/**
* @param array $view
*
* @return string
*/
function build_users_view($view)
{
global $mybb, $db, $cache, $lang, $user_view_fields, $page;
$view_title = '';
if ($view['title']) {
$title_string = "view_title_{$view['vid']}";
if ($lang->{$title_string}) {
$view['title'] = $lang->{$title_string};
}
$view_title .= " (" . htmlspecialchars_uni($view['title']) . ")";
}
// Build the URL to this view
if (!isset($view['url'])) {
$view['url'] = "index.php?module=user-users";
}
if (!is_array($view['conditions'])) {
$view['conditions'] = my_unserialize($view['conditions']);
}
if (!is_array($view['fields'])) {
$view['fields'] = my_unserialize($view['fields']);
}
if (!is_array($view['custom_profile_fields'])) {
$view['custom_profile_fields'] = my_unserialize($view['custom_profile_fields']);
}
if (isset($mybb->input['username'])) {
$view['conditions']['username'] = $mybb->input['username'];
}
if ($view['vid']) {
$view['url'] .= "&vid={$view['vid']}";
} else {
// If this is a custom view we need to save everything ready to pass it on from page to page
global $admin_session;
if (!$mybb->input['search_id']) {
$search_id = md5(random_str());
$admin_session['data']['user_views'][$search_id] = $view;
update_admin_session('user_views', $admin_session['data']['user_views']);
$mybb->input['search_id'] = $search_id;
}
$view['url'] .= "&search_id=" . htmlspecialchars_uni($mybb->input['search_id']);
}
if (isset($mybb->input['username'])) {
$view['url'] .= "&username="******"&", "&", $view['url'])) {
update_admin_session('last_users_url', str_replace("&", "&", $view['url']));
}
if (isset($view['conditions']['referrer'])) {
$view['url'] .= "&action=referrers&uid=" . htmlspecialchars_uni($view['conditions']['referrer']);
}
// Do we not have any views?
if (empty($view)) {
return false;
}
$table = new Table();
// Build header for table based view
if ($view['view_type'] != "card") {
foreach ($view['fields'] as $field) {
if (!$user_view_fields[$field]) {
continue;
}
$view_field = $user_view_fields[$field];
$field_options = array();
if ($view_field['width']) {
$field_options['width'] = $view_field['width'];
}
if ($view_field['align']) {
$field_options['class'] = "align_" . $view_field['align'];
}
$table->construct_header($view_field['title'], $field_options);
}
$table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />");
// Create a header for the "select" boxes
}
$search_sql = '1=1';
// Build the search SQL for users
// List of valid LIKE search fields
$user_like_fields = array("username", "email", "website", "icq", "aim", "yahoo", "skype", "google", "signature", "usertitle");
foreach ($user_like_fields as $search_field) {
if (!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field . '_blank']) {
$search_sql .= " AND u.{$search_field} LIKE '%" . $db->escape_string_like($view['conditions'][$search_field]) . "%'";
} else {
if (!empty($view['conditions'][$search_field . '_blank'])) {
$search_sql .= " AND u.{$search_field} != ''";
}
}
}
// EXACT matching fields
$user_exact_fields = array("referrer");
foreach ($user_exact_fields as $search_field) {
if (!empty($view['conditions'][$search_field])) {
$search_sql .= " AND u.{$search_field}='" . $db->escape_string($view['conditions'][$search_field]) . "'";
}
}
// LESS THAN or GREATER THAN
$direction_fields = array("postnum", "threadnum");
foreach ($direction_fields as $search_field) {
$direction_field = $search_field . "_dir";
if (isset($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field]) {
switch ($view['conditions'][$direction_field]) {
case "greater_than":
$direction = ">";
break;
case "less_than":
