function submit_new_entry($cp_call = TRUE) { global $IN, $PREFS, $OUT, $LANG, $FNS, $LOC, $DSP, $DB, $SESS, $STAT, $REGX, $EXT; $url_title = ''; $tb_format = 'xhtml'; $tb_errors = FALSE; $ping_errors = FALSE; $revision_post = $_POST; $return_url = !$IN->GBL('return_url', 'POST') ? '' : $IN->GBL('return_url'); unset($_POST['return_url']); if ($PREFS->ini('site_pages') !== FALSE) { $LANG->fetch_language_file('pages'); } if (!($weblog_id = $IN->GBL('weblog_id', 'POST')) or !is_numeric($weblog_id)) { return false; } $assigned_weblogs = $FNS->fetch_assigned_weblogs(); /** ---------------------------------------------- /** Security check /** ---------------------------------------------*/ if (!in_array($weblog_id, $assigned_weblogs)) { return false; } // ------------------------------------------- // 'submit_new_entry_start' hook. // - Add More Stuff to do when you first submit an entry // - Added 1.4.2 // $edata = $EXT->call_extension('submit_new_entry_start'); if ($EXT->end_script === TRUE) { return; } // // ------------------------------------------- /** ----------------------------- /** Does entry ID exist? And is valid for this weblog? /** -----------------------------*/ if (($entry_id = $IN->GBL('entry_id', 'POST')) !== FALSE && is_numeric($entry_id)) { // we grab the author_id now as we use it later for author validation $query = $DB->query("SELECT entry_id, author_id FROM exp_weblog_titles WHERE entry_id = '" . $DB->escape_str($entry_id) . "' AND weblog_id = '" . $DB->escape_str($weblog_id) . "'"); if ($query->num_rows != 1) { return FALSE; } else { $entry_id = $query->row['entry_id']; $orig_author_id = $query->row['author_id']; } } else { $entry_id = ''; } /** ----------------------------- /** Weblog Switch? /** -----------------------------*/ $old_weblog = ''; if (($new_weblog = $IN->GBL('new_weblog', 'POST')) !== FALSE && $new_weblog != $weblog_id) { $query = $DB->query("SELECT status_group, cat_group, field_group, weblog_id \n \t\t\t\t\t\t FROM exp_weblogs \n \t\t\t\t\t\t WHERE weblog_id IN ('" . $DB->escape_str($weblog_id) . "', '" . $DB->escape_str($new_weblog) . "')"); if ($query->num_rows == 2) { if ($query->result['0']['status_group'] == $query->result['1']['status_group'] && $query->result['0']['cat_group'] == $query->result['1']['cat_group'] && $query->result['0']['field_group'] == $query->result['1']['field_group']) { if ($SESS->userdata['group_id'] == 1) { $old_weblog = $weblog_id; $weblog_id = $new_weblog; } else { $assigned_weblogs = $FNS->fetch_assigned_weblogs(); if (in_array($new_weblog, $assigned_weblogs)) { $old_weblog = $weblog_id; $weblog_id = $new_weblog; } } } } } /** ----------------------------- /** Fetch Weblog Prefs /** -----------------------------*/ $query = $DB->query("SELECT blog_title, blog_url, comment_url, deft_status, enable_versioning, enable_qucksave_versioning, max_revisions, weblog_notify, weblog_notify_emails, ping_return_url, rss_url, tb_return_url, trackback_field, comment_system_enabled, trackback_system_enabled FROM exp_weblogs WHERE weblog_id = '" . $weblog_id . "'"); $blog_title = $REGX->ascii_to_entities($query->row['blog_title']); $blog_url = $query->row['blog_url']; $ping_url = $query->row['ping_return_url'] == '' ? $query->row['blog_url'] : $query->row['ping_return_url']; $tb_url = $query->row['tb_return_url'] == '' ? $query->row['blog_url'] : $query->row['tb_return_url']; $rss_url = $query->row['rss_url']; $deft_status = $query->row['deft_status']; $comment_url = $query->row['comment_url']; $trackback_field = $query->row['trackback_field']; $comment_system_enabled = $query->row['comment_system_enabled']; $trackback_system_enabled = $query->row['trackback_system_enabled']; $notify_address = ($query->row['weblog_notify'] == 'y' and $query->row['weblog_notify_emails'] != '') ? $query->row['weblog_notify_emails'] : ''; $enable_versioning = $query->row['enable_versioning']; $enable_qucksave_versioning = $query->row['enable_qucksave_versioning']; $max_revisions = $query->row['max_revisions']; /** ----------------------------- /** Error trapping /** -----------------------------*/ $error = array(); // Fetch language file $LANG->fetch_language_file('publish_ad'); /** --------------------------------- /** No entry title? Assign error. /** ---------------------------------*/ if (!($title = strip_tags(trim(stripslashes($IN->GBL('title', 'POST')))))) { $error[] = $LANG->line('missing_title'); } /** --------------------------------------------- /** No date? Assign error. /** ---------------------------------------------*/ if (!$IN->GBL('entry_date', 'POST')) { $error[] = $LANG->line('missing_date'); } /** --------------------------------------------- /** Convert the date to a Unix timestamp /** ---------------------------------------------*/ $entry_date = $LOC->convert_human_date_to_gmt($IN->GBL('entry_date', 'POST')); if (!is_numeric($entry_date)) { // Localize::convert_human_date_to_gmt() returns verbose errors if ($entry_date !== FALSE) { $error[] = $entry_date . NBS . NBS . '(' . $LANG->line('entry_date') . ')'; } else { $error[] = $LANG->line('invalid_date_formatting'); } } /** --------------------------------------------- /** Convert expiration date to a Unix timestamp /** ---------------------------------------------*/ if (!$IN->GBL('expiration_date', 'POST')) { $expiration_date = 0; } else { $expiration_date = $LOC->convert_human_date_to_gmt($IN->GBL('expiration_date', 'POST')); if (!is_numeric($expiration_date)) { // Localize::convert_human_date_to_gmt() returns verbose errors if ($expiration_date !== FALSE) { $error[] = $expiration_date . NBS . NBS . '(' . $LANG->line('expiration_date') . ')'; } else { $error[] = $LANG->line('invalid_date_formatting'); } } } /** --------------------------------------------- /** Convert comment expiration date timestamp /** ---------------------------------------------*/ if (!$IN->GBL('comment_expiration_date', 'POST')) { $comment_expiration_date = 0; } else { $comment_expiration_date = $LOC->convert_human_date_to_gmt($IN->GBL('comment_expiration_date', 'POST')); if (!is_numeric($comment_expiration_date)) { // Localize::convert_human_date_to_gmt() returns verbose errors if ($comment_expiration_date !== FALSE) { $error[] = $comment_expiration_date . NBS . NBS . '(' . $LANG->line('comment_expiration_date') . ')'; } else { $error[] = $LANG->line('invalid_date_formatting'); } } } /** -------------------------------------- /** Are all requred fields filled out? /** --------------------------------------*/ $query = $DB->query("SELECT field_id, field_label FROM exp_weblog_fields WHERE field_required = 'y'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { if (isset($_POST['field_id_' . $row['field_id']]) and $_POST['field_id_' . $row['field_id']] == '') { $error[] = $LANG->line('custom_field_empty') . NBS . $row['field_label']; } } } /** -------------------------------------- /** Are there any custom date fields? /** --------------------------------------*/ $query = $DB->query("SELECT field_id, field_label FROM exp_weblog_fields WHERE field_type = 'date'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { if (isset($_POST['field_id_' . $row['field_id']]) and $_POST['field_id_' . $row['field_id']] != '') { $_POST['field_ft_' . $row['field_id']] = 'none'; $custom_date = $LOC->convert_human_date_to_gmt($_POST['field_id_' . $row['field_id']]); if (!is_numeric($custom_date)) { // Localize::convert_human_date_to_gmt() returns verbose errors if ($custom_date !== FALSE) { $error[] = $custom_date . NBS . NBS . '(' . $row['field_label'] . ')'; } else { $error[] = $LANG->line('invalid_date_formatting'); } } else { $custom_date = $LOC->offset_entry_dst($custom_date, $IN->GBL('dst_enabled', 'POST')); $_POST['field_id_' . $row['field_id']] = $custom_date; if (!isset($_POST['field_offset_' . $row['field_id']])) { $_POST['field_dt_' . $row['field_id']] = ''; } else { if ($_POST['field_offset_' . $row['field_id']] == 'y') { $_POST['field_dt_' . $row['field_id']] = ''; } else { $_POST['field_dt_' . $row['field_id']] = $SESS->userdata('timezone'); } } } } } } /** --------------------------------- /** Fetch xml-rpc ping server IDs /** ---------------------------------*/ $ping_servers = array(); foreach ($_POST as $key => $val) { if (strstr($key, 'ping') and !is_array($val)) { $ping_servers[] = $val; unset($_POST[$key]); } } /** ------------------------------------- /** Pre-process Trackback data /** -------------------------------------*/ // If the weblog submission was via the bookmarklet we need to fetch the trackback URLs $tb_auto_urls = ''; if ($IN->GBL('BK', 'GP')) { foreach ($_POST as $key => $val) { if (preg_match('#^TB_AUTO_#', $key)) { $tb_auto_urls .= $val . NL; } } } // Join the manually submitted trackbacks with the auto-disovered ones $trackback_urls = $IN->GBL('trackback_urls'); if ($tb_auto_urls != '') { $trackback_urls .= NL . $tb_auto_urls; } /** -------------------------------------- /** Is weblog data present? /** --------------------------------------*/ // In order to send pings or trackbacks, the weblog needs a title and URL if ($trackback_urls != '' && ($blog_title == '' || $tb_url == '')) { $error[] = $LANG->line('missing_weblog_data_for_pings'); } if (count($ping_servers) > 0 && ($blog_title == '' || $ping_url == '')) { $error[] = $LANG->line('missing_weblog_data_for_pings'); } /** -------------------------------------- /** Is the title unique? /** --------------------------------------*/ if ($title != '') { /** --------------------------------- /** Do we have a URL title? /** ---------------------------------*/ // If not, create one from the title $url_title = $IN->GBL('url_title'); if (!$url_title) { $url_title = $REGX->create_url_title($title, TRUE); } // Kill all the extraneous characters. // We want the URL title to pure alpha text if ($entry_id != '') { $url_query = $DB->query("SELECT url_title FROM exp_weblog_titles WHERE entry_id = '{$entry_id}'"); if ($url_query->row['url_title'] != $url_title) { $url_title = $REGX->create_url_title($url_title); } } else { $url_title = $REGX->create_url_title($url_title); } // Is the url_title a pure number? If so we show an error. if (is_numeric($url_title)) { $this->url_title_error = TRUE; $error[] = $LANG->line('url_title_is_numeric'); } /** ------------------------------------- /** Is the URL Title empty? Can't have that /** -------------------------------------*/ if (trim($url_title) == '') { $this->url_title_error = TRUE; $error[] = $LANG->line('unable_to_create_url_title'); $msg = ''; foreach ($error as $val) { $msg .