/** * Build a Who's Online row for a specific user * * @param array Array of user information including activity information * @return string Formatted online row */ function build_wol_row($user) { global $mybb, $lang, $templates, $theme, $session, $db; // We have a registered user if ($user['uid'] > 0) { // Only those with "canviewwolinvis" permissions can view invisible users if ($user['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $user['uid'] == $mybb->user['uid']) { // Append an invisible mark if the user is invisible if ($user['invisible'] == 1) { $invisible_mark = "*"; } else { $invisible_mark = ''; } $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']); $online_name = build_profile_link($user['username'], $user['uid']) . $invisible_mark; } } elseif (!empty($user['bot'])) { $online_name = format_name($user['bot'], $user['usergroup']); } else { $online_name = format_name($lang->guest, 1); } $online_time = my_date($mybb->settings['timeformat'], $user['time']); // Fetch the location name for this users activity $location = build_friendly_wol_location($user['activity']); // Can view IPs, then fetch the IP template if ($mybb->usergroup['canviewonlineips'] == 1) { $user['ip'] = my_inet_ntop($db->unescape_binary($user['ip'])); if ($mybb->usergroup['canmodcp'] == 1 && $mybb->usergroup['canuseipsearch'] == 1) { eval("\$lookup = \"" . $templates->get("online_row_ip_lookup") . "\";"); } eval("\$user_ip = \"" . $templates->get("online_row_ip") . "\";"); } else { $user_ip = $lookup = $user['ip'] = ''; } // And finally if we have permission to view this user, return the completed online row if ($user['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $user['uid'] == $mybb->user['uid']) { eval("\$online_row = \"" . $templates->get("online_row") . "\";"); } return $online_row; }
$latestfivemodactions = ''; if (($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1) { $where = ''; if ($tflist_modlog) { $where = "WHERE (t.fid <> 0 {$tflist_modlog}) OR (!l.fid)"; } $query = $db->query("\n\t\t\tSELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject\n\t\t\tFROM " . TABLE_PREFIX . "moderatorlog l\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=l.uid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=l.tid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid=l.fid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "posts p ON (p.pid=l.pid)\n\t\t\t{$where}\n\t\t\tORDER BY l.dateline DESC\n\t\t\tLIMIT 5\n\t\t"); $modlogresults = ''; while ($logitem = $db->fetch_array($query)) { $information = ''; $logitem['action'] = htmlspecialchars_uni($logitem['action']); $log_date = my_date('relative', $logitem['dateline']); $trow = alt_trow(); $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress'])); if ($logitem['tsubject']) { $logitem['tsubject'] = htmlspecialchars_uni($logitem['tsubject']); $logitem['thread'] = get_thread_link($logitem['tid']); eval("\$information .= \"" . $templates->get("modcp_modlogs_result_thread") . "\";"); } if ($logitem['fname']) { $logitem['forum'] = get_forum_link($logitem['fid']); eval("\$information .= \"" . $templates->get("modcp_modlogs_result_forum") . "\";"); } if ($logitem['psubject']) { $logitem['psubject'] = htmlspecialchars_uni($logitem['psubject']); $logitem['post'] = get_post_link($logitem['pid']); eval("\$information .= \"" . $templates->get("modcp_modlogs_result_post") . "\";"); } // Edited a user or managed announcement?
static function render_shout($data, $static = false) { global $mybb; $id = $data['id']; $text = self::parse($data['text'], $data['username']); $date = htmlspecialchars_uni(my_date($mybb->settings['dvz_sb_dateformat'], $data['date'])); $username = htmlspecialchars_uni($data['username']); $user = '******' . (int) $data['uid'] . '">' . format_name($username, $data['usergroup'], $data['displaygroup']) . '</a>'; $avatar = '<img src="' . (empty($data['avatar']) ? htmlspecialchars_uni($mybb->settings['useravatar']) : htmlspecialchars_uni($data['avatar'])) . '" alt="avatar" />'; $notes = null; $attributes = null; $own = $data['uid'] == $mybb->user['uid']; if ($static) { if (self::access_mod()) { $notes .= '<span class="ip">' . my_inet_ntop($data['ipaddress']) . '</span>'; } if (self::access_mod() || self::access_mod_own() && $own) { $notes .= '<a href="" class="mod edit">E</a><a href="" class="mod del">X</a>'; } } if (self::access_mod() || self::access_mod_own() && $own) { $attributes .= ' data-mod'; } if ($own) { $attributes .= ' data-own'; } return ' <div class="entry" data-id="' . $id . '" data-username="******"' . $attributes . '> <div class="avatar">' . $avatar . '</div> <div class="user">' . $user . '</div> <div class="text">' . $text . '</div> <div class="info">' . $notes . '<span class="date">' . $date . '</span></div> </div>'; }
/** * @param array $view * * @return string */ function build_users_view($view) { global $mybb, $db, $cache, $lang, $user_view_fields, $page; $view_title = ''; if ($view['title']) { $title_string = "view_title_{$view['vid']}"; if ($lang->{$title_string}) { $view['title'] = $lang->{$title_string}; } $view_title .= " (" . htmlspecialchars_uni($view['title']) . ")"; } // Build the URL to this view if (!isset($view['url'])) { $view['url'] = "index.php?module=user-users"; } if (!is_array($view['conditions'])) { $view['conditions'] = my_unserialize($view['conditions']); } if (!is_array($view['fields'])) { $view['fields'] = my_unserialize($view['fields']); } if (!is_array($view['custom_profile_fields'])) { $view['custom_profile_fields'] = my_unserialize($view['custom_profile_fields']); } if (isset($mybb->input['username'])) { $view['conditions']['username'] = $mybb->input['username']; } if ($view['vid']) { $view['url'] .= "&vid={$view['vid']}"; } else { // If this is a custom view we need to save everything ready to pass it on from page to page global $admin_session; if (!$mybb->input['search_id']) { $search_id = md5(random_str()); $admin_session['data']['user_views'][$search_id] = $view; update_admin_session('user_views', $admin_session['data']['user_views']); $mybb->input['search_id'] = $search_id; } $view['url'] .= "&search_id=" . htmlspecialchars_uni($mybb->input['search_id']); } if (isset($mybb->input['username'])) { $view['url'] .= "&username="******"&", "&", $view['url'])) { update_admin_session('last_users_url', str_replace("&", "&", $view['url'])); } if (isset($view['conditions']['referrer'])) { $view['url'] .= "&action=referrers&uid=" . htmlspecialchars_uni($view['conditions']['referrer']); } // Do we not have any views? if (empty($view)) { return false; } $table = new Table(); // Build header for table based view if ($view['view_type'] != "card") { foreach ($view['fields'] as $field) { if (!$user_view_fields[$field]) { continue; } $view_field = $user_view_fields[$field]; $field_options = array(); if ($view_field['width']) { $field_options['width'] = $view_field['width']; } if ($view_field['align']) { $field_options['class'] = "align_" . $view_field['align']; } $table->construct_header($view_field['title'], $field_options); } $table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />"); // Create a header for the "select" boxes } $search_sql = '1=1'; // Build the search SQL for users // List of valid LIKE search fields $user_like_fields = array("username", "email", "website", "icq", "aim", "yahoo", "skype", "google", "signature", "usertitle"); foreach ($user_like_fields as $search_field) { if (!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field . '_blank']) { $search_sql .= " AND u.{$search_field} LIKE '%" . $db->escape_string_like($view['conditions'][$search_field]) . "%'"; } else { if (!empty($view['conditions'][$search_field . '_blank'])) { $search_sql .= " AND u.{$search_field} != ''"; } } } // EXACT matching fields $user_exact_fields = array("referrer"); foreach ($user_exact_fields as $search_field) { if (!empty($view['conditions'][$search_field])) { $search_sql .