function submit_new_entry($cp_call = TRUE)
{
global $IN, $PREFS, $OUT, $LANG, $FNS, $LOC, $DSP, $DB, $SESS, $STAT, $REGX, $EXT;
$url_title = '';
$tb_format = 'xhtml';
$tb_errors = FALSE;
$ping_errors = FALSE;
$revision_post = $_POST;
$return_url = !$IN->GBL('return_url', 'POST') ? '' : $IN->GBL('return_url');
unset($_POST['return_url']);
if ($PREFS->ini('site_pages') !== FALSE) {
$LANG->fetch_language_file('pages');
}
if (!($weblog_id = $IN->GBL('weblog_id', 'POST')) or !is_numeric($weblog_id)) {
return false;
}
$assigned_weblogs = $FNS->fetch_assigned_weblogs();
/** ----------------------------------------------
/** Security check
/** ---------------------------------------------*/
if (!in_array($weblog_id, $assigned_weblogs)) {
return false;
}
// -------------------------------------------
// 'submit_new_entry_start' hook.
// - Add More Stuff to do when you first submit an entry
// - Added 1.4.2
//
$edata = $EXT->call_extension('submit_new_entry_start');
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
/** -----------------------------
/** Does entry ID exist? And is valid for this weblog?
/** -----------------------------*/
if (($entry_id = $IN->GBL('entry_id', 'POST')) !== FALSE && is_numeric($entry_id)) {
// we grab the author_id now as we use it later for author validation
$query = $DB->query("SELECT entry_id, author_id FROM exp_weblog_titles WHERE entry_id = '" . $DB->escape_str($entry_id) . "' AND weblog_id = '" . $DB->escape_str($weblog_id) . "'");
if ($query->num_rows != 1) {
return FALSE;
} else {
$entry_id = $query->row['entry_id'];
$orig_author_id = $query->row['author_id'];
}
} else {
$entry_id = '';
}
/** -----------------------------
/** Weblog Switch?
/** -----------------------------*/
$old_weblog = '';
if (($new_weblog = $IN->GBL('new_weblog', 'POST')) !== FALSE && $new_weblog != $weblog_id) {
$query = $DB->query("SELECT status_group, cat_group, field_group, weblog_id \n \t\t\t\t\t\t FROM exp_weblogs \n \t\t\t\t\t\t WHERE weblog_id IN ('" . $DB->escape_str($weblog_id) . "', '" . $DB->escape_str($new_weblog) . "')");
if ($query->num_rows == 2) {
if ($query->result['0']['status_group'] == $query->result['1']['status_group'] && $query->result['0']['cat_group'] == $query->result['1']['cat_group'] && $query->result['0']['field_group'] == $query->result['1']['field_group']) {
if ($SESS->userdata['group_id'] == 1) {
$old_weblog = $weblog_id;
$weblog_id = $new_weblog;
} else {
$assigned_weblogs = $FNS->fetch_assigned_weblogs();
if (in_array($new_weblog, $assigned_weblogs)) {
$old_weblog = $weblog_id;
$weblog_id = $new_weblog;
}
}
}
}
}
/** -----------------------------
/** Fetch Weblog Prefs
/** -----------------------------*/
$query = $DB->query("SELECT blog_title, blog_url, comment_url, deft_status, enable_versioning, enable_qucksave_versioning, max_revisions, weblog_notify, weblog_notify_emails, ping_return_url, rss_url, tb_return_url, trackback_field, comment_system_enabled, trackback_system_enabled FROM exp_weblogs WHERE weblog_id = '" . $weblog_id . "'");
$blog_title = $REGX->ascii_to_entities($query->row['blog_title']);
$blog_url = $query->row['blog_url'];
$ping_url = $query->row['ping_return_url'] == '' ? $query->row['blog_url'] : $query->row['ping_return_url'];
$tb_url = $query->row['tb_return_url'] == '' ? $query->row['blog_url'] : $query->row['tb_return_url'];
$rss_url = $query->row['rss_url'];
$deft_status = $query->row['deft_status'];
$comment_url = $query->row['comment_url'];
$trackback_field = $query->row['trackback_field'];
$comment_system_enabled = $query->row['comment_system_enabled'];
$trackback_system_enabled = $query->row['trackback_system_enabled'];
$notify_address = ($query->row['weblog_notify'] == 'y' and $query->row['weblog_notify_emails'] != '') ? $query->row['weblog_notify_emails'] : '';
$enable_versioning = $query->row['enable_versioning'];
$enable_qucksave_versioning = $query->row['enable_qucksave_versioning'];
$max_revisions = $query->row['max_revisions'];
/** -----------------------------
/** Error trapping
/** -----------------------------*/
$error = array();
// Fetch language file
$LANG->fetch_language_file('publish_ad');
/** ---------------------------------
/** No entry title? Assign error.
/** ---------------------------------*/
if (!($title = strip_tags(trim(stripslashes($IN->GBL('title', 'POST')))))) {
$error[] = $LANG->line('missing_title');
}
/** ---------------------------------------------
/** No date? Assign error.
/** ---------------------------------------------*/
if (!$IN->GBL('entry_date', 'POST')) {
$error[] = $LANG->line('missing_date');
}
/** ---------------------------------------------
/** Convert the date to a Unix timestamp
/** ---------------------------------------------*/
$entry_date = $LOC->convert_human_date_to_gmt($IN->GBL('entry_date', 'POST'));
if (!is_numeric($entry_date)) {
// Localize::convert_human_date_to_gmt() returns verbose errors
if ($entry_date !== FALSE) {
$error[] = $entry_date . NBS . NBS . '(' . $LANG->line('entry_date') . ')';
} else {
$error[] = $LANG->line('invalid_date_formatting');
}
}
/** ---------------------------------------------
/** Convert expiration date to a Unix timestamp
/** ---------------------------------------------*/
if (!$IN->GBL('expiration_date', 'POST')) {
$expiration_date = 0;
} else {
$expiration_date = $LOC->convert_human_date_to_gmt($IN->GBL('expiration_date', 'POST'));
if (!is_numeric($expiration_date)) {
// Localize::convert_human_date_to_gmt() returns verbose errors
if ($expiration_date !== FALSE) {
$error[] = $expiration_date . NBS . NBS . '(' . $LANG->line('expiration_date') . ')';
} else {
$error[] = $LANG->line('invalid_date_formatting');
}
}
}
/** ---------------------------------------------
/** Convert comment expiration date timestamp
/** ---------------------------------------------*/
if (!$IN->GBL('comment_expiration_date', 'POST')) {
$comment_expiration_date = 0;
} else {
$comment_expiration_date = $LOC->convert_human_date_to_gmt($IN->GBL('comment_expiration_date', 'POST'));
if (!is_numeric($comment_expiration_date)) {
// Localize::convert_human_date_to_gmt() returns verbose errors
if ($comment_expiration_date !== FALSE) {
$error[] = $comment_expiration_date . NBS . NBS . '(' . $LANG->line('comment_expiration_date') . ')';
} else {
$error[] = $LANG->line('invalid_date_formatting');
}
}
}
/** --------------------------------------
/** Are all requred fields filled out?
/** --------------------------------------*/
$query = $DB->query("SELECT field_id, field_label FROM exp_weblog_fields WHERE field_required = 'y'");
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
if (isset($_POST['field_id_' . $row['field_id']]) and $_POST['field_id_' . $row['field_id']] == '') {
$error[] = $LANG->line('custom_field_empty') . NBS . $row['field_label'];
}
}
}
/** --------------------------------------
/** Are there any custom date fields?
/** --------------------------------------*/
$query = $DB->query("SELECT field_id, field_label FROM exp_weblog_fields WHERE field_type = 'date'");
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
if (isset($_POST['field_id_' . $row['field_id']]) and $_POST['field_id_' . $row['field_id']] != '') {
$_POST['field_ft_' . $row['field_id']] = 'none';
$custom_date = $LOC->convert_human_date_to_gmt($_POST['field_id_' . $row['field_id']]);
if (!is_numeric($custom_date)) {
// Localize::convert_human_date_to_gmt() returns verbose errors
if ($custom_date !== FALSE) {
$error[] = $custom_date . NBS . NBS . '(' . $row['field_label'] . ')';
} else {
$error[] = $LANG->line('invalid_date_formatting');
}
} else {
$custom_date = $LOC->offset_entry_dst($custom_date, $IN->GBL('dst_enabled', 'POST'));
$_POST['field_id_' . $row['field_id']] = $custom_date;
if (!isset($_POST['field_offset_' . $row['field_id']])) {
$_POST['field_dt_' . $row['field_id']] = '';
} else {
if ($_POST['field_offset_' . $row['field_id']] == 'y') {
$_POST['field_dt_' . $row['field_id']] = '';
} else {
$_POST['field_dt_' . $row['field_id']] = $SESS->userdata('timezone');
}
}
}
}
}
}
/** ---------------------------------
/** Fetch xml-rpc ping server IDs
/** ---------------------------------*/
$ping_servers = array();
foreach ($_POST as $key => $val) {
if (strstr($key, 'ping') and !is_array($val)) {
$ping_servers[] = $val;
unset($_POST[$key]);
}
}
/** -------------------------------------
/** Pre-process Trackback data
/** -------------------------------------*/
// If the weblog submission was via the bookmarklet we need to fetch the trackback URLs
$tb_auto_urls = '';
if ($IN->GBL('BK', 'GP')) {
foreach ($_POST as $key => $val) {
if (preg_match('#^TB_AUTO_#', $key)) {
$tb_auto_urls .= $val . NL;
}
}
}
// Join the manually submitted trackbacks with the auto-disovered ones
$trackback_urls = $IN->GBL('trackback_urls');
if ($tb_auto_urls != '') {
$trackback_urls .= NL . $tb_auto_urls;
}
/** --------------------------------------
/** Is weblog data present?
/** --------------------------------------*/
// In order to send pings or trackbacks, the weblog needs a title and URL
if ($trackback_urls != '' && ($blog_title == '' || $tb_url == '')) {
$error[] = $LANG->line('missing_weblog_data_for_pings');
}
if (count($ping_servers) > 0 && ($blog_title == '' || $ping_url == '')) {
$error[] = $LANG->line('missing_weblog_data_for_pings');
}
/** --------------------------------------
/** Is the title unique?
/** --------------------------------------*/
if ($title != '') {
/** ---------------------------------
/** Do we have a URL title?
/** ---------------------------------*/
// If not, create one from the title
$url_title = $IN->GBL('url_title');
if (!$url_title) {
$url_title = $REGX->create_url_title($title, TRUE);
}
// Kill all the extraneous characters.