= $DSP->qdiv('itemWrapper', $val); } if ($cp_call == TRUE) { return $this->new_entry_form('preview', $msg); } else { return $OUT->show_user_error('general', $error); } } /** --------------------------------- /** Is URL title unique? /** ---------------------------------*/ // Field is limited to 75 characters, so trim url_title before querying $url_title = substr($url_title, 0, 75); $e_sql = ''; $sql = "SELECT count(*) AS count FROM exp_weblog_titles WHERE url_title = '" . $DB->escape_str($url_title) . "' AND weblog_id = '{$weblog_id}'"; if ($entry_id != '') { $e_sql = " AND entry_id != '{$entry_id}'"; } $query = $DB->query($sql . $e_sql); if ($query->row['count'] > 0) { // We may need some room to add our numbers- trim url_title to 70 characters $url_title = substr($url_title, 0, 70); // Check again $sql = "SELECT count(*) AS count FROM exp_weblog_titles WHERE url_title = '" . $DB->escape_str($url_title) . "' AND weblog_id = '{$weblog_id}'" . $e_sql; $query = $DB->query($sql); if ($query->row['count'] > 0) { $url_create_error = FALSE; $sql = "SELECT url_title, MID(url_title, " . (strlen($url_title) + 1) . ") + 1 AS next_suffix FROM " . "exp_weblog_titles WHERE weblog_id = '" . $weblog_id . "' " . "AND url_title REGEXP('" . preg_quote($DB->escape_str($url_title)) . "[0-9]*\$') " . "AND weblog_id = '" . $weblog_id . "'" . $e_sql . " ORDER BY next_suffix DESC LIMIT 1"; $query = $DB->query($sql); // Did something go tragically wrong? if ($query->num_rows == 0) { $url_create_error = TRUE; $error[] = $LANG->line('unable_to_create_url_title'); } // Is the appended number going to kick us over the 75 character limit? if ($query->row['next_suffix'] > 99999) { $url_create_error = TRUE; $error[] = $LANG->line('url_title_not_unique'); } if ($url_create_error == FALSE) { $url_title = $url_title . $query->row['next_suffix']; // little double check for safety $sql = "SELECT count(*) AS count FROM exp_weblog_titles WHERE url_title = '" . $DB->escape_str($url_title) . "' AND weblog_id = '{$weblog_id}'" . $e_sql; $query = $DB->query($sql); if ($query->row['count'] > 0) { $error[] = $LANG->line('unable_to_create_url_title'); } } } } } // Did they name the URL title "index"? That's a bad thing which we disallow if ($url_title == 'index') { $this->url_title_error = TRUE; $error[] = $LANG->line('url_title_is_index'); } /** ------------------------------------- /** Validate Page URI /** -------------------------------------*/ if ($PREFS->ini('site_pages') !== FALSE && $IN->GBL('pages_uri', 'POST') !== FALSE && $IN->GBL('pages_uri', 'POST') != '' && $IN->GBL('pages_uri', 'POST') != '/example/pages/uri/') { if (!is_numeric($IN->GBL('pages_template_id', 'POST'))) { $error[] = $LANG->line('invalid_template'); } $page_uri = preg_replace("#[^a-zA-Z0-9_\\-/\\.]+\$#i", '', str_replace($PREFS->ini('site_url'), '', $IN->GBL('pages_uri'))); if ($page_uri !== $IN->GBL('pages_uri', 'POST')) { $error[] = $LANG->line('invalid_page_uri'); } /** ------------------------------------- /** Check if Duplicate Page URI /** - Do NOT delete this as the $static_pages variable is used further down /** -------------------------------------*/ $static_pages = $PREFS->ini('site_pages'); $uris = isset($static_pages[$PREFS->ini('site_id')]['uris']) ? $static_pages[$PREFS->ini('site_id')]['uris'] : array(); if ($entry_id != '') { unset($uris[$entry_id]); } if (in_array($IN->GBL('pages_uri', 'POST'), $uris)) { $error[] = $LANG->line('duplicate_page_uri'); } unset($uris); } /** --------------------------------------- /** Validate Author ID /** ---------------------------------------*/ $author_id = !$IN->GBL('author_id', 'POST') ? $SESS->userdata('member_id') : $IN->GBL('author_id', 'POST'); if ($author_id != $SESS->userdata['member_id'] && !$DSP->allowed_group('can_edit_other_entries')) { $error[] = $LANG->line('not_authorized'); } if (isset($orig_author_id) && $author_id != $orig_author_id && (!$DSP->allowed_group('can_edit_other_entries') or !$DSP->allowed_group('can_assign_post_authors'))) { $error[] = $LANG->line('not_authorized'); } if ($author_id != $SESS->userdata['member_id'] && $SESS->userdata['group_id'] != 1) { // we only need to worry about this if the author has changed if (!isset($orig_author_id) or $author_id != $orig_author_id) { if (!$DSP->allowed_group('can_assign_post_authors')) { $error[] = $LANG->line('not_authorized'); } else { $allowed_authors = array(); $ss = "SELECT exp_members.member_id\n\t\t\t\t\t\t FROM exp_members\n\t\t\t\t\t\t LEFT JOIN exp_member_groups on exp_member_groups.group_id = exp_members.group_id\n\t\t\t\t\t\t WHERE (exp_members.in_authorlist = 'y' OR exp_member_groups.include_in_authorlist = 'y')\n\t\t\t\t\t\t AND exp_member_groups.site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "'"; $query = $DB->query($ss); if ($query->num_rows > 0) { foreach ($query->result as $row) { // Is this a "user blog"? If so, we'll only allow // authors if they are assigned to this particular blog if ($SESS->userdata['weblog_id'] != 0) { if ($row['weblog_id'] == $weblog_id) { $allowed_authors[] = $row['member_id']; } } else { $allowed_authors[] = $row['member_id']; } } } if (!in_array($author_id, $allowed_authors)) { $error[] = $LANG->line('invalid_author'); } } } } /** --------------------------------------- /** Validate status /** ---------------------------------------*/ $status = $IN->GBL('status', 'POST') == FALSE ? $deft_status : $IN->GBL('status', 'POST'); if ($SESS->userdata['group_id'] != 1) { $disallowed_statuses = array(); $valid_statuses = array(); $sq = "SELECT s.status_id, s.status\n\t\t\t\t FROM exp_statuses AS s\n\t\t\t\t LEFT JOIN exp_status_groups AS sg ON sg.group_id = s.group_id\n\t\t\t\t LEFT JOIN exp_weblogs AS w ON w.status_group = sg.group_id\n\t\t\t\t WHERE w.weblog_id = '" . $DB->escape_str($weblog_id) . "'"; $query = $DB->query($sq); if ($query->num_rows > 0) { foreach ($query->result as $row) { $valid_statuses[$row['status_id']] = strtolower($row['status']); // lower case to match MySQL's case-insensitivity } } $dsq = "SELECT exp_status_no_access.status_id, exp_statuses.status\n\t\t\t\t\tFROM exp_status_no_access, exp_statuses\n\t\t\t\t\tWHERE exp_statuses.status_id = exp_status_no_access.status_id\n\t\t\t\t\tAND exp_status_no_access.member_group = '" . $SESS->userdata['group_id'] . "'"; $query = $DB->query($dsq); if ($query->num_rows > 0) { foreach ($query->result as $row) { $disallowed_statuses[$row['status_id']] = strtolower($row['status']); // lower case to match MySQL's case-insensitivity } $valid_statuses = array_diff_assoc($valid_statuses, $disallowed_statuses); } if (!in_array(strtolower($status), $valid_statuses)) { // if there are no valid statuses, set to closed $status = 'closed'; } } /** --------------------------------- /** Do we have an error to display? /** ---------------------------------*/ if (count($error) > 0) { $msg = ''; foreach ($error as $val) { $msg .= $DSP->qdiv('itemWrapper', $val); } if ($cp_call == TRUE) { return $this->new_entry_form('preview', $msg); } else { return $OUT->show_user_error('general', $error); } } /** --------------------------------- /** Fetch catagories /** ---------------------------------*/ // We do this first so we can destroy the category index from // the $_POST array since we use a separate table to store categories in if (isset($_POST['category']) and is_array($_POST['category'])) { foreach ($_POST['category'] as $cat_id) { $this->cat_parents[] = $cat_id; } if ($this->assign_cat_parent == TRUE) { $this->fetch_category_parents($_POST['category']); } } unset($_POST['category']); /** --------------------------------- /** Fetch previously sent trackbacks /** ---------------------------------*/ // If we are editing an existing entry, fetch the previously sent trackbacks // and add the new trackback URLs to them $sent_trackbacks = ''; if ($trackback_urls != '' and $entry_id != '') { $sent_trackbacks = trim($trackback_urls) . "\n"; $query = $DB->query("SELECT sent_trackbacks FROM exp_weblog_titles WHERE entry_id = '{$entry_id}'"); if ($query->num_rows > 0) { $sent_trackbacks = $query->row['sent_trackbacks']; } } /** --------------------------------- /** Set "mode" cookie /** ---------------------------------*/ // We do it now so we can destry it from the POST array if (isset($_POST['mode'])) { $FNS->set_cookie('mode', $_POST['mode'], 60 * 60 * 24 * 182); unset($_POST['mode']); } if ($cp_call == TRUE) { $allow_comments = $IN->GBL('allow_comments', 'POST') == 'y' ? 'y' : 'n'; $allow_trackbacks = $IN->GBL('allow_trackbacks', 'POST') == 'y' ? 'y' : 'n'; } else { $allow_comments = $IN->GBL('allow_comments', 'POST') !== 'y' || $comment_system_enabled == 'n' ? 'n' : 'y'; $allow_trackbacks = $IN->GBL('allow_trackbacks', 'POST') !== 'y' || $trackback_system_enabled == 'n' ? 'n' : 'y'; } /** -------------------------------------- /** Do we have a relationship? /** --------------------------------------*/ // If the entry being submitted is the "parent" entry we need to compile and cache the "child" entry. $query = $DB->query("SELECT field_id, field_related_to, field_related_id FROM exp_weblog_fields WHERE field_type = 'rel'"); $rel_updates = array(); if ($query->num_rows > 0) { foreach ($query->result as $row) { if (isset($_POST['field_id_' . $row['field_id']])) { $_POST['field_ft_' . $row['field_id']] = 'none'; $rel_exists = FALSE; // If editing an existing entry.... // Does an existing relationship exist? If so, we may not need to recompile the data if ($entry_id != '') { // First we fetch the previously stored related entry ID. $rel_query = $DB->query("SELECT field_id_" . $row['field_id'] . " FROM exp_weblog_data WHERE entry_id = '" . $entry_id . "'"); // If the previous ID matches the current ID being submitted it means that // the existing relationship has not changed so there's no need to recompile. // If it has changed we'll clear the old relationship. if (is_numeric($rel_query->row['field_id_' . $row['field_id']])) { if ($rel_query->row['field_id_' . $row['field_id']] == $_POST['field_id_' . $row['field_id']]) { $rel_exists = TRUE; } else { $DB->query("DELETE FROM exp_relationships WHERE rel_id = '" . $rel_query->row['field_id_' . $row['field_id']] . "'"); } } } if (is_numeric($_POST['field_id_' . $row['field_id']]) and $rel_exists == FALSE) { $reldata = array('type' => $row['field_related_to'], 'parent_id' => $entry_id, 'child_id' => $_POST['field_id_' . $row['field_id']], 'related_id' => $weblog_id); $_POST['field_id_' . $row['field_id']] = $FNS->compile_relationship($reldata, TRUE); $rel_updates[] = $_POST['field_id_' . $row['field_id']]; } } } } /** --------------------------------- /** Build our query data /** ---------------------------------*/ if ($enable_versioning == 'n') { $version_enabled = 'y'; } else { $version_enabled = isset($_POST['versioning_enabled']) ? 'y' : 'n'; } $data = array('entry_id' => '', 'weblog_id' => $weblog_id, 'author_id' => $author_id, 'site_id' => $PREFS->ini('site_id'), 'ip_address' => $IN->IP, 'title' => $PREFS->ini('auto_convert_high_ascii') == 'y' ? $REGX->ascii_to_entities($title) : $title, 'url_title' => $url_title, 'entry_date' => $entry_date, 'edit_date' => date("YmdHis"), 'versioning_enabled' => $version_enabled, 'year' => date('Y', $entry_date), 'month' => date('m', $entry_date), 'day' => date('d', $entry_date), 'expiration_date' => $expiration_date, 'comment_expiration_date' => $comment_expiration_date, 'sticky' => $IN->GBL('sticky', 'POST') == 'y' ? 'y' : 'n', 'status' => $status, 'allow_comments' => $allow_comments, 'allow_trackbacks' => $allow_trackbacks, 'forum_topic_id' => ($IN->GBL('forum_topic_id') != '' and is_numeric($IN->GBL('forum_topic_id'))) ? trim($IN->GBL('forum_topic_id')) : 0); // If we have the "honor_entry_dst" pref turned on we need to reverse the effects. if ($PREFS->ini('honor_entry_dst') == 'y') { $data['dst_enabled'] = $IN->GBL('dst_enabled', 'POST') == 'y' ? 