/**
* Activate an account.
* This function is called from the profile account actions area.
*/
public function action_activateaccount()
{
global $context, $user_profile, $modSettings;
isAllowedTo('moderate_forum');
$memID = currentMemberID();
if (isset($_REQUEST['save']) && isset($user_profile[$memID]['is_activated']) && $user_profile[$memID]['is_activated'] != 1) {
require_once SUBSDIR . '/Members.subs.php';
// If we are approving the deletion of an account, we do something special ;)
if ($user_profile[$memID]['is_activated'] == 4) {
deleteMembers($context['id_member']);
redirectexit();
}
// Actually update this member now, as it guarantees the unapproved count can't get corrupted.
approveMembers(array('members' => array($context['id_member']), 'activated_status' => $user_profile[$memID]['is_activated']));
// Log what we did?
logAction('approve_member', array('member' => $memID), 'admin');
// If we are doing approval, update the stats for the member just in case.
if (in_array($user_profile[$memID]['is_activated'], array(3, 4, 13, 14))) {
updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0));
}
// Make sure we update the stats too.
updateStats('member', false);
}
// Leave it be...
redirectexit('action=profile;u=' . $memID . ';area=summary');
}
/**
* This function determines the actions of the members passed in urls.
*
* Adding actions to the Who's Online list:
* Adding actions to this list is actually relatively easy...
* - for actions anyone should be able to see, just add a string named whoall_ACTION.
* (where ACTION is the action used in index.php.)
* - for actions that have a subaction which should be represented differently, use whoall_ACTION_SUBACTION.
* - for actions that include a topic, and should be restricted, use whotopic_ACTION.
* - for actions that use a message, by msg or quote, use whopost_ACTION.
* - for administrator-only actions, use whoadmin_ACTION.
* - for actions that should be viewable only with certain permissions, use whoallow_ACTION and
* add a list of possible permissions to the $allowedActions array, using ACTION as the key.
*
* @param mixed[]|string $urls a single url (string) or an array of arrays, each inner array being (serialized request data, id_member)
* @param string|false $preferred_prefix = false
* @return mixed[]|string an array of descriptions if you passed an array, otherwise the string describing their current location.
*/
function determineActions($urls, $preferred_prefix = false)
{
global $txt, $user_info, $modSettings, $scripturl;
$db = database();
if (!allowedTo('who_view')) {
return array();
}
loadLanguage('Who');
// Actions that require a specific permission level.
$allowedActions = array('admin' => array('moderate_forum', 'manage_membergroups', 'manage_bans', 'admin_forum', 'manage_permissions', 'send_mail', 'manage_attachments', 'manage_smileys', 'manage_boards', 'edit_news'), 'ban' => array('manage_bans'), 'boardrecount' => array('admin_forum'), 'calendar' => array('calendar_view'), 'editnews' => array('edit_news'), 'mailing' => array('send_mail'), 'maintain' => array('admin_forum'), 'manageattachments' => array('manage_attachments'), 'manageboards' => array('manage_boards'), 'memberlist' => array('view_mlist'), 'moderate' => array('access_mod_center', 'moderate_forum', 'manage_membergroups'), 'optimizetables' => array('admin_forum'), 'repairboards' => array('admin_forum'), 'search' => array('search_posts'), 'setcensor' => array('moderate_forum'), 'setreserve' => array('moderate_forum'), 'stats' => array('view_stats'), 'viewErrorLog' => array('admin_forum'), 'viewmembers' => array('moderate_forum'));
// Provide integration a way to add to the allowed action array
call_integration_hook('integrate_whos_online_allowed', array(&$allowedActions));
if (!is_array($urls)) {
$url_list = array(array($urls, $user_info['id']));
} else {
$url_list = $urls;
}
// These are done to query these in large chunks. (instead of one by one.)
$topic_ids = array();
$profile_ids = array();
$board_ids = array();
$data = array();
foreach ($url_list as $k => $url) {
// Get the request parameters..
$actions = @unserialize($url[0]);
if ($actions === false) {
continue;
}
// If it's the admin or moderation center, and there is an area set, use that instead.
if (isset($actions['action']) && ($actions['action'] == 'admin' || $actions['action'] == 'moderate') && isset($actions['area'])) {
$actions['action'] = $actions['area'];
}
// Check if there was no action or the action is display.
if (!isset($actions['action']) || $actions['action'] == 'display') {
// It's a topic! Must be!
if (isset($actions['topic'])) {
// Assume they can't view it, and queue it up for later.
$data[$k] = $txt['who_hidden'];
$topic_ids[(int) $actions['topic']][$k] = $txt['who_topic'];
} elseif (isset($actions['board'])) {
// Hide first, show later.
$data[$k] = $txt['who_hidden'];
$board_ids[$actions['board']][$k] = $txt['who_board'];
} else {
$data[$k] = replaceBasicActionUrl($txt['who_index']);
}
} elseif ($actions['action'] == '') {
$data[$k] = replaceBasicActionUrl($txt['who_index']);
} else {
// Viewing/editing a profile.
if ($actions['action'] == 'profile') {
// Whose? Their own?
if (empty($actions['u'])) {
require_once SUBSDIR . '/Profile.subs.php';
$memID = currentMemberID();
if ($memID == $user_info['id']) {
$actions['u'] = $url[1];
} else {
$actions['u'] = $memID;
}
}
$data[$k] = $txt['who_hidden'];
$profile_ids[(int) $actions['u']][$k] = $actions['action'] == 'profile' ? $txt['who_viewprofile'] : $txt['who_profile'];
} elseif (($actions['action'] == 'post' || $actions['action'] == 'post2' || $actions['action'] == 'topicbyemail') && empty($actions['topic']) && isset($actions['board'])) {
$data[$k] = $txt['who_hidden'];
if ($actions['action'] == 'topicbyemail') {
$board_ids[(int) $actions['board']][$k] = $txt['who_topicbyemail'];
} else {
$board_ids[(int) $actions['board']][$k] = isset($actions['poll']) ? $txt['who_poll'] : $txt['who_post'];
}
} elseif (isset($actions['sa']) && isset($txt['whoall_' . $actions['action'] . '_' . $actions['sa']])) {
$data[$k] = $preferred_prefix && isset($txt[$preferred_prefix . $actions['action'] . '_' . $actions['sa']]) ? $txt[$preferred_prefix . $actions['action'] . '_' . $actions['sa']] : $txt['whoall_' . $actions['action'] . '_' . $actions['sa']];
} elseif (isset($txt['whoall_' . $actions['action']])) {
$data[$k] = $preferred_prefix && isset($txt[$preferred_prefix . $actions['action']]) ? $txt[$preferred_prefix . $actions['action']] : replaceBasicActionUrl($txt['whoall_' . $actions['action']]);
} elseif (isset($txt['whotopic_' . $actions['action']])) {
// Find out what topic they are accessing.