// We want the URL title to pure alpha text
if ($entry_id != '') {
$url_query = $DB->query("SELECT url_title FROM exp_weblog_titles WHERE entry_id = '{$entry_id}'");
if ($url_query->row['url_title'] != $url_title) {
$url_title = $REGX->create_url_title($url_title);
}
} else {
$url_title = $REGX->create_url_title($url_title);
}
// Is the url_title a pure number? If so we show an error.
if (is_numeric($url_title)) {
$this->url_title_error = TRUE;
$error[] = $LANG->line('url_title_is_numeric');
}
/** -------------------------------------
/** Is the URL Title empty? Can't have that
/** -------------------------------------*/
if (trim($url_title) == '') {
$this->url_title_error = TRUE;
$error[] = $LANG->line('unable_to_create_url_title');
$msg = '';
foreach ($error as $val) {
$msg .= $DSP->qdiv('itemWrapper', $val);
}
if ($cp_call == TRUE) {
return $this->new_entry_form('preview', $msg);
} else {
return $OUT->show_user_error('general', $error);
}
}
/** ---------------------------------
/** Is URL title unique?
/** ---------------------------------*/
// Field is limited to 75 characters, so trim url_title before querying
$url_title = substr($url_title, 0, 75);
$e_sql = '';
$sql = "SELECT count(*) AS count FROM exp_weblog_titles WHERE url_title = '" . $DB->escape_str($url_title) . "' AND weblog_id = '{$weblog_id}'";
if ($entry_id != '') {
$e_sql = " AND entry_id != '{$entry_id}'";
}
$query = $DB->query($sql . $e_sql);
if ($query->row['count'] > 0) {
// We may need some room to add our numbers- trim url_title to 70 characters
$url_title = substr($url_title, 0, 70);
// Check again
$sql = "SELECT count(*) AS count FROM exp_weblog_titles WHERE url_title = '" . $DB->escape_str($url_title) . "' AND weblog_id = '{$weblog_id}'" . $e_sql;
$query = $DB->query($sql);
if ($query->row['count'] > 0) {
$url_create_error = FALSE;
$sql = "SELECT url_title, MID(url_title, " . (strlen($url_title) + 1) . ") + 1 AS next_suffix FROM " . "exp_weblog_titles WHERE weblog_id = '" . $weblog_id . "' " . "AND url_title REGEXP('" . preg_quote($DB->escape_str($url_title)) . "[0-9]*\$') " . "AND weblog_id = '" . $weblog_id . "'" . $e_sql . " ORDER BY next_suffix DESC LIMIT 1";
$query = $DB->query($sql);
// Did something go tragically wrong?
if ($query->num_rows == 0) {
$url_create_error = TRUE;
$error[] = $LANG->line('unable_to_create_url_title');
}
// Is the appended number going to kick us over the 75 character limit?
if ($query->row['next_suffix'] > 99999) {
$url_create_error = TRUE;
$error[] = $LANG->line('url_title_not_unique');
}
if ($url_create_error == FALSE) {
$url_title = $url_title . $query->row['next_suffix'];
// little double check for safety
$sql = "SELECT count(*) AS count FROM exp_weblog_titles WHERE url_title = '" . $DB->escape_str($url_title) . "' AND weblog_id = '{$weblog_id}'" . $e_sql;
$query = $DB->query($sql);
if ($query->row['count'] > 0) {
$error[] = $LANG->line('unable_to_create_url_title');
}
}
}
}
}
// Did they name the URL title "index"? That's a bad thing which we disallow
if ($url_title == 'index') {
$this->url_title_error = TRUE;
$error[] = $LANG->line('url_title_is_index');
}
/** -------------------------------------
/** Validate Page URI
/** -------------------------------------*/
if ($PREFS->ini('site_pages') !== FALSE && $IN->GBL('pages_uri', 'POST') !== FALSE && $IN->GBL('pages_uri', 'POST') != '' && $IN->GBL('pages_uri', 'POST') != '/example/pages/uri/') {
if (!is_numeric($IN->GBL('pages_template_id', 'POST'))) {
$error[] = $LANG->line('invalid_template');
}
$page_uri = preg_replace("#[^a-zA-Z0-9_\\-/\\.]+\$#i", '', str_replace($PREFS->ini('site_url'), '', $IN->GBL('pages_uri')));
if ($page_uri !== $IN->GBL('pages_uri', 'POST')) {
$error[] = $LANG->line('invalid_page_uri');
}
/** -------------------------------------
/** Check if Duplicate Page URI
/** - Do NOT delete this as the $static_pages variable is used further down
/** -------------------------------------*/
$static_pages = $PREFS->ini('site_pages');
$uris = isset($static_pages[$PREFS->ini('site_id')]['uris']) ? $static_pages[$PREFS->ini('site_id')]['uris'] : array();
if ($entry_id != '') {
unset($uris[$entry_id]);
}
if (in_array($IN->GBL('pages_uri', 'POST'), $uris)) {
$error[] = $LANG->line('duplicate_page_uri');
}
unset($uris);
}
/** ---------------------------------------
/** Validate Author ID
/** ---------------------------------------*/
$author_id = !$IN->GBL('author_id', 'POST') ? $SESS->userdata('member_id') : $IN->GBL('author_id', 'POST');
if ($author_id != $SESS->userdata['member_id'] && !$DSP->allowed_group('can_edit_other_entries')) {
$error[] = $LANG->line('not_authorized');
}
if (isset($orig_author_id) && $author_id != $orig_author_id && (!$DSP->allowed_group('can_edit_other_entries') or !$DSP->allowed_group('can_assign_post_authors'))) {
$error[] = $LANG->line('not_authorized');
}
if ($author_id != $SESS->userdata['member_id'] && $SESS->userdata['group_id'] != 1) {
// we only need to worry about this if the author has changed
if (!isset($orig_author_id) or $author_id != $orig_author_id) {
if (!$DSP->allowed_group('can_assign_post_authors')) {
$error[] = $LANG->line('not_authorized');
} else {
$allowed_authors = array();
$ss = "SELECT exp_members.member_id\n\t\t\t\t\t\t FROM exp_members\n\t\t\t\t\t\t LEFT JOIN exp_member_groups on exp_member_groups.group_id = exp_members.group_id\n\t\t\t\t\t\t WHERE (exp_members.in_authorlist = 'y' OR exp_member_groups.include_in_authorlist = 'y')\n\t\t\t\t\t\t AND exp_member_groups.site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "'";
$query = $DB->query($ss);
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
// Is this a "user blog"? If so, we'll only allow
// authors if they are assigned to this particular blog
if ($SESS->userdata['weblog_id'] != 0) {
if ($row['weblog_id'] == $weblog_id) {
$allowed_authors[] = $row['member_id'];
}
} else {
$allowed_authors[] = $row['member_id'];
}
}
}
if (!in_array($author_id, $allowed_authors)) {
$error[] = $LANG->line('invalid_author');
}
}
}
}
/** ---------------------------------------
/** Validate status
/** ---------------------------------------*/
$status = $IN->GBL('status', 'POST') == FALSE ? $deft_status : $IN->GBL('status', 'POST');
if ($SESS->userdata['group_id'] != 1) {
$disallowed_statuses = array();
$valid_statuses = array();
$sq = "SELECT s.status_id, s.status\n\t\t\t\t FROM exp_statuses AS s\n\t\t\t\t LEFT JOIN exp_status_groups AS sg ON sg.group_id = s.group_id\n\t\t\t\t LEFT JOIN exp_weblogs AS w ON w.status_group = sg.group_id\n\t\t\t\t WHERE w.weblog_id = '" . $DB->escape_str($weblog_id) . "'";
$query = $DB->query($sq);
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
$valid_statuses[$row['status_id']] = strtolower($row['status']);
// lower case to match MySQL's case-insensitivity
}
}
$dsq = "SELECT exp_status_no_access.status_id, exp_statuses.status\n\t\t\t\t\tFROM exp_status_no_access, exp_statuses\n\t\t\t\t\tWHERE exp_statuses.status_id = exp_status_no_access.status_id\n\t\t\t\t\tAND exp_status_no_access.member_group = '" . $SESS->userdata['group_id'] . "'";
$query = $DB->query($dsq);
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
$disallowed_statuses[$row['status_id']] = strtolower($row['status']);
// lower case to match MySQL's case-insensitivity
}
$valid_statuses = array_diff_assoc($valid_statuses, $disallowed_statuses);
}
if (!in_array(strtolower($status), $valid_statuses)) {
// if there are no valid statuses, set to closed
$status = 'closed';
}
}
/** ---------------------------------
/** Do we have an error to display?
/** ---------------------------------*/
if (count($error) > 0) {
$msg = '';
foreach ($error as $val) {
$msg .= $DSP->qdiv('itemWrapper', $val);
}
if ($cp_call == TRUE) {
return $this->new_entry_form('preview', $msg);
} else {
return $OUT->show_user_error('general', $error);
}
}
/** ---------------------------------
/** Fetch catagories
/** ---------------------------------*/
// We do this first so we can destroy the category index from
// the $_POST array since we use a separate table to store categories in
if (isset($_POST['category']) and is_array($_POST['category'])) {
foreach ($_POST['category'] as $cat_id) {
$this->cat_parents[] = $cat_id;
}
if ($this->assign_cat_parent == TRUE) {
$this->fetch_category_parents($_POST['category']);
}
}
unset($_POST['category']);
/** ---------------------------------
/** Fetch previously sent trackbacks
/** ---------------------------------*/
// If we are editing an existing entry, fetch the previously sent trackbacks
// and add the new trackback URLs to them
$sent_trackbacks = '';
if ($trackback_urls != '' and $entry_id != '') {
$sent_trackbacks = trim($trackback_urls) . "\n";
$query = $DB->query("SELECT sent_trackbacks FROM exp_weblog_titles WHERE entry_id = '{$entry_id}'");
if ($query->num_rows > 0) {
$sent_trackbacks = $query->row['sent_trackbacks'];
}
}
/** ---------------------------------
/** Set "mode" cookie
/** ---------------------------------*/
// We do it now so we can destry it from the POST array
if (isset($_POST['mode'])) {
$FNS->set_cookie('mode', $_POST['mode'], 60 * 60 * 24 * 182);
unset($_POST['mode']);
}
if ($cp_call == TRUE) {
$allow_comments = $IN->GBL('allow_comments', 'POST') == 'y' ? 'y' : 'n';
$allow_trackbacks = $IN->GBL('allow_trackbacks', 'POST') == 'y' ? 'y' : 'n';
} else {
$allow_comments = $IN->GBL('allow_comments', 'POST') !== 'y' || $comment_system_enabled == 'n' ? 'n' : 'y';
$allow_trackbacks = $IN->GBL('allow_trackbacks', 'POST') !== 'y' || $trackback_system_enabled == 'n' ? 'n' : 'y';
}
/** --------------------------------------
/** Do we have a relationship?