'y' : 'n'; } /** --------------------------------- /** Insert the entry /** ---------------------------------*/ if ($entry_id == '') { $DB->query($DB->insert_string('exp_weblog_titles', $data)); $entry_id = $DB->insert_id; /** ------------------------------------ /** Update Relationships /** ------------------------------------*/ if (sizeof($rel_updates) > 0) { $DB->query("UPDATE exp_relationships SET rel_parent_id = '" . $entry_id . "' WHERE rel_id IN (" . implode(',', $rel_updates) . ")"); } /** ------------------------------------ /** Insert the custom field data /** ------------------------------------*/ $cust_fields = array('entry_id' => $entry_id, 'weblog_id' => $weblog_id); foreach ($_POST as $key => $val) { if (strstr($key, 'field_offset_')) { unset($_POST[$key]); continue; } if (strstr($key, 'field')) { if ($key == 'field_ft_' . $trackback_field) { $tb_format = $val; } if (strstr($key, 'field_id_') and !is_numeric($val)) { $cust_fields[$key] = $PREFS->ini('auto_convert_high_ascii') == 'y' ? $REGX->ascii_to_entities($val) : $val; } else { $cust_fields[$key] = $val; } } } if (count($cust_fields) > 0) { $cust_fields['site_id'] = $PREFS->ini('site_id'); // Submit the custom fields $DB->query($DB->insert_string('exp_weblog_data', $cust_fields)); } /** ------------------------------------ /** Update member stats /** ------------------------------------*/ if ($data['author_id'] == $SESS->userdata('member_id')) { $total_entries = $SESS->userdata['total_entries'] + 1; } else { $query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '" . $data['author_id'] . "'"); $total_entries = $query->row['total_entries'] + 1; } $DB->query("UPDATE exp_members set total_entries = '{$total_entries}', last_entry_date = '" . $LOC->now . "' WHERE member_id = '" . $data['author_id'] . "'"); /** ------------------------------------- /** Set page title and success message /** -------------------------------------*/ $type = 'new'; $page_title = 'entry_has_been_added'; $message = $LANG->line($page_title); /** ------------------------------------- /** Is there a forum post? /** -------------------------------------*/ if ($PREFS->ini('forum_is_installed') == "y" and $IN->GBL('forum_title') != '' and $IN->GBL('forum_body') != '') { $query = $DB->query("SELECT board_id FROM exp_forums WHERE forum_id = '" . $DB->escape_str($IN->GBL('forum_id')) . "'"); if ($query->num_rows > 0) { $title = $this->_convert_forum_tags($IN->GBL('forum_title')); $body = $this->_convert_forum_tags(str_replace('{permalink}', $FNS->remove_double_slashes($comment_url . '/' . $url_title . '/'), $IN->GBL('forum_body'))); $DB->query($DB->insert_string('exp_forum_topics', array('topic_id' => '', 'forum_id' => $IN->GBL('forum_id'), 'board_id' => $query->row['board_id'], 'topic_date' => $LOC->now, 'title' => $REGX->xss_clean($title), 'body' => $REGX->xss_clean($body), 'author_id' => $author_id, 'ip_address' => $IN->IP, 'last_post_date' => $LOC->now, 'last_post_author_id' => $author_id, 'sticky' => 'n', 'status' => 'o', 'announcement' => 'n', 'poll' => 'n', 'parse_smileys' => 'y', 'thread_total' => 1))); $topic_id = $DB->insert_id; $rand = $author_id . $FNS->random('alpha', 8); $DB->query("UPDATE exp_weblog_titles SET forum_topic_id = '{$topic_id}' WHERE entry_id = '{$entry_id}'"); $DB->query("INSERT INTO exp_forum_subscriptions (topic_id, member_id, subscription_date, hash) \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \t\tVALUES \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \t\t('{$topic_id}', '{$author_id}', '{$LOC->now}', '{$rand}')"); // Update the forum stats if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } Forum_Core::_update_post_stats($IN->GBL('forum_id')); // Update member post total $DB->query("UPDATE exp_members SET last_forum_post_date = '{$LOC->now}' WHERE member_id = '" . $author_id . "'"); } } /** ---------------------------- /** Send admin notification /** ----------------------------*/ if ($notify_address != '') { $swap = array('name' => $SESS->userdata('screen_name'), 'email' => $SESS->userdata('email'), 'weblog_name' => $blog_title, 'entry_title' => $title, 'entry_url' => $FNS->remove_double_slashes($blog_url . '/' . $url_title . '/'), 'comment_url' => $FNS->remove_double_slashes($comment_url . '/' . $url_title . '/')); $template = $FNS->fetch_email_template('admin_notify_entry'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); // We don't want to send a notification if the person // leaving the entry is in the notification list if (stristr($notify_address, $SESS->userdata['email'])) { $notify_address = str_replace($SESS->userdata('email'), "", $notify_address); } $notify_address = $REGX->remove_extra_commas($notify_address); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); foreach (explode(',', $notify_address) as $addy) { $email->initialize(); $email->wordwrap = false; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->reply_to($PREFS->ini('webmaster_email')); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } } } else { /** --------------------------------- /** Update an existing entry /** ---------------------------------*/ if ($PREFS->ini('honor_entry_dst') == 'y') { $data['entry_date'] = $LOC->offset_entry_dst($data['entry_date'], $data['dst_enabled']); if ($data['expiration_date'] != '' and $data['expiration_date'] != 0) { $data['expiration_date'] = $LOC->offset_entry_dst($data['expiration_date'], $data['dst_enabled']); } if ($data['comment_expiration_date'] != '' and $data['comment_expiration_date'] != 0) { $data['comment_expiration_date'] = $LOC->offset_entry_dst($data['comment_expiration_date'], $data['dst_enabled']); } } // First we need to see if the author of the entry has changed. $query = $DB->query("SELECT author_id FROM exp_weblog_titles WHERE entry_id = '{$entry_id}'"); $old_author = $query->row['author_id']; if ($old_author != $data['author_id']) { // Decremenet the counter on the old author $query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '{$old_author}'"); $total_entries = $query->row['total_entries'] - 1; $DB->query("UPDATE exp_members set total_entries = '{$total_entries}' WHERE member_id = '{$old_author}'"); // Increment the counter on the new author $query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '" . $data['author_id'] . "'"); $total_entries = $query->row['total_entries'] + 1; $DB->query("UPDATE exp_members set total_entries = '{$total_entries}' WHERE member_id = '" . $data['author_id'] . "'"); } /** ------------------------------------ /** Update the entry /** ------------------------------------*/ unset($data['entry_id']); $topic_id = $data['forum_topic_id']; $DB->query($DB->update_string('exp_weblog_titles', $data, "entry_id = '{$entry_id}'")); /** ------------------------------------ /** Update the custom fields /** ------------------------------------*/ $cust_fields = array('weblog_id' => $weblog_id); foreach ($_POST as $key => $val) { if (strstr($key, 'field_offset_')) { // removed the unset in 1.6.5 as the localization was being lost on quicksave // unset($_POST[$key]); continue; } if (strstr($key, 'field')) { if ($key == 'field_ft_' . $trackback_field) { $tb_format = $val; } if (strstr($key, 'field_id_') and !is_numeric($val)) { $cust_fields[$key] = $PREFS->ini('auto_convert_high_ascii') == 'y' ? $REGX->ascii_to_entities($val) : $val; } else { $cust_fields[$key] = $val; } } } if (count($cust_fields) > 0) { // Update the custom fields $DB->query($DB->update_string('exp_weblog_data', $cust_fields, "entry_id = '{$entry_id}'")); } /** ------------------------------------ /** Delete categories /** ------------------------------------*/ // We will resubmit all categories next $DB->query("DELETE FROM exp_category_posts WHERE entry_id = '{$entry_id}'"); /** ------------------------------------ /** Set page title and success message /** ------------------------------------*/ $type = 'update'; $page_title = 'entry_has_been_updated'; $message = $LANG->line($page_title); } /** --------------------------------- /** Insert categories /** ---------------------------------*/ if ($this->cat_parents > 0) { $this->cat_parents = array_unique($this->cat_parents); sort($this->cat_parents); foreach ($this->cat_parents as $val) { if ($val != '') { $DB->query("INSERT INTO exp_category_posts (entry_id, cat_id) VALUES ('{$entry_id}', '{$val}')"); } } } /** -------------------------------------- /** Is this entry a child of another parent? /** --------------------------------------*/ // If the entry being submitted is a "child" of another parent // we need to re-compile and cache the data. Confused? Me too... $query = $DB->query("SELECT COUNT(*) AS count FROM exp_relationships WHERE rel_type = 'blog' AND rel_child_id = '" . $DB->escape_str($entry_id) . "'"); if ($query->row['count'] > 0) { $reldata = array('type' => 'blog', 'child_id' => $entry_id); $FNS->compile_relationship($reldata, FALSE); } /** -------------------------------------- /** Is this entry a parent of a child? /** --------------------------------------*/ $query = $DB->query("SELECT COUNT(*) AS count FROM exp_relationships \n\t\t\t\t\t\t\t WHERE rel_parent_id = '" . $DB->escape_str($entry_id) . "'\n\t\t\t\t\t\t\t AND reverse_rel_data != ''"); if ($query->row['count'] > 0) { $reldata = array('type' => 'blog', 'parent_id' => $entry_id); $FNS->compile_relationship($reldata, FALSE, TRUE); } /** ------------------------------------- /** Is there a forum post to update /** -------------------------------------*/ if ($PREFS->ini('forum_is_installed') == "y" and $IN->GBL('forum_title') != '' and $IN->GBL('forum_body') != '' and $topic_id != 0) { $title = $this->_convert_forum_tags($IN->GBL('forum_title')); $body = $this->_convert_forum_tags(str_replace('{permalink}', $FNS->remove_double_slashes($comment_url . '/' . $url_title . '/'), $IN->GBL('forum_body'))); $DB->query("UPDATE exp_forum_topics SET title = '{$title}', body = '{$body}' WHERE topic_id = '{$topic_id}' "); // Update the forum stats if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } Forum_Core::_update_post_stats($IN->GBL('forum_id')); } /** ------------------------------------- /** Is there a Page being updated or created? /** -------------------------------------*/ if ($PREFS->ini('site_pages') !== FALSE && $IN->GBL('pages_uri', 'POST') !== FALSE && $IN->GBL('pages_uri', 'POST') != '' && $IN->GBL('pages_uri', 'POST') != '/example/pages/uri/' && is_numeric($IN->GBL('pages_template_id', 'POST'))) { /** ---------------------------------------- /** Update the Very, Most Current Pages Data for Site /** ----------------------------------------*/ $site_id = $PREFS->ini('site_id'); $static_pages[$site_id]['uris'][$entry_id] = '/' . trim(preg_replace("#[^a-zA-Z0-9_\\-/\\.]+\$#i", '', str_replace($PREFS->ini('site_url'), '', $IN->GBL('pages_uri'))), '/') . '/'; $static_pages[$site_id]['templates'][$entry_id] = preg_replace("#[^0-9]+\$#i", '', $IN->GBL('pages_template_id', 'POST')); if ($static_pages[$site_id]['uris'][$entry_id] == '//') { $static_pages[$site_id]['uris'][$entry_id] = '/'; } $DB->query($DB->update_string('exp_sites', array('site_pages' => addslashes(serialize($static_pages))), "site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "'")); } /** ---------------------------------------- /** Save revisions if needed /** ----------------------------------------*/ if (!isset($_POST['versioning_enabled'])) { $enable_versioning = 'n'; } if (isset($_POST['save']) and $enable_qucksave_versioning == 'n') { $enable_versioning = 'n'; } if ($enable_versioning == 'y') { $DB->query("INSERT INTO exp_entry_versioning (version_id, entry_id, weblog_id, author_id, version_date, version_data) VALUES ('', '" . $entry_id . "', '" . $weblog_id . "', '" . $SESS->userdata('member_id') . "', '" . $LOC->now . "', '" . addslashes(serialize($revision_post)) . "')"); // Clear old revisions if needed $max = (is_numeric($max_revisions) and $max_revisions > 0) ? $max_revisions : 10; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_entry_versioning WHERE entry_id = '" . $entry_id . "'"); if ($query->row['count'] > $max) { $query = $DB->query("SELECT version_id FROM exp_entry_versioning WHERE entry_id = '" . $entry_id . "' ORDER BY version_id desc limit " . $max); $ids = ''; foreach ($query->result as $row) { $ids .