$topic = (int) (isset($actions['topic']) ? $actions['topic'] : (isset($actions['from']) ? $actions['from'] : 0));
$data[$k] = $txt['who_hidden'];
$topic_ids[$topic][$k] = $txt['whotopic_' . $actions['action']];
} elseif (isset($actions['sa']) && isset($txt['whotopic_' . $actions['action'] . '_' . $actions['sa']])) {
// Find out what topic they are accessing.
$topic = (int) (isset($actions['topic']) ? $actions['topic'] : (isset($actions['from']) ? $actions['from'] : 0));
$data[$k] = $txt['who_hidden'];
$topic_ids[$topic][$k] = $txt['whotopic_' . $actions['action'] . '_' . $actions['sa']];
} elseif (isset($txt['whopost_' . $actions['action']])) {
// Find out what message they are accessing.
$msgid = (int) (isset($actions['msg']) ? $actions['msg'] : (isset($actions['quote']) ? $actions['quote'] : 0));
$result = $db->query('', '
SELECT m.id_topic, m.subject
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic' . ($modSettings['postmod_active'] ? ' AND t.approved = {int:is_approved}' : '') . ')
WHERE m.id_msg = {int:id_msg}
AND {query_see_board}' . ($modSettings['postmod_active'] ? '
AND m.approved = {int:is_approved}' : '') . '
LIMIT 1', array('is_approved' => 1, 'id_msg' => $msgid));
list($id_topic, $subject) = $db->fetch_row($result);
$data[$k] = sprintf($txt['whopost_' . $actions['action']], $scripturl . '?topic=' . $id_topic . '.0', $subject);
$db->free_result($result);
if (empty($id_topic)) {
$data[$k] = $txt['who_hidden'];
}
} elseif (allowedTo('moderate_forum') && isset($txt['whoadmin_' . $actions['action']])) {
$data[$k] = $txt['whoadmin_' . $actions['action']];
} elseif (isset($allowedActions[$actions['action']])) {
if (allowedTo($allowedActions[$actions['action']])) {
if (isset($actions['sa']) && isset($txt['whoallow_' . $actions['action'] . '_' . $actions['sa']])) {
$data[$k] = replaceBasicActionUrl($txt['whoallow_' . $actions['action'] . '_' . $actions['sa']]);
} else {
$data[$k] = replaceBasicActionUrl($txt['whoallow_' . $actions['action']]);
}
} elseif (in_array('moderate_forum', $allowedActions[$actions['action']])) {
$data[$k] = $txt['who_moderate'];
} elseif (in_array('admin_forum', $allowedActions[$actions['action']])) {
$data[$k] = $txt['who_admin'];
} else {
$data[$k] = $txt['who_hidden'];
}
} elseif (!empty($actions['action'])) {
$data[$k] = sprintf($txt['who_generic'], $actions['action']);
} else {
$data[$k] = $txt['who_unknown'];
}
}
// Maybe the action is integrated into another system?
if (count($integrate_actions = call_integration_hook('integrate_whos_online', array($actions))) > 0) {
// Try each integraion hook with this url and see if they can fill in the details
foreach ($integrate_actions as $integrate_action) {
if (!empty($integrate_action)) {
// Found it, all done then
$data[$k] = $integrate_action;
break;
}
}
}
}
// Load topic names.
if (!empty($topic_ids)) {
require_once SUBSDIR . '/Topic.subs.php';
$topics_data = topicsList(array_keys($topic_ids));
foreach ($topics_data as $topic) {
// Show the topic's subject for each of the members looking at this...
foreach ($topic_ids[$topic['id_topic']] as $k => $session_text) {
$data[$k] = sprintf($session_text, $scripturl . '?topic=' . $topic['id_topic'] . '.0', $topic['subject']);
}
}
}
// Load board names.
if (!empty($board_ids)) {
require_once SUBSDIR . '/Boards.subs.php';
$boards_list = getBoardList(array('included_boards' => array_keys($board_ids)), true);
foreach ($boards_list as $board) {
// Put the board name into the string for each member...
foreach ($board_ids[$board['id_board']] as $k => $session_text) {
$data[$k] = sprintf($session_text, $scripturl . '?board=' . $board['id_board'] . '.0', $board['board_name']);
}
}
}
// Load member names for the profile.
if (!empty($profile_ids) && (allowedTo('profile_view_any') || allowedTo('profile_view_own'))) {
require_once SUBSDIR . '/Members.subs.php';
$result = getBasicMemberData(array_keys($profile_ids));
foreach ($result as $row) {
// If they aren't allowed to view this person's profile, skip it.
if (!allowedTo('profile_view_any') && $user_info['id'] != $row['id_member']) {
continue;
}
// Set their action on each - session/text to sprintf.
foreach ($profile_ids[$row['id_member']] as $k => $session_text) {
$data[$k] = sprintf($session_text, $scripturl . '?action=profile;u=' . $row['id_member'], $row['real_name']);
}
}
}
if (!is_array($urls)) {
return isset($data[0]) ? $data[0] : false;
} else {
return $data;
}
}
/**
* Allow the change or view of profiles.
* Loads the profile menu.
*
* @see Action_Controller::action_index()
*/
public function action_index()
{
global $txt, $scripturl, $user_info, $context, $user_profile, $cur_profile;
global $modSettings, $memberContext, $profile_vars, $post_errors, $user_settings;
// Don't reload this as we may have processed error strings.
if (empty($post_errors)) {
loadLanguage('Profile+Drafts');
}
loadTemplate('Profile');
require_once SUBSDIR . '/Menu.subs.php';
require_once SUBSDIR . '/Profile.subs.php';
$memID = currentMemberID();
$context['id_member'] = $memID;
$cur_profile = $user_profile[$memID];
// Let's have some information about this member ready, too.
loadMemberContext($memID);
$context['member'] = $memberContext[$memID];
// Is this the profile of the user himself or herself?