/** --------------------------------------*/
// If the entry being submitted is the "parent" entry we need to compile and cache the "child" entry.
$query = $DB->query("SELECT field_id, field_related_to, field_related_id FROM exp_weblog_fields WHERE field_type = 'rel'");
$rel_updates = array();
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
if (isset($_POST['field_id_' . $row['field_id']])) {
$_POST['field_ft_' . $row['field_id']] = 'none';
$rel_exists = FALSE;
// If editing an existing entry....
// Does an existing relationship exist? If so, we may not need to recompile the data
if ($entry_id != '') {
// First we fetch the previously stored related entry ID.
$rel_query = $DB->query("SELECT field_id_" . $row['field_id'] . " FROM exp_weblog_data WHERE entry_id = '" . $entry_id . "'");
// If the previous ID matches the current ID being submitted it means that
// the existing relationship has not changed so there's no need to recompile.
// If it has changed we'll clear the old relationship.
if (is_numeric($rel_query->row['field_id_' . $row['field_id']])) {
if ($rel_query->row['field_id_' . $row['field_id']] == $_POST['field_id_' . $row['field_id']]) {
$rel_exists = TRUE;
} else {
$DB->query("DELETE FROM exp_relationships WHERE rel_id = '" . $rel_query->row['field_id_' . $row['field_id']] . "'");
}
}
}
if (is_numeric($_POST['field_id_' . $row['field_id']]) and $rel_exists == FALSE) {
$reldata = array('type' => $row['field_related_to'], 'parent_id' => $entry_id, 'child_id' => $_POST['field_id_' . $row['field_id']], 'related_id' => $weblog_id);
$_POST['field_id_' . $row['field_id']] = $FNS->compile_relationship($reldata, TRUE);
$rel_updates[] = $_POST['field_id_' . $row['field_id']];
}
}
}
}
/** ---------------------------------
/** Build our query data
/** ---------------------------------*/
if ($enable_versioning == 'n') {
$version_enabled = 'y';
} else {
$version_enabled = isset($_POST['versioning_enabled']) ? 'y' : 'n';
}
$data = array('entry_id' => '', 'weblog_id' => $weblog_id, 'author_id' => $author_id, 'site_id' => $PREFS->ini('site_id'), 'ip_address' => $IN->IP, 'title' => $PREFS->ini('auto_convert_high_ascii') == 'y' ? $REGX->ascii_to_entities($title) : $title, 'url_title' => $url_title, 'entry_date' => $entry_date, 'edit_date' => date("YmdHis"), 'versioning_enabled' => $version_enabled, 'year' => date('Y', $entry_date), 'month' => date('m', $entry_date), 'day' => date('d', $entry_date), 'expiration_date' => $expiration_date, 'comment_expiration_date' => $comment_expiration_date, 'sticky' => $IN->GBL('sticky', 'POST') == 'y' ? 'y' : 'n', 'status' => $status, 'allow_comments' => $allow_comments, 'allow_trackbacks' => $allow_trackbacks, 'forum_topic_id' => ($IN->GBL('forum_topic_id') != '' and is_numeric($IN->GBL('forum_topic_id'))) ? trim($IN->GBL('forum_topic_id')) : 0);
// If we have the "honor_entry_dst" pref turned on we need to reverse the effects.
if ($PREFS->ini('honor_entry_dst') == 'y') {
$data['dst_enabled'] = $IN->GBL('dst_enabled', 'POST') == 'y' ? 'y' : 'n';
}
/** ---------------------------------
/** Insert the entry
/** ---------------------------------*/
if ($entry_id == '') {
$DB->query($DB->insert_string('exp_weblog_titles', $data));
$entry_id = $DB->insert_id;
/** ------------------------------------
/** Update Relationships
/** ------------------------------------*/
if (sizeof($rel_updates) > 0) {
$DB->query("UPDATE exp_relationships SET rel_parent_id = '" . $entry_id . "' WHERE rel_id IN (" . implode(',', $rel_updates) . ")");
}
/** ------------------------------------
/** Insert the custom field data
/** ------------------------------------*/
$cust_fields = array('entry_id' => $entry_id, 'weblog_id' => $weblog_id);
foreach ($_POST as $key => $val) {
if (strstr($key, 'field_offset_')) {
unset($_POST[$key]);
continue;
}
if (strstr($key, 'field')) {
if ($key == 'field_ft_' . $trackback_field) {
$tb_format = $val;
}
if (strstr($key, 'field_id_') and !is_numeric($val)) {
$cust_fields[$key] = $PREFS->ini('auto_convert_high_ascii') == 'y' ? $REGX->ascii_to_entities($val) : $val;
} else {
$cust_fields[$key] = $val;
}
}
}
if (count($cust_fields) > 0) {
$cust_fields['site_id'] = $PREFS->ini('site_id');
// Submit the custom fields
$DB->query($DB->insert_string('exp_weblog_data', $cust_fields));
}
/** ------------------------------------
/** Update member stats
/** ------------------------------------*/
if ($data['author_id'] == $SESS->userdata('member_id')) {
$total_entries = $SESS->userdata['total_entries'] + 1;
} else {
$query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '" . $data['author_id'] . "'");
$total_entries = $query->row['total_entries'] + 1;
}
$DB->query("UPDATE exp_members set total_entries = '{$total_entries}', last_entry_date = '" . $LOC->now . "' WHERE member_id = '" . $data['author_id'] . "'");
/** -------------------------------------
/** Set page title and success message
/** -------------------------------------*/
$type = 'new';
$page_title = 'entry_has_been_added';
$message = $LANG->line($page_title);
/** -------------------------------------
/** Is there a forum post?
/** -------------------------------------*/
if ($PREFS->ini('forum_is_installed') == "y" and $IN->GBL('forum_title') != '' and $IN->GBL('forum_body') != '') {
$query = $DB->query("SELECT board_id FROM exp_forums WHERE forum_id = '" . $DB->escape_str($IN->GBL('forum_id')) . "'");
if ($query->num_rows > 0) {
$title = $this->_convert_forum_tags($IN->GBL('forum_title'));
$body = $this->_convert_forum_tags(str_replace('{permalink}', $FNS->remove_double_slashes($comment_url . '/' . $url_title . '/'), $IN->GBL('forum_body')));
$DB->query($DB->insert_string('exp_forum_topics', array('topic_id' => '', 'forum_id' => $IN->GBL('forum_id'), 'board_id' => $query->row['board_id'], 'topic_date' => $LOC->now, 'title' => $REGX->xss_clean($title), 'body' => $REGX->xss_clean($body), 'author_id' => $author_id, 'ip_address' => $IN->IP, 'last_post_date' => $LOC->now, 'last_post_author_id' => $author_id, 'sticky' => 'n', 'status' => 'o', 'announcement' => 'n', 'poll' => 'n', 'parse_smileys' => 'y', 'thread_total' => 1)));
$topic_id = $DB->insert_id;
$rand = $author_id . $FNS->random('alpha', 8);
$DB->query("UPDATE exp_weblog_titles SET forum_topic_id = '{$topic_id}' WHERE entry_id = '{$entry_id}'");
$DB->query("INSERT INTO exp_forum_subscriptions (topic_id, member_id, subscription_date, hash) \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \t\tVALUES \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \t\t('{$topic_id}', '{$author_id}', '{$LOC->now}', '{$rand}')");
// Update the forum stats
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum' . EXT;
require PATH_MOD . 'forum/mod.forum_core' . EXT;
}
Forum_Core::_update_post_stats($IN->GBL('forum_id'));
// Update member post total
$DB->query("UPDATE exp_members SET last_forum_post_date = '{$LOC->now}' WHERE member_id = '" . $author_id . "'");
}
}
/** ----------------------------
/** Send admin notification
/** ----------------------------*/
if ($notify_address != '') {
$swap = array('name' => $SESS->userdata('screen_name'), 'email' => $SESS->userdata('email'), 'weblog_name' => $blog_title, 'entry_title' => $title, 'entry_url' => $FNS->remove_double_slashes($blog_url . '/' . $url_title . '/'), 'comment_url' => $FNS->remove_double_slashes($comment_url . '/' . $url_title . '/'));
$template = $FNS->fetch_email_template('admin_notify_entry');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
// We don't want to send a notification if the person
// leaving the entry is in the notification list
if (stristr($notify_address, $SESS->userdata['email'])) {
$notify_address = str_replace($SESS->userdata('email'), "", $notify_address);
}
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '') {
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
foreach (explode(',', $notify_address) as $addy) {
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($PREFS->ini('webmaster_email'));
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
}
} else {
/** ---------------------------------
/** Update an existing entry
/** ---------------------------------*/
if ($PREFS->ini('honor_entry_dst') == 'y') {
$data['entry_date'] = $LOC->offset_entry_dst($data['entry_date'], $data['dst_enabled']);
if ($data['expiration_date'] != '' and $data['expiration_date'] != 0) {
$data['expiration_date'] = $LOC->offset_entry_dst($data['expiration_date'], $data['dst_enabled']);
}
if ($data['comment_expiration_date'] != '' and $data['comment_expiration_date'] != 0) {
$data['comment_expiration_date'] = $LOC->offset_entry_dst($data['comment_expiration_date'], $data['dst_enabled']);
}
}
// First we need to see if the author of the entry has changed.
$query = $DB->query("SELECT author_id FROM exp_weblog_titles WHERE entry_id = '{$entry_id}'");
$old_author = $query->row['author_id'];
if ($old_author != $data['author_id']) {
// Decremenet the counter on the old author
$query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '{$old_author}'");
$total_entries = $query->row['total_entries'] - 1;
$DB->query("UPDATE exp_members set total_entries = '{$total_entries}' WHERE member_id = '{$old_author}'");
// Increment the counter on the new author
$query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '" . $data['author_id'] . "'");
$total_entries = $query->row['total_entries'] + 1;
$DB->query("UPDATE exp_members set total_entries = '{$total_entries}' WHERE member_id = '" . $data['author_id'] . "'");
}
/** ------------------------------------
/** Update the entry
/** ------------------------------------*/
unset($data['entry_id']);
$topic_id = $data['forum_topic_id'];
$DB->query($DB->update_string('exp_weblog_titles', $data, "entry_id = '{$entry_id}'"));
/** ------------------------------------
/** Update the custom fields
/** ------------------------------------*/
$cust_fields = array('weblog_id' => $weblog_id);
foreach ($_POST as $key => $val) {
if (strstr($key, 'field_offset_')) {
// removed the unset in 1.6.5 as the localization was being lost on quicksave
// unset($_POST[$key]);
continue;
}
if (strstr($key, 'field')) {
if ($key == 'field_ft_' . $trackback_field) {
$tb_format = $val;
}
if (strstr($key, 'field_id_') and !is_numeric($val)) {
$cust_fields[$key] = $PREFS->ini('auto_convert_high_ascii') == 'y' ? $REGX->ascii_to_entities($val) : $val;
} else {
$cust_fields[$key] = $val;
}
}
}
if (count($cust_fields) > 0) {
// Update the custom fields
$DB->query($DB->update_string('exp_weblog_data', $cust_fields, "entry_id = '{$entry_id}'"));
}
/** ------------------------------------
/** Delete categories
/** ------------------------------------*/
// We will resubmit all categories next
$DB->query("DELETE FROM exp_category_posts WHERE entry_id = '{$entry_id}'");
/** ------------------------------------
/** Set page title and success message
/** ------------------------------------*/
$type = 'update';
$page_title = 'entry_has_been_updated';
$message = $LANG->line($page_title);
}
/** ---------------------------------
/** Insert categories
/** ---------------------------------*/
if ($this->cat_parents > 0) {
$this->cat_parents = array_unique($this->cat_parents);
sort($this->cat_parents);
foreach ($this->cat_parents as $val) {
if ($val != '') {
$DB->query("INSERT INTO exp_category_posts (entry_id, cat_id) VALUES ('{$entry_id}', '{$val}')");
}
}
}
/** --------------------------------------
/** Is this entry a child of another parent?