= $row['version_id'] . ','; } $ids = substr($ids, 0, -1); $DB->query("DELETE FROM exp_entry_versioning WHERE version_id NOT IN (" . $ids . ") AND entry_id = '" . $entry_id . "'"); } } //--------------------------------- // Quick Save Returns Here // - does not process pings // - does not update stats // - does not empty caches //--------------------------------- if (isset($_POST['save'])) { return $this->new_entry_form('save', '', $entry_id); } /** ---------------------------------------- /** Update global stats /** ----------------------------------------*/ if ($old_weblog != '') { // Change weblog_id in exp_comments if (isset($this->installed_modules['comment'])) { $DB->query("UPDATE exp_comments SET weblog_id = '{$weblog_id}' WHERE entry_id = '{$entry_id}'"); } $STAT->update_weblog_stats($old_weblog); } $STAT->update_weblog_stats($weblog_id); /** --------------------------------- /** Send trackbacks /** ---------------------------------*/ $tb_body = !isset($_POST['field_id_' . $trackback_field]) ? '' : $_POST['field_id_' . $trackback_field]; if ($trackback_urls != '' and $tb_body != '' and $data['status'] != 'closed' and $data['entry_date'] < $LOC->now + 90) { $entry_link = $REGX->prep_query_string($tb_url); $entry_link = $FNS->remove_double_slashes($entry_link . '/' . $url_title . '/'); $tb_data = array('entry_id' => $entry_id, 'entry_link' => $FNS->remove_double_slashes($entry_link), 'entry_title' => $title, 'entry_content' => $tb_body, 'tb_format' => $tb_format, 'weblog_name' => $blog_title, 'trackback_url' => $trackback_urls); require PATH_MOD . 'trackback/mcp.trackback' . EXT; $TB = new Trackback_CP(); $tb_res = $TB->send_trackback($tb_data); /** --------------------------------------- /** Update the "sent_trackbacks" field /** ---------------------------------------*/ // Fetch the URLs that were sent successfully and update the DB if (count($tb_res['0']) > 0) { foreach ($tb_res['0'] as $val) { $sent_trackbacks .= $val . "\n"; } $DB->query("UPDATE exp_weblog_titles SET sent_trackbacks = '{$sent_trackbacks}' WHERE entry_id = '{$entry_id}'"); } if (count($tb_res['1']) > 0) { $tb_errors = TRUE; } } /** --------------------------------- /** Send xml-rpc pings /** ---------------------------------*/ $ping_message = ''; if (count($ping_servers) > 0) { // We only ping entries that are posted now, not in the future if ($entry_date - 90 < $LOC->now) { $ping_result = $this->send_pings($ping_servers, $blog_title, $ping_url, $rss_url); if (is_array($ping_result) and count($ping_result) > 0) { $ping_errors = TRUE; $ping_message .= $DSP->qdiv('highlight', $DSP->qdiv('defaultBold', $LANG->line('xmlrpc_ping_errors'))); foreach ($ping_result as $val) { $ping_message .= $DSP->qdiv('highlight', $DSP->qspan('highlight_bold', $val['0']) . ' - ' . $val['1']); } } } /** --------------------------------- /** Save ping button state /** ---------------------------------*/ $DB->query("DELETE FROM exp_entry_ping_status WHERE entry_id = '{$entry_id}'"); foreach ($ping_servers as $val) { $DB->query("INSERT INTO exp_entry_ping_status (entry_id, ping_id) VALUES ('{$entry_id}', '{$val}')"); } } /** --------------------------------- /** Clear caches if needed /** ---------------------------------*/ if ($PREFS->ini('new_posts_clear_caches') == 'y') { $FNS->clear_caching('all'); } else { $FNS->clear_caching('sql'); } // ------------------------------------------- // 'submit_new_entry_end' hook. // - Add More Stuff to Do For Entry // - 1.5.2 => Added $ping_message variable // $edata = $EXT->call_extension('submit_new_entry_end', $entry_id, $data, $ping_message); if ($EXT->end_script === TRUE) { return; } // // ------------------------------------------- /** --------------------------------------- /** Show ping erors if there are any /** ---------------------------------------*/ if ($tb_errors == TRUE || $ping_errors == TRUE) { if ($cp_call == TRUE) { $r = $DSP->qdiv('success', $LANG->line($page_title) . BR . BR); if (isset($tb_res['1']) and count($tb_res['1']) > 0) { $r .= $DSP->qdiv('highlight', $DSP->qdiv('defaultBold', $LANG->line('trackback_url_errors'))); foreach ($tb_res['1'] as $val) { $r .= $DSP->qdiv('highlight', $DSP->qspan('highlight_bold', $val['0']) . ' - ' . $val['1']); } } $r .= $ping_message; $r .= $DSP->qdiv('', BR . $DSP->anchor(BASE . AMP . 'C=edit' . AMP . 'M=view_entry' . AMP . 'weblog_id=' . $IN->GBL('weblog_id', 'POST') . AMP . 'entry_id=' . $entry_id, $LANG->line('click_to_view_your_entry'))); return $DSP->set_return_data($LANG->line('publish'), $r); } } /** --------------------------------- /** Redirect to ths "success" page /** ---------------------------------*/ if ($cp_call == TRUE) { $loc = BASE . AMP . 'C=edit' . AMP . 'M=view_entry' . AMP . 'weblog_id=' . $weblog_id . AMP . 'entry_id=' . $entry_id . AMP . 'U=' . $type; } else { $FNS->template_type = 'webpage'; $loc = $return_url == '' ? $FNS->fetch_site_index() : $FNS->create_url($return_url, 1, 1); } // ------------------------------------------- // 'submit_new_entry_redirect' hook. // - Modify Redirect Location // - 1.5.2 => Added $cp_call variable // if ($EXT->active_hook('submit_new_entry_redirect') === TRUE) { $loc = $EXT->call_extension('submit_new_entry_redirect', $entry_id, $data, $cp_call); if ($EXT->end_script === TRUE) { return; } } // // ------------------------------------------- // ------------------------------------------- // 'submit_new_entry_absolute_end' hook. // - Add More Stuff to Do For Entry // - Still allows Trackback/Ping error messages // $edata = $EXT->call_extension('submit_new_entry_absolute_end', $entry_id, $data); if ($EXT->end_script === TRUE) { return; } // // ------------------------------------------- $FNS->redirect($loc); exit; }
/** ------------------------------------- /** Member self-delete /** -------------------------------------*/ function member_delete() { global $DB, $FNS, $IN, $LANG, $OUT, $PREFS, $REGX, $SESS, $STAT; /** ------------------------------------- /** Make sure they got here via a form /** -------------------------------------*/ if ( ! $IN->GBL('ACT', 'POST')) { // No output for you, Mr. URL Hax0r return FALSE; } $LANG->fetch_language_file('login'); /* ------------------------------------- /* No sneakiness - we'll do this in case the site administrator /* has foolishly turned off secure forms and some monkey is /* trying to delete their account from an off-site form or /* after logging out. /* -------------------------------------*/ if ($SESS->userdata['member_id'] == 0 OR $SESS->userdata['can_delete_self'] !== 'y') { return $OUT->show_user_error('general', $LANG->line('not_authorized')); } /** ------------------------------------- /** If the user is a SuperAdmin, then no deletion /** -------------------------------------*/ if ($SESS->userdata['group_id'] == 1) { return $OUT->show_user_error('general', $LANG->line('cannot_delete_super_admin')); } /** ---------------------------------------- /** Is IP and User Agent required for login? Then, same here. /** ----------------------------------------*/ if ($PREFS->ini('require_ip_for_login') == 'y') { if ($SESS->userdata['ip_address'] == '' || $SESS->userdata['user_agent'] == '') { return $OUT->show_user_error('general', $LANG->line('unauthorized_request')); } } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if ($SESS->check_password_lockout() === TRUE) { return $OUT->show_user_error('general', str_replace("%x", $PREFS->ini('password_lockout_interval'), $LANG->line('password_lockout_in_effect'))); } /* ------------------------------------- /* Are you who you say you are, or someone sitting at someone /* else's computer being mean?! /* -------------------------------------*/ $query = $DB->query("SELECT password FROM exp_members WHERE member_id = '".$SESS->userdata['member_id']."'"); $password = $FNS->hash(stripslashes($IN->GBL('password', 'POST'))); if ($query->row['password'] != $password) { $SESS->save_password_lockout(); return $OUT->show_user_error('general', $LANG->line('invalid_pw')); } /** ------------------------------------- /** No turning back, get to deletin'! /** -------------------------------------*/ $id = $SESS->userdata['member_id']; $DB->query("DELETE FROM exp_members WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'"); $message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'"); $DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'"); $DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'"); $DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'"); if ($message_query->num_rows > 0) { foreach($message_query->result as $row) { $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'"); $DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '".$row['recipient_id']."'")); } } /** ------------------------------------- /** Delete Forum Posts /** -------------------------------------*/ if ($PREFS->ini('forum_is_installed') == "y") { $DB->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'"); // Snag the affected topic id's before deleting the member for the update afterwards $query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { $topic_ids = array(); foreach ($query->result as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $DB->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'"); // Update the forum stats $query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if ( ! class_exists('Forum')) { require PATH_MOD.'forum/mod.forum'.EXT; require PATH_MOD.'forum/mod.forum_core'.EXT; } $FRM = new Forum_Core; foreach ($query->result as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Va-poo-rize Weblog Entries and Comments /** -------------------------------------*/ $entry_ids = array(); $weblog_ids = array(); $recount_ids = array(); // Find Entry IDs and Weblog IDs, then delete $query = $DB->query("SELECT entry_id, weblog_id FROM exp_weblog_titles WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { $entry_ids[] = $row['entry_id']; $weblog_ids[] = $row['weblog_id']; } $DB->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'"); $DB->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('".implode("','", $entry_ids)."')"); $DB->query("DELETE FROM exp_comments WHERE entry_id IN ('".implode("','", $entry_ids)."')"); $DB->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('".implode("','", $entry_ids)."')"); } // Find the affected entries AND weblog ids for author's comments $query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { $recount_ids[] = $row['entry_id']; $weblog_ids[] = $row['weblog_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member $DB->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); // Update stats on weblog entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$DB->escape_str($entry_id)."'"); $comment_date = ($query->num_rows == 0 OR !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date']; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); $DB->query("UPDATE exp_weblog_titles SET comment_total = '".