$context['user']['is_owner'] = $memID == $user_info['id'];
/**
* Define all the sections within the profile area!
* We start by defining the permission required - then we take this and turn
* it into the relevant context ;)
*
* Possible fields:
* For Section:
* - string $title: Section title.
* - array $areas: Array of areas within this section.
*
* For Areas:
* - string $label: Text string that will be used to show the area in the menu.
* - string $file: Optional text string that may contain a file name that's needed for inclusion in order to display the area properly.
* - string $custom_url: Optional href for area.
* - string $function: Function to execute for this section.
* - bool $enabled: Should area be shown?
* - string $sc: Session check validation to do on save - note without this save will get unset - if set.
* - bool $hidden: Does this not actually appear on the menu?
* - bool $password: Whether to require the user's password in order to save the data in the area.
* - array $subsections: Array of subsections, in order of appearance.
* - array $permission: Array of permissions to determine who can access this area. Should contain arrays $own and $any.
*/
$profile_areas = array('info' => array('title' => $txt['profileInfo'], 'areas' => array('summary' => array('label' => $txt['summary'], 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_summary', 'token' => 'profile-aa%u', 'token_type' => 'get', 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'statistics' => array('label' => $txt['statPanel'], 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_statPanel', 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'showposts' => array('label' => $txt['showPosts'], 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_showPosts', 'subsections' => array('messages' => array($txt['showMessages'], array('profile_view_own', 'profile_view_any')), 'topics' => array($txt['showTopics'], array('profile_view_own', 'profile_view_any')), 'unwatchedtopics' => array($txt['showUnwatched'], array('profile_view_own', 'profile_view_any'), 'enabled' => $modSettings['enable_unwatch'] && $context['user']['is_owner']), 'attach' => array($txt['showAttachments'], array('profile_view_own', 'profile_view_any'))), 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'showdrafts' => array('label' => $txt['drafts_show'], 'file' => 'Draft.controller.php', 'controller' => 'Draft_Controller', 'function' => 'action_showProfileDrafts', 'enabled' => !empty($modSettings['drafts_enabled']) && $context['user']['is_owner'], 'permission' => array('own' => 'profile_view_own', 'any' => array())), 'showlikes' => array('label' => $txt['likes_show'], 'file' => 'Likes.controller.php', 'controller' => 'Likes_Controller', 'function' => 'action_showProfileLikes', 'enabled' => !empty($modSettings['likes_enabled']) && $context['user']['is_owner'], 'subsections' => array('given' => array($txt['likes_given'], array('profile_view_own')), 'received' => array($txt['likes_received'], array('profile_view_own'))), 'permission' => array('own' => 'profile_view_own', 'any' => array())), 'permissions' => array('label' => $txt['showPermissions'], 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_showPermissions', 'permission' => array('own' => 'manage_permissions', 'any' => 'manage_permissions')), 'history' => array('label' => $txt['history'], 'file' => 'ProfileHistory.controller.php', 'controller' => 'ProfileHistory_Controller', 'function' => 'action_index', 'subsections' => array('activity' => array($txt['trackActivity'], 'moderate_forum'), 'ip' => array($txt['trackIP'], 'moderate_forum'), 'edits' => array($txt['trackEdits'], 'moderate_forum'), 'logins' => array($txt['trackLogins'], array('profile_view_own', 'moderate_forum'))), 'permission' => array('own' => 'moderate_forum', 'any' => 'moderate_forum')), 'viewwarning' => array('label' => $txt['profile_view_warnings'], 'enabled' => in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']) && $cur_profile['warning'] && (!empty($modSettings['warning_show']) && ($context['user']['is_owner'] || $modSettings['warning_show'] == 2)), 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_viewWarning', 'permission' => array('own' => 'profile_view_own', 'any' => 'issue_warning')))), 'edit_profile' => array('title' => $txt['profileEdit'], 'areas' => array('account' => array('label' => $txt['account'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_account', 'enabled' => $context['user']['is_admin'] || $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), 'sc' => 'post', 'token' => 'profile-ac%u', 'password' => true, 'permission' => array('own' => array('profile_identity_any', 'profile_identity_own', 'manage_membergroups'), 'any' => array('profile_identity_any', 'manage_membergroups'))), 'forumprofile' => array('label' => $txt['forumprofile'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_forumProfile', 'sc' => 'post', 'token' => 'profile-fp%u', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own', 'profile_title_own', 'profile_title_any'), 'any' => array('profile_extra_any', 'profile_title_any'))), 'theme' => array('label' => $txt['theme'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_themepick', 'sc' => 'post', 'token' => 'profile-th%u', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'authentication' => array('label' => $txt['authentication'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_authentication', 'enabled' => !empty($modSettings['enableOpenID']) || !empty($cur_profile['openid_uri']), 'sc' => 'post', 'token' => 'profile-au%u', 'hidden' => empty($modSettings['enableOpenID']) && empty($cur_profile['openid_uri']), 'password' => true, 'permission' => array('own' => array('profile_identity_any', 'profile_identity_own'), 'any' => array('profile_identity_any'))), 'notification' => array('label' => $txt['notifications'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_notification', 'sc' => 'post', 'token' => 'profile-nt%u', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'contactprefs' => array('label' => $txt['contactprefs'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_pmprefs', 'enabled' => allowedTo(array('profile_extra_own', 'profile_extra_any')), 'sc' => 'post', 'token' => 'profile-pm%u', 'permission' => array('own' => array('pm_read'), 'any' => array('profile_extra_any'))), 'ignoreboards' => array('label' => $txt['ignoreboards'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_ignoreboards', 'enabled' => !empty($modSettings['allow_ignore_boards']), 'sc' => 'post', 'token' => 'profile-ib%u', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'lists' => array('label' => $txt['editBuddyIgnoreLists'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_editBuddyIgnoreLists', 