) {
             $this->warn_msg[] = !$message_length ? $user->lang['TOO_FEW_CHARS'] : $user->lang('CHARS_POST_CONTAINS', $message_length) . '<br />' . $user->lang('TOO_FEW_CHARS_LIMIT', (int) $config['min_post_chars']);
             return !$update_this_message ? $return_message : $this->warn_msg;
         }
     }
     /**
      * This event can be used for additional message checks/cleanup before parsing
      *
      * @event core.message_parser_check_message
      * @var bool		allow_bbcode			Do we allow BBCodes
      * @var bool		allow_magic_url			Do we allow magic urls
      * @var bool		allow_smilies			Do we allow smilies
      * @var bool		allow_img_bbcode		Do we allow image BBCode
      * @var bool		allow_flash_bbcode		Do we allow flash BBCode
      * @var bool		allow_quote_bbcode		Do we allow quote BBCode
      * @var bool		allow_url_bbcode		Do we allow url BBCode
      * @var bool		update_this_message		Do we alter the parsed message
      * @var string	mode					Posting mode
      * @var string	message					The message text to parse
      * @var string	bbcode_bitfield			The bbcode_bitfield before parsing
      * @var string	bbcode_uid				The bbcode_uid before parsing
      * @var bool		return					Do we return after the event is triggered if $warn_msg is not empty
      * @var array	warn_msg				Array of the warning messages
      * @since 3.1.2-RC1
      * @change 3.1.3-RC1 Added vars $bbcode_bitfield and $bbcode_uid
      */
     $message = $this->message;
     $warn_msg = $this->warn_msg;
     $return = false;
     $bbcode_bitfield = $this->bbcode_bitfield;
     $bbcode_uid = $this->bbcode_uid;
     $vars = array('allow_bbcode', 'allow_magic_url', 'allow_smilies', 'allow_img_bbcode', 'allow_flash_bbcode', 'allow_quote_bbcode', 'allow_url_bbcode', 'update_this_message', 'mode', 'message', 'bbcode_bitfield', 'bbcode_uid', 'return', 'warn_msg');
     extract($src_dispatcher->trigger_event('core.message_parser_check_message', compact($vars)));
     $this->message = $message;
     $this->warn_msg = $warn_msg;
     $this->bbcode_bitfield = $bbcode_bitfield;
     $this->bbcode_uid = $bbcode_uid;
     if ($return && !empty($this->warn_msg)) {
         return !$update_this_message ? $return_message : $this->warn_msg;
     }
     // Prepare BBcode (just prepares some tags for better parsing)
     if ($allow_bbcode && strpos($this->message, '[') !== false) {
         $this->bbcode_init();
         $disallow = array('img', 'flash', 'quote', 'url');
         foreach ($disallow as $bool) {
             if (!${'allow_' . $bool . '_bbcode'}) {
                 $this->bbcodes[$bool]['disabled'] = true;
             }
         }
         $this->prepare_bbcodes();
     }
     // Parse smilies
     if ($allow_smilies) {
         $this->smilies($config['max_' . $mode . '_smilies']);
     }
     $num_urls = 0;
     // Parse BBCode
     if ($allow_bbcode && strpos($this->message, '[') !== false) {
         $this->parse_bbcode();
         $num_urls += $this->parsed_items['url'];
     }
     // Parse URL's
     if ($allow_magic_url) {
         $this->magic_url(generate_srcrd_url());
         if ($config['max_' . $mode . '_urls']) {
             $num_urls += preg_match_all('#\\<!-- ([lmwe]) --\\>.*?\\<!-- \\1 --\\>#', $this->message, $matches);
         }
     }
     // Check for out-of-bounds characters that are currently
     // not supported by utf8_bin in MySQL
     if (preg_match_all('/[\\x{10000}-\\x{10FFFF}]/u', $this->message, $matches)) {
         $character_list = implode('<br />', $matches[0]);
         $this->warn_msg[] = $user->lang('UNSUPPORTED_CHARACTERS_MESSAGE', $character_list);
         return $update_this_message ? $this->warn_msg : $return_message;
     }
     // Check for "empty" message. We do not check here for maximum length, because bbcode, smilies, etc. can add to the length.