$direction = "<";
break;
default:
$direction = "=";
}
$search_sql .= " AND u.{$search_field}{$direction}'" . $db->escape_string($view['conditions'][$search_field]) . "'";
}
}
// Registration searching
$reg_fields = array("regdate");
foreach ($reg_fields as $search_field) {
if (!empty($view['conditions'][$search_field]) && (int) $view['conditions'][$search_field]) {
$threshold = TIME_NOW - (int) $view['conditions'][$search_field] * 24 * 60 * 60;
$search_sql .= " AND u.{$search_field} >= '{$threshold}'";
}
}
// IP searching
$ip_fields = array("regip", "lastip");
foreach ($ip_fields as $search_field) {
if (!empty($view['conditions'][$search_field])) {
$ip_range = fetch_ip_range($view['conditions'][$search_field]);
if (!is_array($ip_range)) {
$ip_sql = "{$search_field}=" . $db->escape_binary($ip_range);
} else {
$ip_sql = "{$search_field} BETWEEN " . $db->escape_binary($ip_range[0]) . " AND " . $db->escape_binary($ip_range[1]);
}
$search_sql .= " AND {$ip_sql}";
}
}
// Post IP searching
if (!empty($view['conditions']['postip'])) {
$ip_range = fetch_ip_range($view['conditions']['postip']);
if (!is_array($ip_range)) {
$ip_sql = "ipaddress=" . $db->escape_binary($ip_range);
} else {
$ip_sql = "ipaddress BETWEEN " . $db->escape_binary($ip_range[0]) . " AND " . $db->escape_binary($ip_range[1]);
}
$ip_uids = array(0);
$query = $db->simple_select("posts", "uid", $ip_sql);
while ($uid = $db->fetch_field($query, "uid")) {
$ip_uids[] = $uid;
}
$search_sql .= " AND u.uid IN(" . implode(',', $ip_uids) . ")";
unset($ip_uids);
}
// Custom Profile Field searching
if ($view['custom_profile_fields']) {
$userfield_sql = '1=1';
foreach ($view['custom_profile_fields'] as $column => $input) {
if (is_array($input)) {
foreach ($input as $value => $text) {
if ($value == $column) {
$value = $text;
}
if ($value == $lang->na) {
continue;
}
if (strpos($column, '_blank') !== false) {
$column = str_replace('_blank', '', $column);
$userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''";
} else {
$userfield_sql .= ' AND ' . $db->escape_string($column) . "='" . $db->escape_string($value) . "'";
}
}
} else {
if (!empty($input)) {
if ($input == $lang->na) {
continue;
}
if (strpos($column, '_blank') !== false) {
$column = str_replace('_blank', '', $column);
$userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''";
} else {
$userfield_sql .= ' AND ' . $db->escape_string($column) . " LIKE '%" . $db->escape_string_like($input) . "%'";
}
}
}
}
if ($userfield_sql != '1=1') {
$userfield_uids = array(0);
$query = $db->simple_select("userfields", "ufid", $userfield_sql);
while ($userfield = $db->fetch_array($query)) {
$userfield_uids[] = $userfield['ufid'];
}
$search_sql .= " AND u.uid IN(" . implode(',', $userfield_uids) . ")";
unset($userfield_uids);
}
}
// Usergroup based searching
if (isset($view['conditions']['usergroup'])) {
if (!is_array($view['conditions']['usergroup'])) {
$view['conditions']['usergroup'] = array($view['conditions']['usergroup']);
}
foreach ($view['conditions']['usergroup'] as $usergroup) {
$usergroup = (int) $usergroup;
if (!$usergroup) {
continue;
}
$additional_sql = '';
switch ($db->type) {
case "pgsql":
case "sqlite":
$additional_sql .= " OR ','||additionalgroups||',' LIKE '%,{$usergroup},%'";
break;
default:
$additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'";
}
}
$search_sql .= " AND (u.usergroup IN (" . implode(",", array_map('intval', $view['conditions']['usergroup'])) . ") {$additional_sql})";
}
// COPPA users only?
if (isset($view['conditions']['coppa'])) {
$search_sql .= " AND u.coppauser=1 AND u.usergroup=5";
}
// Extra SQL?