$DB->escape_str($query->row['count'])."', recent_comment_date = '$comment_date' WHERE entry_id = '{$entry_id}'"); } } if (count($weblog_ids) > 0) { foreach (array_unique($weblog_ids) as $weblog_id) { $STAT->update_weblog_stats($weblog_id); $STAT->update_comment_stats($weblog_id); } } /** ------------------------------------- /** Email notification recipients /** -------------------------------------*/ if ($SESS->userdata['mbr_delete_notify_emails'] != '') { $notify_address = $SESS->userdata['mbr_delete_notify_emails']; $swap = array( 'name' => $SESS->userdata['screen_name'], 'email' => $SESS->userdata['email'], 'site_name' => stripslashes($PREFS->ini('site_name')) ); $email_tit = $FNS->var_swap($LANG->line('mbr_delete_notify_title'), $swap); $email_msg = $FNS->var_swap($LANG->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (eregi($SESS->userdata('email'), $notify_address)) { $notify_address = str_replace($SESS->userdata['email'], "", $notify_address); } $notify_address = $REGX->remove_extra_commas($notify_address); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ if ( ! class_exists('EEmail')) { require PATH_CORE.'core.email'.EXT; } $email = new EEmail; foreach (explode(',', $notify_address) as $addy) { $email->initialize(); $email->wordwrap = false; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->reply_to($PREFS->ini('webmaster_email')); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } } /** ------------------------------------- /** Trash the Session and cookies /** -------------------------------------*/ $DB->query("DELETE FROM exp_online_users WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ip_address = '{$IN->IP}' AND member_id = '{$id}'"); $DB->query("DELETE FROM exp_sessions WHERE session_id = '".$SESS->userdata['session_id']."'"); $FNS->set_cookie($SESS->c_uniqueid); $FNS->set_cookie($SESS->c_password); $FNS->set_cookie($SESS->c_session); $FNS->set_cookie($SESS->c_expire); $FNS->set_cookie($SESS->c_anon); $FNS->set_cookie('read_topics'); $FNS->set_cookie('tracker'); /** ------------------------------------- /** Update global member stats /** -------------------------------------*/ $STAT->update_member_stats(); /** ------------------------------------- /** Build Success Message /** -------------------------------------*/ $url = $PREFS->ini('site_url'); $name = stripslashes($PREFS->ini('site_name')); $data = array( 'title' => $LANG->line('mbr_delete'), 'heading' => $LANG->line('thank_you'), 'content' => $LANG->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name) ); $OUT->show_message($data); }
/** * Delete member * * This function deletes all member data, and all communications from said member * stored on the system, and returns the id for further use * * @access public * @param mixed Single member ID as int, or array of member IDs to delete * @param int Member ID to take over ownership of deleted members' entries * @return void */ function delete_member($member_ids = array(), $heir_id = NULL) { // Make sure $member_ids is an array if (!is_array($member_ids)) { $member_ids = array((int) $member_ids); } // --------------------------------------------------------------- // 'member_delete' hook. // - Provides an opportunity for extra code to be executed upon // member deletion, and also gives the opportunity to skip // deletion for some members all together by altering the array of // member IDs we pass to the hook. // if ($this->extensions->active_hook('member_delete')) { $member_ids = $this->extensions->call('member_delete', $member_ids); } // // --------------------------------------------------------------- // No member IDs? Bail out if ($member_ids == NULL or !count($member_ids)) { return FALSE; } // --------------------------------------------------------------- // Remove traces of member from base member tables // --------------------------------------------------------------- $tables_fields = array('members' => 'member_id', 'member_data' => 'member_id', 'member_homepage' => 'member_id', 'message_data' => 'sender_id', 'message_folders' => 'member_id', 'message_listed' => 'member_id', 'message_listed' => 'listed_member', 'message_copies' => 'recipient_id', 'remember_me' => 'member_id', 'sessions' => 'member_id'); // If comment module is installed if ($this->db->table_exists('comment_subscriptions')) { $tables_fields['comment_subscriptions'] = 'member_id'; } // Loop through tables array and clear out based on member ID foreach ($tables_fields as $table => $field) { $this->db->where_in($field, $member_ids)->delete($table); } // --------------------------------------------------------------- // Delete private messages and update members' unread count // --------------------------------------------------------------- // First, we need to get a list of recipient IDs who will be affected // by deleting the members we are deleting so that we can update the // unread PM count for those users only $this->db->distinct('recipient_id'); $this->db->where('message_read', 'n'); $this->db->where_in('sender_id', $member_ids); $messages = $this->db->get('message_copies'); // Now that we know which recipients are affected, we can delete the // member-to-be-deleted's messages... $this->db->where_in('sender_id', $member_ids)->delete('message_copies'); if ($messages->num_rows()) { // Build recipient IDs array foreach ($messages->result_array() as $message) { $recipient_ids[] = $message['recipient_id']; } // ...and get the new unread count for the affected users $this->db->select('count(*) as count, recipient_id'); $this->db->where('message_read', 'n'); $this->db->where_in('recipient_id', $recipient_ids); $this->db->group_by('recipient_id'); $unread_messages = $this->db->get('message_copies'); // Set everyone's unread message count to zero first, because if a user // has zero messages now, they won't have shown up in the above query $this->db->where_in('member_id', $recipient_ids); $this->db->update('members', array('private_messages' => 0)); // For each user, update their private messages unread count with // what we gathered above foreach ($unread_messages->result_array() as $message) { $this->db->where('member_id', $message['recipient_id']); $this->db->update('members', array('private_messages' => $message['count'])); } } // --------------------------------------------------------------- // Get member's channel entries, reassign them to the entries heir // or delete them all together if heir isn't specified // --------------------------------------------------------------- // Get member's entries $this->db->select('entry_id, channel_id'); $this->db->where_in('author_id', $member_ids); $entries = $this->db->get('channel_titles'); $channel_ids = array(); if ($entries->num_rows()) { // Reassign entries if heir ID is present if (!empty($heir_id) && is_numeric($heir_id)) { $this->db->where_in('author_id', $member_ids); $this->db->update('channel_titles', array('author_id' => $heir_id)); $this->update_member_entry_stats($heir_id); } else { foreach ($entries->result_array() as $entry) { // Entries to delete $entry_ids[] = $entry['entry_id']; // Gather channel IDs to update stats later $channel_ids[] = $entry['channel_id']; } $this->db->where_in('author_id', $member_ids)->delete('channel_titles'); $this->db->where_in('entry_id', $entry_ids)->delete('channel_data'); if ($this->db->table_exists('comments')) { $this->db->where_in('entry_id', $entry_ids)->delete('comments'); } } } // --------------------------------------------------------------- // Find affected entries for members's comments and update totals // --------------------------------------------------------------- if ($this->db->table_exists('comments')) { $this->db->select('DISTINCT(entry_id), channel_id'); $this->db->where_in('author_id', $member_ids); $entries = $this->db->get('comments'); $entry_ids = array(); foreach ($entries->result_array() as $row) { // Entries to update $entry_ids[] = $row['entry_id']; // Gather channel IDs to update stats later $channel_ids[] = $row['channel_id']; } // Delete comments $this->db->where_in('author_id', $member_ids)->delete('comments'); // Update individual entry comment counts $this->load->model('comment_model'); $this->comment_model->recount_entry_comments($entry_ids); } // Update channel and comment stats $channel_ids = array_unique($channel_ids); foreach ($channel_ids as $channel_id) { $this->stats->update_channel_stats($channel_id); $this->stats->update_comment_stats($channel_id); } // --------------------------------------------------------------- // Forum Clean-Up // --------------------------------------------------------------- if ($this->config->item('forum_is_installed') == "y") { // Forum tables to clean up $forum_tables_fields = array('forum_subscriptions' => 'member_id', 'forum_pollvotes' => 'member_id', 'forum_topics' => 'author_id', 'forum_administrators' => 'admin_member_id', 'forum_moderators' => 'mod_member_id', 'forum_polls' => 'author_id'); // Clean out mentions of member in forum tables foreach ($forum_tables_fields as $table => $field) { $this->db->where_in($field, $member_ids)->delete($table); } // Load forum class if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum.php'; require PATH_MOD . 'forum/mod.forum_core.php'; } $forum_core = new Forum_Core(); // ----------------------------------------------------------- // Grab affected topic IDs before deleting the member so we can // update stats $this->db->select('topic_id'); $this->db->distinct(); $this->db->where_in('author_id', $member_ids); $topics = $this->db->get('forum_posts'); // Now delete those posts $this->db->where_in('author_id', $member_ids)->delete('forum_posts'); // Update topic stats foreach ($topics->result_array() as $row) { $forum_core->_update_topic_stats($row['topic_id']); } // ----------------------------------------------------------- // Update forum stats $this->db->select('forum_id'); $this->db->where('forum_is_cat', 'n'); $forums = $this->db->get('exp_forums'); foreach ($forums->result_array() as $row) { $forum_core->_update_post_stats($row['forum_id']); } $forum_core->_update_global_stats(); // ----------------------------------------------------------- // Delete from Online Users $this->db->where_in('member_id', $member_ids)->delete('online_users'); // ----------------------------------------------------------- // Remove attachments $this->db->select('attachment_id, board_id'); $this->db->where_in('member_id', $member_ids); $attachments = $this->db->get('forum_attachments'); foreach ($attachments->result_array() as $attachment) { $forum_core->_remove_attachment($attachment['attachment_id'], $attachment['board_id'], TRUE); } } $this->stats->update_member_stats(); }