= " AND u.{$search_field}='" . $db->escape_string($view['conditions'][$search_field]) . "'"; } } // LESS THAN or GREATER THAN $direction_fields = array("postnum", "threadnum"); foreach ($direction_fields as $search_field) { $direction_field = $search_field . "_dir"; if (isset($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field]) { switch ($view['conditions'][$direction_field]) { case "greater_than": $direction = ">"; break; case "less_than": $direction = "<"; break; default: $direction = "="; } $search_sql .= " AND u.{$search_field}{$direction}'" . $db->escape_string($view['conditions'][$search_field]) . "'"; } } // Registration searching $reg_fields = array("regdate"); foreach ($reg_fields as $search_field) { if (!empty($view['conditions'][$search_field]) && (int) $view['conditions'][$search_field]) { $threshold = TIME_NOW - (int) $view['conditions'][$search_field] * 24 * 60 * 60; $search_sql .= " AND u.{$search_field} >= '{$threshold}'"; } } // IP searching $ip_fields = array("regip", "lastip"); foreach ($ip_fields as $search_field) { if (!empty($view['conditions'][$search_field])) { $ip_range = fetch_ip_range($view['conditions'][$search_field]); if (!is_array($ip_range)) { $ip_sql = "{$search_field}=" . $db->escape_binary($ip_range); } else { $ip_sql = "{$search_field} BETWEEN " . $db->escape_binary($ip_range[0]) . " AND " . $db->escape_binary($ip_range[1]); } $search_sql .= " AND {$ip_sql}"; } } // Post IP searching if (!empty($view['conditions']['postip'])) { $ip_range = fetch_ip_range($view['conditions']['postip']); if (!is_array($ip_range)) { $ip_sql = "ipaddress=" . $db->escape_binary($ip_range); } else { $ip_sql = "ipaddress BETWEEN " . $db->escape_binary($ip_range[0]) . " AND " . $db->escape_binary($ip_range[1]); } $ip_uids = array(0); $query = $db->simple_select("posts", "uid", $ip_sql); while ($uid = $db->fetch_field($query, "uid")) { $ip_uids[] = $uid; } $search_sql .= " AND u.uid IN(" . implode(',', $ip_uids) . ")"; unset($ip_uids); } // Custom Profile Field searching if ($view['custom_profile_fields']) { $userfield_sql = '1=1'; foreach ($view['custom_profile_fields'] as $column => $input) { if (is_array($input)) { foreach ($input as $value => $text) { if ($value == $column) { $value = $text; } if ($value == $lang->na) { continue; } if (strpos($column, '_blank') !== false) { $column = str_replace('_blank', '', $column); $userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''"; } else { $userfield_sql .= ' AND ' . $db->escape_string($column) . "='" . $db->escape_string($value) . "'"; } } } else { if (!empty($input)) { if ($input == $lang->na) { continue; } if (strpos($column, '_blank') !== false) { $column = str_replace('_blank', '', $column); $userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''"; } else { $userfield_sql .= ' AND ' . $db->escape_string($column) . " LIKE '%" . $db->escape_string_like($input) . "%'"; } } } } if ($userfield_sql != '1=1') { $userfield_uids = array(0); $query = $db->simple_select("userfields", "ufid", $userfield_sql); while ($userfield = $db->fetch_array($query)) { $userfield_uids[] = $userfield['ufid']; } $search_sql .= " AND u.uid IN(" . implode(',', $userfield_uids) . ")"; unset($userfield_uids); } } // Usergroup based searching if (isset($view['conditions']['usergroup'])) { if (!is_array($view['conditions']['usergroup'])) { $view['conditions']['usergroup'] = array($view['conditions']['usergroup']); } foreach ($view['conditions']['usergroup'] as $usergroup) { $usergroup = (int) $usergroup; if (!$usergroup) { continue; } $additional_sql = ''; switch ($db->type) { case "pgsql": case "sqlite": $additional_sql .= " OR ','||additionalgroups||',' LIKE '%,{$usergroup},%'"; break; default: $additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'"; } } $search_sql .= " AND (u.usergroup IN (" . implode(",", array_map('intval', $view['conditions']['usergroup'])) . ") {$additional_sql})"; } // COPPA users only? if (isset($view['conditions']['coppa'])) { $search_sql .= " AND u.coppauser=1 AND u.usergroup=5"; } // Extra SQL? if (isset($view['extra_sql'])) { $search_sql .= $view['extra_sql']; } // Lets fetch out how many results we have $query = $db->query("\n\t\tSELECT COUNT(u.uid) AS num_results\n\t\tFROM " . TABLE_PREFIX . "users u\n\t\tWHERE {$search_sql}\n\t"); $num_results = $db->fetch_field($query, "num_results"); // No matching results then return false if (!$num_results) { return false; } else { if (!$view['perpage']) { $view['perpage'] = 20; } $view['perpage'] = (int) $view['perpage']; // Establish which page we're viewing and the starting index for querying if (!isset($mybb->input['page'])) { $mybb->input['page'] = 1; } else { $mybb->input['page'] = $mybb->get_input('page', MyBB::INPUT_INT); } if ($mybb->input['page']) { $start = ($mybb->input['page'] - 1) * $view['perpage']; } else { $start = 0; $mybb->input['page'] = 1; } $from_bit = ""; if (isset($mybb->input['from']) && $mybb->input['from'] == "home") { $from_bit = "&from=home"; } switch ($view['sortby']) { case "regdate": case "lastactive": case "postnum": case "reputation": $view['sortby'] = $db->escape_string($view['sortby']); break; case "numposts": $view['sortby'] = "postnum"; break; case "numthreads": $view['sortby'] = "threadnum"; break; case "warninglevel": $view['sortby'] = "warningpoints"; break; default: $view['sortby'] = "username"; } if ($view['sortorder'] != "desc") { $view['sortorder'] = "asc"; } $usergroups = $cache->read("usergroups"); // Fetch matching users $query = $db->query("\n\t\t\tSELECT u.*\n\t\t\tFROM " . TABLE_PREFIX . "users u\n\t\t\tWHERE {$search_sql}\n\t\t\tORDER BY {$view['sortby']} {$view['sortorder']}\n\t\t\tLIMIT {$start}, {$view['perpage']}\n\t\t"); $users = ''; while ($user = $db->fetch_array($query)) { $comma = $groups_list = ''; $user['view']['username'] = "******"index.php?module=user-users&action=edit&uid={$user['uid']}\">" . format_name($user['username'], $user['usergroup'], $user['displaygroup']) . "</a>"; $user['view']['usergroup'] = htmlspecialchars_uni($usergroups[$user['usergroup']]['title']); if ($user['additionalgroups']) { $additional_groups = explode(",", $user['additionalgroups']); foreach ($additional_groups as $group) { $groups_list .= $comma . htmlspecialchars_uni($usergroups[$group]['title']); $comma = $lang->comma; } } if (!$groups_list) { $groups_list = $lang->none; } $user['view']['additionalgroups'] = "<small>{$groups_list}</small>"; $user['view']['email'] = "<a href=\"mailto:" . htmlspecialchars_uni($user['email']) . "\">" . htmlspecialchars_uni($user['email']) . "</a>"; $user['view']['regdate'] = my_date('relative', $user['regdate']); $user['view']['lastactive'] = my_date('relative', $user['lastactive']); // Build popup menu $popup = new PopupMenu("user_{$user['uid']}", $lang->options); $popup->add_item($lang->view_profile, $mybb->settings['bburl'] . '/' . get_profile_link($user['uid'])); $popup->add_item($lang->edit_profile_and_settings, "index.php?module=user-users&action=edit&uid={$user['uid']}"); // Banning options... is this user banned? if ($usergroups[$user['usergroup']]['isbannedgroup'] == 1) { // Yes, so do we want to edit the ban or pardon his crime? $popup->add_item($lang->edit_ban, "index.php?module=user-banning&uid={$user['uid']}#username"); $popup->add_item($lang->lift_ban, "index.php?module=user-banning&action=lift&uid={$user['uid']}&my_post_key={$mybb->post_code}"); } else { // Not banned... but soon maybe! $popup->add_item($lang->ban_user, "index.php?module=user-banning&uid={$user['uid']}#username"); } if ($user['usergroup'] == 5) { if ($user['coppauser']) { $popup->add_item($lang->approve_coppa_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}"); } else { $popup->add_item($lang->approve_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}"); } } $popup->add_item($lang->delete_user, "index.php?module=user-users&action=delete&uid={$user['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->user_deletion_confirmation}')"); $popup->add_item($lang->show_referred_users, "index.php?module=user-users&action=referrers&uid={$user['uid']}"); $popup->add_item($lang->show_ip_addresses, "index.php?module=user-users&action=ipaddresses&uid={$user['uid']}"); $popup->add_item($lang->show_attachments, "index.php?module=forum-attachments&results=1&username="******"-"; } if ($mybb->settings['enablewarningsystem'] != 0 && $usergroups[$user['usergroup']]['canreceivewarnings'] != 0) { if ($mybb->settings['maxwarningpoints'] < 1) { $mybb->settings['maxwarningpoints'] = 10; } $warning_level = round($user['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100); if ($warning_level > 100) { $warning_level = 100; } $user['view']['warninglevel'] = get_colored_warning_level($warning_level); } if ($user['avatar'] && my_substr($user['avatar'], 0, 7) !