'enabled' => !empty($modSettings['enable_buddylist']) && $context['user']['is_owner'], 'sc' => 'post', 'token' => 'profile-bl%u', 'subsections' => array('buddies' => array($txt['editBuddies']), 'ignore' => array($txt['editIgnoreList'])), 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array())), 'groupmembership' => array('label' => $txt['groupmembership'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_groupMembership', 'enabled' => !empty($modSettings['show_group_membership']) && $context['user']['is_owner'], 'sc' => 'request', 'token' => 'profile-gm%u', 'token_type' => 'request', 'permission' => array('own' => array('profile_view_own'), 'any' => array('manage_membergroups'))))), 'profile_action' => array('title' => $txt['profileAction'], 'areas' => array('sendpm' => array('label' => $txt['profileSendIm'], 'custom_url' => $scripturl . '?action=pm;sa=send', 'permission' => array('own' => array(), 'any' => array('pm_send'))), 'issuewarning' => array('label' => $txt['profile_issue_warning'], 'enabled' => in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']) && (!$context['user']['is_owner'] || $context['user']['is_admin']), 'file' => 'ProfileAccount.controller.php', 'controller' => 'ProfileAccount_Controller', 'function' => 'action_issuewarning', 'token' => 'profile-iw%u', 'permission' => array('own' => array(), 'any' => array('issue_warning'))), 'banuser' => array('label' => $txt['profileBanUser'], 'custom_url' => $scripturl . '?action=admin;area=ban;sa=add', 'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), 'permission' => array('own' => array(), 'any' => array('manage_bans'))), 'subscriptions' => array('label' => $txt['subscriptions'], 'file' => 'ProfileSubscriptions.controller.php', 'controller' => 'ProfileSubscriptions_Controller', 'function' => 'action_subscriptions', 'enabled' => !empty($modSettings['paid_enabled']), 'permission' => array('own' => array('profile_view_own'), 'any' => array('moderate_forum'))), 'deleteaccount' => array('label' => $txt['deleteAccount'], 'file' => 'ProfileAccount.controller.php', 'controller' => 'ProfileAccount_Controller', 'function' => 'action_deleteaccount', 'sc' => 'post', 'token' => 'profile-da%u', 'password' => true, 'permission' => array('own' => array('profile_remove_any', 'profile_remove_own'), 'any' => array('profile_remove_any'))), 'activateaccount' => array('file' => 'ProfileAccount.controller.php', 'controller' => 'ProfileAccount_Controller', 'function' => 'action_activateaccount', 'sc' => 'get', 'token' => 'profile-aa%u', 'permission' => array('own' => array(), 'any' => array('moderate_forum'))))));
// Is there an updated message to show?
if (isset($_GET['updated'])) {
$context['profile_updated'] = $txt['profile_updated_own'];
}
// Set a few options for the menu.
$menuOptions = array('disable_url_session_check' => true, 'hook' => 'profile', 'extra_url_parameters' => array('u' => $context['id_member']), 'default_include_dir' => CONTROLLERDIR);
// Actually create the menu!
$profile_include_data = createMenu($profile_areas, $menuOptions);
unset($profile_areas);
// If it said no permissions that meant it wasn't valid!
if ($profile_include_data && empty($profile_include_data['permission'])) {
$profile_include_data['enabled'] = false;
}
// No menu and guest? A warm welcome to register
if (!$profile_include_data && $user_info['is_guest']) {
is_not_guest();
}
// No menu means no access.
if (!$profile_include_data || isset($profile_include_data['enabled']) && $profile_include_data['enabled'] === false) {
fatal_lang_error('no_access', false);
}
// Make a note of the Unique ID for this menu.
$context['profile_menu_id'] = $context['max_menu_id'];
$context['profile_menu_name'] = 'menu_data_' . $context['profile_menu_id'];
// Set the selected item - now it's been validated.
$current_area = $profile_include_data['current_area'];
$context['menu_item_selected'] = $current_area;
// Before we go any further, let's work on the area we've said is valid.
// Note this is done here just in case we ever compromise the menu function in error!
$this->_completed_save = false;
$context['do_preview'] = isset($_REQUEST['preview_signature']);
// Are we saving data in a valid area?
if (isset($profile_include_data['sc']) && (isset($_REQUEST['save']) || $context['do_preview'])) {
checkSession($profile_include_data['sc']);
$this->_completed_save = true;
}
// Does this require session validating?
if (!empty($area['validate']) || isset($_REQUEST['save']) && !$context['user']['is_owner']) {
validateSession();
}
// Do we need to perform a token check?
if (!empty($profile_include_data['token'])) {
if ($profile_include_data['token'] !== true) {
$token_name = str_replace('%u', $context['id_member'], $profile_include_data['token']);
} else {
$token_name = 'profile-u' . $context['id_member'];
}
if (isset($profile_include_data['token_type']) && in_array($profile_include_data['token_type'], array('request', 'post', 'get'))) {
$token_type = $profile_include_data['token_type'];
} else {
$token_type = 'post';
}
if (isset($_REQUEST['save'])) {
validateToken($token_name, $token_type);
}
}
// Permissions for good measure.
if (!empty($profile_include_data['permission'])) {
isAllowedTo($profile_include_data['permission'][$context['user']['is_owner'] ? 'own' : 'any']);
}
// Create a token if needed.
if (!empty($profile_include_data['token'])) {
createToken($token_name, $token_type);
$context['token_check'] = $token_name;
}
// Build the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''), 'name' => sprintf($txt['profile_of_username'], $context['member']['name']));
if (!empty($profile_include_data['label'])) {
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'], 'name' => $profile_include_data['label']);
}
if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label']) {
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'], 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0]);
}
// Set the template for this area... if you still can :P
// and add the profile layer.
$context['sub_template'] = $profile_include_data['function'];
Template_Layers::getInstance()->add('profile');
loadJavascriptFile('profile.js');
// All the subactions that require a user password in order to validate.
$check_password = $context['user']['is_owner'] && !empty($profile_include_data['password']);
$context['require_password'] = $check_password && empty($user_settings['openid_uri']);
// These will get populated soon!
$post_errors = array();
$profile_vars = array();
// Right - are we saving - if so let's save the old data first.
if ($this->_completed_save) {
// Clean up the POST variables.
