/**
* Output the page header.
*
* @param string The title of the page.
*/
function output_header($title = "")
{
global $mybb, $admin_session, $lang, $plugins;
$plugins->run_hooks("admin_page_output_header");
if (!$title) {
$title = $lang->mybb_admin_panel;
}
$rtl = "";
if ($lang->settings['rtl'] == 1) {
$rtl = " dir=\"rtl\"";
}
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\"{$rtl}>\n";
echo "<head profile=\"http://gmpg.org/xfn/1\">\n";
echo "\t<title>" . $title . "</title>\n";
echo "\t<meta name=\"author\" content=\"MyBB Group\" />\n";
echo "\t<meta name=\"copyright\" content=\"Copyright " . COPY_YEAR . " MyBB Group.\" />\n";
echo "\t<link rel=\"stylesheet\" href=\"styles/" . $this->style . "/main.css\" type=\"text/css\" />\n";
// Load stylesheet for this module if it has one
if (file_exists(MYBB_ADMIN_DIR . "styles/{$this->style}/{$this->active_module}.css")) {
echo "\t<link rel=\"stylesheet\" href=\"styles/{$this->style}/{$this->active_module}.css\" type=\"text/css\" />\n";
}
echo "\t<script type=\"text/javascript\" src=\"../jscripts/prototype.js\"></script>\n";
echo "\t<script type=\"text/javascript\" src=\"../jscripts/general.js\"></script>\n";
echo "\t<script type=\"text/javascript\" src=\"../jscripts/popup_menu.js\"></script>\n";
echo "\t<script type=\"text/javascript\" src=\"./jscripts/admincp.js\"></script>\n";
echo "\t<script type=\"text/javascript\" src=\"./jscripts/tabs.js\"></script>\n";
// Stop JS elements showing while page is loading (JS supported browsers only)
echo " <style type=\"text/css\">.popup_button { display: none; } </style>\n";
echo " <script type=\"text/javascript\">\n" . "//<![CDATA[\n" . "\tdocument.write('<style type=\"text/css\">.popup_button { display: inline; } .popup_menu { display: none; }<\\/style>');\n" . "//]]>\n" . "</script>\n";
echo "\t<script type=\"text/javascript\">\n//<![CDATA[\nvar loading_text = '{$lang->loading_text}';\nvar cookieDomain = '{$mybb->settings['cookiedomain']}';\nvar cookiePath = '{$mybb->settings['cookiepath']}';\nvar cookiePrefix = '{$mybb->settings['cookieprefix']}';\nvar imagepath = '../images';\n//]]>\n</script>\n";
echo $this->extra_header;
echo "</head>\n";
echo "<body>\n";
echo "<div id=\"container\">\n";
echo "\t<div id=\"logo\"><h1><span class=\"invisible\">{$lang->mybb_admin_cp}</span></h1></div>\n";
echo "\t<div id=\"welcome\"><span class=\"logged_in_as\">{$lang->logged_in_as} <a href=\"index.php?module=user-users&action=edit&uid={$mybb->user['uid']}\" class=\"username\">{$mybb->user['username']}</a></span> | <a href=\"{$mybb->settings['bburl']}\" target=\"_blank\" class=\"forum\">{$lang->view_board}</a> | <a href=\"index.php?action=logout&my_post_key={$mybb->post_code}\" class=\"logout\">{$lang->logout}</a></div>\n";
echo $this->_build_menu();
echo "\t<div id=\"page\">\n";
echo "\t\t<div id=\"left_menu\">\n";
echo $this->submenu;
echo $this->sidebar;
echo "\t\t</div>\n";
echo "\t\t<div id=\"content\">\n";
echo "\t\t\t<div class=\"breadcrumb\">\n";
echo $this->_generate_breadcrumb();
echo "\t\t\t</div>\n";
echo " <div id=\"inner\">\n";
if (isset($admin_session['data']['flash_message']) && $admin_session['data']['flash_message']) {
$message = $admin_session['data']['flash_message']['message'];
$type = $admin_session['data']['flash_message']['type'];
echo "<div id=\"flash_message\" class=\"{$type}\">\n";
echo "{$message}\n";
echo "</div>\n";
update_admin_session('flash_message', '');
}
if ($this->show_post_verify_error == true) {
$this->output_error($lang->invalid_post_verify_key);
}
}
function build_users_view($view)
{
global $mybb, $db, $cache, $lang, $user_view_fields, $page;
$view_title = '';
if ($view['title']) {