/** --------------------------------------*/
// If the entry being submitted is a "child" of another parent
// we need to re-compile and cache the data. Confused? Me too...
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_relationships WHERE rel_type = 'blog' AND rel_child_id = '" . $DB->escape_str($entry_id) . "'");
if ($query->row['count'] > 0) {
$reldata = array('type' => 'blog', 'child_id' => $entry_id);
$FNS->compile_relationship($reldata, FALSE);
}
/** --------------------------------------
/** Is this entry a parent of a child?
/** --------------------------------------*/
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_relationships \n\t\t\t\t\t\t\t WHERE rel_parent_id = '" . $DB->escape_str($entry_id) . "'\n\t\t\t\t\t\t\t AND reverse_rel_data != ''");
if ($query->row['count'] > 0) {
$reldata = array('type' => 'blog', 'parent_id' => $entry_id);
$FNS->compile_relationship($reldata, FALSE, TRUE);
}
/** -------------------------------------
/** Is there a forum post to update
/** -------------------------------------*/
if ($PREFS->ini('forum_is_installed') == "y" and $IN->GBL('forum_title') != '' and $IN->GBL('forum_body') != '' and $topic_id != 0) {
$title = $this->_convert_forum_tags($IN->GBL('forum_title'));
$body = $this->_convert_forum_tags(str_replace('{permalink}', $FNS->remove_double_slashes($comment_url . '/' . $url_title . '/'), $IN->GBL('forum_body')));
$DB->query("UPDATE exp_forum_topics SET title = '{$title}', body = '{$body}' WHERE topic_id = '{$topic_id}' ");
// Update the forum stats
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum' . EXT;
require PATH_MOD . 'forum/mod.forum_core' . EXT;
}
Forum_Core::_update_post_stats($IN->GBL('forum_id'));
}
/** -------------------------------------
/** Is there a Page being updated or created?
/** -------------------------------------*/
if ($PREFS->ini('site_pages') !== FALSE && $IN->GBL('pages_uri', 'POST') !== FALSE && $IN->GBL('pages_uri', 'POST') != '' && $IN->GBL('pages_uri', 'POST') != '/example/pages/uri/' && is_numeric($IN->GBL('pages_template_id', 'POST'))) {
/** ----------------------------------------
/** Update the Very, Most Current Pages Data for Site
/** ----------------------------------------*/
$site_id = $PREFS->ini('site_id');
$static_pages[$site_id]['uris'][$entry_id] = '/' . trim(preg_replace("#[^a-zA-Z0-9_\\-/\\.]+\$#i", '', str_replace($PREFS->ini('site_url'), '', $IN->GBL('pages_uri'))), '/') . '/';
$static_pages[$site_id]['templates'][$entry_id] = preg_replace("#[^0-9]+\$#i", '', $IN->GBL('pages_template_id', 'POST'));
if ($static_pages[$site_id]['uris'][$entry_id] == '//') {
$static_pages[$site_id]['uris'][$entry_id] = '/';
}
$DB->query($DB->update_string('exp_sites', array('site_pages' => addslashes(serialize($static_pages))), "site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "'"));
}
/** ----------------------------------------
/** Save revisions if needed
/** ----------------------------------------*/
if (!isset($_POST['versioning_enabled'])) {
$enable_versioning = 'n';
}
if (isset($_POST['save']) and $enable_qucksave_versioning == 'n') {
$enable_versioning = 'n';
}
if ($enable_versioning == 'y') {
$DB->query("INSERT INTO exp_entry_versioning (version_id, entry_id, weblog_id, author_id, version_date, version_data) VALUES ('', '" . $entry_id . "', '" . $weblog_id . "', '" . $SESS->userdata('member_id') . "', '" . $LOC->now . "', '" . addslashes(serialize($revision_post)) . "')");
// Clear old revisions if needed
$max = (is_numeric($max_revisions) and $max_revisions > 0) ? $max_revisions : 10;
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_entry_versioning WHERE entry_id = '" . $entry_id . "'");
if ($query->row['count'] > $max) {
$query = $DB->query("SELECT version_id FROM exp_entry_versioning WHERE entry_id = '" . $entry_id . "' ORDER BY version_id desc limit " . $max);
$ids = '';
foreach ($query->result as $row) {
$ids .= $row['version_id'] . ',';
}
$ids = substr($ids, 0, -1);
$DB->query("DELETE FROM exp_entry_versioning WHERE version_id NOT IN (" . $ids . ") AND entry_id = '" . $entry_id . "'");
}
}
//---------------------------------
// Quick Save Returns Here
// - does not process pings
// - does not update stats
// - does not empty caches
//---------------------------------
if (isset($_POST['save'])) {
return $this->new_entry_form('save', '', $entry_id);
}
/** ----------------------------------------
/** Update global stats
/** ----------------------------------------*/
if ($old_weblog != '') {
// Change weblog_id in exp_comments
if (isset($this->installed_modules['comment'])) {
$DB->query("UPDATE exp_comments SET weblog_id = '{$weblog_id}' WHERE entry_id = '{$entry_id}'");
}
$STAT->update_weblog_stats($old_weblog);
}
$STAT->update_weblog_stats($weblog_id);
/** ---------------------------------
/** Send trackbacks
/** ---------------------------------*/
$tb_body = !isset($_POST['field_id_' . $trackback_field]) ? '' : $_POST['field_id_' . $trackback_field];
if ($trackback_urls != '' and $tb_body != '' and $data['status'] != 'closed' and $data['entry_date'] < $LOC->now + 90) {
$entry_link = $REGX->prep_query_string($tb_url);
$entry_link = $FNS->remove_double_slashes($entry_link . '/' . $url_title . '/');
$tb_data = array('entry_id' => $entry_id, 'entry_link' => $FNS->remove_double_slashes($entry_link), 'entry_title' => $title, 'entry_content' => $tb_body, 'tb_format' => $tb_format, 'weblog_name' => $blog_title, 'trackback_url' => $trackback_urls);
require PATH_MOD . 'trackback/mcp.trackback' . EXT;
$TB = new Trackback_CP();
$tb_res = $TB->send_trackback($tb_data);
/** ---------------------------------------
/** Update the "sent_trackbacks" field
/** ---------------------------------------*/
// Fetch the URLs that were sent successfully and update the DB
if (count($tb_res['0']) > 0) {
foreach ($tb_res['0'] as $val) {
$sent_trackbacks .= $val . "\n";
}
$DB->query("UPDATE exp_weblog_titles SET sent_trackbacks = '{$sent_trackbacks}' WHERE entry_id = '{$entry_id}'");
}
if (count($tb_res['1']) > 0) {
$tb_errors = TRUE;
}
}
/** ---------------------------------
/** Send xml-rpc pings
/** ---------------------------------*/
$ping_message = '';
if (count($ping_servers) > 0) {
// We only ping entries that are posted now, not in the future
if ($entry_date - 90 < $LOC->now) {
$ping_result = $this->send_pings($ping_servers, $blog_title, $ping_url, $rss_url);
if (is_array($ping_result) and count($ping_result) > 0) {
$ping_errors = TRUE;
$ping_message .= $DSP->qdiv('highlight', $DSP->qdiv('defaultBold', $LANG->line('xmlrpc_ping_errors')));
foreach ($ping_result as $val) {
$ping_message .= $DSP->qdiv('highlight', $DSP->qspan('highlight_bold', $val['0']) . ' - ' . $val['1']);
}
}
}
/** ---------------------------------
/** Save ping button state
/** ---------------------------------*/
$DB->query("DELETE FROM exp_entry_ping_status WHERE entry_id = '{$entry_id}'");
foreach ($ping_servers as $val) {
$DB->query("INSERT INTO exp_entry_ping_status (entry_id, ping_id) VALUES ('{$entry_id}', '{$val}')");
}
}
/** ---------------------------------
/** Clear caches if needed
/** ---------------------------------*/
if ($PREFS->ini('new_posts_clear_caches') == 'y') {
$FNS->clear_caching('all');
} else {
$FNS->clear_caching('sql');
}
// -------------------------------------------
// 'submit_new_entry_end' hook.
// - Add More Stuff to Do For Entry
// - 1.5.2 => Added $ping_message variable
//
$edata = $EXT->call_extension('submit_new_entry_end', $entry_id, $data, $ping_message);
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
/** ---------------------------------------
/** Show ping erors if there are any
/** ---------------------------------------*/
if ($tb_errors == TRUE || $ping_errors == TRUE) {
if ($cp_call == TRUE) {
$r = $DSP->qdiv('success', $LANG->line($page_title) . BR . BR);
if (isset($tb_res['1']) and count($tb_res['1']) > 0) {
$r .= $DSP->qdiv('highlight', $DSP->qdiv('defaultBold', $LANG->line('trackback_url_errors')));
foreach ($tb_res['1'] as $val) {
$r .= $DSP->qdiv('highlight', $DSP->qspan('highlight_bold', $val['0']) . ' - ' . $val['1']);
}
}
$r .= $ping_message;
$r .= $DSP->qdiv('', BR . $DSP->anchor(BASE . AMP . 'C=edit' . AMP . 'M=view_entry' . AMP . 'weblog_id=' . $IN->GBL('weblog_id', 'POST') . AMP . 'entry_id=' . $entry_id, $LANG->line('click_to_view_your_entry')));
return $DSP->set_return_data($LANG->line('publish'), $r);
}
}
/** ---------------------------------
/** Redirect to ths "success" page
/** ---------------------------------*/
if ($cp_call == TRUE) {
$loc = BASE . AMP . 'C=edit' . AMP . 'M=view_entry' . AMP . 'weblog_id=' . $weblog_id . AMP . 'entry_id=' . $entry_id . AMP . 'U=' . $type;
} else {
$FNS->template_type = 'webpage';
$loc = $return_url == '' ? $FNS->fetch_site_index() : $FNS->create_url($return_url, 1, 1);
}
// -------------------------------------------
// 'submit_new_entry_redirect' hook.