private function _member_delete() { // No sneakiness - we'll do this in case the site administrator // has foolishly turned off secure forms and some monkey is // trying to delete their account from an off-site form or // after logging out. if ($this->EE->session->userdata('member_id') == 0 or $this->EE->session->userdata('can_delete_self') !== 'y') { return array('error' => $this->EE->lang->line('not_authorized')); } // If the user is a SuperAdmin, then no deletion if ($this->EE->session->userdata('group_id') == 1) { return array('error' => $this->EE->lang->line('cannot_delete_super_admin')); } // Is IP and User Agent required for login? Then, same here. if ($this->EE->config->item('require_ip_for_login') == 'y') { if ($this->EE->session->userdata('ip_address') == '' or $this->EE->session->userdata('user_agent') == '') { return array('error' => $this->EE->lang->line('unauthorized_request')); } } // Check password lockout status if ($this->EE->session->check_password_lockout($this->EE->session->userdata('username')) === TRUE) { $this->EE->lang->loadfile('login'); return array('error' => sprintf(lang('password_lockout_in_effect'), $this->EE->config->item('password_lockout_interval'))); } /** ------------------------------------- /** Validate submitted password /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => $this->EE->session->userdata('member_id'), 'cur_password' => $_POST['password'])); $VAL->password_safety_check(); if (isset($VAL->errors) && count($VAL->errors) > 0) { $this->EE->session->save_password_lockout($this->EE->session->userdata('username')); return array('error' => $this->EE->lang->line('invalid_pw')); } // Are you who you say you are, or someone sitting at someone // else's computer being mean?! // $query = $this->EE->db->select('password') // ->where('member_id', $this->EE->session->userdata('member_id')) // ->get('members'); // // $password = $this->EE->functions->hash(stripslashes($_POST['password'])); // echo '<br/>'.$query->row('password') .'<br/>'. $password; // if ($query->row('password') != $password) // { // $this->EE->session->save_password_lockout($this->EE->session->userdata('username')); // // return array('error' => $this->EE->lang->line('invalid_pw')); // } // No turning back, get to deletin'! $id = $this->EE->session->userdata('member_id'); $this->EE->db->where('member_id', (int) $id)->delete('members'); $this->EE->db->where('member_id', (int) $id)->delete('member_data'); $this->EE->db->where('member_id', (int) $id)->delete('member_homepage'); $this->EE->db->where('sender_id', (int) $id)->delete('message_copies'); $this->EE->db->where('sender_id', (int) $id)->delete('message_data'); $this->EE->db->where('member_id', (int) $id)->delete('message_folders'); $this->EE->db->where('member_id', (int) $id)->delete('message_listed'); $message_query = $this->EE->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $this->EE->db->query($this->EE->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'")); } } // Delete Forum Posts if ($this->EE->config->item('forum_is_installed') == "y") { $this->EE->db->where('member_id', (int) $id)->delete('forum_subscriptions'); $this->EE->db->where('member_id', (int) $id)->delete('forum_pollvotes'); $this->EE->db->where('author_id', (int) $id)->delete('forum_topics'); $this->EE->db->where('admin_member_id', (int) $id)->delete('forum_administrators'); $this->EE->db->where('mod_member_id', (int) $id)->delete('forum_moderators'); // Snag the affected topic id's before deleting the member for the update afterwards $query = $this->EE->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $this->EE->db->where('author_id', (int) $id)->delete('forum_posts'); $this->EE->db->where('author_id', (int) $id)->delete('forum_polls'); // Kill any attachments $query = $this->EE->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE member_id = '{$id}'"); if ($query->num_rows() > 0) { // Grab the upload path $res = $this->EE->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards'); $paths = array(); foreach ($res->result_array() as $row) { $paths[$row['board_id']] = $row['board_upload_path']; } foreach ($query->result_array() as $row) { if (!isset($paths[$row['board_id']])) { continue; } $file = $paths[$row['board_id']] . $row['filehash'] . $row['extension']; $thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension']; @unlink($file); @unlink($thumb); $this->EE->db->where('attachment_id', (int) $row['attachment_id'])->delete('forum_attachments'); } } // Update the forum stats $query = $this->EE->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum.php'; require PATH_MOD . 'forum/mod.forum_core.php'; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } // Va-poo-rize Channel Entries and Comments $entry_ids = array(); $channel_ids = array(); $recount_ids = array(); // Find Entry IDs and Channel IDs, then delete $query = $this->EE->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $entry_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $this->EE->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); $this->EE->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } // Find the affected entries AND channel ids for author's comments $query = $this->EE->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $recount_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member $this->EE->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); // Update stats on channel entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = $this->EE->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->EE->db->escape_str($entry_id) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); $this->EE->db->query("UPDATE exp_channel_titles SET comment_total = '" . $this->EE->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } } if (count($channel_ids) > 0) { foreach (array_unique($channel_ids) as $channel_id) { $this->EE->stats->update_channel_stats($channel_id); $this->EE->stats->update_comment_stats($channel_id); } } // Email notification recipients if ($this->EE->session->userdata('mbr_delete_notify_emails') != '') { $notify_address = $this->EE->session->userdata('mbr_delete_notify_emails'); $swap = array('name' => $this->EE->session->userdata('screen_name'), 'email' => $this->EE->session->userdata('email'), 'site_name' => stripslashes($this->EE->config->item('site_name'))); $email_tit = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_title'), $swap); $email_msg = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, $this->EE->session->userdata('email')) !== FALSE) { $notify_address = str_replace($this->EE->session->userdata('email'), "", $notify_address); } $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { // Send email $this->EE->load->library('email'); // Load the text helper $this->EE->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { $this->EE->email->EE_initialize(); $this->EE->email->wordwrap = FALSE; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($addy); $this->EE->email->reply_to($this->EE->config->item('webmaster_email')); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->send(); } } } // Trash the Session and cookies $this->EE->db->where('site_id', $this->EE->config->item('site_id'))->where('ip_address', $this->EE->input->ip_address())->where('member_id', (int) $id)->delete('online_users'); $this->EE->db->where('session_id', $this->EE->session->userdata('session_id'))->delete('sessions'); $this->EE->functions->set_cookie($this->EE->session->c_session); $this->EE->functions->set_cookie($this->EE->session->c_expire); $this->EE->functions->set_cookie($this->EE->session->c_anon); $this->EE->functions->set_cookie('read_topics'); $this->EE->functions->set_cookie('tracker'); // Update $this->EE->stats->update_member_stats(); // Build Success Message $url = $this->EE->config->item('site_url'); $name = stripslashes($this->EE->config->item('site_name')); $data = array('title' => $this->EE->lang->line('mbr_delete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name)); return array('success' => $data); }
/** * Delete Member Account Processing * * @access public * @return string */ public function delete_account() { /** ---------------------------------------- /** Authorization Check /** ----------------------------------------*/ if ($this->_param('member_id') == FALSE or !ctype_digit($this->_param('member_id')) or !isset($_POST['ACT'])) { return $this->_output_error('general', array(ee()->lang->line('not_authorized'))); } if (ee()->session->userdata['member_id'] == 0) { return $this->_output_error('general', ee()->lang->line('not_authorized')); } // If not deleting yourself, you must be a SuperAdmin or have Delete Member permissions // If deleting yourself, you must have permission to do so. if ($this->_param('member_id') != ee()->session->userdata['member_id']) { if (ee()->session->userdata['group_id'] != 1 and ee()->session->userdata['can_delete_members'] != 'y') { return $this->_output_error('general', ee()->lang->line('not_authorized')); } } elseif (ee()->session->userdata['can_delete_self'] !== 'y') { return $this->_output_error('general', ee()->lang->line('not_authorized')); } $admin = ee()->session->userdata['member_id'] != $this->_param('member_id') ? TRUE : FALSE; /** -------------------------------------------- /** Member Data /** --------------------------------------------*/ $query = ee()->db->query("SELECT m.*,\n\t\t\t\t\tmg.mbr_delete_notify_emails\n\t\t\t FROM \texp_members AS m, \n\t\t\t\t\texp_member_groups AS mg\n\t\t\t WHERE \tm.member_id = '" . ee()->db->escape_str($this->_param('member_id')) . "'\n\t\t\t AND \tm.group_id = mg.group_id"); if ($query->num_rows() == 0) { return $this->_output_error('general', ee()->lang->line('not_authorized')); } /** ------------------------------------- /** One cannot delete a SuperAdmin from the User side. Sorry... /** -------------------------------------*/ if ($query->row('group_id') == 1) { return $this->_output_error('general', ee()->lang->line('cannot_delete_super_admin')); } /** -------------------------------------------- /** Variables! /** --------------------------------------------*/ $id = $query->row('member_id'); $check_password = $query->row('password'); $mbr_delete_notify_emails = $query->row('mbr_delete_notify_emails'); $screen_name = $query->row('screen_name'); $email = $query->row('email'); /** ---------------------------------------- /** Is IP and User Agent required for login? Then, same here. /** ----------------------------------------*/ if (ee()->config->item('require_ip_for_login') == 'y') { if (ee()->session->userdata['ip_address'] == '' or ee()->session->userdata['user_agent'] == '') { return $this->_output_error('general', ee()->lang->line('unauthorized_request')); } } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if (ee()->session->check_password_lockout() === TRUE) { return $this->_output_error('general', str_replace("%x", ee()->config->item('password_lockout_interval'), ee()->lang->line('password_lockout_in_effect'))); } /* ------------------------------------- /* If deleting self, you must submit your password. /* If SuperAdmin deleting another, must submit your password /* -------------------------------------*/ if (APP_VER >= '2.2.0') { $check_salt = $query->row('salt'); } // Fetch the SAs password instead as they are the one doing the deleting if (ee()->session->userdata['member_id'] != $this->_param('member_id')) { $squery = ee()->db->query("SELECT password" . (APP_VER < '2.2.0' ? '' : ', salt') . " \n\t\t\t\t FROM \texp_members \n\t\t\t\t WHERE \tmember_id = '" . ee()->db->escape_str(ee()->session->userdata['member_id']) . "'"); $check_password = $squery->row('password'); if (APP_VER >= '2.2.0') { $check_salt = $squery->row('salt'); } unset($squery); } if (APP_VER < '2.2.0') { $password = ee()->functions->hash(stripslashes(ee()->input->post('password'))); if ($check_password != $password) { ee()->session->save_password_lockout(); return $this->_output_error('general', ee()->lang->line('invalid_pw')); } } else { ee()->load->library('auth'); $passwd = ee()->auth->hash_password(stripslashes(ee()->input->post('password')), $check_salt); if (!isset($passwd['salt']) or $passwd['password'] != $check_password) { ee()->session->save_password_lockout(); return $this->_output_error('general', ee()->lang->line('invalid_pw')); } } // -------------------------------------------- // EE 2.4 Added a Member Model for Deleting That Works Rather Well // -------------------------------------------- if (APP_VER >= '2.4.0') { ee()->load->model('member_model'); ee()->member_model->delete_member($id); } else { /** ------------------------------------- /** No turning back, get to deletin'! /** -------------------------------------*/ ee()->db->query("DELETE FROM exp_members WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'"); $message_query = ee()->db->query("SELECT DISTINCT \trecipient_id \n\t\t\t\t FROM \t\t\t\texp_message_copies \n\t\t\t\t WHERE \t\t\t\tsender_id = '{$id}' \n\t\t\t\t AND \t\t\t\tmessage_read = 'n'"); ee()->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t\t\t FROM \texp_message_copies \n\t\t\t\t\t\t WHERE \trecipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); ee()->db->query(ee()->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), array('member_id' => $row['recipient_id']))); } } /** ------------------------------------- /** Delete Forum Posts /** -------------------------------------*/ if (ee()->config->item('forum_is_installed') == "y") { ee()->db->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'"); // Snag the affected topic id's before deleting the member for the update afterwards $query = ee()->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } ee()->db->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'"); // Update the forum stats $query = ee()->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Va-poo-rize Weblog Entries and Comments /** -------------------------------------*/ $entry_ids = array(); $channel_ids = array(); $recount_ids = array(); // Find Entry IDs and Channel IDs, then DELETE! DELETE, WHA HA HA HA!! if (APP_VER < 2.0) { $query = ee()->db->query("SELECT entry_id, weblog_id AS channel_id FROM exp_weblog_titles WHERE author_id = '{$id}'"); } else { $query = ee()->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'"); } if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $entry_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } if (APP_VER < 2.0) { ee()->db->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } else { ee()->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } ee()->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); ee()->db->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } // Find the affected entries AND channel ids for author's comments if (APP_VER < 2.0) { $query = ee()->db->query("SELECT DISTINCT(entry_id), weblog_id AS channel_id FROM exp_comments WHERE author_id = '{$id}'"); } else { $query = ee()->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'"); } if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $recount_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member ee()->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); $this->EE->stats->update_member_stats(); // Update stats on channel entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = ee()->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . ee()->db->escape_str($entry_id) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); if (APP_VER < 2.0) { ee()->db->query("UPDATE exp_weblog_titles SET\tcomment_total = '" . ee()->db->escape_str($query->row('count')) . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } else { ee()->db->query("UPDATE exp_channel_titles SET comment_total = '" . ee()->db->escape_str($query->row('count')) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } } } foreach (array_unique($channel_ids) as $channel_id) { if (APP_VER < 2.0) { ee()->stats->update_weblog_stats($channel_id); } else { ee()->stats->update_channel_stats($channel_id); } ee()->stats->update_comment_stats($channel_id); } } // END conditional for EE versions below EE 2.4.0 /** ------------------------------------- /** Email notification recipients /** -------------------------------------*/ if ($mbr_delete_notify_emails != '') { $notify_address = $mbr_delete_notify_emails; $swap = array('name' => $screen_name, 'email' => $email, 'site_name' => stripslashes(ee()->config->item('site_name'))); $email_tit = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_title'), $swap); $email_msg = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (stristr($notify_address, $email)) { $notify_address = str_replace($email, "", $notify_address); } ee()->load->helper('string'); $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ ee()->load->library('email'); ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } } } /** ------------------------------------- /** Trash the Session and cookies /** -------------------------------------*/ ee()->db->query("DELETE FROM exp_online_users \n\t\t\t\t\t\t WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' \n\t\t\t\t\t\t AND ip_address = '{ee()->input->ip_address()}' \n\t\t\t\t\t\t AND member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_sessions WHERE member_id = '" . $id . "'"); if ($admin === FALSE) { if (APP_VER < '2.2.0') { ee()->functions->set_cookie(ee()->session->c_password); } ee()->functions->set_cookie(ee()->session->c_session); ee()->functions->set_cookie(ee()->session->c_expire); ee()->functions->set_cookie(ee()->session->c_anon); ee()->functions->set_cookie('read_topics'); ee()->functions->set_cookie('tracker'); } if (ee()->extensions->active_hook('user_delete_account_end') === TRUE) { $edata = ee()->extensions->universal_call('user_delete_account_end', $this); if (ee()->extensions->end_script === TRUE) { return; } } /** ---------------------------------------- /** Override Return /** ----------------------------------------*/ if ($this->_param('override_return') !== FALSE and $this->_param('override_return') != '' && $this->is_ajax_request() === FALSE) { ee()->functions->redirect($this->_param('override_return')); exit; } /** ---------------------------------------- /** Set return /** ----------------------------------------*/ if (ee()->input->get_post('return') !== FALSE and ee()->input->get_post('return') != '') { $return = ee()->input->get_post('return'); } elseif (ee()->input->get_post('RET') !== FALSE and ee()->input->get_post('RET') != '') { $return = ee()->input->get_post('RET'); } else { $return = ee()->config->item('site_url'); } if (preg_match("/" . LD . "\\s*path=(.*?)" . RD . "/", $return, $match)) { $return = ee()->functions->create_url($match['1']); } /** ---------------------------------------- /** Return /** ----------------------------------------*/ $return = $this->_chars_decode($return); // -------------------------------------------- // AJAX Response // -------------------------------------------- if ($this->is_ajax_request()) { $this->send_ajax_response(array('success' => TRUE, 'heading' => lang('user_successful_submission'), 'message' => lang('mbr_account_deleted'), 'content' => lang('mbr_account_deleted'))); } /** ------------------------------------- /** Build Success Message /** -------------------------------------*/ $name = stripslashes(ee()->config->item('site_name')); $data = array('title' => ee()->lang->line('mbr_delete'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_account_deleted'), 'redirect' => $return); ee()->output->show_message($data); }
/** --------------------------------------- /** Prune Forum Topics /** ---------------------------------------*/ function prune_topics() { global $DSP, $FNS, $LANG, $DB, $PREFS, $LOC, $STAT; if (!$DSP->allowed_group('can_admin_utilities')) { return $DSP->no_access_message(); } /** --------------------------------------- /** Did they submit the number of day? /** ---------------------------------------*/ if (!is_numeric($_POST['days_ago'])) { return $DSP->error_message($LANG->line('must_submit_number')); } /** --------------------------------------- /** Did they submit topic IDs? /** ---------------------------------------*/ $forums = FALSE; $topic_ids = array(); foreach ($_POST as $key => $val) { if (substr($key, 0, 9) == 'forum_id_') { $forums .= "'" . substr($key, 9) . "',"; $topic_ids[] = substr($key, 9); } } if ($forums == '') { return $DSP->error_message($LANG->line('must_submit_forums'), 2); } $forums = " t.forum_id IN (" . substr($forums, 0, -1) . ')'; $days_ago = (is_numeric($_POST['days_ago']) and $_POST['days_ago'] > 0) ? $LOC->now - 60 * 60 * 24 * $_POST['days_ago'] : ''; /** --------------------------------------- /** Fetch the topic IDs /** ---------------------------------------*/ if (!isset($_POST['post_filter'])) { $sql = "SELECT t.topic_id FROM exp_forum_topics t WHERE " . $forums; if ($days_ago != '') { $sql .= " AND t.topic_date < {$days_ago}"; } } else { $sql = "SELECT t.topic_id FROM exp_forum_topics t \n\t\t\t\t\tLEFT JOIN exp_forum_posts p ON (p.topic_id = t.topic_id)\n\t\t\t\t\tWHERE p.topic_id IS NULL\n\t\t\t\t\tAND " . $forums; if ($days_ago != '') { $sql .= " AND t.topic_date < {$days_ago}"; } } $query = $DB->query($sql); if ($query->num_rows == 0) { return $DSP->error_message($LANG->line('no_topics_matched'), 2); } $total = 0; foreach ($query->result as $row) { $id = $row['topic_id']; $DB->query("DELETE FROM exp_forum_topics WHERE topic_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_posts WHERE topic_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_subscriptions WHERE topic_id = '{$id}'"); $total++; } /** ------------------------------------- /** Update stats /** -------------------------------------*/ include_once PATH_MOD . 'forum/mod.forum' . EXT; include_once PATH_MOD . 'forum/mod.forum_core' . EXT; foreach ($topic_ids as $id) { Forum_Core::_update_post_stats($id); } $FNS->redirect(BASE . AMP . 'C=admin' . AMP . 'M=utilities' . AMP . 'P=topic_pruning' . AMP . 'update=' . $total); exit; }
/** * Member Delete * * Delete Members * * @access public * @return mixed */ function member_delete() { if (!$this->cp->allowed_group('can_access_members') or !$this->cp->allowed_group('can_delete_members')) { show_error($this->lang->line('unauthorized_access')); } if (!