$title_string = "view_title_{$view['vid']}";
if ($lang->{$title_string}) {
$view['title'] = $lang->{$title_string};
}
$view_title .= " (" . htmlspecialchars_uni($view['title']) . ")";
}
// Build the URL to this view
if (!isset($view['url'])) {
$view['url'] = "index.php?module=user-users";
}
if (!is_array($view['conditions'])) {
$view['conditions'] = unserialize($view['conditions']);
}
if (!is_array($view['fields'])) {
$view['fields'] = unserialize($view['fields']);
}
if (!is_array($view['custom_profile_fields'])) {
$view['custom_profile_fields'] = unserialize($view['custom_profile_fields']);
}
if (isset($mybb->input['username'])) {
$view['conditions']['username'] = $mybb->input['username'];
}
if ($view['vid']) {
$view['url'] .= "&vid={$view['vid']}";
} else {
// If this is a custom view we need to save everything ready to pass it on from page to page
global $admin_session;
if (!$mybb->input['search_id']) {
$search_id = md5(random_str());
$admin_session['data']['user_views'][$search_id] = $view;
update_admin_session('user_views', $admin_session['data']['user_views']);
$mybb->input['search_id'] = $search_id;
}
$view['url'] .= "&search_id=" . htmlspecialchars_uni($mybb->input['search_id']);
}
if (isset($mybb->input['username'])) {
$view['url'] .= "&username="******"&", "&", $view['url'])) {
update_admin_session('last_users_url', str_replace("&", "&", $view['url']));
}
if (isset($view['conditions']['referrer'])) {
$view['url'] .= "&action=referrers&uid=" . htmlspecialchars_uni($view['conditions']['referrer']);
}
// Do we not have any views?
if (empty($view)) {
return false;
}
$table = new Table();
// Build header for table based view
if ($view['view_type'] != "card") {
foreach ($view['fields'] as $field) {
if (!$user_view_fields[$field]) {
continue;
}
$view_field = $user_view_fields[$field];
$field_options = array();
if ($view_field['width']) {
$field_options['width'] = $view_field['width'];
}
if ($view_field['align']) {
$field_options['class'] = "align_" . $view_field['align'];
}
$table->construct_header($view_field['title'], $field_options);
}
$table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />");
// Create a header for the "select" boxes
}
$search_sql = '1=1';
// Build the search SQL for users
// List of valid LIKE search fields
$user_like_fields = array("username", "email", "website", "icq", "aim", "yahoo", "msn", "signature", "usertitle");
foreach ($user_like_fields as $search_field) {
if (!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field . '_blank']) {
$search_sql .= " AND u.{$search_field} LIKE '%" . $db->escape_string_like($view['conditions'][$search_field]) . "%'";
} else {
if (!empty($view['conditions'][$search_field . '_blank'])) {
$search_sql .= " AND u.{$search_field} != ''";
}
}
}
// EXACT matching fields
$user_exact_fields = array("referrer");
foreach ($user_exact_fields as $search_field) {
if (!empty($view['conditions'][$search_field])) {
$search_sql .= " AND u.{$search_field}='" . $db->escape_string($view['conditions'][$search_field]) . "'";
}
}
// LESS THAN or GREATER THAN
$direction_fields = array("postnum");
foreach ($direction_fields as $search_field) {
$direction_field = $search_field . "_dir";
if (isset($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field]) {
switch ($view['conditions'][$direction_field]) {
case "greater_than":
$direction = ">";
break;
case "less_than":
$direction = "<";
break;
default:
$direction = "=";
}
$search_sql .= " AND u.{$search_field}{$direction}'" . $db->escape_string($view['conditions'][$search_field]) . "'";
}
}
// Registration searching
$reg_fields = array("regdate");
foreach ($reg_fields as $search_field) {