// - Modify Redirect Location
// - 1.5.2 => Added $cp_call variable
//
if ($EXT->active_hook('submit_new_entry_redirect') === TRUE) {
$loc = $EXT->call_extension('submit_new_entry_redirect', $entry_id, $data, $cp_call);
if ($EXT->end_script === TRUE) {
return;
}
}
//
// -------------------------------------------
// -------------------------------------------
// 'submit_new_entry_absolute_end' hook.
// - Add More Stuff to Do For Entry
// - Still allows Trackback/Ping error messages
//
$edata = $EXT->call_extension('submit_new_entry_absolute_end', $entry_id, $data);
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
$FNS->redirect($loc);
exit;
}
/** -------------------------------------
/** Member self-delete
/** -------------------------------------*/
function member_delete()
{
global $DB, $FNS, $IN, $LANG, $OUT, $PREFS, $REGX, $SESS, $STAT;
/** -------------------------------------
/** Make sure they got here via a form
/** -------------------------------------*/
if ( ! $IN->GBL('ACT', 'POST'))
{
// No output for you, Mr. URL Hax0r
return FALSE;
}
$LANG->fetch_language_file('login');
/* -------------------------------------
/* No sneakiness - we'll do this in case the site administrator
/* has foolishly turned off secure forms and some monkey is
/* trying to delete their account from an off-site form or
/* after logging out.
/* -------------------------------------*/
if ($SESS->userdata['member_id'] == 0 OR $SESS->userdata['can_delete_self'] !== 'y')
{
return $OUT->show_user_error('general', $LANG->line('not_authorized'));
}
/** -------------------------------------
/** If the user is a SuperAdmin, then no deletion
/** -------------------------------------*/
if ($SESS->userdata['group_id'] == 1)
{
return $OUT->show_user_error('general', $LANG->line('cannot_delete_super_admin'));
}
/** ----------------------------------------
/** Is IP and User Agent required for login? Then, same here.
/** ----------------------------------------*/
if ($PREFS->ini('require_ip_for_login') == 'y')
{
if ($SESS->userdata['ip_address'] == '' || $SESS->userdata['user_agent'] == '')
{
return $OUT->show_user_error('general', $LANG->line('unauthorized_request'));
}
}
/** ----------------------------------------
/** Check password lockout status
/** ----------------------------------------*/
if ($SESS->check_password_lockout() === TRUE)
{
return $OUT->show_user_error('general', str_replace("%x", $PREFS->ini('password_lockout_interval'), $LANG->line('password_lockout_in_effect')));
}
/* -------------------------------------
/* Are you who you say you are, or someone sitting at someone
/* else's computer being mean?!
/* -------------------------------------*/
$query = $DB->query("SELECT password FROM exp_members WHERE member_id = '".$SESS->userdata['member_id']."'");
$password = $FNS->hash(stripslashes($IN->GBL('password', 'POST')));
if ($query->row['password'] != $password)
{
$SESS->save_password_lockout();
return $OUT->show_user_error('general', $LANG->line('invalid_pw'));
}
/** -------------------------------------
/** No turning back, get to deletin'!
/** -------------------------------------*/
$id = $SESS->userdata['member_id'];
$DB->query("DELETE FROM exp_members WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'");
$message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'");
$DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'");
$DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'");
$DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'");
if ($message_query->num_rows > 0)
{
foreach($message_query->result as $row)
{
$count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'");
$DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '".$row['recipient_id']."'"));
}
}
/** -------------------------------------
/** Delete Forum Posts
/** -------------------------------------*/
if ($PREFS->ini('forum_is_installed') == "y")
{
$DB->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'");
// Snag the affected topic id's before deleting the member for the update afterwards
$query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
$topic_ids = array();
foreach ($query->result as $row)
{
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$DB->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'");
// Update the forum stats
$query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if ( ! class_exists('Forum'))
{
require PATH_MOD.'forum/mod.forum'.EXT;
require PATH_MOD.'forum/mod.forum_core'.EXT;
}
$FRM = new Forum_Core;
foreach ($query->result as $row)
{
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids))
{
foreach ($topic_ids as $topic_id)
{
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Va-poo-rize Weblog Entries and Comments
/** -------------------------------------*/
$entry_ids = array();
$weblog_ids = array();
$recount_ids = array();
// Find Entry IDs and Weblog IDs, then delete
$query = $DB->query("SELECT entry_id, weblog_id FROM exp_weblog_titles WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
foreach ($query->result as $row)
{
$entry_ids[] = $row['entry_id'];
$weblog_ids[] = $row['weblog_id'];
}
$DB->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'");
$DB->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('".implode("','", $entry_ids)."')");
$DB->query("DELETE FROM exp_comments WHERE entry_id IN ('".implode("','", $entry_ids)."')");
$DB->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('".implode("','", $entry_ids)."')");
}
// Find the affected entries AND weblog ids for author's comments
$query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
foreach ($query->result as $row)
{
$recount_ids[] = $row['entry_id'];
$weblog_ids[] = $row['weblog_id'];
}
$recount_ids = array_diff($recount_ids, $entry_ids);
}
// Delete comments by member
$DB->query("DELETE FROM exp_comments WHERE author_id = '{$id}'");
// Update stats on weblog entries that were NOT deleted AND had comments by author
if (count($recount_ids) > 0)
{
foreach (array_unique($recount_ids) as $entry_id)
{
$query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$DB->escape_str($entry_id)."'");
$comment_date = ($query->num_rows == 0 OR !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'");
$DB->query("UPDATE exp_weblog_titles SET comment_total = '".$DB->escape_str($query->row['count'])."', recent_comment_date = '$comment_date' WHERE entry_id = '{$entry_id}'");
}
}
if (count($weblog_ids) > 0)
{
foreach (array_unique($weblog_ids) as $weblog_id)
{
$STAT->update_weblog_stats($weblog_id);
$STAT->update_comment_stats($weblog_id);
}
}
/** -------------------------------------
/** Email notification recipients
/** -------------------------------------*/
if ($SESS->userdata['mbr_delete_notify_emails'] != '')
{
$notify_address = $SESS->userdata['mbr_delete_notify_emails'];
$swap = array(
'name' => $SESS->userdata['screen_name'],
'email' => $SESS->userdata['email'],
'site_name' => stripslashes($PREFS->ini('site_name'))
);
$email_tit = $FNS->var_swap($LANG->line('mbr_delete_notify_title'), $swap);
$email_msg = $FNS->var_swap($LANG->line('mbr_delete_notify_message'), $swap);
// No notification for the user themselves, if they're in the list
if (eregi($SESS->userdata('email'), $notify_address))
{
$notify_address = str_replace($SESS->userdata['email'], "", $notify_address);
}
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '')
{
/** ----------------------------
/** Send email
/** ----------------------------*/
if ( ! class_exists('EEmail'))
{
require PATH_CORE.'core.email'.EXT;
}
$email = new EEmail;
foreach (explode(',', $notify_address) as $addy)
{
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($PREFS->ini('webmaster_email'));
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
}
/** -------------------------------------
/** Trash the Session and cookies
/** -------------------------------------*/
$DB->query("DELETE FROM exp_online_users WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ip_address = '{$IN->IP}' AND member_id = '{$id}'");
$DB->query("DELETE FROM exp_sessions WHERE session_id = '".$SESS->userdata['session_id']."'");
$FNS->set_cookie($SESS->c_uniqueid);
$FNS->set_cookie($SESS->c_password);
$FNS->set_cookie($SESS->c_session);
$FNS->set_cookie($SESS->c_expire);
$FNS->set_cookie($SESS->c_anon);
$FNS->set_cookie('read_topics');
$FNS->set_cookie('tracker');
/** -------------------------------------
/** Update global member stats
/** -------------------------------------*/
$STAT->update_member_stats();
/** -------------------------------------
/** Build Success Message
/** -------------------------------------*/
$url = $PREFS->ini('site_url');
$name = stripslashes($PREFS->ini('site_name'));
$data = array( 'title' => $LANG->line('mbr_delete'),
'heading' => $LANG->line('thank_you'),
'content' => $LANG->line('mbr_account_deleted'),
'redirect' => '',
'link' => array($url, $name)
);
$OUT->show_message($data);
}
/**
* Delete member
*
* This function deletes all member data, and all communications from said member
* stored on the system, and returns the id for further use
*
* @access public
* @param mixed Single member ID as int, or array of member IDs to delete
* @param int Member ID to take over ownership of deleted members' entries
* @return void
*/
function delete_member($member_ids = array(), $heir_id = NULL)
{
// Make sure $member_ids is an array
if (!is_array($member_ids)) {
$member_ids = array((int) $member_ids);
}
// ---------------------------------------------------------------
// 'member_delete' hook.
// - Provides an opportunity for extra code to be executed upon
// member deletion, and also gives the opportunity to skip
// deletion for some members all together by altering the array of
// member IDs we pass to the hook.
//
if ($this->extensions->active_hook('member_delete')) {
$member_ids = $this->extensions->call('member_delete', $member_ids);
}
//
// ---------------------------------------------------------------
// No member IDs? Bail out
if ($member_ids == NULL or !count($member_ids)) {
return FALSE;
}
// ---------------------------------------------------------------
// Remove traces of member from base member tables
// ---------------------------------------------------------------
$tables_fields = array('members' => 'member_id', 'member_data' => 'member_id', 'member_homepage' => 'member_id', 'message_data' => 'sender_id', 'message_folders' => 'member_id', 'message_listed' => 'member_id', 'message_listed' => 'listed_member', 'message_copies' => 'recipient_id', 'remember_me' => 'member_id', 'sessions' => 'member_id');
// If comment module is installed
if ($this->db->table_exists('comment_subscriptions')) {
$tables_fields['comment_subscriptions'] = 'member_id';
}
// Loop through tables array and clear out based on member ID
foreach ($tables_fields as $table => $field) {
$this->db->where_in($field, $member_ids)->delete($table);
}
// ---------------------------------------------------------------
// Delete private messages and update members' unread count
// ---------------------------------------------------------------
// First, we need to get a list of recipient IDs who will be affected
// by deleting the members we are deleting so that we can update the
// unread PM count for those users only
$this->db->distinct('recipient_id');
$this->db->where('message_read', 'n');
$this->db->where_in('sender_id', $member_ids);
$messages = $this->db->get('message_copies');
// Now that we know which recipients are affected, we can delete the
// member-to-be-deleted's messages...