$_POST = htmltrim__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
if ($check_password) {
// If we're using OpenID try to revalidate.
if (!empty($user_settings['openid_uri'])) {
require_once SUBSDIR . '/OpenID.subs.php';
$openID = new OpenID();
$openID->revalidate();
} else {
// You didn't even enter a password!
if (trim($_POST['oldpasswrd']) == '') {
$post_errors[] = 'no_password';
}
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
$_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']);
// Does the integration want to check passwords?
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true);
// Start up the password checker, we have work to do
require_once SUBSDIR . '/Auth.subs.php';
// Bad password!!!
if (!$good_password && !validateLoginPassword($_POST['oldpasswrd'], $user_info['passwd'], $user_profile[$memID]['member_name'])) {
$post_errors[] = 'bad_password';
}
// Warn other elements not to jump the gun and do custom changes!
if (in_array('bad_password', $post_errors)) {
$context['password_auth_failed'] = true;
}
}
}
// Change the IP address in the database.
if ($context['user']['is_owner']) {
$profile_vars['member_ip'] = $user_info['ip'];
}
// Now call the sub-action function...
if ($current_area == 'activateaccount') {
if (empty($post_errors)) {
require_once CONTROLLERDIR . '/ProfileAccount.controller.php';
$controller = new ProfileAccount_Controller();
$controller->action_activateaccount();
}
} elseif ($current_area == 'deleteaccount') {
if (empty($post_errors)) {
require_once CONTROLLERDIR . '/ProfileAccount.controller.php';
$controller = new ProfileAccount_Controller();
$controller->action_deleteaccount2();
redirectexit();
}
} elseif ($current_area == 'groupmembership' && empty($post_errors)) {
require_once CONTROLLERDIR . '/ProfileOptions.controller.php';
$controller = new Profileoptions_Controller();
$msg = $controller->action_groupMembership2();
// Whatever we've done, we have nothing else to do here...
redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : ''));
} elseif ($current_area == 'authentication') {
require_once CONTROLLERDIR . '/ProfileOptions.controller.php';
$controller = new ProfileOptions_Controller();
$controller->action_authentication(true);
} elseif (in_array($current_area, array('account', 'forumprofile', 'theme', 'contactprefs'))) {
saveProfileFields();
} else {
$force_redirect = true;
saveProfileChanges($profile_vars, $memID);
}
call_integration_hook('integrate_profile_save', array(&$profile_vars, &$post_errors, $memID));
// There was a problem, let them try to re-enter.
if (!empty($post_errors)) {
// Load the language file so we can give a nice explanation of the errors.
loadLanguage('Errors');
$context['post_errors'] = $post_errors;
} elseif (!empty($profile_vars)) {
// If we've changed the password, notify any integration that may be listening in.
if (isset($profile_vars['passwd'])) {
call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2']));
}
updateMemberData($memID, $profile_vars);
// What if this is the newest member?
if ($modSettings['latestMember'] == $memID) {
updateStats('member');
} elseif (isset($profile_vars['real_name'])) {
updateSettings(array('memberlist_updated' => time()));
}
// If the member changed his/her birthdate, update calendar statistics.
if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name'])) {
updateSettings(array('calendar_updated' => time()));
}
// Anything worth logging?
if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled'])) {
$log_changes = array();
foreach ($context['log_changes'] as $k => $v) {
$log_changes[] = array('action' => $k, 'log_type' => 'user', 'extra' => array_merge($v, array('applicator' => $user_info['id'], 'member_affected' => $memID)));
}
logActions($log_changes);
}
// Have we got any post save functions to execute?
if (!empty($context['profile_execute_on_save'])) {
foreach ($context['profile_execute_on_save'] as $saveFunc) {
$saveFunc();
}
}
// Let them know it worked!
$context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']);
// Invalidate any cached data.
cache_put_data('member_data-profile-' . $memID, null, 0);
}
}
// Have some errors for some reason?
if (!empty($post_errors)) {
// Set all the errors so the template knows what went wrong.
foreach ($post_errors as $error_type) {
$context['modify_error'][$error_type] = true;
}
} elseif (!empty($profile_vars) && $context['user']['is_owner'] && !$context['do_preview']) {
redirectexit('action=profile;area=' . $current_area . ';updated');
} elseif (!empty($force_redirect)) {
redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area);
}
// Let go to the right place
if (isset($profile_include_data['file'])) {
require_once $profile_include_data['file'];
}
callMenu($profile_include_data);
// Set the page title if it's not already set...
if (!isset($context['page_title'])) {
$context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : '');
}
}
/**
* Shows all posts that others have liked of theirs
*/
private function _action_showReceived()
{
global $context, $txt, $scripturl;
$memID = currentMemberID();
// Build the listoption array to display the data
$listOptions = array('id' => 'view_likes', 'title' => $txt['likes'], 'items_per_page' => 25, 'no_items_label' => $txt['likes_none_received'], 'base_href' => $scripturl . '?action=profile;area=showlikes;sa=received;u=' . $memID, 'default_sort_col' => 'subject', 'get_items' => array('function' => array($this, 'list_loadLikesReceived'), 'params' => array($memID)), 'get_count' => array('function' => array($this, 'list_getLikesCount'), 'params' => array($memID, false)), 'columns' => array('subject' => array('header' => array('value' => $txt['subject']), 'data' => array('db' => 'subject'), 'sort' => array('default' => 'm.subject DESC', 'reverse' => 'm.subject')), 'name' => array('header' => array('value' => $txt['board']), 'data' => array('db' => 'name'), 'sort' => array('default' => 'b.name', 'reverse' => 'b.name DESC')), 'likes' => array('header' => array('value' => $txt['likes']), 'data' => array('db' => 'likes'), 'sort' => array('default' => 'likes', 'reverse' => 'likes DESC')), 'action' => array('header' => array('value' => $txt['show'], 'class' => 'centertext'), 'data' => array('function' => create_function('$row', '
global $txt, $settings;
$result = \'<a href="\' . $row[\'who\'] . \'" title="\' . $txt[\'likes_show_who\'] . \'"><img src="\' . $settings[\'images_url\'] . \'/icons/members.png" alt="" /></a>\';
return $result;'), 'class' => 'centertext', 'style' => 'width: 10%'))));
// Menu tabs
$context[$context['profile_menu_name']]['tab_data'] = array('title' => $txt['likes_received'], 'class' => 'star');
// Set the context values
$context['page_title'] = $txt['likes'];
$context['sub_template'] = 'show_list';
$context['default_list'] = 'view_likes';
// Create the list.
createList($listOptions);
}
/**
* View a members warnings.