== 'http://' && my_substr($user['avatar'], 0, 8) !== 'https://') { $user['avatar'] = "../{$user['avatar']}"; } if ($view['view_type'] == "card") { $scaled_avatar = fetch_scaled_avatar($user, 80, 80); } else { $scaled_avatar = fetch_scaled_avatar($user, 34, 34); } if (!$user['avatar']) { $user['avatar'] = "../" . $mybb->settings['useravatar']; } $user['view']['avatar'] = "<img src=\"" . htmlspecialchars_uni($user['avatar']) . "\" alt=\"\" width=\"{$scaled_avatar['width']}\" height=\"{$scaled_avatar['height']}\" />"; // Convert IP's to readable $user['regip'] = my_inet_ntop($db->unescape_binary($user['regip'])); $user['lastip'] = my_inet_ntop($db->unescape_binary($user['lastip'])); if ($view['view_type'] == "card") { $users .= build_user_view_card($user, $view, $i); } else { build_user_view_table($user, $view, $table); } } // If card view, we need to output the results if ($view['view_type'] == "card") { $table->construct_cell($users); $table->construct_row(); } } if (!isset($view['table_id'])) { $view['table_id'] = "users_list"; } $switch_view = "<div class=\"float_right\">"; $switch_url = $view['url']; if ($mybb->input['page'] > 0) { $switch_url .= "&page=" . $mybb->get_input('page', MyBB::INPUT_INT); } if ($view['view_type'] != "card") { $switch_view .= "<strong>{$lang->table_view}</strong> | <a href=\"{$switch_url}&type=card\" style=\"font-weight: normal;\">{$lang->card_view}</a>"; } else { $switch_view .= "<a href=\"{$switch_url}&type=table\" style=\"font-weight: normal;\">{$lang->table_view}</a> | <strong>{$lang->card_view}</strong>"; } $switch_view .= "</div>"; // Do we need to construct the pagination? if ($num_results > $view['perpage']) { $pagination = draw_admin_pagination($mybb->input['page'], $view['perpage'], $num_results, $view['url'] . "&type={$view['view_type']}"); $search_class = "float_right"; $search_style = ""; } else { $search_class = ''; $search_style = "text-align: right;"; } $search_action = $view['url']; // stop &username= in the query string if ($view_upos = strpos($search_action, '&username='******'post', 'search_form', 0, '', true); $built_view = $search->construct_return; $built_view .= "<div class=\"{$search_class}\" style=\"padding-bottom: 3px; margin-top: -9px; {$search_style}\">"; $built_view .= $search->generate_hidden_field('action', 'search') . "\n"; if (isset($view['conditions']['username'])) { $default_class = ''; $value = $view['conditions']['username']; } else { $default_class = "search_default"; $value = $lang->search_for_user; } $built_view .= $search->generate_text_box('username', $value, array('id' => 'search_keywords', 'class' => "{$default_class} field150 field_small")) . "\n"; $built_view .= "<input type=\"submit\" class=\"search_button\" value=\"{$lang->search}\" />\n"; if ($view['popup']) { $built_view .= " <div style=\"display: inline\">{$view['popup']}</div>\n"; } $built_view .= "<script type=\"text/javascript\">\n\t\tvar form = \$(\"#search_form\");\n\t\tform.submit(function() {\n\t\t\tvar search = \$('#search_keywords');\n\t\t\tif(search.val() == '' || search.val() == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearch.focus();\n\t\t\t\treturn false;\n\t\t\t}\n\t\t});\n\n\t\tvar search = \$(\"#search_keywords\");\n\t\tsearch.focus(function()\n\t\t{\n\t\t\tvar searched_focus = \$(this);\n\t\t\tif(searched_focus.val() == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearched_focus.removeClass(\"search_default\");\n\t\t\t\tsearched_focus.val(\"\");\n\t\t\t}\n\t\t});\n\n\t\tsearch.blur(function()\n\t\t{\n\t\t\tvar searched_blur = \$(this);\n\t\t\tif(searched_blur.val() == \"\")\n\t\t\t{\n\t\t\t\tsearched_blur.addClass('search_default');\n\t\t\t\tsearched_blur.val('" . addcslashes($lang->search_for_user, "'") . "');\n\t\t\t}\n\t\t});\n\n\t\t// fix the styling used if we have a different default value\n\t\tif(search.val() != '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t{\n\t\t\t\$(search).removeClass('search_default');\n\t\t}\n\t\t</script>\n"; $built_view .= "</div>\n"; // Autocompletion for usernames // TODO Select2 $built_view .= $search->end(); if (isset($pagination)) { $built_view .= $pagination; } if ($view['view_type'] != "card") { $checkbox = ''; } else { $checkbox = "<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this)\" /> "; } $built_view .= $table->construct_html("{$switch_view}<div>{$checkbox}{$lang->users}{$view_title}</div>", 1, "", $view['table_id']); if (isset($pagination)) { $built_view .= $pagination; } $built_view .= ' <script type="text/javascript" src="' . $mybb->settings['bburl'] . '/jscripts/inline_moderation.js?ver=1800"></script> <form action="index.php?module=user-users" method="post"> <input type="hidden" name="my_post_key" value="' . $mybb->post_code . '" /> <input type="hidden" name="action" value="inline_edit" /> <div class="float_right"><span class="smalltext"><strong>' . $lang->inline_edit . '</strong></span> <select name="inline_action"> <option value="multiactivate">' . $lang->inline_activate . '</option> <option value="multiban">' . $lang->inline_ban . '</option> <option value="multiusergroup">' . $lang->inline_usergroup . '</option> <option value="multidelete">' . $lang->inline_delete . '</option> <option value="multiprune">' . $lang->inline_prune . '</option> </select> <input type="submit" class="submit_button inline_element" name="go" value="' . $lang->go . ' (0)" id="inline_go" /> <input type="button" onclick="javascript:inlineModeration.clearChecked();" value="' . $lang->clear . '" class="submit_button inline_element" /> </div> </form> <br style="clear: both;" /> <script type="text/javascript"> <!-- var go_text = "' . $lang->go . '"; var all_text = "1"; var inlineType = "user"; var inlineId = "acp"; // --> </script>'; return $built_view; }
$start = ($pagecnt - 1) * $perpage; } else { $start = 0; $pagecnt = 1; } $table = new Table(); $table->construct_header($lang->spam_username, array('width' => '20%')); $table->construct_header($lang->spam_email, array("class" => "align_center", 'width' => '20%')); $table->construct_header($lang->spam_ip, array("class" => "align_center", 'width' => '20%')); $table->construct_header($lang->spam_date, array("class" => "align_center", 'width' => '20%')); $table->construct_header($lang->spam_confidence, array("class" => "align_center", 'width' => '20%')); $query = $db->simple_select("spamlog", "*", $where, array('order_by' => $sortby, 'order_dir' => $order, 'limit_start' => $start, 'limit' => $perpage)); while ($row = $db->fetch_array($query)) { $username = htmlspecialchars_uni($row['username']); $email = htmlspecialchars_uni($row['email']); $ip_address = my_inet_ntop($db->unescape_binary($row['ipaddress'])); $dateline = ''; if ($row['dateline'] > 0) { $dateline = my_date('relative', $row['dateline']); } $confidence = '0%'; $data = @my_unserialize($row['data']); if (is_array($data) && !empty($data)) { if (isset($data['confidence'])) { $confidence = (double) $data['confidence'] . '%'; } } $table->construct_cell($username); $table->construct_cell($email); $table->construct_cell($ip_address); $table->construct_cell($dateline);