$this->db->where_in('sender_id', $member_ids)->delete('message_copies');
if ($messages->num_rows()) {
// Build recipient IDs array
foreach ($messages->result_array() as $message) {
$recipient_ids[] = $message['recipient_id'];
}
// ...and get the new unread count for the affected users
$this->db->select('count(*) as count, recipient_id');
$this->db->where('message_read', 'n');
$this->db->where_in('recipient_id', $recipient_ids);
$this->db->group_by('recipient_id');
$unread_messages = $this->db->get('message_copies');
// Set everyone's unread message count to zero first, because if a user
// has zero messages now, they won't have shown up in the above query
$this->db->where_in('member_id', $recipient_ids);
$this->db->update('members', array('private_messages' => 0));
// For each user, update their private messages unread count with
// what we gathered above
foreach ($unread_messages->result_array() as $message) {
$this->db->where('member_id', $message['recipient_id']);
$this->db->update('members', array('private_messages' => $message['count']));
}
}
// ---------------------------------------------------------------
// Get member's channel entries, reassign them to the entries heir
// or delete them all together if heir isn't specified
// ---------------------------------------------------------------
// Get member's entries
$this->db->select('entry_id, channel_id');
$this->db->where_in('author_id', $member_ids);
$entries = $this->db->get('channel_titles');
$channel_ids = array();
if ($entries->num_rows()) {
// Reassign entries if heir ID is present
if (!empty($heir_id) && is_numeric($heir_id)) {
$this->db->where_in('author_id', $member_ids);
$this->db->update('channel_titles', array('author_id' => $heir_id));
$this->update_member_entry_stats($heir_id);
} else {
foreach ($entries->result_array() as $entry) {
// Entries to delete
$entry_ids[] = $entry['entry_id'];
// Gather channel IDs to update stats later
$channel_ids[] = $entry['channel_id'];
}
$this->db->where_in('author_id', $member_ids)->delete('channel_titles');
$this->db->where_in('entry_id', $entry_ids)->delete('channel_data');
if ($this->db->table_exists('comments')) {
$this->db->where_in('entry_id', $entry_ids)->delete('comments');
}
}
}
// ---------------------------------------------------------------
// Find affected entries for members's comments and update totals
// ---------------------------------------------------------------
if ($this->db->table_exists('comments')) {
$this->db->select('DISTINCT(entry_id), channel_id');
$this->db->where_in('author_id', $member_ids);
$entries = $this->db->get('comments');
$entry_ids = array();
foreach ($entries->result_array() as $row) {
// Entries to update
$entry_ids[] = $row['entry_id'];
// Gather channel IDs to update stats later
$channel_ids[] = $row['channel_id'];
}
// Delete comments
$this->db->where_in('author_id', $member_ids)->delete('comments');
// Update individual entry comment counts
$this->load->model('comment_model');
$this->comment_model->recount_entry_comments($entry_ids);
}
// Update channel and comment stats
$channel_ids = array_unique($channel_ids);
foreach ($channel_ids as $channel_id) {
$this->stats->update_channel_stats($channel_id);
$this->stats->update_comment_stats($channel_id);
}
// ---------------------------------------------------------------
// Forum Clean-Up
// ---------------------------------------------------------------
if ($this->config->item('forum_is_installed') == "y") {
// Forum tables to clean up
$forum_tables_fields = array('forum_subscriptions' => 'member_id', 'forum_pollvotes' => 'member_id', 'forum_topics' => 'author_id', 'forum_administrators' => 'admin_member_id', 'forum_moderators' => 'mod_member_id', 'forum_polls' => 'author_id');
// Clean out mentions of member in forum tables
foreach ($forum_tables_fields as $table => $field) {
$this->db->where_in($field, $member_ids)->delete($table);
}
// Load forum class
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum.php';
require PATH_MOD . 'forum/mod.forum_core.php';
}
$forum_core = new Forum_Core();
// -----------------------------------------------------------
// Grab affected topic IDs before deleting the member so we can
// update stats
$this->db->select('topic_id');
$this->db->distinct();
$this->db->where_in('author_id', $member_ids);
$topics = $this->db->get('forum_posts');
// Now delete those posts
$this->db->where_in('author_id', $member_ids)->delete('forum_posts');
// Update topic stats
foreach ($topics->result_array() as $row) {
$forum_core->_update_topic_stats($row['topic_id']);
}
// -----------------------------------------------------------
// Update forum stats
$this->db->select('forum_id');
$this->db->where('forum_is_cat', 'n');
$forums = $this->db->get('exp_forums');
foreach ($forums->result_array() as $row) {
$forum_core->_update_post_stats($row['forum_id']);
}
$forum_core->_update_global_stats();
// -----------------------------------------------------------
// Delete from Online Users
$this->db->where_in('member_id', $member_ids)->delete('online_users');
// -----------------------------------------------------------
// Remove attachments
$this->db->select('attachment_id, board_id');
$this->db->where_in('member_id', $member_ids);
$attachments = $this->db->get('forum_attachments');
foreach ($attachments->result_array() as $attachment) {
$forum_core->_remove_attachment($attachment['attachment_id'], $attachment['board_id'], TRUE);
}
}
$this->stats->update_member_stats();
}
private function _member_delete()
{
// No sneakiness - we'll do this in case the site administrator
// has foolishly turned off secure forms and some monkey is
// trying to delete their account from an off-site form or
// after logging out.
if ($this->EE->session->userdata('member_id') == 0 or $this->EE->session->userdata('can_delete_self') !== 'y') {
return array('error' => $this->EE->lang->line('not_authorized'));
}
// If the user is a SuperAdmin, then no deletion
if ($this->EE->session->userdata('group_id') == 1) {
return array('error' => $this->EE->lang->line('cannot_delete_super_admin'));
}
// Is IP and User Agent required for login? Then, same here.
if ($this->EE->config->item('require_ip_for_login') == 'y') {
if ($this->EE->session->userdata('ip_address') == '' or $this->EE->session->userdata('user_agent') == '') {
return array('error' => $this->EE->lang->line('unauthorized_request'));
}
}
// Check password lockout status
if ($this->EE->session->check_password_lockout($this->EE->session->userdata('username')) === TRUE) {
$this->EE->lang->loadfile('login');
return array('error' => sprintf(lang('password_lockout_in_effect'), $this->EE->config->item('password_lockout_interval')));
}
/** -------------------------------------
/** Validate submitted password
/** -------------------------------------*/
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate' . EXT;
}
$VAL = new EE_Validate(array('member_id' => $this->EE->session->userdata('member_id'), 'cur_password' => $_POST['password']));
$VAL->password_safety_check();
if (isset($VAL->errors) && count($VAL->errors) > 0) {
$this->EE->session->save_password_lockout($this->EE->session->userdata('username'));
return array('error' => $this->EE->lang->line('invalid_pw'));
}
// Are you who you say you are, or someone sitting at someone
// else's computer being mean?!
// $query = $this->EE->db->select('password')
// ->where('member_id', $this->EE->session->userdata('member_id'))
// ->get('members');
//
// $password = $this->EE->functions->hash(stripslashes($_POST['password']));
// echo '<br/>'.$query->row('password') .'<br/>'. $password;
// if ($query->row('password') != $password)
// {
// $this->EE->session->save_password_lockout($this->EE->session->userdata('username'));
//
// return array('error' => $this->EE->lang->line('invalid_pw'));
// }
// No turning back, get to deletin'!
$id = $this->EE->session->userdata('member_id');
$this->EE->db->where('member_id', (int) $id)->delete('members');
$this->EE->db->where('member_id', (int) $id)->delete('member_data');
$this->EE->db->where('member_id', (int) $id)->delete('member_homepage');
$this->EE->db->where('sender_id', (int) $id)->delete('message_copies');
$this->EE->db->where('sender_id', (int) $id)->delete('message_data');
$this->EE->db->where('member_id', (int) $id)->delete('message_folders');
$this->EE->db->where('member_id', (int) $id)->delete('message_listed');
$message_query = $this->EE->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'");
if ($message_query->num_rows() > 0) {
foreach ($message_query->result_array() as $row) {
$count_query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
$this->EE->db->query($this->EE->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'"));
}
}
// Delete Forum Posts
if ($this->EE->config->item('forum_is_installed') == "y") {
$this->EE->db->where('member_id', (int) $id)->delete('forum_subscriptions');
$this->EE->db->where('member_id', (int) $id)->delete('forum_pollvotes');
$this->EE->db->where('author_id', (int) $id)->delete('forum_topics');
$this->EE->db->where('admin_member_id', (int) $id)->delete('forum_administrators');
$this->EE->db->where('mod_member_id', (int) $id)->delete('forum_moderators');
// Snag the affected topic id's before deleting the member for the update afterwards
$query = $this->EE->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
$topic_ids = array();
foreach ($query->result_array() as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$this->EE->db->where('author_id', (int) $id)->delete('forum_posts');
$this->EE->db->where('author_id', (int) $id)->delete('forum_polls');
// Kill any attachments
$query = $this->EE->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE member_id = '{$id}'");
if ($query->num_rows() > 0) {
// Grab the upload path
$res = $this->EE->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
$paths = array();
foreach ($res->result_array() as $row) {
$paths[$row['board_id']] = $row['board_upload_path'];
}
foreach ($query->result_array() as $row) {
if (!isset($paths[$row['board_id']])) {
continue;
}
$file = $paths[$row['board_id']] . $row['filehash'] . $row['extension'];
$thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension'];
@unlink($file);
@unlink($thumb);
$this->EE->db->where('attachment_id', (int) $row['attachment_id'])->delete('forum_attachments');
}
}
// Update the forum stats
$query = $this->EE->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum.php';
require PATH_MOD . 'forum/mod.forum_core.php';
}
$FRM = new Forum_Core();
foreach ($query->result_array() as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
// Va-poo-rize Channel Entries and Comments
$entry_ids = array();
$channel_ids = array();
$recount_ids = array();
// Find Entry IDs and Channel IDs, then delete
$query = $this->EE->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$entry_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
$this->EE->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'");
$this->EE->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
$this->EE->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
}
// Find the affected entries AND channel ids for author's comments
$query = $this->EE->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$recount_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
$recount_ids = array_diff($recount_ids, $entry_ids);
}
// Delete comments by member
$this->EE->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'");
// Update stats on channel entries that were NOT deleted AND had comments by author
if (count($recount_ids) > 0) {
foreach (array_unique($recount_ids) as $entry_id) {
$query = $this->EE->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->EE->db->escape_str($entry_id) . "'");
$comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date');
$query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'");
$this->EE->db->query("UPDATE exp_channel_titles SET comment_total = '" . $this->EE->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'");
}
}
if (count($channel_ids) > 0) {
foreach (array_unique($channel_ids) as $channel_id) {
$this->EE->stats->update_channel_stats($channel_id);
$this->EE->stats->update_comment_stats($channel_id);
}
}
// Email notification recipients
if ($this->EE->session->userdata('mbr_delete_notify_emails') != '') {
$notify_address = $this->EE->session->userdata('mbr_delete_notify_emails');
$swap = array('name' => $this->EE->session->userdata('screen_name'), 'email' => $this->EE->session->userdata('email'), 'site_name' => stripslashes($this->EE->config->item('site_name')));
$email_tit = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_title'), $swap);
$email_msg = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_message'), $swap);
// No notification for the user themselves, if they're in the list
if (strpos($notify_address, $this->EE->session->userdata('email')) !== FALSE) {
$notify_address = str_replace($this->EE->session->userdata('email'), "", $notify_address);
}
$this->EE->load->helper('string');
// Remove multiple commas
$notify_address = reduce_multiples($notify_address, ',', TRUE);
if ($notify_address != '') {
// Send email
$this->EE->load->library('email');
// Load the text helper
$this->EE->load->helper('text');
foreach (explode(',', $notify_address) as $addy) {
$this->EE->email->EE_initialize();
$this->EE->email->wordwrap = FALSE;
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($addy);
$this->EE->email->reply_to($this->EE->config->item('webmaster_email'));
$this->EE->email->subject($email_tit);
$this->EE->email->message(entities_to_ascii($email_msg));
$this->EE->email->send();
}
}
}
// Trash the Session and cookies
$this->EE->db->where('site_id', $this->EE->config->item('site_id'))->where('ip_address', $this->EE->input->ip_address())->where('member_id', (int) $id)->delete('online_users');
$this->EE->db->where('session_id', $this->EE->session->userdata('session_id'))->delete('sessions');
$this->EE->functions->set_cookie($this->EE->session->c_session);
$this->EE->functions->set_cookie($this->EE->session->c_expire);
$this->EE->functions->set_cookie($this->EE->session->c_anon);
$this->EE->functions->set_cookie('read_topics');
$this->EE->functions->set_cookie('tracker');
// Update
$this->EE->stats->update_member_stats();
// Build Success Message
$url = $this->EE->config->item('site_url');
$name = stripslashes($this->EE->config->item('site_name'));
$data = array('title' => $this->EE->lang->line('mbr_delete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name));
return array('success' => $data);
}
/**
* Delete Member Account Processing
*
* @access public
* @return string
*/
public function delete_account()
{
/** ----------------------------------------
/** Authorization Check
/** ----------------------------------------*/
if ($this->_param('member_id') == FALSE or !ctype_digit($this->_param('member_id')) or !isset($_POST['ACT'])) {
return $this->_output_error('general', array(ee()->lang->line('not_authorized')));
}
if (ee()->session->userdata['member_id'] == 0) {
return $this->_output_error('general', ee()->lang->line('not_authorized'));
}
// If not deleting yourself, you must be a SuperAdmin or have Delete Member permissions
// If deleting yourself, you must have permission to do so.