     // The maximum length check happened before any parsings.
     if ($mode === 'post' && utf8_clean_string($this->message) === '') {
         $this->warn_msg[] = $user->lang['TOO_FEW_CHARS'];
         return !$update_this_message ? $return_message : $this->warn_msg;
     }
     // Check number of links
     if ($config['max_' . $mode . '_urls'] && $num_urls > $config['max_' . $mode . '_urls']) {
         $this->warn_msg[] = sprintf($user->lang['TOO_MANY_URLS'], $config['max_' . $mode . '_urls']);
         return !$update_this_message ? $return_message : $this->warn_msg;
     }
     if (!$update_this_message) {
         unset($this->message);
         $this->message = $tmp_message;
         return $return_message;
     }
     $this->message_status = 'parsed';
     return false;
 }
Ejemplo n.º 28
0
/**
* General attachment parsing
*
* @param mixed $forum_id The forum id the attachments are displayed in (false if in private message)
* @param string &$message The post/private message
* @param array &$attachments The attachments to parse for (inline) display. The attachments array will hold templated data after parsing.
* @param array &$update_count The attachment counts to be updated - will be filled
* @param bool $preview If set to true the attachments are parsed for preview. Within preview mode the comments are fetched from the given $attachments array and not fetched from the database.
*/
function parse_attachments($forum_id, &$message, &$attachments, &$update_count, $preview = false)
{
    if (!sizeof($attachments)) {
        return;
    }
    global $template, $cache, $user, $src_dispatcher;
    global $extensions, $config, $src_root_path, $phpEx;
    //
    $compiled_attachments = array();
    if (!isset($template->filename['attachment_tpl'])) {
        $template->set_filenames(array('attachment_tpl' => 'attachment.html'));
    }
    if (empty($extensions) || !is_array($extensions)) {
        $extensions = $cache->obtain_attach_extensions($forum_id);
    }
    // Look for missing attachment information...
    $attach_ids = array();
    foreach ($attachments as $pos => $attachment) {
        // If is_orphan is set, we need to retrieve the attachments again...
        if (!isset($attachment['extension']) && !isset($attachment['physical_filename'])) {
            $attach_ids[(int) $attachment['attach_id']] = $pos;
        }
    }
    // Grab attachments (security precaution)
    if (sizeof($attach_ids)) {
        global $db;
        $new_attachment_data = array();
        $sql = 'SELECT *
			FROM ' . ATTACHMENTS_TABLE . '
			WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids));
        $result = $db->sql_query($sql);
        while ($row = $db->sql_fetchrow($result)) {
            if (!isset($attach_ids[$row['attach_id']])) {
                continue;
            }
            // If we preview attachments we will set some retrieved values here
            if ($preview) {
                $row['attach_comment'] = $attachments[$attach_ids[$row['attach_id']]]['attach_comment'];
            }
            $new_attachment_data[$attach_ids[$row['attach_id']]] = $row;
        }
        $db->sql_freeresult($result);
        $attachments = $new_attachment_data;
        unset($new_attachment_data);
    }
    // Sort correctly
    if ($config['display_order']) {
        // Ascending sort
        krsort($attachments);
    } else {
        // Descending sort
        ksort($attachments);
    }
    foreach ($attachments as $attachment) {
        if (!sizeof($attachment)) {
            continue;
        }
        // We need to reset/empty the _file block var, because this function might be called more than once
        $template->destroy_block_vars('_file');
        $block_array = array();
        // Some basics...
        $attachment['extension'] = strtolower(trim($attachment['extension']));
        $filename = $src_root_path . $config['upload_path'] . '/' . utf8_basename($attachment['physical_filename']);
        $thumbnail_filename = $src_root_path . $config['upload_path'] . '/thumb_' . utf8_basename($attachment['physical_filename']);
        $upload_icon = '';
        if (isset($extensions[$attachment['extension']])) {
            if ($user->img('icon_topic_attach', '') && !$extensions[$attachment['extension']]['upload_icon']) {
                $upload_icon = $user->img('icon_topic_attach', '');
            } else {
                if ($extensions[$attachment['extension']]['upload_icon']) {
                    $upload_icon = '<img src="' . $src_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />';
                }
            }
        }
        $filesize = get_formatted_filesize($attachment['filesize'], false);
        $comment = bbcode_nl2br(censor_text($attachment['attach_comment']));
        $block_array += array('UPLOAD_ICON' => $upload_icon, 'FILESIZE' => $filesize['value'], 'SIZE_LANG' => $filesize['unit'], 'DOWNLOAD_NAME' => utf8_basename($attachment['real_filename']), 'COMMENT' => $comment);
        $denied = false;
        if (!extension_allowed($forum_id, $attachment['extension'], $extensions)) {
            $denied = true;
            $block_array += array('S_DENIED' => true, 'DENIED_MESSAGE' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
        }
        if (!$denied) {
            $l_downloaded_viewed = $download_link = '';
            $display_cat = $extensions[$attachment['extension']]['display_cat'];
            if ($display_cat == ATTACHMENT_CATEGORY_IMAGE) {
                if ($attachment['thumbnail']) {
                    $display_cat = ATTACHMENT_CATEGORY_THUMB;
                } else {
                    if ($config['img_display_inlined']) {
                        if ($config['img_link_width'] || $config['img_link_height']) {
                            $dimension = @getimagesize($filename);
                            // If the dimensions could not be determined or the image being 0x0 we display it as a link for safety purposes
                            if ($dimension === false || empty($dimension[0]) || empty($dimension[1])) {
                                $display_cat = ATTACHMENT_CATEGORY_NONE;
                            } else {
                                $display_cat = $dimension[0] <= $config['img_link_width'] && $dimension[1] <= $config['img_link_height'] ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE;
                            }
                        }
                    } else {
                        $display_cat = ATTACHMENT_CATEGORY_NONE;
                    }
                }
            }
            // Make some descisions based on user options being set.