function home_action_handler($action) { global $page, $db, $lang, $plugins; $page->active_module = "home"; $actions = array('preferences' => array('active' => 'preferences', 'file' => 'preferences.php'), 'credits' => array('active' => 'credits', 'file' => 'credits.php'), 'version_check' => array('active' => 'version_check', 'file' => 'version_check.php'), 'dashboard' => array('active' => 'dashboard', 'file' => 'index.php')); if (!isset($actions[$action])) { $page->active_action = "dashboard"; } else { $page->active_action = $actions[$action]['active']; } $actions = $plugins->run_hooks("admin_home_action_handler", $actions); if ($page->active_action == "dashboard") { // Quick Access $sub_menu = array(); $sub_menu['10'] = array("id" => "add_forum", "title" => $lang->add_new_forum, "link" => "index.php?module=forum-management&action=add"); $sub_menu['20'] = array("id" => "search", "title" => $lang->search_for_users, "link" => "index.php?module=user-users&action=search"); $sub_menu['30'] = array("id" => "themes", "title" => $lang->themes, "link" => "index.php?module=style-themes"); $sub_menu['40'] = array("id" => "templates", "title" => $lang->templates, "link" => "index.php?module=style-templates"); $sub_menu['50'] = array("id" => "plugins", "title" => $lang->plugins, "link" => "index.php?module=config-plugins"); $sub_menu['60'] = array("id" => "backupdb", "title" => $lang->database_backups, "link" => "index.php?module=tools-backupdb"); $sub_menu = $plugins->run_hooks("admin_home_menu_quick_access", $sub_menu); $sidebar = new SidebarItem($lang->quick_access); $sidebar->add_menu_items($sub_menu, $page->active_action); $page->sidebar .= $sidebar->get_markup(); // Online Administrators in the last 30 minutes $timecut = TIME_NOW - 60 * 30; $query = $db->simple_select("adminsessions", "uid, ip, useragent", "lastactive > {$timecut}"); $online_users = "<ul class=\"menu online_admins\">"; $online_admins = array(); // If there's only 1 user online, it has to be us. if ($db->num_rows($query) == 1) { $user = $db->fetch_array($query); global $mybb; // Are we on a mobile device? // Stolen from http://stackoverflow.com/a/10989424 $user_type = "desktop"; if (is_mobile($user["useragent"])) { $user_type = "mobile"; } $online_admins[$mybb->user['username']] = array("uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "ip" => $user["ip"], "type" => $user_type); } else { $uid_in = array(); while ($user = $db->fetch_array($query)) { $uid_in[] = $user['uid']; $user_type = "desktop"; if (is_mobile($user['useragent'])) { $user_type = "mobile"; } $online_admins[$user['uid']] = array("ip" => $user['ip'], "type" => $user_type); } $query = $db->simple_select("users", "uid, username", "uid IN(" . implode(',', $uid_in) . ")", array('order_by' => 'username')); while ($user = $db->fetch_array($query)) { $online_admins[$user['username']] = array("uid" => $user['uid'], "username" => $user['username'], "ip" => $online_admins[$user['uid']]['ip'], "type" => $online_admins[$user['uid']]['type']); unset($online_admins[$user['uid']]); } } $done_users = array(); asort($online_admins); foreach ($online_admins as $user) { if (!isset($done_users["{$user['uid']}.{$user['ip']}"])) { if ($user['type'] == "mobile") { $class = " class=\"mobile_user\""; } else { $class = ""; } $ip_address = my_inet_ntop($db->unescape_binary($user['ip'])); $online_users .= "<li title=\"{$lang->ipaddress} {$ip_address}\"{$class}>" . build_profile_link($user['username'] . ' (' . $ip_address . ')', $user['uid'], "_blank") . "</li>"; $done_users["{$user['uid']}.{$user['ip']}"] = 1; } } $online_users .= "</ul>"; $sidebar = new SidebarItem($lang->online_admins); $sidebar->set_contents($online_users); $page->sidebar .= $sidebar->get_markup(); } if (isset($actions[$action])) { $page->active_action = $actions[$action]['active']; return $actions[$action]['file']; } else { $page->active_action = "dashboard"; return "index.php"; } }
if ($page) { $start = ($page - 1) * $perpage; } else { $start = 0; $page = 1; } $multipage = multipage($history_count, $perpage, $page, "edithistory.php?pid={$pid}"); $query = $db->query("\r\n\t\tSELECT e.*, u.username\r\n\t\tFROM " . TABLE_PREFIX . "edithistory e\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (e.uid=u.uid)\r\n\t\tWHERE e.pid='{$pid}'\r\n\t\tORDER BY e.dateline DESC\r\n\t\tLIMIT {$start}, {$perpage}\r\n\t"); while ($history = $db->fetch_array($query)) { $alt_bg = alt_trow(); if (!$history['reason']) { $history['reason'] = $lang->na; } else { $history['reason'] = htmlspecialchars_uni($history['reason']); } $history['ipaddress'] = my_inet_ntop($db->unescape_binary($history['ipaddress'])); $history['username'] = build_profile_link($history['username'], $history['uid']); $dateline = my_date('relative', $history['dateline']); // Sanitize post $history['originaltext'] = htmlspecialchars_uni($history['originaltext']); $readmore = ''; if ($mybb->settings['edithistorychar'] > 0 && my_strlen($history['originaltext']) > $mybb->settings['edithistorychar']) { eval("\$readmore = \"" . $templates->get("edithistory_item_readmore", 1, 0) . "\";"); $history['originaltext'] = my_substr($history['originaltext'], 0, $mybb->settings['edithistorychar']) . "... {$readmore}"; $originaltext = nl2br($history['originaltext']); } else { $originaltext = nl2br($history['originaltext']); } // Show revert option if allowed $revert = ''; if ($mybb->settings['editrevert'] == 2 && $mybb->usergroup['cancp'] == 1 || $mybb->settings['editrevert'] == 1 && ($mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) || $mybb->settings['editrevert'] == 0) {
$table->construct_header($lang->information, array('class' => 'align_center', 'width' => '65%')); $table->construct_header($lang->ipaddress, array('class' => 'align_center', 'width' => '10%')); $query = $db->query("\n\t\tSELECT l.*, u.username, u.usergroup, u.displaygroup\n\t\tFROM " . TABLE_PREFIX . "adminlog l\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=l.uid)\n\t\tWHERE 1=1 {$where}\n\t\tORDER BY {$sortby} {$order}\n\t\tLIMIT {$start}, {$perpage}\n\t"); while ($logitem = $db->fetch_array($query)) { $information = ''; $trow = alt_trow(); $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); $logitem['data'] = my_unserialize($logitem['data']); $logitem['profilelink'] = build_profile_link($username, $logitem['uid'], "_blank"); $logitem['dateline'] = my_date('relative', $logitem['dateline']); // Get detailed information from meta $information = get_admin_log_action($logitem); $table->construct_cell($logitem['profilelink']); $table->construct_cell($logitem['dateline'], array('class' => 'align_center')); $table->construct_cell($information); $table->construct_cell(my_inet_ntop($db->unescape_binary($logitem['ipaddress'])), array('class' => 'align_center')); $table->construct_row(); } if ($table->num_rows() == 0) { $table->construct_cell($lang->no_adminlogs, array('colspan' => '4')); $table->construct_row(); } $table->output($lang->admin_logs); // Do we need to construct the pagination? if ($rescount > $perpage) { echo draw_admin_pagination($pagecnt, $perpage, $rescount, "index.php?module=tools-adminlog&perpage={$perpage}&uid={$mybb->input['uid']}&fid={$mybb->input['fid']}&sortby={$mybb->input['sortby']}&order={$order}&filter_module=" . htmlspecialchars_uni($mybb->input['filter_module'])) . "<br />"; } // Fetch filter options $sortbysel[$mybb->input['sortby']] = 'selected="selected"'; $ordersel[$mybb->input['order']] = 'selected="selected"'; $user_options[''] = $lang->all_administrators;