if ($this->_param('member_id') != ee()->session->userdata['member_id']) {
if (ee()->session->userdata['group_id'] != 1 and ee()->session->userdata['can_delete_members'] != 'y') {
return $this->_output_error('general', ee()->lang->line('not_authorized'));
}
} elseif (ee()->session->userdata['can_delete_self'] !== 'y') {
return $this->_output_error('general', ee()->lang->line('not_authorized'));
}
$admin = ee()->session->userdata['member_id'] != $this->_param('member_id') ? TRUE : FALSE;
/** --------------------------------------------
/** Member Data
/** --------------------------------------------*/
$query = ee()->db->query("SELECT m.*,\n\t\t\t\t\tmg.mbr_delete_notify_emails\n\t\t\t FROM \texp_members AS m, \n\t\t\t\t\texp_member_groups AS mg\n\t\t\t WHERE \tm.member_id = '" . ee()->db->escape_str($this->_param('member_id')) . "'\n\t\t\t AND \tm.group_id = mg.group_id");
if ($query->num_rows() == 0) {
return $this->_output_error('general', ee()->lang->line('not_authorized'));
}
/** -------------------------------------
/** One cannot delete a SuperAdmin from the User side. Sorry...
/** -------------------------------------*/
if ($query->row('group_id') == 1) {
return $this->_output_error('general', ee()->lang->line('cannot_delete_super_admin'));
}
/** --------------------------------------------
/** Variables!
/** --------------------------------------------*/
$id = $query->row('member_id');
$check_password = $query->row('password');
$mbr_delete_notify_emails = $query->row('mbr_delete_notify_emails');
$screen_name = $query->row('screen_name');
$email = $query->row('email');
/** ----------------------------------------
/** Is IP and User Agent required for login? Then, same here.
/** ----------------------------------------*/
if (ee()->config->item('require_ip_for_login') == 'y') {
if (ee()->session->userdata['ip_address'] == '' or ee()->session->userdata['user_agent'] == '') {
return $this->_output_error('general', ee()->lang->line('unauthorized_request'));
}
}
/** ----------------------------------------
/** Check password lockout status
/** ----------------------------------------*/
if (ee()->session->check_password_lockout() === TRUE) {
return $this->_output_error('general', str_replace("%x", ee()->config->item('password_lockout_interval'), ee()->lang->line('password_lockout_in_effect')));
}
/* -------------------------------------
/* If deleting self, you must submit your password.
/* If SuperAdmin deleting another, must submit your password
/* -------------------------------------*/
if (APP_VER >= '2.2.0') {
$check_salt = $query->row('salt');
}
// Fetch the SAs password instead as they are the one doing the deleting
if (ee()->session->userdata['member_id'] != $this->_param('member_id')) {
$squery = ee()->db->query("SELECT password" . (APP_VER < '2.2.0' ? '' : ', salt') . " \n\t\t\t\t FROM \texp_members \n\t\t\t\t WHERE \tmember_id = '" . ee()->db->escape_str(ee()->session->userdata['member_id']) . "'");
$check_password = $squery->row('password');
if (APP_VER >= '2.2.0') {
$check_salt = $squery->row('salt');
}
unset($squery);
}
if (APP_VER < '2.2.0') {
$password = ee()->functions->hash(stripslashes(ee()->input->post('password')));
if ($check_password != $password) {
ee()->session->save_password_lockout();
return $this->_output_error('general', ee()->lang->line('invalid_pw'));
}
} else {
ee()->load->library('auth');
$passwd = ee()->auth->hash_password(stripslashes(ee()->input->post('password')), $check_salt);
if (!isset($passwd['salt']) or $passwd['password'] != $check_password) {
ee()->session->save_password_lockout();
return $this->_output_error('general', ee()->lang->line('invalid_pw'));
}
}
// --------------------------------------------
// EE 2.4 Added a Member Model for Deleting That Works Rather Well
// --------------------------------------------
if (APP_VER >= '2.4.0') {
ee()->load->model('member_model');
ee()->member_model->delete_member($id);
} else {
/** -------------------------------------
/** No turning back, get to deletin'!
/** -------------------------------------*/
ee()->db->query("DELETE FROM exp_members WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'");
$message_query = ee()->db->query("SELECT DISTINCT \trecipient_id \n\t\t\t\t FROM \t\t\t\texp_message_copies \n\t\t\t\t WHERE \t\t\t\tsender_id = '{$id}' \n\t\t\t\t AND \t\t\t\tmessage_read = 'n'");
ee()->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'");
ee()->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'");
ee()->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'");
if ($message_query->num_rows() > 0) {
foreach ($message_query->result_array() as $row) {
$count_query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t\t\t FROM \texp_message_copies \n\t\t\t\t\t\t WHERE \trecipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
ee()->db->query(ee()->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), array('member_id' => $row['recipient_id'])));
}
}
/** -------------------------------------
/** Delete Forum Posts
/** -------------------------------------*/
if (ee()->config->item('forum_is_installed') == "y") {
ee()->db->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'");
// Snag the affected topic id's before deleting the member for the update afterwards
$query = ee()->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
$topic_ids = array();
foreach ($query->result_array() as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
ee()->db->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'");
ee()->db->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'");
// Update the forum stats
$query = ee()->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum' . EXT;
require PATH_MOD . 'forum/mod.forum_core' . EXT;
}
$FRM = new Forum_Core();
foreach ($query->result_array() as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Va-poo-rize Weblog Entries and Comments
/** -------------------------------------*/
$entry_ids = array();
$channel_ids = array();
$recount_ids = array();
// Find Entry IDs and Channel IDs, then DELETE! DELETE, WHA HA HA HA!!