if (!empty($view['conditions'][$search_field]) && intval($view['conditions'][$search_field])) {
$threshold = TIME_NOW - intval($view['conditions'][$search_field]) * 24 * 60 * 60;
$search_sql .= " AND u.{$search_field} >= '{$threshold}'";
}
}
// IP searching
$ip_fields = array("regip", "lastip");
foreach ($ip_fields as $search_field) {
if (!empty($view['conditions'][$search_field])) {
// IPv6 IP
if (strpos($view['conditions'][$search_field], ":") !== false) {
$view['conditions'][$search_field] = str_replace("*", "%", $view['conditions'][$search_field]);
$ip_sql = "{$search_field} LIKE '" . $db->escape_string($view['conditions'][$search_field]) . "'";
} else {
$ip_range = fetch_longipv4_range($view['conditions'][$search_field]);
if (!is_array($ip_range)) {
$ip_sql = "long{$search_field}='{$ip_range}'";
} else {
$ip_sql = "long{$search_field} > '{$ip_range[0]}' AND long{$search_field} < '{$ip_range[1]}'";
}
}
$search_sql .= " AND {$ip_sql}";
}
}
// Post IP searching
if (!empty($view['conditions']['postip'])) {
// IPv6 IP
if (strpos($view['conditions']['postip'], ":") !== false) {
$view['conditions']['postip'] = str_replace("*", "%", $view['conditions']['postip']);
$ip_sql = "ipaddress LIKE '" . $db->escape_string($view['conditions']['postip']) . "'";
} else {
$ip_range = fetch_longipv4_range($view['conditions']['postip']);
if (!is_array($ip_range)) {
$ip_sql = "longipaddress='{$ip_range}'";
} else {
$ip_sql = "longipaddress > '{$ip_range[0]}' AND longipaddress < '{$ip_range[1]}'";
}
}
$ip_uids = array(0);
$query = $db->simple_select("posts", "uid", $ip_sql);
while ($uid = $db->fetch_field($query, "uid")) {
$ip_uids[] = $uid;
}
$search_sql .= " AND u.uid IN(" . implode(',', $ip_uids) . ")";
unset($ip_uids);
}
// Custom Profile Field searching
if ($view['custom_profile_fields']) {
$userfield_sql = '1=1';
foreach ($view['custom_profile_fields'] as $column => $input) {
if (is_array($input)) {
foreach ($input as $value => $text) {
if ($value == $column) {
$value = $text;
}
if ($value == $lang->na) {
continue;
}
if (strpos($column, '_blank') !== false) {
$column = str_replace('_blank', '', $column);
$userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''";
} else {
$userfield_sql .= ' AND ' . $db->escape_string($column) . "='" . $db->escape_string($value) . "'";
}
}
} else {
if (!empty($input)) {
if ($input == $lang->na) {
continue;
}
if (strpos($column, '_blank') !== false) {
$column = str_replace('_blank', '', $column);
$userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''";
} else {
$userfield_sql .= ' AND ' . $db->escape_string($column) . " LIKE '%" . $db->escape_string($input) . "%'";
}
}
}
}
if ($userfield_sql != '1=1') {
$userfield_uids = array(0);
$query = $db->simple_select("userfields", "ufid", $userfield_sql);
while ($userfield = $db->fetch_array($query)) {
$userfield_uids[] = $userfield['ufid'];
}
$search_sql .= " AND u.uid IN(" . implode(',', $userfield_uids) . ")";
unset($userfield_uids);
}
}
// Usergroup based searching
if (isset($view['conditions']['usergroup'])) {
if (!is_array($view['conditions']['usergroup'])) {
$view['conditions']['usergroup'] = array($view['conditions']['usergroup']);
}
foreach ($view['conditions']['usergroup'] as $usergroup) {
$usergroup = intval($usergroup);
if (!$usergroup) {
continue;
}
switch ($db->type) {
case "pgsql":
case "sqlite":
$additional_sql .= " OR ','||additionalgroups||',' LIKE '%,{$usergroup},%'";
break;
default:
$additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'";
}
}
$search_sql .= " AND (u.usergroup IN (" . implode(",", array_map('intval', $view['conditions']['usergroup'])) . ") {$additional_sql})";
}
// COPPA users only?