if ($log['fromuid'] > 0) { $find_from = "<div class=\"float_right\"><a href=\"index.php?module=tools-maillogs&fromuid={$log['fromuid']}\"><img src=\"styles/{$page->style}/images/icons/find.png\" title=\"{$lang->find_emails_by_user}\" alt=\"{$lang->find}\" /></a></div>"; } if (!$log['from_username'] && $log['fromuid'] > 0) { $table->construct_cell("{$find_from}<div>{$lang->deleted_user}</div>"); } elseif ($log['fromuid'] == 0) { $log['fromemail'] = htmlspecialchars_uni($log['fromemail']); $table->construct_cell("{$find_from}<div>{$log['fromemail']}</div>"); } else { $table->construct_cell("{$find_from}<div><a href=\"../" . get_profile_link($log['fromuid']) . "\">{$log['from_username']}</a></div>"); } $log['toemail'] = htmlspecialchars_uni($log['toemail']); $table->construct_cell($log['toemail']); } $table->construct_cell($log['dateline'], array("class" => "align_center")); $table->construct_cell(my_inet_ntop($db->unescape_binary($log['ipaddress'])), array("class" => "align_center")); $table->construct_row(); } if ($table->num_rows() == 0) { $table->construct_cell($lang->no_logs, array("colspan" => "7")); $table->construct_row(); $table->output($lang->user_email_log); } else { $table->output($lang->user_email_log); $buttons[] = $form->generate_submit_button($lang->delete_selected, array('onclick' => "return confirm('{$lang->confirm_delete_logs}');")); $buttons[] = $form->generate_submit_button($lang->delete_all, array('name' => 'delete_all', 'onclick' => "return confirm('{$lang->confirm_delete_all_logs}');")); $form->output_submit_wrapper($buttons); } $form->end(); $query = $db->simple_select("maillogs l", "COUNT(l.mid) as logs", "1=1 {$additional_sql_criteria}"); $total_rows = $db->fetch_field($query, "logs");
/** * Build a post bit * * @param array The post data * @param int The type of post bit we're building (1 = preview, 2 = pm, 3 = announcement, else = post) * @return string The built post bit */ function build_postbit($post, $post_type = 0) { global $db, $altbg, $theme, $mybb, $postcounter, $profile_fields; global $titlescache, $page, $templates, $forumpermissions, $attachcache; global $lang, $ismod, $inlinecookie, $inlinecount, $groupscache, $fid; global $plugins, $parser, $cache, $ignored_users, $hascustomtitle; $hascustomtitle = 0; // Set default values for any fields not provided here foreach (array('pid', 'aid', 'pmid', 'posturl', 'button_multiquote', 'subject_extra', 'attachments', 'button_rep', 'button_warn', 'button_purgespammer', 'button_pm', 'button_reply_pm', 'button_replyall_pm', 'button_forward_pm', 'button_delete_pm', 'replink', 'warninglevel') as $post_field) { if (empty($post[$post_field])) { $post[$post_field] = ''; } } // Set up the message parser if it doesn't already exist. if (!$parser) { require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); } if (!function_exists("purgespammer_show")) { require_once MYBB_ROOT . "inc/functions_user.php"; } $unapproved_shade = ''; if (isset($post['visible']) && $post['visible'] == 0 && $post_type == 0) { $altbg = $unapproved_shade = 'unapproved_post'; } elseif (isset($post['visible']) && $post['visible'] == -1 && $post_type == 0) { $altbg = $unapproved_shade = 'unapproved_post deleted_post'; } elseif ($altbg == 'trow1') { $altbg = 'trow2'; } else { $altbg = 'trow1'; } $post['fid'] = $fid; switch ($post_type) { case 1: // Message preview global $forum; $parser_options['allow_html'] = $forum['allowhtml']; $parser_options['allow_mycode'] = $forum['allowmycode']; $parser_options['allow_smilies'] = $forum['allowsmilies']; $parser_options['allow_imgcode'] = $forum['allowimgcode']; $parser_options['allow_videocode'] = $forum['allowvideocode']; $parser_options['me_username'] = $post['username']; $parser_options['filter_badwords'] = 1; $id = 0; break; case 2: // Private message global $message, $pmid; $idtype = 'pmid'; $parser_options['allow_html'] = $mybb->settings['pmsallowhtml']; $parser_options['allow_mycode'] = $mybb->settings['pmsallowmycode']; $parser_options['allow_smilies'] = $mybb->settings['pmsallowsmilies']; $parser_options['allow_imgcode'] = $mybb->settings['pmsallowimgcode']; $parser_options['allow_videocode'] = $mybb->settings['pmsallowvideocode']; $parser_options['me_username'] = $post['username']; $parser_options['filter_badwords'] = 1; $id = $pmid; break; case 3: // Announcement global $announcementarray, $message; $parser_options['allow_html'] = $announcementarray['allowhtml']; $parser_options['allow_mycode'] = $announcementarray['allowmycode']; $parser_options['allow_smilies'] = $announcementarray['allowsmilies']; $parser_options['allow_imgcode'] = 1; $parser_options['allow_videocode'] = 1; $parser_options['me_username'] = $post['username']; $parser_options['filter_badwords'] = 1; $id = $announcementarray['aid']; break; default: // Regular post global $forum, $thread, $tid; $oldforum = $forum; $id = (int) $post['pid']; $idtype = 'pid'; $parser_options['allow_html'] = $forum['allowhtml']; $parser_options['allow_mycode'] = $forum['allowmycode']; $parser_options['allow_smilies'] = $forum['allowsmilies']; $parser_options['allow_imgcode'] = $forum['allowimgcode']; $parser_options['allow_videocode'] = $forum['allowvideocode']; $parser_options['filter_badwords'] = 1; if (!$post['username']) { $post['username'] = $lang->guest; } if ($post['userusername']) { $parser_options['me_username'] = $post['userusername']; } else { $parser_options['me_username'] = $post['username']; } break; } if (!$postcounter) { // Used to show the # of the post if ($page > 1) { if (!$mybb->settings['postsperpage'] || (int) $mybb->settings['postsperpage'] < 1) { $mybb->settings['postsperpage'] = 20; } $postcounter = $mybb->settings['postsperpage'] * ($page - 1); } else { $postcounter = 0; } $post_extra_style = "border-top-width: 0;"; } elseif ($mybb->input['mode'] == "threaded") { $post_extra_style = "border-top-width: 0;"; } else { $post_extra_style = "margin-top: 5px;"; } if (!$altbg) { // Define the alternate background colour if this is the first post $altbg = "trow1"; } $postcounter++; // Format the post date and time using my_date $post['postdate'] = my_date('relative', $post['dateline']); // Dont want any little 'nasties' in the subject $post['subject'] = $parser->parse_badwords($post['subject']); // Pm's have been htmlspecialchars_uni()'ed already. if ($post_type != 2) { $post['subject'] = htmlspecialchars_uni($post['subject']); } if (empty($post['subject'])) { $post['subject'] = ' '; } $post['author'] = $post['uid']; $post['subject_title'] = $post['subject']; // Get the usergroup if ($post['userusername']) { if (!$post['displaygroup']) { $post['displaygroup'] = $post['usergroup']; } $usergroup = $groupscache[$post['displaygroup']]; } else { $usergroup = $groupscache[1]; } if (!is_array($titlescache)) { $cached_titles = $cache->read("usertitles"); if (!empty($cached_titles)) { foreach ($cached_titles as $usertitle) { $titlescache[$usertitle['posts']] = $usertitle; } } if (is_array($titlescache)) { krsort($titlescache); } unset($usertitle, $cached_titles); } // Work out the usergroup/title stuff $post['groupimage'] = ''; if (!empty($usergroup['image'])) { $language = $mybb->settings['bblanguage']; if (!empty($mybb->user['language'])) { $language = $mybb->user['language']; } $usergroup['image'] = str_replace("{lang}", $language, $usergroup['image']); $usergroup['image'] = str_replace("{theme}", $theme['imgdir'], $usergroup['image']); eval("\$post['groupimage'] = \"" . $templates->get("postbit_groupimage") . "\";"); if ($mybb->settings['postlayout'] == "classic") { $post['groupimage'] .= "<br />"; } } if ($post['userusername']) { // This post was made by a registered user $post['username'] = $post['userusername']; $post['profilelink_plain'] = get_profile_link($post['uid']); $post['username_formatted'] = format_name($post['username'], $post['usergroup'], $post['displaygroup']); $post['profilelink'] = build_profile_link($post['username_formatted'], $post['uid']); if (trim($post['usertitle']) != "") { $hascustomtitle = 1; } if ($usergroup['usertitle'] != "" && !