*/
public function action_viewWarning()
{
global $modSettings, $context, $txt, $scripturl;
// Firstly, can we actually even be here?
if (!allowedTo('issue_warning') && (empty($modSettings['warning_show']) || $modSettings['warning_show'] == 1 && !$context['user']['is_owner'])) {
fatal_lang_error('no_access', false);
}
loadTemplate('ProfileInfo');
// We need this because of template_load_warning_variables
loadTemplate('Profile');
// Make sure things which are disabled stay disabled.
$modSettings['warning_watch'] = !empty($modSettings['warning_watch']) ? $modSettings['warning_watch'] : 110;
$modSettings['warning_moderate'] = !empty($modSettings['warning_moderate']) && !empty($modSettings['postmod_active']) ? $modSettings['warning_moderate'] : 110;
$modSettings['warning_mute'] = !empty($modSettings['warning_mute']) ? $modSettings['warning_mute'] : 110;
// Let's use a generic list to get all the current warnings
// and use the issue warnings grab-a-granny thing.
require_once SUBSDIR . '/GenericList.class.php';
$memID = currentMemberID();
$listOptions = array('id' => 'view_warnings', 'title' => $txt['profile_viewwarning_previous_warnings'], 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['profile_viewwarning_no_warnings'], 'base_href' => $scripturl . '?action=profile;area=viewwarning;sa=user;u=' . $memID, 'default_sort_col' => 'log_time', 'get_items' => array('function' => 'list_getUserWarnings', 'params' => array($memID)), 'get_count' => array('function' => 'list_getUserWarningCount', 'params' => array($memID)), 'columns' => array('log_time' => array('header' => array('value' => $txt['profile_warning_previous_time']), 'data' => array('db' => 'time'), 'sort' => array('default' => 'lc.log_time DESC', 'reverse' => 'lc.log_time')), 'reason' => array('header' => array('value' => $txt['profile_warning_previous_reason'], 'style' => 'width: 50%;'), 'data' => array('db' => 'reason')), 'level' => array('header' => array('value' => $txt['profile_warning_previous_level']), 'data' => array('db' => 'counter'), 'sort' => array('default' => 'lc.counter DESC', 'reverse' => 'lc.counter'))), 'additional_rows' => array(array('position' => 'after_title', 'value' => $txt['profile_viewwarning_desc'], 'class' => 'smalltext', 'style' => 'padding: 2ex;')));
// Create the list for viewing.
createList($listOptions);
// Create some common text bits for the template.
$context['level_effects'] = array(0 => '', $modSettings['warning_watch'] => $txt['profile_warning_effect_own_watched'], $modSettings['warning_moderate'] => $txt['profile_warning_effect_own_moderated'], $modSettings['warning_mute'] => $txt['profile_warning_effect_own_muted']);
$context['current_level'] = 0;
$context['sub_template'] = 'viewWarning';
foreach ($context['level_effects'] as $limit => $dummy) {
if ($context['member']['warning'] >= $limit) {
$context['current_level'] = $limit;
}
}
}
/**
* Method for doing all the paid subscription stuff - kinda.
*/
public function action_subscriptions()
{
global $context, $txt;
// Load the paid template anyway.
loadTemplate('ManagePaid');
loadLanguage('ManagePaid');
$memID = currentMemberID();
$context['member']['id'] = $memID;
// Load all of the subscriptions in the system
require_once SUBSDIR . '/PaidSubscriptions.subs.php';
loadSubscriptions();
// Remove any invalid ones, ones not properly set up
foreach ($context['subscriptions'] as $id => $sub) {
// Work out the costs.
$costs = @unserialize($sub['real_cost']);
$cost_array = array();
// Flexible cost to time?
if ($sub['real_length'] == 'F') {
foreach ($costs as $duration => $cost) {
if ($cost != 0) {
$cost_array[$duration] = $cost;
}
}
} else {
$cost_array['fixed'] = $costs['fixed'];
}
// No cost associated with it, then drop it
if (empty($cost_array)) {
unset($context['subscriptions'][$id]);
} else {
$context['subscriptions'][$id]['member'] = 0;
$context['subscriptions'][$id]['subscribed'] = false;
$context['subscriptions'][$id]['costs'] = $cost_array;
}
}
// Work out what payment gateways are enabled.
$gateways = loadPaymentGateways();
foreach ($gateways as $id => $gateway) {
$gateways[$id] = new $gateway['display_class']();
if (!$gateways[$id]->gatewayEnabled()) {
unset($gateways[$id]);
}
}
// No gateways yet, no way to pay then!
if (empty($gateways)) {
fatal_error($txt['paid_admin_not_setup_gateway']);
}
// Get the members current subscriptions.
$context['current'] = loadMemberSubscriptions($memID, $context['subscriptions']);
// Find the active subscribed ones
foreach ($context['current'] as $id => $current) {
if ($current['status'] == 1) {
$context['subscriptions'][$id]['subscribed'] = true;
}
}
// Simple "done"?
if (isset($_GET['done'])) {
$this->_orderDone($memID);
} elseif (isset($_GET['confirm']) && isset($_POST['sub_id']) && is_array($_POST['sub_id'])) {
$this->_confirmOrder($gateways, $memID);
} else {
$context['sub_template'] = 'user_subscription';
}
}
/**
* Show all PM drafts of the current user
* Uses the showpmdraft template
* Allows for the deleting and loading/editing of PM drafts
*/
public function action_showPMDrafts()
{
global $txt, $user_info, $scripturl, $modSettings, $context;
require_once SUBSDIR . '/Profile.subs.php';
require_once SUBSDIR . '/Drafts.subs.php';
$memID = currentMemberID();
// Quick check how we got here.
if ($memID != $user_info['id']) {
// empty($modSettings['drafts_enabled']) || empty($modSettings['drafts_pm_enabled']))
fatal_lang_error('no_access', false);
}
// Set up what we will need
$context['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
// If just deleting a draft, do it and then redirect back.