            if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg')) {
                $display_cat = ATTACHMENT_CATEGORY_NONE;
            }
            if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash')) {
                $display_cat = ATTACHMENT_CATEGORY_NONE;
            }
            $download_link = append_sid("{$src_root_path}download/file.{$phpEx}", 'id=' . $attachment['attach_id']);
            $l_downloaded_viewed = 'VIEWED_COUNTS';
            switch ($display_cat) {
                // Images
                case ATTACHMENT_CATEGORY_IMAGE:
                    $inline_link = append_sid("{$src_root_path}download/file.{$phpEx}", 'id=' . $attachment['attach_id']);
                    $download_link .= '&amp;mode=view';
                    $block_array += array('S_IMAGE' => true, 'U_INLINE_LINK' => $inline_link);
                    $update_count[] = $attachment['attach_id'];
                    break;
                    // Images, but display Thumbnail
                // Images, but display Thumbnail
                case ATTACHMENT_CATEGORY_THUMB:
                    $thumbnail_link = append_sid("{$src_root_path}download/file.{$phpEx}", 'id=' . $attachment['attach_id'] . '&amp;t=1');
                    $download_link .= '&amp;mode=view';
                    $block_array += array('S_THUMBNAIL' => true, 'THUMB_IMAGE' => $thumbnail_link);
                    $update_count[] = $attachment['attach_id'];
                    break;
                    // Windows Media Streams
                // Windows Media Streams
                case ATTACHMENT_CATEGORY_WM:
                    // Giving the filename directly because within the wm object all variables are in local context making it impossible
                    // to validate against a valid session (all params can differ)
                    // $download_link = $filename;
                    $block_array += array('U_FORUM' => generate_srcrd_url(), 'ATTACH_ID' => $attachment['attach_id'], 'S_WM_FILE' => true);
                    // Viewed/Heared File ... update the download count
                    $update_count[] = $attachment['attach_id'];
                    break;
                    // Real Media Streams
                // Real Media Streams
                case ATTACHMENT_CATEGORY_RM:
                case ATTACHMENT_CATEGORY_QUICKTIME:
                    $block_array += array('S_RM_FILE' => $display_cat == ATTACHMENT_CATEGORY_RM ? true : false, 'S_QUICKTIME_FILE' => $display_cat == ATTACHMENT_CATEGORY_QUICKTIME ? true : false, 'U_FORUM' => generate_srcrd_url(), 'ATTACH_ID' => $attachment['attach_id']);
                    // Viewed/Heared File ... update the download count
                    $update_count[] = $attachment['attach_id'];
                    break;
                    // Macromedia Flash Files
                // Macromedia Flash Files
                case ATTACHMENT_CATEGORY_FLASH:
                    list($width, $height) = @getimagesize($filename);
                    $block_array += array('S_FLASH_FILE' => true, 'WIDTH' => $width, 'HEIGHT' => $height, 'U_VIEW_LINK' => $download_link . '&amp;view=1');
                    // Viewed/Heared File ... update the download count
                    $update_count[] = $attachment['attach_id'];
                    break;
                default:
                    $l_downloaded_viewed = 'DOWNLOAD_COUNTS';
                    $block_array += array('S_FILE' => true);
                    break;
            }
            if (!isset($attachment['download_count'])) {
                $attachment['download_count'] = 0;
            }
            $block_array += array('U_DOWNLOAD_LINK' => $download_link, 'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $attachment['download_count']));
        }
        /**
         * Use this event to modify the attachment template data.