$this->input->post('delete') or !is_array($this->input->post('delete'))) { $this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members'); } $this->load->model('member_model'); // Fetch member ID numbers and build the query $ids = array(); $mids = array(); foreach ($this->input->post('delete') as $key => $val) { if ($val != '') { $ids[] = "member_id = '" . $this->db->escape_str($val) . "'"; $mids[] = $this->db->escape_str($val); } } $IDS = implode(" OR ", $ids); // SAFETY CHECK // Let's fetch the Member Group ID of each member being deleted // If there is a Super Admin in the bunch we'll run a few more safeties $super_admins = 0; $query = $this->db->query("SELECT group_id FROM exp_members WHERE " . $IDS); foreach ($query->result_array() as $row) { if ($query->row('group_id') == 1) { $super_admins++; } } if ($super_admins > 0) { // You must be a Super Admin to delete a Super Admin if ($this->session->userdata['group_id'] != 1) { show_error($this->lang->line('must_be_superadmin_to_delete_one')); } // You can't delete the only Super Admin $query = $this->member_model->count_members(1); if ($super_admins >= $query) { show_error($this->lang->line('can_not_delete_super_admin')); } } // If we got this far we're clear to delete the members $this->db->query("DELETE FROM exp_members WHERE " . $IDS); $this->db->query("DELETE FROM exp_member_data WHERE " . $IDS); $this->db->query("DELETE FROM exp_member_homepage WHERE " . $IDS); foreach ($mids as $val) { $message_query = $this->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'"); $this->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = $this->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $this->db->query($this->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'")); } } } /** ---------------------------------- /** Are there forum posts to delete? /** ----------------------------------*/ if ($this->config->item('forum_is_installed') == "y") { $this->db->query("DELETE FROM exp_forum_subscriptions WHERE " . $IDS); $this->db->query("DELETE FROM exp_forum_pollvotes WHERE " . $IDS); $IDS = str_replace('member_id', 'admin_member_id', $IDS); $this->db->query("DELETE FROM exp_forum_administrators WHERE " . $IDS); $IDS = str_replace('admin_member_id', 'mod_member_id', $IDS); $this->db->query("DELETE FROM exp_forum_moderators WHERE " . $IDS); $IDS = str_replace('mod_member_id', 'author_id', $IDS); $this->db->query("DELETE FROM exp_forum_topics WHERE " . $IDS); // Snag the affected topic id's before deleting the members for the update afterwards $query = $this->db->query("SELECT topic_id FROM exp_forum_posts WHERE " . $IDS); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $this->db->query("DELETE FROM exp_forum_posts WHERE " . $IDS); $this->db->query("DELETE FROM exp_forum_polls WHERE " . $IDS); $IDS = str_replace('author_id', 'member_id', $IDS); // Kill any attachments $query = $this->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE " . $IDS); if ($query->num_rows() > 0) { // Grab the upload path $res = $this->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards'); $paths = array(); foreach ($res->result_array() as $row) { $paths[$row['board_id']] = $row['board_upload_path']; } foreach ($query->result_array() as $row) { if (!isset($paths[$row['board_id']])) { continue; } $file = $paths[$row['board_id']] . $row['filehash'] . $row['extension']; $thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension']; @unlink($file); @unlink($thumb); $this->db->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'"); } } // Update the forum stats $query = $this->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Delete comments and update entry stats /** -------------------------------------*/ $channel_ids = array(); if ($this->db->table_exists('comment_subscriptions')) { $this->db->query("DELETE FROM exp_comment_subscriptions WHERE " . $IDS); } if ($this->db->table_exists('comments')) { $IDS = str_replace('member_id', 'author_id', $IDS); $query = $this->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE " . $IDS); if ($query->num_rows() > 0) { $this->db->query("DELETE FROM exp_comments WHERE " . $IDS); foreach ($query->result_array() as $row) { $channel_ids[] = $row['channel_id']; $query = $this->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->db->escape_str($row['entry_id']) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = $this->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'"); $this->db->query("UPDATE exp_channel_titles\n\t\t\t\t\t\t\t\tSET comment_total = '" . $this->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}'\n\t\t\t\t\t\t\t\tWHERE entry_id = '{$row['entry_id']}'"); } } if (count($channel_ids) > 0) { foreach (array_unique($channel_ids) as $channel_id) { $this->stats->update_comment_stats($channel_id); } } } /** ---------------------------------- /** Reassign Entires to Heir /** ----------------------------------*/ $heir_id = $this->input->post('heir'); if ($heir_id !== FALSE && is_numeric($heir_id)) { $this->db->query("UPDATE exp_channel_titles SET author_id = '{$heir_id}' WHERE " . str_replace('member_id', 'author_id', $IDS)); $query = $this->db->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date\n\t\t\t\t\t\t\t\t FROM exp_channel_titles\n\t\t\t\t\t\t\t\t WHERE author_id = '{$heir_id}'"); $this->db->query("UPDATE exp_members\n\t\t\t\t\t\tSET total_entries = '" . $this->db->escape_str($query->row('count')) . "', last_entry_date = '" . $this->db->escape_str($query->row('entry_date')) . "'\n\t\t\t\t\t\tWHERE member_id = '{$heir_id}'"); } /* ------------------------------------------- /* 'cp_members_member_delete_end' hook. /* - Additional processing when a member is deleted through the CP */ $edata = $this->extensions->call('cp_members_member_delete_end'); if ($this->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ // Update $this->stats->update_member_stats(); $cp_message = count($ids) == 1 ? $this->lang->line('member_deleted') : $this->lang->line('members_deleted'); $this->session->set_flashdata('message_success', $cp_message); $this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members'); }
/** --------------------------------------------- /** Delete Members /** ---------------------------------------------*/ function member_delete() { global $IN, $DSP, $PREFS, $LANG, $SESS, $FNS, $DB, $STAT, $EXT; if (!$DSP->allowed_group('can_delete_members')) { return $DSP->no_access_message(); } if (!$IN->GBL('delete', 'POST')) { return $this->view_all_members(); } /** --------------------------------------------- /** Fetch member ID numbers and build the query /** ---------------------------------------------*/ $ids = array(); $mids = array(); foreach ($_POST as $key => $val) { if (strstr($key, 'delete') and !is_array($val) and $val != '') { $ids[] = "member_id = '" . $DB->escape_str($val) . "'"; $mids[] = $DB->escape_str($val); } } $IDS = implode(" OR ", $ids); // SAFETY CHECK // Let's fetch the Member Group ID of each member being deleted // If there is a Super Admin in the bunch we'll run a few more safeties $super_admins = 0; $query = $DB->query("SELECT group_id FROM exp_members WHERE " . $IDS); foreach ($query->result as $row) { if ($query->row['group_id'] == 1) { $super_admins++; } } if ($super_admins > 0) { // You must be a Super Admin to delete a Super Admin if ($SESS->userdata['group_id'] != 1) { return $DSP->error_message($LANG->line('must_be_superadmin_to_delete_one')); } // You can't detete the only Super Admin $query = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = '1'"); if ($super_admins >= $query->row['count']) { return $DSP->error_message($LANG->line('can_not_delete_super_admin')); } } // If we got this far we're clear to delete the members $DB->query("DELETE FROM exp_members WHERE " . $IDS); $DB->query("DELETE FROM exp_member_data WHERE " . $IDS); $DB->query("DELETE FROM exp_member_homepage WHERE " . $IDS); foreach ($mids as $val) { $message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'"); $DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'"); $DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'"); $DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'"); $DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'"); if ($message_query->num_rows > 0) { foreach ($message_query->result as $row) { $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '" . $row['recipient_id'] . "'")); } } } /** ---------------------------------- /** Are there forum posts to delete? /** ----------------------------------*/ if ($PREFS->ini('forum_is_installed') == "y") { $DB->query("DELETE FROM exp_forum_subscriptions WHERE " . $IDS); $DB->query("DELETE FROM exp_forum_pollvotes WHERE " . $IDS); $IDS = str_replace('member_id', 'admin_member_id', $IDS); $DB->query("DELETE FROM exp_forum_administrators WHERE " . $IDS); $IDS = str_replace('admin_member_id', 'mod_member_id', $IDS); $DB->query("DELETE FROM exp_forum_moderators WHERE " . $IDS); $IDS = str_replace('mod_member_id', 'author_id', $IDS); $DB->query("DELETE FROM exp_forum_topics WHERE " . $IDS); // Snag the affected topic id's before deleting the members for the update afterwards $query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE " . $IDS); if ($query->num_rows > 0) { $topic_ids = array(); foreach ($query->result as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $DB->query("DELETE FROM exp_forum_posts WHERE " . $IDS); $DB->query("DELETE FROM exp_forum_polls WHERE " . $IDS); // Kill any attachments $query = $DB->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE " . str_replace('author_id', 'member_id', $IDS)); if ($query->num_rows > 0) { // Grab the upload path $res = $DB->query('SELECT board_id, board_upload_path FROM exp_forum_boards'); $paths = array(); foreach ($res->result as $row) { $paths[$row['board_id']] = $row['board_upload_path']; } foreach ($query->result as $row) { if (!isset($paths[$row['board_id']])) { continue; } $file = $paths[$row['board_id']] . $row['filehash'] . $row['extension']; $thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension']; @unlink($file); @unlink($thumb); $DB->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'"); } } // Update the forum stats $query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } $FRM = new Forum_Core(); foreach ($query->result as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Delete comments and update entry stats /** -------------------------------------*/ $weblog_ids = array(); $IDS = str_replace('member_id', 'author_id', $IDS); $query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE " . $IDS); if ($query->num_rows > 0) { $DB->query("DELETE FROM exp_comments WHERE " . $IDS); foreach ($query->result as $row) { $weblog_ids[] = $row['weblog_id']; $query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($row['entry_id']) . "'"); $comment_date = ($query->num_rows == 0 or !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date']; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'"); $DB->query("UPDATE exp_weblog_titles \n\t\t\t\t\t\t\tSET comment_total = '" . $DB->escape_str($query->row['count']) . "', recent_comment_date = '{$comment_date}' \n\t\t\t\t\t\t\tWHERE entry_id = '{$row['entry_id']}'"); } } if (count($weblog_ids) > 0) { foreach (array_unique($weblog_ids) as $weblog_id) { $STAT->update_comment_stats($weblog_id); } } /** ---------------------------------- /** Reassign Entires to Heir /** ----------------------------------*/ $heir_id = $IN->GBL('heir', 'POST'); $entries_exit = $IN->GBL('entries_exit', 'POST'); $gallery_entries_exit = $IN->GBL('gallery_entries_exit', 'POST'); if ($heir_id !== FALSE && is_numeric($heir_id)) { if ($entries_exit == 'yes') { $DB->query("UPDATE exp_weblog_titles SET author_id = '{$heir_id}' WHERE \n\t\t\t\t\t" . str_replace('member_id', 'author_id', $IDS)); $query = $DB->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date\n \t\t\t\t\t\t FROM exp_weblog_titles\n \t\t\t\t\t\t WHERE author_id = '{$heir_id}'"); $DB->query("UPDATE exp_members \n \t\t\t\tSET total_entries = '" . $DB->escape_str($query->row['count']) . "', last_entry_date = '" . $DB->escape_str($query->row['entry_date']) . "' \n \t\t\t\tWHERE member_id = '{$heir_id}'"); } if ($gallery_entries_exit == 'yes') { $DB->query("UPDATE exp_gallery_entries SET author_id = '{$heir_id}' WHERE " . str_replace('member_id', 'author_id', $IDS)); } } // ------------------------------------------- // 'cp_members_member_delete_end' hook. // - Additional processing when a member is deleted through the CP // $edata = $EXT->call_extension('cp_members_member_delete_end'); if ($EXT->end_script === TRUE) { return; } // // ------------------------------------------- // Update global stats $STAT->update_member_stats(); $message = count($ids) == 1 ? $DSP->qdiv('success', $LANG->line('member_deleted')) : $DSP->qdiv('success', $LANG->line('members_deleted')); return $this->view_all_members($message); }