$hascustomtitle) { $post['usertitle'] = $usergroup['usertitle']; } elseif (is_array($titlescache) && !$usergroup['usertitle']) { reset($titlescache); foreach ($titlescache as $key => $titleinfo) { if ($post['postnum'] >= $key) { if (!$hascustomtitle) { $post['usertitle'] = $titleinfo['title']; } $post['stars'] = $titleinfo['stars']; $post['starimage'] = $titleinfo['starimage']; break; } } } $post['usertitle'] = htmlspecialchars_uni($post['usertitle']); if ($usergroup['stars']) { $post['stars'] = $usergroup['stars']; } if (empty($post['starimage'])) { $post['starimage'] = $usergroup['starimage']; } if ($post['starimage'] && $post['stars']) { // Only display stars if we have an image to use... $post['starimage'] = str_replace("{theme}", $theme['imgdir'], $post['starimage']); $post['userstars'] = ''; for ($i = 0; $i < $post['stars']; ++$i) { eval("\$post['userstars'] .= \"" . $templates->get("postbit_userstar", 1, 0) . "\";"); } $post['userstars'] .= "<br />"; } $postnum = $post['postnum']; $post['postnum'] = my_number_format($post['postnum']); $post['threadnum'] = my_number_format($post['threadnum']); // Determine the status to show for the user (Online/Offline/Away) $timecut = TIME_NOW - $mybb->settings['wolcutoff']; if ($post['lastactive'] > $timecut && ($post['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1) && $post['lastvisit'] != $post['lastactive']) { eval("\$post['onlinestatus'] = \"" . $templates->get("postbit_online") . "\";"); } else { if ($post['away'] == 1 && $mybb->settings['allowaway'] != 0) { eval("\$post['onlinestatus'] = \"" . $templates->get("postbit_away") . "\";"); } else { eval("\$post['onlinestatus'] = \"" . $templates->get("postbit_offline") . "\";"); } } $post['useravatar'] = ''; if (isset($mybb->user['showavatars']) && $mybb->user['showavatars'] != 0 || $mybb->user['uid'] == 0) { $useravatar = format_avatar($post['avatar'], $post['avatardimensions'], $mybb->settings['postmaxavatarsize']); eval("\$post['useravatar'] = \"" . $templates->get("postbit_avatar") . "\";"); } else { $post['useravatar'] = ''; } eval("\$post['button_find'] = \"" . $templates->get("postbit_find") . "\";"); if ($mybb->settings['enablepms'] == 1 && $post['receivepms'] != 0 && $mybb->usergroup['cansendpms'] == 1 && my_strpos("," . $post['ignorelist'] . ",", "," . $mybb->user['uid'] . ",") === false) { eval("\$post['button_pm'] = \"" . $templates->get("postbit_pm") . "\";"); } $post['button_rep'] = ''; if ($post_type != 3 && $mybb->settings['enablereputation'] == 1 && $mybb->settings['postrep'] == 1 && $mybb->usergroup['cangivereputations'] == 1 && $usergroup['usereputationsystem'] == 1 && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']) && $post['uid'] != $mybb->user['uid']) { if (!$post['pid']) { $post['pid'] = 0; } eval("\$post['button_rep'] = \"" . $templates->get("postbit_rep_button") . "\";"); } if ($post['website'] != "" && !is_member($mybb->settings['hidewebsite']) && $usergroup['canchangewebsite'] == 1) { $post['website'] = htmlspecialchars_uni($post['website']); eval("\$post['button_www'] = \"" . $templates->get("postbit_www") . "\";"); } else { $post['button_www'] = ""; } if ($post['hideemail'] != 1 && $mybb->usergroup['cansendemail'] == 1) { eval("\$post['button_email'] = \"" . $templates->get("postbit_email") . "\";"); } else { $post['button_email'] = ""; } $post['userregdate'] = my_date($mybb->settings['regdateformat'], $post['regdate']); // Work out the reputation this user has (only show if not announcement) if ($post_type != 3 && $usergroup['usereputationsystem'] != 0 && $mybb->settings['enablereputation'] == 1) { $post['userreputation'] = get_reputation($post['reputation'], $post['uid']); eval("\$post['replink'] = \"" . $templates->get("postbit_reputation") . "\";"); } // Showing the warning level? (only show if not announcement) if ($post_type != 3 && $mybb->settings['enablewarningsystem'] != 0 && $usergroup['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || $mybb->user['uid'] == $post['uid'] && $mybb->settings['canviewownwarning'] != 0)) { if ($mybb->settings['maxwarningpoints'] < 1) { $mybb->settings['maxwarningpoints'] = 10; } $warning_level = round($post['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100); if ($warning_level > 100) { $warning_level = 100; } $warning_level = get_colored_warning_level($warning_level); // If we can warn them, it's not the same person, and we're in a PM or a post. if ($mybb->usergroup['canwarnusers'] != 0 && $post['uid'] != $mybb->user['uid'] && ($post_type == 0 || $post_type == 2)) { eval("\$post['button_warn'] = \"" . $templates->get("postbit_warn") . "\";"); $warning_link = "warnings.php?uid={$post['uid']}"; } else { $post['button_warn'] = ''; $warning_link = "usercp.php"; } eval("\$post['warninglevel'] = \"" . $templates->get("postbit_warninglevel") . "\";"); } if ($post_type != 3 && $post_type != 1 && purgespammer_show($post['postnum'], $post['usergroup'], $post['uid'])) { eval("\$post['button_purgespammer'] = \"" . $templates->get('postbit_purgespammer') . "\";"); } // Display profile fields on posts - only if field is filled in if (is_array($profile_fields)) { foreach ($profile_fields as $field) { $fieldfid = "fid{$field['fid']}"; if (!empty($post[$fieldfid])) { $post['fieldvalue'] = ''; $post['fieldname'] = htmlspecialchars_uni($field['name']); $thing = explode("\n", $field['type'], "2"); $type = trim($thing[0]); $useropts = explode("\n", $post[$fieldfid]); if (is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) { foreach ($useropts as $val) { if ($val != '') { eval("\$post['fieldvalue_option'] .= \"" . $templates->get("postbit_profilefield_multiselect_value") . "\";"); } } if ($post['fieldvalue_option'] != '') { eval("\$post['fieldvalue'] .= \"" . $templates->get("postbit_profilefield_multiselect") . "\";"); } } else { $field_parser_options = array("allow_html" => $field['allowhtml'], "allow_mycode" => $field['allowmycode'], "allow_smilies" => $field['allowsmilies'], "allow_imgcode" => $field['allowimgcode'], "allow_videocode" => $field['allowvideocode'], "filter_badwords" => 1); if ($customfield['type'] == "textarea") { $field_parser_options['me_username'] = $post['username']; } else { $field_parser_options['nl2br'] = 0; } if ($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) { $field_parser_options['allow_imgcode'] = 0; } $post['fieldvalue'] = $parser->parse_message($post[$fieldfid], $field_parser_options); } eval("\$post['profilefield'] .= \"" . $templates->get("postbit_profilefield") . "\";"); } } } eval("\$post['user_details'] = \"" . $templates->get("postbit_author_user") . "\";"); } else { // Message was posted by a guest or an unknown user $post['profilelink'] = format_name($post['username'], 1); if ($usergroup['usertitle']) { $post['usertitle'] = $usergroup['usertitle']; } else { $post['usertitle'] = $lang->guest; } $post['usertitle'] = htmlspecialchars_uni($post['usertitle']); $usergroup['title'] = $lang->na; $post['userregdate'] = $lang->na; $post['postnum'] = $lang->na; $post['button_profile'] = ''; $post['button_email'] = ''; $post['button_www'] = ''; $post['signature'] = ''; $post['button_pm'] = ''; $post['button_find'] = ''; $post['onlinestatus'] = ''; $post['replink'] = ''; eval("\$post['user_details'] = \"" . $templates->get("postbit_author_guest") . "\";"); } $post['button_edit'] = ''; $post['button_quickdelete'] = ''; $post['button_quickrestore'] = ''; $post['button_quote'] = ''; $post['button_quickquote'] = ''; $post['button_report'] = ''; $post['button_reply_pm'] = ''; $post['button_replyall_pm'] = ''; $post['button_forward_pm'] = ''; $post['button_delete_pm'] = ''; // For private messages, fetch the reply/forward/delete icons if ($post_type == 2 && $post['pmid']) { global $replyall; eval("\$post['button_reply_pm'] = \"" . $templates->get("postbit_reply_pm") . "\";"); eval("\$post['button_forward_pm'] = \"" . $templates->get("postbit_forward_pm") . "\";"); eval("\$post['button_delete_pm'] = \"" . $templates->get("postbit_delete_pm") . "\";"); if ($replyall == true) { eval("\$post['button_replyall_pm'] = \"" . $templates->get("postbit_replyall_pm") . "\";"); } } $post['editedmsg'] = ''; if (!