if (isset($view['extra_sql'])) {
$search_sql .= $view['extra_sql'];
}
// Lets fetch out how many results we have
$query = $db->query("\n\t\tSELECT COUNT(u.uid) AS num_results\n\t\tFROM " . TABLE_PREFIX . "users u\n\t\tWHERE {$search_sql}\n\t");
$num_results = $db->fetch_field($query, "num_results");
// No matching results then return false
if (!$num_results) {
return false;
} else {
if (!$view['perpage']) {
$view['perpage'] = 20;
}
$view['perpage'] = (int) $view['perpage'];
// Establish which page we're viewing and the starting index for querying
if (!isset($mybb->input['page'])) {
$mybb->input['page'] = 1;
} else {
$mybb->input['page'] = $mybb->get_input('page', MyBB::INPUT_INT);
}
if ($mybb->input['page']) {
$start = ($mybb->input['page'] - 1) * $view['perpage'];
} else {
$start = 0;
$mybb->input['page'] = 1;
}
$from_bit = "";
if (isset($mybb->input['from']) && $mybb->input['from'] == "home") {
$from_bit = "&from=home";
}
switch ($view['sortby']) {
case "regdate":
case "lastactive":
case "postnum":
case "reputation":
$view['sortby'] = $db->escape_string($view['sortby']);
break;
case "numposts":
$view['sortby'] = "postnum";
break;
case "numthreads":
$view['sortby'] = "threadnum";
break;
case "warninglevel":
$view['sortby'] = "warningpoints";
break;
default:
$view['sortby'] = "username";
}
if ($view['sortorder'] != "desc") {
$view['sortorder'] = "asc";
}
$usergroups = $cache->read("usergroups");
// Fetch matching users
$query = $db->query("\n\t\t\tSELECT u.*\n\t\t\tFROM " . TABLE_PREFIX . "users u\n\t\t\tWHERE {$search_sql}\n\t\t\tORDER BY {$view['sortby']} {$view['sortorder']}\n\t\t\tLIMIT {$start}, {$view['perpage']}\n\t\t");
$users = '';
while ($user = $db->fetch_array($query)) {
$comma = $groups_list = '';
$user['view']['username'] = "******"index.php?module=user-users&action=edit&uid={$user['uid']}\">" . format_name($user['username'], $user['usergroup'], $user['displaygroup']) . "</a>";
$user['view']['usergroup'] = htmlspecialchars_uni($usergroups[$user['usergroup']]['title']);
if ($user['additionalgroups']) {
$additional_groups = explode(",", $user['additionalgroups']);
foreach ($additional_groups as $group) {
$groups_list .= $comma . htmlspecialchars_uni($usergroups[$group]['title']);
$comma = $lang->comma;
}
}
if (!$groups_list) {
$groups_list = $lang->none;
}
$user['view']['additionalgroups'] = "<small>{$groups_list}</small>";
$user['view']['email'] = "<a href=\"mailto:" . htmlspecialchars_uni($user['email']) . "\">" . htmlspecialchars_uni($user['email']) . "</a>";
$user['view']['regdate'] = my_date('relative', $user['regdate']);
$user['view']['lastactive'] = my_date('relative', $user['lastactive']);
// Build popup menu
$popup = new PopupMenu("user_{$user['uid']}", $lang->options);
$popup->add_item($lang->view_profile, $mybb->settings['bburl'] . '/' . get_profile_link($user['uid']));
$popup->add_item($lang->edit_profile_and_settings, "index.php?module=user-users&action=edit&uid={$user['uid']}");
// Banning options... is this user banned?
if ($usergroups[$user['usergroup']]['isbannedgroup'] == 1) {
// Yes, so do we want to edit the ban or pardon his crime?
$popup->add_item($lang->edit_ban, "index.php?module=user-banning&uid={$user['uid']}#username");
$popup->add_item($lang->lift_ban, "index.php?module=user-banning&action=lift&uid={$user['uid']}&my_post_key={$mybb->post_code}");
} else {
// Not banned... but soon maybe!
$popup->add_item($lang->ban_user, "index.php?module=user-banning&uid={$user['uid']}#username");
}
if ($user['usergroup'] == 5) {
if ($user['coppauser']) {
$popup->add_item($lang->approve_coppa_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}");
} else {
$popup->add_item($lang->approve_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}");
}
}
$popup->add_item($lang->delete_user, "index.php?module=user-users&action=delete&uid={$user['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->user_deletion_confirmation}')");
$popup->add_item($lang->show_referred_users, "index.php?module=user-users&action=referrers&uid={$user['uid']}");
$popup->add_item($lang->show_ip_addresses, "index.php?module=user-users&action=ipaddresses&uid={$user['uid']}");
$popup->add_item($lang->show_attachments, "index.php?module=forum-attachments&results=1&username="******"-";