if (isset($view['conditions']['coppa'])) {
$search_sql .= " AND u.coppauser=1 AND u.usergroup=5";
}
// Extra SQL?
if (isset($view['extra_sql'])) {
$search_sql .= $view['extra_sql'];
}
// Lets fetch out how many results we have
$query = $db->query("\n\t\tSELECT COUNT(u.uid) AS num_results\n\t\tFROM " . TABLE_PREFIX . "users u\n\t\tWHERE {$search_sql}\n\t");
$num_results = $db->fetch_field($query, "num_results");
// No matching results then return false
if (!$num_results) {
return false;
} else {
if (!$view['perpage']) {
$view['perpage'] = 20;
}
$view['perpage'] = intval($view['perpage']);
// Establish which page we're viewing and the starting index for querying
// Establish which page we're viewing and the starting index for querying
if (!isset($mybb->input['page'])) {
$mybb->input['page'] = 1;
} else {
$mybb->input['page'] = intval($mybb->input['page']);
}
if ($mybb->input['page']) {
$start = ($mybb->input['page'] - 1) * $view['perpage'];
} else {
$start = 0;
$mybb->input['page'] = 1;
}
$from_bit = "";
if (isset($mybb->input['from']) && $mybb->input['from'] == "home") {
$from_bit = "&from=home";
}
switch ($view['sortby']) {
case "regdate":
case "lastactive":
case "postnum":
case "reputation":
$view['sortby'] = $db->escape_string($view['sortby']);
break;
case "numposts":
$view['sortby'] = "postnum";
break;
case "warninglevel":
$view['sortby'] = "warningpoints";
break;
default:
$view['sortby'] = "username";
}
if ($view['sortorder'] != "desc") {
$view['sortorder'] = "asc";
}
$usergroups = $cache->read("usergroups");
// Fetch matching users
$query = $db->query("\n\t\t\tSELECT u.*\n\t\t\tFROM " . TABLE_PREFIX . "users u\n\t\t\tWHERE {$search_sql}\n\t\t\tORDER BY {$view['sortby']} {$view['sortorder']}\n\t\t\tLIMIT {$start}, {$view['perpage']}\n\t\t");
$users = '';
while ($user = $db->fetch_array($query)) {
$comma = $groups_list = '';
$user['view']['username'] = "******"index.php?module=user-users&action=edit&uid={$user['uid']}\">" . format_name($user['username'], $user['usergroup'], $user['displaygroup']) . "</a>";
$user['view']['usergroup'] = htmlspecialchars_uni($usergroups[$user['usergroup']]['title']);
if ($user['additionalgroups']) {
$additional_groups = explode(",", $user['additionalgroups']);
foreach ($additional_groups as $group) {
$groups_list .= $comma . htmlspecialchars_uni($usergroups[$group]['title']);
$comma = $lang->comma;
}
}
if (!$groups_list) {
$groups_list = $lang->none;
}
$user['view']['additionalgroups'] = "<small>{$groups_list}</small>";
$user['view']['email'] = "<a href=\"mailto:" . htmlspecialchars_uni($user['email']) . "\">" . htmlspecialchars_uni($user['email']) . "</a>";
$user['view']['regdate'] = my_date($mybb->settings['dateformat'], $user['regdate']) . ", " . my_date($mybb->settings['timeformat'], $user['regdate']);
$user['view']['lastactive'] = my_date($mybb->settings['dateformat'], $user['lastactive']) . ", " . my_date($mybb->settings['timeformat'], $user['lastactive']);