$post_type) { // Figure out if we need to show an "edited by" message if ($post['edituid'] != 0 && $post['edittime'] != 0 && $post['editusername'] != "" && ($mybb->settings['showeditedby'] != 0 && $usergroup['cancp'] == 0 || $mybb->settings['showeditedbyadmin'] != 0 && $usergroup['cancp'] == 1)) { $post['editdate'] = my_date('relative', $post['edittime']); $post['editnote'] = $lang->sprintf($lang->postbit_edited, $post['editdate']); $post['editedprofilelink'] = build_profile_link($post['editusername'], $post['edituid']); $editreason = ""; if ($post['editreason'] != "") { $post['editreason'] = $parser->parse_badwords($post['editreason']); $post['editreason'] = htmlspecialchars_uni($post['editreason']); eval("\$editreason = \"" . $templates->get("postbit_editedby_editreason") . "\";"); } eval("\$post['editedmsg'] = \"" . $templates->get("postbit_editedby") . "\";"); } $time = TIME_NOW; if ((is_moderator($fid, "caneditposts") || $forumpermissions['caneditposts'] == 1 && $mybb->user['uid'] == $post['uid'] && $thread['closed'] != 1 && ($mybb->usergroup['edittimelimit'] == 0 || $mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] > $time - $mybb->usergroup['edittimelimit'] * 60)) && $mybb->user['uid'] != 0) { eval("\$post['button_edit'] = \"" . $templates->get("postbit_edit") . "\";"); } // Quick Delete button $can_delete_thread = $can_delete_post = 0; if ($mybb->user['uid'] == $post['uid'] && $thread['closed'] == 0) { if ($forumpermissions['candeletethreads'] == 1 && $postcounter == 1) { $can_delete_thread = 1; } else { if ($forumpermissions['candeleteposts'] == 1 && $postcounter != 1) { $can_delete_post = 1; } } } $postbit_qdelete = $postbit_qrestore = ''; if ($mybb->user['uid'] != 0) { if ((is_moderator($fid, "candeleteposts") || is_moderator($fid, "cansoftdeleteposts") || $can_delete_post == 1) && $postcounter != 1) { $postbit_qdelete = $lang->postbit_qdelete_post; $display = ''; if ($post['visible'] == -1) { $display = "none"; } eval("\$post['button_quickdelete'] = \"" . $templates->get("postbit_quickdelete") . "\";"); } else { if ((is_moderator($fid, "candeletethreads") || is_moderator($fid, "cansoftdeletethreads") || $can_delete_thread == 1) && $postcounter == 1) { $postbit_qdelete = $lang->postbit_qdelete_thread; $display = ''; if ($post['visible'] == -1) { $display = "none"; } eval("\$post['button_quickdelete'] = \"" . $templates->get("postbit_quickdelete") . "\";"); } } // Restore Post if (is_moderator($fid, "canrestoreposts") && $postcounter != 1) { $display = "none"; if ($post['visible'] == -1) { $display = ''; } $postbit_qrestore = $lang->postbit_qrestore_post; eval("\$post['button_quickrestore'] = \"" . $templates->get("postbit_quickrestore") . "\";"); } else { if (is_moderator($fid, "canrestorethreads") && $postcounter == 1) { $display = "none"; if ($post['visible'] == -1) { $display = ""; } $postbit_qrestore = $lang->postbit_qrestore_thread; eval("\$post['button_quickrestore'] = \"" . $templates->get("postbit_quickrestore") . "\";"); } } } // Inline moderation stuff if ($ismod) { if (isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|" . $post['pid'] . "|")) { $inlinecheck = "checked=\"checked\""; $inlinecount++; } else { $inlinecheck = ""; } eval("\$post['inlinecheck'] = \"" . $templates->get("postbit_inlinecheck") . "\";"); if ($post['visible'] == 0) { $invisiblepost = 1; } } else { $post['inlinecheck'] = ""; } $post['postlink'] = get_post_link($post['pid'], $post['tid']); $post_number = my_number_format($postcounter); eval("\$post['posturl'] = \"" . $templates->get("postbit_posturl") . "\";"); global $forum, $thread; if ($forum['open'] != 0 && ($thread['closed'] != 1 || is_moderator($forum['fid'], "canpostclosedthreads")) && ($thread['uid'] == $mybb->user['uid'] || $forumpermissions['canonlyreplyownthreads'] != 1)) { eval("\$post['button_quote'] = \"" . $templates->get("postbit_quote") . "\";"); } if ($forumpermissions['canpostreplys'] != 0 && ($thread['uid'] == $mybb->user['uid'] || $forumpermissions['canonlyreplyownthreads'] != 1) && ($thread['closed'] != 1 || is_moderator($fid, "canpostclosedthreads")) && $mybb->settings['multiquote'] != 0 && $forum['open'] != 0 && !$post_type) { eval("\$post['button_multiquote'] = \"" . $templates->get("postbit_multiquote") . "\";"); } if ($mybb->user['uid'] != "0") { eval("\$post['button_report'] = \"" . $templates->get("postbit_report") . "\";"); } } elseif ($post_type == 3) { if ($mybb->usergroup['canmodcp'] == 1 && $mybb->usergroup['canmanageannounce'] == 1 && is_moderator($fid, "canmanageannouncements")) { eval("\$post['button_edit'] = \"" . $templates->get("announcement_edit") . "\";"); eval("\$post['button_quickdelete'] = \"" . $templates->get("announcement_quickdelete") . "\";"); } } $post['iplogged'] = ''; $show_ips = $mybb->settings['logip']; $ipaddress = my_inet_ntop($db->unescape_binary($post['ipaddress'])); // Show post IP addresses... PMs now can have IP addresses too as of 1.8! if ($post_type == 2) { $show_ips = $mybb->settings['showpmip']; } if (!$post_type || $post_type == 2) { if ($show_ips != "no" && !empty($post['ipaddress'])) { if ($show_ips == "show") { eval("\$post['iplogged'] = \"" . $templates->get("postbit_iplogged_show") . "\";"); } else { if ($show_ips == "hide" && (is_moderator($fid, "canviewips") || $mybb->usergroup['issupermod'])) { $action = 'getip'; if ($post_type == 2) { $action = 'getpmip'; } eval("\$post['iplogged'] = \"" . $templates->get("postbit_iplogged_hiden") . "\";"); } } } } if (isset($post['smilieoff']) && $post['smilieoff'] == 1) { $parser_options['allow_smilies'] = 0; } if ($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) { $parser_options['allow_imgcode'] = 0; } if ($mybb->user['showvideos'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0) { $parser_options['allow_videocode'] = 0; } // If we have incoming search terms to highlight - get it done. if (!empty($mybb->input['highlight'])) { $parser_options['highlight'] = $mybb->input['highlight']; $post['subject'] = $parser->highlight_message($post['subject'], $parser_options['highlight']); } $post['message'] = $parser->parse_message($post['message'], $parser_options); $post['attachments'] = ''; if ($mybb->settings['enableattachments'] != 0) { get_post_attachments($id, $post); } if (isset($post['includesig']) && $post['includesig'] != 0 && $post['username'] && $post['signature'] != "" && ($mybb->user['uid'] == 0 || $mybb->user['showsigs'] != 0) && ($post['suspendsignature'] == 0 || $post['suspendsignature'] == 1 && $post['suspendsigtime'] != 0 && $post['suspendsigtime'] < TIME_NOW) && $usergroup['canusesig'] == 1 && ($usergroup['canusesigxposts'] == 0 || $usergroup['canusesigxposts'] > 0 && $postnum > $usergroup['canusesigxposts']) && !is_member($mybb->settings['hidesignatures'])) { $sig_parser = array("allow_html" => $mybb->settings['sightml'], "allow_mycode" => $mybb->settings['sigmycode'], "allow_smilies" => $mybb->settings['sigsmilies'], "allow_imgcode" => $mybb->settings['sigimgcode'], "me_username" => $post['username'], "filter_badwords" => 1); if ($usergroup['signofollow']) { $sig_parser['nofollow_on'] = 1; } if ($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) { $sig_parser['allow_imgcode'] = 0; } $post['signature'] = $parser->parse_message($post['signature'], $sig_parser); eval("\$post['signature'] = \"" . $templates->get("postbit_signature") . "\";"); } else { $post['signature'] = ""; } $icon_cache = $cache->read("posticons"); if (isset($post['icon']) && $post['icon'] > 0 && $icon_cache[$post['icon']]) { $icon = $icon_cache[$post['icon']]; $icon['path'] = htmlspecialchars_uni($icon['path']); $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); $icon['name'] = htmlspecialchars_uni($icon['name']); eval("\$post['icon'] = \"" . $templates->get("postbit_icon") . "\";"); } else { $post['icon'] = ""; } $post_visibility = $ignore_bit = ''; switch ($post_type) { case 1: // Message preview $post = $plugins->run_hooks("postbit_prev", $post); break; case 2: // Private message $post = $plugins->run_hooks("postbit_pm", $post); break; case 3: // Announcement $post = $plugins->run_hooks("postbit_announcement", $post); break; default: // Regular post $post = $plugins->run_hooks("postbit", $post); // Is this author on the ignore list of the current user? Hide this post if (is_array($ignored_users) && $post['uid'] != 0 && isset($ignored_users[$post['uid']]) && $ignored_users[$post['uid']] == 1) { $ignored_message = $lang->sprintf($lang->postbit_currently_ignoring_user, $post['username']); eval("\$ignore_bit = \"" . $templates->get("postbit_ignored") . "\";"); $post_visibility = "display: none;"; } break; } if ($mybb->settings['postlayout'] == "classic") { eval("\$postbit = \"" . $templates->get("postbit_classic") . "\";"); } else { eval("\$postbit = \"" . $templates->get("postbit") . "\";"); } $GLOBALS['post'] = ""; return $postbit; }
} } */ // Clear the profile $userhandler->clear_profile($uid, $mybb->settings['purgespammerbangroup']); $cache->update_banned(); $cache->update_bannedips(); $cache->update_awaitingactivation(); // Update reports cache $cache->update_reportedcontent(); } elseif ($mybb->settings['purgespammerbandelete'] == "delete") { $user_deleted = $userhandler->delete_user($uid, 1); } // Submit the user to stop forum spam if (!empty($mybb->settings['purgespammerapikey'])) { $sfs = @fetch_remote_file("http://stopforumspam.com/add.php?username="******"&ip_addr=" . urlencode(my_inet_ntop($db->unescape_binary($user['lastip']))) . "&email=" . urlencode($user['email']) . "&api_key=" . urlencode($mybb->settings['purgespammerapikey'])); } log_moderator_action(array('uid' => $uid, 'username' => $user['username']), $lang->purgespammer_modlog); if ($user_deleted) { redirect($mybb->settings['bburl'], $lang->purgespammer_success); } else { redirect(get_profile_link($uid), $lang->purgespammer_success); } } else { if ($mybb->input['action'] == "purgespammer") { $plugins->run_hooks("moderation_purgespammer_show"); add_breadcrumb($lang->purgespammer); $lang->purgespammer_purge = $lang->sprintf($lang->purgespammer_purge, $user['username']); if ($mybb->settings['purgespammerbandelete'] == "ban") { $lang->purgespammer_purge_desc = $lang->sprintf($lang->purgespammer_purge_desc, $lang->purgespammer_ban); } else {
function tslink_modcp() { global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $modcp_nav, $multipage; require __DIR__ . '/config.php'; $tslink_modcp_access = explode(',', $tslink_modcp_groups); $mybb_user_groups = explode(',', $mybb->user['additionalgroups']); if (simple_array_intersect($tslink_modcp_access, $mybb_user_groups) || $mybb->usergroup['cancp'] == 1) { eval('$tslink_modcp_menu_template = "' . $templates->get('tslink_modcp_menu') . '";'); $modcp_nav = str_replace('<!-- tslink -->', $tslink_modcp_menu_template, $modcp_nav); } if ($mybb->input['action'] == 'tslink_dochange') { $mybb_uid = intval($mybb->input['uid']); $changeto = intval($mybb->input['changeto']); $db->query('UPDATE ' . TABLE_PREFIX . "users SET memberstatus= '" . $changeto . "' WHERE uid='" . $mybb_uid . "'"); $queryUser = $db->simple_select('users', 'username, lastip', "uid='{$mybb_uid}'"); $bin_ip_in_db = $db->fetch_field($queryUser, 'lastip'); $givenip = my_inet_ntop($db->unescape_binary($bin_ip_in_db)); $forUser = $db->fetch_field($queryUser, 'username'); // If there's an ip of the user in de database, update the unique id's in the database if (!empty($givenip)) { tslink_log("=============================================================\n=================== " . date('d-m-Y H:i:s') . " =====================\n=============================================================\n", $forUser); tslink_log('Started on ModCP by ' . $mybb->user['username'] . ' - IP address of user available (' . $givenip . ') - doing tslink_update_uids & tslink_update_groups', $forUser); $tslink_update_uids_results = tslink_update_uids($givenip); tslink_log($tslink_update_uids_results, $forUser); $message = $lang->tslink_status_changed; } // If there's no lastip of the user in the database - dont try to update the unique id's in the database if (empty($givenip)) { tslink_log("=============================================================\n=================== " . date('d-m-Y H:i:s') . " =====================\n=============================================================\n", $forUser); tslink_log('Started on ModCP ' . $mybb->user['username'] . ' - IP address of user NOT available - only doing tslink_update_groups to update previously registered TS uids', $forUser); $tslink_update_groups_results = tslink_update_groups($mybb_uid); tslink_log($tslink_update_groups_results, $forUser); $message = $lang->tslink_status_changed; } redirect('modcp.php?action=tslink', $message); } if ($mybb->input['action'] == 'tslink') { add_breadcrumb($lang->nav_modcp, 'modcp.php'); add_breadcrumb($lang->tslink_title, 'modcp.php?action=tslink'); global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $modcp_nav, $multipage; $query = $db->simple_select('users', 'uid, username, memberstatus', '', ['order_by' => 'username', 'order_dir' => 'ASC']); while ($users = $db->fetch_array($query)) { $alt_bg = alt_trow(); $user['username'] = build_profile_link($users['username'], $users['uid']); if ($users['memberstatus'] == '0') { $status = 'Member'; $linktochange = '<a href="modcp.php?action=tslink_dochange&uid=' . $users['uid'] . '&changeto=1">' . $lang->tslink_modcp_changestatus1 . ' </a>- <a href="modcp.php?action=tslink_dochange&uid=' . $users['uid'] . '&changeto=2"> ' . $lang->tslink_modcp_changestatus2 . '</a> '; } elseif ($users['memberstatus'] == '1') { $status = 'Donating Member'; $linktochange = '<a href="modcp.php?action=tslink_dochange&uid=' . $users['uid'] . '&changeto=0">' . $lang->tslink_modcp_changestatus0 . ' </a>- <a href="modcp.php?action=tslink_dochange&uid=' . $users['uid'] . '&changeto=2"> ' . $lang->tslink_modcp_changestatus2 . '</a> '; } elseif ($users['memberstatus'] == '2') { $status = 'VIP Member'; $linktochange = '<a href="modcp.php?action=tslink_dochange&uid=' . $users['uid'] . '&changeto=0">' . $lang->tslink_modcp_changestatus0 . ' </a>- <a href="modcp.php?action=tslink_dochange&uid=' . $users['uid'] . '&changeto=1"> ' . $lang->tslink_modcp_changestatus1 . '</a> '; } eval('$tslink_rows .= "' . $templates->get('tslink_modcp_row') . '";'); } eval('$content = "' . $templates->get('tslink_modcp_page_template') . '";'); output_page($content); } }
/** * Fetch the IP address of the current user. * * @return string The IP address. */ function get_ip() { global $mybb, $plugins; $ip = strtolower($_SERVER['REMOTE_ADDR']); if ($mybb->settings['ip_forwarded_check']) { $addresses = array(); if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $addresses = explode(',', strtolower($_SERVER['HTTP_X_FORWARDED_FOR'])); } elseif (isset($_SERVER['HTTP_X_REAL_IP'])) { $addresses = explode(',', strtolower($_SERVER['HTTP_X_REAL_IP'])); } if (is_array($addresses)) { foreach ($addresses as $val) { $val = trim($val); // Validate IP address and exclude private addresses if (my_inet_ntop(my_inet_pton($val)) == $val && !preg_match("#^(10\\.|172\\.(1[6-9]|2[0-9]|3[0-1])\\.|192\\.168\\.|fe80:|fe[c-f][0-f]:|f[c-d][0-f]{2}:)#", $val)) { $ip = $val; break; } } } } if (!$ip) { if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip = strtolower($_SERVER['HTTP_CLIENT_IP']); } } if ($plugins) { $ip_array = array("ip" => &$ip); // Used for backwards compatibility on this hook with the updated run_hooks() function. $plugins->run_hooks("get_ip", $ip_array); } return $ip; }