}
if ($mybb->settings['enablewarningsystem'] != 0 && $usergroups[$user['usergroup']]['canreceivewarnings'] != 0) {
if ($mybb->settings['maxwarningpoints'] < 1) {
$mybb->settings['maxwarningpoints'] = 10;
}
$warning_level = round($user['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100);
if ($warning_level > 100) {
$warning_level = 100;
}
$user['view']['warninglevel'] = get_colored_warning_level($warning_level);
}
if ($user['avatar'] && my_substr($user['avatar'], 0, 7) !== 'http://' && my_substr($user['avatar'], 0, 8) !== 'https://') {
$user['avatar'] = "../{$user['avatar']}";
}
if ($view['view_type'] == "card") {
$scaled_avatar = fetch_scaled_avatar($user, 80, 80);
} else {
$scaled_avatar = fetch_scaled_avatar($user, 34, 34);
}
if (!$user['avatar']) {
$user['avatar'] = "../" . $mybb->settings['useravatar'];
}
$user['view']['avatar'] = "<img src=\"" . htmlspecialchars_uni($user['avatar']) . "\" alt=\"\" width=\"{$scaled_avatar['width']}\" height=\"{$scaled_avatar['height']}\" />";
// Convert IP's to readable
$user['regip'] = my_inet_ntop($db->unescape_binary($user['regip']));
$user['lastip'] = my_inet_ntop($db->unescape_binary($user['lastip']));
if ($view['view_type'] == "card") {
$users .= build_user_view_card($user, $view, $i);
} else {
build_user_view_table($user, $view, $table);
}
}
// If card view, we need to output the results
if ($view['view_type'] == "card") {
$table->construct_cell($users);
$table->construct_row();
}
}
if (!isset($view['table_id'])) {
$view['table_id'] = "users_list";
}
$switch_view = "<div class=\"float_right\">";
$switch_url = $view['url'];
if ($mybb->input['page'] > 0) {
$switch_url .= "&page=" . $mybb->get_input('page', MyBB::INPUT_INT);
}
if ($view['view_type'] != "card") {
$switch_view .= "<strong>{$lang->table_view}</strong> | <a href=\"{$switch_url}&type=card\" style=\"font-weight: normal;\">{$lang->card_view}</a>";
} else {
$switch_view .= "<a href=\"{$switch_url}&type=table\" style=\"font-weight: normal;\">{$lang->table_view}</a> | <strong>{$lang->card_view}</strong>";
}
$switch_view .= "</div>";
// Do we need to construct the pagination?
if ($num_results > $view['perpage']) {
$pagination = draw_admin_pagination($mybb->input['page'], $view['perpage'], $num_results, $view['url'] . "&type={$view['view_type']}");
$search_class = "float_right";
$search_style = "";
} else {
$search_class = '';
$search_style = "text-align: right;";
}
$search_action = $view['url'];
// stop &username= in the query string
if ($view_upos = strpos($search_action, '&username='******'post', 'search_form', 0, '', true);
$built_view = $search->construct_return;
$built_view .= "<div class=\"{$search_class}\" style=\"padding-bottom: 3px; margin-top: -9px; {$search_style}\">";
$built_view .= $search->generate_hidden_field('action', 'search') . "\n";
if (isset($view['conditions']['username'])) {
$default_class = '';
$value = $view['conditions']['username'];
} else {
$default_class = "search_default";
$value = $lang->search_for_user;
}
$built_view .= $search->generate_text_box('username', $value, array('id' => 'search_keywords', 'class' => "{$default_class} field150 field_small")) . "\n";
$built_view .= "<input type=\"submit\" class=\"search_button\" value=\"{$lang->search}\" />\n";
if ($view['popup']) {
$built_view .= " <div style=\"display: inline\">{$view['popup']}</div>\n";
}
$built_view .= "<script type=\"text/javascript\">\n\t\tvar form = \$(\"#search_form\");\n\t\tform.submit(function() {\n\t\t\tvar search = \$('#search_keywords');\n\t\t\tif(search.val() == '' || search.val() == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearch.focus();\n\t\t\t\treturn false;\n\t\t\t}\n\t\t});\n\n\t\tvar search = \$(\"#search_keywords\");\n\t\tsearch.focus(function()\n\t\t{\n\t\t\tvar searched_focus = \$(this);\n\t\t\tif(searched_focus.val() == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearched_focus.removeClass(\"search_default\");\n\t\t\t\tsearched_focus.val(\"\");\n\t\t\t}\n\t\t});\n\n\t\tsearch.blur(function()\n\t\t{\n\t\t\tvar searched_blur = \$(this);\n\t\t\tif(searched_blur.val() == \"\")\n\t\t\t{\n\t\t\t\tsearched_blur.addClass('search_default');\n\t\t\t\tsearched_blur.val('" . addcslashes($lang->search_for_user, "'") . "');\n\t\t\t}\n\t\t});\n\n\t\t// fix the styling used if we have a different default value\n\t\tif(search.val() != '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t{\n\t\t\t\$(search).removeClass('search_default');\n\t\t}\n\t\t</script>\n";