// Build popup menu
$popup = new PopupMenu("user_{$user['uid']}", $lang->options);
$popup->add_item($lang->edit_profile_and_settings, "index.php?module=user-users&action=edit&uid={$user['uid']}");
$popup->add_item($lang->ban_user, "index.php?module=user-banning&uid={$user['uid']}#username");
if ($user['usergroup'] == 5) {
if ($user['coppauser']) {
$popup->add_item($lang->approve_coppa_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}");
} else {
$popup->add_item($lang->approve_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}");
}
}
$popup->add_item($lang->delete_user, "index.php?module=user-users&action=delete&uid={$user['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->user_deletion_confirmation}')");
$popup->add_item($lang->show_referred_users, "index.php?module=user-users&action=referrers&uid={$user['uid']}");
$popup->add_item($lang->show_ip_addresses, "index.php?module=user-users&action=ipaddresses&uid={$user['uid']}");
$popup->add_item($lang->show_attachments, "index.php?module=forum-attachments&results=1&username="******"-";
}
if ($mybb->settings['enablewarningsystem'] != 0 && $usergroups[$user['usergroup']]['canreceivewarnings'] != 0) {
$warning_level = round($user['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100);
if ($warning_level > 100) {
$warning_level = 100;
}
$user['view']['warninglevel'] = get_colored_warning_level($warning_level);
}
if ($user['avatar'] && !stristr($user['avatar'], 'http://')) {
$user['avatar'] = "../{$user['avatar']}";
}
if ($view['view_type'] == "card") {
$scaled_avatar = fetch_scaled_avatar($user, 80, 80);
} else {
$scaled_avatar = fetch_scaled_avatar($user, 34, 34);
}
if (!$user['avatar']) {
$user['avatar'] = "styles/{$page->style}/images/default_avatar.gif";
}
$user['view']['avatar'] = "<img src=\"" . htmlspecialchars_uni($user['avatar']) . "\" alt=\"\" width=\"{$scaled_avatar['width']}\" height=\"{$scaled_avatar['height']}\" />";
if ($view['view_type'] == "card") {
$users .= build_user_view_card($user, $view, $i);
} else {
build_user_view_table($user, $view, $table);
}
}
// If card view, we need to output the results
if ($view['view_type'] == "card") {
$table->construct_cell($users);
$table->construct_row();
}
}
if (!isset($view['table_id'])) {
$view['table_id'] = "users_list";
}
$switch_view = "<div class=\"float_right\">";
$switch_url = $view['url'];
if ($mybb->input['page'] > 0) {
$switch_url .= "&page=" . intval($mybb->input['page']);
}
if ($view['view_type'] != "card") {
$switch_view .= "<strong>{$lang->table_view}</strong> | <a href=\"{$switch_url}&type=card\" style=\"font-weight: normal;\">{$lang->card_view}</a>";
} else {
$switch_view .= "<a href=\"{$switch_url}&type=table\" style=\"font-weight: normal;\">{$lang->table_view}</a> | <strong>{$lang->card_view}</strong>";
}
$switch_view .= "</div>";
// Do we need to construct the pagination?