if (!empty($_REQUEST['delete'])) {
checkSession('get');
$id_delete = (int) $_REQUEST['delete'];
deleteDrafts($id_delete, $memID);
redirectexit('action=pm;sa=showpmdrafts;start=' . $context['start']);
}
// Perhaps a draft was selected for editing? if so pass this off
if (!empty($_REQUEST['id_draft']) && !empty($context['drafts_pm_save'])) {
checkSession('get');
$id_draft = (int) $_REQUEST['id_draft'];
redirectexit('action=pm;sa=send;id_draft=' . $id_draft);
}
// Init
$maxIndex = (int) $modSettings['defaultMaxMessages'];
// Default to 10.
if (empty($_REQUEST['viewscount']) || !is_numeric($_REQUEST['viewscount'])) {
$_REQUEST['viewscount'] = 10;
}
// Get the count of applicable drafts
$msgCount = draftsCount($memID, 1);
// Make sure the starting place makes sense and construct our friend the page index.
$context['page_index'] = constructPageIndex($scripturl . '?action=pm;sa=showpmdrafts', $context['start'], $msgCount, $maxIndex);
$context['current_page'] = $context['start'] / $maxIndex;
// Reverse the query if we're past 50% of the total for better performance.
$start = $context['start'];
$reverse = $start > $msgCount / 2;
if ($reverse) {
$maxIndex = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 && $msgCount > $context['start'] ? $msgCount - $context['start'] : (int) $modSettings['defaultMaxMessages'];
$start = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 || $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] ? 0 : $msgCount - $context['start'] - $modSettings['defaultMaxMessages'];
}
// Go get em'
$order = 'ud.poster_time ' . ($reverse ? 'ASC' : 'DESC');
$limit = $start . ', ' . $maxIndex;
$user_drafts = load_user_drafts($memID, 1, false, $order, $limit);
// Start counting at the number of the first message displayed.
$counter = $reverse ? $context['start'] + $maxIndex + 1 : $context['start'];
$context['posts'] = array();
foreach ($user_drafts as $row) {
// Censor....
if (empty($row['body'])) {
$row['body'] = '';
}
$row['subject'] = Util::htmltrim($row['subject']);
if (empty($row['subject'])) {
$row['subject'] = $txt['no_subject'];
}
censorText($row['body']);
censorText($row['subject']);
// BBC-ilize the message.
$row['body'] = parse_bbc($row['body'], true, 'draft' . $row['id_draft']);
// Have they provided who this will go to?
$recipients = array('to' => array(), 'bcc' => array());
$recipient_ids = !empty($row['to_list']) ? unserialize($row['to_list']) : array();
// Get nice names to show the user, the id's are not that great to see!
if (!empty($recipient_ids['to']) || !empty($recipient_ids['bcc'])) {
$recipient_ids['to'] = array_map('intval', $recipient_ids['to']);
$recipient_ids['bcc'] = array_map('intval', $recipient_ids['bcc']);
$allRecipients = array_merge($recipient_ids['to'], $recipient_ids['bcc']);
$recipients = draftsRecipients($allRecipients, $recipient_ids);
}
// Add the items to the array for template use
$context['drafts'][$counter += $reverse ? -1 : 1] = array('body' => $row['body'], 'counter' => $counter, 'alternate' => $counter % 2, 'subject' => $row['subject'], 'time' => standardTime($row['poster_time']), 'html_time' => htmlTime($row['poster_time']), 'timestamp' => forum_time(true, $row['poster_time']), 'id_draft' => $row['id_draft'], 'recipients' => $recipients, 'age' => floor((time() - $row['poster_time']) / 86400), 'remaining' => !empty($modSettings['drafts_keep_days']) ? floor($modSettings['drafts_keep_days'] - (time() - $row['poster_time']) / 86400) : 0);
}
// If the drafts were retrieved in reverse order, then put them in the right order again.
if ($reverse) {
$context['drafts'] = array_reverse($context['drafts'], true);
}
// Off to the template we go
$context['page_title'] = $txt['drafts'];
$context['sub_template'] = 'showPMDrafts';
$context['linktree'][] = array('url' => $scripturl . '?action=pm;sa=showpmdrafts', 'name' => $txt['drafts']);
}
public function action_profile()
{
global $context, $user_info;
require_once SUBSDIR . '/Extauth.subs.php';
$memID = currentMemberID();
// Load the template file
loadTemplate('Extauth');
// Get a list of enabled providers
$context['enabled_providers'] = array();
$config = (require_once EXTDIR . '/hybridauth/config.php');
$context['connected_providers'] = connectedProviders($memID);
foreach ($config['providers'] as $name => $provider) {
if ($provider['enabled']) {
$context['enabled_providers'][] = $name;
}
}
}
/**
* This function actually makes all the group changes
*
* @return string
*/
public function action_groupMembership2()
{
global $context, $user_profile, $modSettings, $scripturl, $language;
$db = database();
$memID = currentMemberID();
// Let's be extra cautious...
if (!$context['user']['is_owner'] || empty($modSettings['show_group_membership'])) {
isAllowedTo('manage_membergroups');
}
if (!isset($_REQUEST['gid']) && !isset($_POST['primary'])) {
fatal_lang_error('no_access', false);
}
checkSession(isset($_GET['gid']) ? 'get' : 'post');
require_once SUBSDIR . '/Membergroups.subs.php';
$old_profile =& $user_profile[$memID];
$context['can_manage_membergroups'] = allowedTo('manage_membergroups');
$context['can_manage_protected'] = allowedTo('admin_forum');
// By default the new primary is the old one.
$newPrimary = $old_profile['id_group'];
$addGroups = array_flip(explode(',', $old_profile['additional_groups']));
$canChangePrimary = $old_profile['id_group'] == 0 ? 1 : 0;
$changeType = isset($_POST['primary']) ? 'primary' : (isset($_POST['req']) ? 'request' : 'free');
// One way or another, we have a target group in mind...