$built_view .= "</div>\n";
// Autocompletion for usernames
// TODO Select2
$built_view .= $search->end();
if (isset($pagination)) {
$built_view .= $pagination;
}
if ($view['view_type'] != "card") {
$checkbox = '';
} else {
$checkbox = "<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this)\" /> ";
}
$built_view .= $table->construct_html("{$switch_view}<div>{$checkbox}{$lang->users}{$view_title}</div>", 1, "", $view['table_id']);
if (isset($pagination)) {
$built_view .= $pagination;
}
$built_view .= '
<script type="text/javascript" src="' . $mybb->settings['bburl'] . '/jscripts/inline_moderation.js?ver=1800"></script>
<form action="index.php?module=user-users" method="post">
<input type="hidden" name="my_post_key" value="' . $mybb->post_code . '" />
<input type="hidden" name="action" value="inline_edit" />
<div class="float_right"><span class="smalltext"><strong>' . $lang->inline_edit . '</strong></span>
<select name="inline_action">
<option value="multiactivate">' . $lang->inline_activate . '</option>
<option value="multiban">' . $lang->inline_ban . '</option>
<option value="multiusergroup">' . $lang->inline_usergroup . '</option>
<option value="multidelete">' . $lang->inline_delete . '</option>
<option value="multiprune">' . $lang->inline_prune . '</option>
</select>
<input type="submit" class="submit_button inline_element" name="go" value="' . $lang->go . ' (0)" id="inline_go" />
<input type="button" onclick="javascript:inlineModeration.clearChecked();" value="' . $lang->clear . '" class="submit_button inline_element" />
</div>
</form>
<br style="clear: both;" />
<script type="text/javascript">
<!--
var go_text = "' . $lang->go . '";
var all_text = "1";
var inlineType = "user";
var inlineId = "acp";
// -->
</script>';
return $built_view;
}
$plugins->run_hooks("modcp_warninglogs_end");
eval("\$warninglogs = \"" . $templates->get("modcp_warninglogs") . "\";");
output_page($warninglogs);
}
if ($mybb->input['action'] == "ipsearch") {
if ($mybb->usergroup['canuseipsearch'] == 0) {
error_no_permission();
}
add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch");
$mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
if ($mybb->input['ipaddress']) {
if (!is_array($groupscache)) {
$groupscache = $cache->read("usergroups");
}
$ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']);
$ip_range = fetch_ip_range($mybb->input['ipaddress']);
$post_results = $user_results = 0;
// Searching post IP addresses
if (isset($mybb->input['search_posts'])) {
if ($ip_range) {
if (!is_array($ip_range)) {
$post_ip_sql = "ipaddress=" . $db->escape_binary($ip_range);
} else {
$post_ip_sql = "ipaddress BETWEEN " . $db->escape_binary($ip_range[0]) . " AND " . $db->escape_binary($ip_range[1]);
}
}
$plugins->run_hooks("modcp_ipsearch_posts_start");
if ($post_ip_sql) {
$query = $db->simple_select('posts', 'COUNT(pid) AS count', "{$post_ip_sql} AND visible >= -1");
$post_results = $db->fetch_field($query, "count");
}
/**
* Checks if a specific IP address has been banned.
*
* @param string $ip_address The IP address.
* @param boolean $update_lastuse True if the 'last used' dateline should be updated if a match is found.
* @return boolean True if banned, false if not banned.
*/
function is_banned_ip($ip_address, $update_lastuse = false)
{
global $db, $cache;
$banned_ips = $cache->read("bannedips");
if (!is_array($banned_ips)) {
return false;
}
$ip_address = my_inet_pton($ip_address);
foreach ($banned_ips as $banned_ip) {
if (!$banned_ip['filter']) {
continue;
}
$banned = false;
$ip_range = fetch_ip_range($banned_ip['filter']);
if (is_array($ip_range)) {
if (strcmp($ip_range[0], $ip_address) <= 0 && strcmp($ip_range[1], $ip_address) >= 0) {
$banned = true;
}
} elseif ($ip_address == $ip_range) {
$banned = true;
}
if ($banned) {
// Updating last use
if ($update_lastuse == true) {
$db->update_query("banfilters", array("lastuse" => TIME_NOW), "fid='{$banned_ip['fid']}'");
}
return true;
}
}
// Still here - good ip
return false;
}