         *
         * This event is triggered once per attachment.
         *
         * @event core.parse_attachments_modify_template_data
         * @var array	attachment		Array with attachment data
         * @var array	block_array		Template data of the attachment
         * @var int		display_cat		Attachment category data
         * @var string	download_link	Attachment download link
         * @var array	extensions		Array with attachment extensions data
         * @var mixed 	forum_id 		The forum id the attachments are displayed in (false if in private message)
         * @var bool		preview			Flag indicating if we are in post preview mode
         * @var array	update_count	Array with attachment ids to update download count
         * @since 3.1.0-RC5
         */
        $vars = array('attachment', 'block_array', 'display_cat', 'download_link', 'extensions', 'forum_id', 'preview', 'update_count');
        extract($src_dispatcher->trigger_event('core.parse_attachments_modify_template_data', compact($vars)));
        $template->assign_block_vars('_file', $block_array);
        $compiled_attachments[] = $template->assign_display('attachment_tpl');
    }
    $attachments = $compiled_attachments;
    unset($compiled_attachments);
    $tpl_size = sizeof($attachments);
    $unset_tpl = array();
    preg_match_all('#<!\\-\\- ia([0-9]+) \\-\\->(.*?)<!\\-\\- ia\\1 \\-\\->#', $message, $matches, PREG_PATTERN_ORDER);
    $replace = array();
    foreach ($matches[0] as $num => $capture) {
        // Flip index if we are displaying the reverse way
        $index = $config['display_order'] ? $tpl_size - ($matches[1][$num] + 1) : $matches[1][$num];
        $replace['from'][] = $matches[0][$num];
        $replace['to'][] = isset($attachments[$index]) ? $attachments[$index] : sprintf($user->lang['MISSING_INLINE_ATTACHMENT'], $matches[2][array_search($index, $matches[1])]);
        $unset_tpl[] = $index;
    }
    if (isset($replace['from'])) {
        $message = str_replace($replace['from'], $replace['to'], $message);
    }
    $unset_tpl = array_unique($unset_tpl);
    // Needed to let not display the inlined attachments at the end of the post again
    foreach ($unset_tpl as $index) {
        unset($attachments[$index]);
    }
}
Ejemplo n.º 29
0
 /**
  * {@inheritdoc}
  */
 public function get_data($row)
 {
     $root_path = defined('src_USE_srcRD_URL_PATH') && src_USE_srcRD_URL_PATH ? generate_srcrd_url() . '/' : $this->path_helper->get_web_root_path();
     return array('src' => $root_path . $this->config['avatar_gallery_path'] . '/' . $row['avatar'], 'width' => $row['avatar_width'], 'height' => $row['avatar_height']);
 }
Ejemplo n.º 30
0
 /**
  * Return email header
  */
 function build_header($to, $cc, $bcc)
 {
     global $config;
     // We could use keys here, but we won't do this for 3.0.x to retain backwards compatibility
     $headers = array();
     $headers[] = 'From: ' . $this->from;
     if ($cc) {
         $headers[] = 'Cc: ' . $cc;
     }
     if ($bcc) {
         $headers[] = 'Bcc: ' . $bcc;
     }
     $headers[] = 'Reply-To: ' . $this->replyto;
     $headers[] = 'Return-Path: <' . $config['srcrd_email'] . '>';
     $headers[] = 'Sender: <' . $config['srcrd_email'] . '>';
     $headers[] = 'MIME-Version: 1.0';
     $headers[] = 'Message-ID: <' . $this->generate_message_id() . '>';
     $headers[] = 'Date: ' . date('r', time());
     $headers[] = 'Content-Type: text/plain; charset=UTF-8';
     // format=flowed
     $headers[] = 'Content-Transfer-Encoding: 8bit';
     // 7bit
     $headers[] = 'X-Priority: ' . $this->mail_priority;
     $headers[] = 'X-MSMail-Priority: ' . ($this->mail_priority == MAIL_LOW_PRIORITY ? 'Low' : ($this->mail_priority == MAIL_NORMAL_PRIORITY ? 'Normal' : 'High'));
     $headers[] = 'X-Mailer: src3';
     $headers[] = 'X-MimeOLE: src3';
     $headers[] = 'X-src-Origin: src://' . str_replace(array('http://', 'https://'), array('', ''), generate_srcrd_url());
     if (sizeof($this->extra_headers)) {
         $headers = array_merge($headers, $this->extra_headers);
     }
     return $headers;
 }