/** * If login failed set the conter +1 * * @param object $event The event object * @return null * @access public */ public function login_box_failed($event) { // Set the counter +1 $sql = 'UPDATE ' . USERS_TABLE . " SET failed_logins_count = failed_logins_count + 1\n\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($event['username'])) . "'"; $this->db->sql_query($sql); // Add to user log $this->log->add('user', ANONYMOUS, $this->user->ip, 'TRY_TO_LOGIN_FAIL', time(), array('reportee_id' => ANONYMOUS, 'username' => $event['username'])); }
private function getUser($user_id) { $user_id = (int) $user_id; $result = $this->db->sql_query('SELECT user_id, user_type, username FROM ' . USERS_TABLE . ' WHERE user_id=' . $this->db->sql_escape($user_id)); $user_row = $this->db->sql_fetchrow($result); return $user_row; }
public function search($start = 1) { if (!$this->auth->acl_get('u_usermap_search')) { trigger_error('NOT_AUTHORISED'); } $this->template->assign_block_vars('navlinks', array('FORUM_NAME' => $this->user->lang('USERMAP_TITLE'), 'U_VIEW_FORUM' => $this->helper->route('tas2580_usermap_index', array()))); $lon = substr($this->request->variable('lon', ''), 0, 10); $lat = substr($this->request->variable('lat', ''), 0, 10); $dst = $this->request->variable('dst', $this->config['tas2580_usermap_search_distance']); $alpha = 180 * $dst / (6378137 / 1000 * 3.14159); $min_lon = $this->db->sql_escape($lon - $alpha); $max_lon = $this->db->sql_escape($lon + $alpha); $min_lat = $this->db->sql_escape($lat - $alpha); $max_lat = $this->db->sql_escape($lat + $alpha); $where = " WHERE ( user_usermap_lon >= '{$min_lon}' AND user_usermap_lon <= '{$max_lon}') AND ( user_usermap_lat >= '{$min_lat}' AND user_usermap_lat<= '{$max_lat}')"; $limit = (int) $this->config['topics_per_page']; $sql = 'SELECT COUNT(user_id) AS num_users FROM ' . USERS_TABLE . $where; $result = $this->db->sql_query($sql); $total_users = (int) $this->db->sql_fetchfield('num_users'); $this->db->sql_freeresult($result); $sql = 'SELECT user_id, username, user_colour, user_regdate, user_posts, group_id, user_usermap_lon, user_usermap_lat FROM ' . USERS_TABLE . $where; $result = $this->db->sql_query_limit($sql, $limit, ($start - 1) * $limit); while ($row = $this->db->sql_fetchrow($result)) { $distance = $this->get_distance($lon, $lat, $row['user_usermap_lon'], $row['user_usermap_lat']); $this->template->assign_block_vars('memberrow', array('USER_ID' => $row['user_id'], 'USERNAME' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'JOINED' => $this->user->format_date($row['user_regdate']), 'POSTS' => $row['user_posts'], 'GROUP_ID' => $row['group_id'], 'DISTANCE' => $distance)); } $this->pagination->generate_template_pagination(array('routes' => array('tas2580_usermap_search', 'tas2580_usermap_search_page'), 'params' => array()), 'pagination', 'start', $total_users, $limit, ($start - 1) * $limit); $this->template->assign_vars(array('TOTAL_USERS' => $this->user->lang('TOTAL_USERS', (int) $total_users), 'L_SEARCH_EXPLAIN' => $this->user->lang('SEARCH_EXPLAIN', $dst, $lon, $lat))); return $this->helper->render('usermap_search.html', $this->user->lang('USERMAP_SEARCH')); }
/** * @param $report_ids - an array of report ids to check for * @return bool - true iff there is an existing report for given report_id */ public function feedbackReportsExist(array $report_ids) { // no ids given if (!$report_ids) { return false; } // SQL escape ids $ids = array(); foreach ($report_ids as $id) { $ids[] = $this->db->sql_escape($id); } $sql = 'SELECT COUNT(*) AS num_reports FROM ' . $this->tables['reports'] . ' WHERE report_id IN (' . implode(', ', $ids) . ")"; $result = $this->db->sql_query($sql); return (int) $this->db->sql_fetchfield('num_reports') == count($report_ids); }
/** * Sets the permissions-cache in users-table to given array. */ public function set_user_permissions($user_ids, $permissions = false) { $sql_set = is_array($permissions) ? $this->db->sql_escape($this->serialize_auth_data($permissions)) : ''; $sql_where = ''; if (is_array($user_ids)) { $sql_where = 'WHERE ' . $this->db->sql_in_set('user_id', array_map('intval', $user_ids)); } else { if ($user_ids == 'all') { $sql_where = ''; } else { $sql_where = 'WHERE user_id = ' . (int) $user_ids; } } if ($this->user->is_user($user_ids)) { $this->user->set_permissions_changed(time()); } $sql = 'UPDATE ' . $this->table_users . "\n\t\t\t\tSET user_permissions = '" . $sql_set . "',\n\t\t\t\t\tuser_permissions_changed = " . time() . ' ' . $sql_where; $this->db->sql_query($sql); }
/** * Rate user * * @return null * @access public */ public function rate_user() { add_form_key('rate'); //$this->user->add_lang_ext('pico/reputation', 'reputation_common'); $submit = $this->request->is_set_post('submit'); $username = $this->request->variable('username', '', true); $points = $this->request->variable('points', ''); $comment = $this->request->variable('comment', '', true); $errors = array(); if ($submit) { if (!check_form_key('rate')) { $errors[] = $this->user->lang('FORM_INVALID'); } $sql = 'SELECT user_id FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; $result = $this->db->sql_query($sql); $user_id_to = (int) $this->db->sql_fetchfield('user_id'); $this->db->sql_freeresult($result); if (!$user_id_to) { $errors[] = $this->user->lang('NO_USER'); } if (!is_numeric($points)) { $errors[] = $this->user->lang('POINTS_INVALID'); } } if ($submit && empty($errors)) { $data = array('user_id_from' => $this->user->data['user_id'], 'user_id_to' => $user_id_to, 'reputation_type' => 'user', 'reputation_item_id' => $user_id_to, 'reputation_points' => $points, 'reputation_comment' => $comment); try { $this->reputation_manager->store_reputation($data); trigger_error($this->user->lang('RS_VOTE_SAVED') . adm_back_link($this->u_action)); } catch (\pico\reputation\exception\base $e) { // Catch exceptions and add them to errors array $errors[] = $e->get_message($this->user); } } $this->template->assign_vars(array('S_ERROR' => sizeof($errors) ? true : false, 'ERROR_MSG' => implode('<br />', $errors), 'U_ACTION' => $this->u_action, 'U_FIND_USERNAME' => append_sid("{$this->phpbb_root_path}memberlist.{$this->php_ext}", 'mode=searchuser&form=rate&field=username&select_single=true'), 'RS_USERNAME' => $username, 'RS_POINTS' => $points, 'RS_COMMENT' => $comment)); }