if ($num_results > $view['perpage']) {
$pagination = draw_admin_pagination($mybb->input['page'], $view['perpage'], $num_results, $view['url'] . "&type={$view['view_type']}");
$search_class = "float_right";
$search_style = "";
} else {
$search_class = '';
$search_style = "text-align: right;";
}
$search_action = $view['url'];
// stop &username= in the query string
if ($view_upos = strpos($search_action, '&username='******'post', 'search_form', 0, '', true);
$built_view = $search->construct_return;
$built_view .= "<div class=\"{$search_class}\" style=\"padding-bottom: 3px; margin-top: -9px; {$search_style}\">";
$built_view .= $search->generate_hidden_field('action', 'search') . "\n";
if (isset($view['conditions']['username'])) {
$default_class = '';
$value = $view['conditions']['username'];
} else {
$default_class = "search_default";
$value = $lang->search_for_user;
}
$built_view .= $search->generate_text_box('username', $value, array('id' => 'search_keywords', 'class' => "{$default_class} field150 field_small")) . "\n";
$built_view .= "<input type=\"submit\" class=\"search_button\" value=\"{$lang->search}\" />\n";
if ($view['popup']) {
$built_view .= " <div style=\"display: inline\">{$view['popup']}</div>\n";
}
$built_view .= "<script type='text/javascript'>\n\t\tvar form = document.getElementById('search_form');\n\t\tform.onsubmit = function() {\n\t\t\tvar search = document.getElementById('search_keywords');\n\t\t\tif(search.value == '' || search.value == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearch.focus();\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\tvar search = document.getElementById('search_keywords');\n\t\tsearch.onfocus = function()\n\t\t{\n\t\t\tif(this.value == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\t\$(this).removeClassName('search_default');\n\t\t\t\tthis.value = '';\n\t\t\t}\n\t\t}\n\t\tsearch.onblur = function()\n\t\t{\n\t\t\tif(this.value == '')\n\t\t\t{\n\t\t\t\t\$(this).addClassName('search_default');\n\t\t\t\tthis.value = '" . addcslashes($lang->search_for_user, "'") . "';\n\t\t\t}\n\t\t}\n\t\t// fix the styling used if we have a different default value\n\t\tif(search.value != '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t{\n\t\t\t\$(search).removeClassName('search_default');\n\t\t}\n\t\t</script>\n";
$built_view .= "</div>\n";
// Autocompletion for usernames
$built_view .= '
<script type="text/javascript" src="../jscripts/autocomplete.js?ver=140"></script>
<script type="text/javascript">
<!--
new autoComplete("search_keywords", "../xmlhttp.php?action=get_users", {valueSpan: "username"});
// -->
</script>';
$built_view .= $search->end();
if (isset($pagination)) {
$built_view .= $pagination;
}
if ($view['view_type'] != "card") {
$checkbox = '';
} else {
$checkbox = "<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this)\" /> ";
}
$built_view .= $table->construct_html("{$switch_view}<div>{$checkbox}{$lang->users}{$view_title}</div>", 1, "", $view['table_id']);
if (isset($pagination)) {
$built_view .= $pagination;
}
$built_view .= '
<script type="text/javascript" src="' . $mybb->settings['bburl'] . '/jscripts/inline_moderation.js?ver=1400"></script>
<form action="index.php?module=user-users" method="post">
<input type="hidden" name="my_post_key" value="' . $mybb->post_code . '" />
<input type="hidden" name="action" value="inline_edit" />
<div class="float_right"><span class="smalltext"><strong>' . $lang->inline_edit . '</strong></span>
<select name="inline_action" class="inline_select">
<option value="multiactivate">' . $lang->inline_activate . '</option>
<option value="multiban">' . $lang->inline_ban . '</option>
<option value="multiusergroup">' . $lang->inline_usergroup . '</option>
<option value="multidelete">' . $lang->inline_delete . '</option>
<option value="multiprune">' . $lang->inline_prune . '</option>
</select>
<input type="submit" class="button" name="go" value="' . $lang->go . ' (0)" id="inline_go" />
<input type="button" onclick="javascript:inlineModeration.clearChecked();" value="' . $lang->clear . '" class="button" />
</div>
</form>
<br style="clear: both;" />
<script type="text/javascript">
<!--
var go_text = "' . $lang->go . '";
var all_text = "1";
var inlineType = "user";
var inlineId = "acp";
// -->
</script>';
return $built_view;
}
/**
* Saves a "flash message" for the current user to be shown on their next page visit.
*
* @param string The message to show
* @param string The type of message to be shown (success|error)
*/
function flash_message($message, $type = '')
{
$flash = array('message' => $message, 'type' => $type);
update_admin_session('flash_message', $flash);
}