$group_id = isset($_REQUEST['gid']) ? (int) $_REQUEST['gid'] : (int) $_POST['primary'];
$foundTarget = $changeType == 'primary' && $group_id == 0 ? true : false;
// Sanity check!!
if ($group_id == 1) {
isAllowedTo('admin_forum');
}
// What ever we are doing, we need to determine if changing primary is possible!
$groups_details = membergroupsById(array($group_id, $old_profile['id_group']), 0, true);
// Protected groups require proper permissions!
if ($group_id != 1 && $groups_details[$group_id]['group_type'] == 1) {
isAllowedTo('admin_forum');
}
foreach ($groups_details as $key => $row) {
// Is this the new group?
if ($row['id_group'] == $group_id) {
$foundTarget = true;
$group_name = $row['group_name'];
// Does the group type match what we're doing - are we trying to request a non-requestable group?
if ($changeType == 'request' && $row['group_type'] != 2) {
fatal_lang_error('no_access', false);
} elseif ($changeType == 'free' && $row['group_type'] == 2 && $old_profile['id_group'] != $row['id_group'] && !isset($addGroups[$row['id_group']])) {
fatal_lang_error('no_access', false);
} elseif ($changeType == 'free' && $row['group_type'] != 3 && $row['group_type'] != 2) {
fatal_lang_error('no_access', false);
}
// We can't change the primary group if this is hidden!
if ($row['hidden'] == 2) {
$canChangePrimary = false;
}
}
// If this is their old primary, can we change it?
if ($row['id_group'] == $old_profile['id_group'] && ($row['group_type'] > 1 || $context['can_manage_membergroups']) && $canChangePrimary !== false) {
$canChangePrimary = 1;
}
// If we are not doing a force primary move, don't do it automatically if current primary is not 0.
if ($changeType != 'primary' && $old_profile['id_group'] != 0) {
$canChangePrimary = false;
}
// If this is the one we are acting on, can we even act?
if (!$context['can_manage_protected'] && $row['group_type'] == 1 || !$context['can_manage_membergroups'] && $row['group_type'] == 0) {
$canChangePrimary = false;
}
}
// Didn't find the target?
if (!$foundTarget) {
fatal_lang_error('no_access', false);
}
// Final security check, don't allow users to promote themselves to admin.
if ($context['can_manage_membergroups'] && !allowedTo('admin_forum')) {
$request = $db->query('', '
SELECT COUNT(permission)
FROM {db_prefix}permissions
WHERE id_group = {int:selected_group}
AND permission = {string:admin_forum}
AND add_deny = {int:not_denied}', array('selected_group' => $group_id, 'not_denied' => 1, 'admin_forum' => 'admin_forum'));
list($disallow) = $db->fetch_row($request);
$db->free_result($request);
if ($disallow) {
isAllowedTo('admin_forum');
}
}
// If we're requesting, add the note then return.
if ($changeType == 'request') {
$request = $db->query('', '
SELECT id_member
FROM {db_prefix}log_group_requests
WHERE id_member = {int:selected_member}
AND id_group = {int:selected_group}', array('selected_member' => $memID, 'selected_group' => $group_id));
if ($db->num_rows($request) != 0) {
fatal_lang_error('profile_error_already_requested_group');
}
$db->free_result($request);
// Log the request.
$db->insert('', '{db_prefix}log_group_requests', array('id_member' => 'int', 'id_group' => 'int', 'time_applied' => 'int', 'reason' => 'string-65534'), array($memID, $group_id, time(), $_POST['reason']), array('id_request'));
// Send an email to all group moderators etc.
require_once SUBSDIR . '/Mail.subs.php';
// Do we have any group moderators?
$request = $db->query('', '
SELECT id_member
FROM {db_prefix}group_moderators
WHERE id_group = {int:selected_group}', array('selected_group' => $group_id));
$moderators = array();
while ($row = $db->fetch_assoc($request)) {
$moderators[] = $row['id_member'];
}
$db->free_result($request);
// Otherwise this is the backup!
if (empty($moderators)) {
require_once SUBSDIR . '/Members.subs.php';
$moderators = membersAllowedTo('manage_membergroups');
}
if (!empty($moderators)) {
require_once SUBSDIR . '/Members.subs.php';
$members = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile'));
foreach ($members as $member) {
if ($member['notify_types'] != 4) {
continue;
}
// Check whether they are interested.
if (!empty($member['mod_prefs'])) {
list(, , $pref_binary) = explode('|', $member['mod_prefs']);
if (!($pref_binary & 4)) {
continue;
}
}
$replacements = array('RECPNAME' => $member['member_name'], 'APPYNAME' => $old_profile['member_name'], 'GROUPNAME' => $group_name, 'REASON' => $_POST['reason'], 'MODLINK' => $scripturl . '?action=moderate;area=groups;sa=requests');
$emaildata = loadEmailTemplate('request_membership', $replacements, empty($member['lngfile']) || empty($modSettings['userLanguage']) ? $language : $member['lngfile']);
sendmail($member['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
}
}
return $changeType;
} elseif ($changeType == 'free') {
// Are we leaving?
if ($old_profile['id_group'] == $group_id || isset($addGroups[$group_id])) {
if ($old_profile['id_group'] == $group_id) {
$newPrimary = 0;
} else {
unset($addGroups[$group_id]);
}
} else {
// Can we change the primary, and do we want to?
if ($canChangePrimary) {
if ($old_profile['id_group'] != 0) {
$addGroups[$old_profile['id_group']] = -1;
}
$newPrimary = $group_id;
} else {
$addGroups[$group_id] = -1;
}
}
} elseif ($canChangePrimary) {
if ($old_profile['id_group'] != 0) {
$addGroups[$old_profile['id_group']] = -1;
}
if (isset($addGroups[$group_id])) {
unset($addGroups[$group_id]);
}
$newPrimary = $group_id;
}
// Finally, we can make the changes!
foreach ($addGroups as $id => $dummy) {
if (empty($id)) {
unset($addGroups[$id]);
}
}
$addGroups = implode(',', array_flip($addGroups));
// Ensure that we don't cache permissions if the group is changing.
if ($context['user']['is_owner']) {
$_SESSION['mc']['time'] = 0;
} else {
updateSettings(array('settings_updated' => time()));
}
updateMemberData($memID, array('id_group' => $newPrimary, 'additional_groups' => $addGroups));
return $changeType;
}