if (APP_VER < 2.0) {
$query = ee()->db->query("SELECT entry_id, weblog_id AS channel_id FROM exp_weblog_titles WHERE author_id = '{$id}'");
} else {
$query = ee()->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'");
}
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$entry_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
if (APP_VER < 2.0) {
ee()->db->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'");
ee()->db->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
} else {
ee()->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'");
ee()->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
}
ee()->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
ee()->db->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
}
// Find the affected entries AND channel ids for author's comments
if (APP_VER < 2.0) {
$query = ee()->db->query("SELECT DISTINCT(entry_id), weblog_id AS channel_id FROM exp_comments WHERE author_id = '{$id}'");
} else {
$query = ee()->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'");
}
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$recount_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
$recount_ids = array_diff($recount_ids, $entry_ids);
}
// Delete comments by member
ee()->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'");
$this->EE->stats->update_member_stats();
// Update stats on channel entries that were NOT deleted AND had comments by author
if (count($recount_ids) > 0) {
foreach (array_unique($recount_ids) as $entry_id) {
$query = ee()->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . ee()->db->escape_str($entry_id) . "'");
$comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date');
$query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'");
if (APP_VER < 2.0) {
ee()->db->query("UPDATE exp_weblog_titles SET\tcomment_total = '" . ee()->db->escape_str($query->row('count')) . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'");
} else {
ee()->db->query("UPDATE exp_channel_titles SET comment_total = '" . ee()->db->escape_str($query->row('count')) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'");
}
}
}
foreach (array_unique($channel_ids) as $channel_id) {
if (APP_VER < 2.0) {
ee()->stats->update_weblog_stats($channel_id);
} else {
ee()->stats->update_channel_stats($channel_id);
}
ee()->stats->update_comment_stats($channel_id);
}
}
// END conditional for EE versions below EE 2.4.0
/** -------------------------------------
/** Email notification recipients
/** -------------------------------------*/
if ($mbr_delete_notify_emails != '') {
$notify_address = $mbr_delete_notify_emails;
$swap = array('name' => $screen_name, 'email' => $email, 'site_name' => stripslashes(ee()->config->item('site_name')));
$email_tit = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_title'), $swap);
$email_msg = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_message'), $swap);
// No notification for the user themselves, if they're in the list
if (stristr($notify_address, $email)) {
$notify_address = str_replace($email, "", $notify_address);
}
ee()->load->helper('string');
$notify_address = reduce_multiples($notify_address, ',', TRUE);
if ($notify_address != '') {
/** ----------------------------
/** Send email
/** ----------------------------*/
ee()->load->library('email');
ee()->load->helper('text');
foreach (explode(',', $notify_address) as $addy) {
ee()->email->initialize();
ee()->email->wordwrap = false;
ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
ee()->email->to($addy);
ee()->email->reply_to(ee()->config->item('webmaster_email'));
ee()->email->subject($email_tit);
ee()->email->message(entities_to_ascii($email_msg));
ee()->email->Send();
}
}
}
/** -------------------------------------
/** Trash the Session and cookies
/** -------------------------------------*/
ee()->db->query("DELETE FROM exp_online_users \n\t\t\t\t\t\t WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' \n\t\t\t\t\t\t AND ip_address = '{ee()->input->ip_address()}' \n\t\t\t\t\t\t AND member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_sessions WHERE member_id = '" . $id . "'");
if ($admin === FALSE) {
if (APP_VER < '2.2.0') {
ee()->functions->set_cookie(ee()->session->c_password);
}
ee()->functions->set_cookie(ee()->session->c_session);
ee()->functions->set_cookie(ee()->session->c_expire);
ee()->functions->set_cookie(ee()->session->c_anon);
ee()->functions->set_cookie('read_topics');
ee()->functions->set_cookie('tracker');
}
if (ee()->extensions->active_hook('user_delete_account_end') === TRUE) {
$edata = ee()->extensions->universal_call('user_delete_account_end', $this);
if (ee()->extensions->end_script === TRUE) {
return;
}
}
/** ----------------------------------------
/** Override Return
/** ----------------------------------------*/
if ($this->_param('override_return') !== FALSE and $this->_param('override_return') != '' && $this->is_ajax_request() === FALSE) {
ee()->functions->redirect($this->_param('override_return'));
exit;
}
/** ----------------------------------------
/** Set return
/** ----------------------------------------*/
if (ee()->input->get_post('return') !== FALSE and ee()->input->get_post('return') != '') {
$return = ee()->input->get_post('return');
} elseif (ee()->input->get_post('RET') !== FALSE and ee()->input->get_post('RET') != '') {
$return = ee()->input->get_post('RET');
} else {
$return = ee()->config->item('site_url');
}
if (preg_match("/" . LD . "\\s*path=(.*?)" . RD . "/", $return, $match)) {
$return = ee()->functions->create_url($match['1']);
}
/** ----------------------------------------
/** Return
/** ----------------------------------------*/
$return = $this->_chars_decode($return);
// --------------------------------------------
// AJAX Response
// --------------------------------------------
if ($this->is_ajax_request()) {
$this->send_ajax_response(array('success' => TRUE, 'heading' => lang('user_successful_submission'), 'message' => lang('mbr_account_deleted'), 'content' => lang('mbr_account_deleted')));
}
/** -------------------------------------
/** Build Success Message
/** -------------------------------------*/
$name = stripslashes(ee()->config->item('site_name'));
$data = array('title' => ee()->lang->line('mbr_delete'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_account_deleted'), 'redirect' => $return);
ee()->output->show_message($data);
}
/** ---------------------------------------
/** Prune Forum Topics
/** ---------------------------------------*/
function prune_topics()
{
global $DSP, $FNS, $LANG, $DB, $PREFS, $LOC, $STAT;
if (!$DSP->allowed_group('can_admin_utilities')) {
return $DSP->no_access_message();
}
/** ---------------------------------------
/** Did they submit the number of day?
/** ---------------------------------------*/
if (!is_numeric($_POST['days_ago'])) {
return $DSP->error_message($LANG->line('must_submit_number'));
}
/** ---------------------------------------
/** Did they submit topic IDs?
/** ---------------------------------------*/
$forums = FALSE;
$topic_ids = array();
foreach ($_POST as $key => $val) {
if (substr($key, 0, 9) == 'forum_id_') {
$forums .= "'" . substr($key, 9) . "',";
$topic_ids[] = substr($key, 9);
}
}
if ($forums == '') {
return $DSP->error_message($LANG->line('must_submit_forums'), 2);
}
$forums = " t.forum_id IN (" . substr($forums, 0, -1) . ')';
$days_ago = (is_numeric($_POST['days_ago']) and $_POST['days_ago'] > 0) ? $LOC->now - 60 * 60 * 24 * $_POST['days_ago'] : '';
/** ---------------------------------------
/** Fetch the topic IDs
/** ---------------------------------------*/
if (!isset($_POST['post_filter'])) {
$sql = "SELECT t.topic_id FROM exp_forum_topics t WHERE " . $forums;
if ($days_ago != '') {
$sql .= " AND t.topic_date < {$days_ago}";
}
} else {
$sql = "SELECT t.topic_id FROM exp_forum_topics t \n\t\t\t\t\tLEFT JOIN exp_forum_posts p ON (p.topic_id = t.topic_id)\n\t\t\t\t\tWHERE p.topic_id IS NULL\n\t\t\t\t\tAND " . $forums;
if ($days_ago != '') {
$sql .= " AND t.topic_date < {$days_ago}";
}
}
$query = $DB->query($sql);
if ($query->num_rows == 0) {
return $DSP->error_message($LANG->line('no_topics_matched'), 2);
}
$total = 0;
foreach ($query->result as $row) {
$id = $row['topic_id'];
$DB->query("DELETE FROM exp_forum_topics WHERE topic_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_posts WHERE topic_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_subscriptions WHERE topic_id = '{$id}'");
$total++;
}
/** -------------------------------------
/** Update stats
/** -------------------------------------*/
include_once PATH_MOD . 'forum/mod.forum' . EXT;
include_once PATH_MOD . 'forum/mod.forum_core' . EXT;
foreach ($topic_ids as $id) {
Forum_Core::_update_post_stats($id);
}
$FNS->redirect(BASE . AMP . 'C=admin' . AMP . 'M=utilities' . AMP . 'P=topic_pruning' . AMP . 'update=' . $total);
exit;
}
/**
* Member Delete
*
* Delete Members
*
* @access public
* @return mixed
*/
function member_delete()
{
if (!$this->cp->allowed_group('can_access_members') or !$this->cp->allowed_group('can_delete_members')) {
show_error($this->lang->line('unauthorized_access'));
}
if (!$this->input->post('delete') or !is_array($this->input->post('delete'))) {
$this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members');
}
$this->load->model('member_model');
// Fetch member ID numbers and build the query
$ids = array();
$mids = array();
foreach ($this->input->post('delete') as $key => $val) {
if ($val != '') {
$ids[] = "member_id = '" . $this->db->escape_str($val) . "'";
$mids[] = $this->db->escape_str($val);
}
}
$IDS = implode(" OR ", $ids);
// SAFETY CHECK
// Let's fetch the Member Group ID of each member being deleted
// If there is a Super Admin in the bunch we'll run a few more safeties
$super_admins = 0;
$query = $this->db->query("SELECT group_id FROM exp_members WHERE " . $IDS);
foreach ($query->result_array() as $row) {
if ($query->row('group_id') == 1) {
$super_admins++;
}
}
if ($super_admins > 0) {
// You must be a Super Admin to delete a Super Admin
if ($this->session->userdata['group_id'] != 1) {
show_error($this->lang->line('must_be_superadmin_to_delete_one'));
}
// You can't delete the only Super Admin
$query = $this->member_model->count_members(1);
if ($super_admins >= $query) {
show_error($this->lang->line('can_not_delete_super_admin'));
}
}
// If we got this far we're clear to delete the members
$this->db->query("DELETE FROM exp_members WHERE " . $IDS);
$this->db->query("DELETE FROM exp_member_data WHERE " . $IDS);
$this->db->query("DELETE FROM exp_member_homepage WHERE " . $IDS);
foreach ($mids as $val) {
$message_query = $this->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'");
$this->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'");
$this->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'");
$this->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'");
$this->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'");
if ($message_query->num_rows() > 0) {
foreach ($message_query->result_array() as $row) {
$count_query = $this->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
$this->db->query($this->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'"));
}
}
}
/** ----------------------------------
/** Are there forum posts to delete?
/** ----------------------------------*/
if ($this->config->item('forum_is_installed') == "y") {
$this->db->query("DELETE FROM exp_forum_subscriptions WHERE " . $IDS);
$this->db->query("DELETE FROM exp_forum_pollvotes WHERE " . $IDS);
$IDS = str_replace('member_id', 'admin_member_id', $IDS);
$this->db->query("DELETE FROM exp_forum_administrators WHERE " . $IDS);
$IDS = str_replace('admin_member_id', 'mod_member_id', $IDS);
$this->db->query("DELETE FROM exp_forum_moderators WHERE " . $IDS);
$IDS = str_replace('mod_member_id', 'author_id', $IDS);
$this->db->query("DELETE FROM exp_forum_topics WHERE " . $IDS);
// Snag the affected topic id's before deleting the members for the update afterwards
$query = $this->db->query("SELECT topic_id FROM exp_forum_posts WHERE " . $IDS);
if ($query->num_rows() > 0) {
$topic_ids = array();
foreach ($query->result_array() as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$this->db->query("DELETE FROM exp_forum_posts WHERE " . $IDS);
$this->db->query("DELETE FROM exp_forum_polls WHERE " . $IDS);
$IDS = str_replace('author_id', 'member_id', $IDS);
// Kill any attachments
$query = $this->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE " . $IDS);
if ($query->num_rows() > 0) {
// Grab the upload path
$res = $this->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
$paths = array();
foreach ($res->result_array() as $row) {
$paths[$row['board_id']] = $row['board_upload_path'];
}
foreach ($query->result_array() as $row) {
if (!isset($paths[$row['board_id']])) {
continue;
}
$file = $paths[$row['board_id']] . $row['filehash'] . $row['extension'];
$thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension'];
@unlink($file);
@unlink($thumb);
$this->db->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'");
}
}
// Update the forum stats
$query = $this->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum' . EXT;
require PATH_MOD . 'forum/mod.forum_core' . EXT;
}
$FRM = new Forum_Core();
foreach ($query->result_array() as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Delete comments and update entry stats
/** -------------------------------------*/
$channel_ids = array();
if ($this->db->table_exists('comment_subscriptions')) {
$this->db->query("DELETE FROM exp_comment_subscriptions WHERE " . $IDS);
}
if ($this->db->table_exists('comments')) {
$IDS = str_replace('member_id', 'author_id', $IDS);
$query = $this->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE " . $IDS);
if ($query->num_rows() > 0) {
$this->db->query("DELETE FROM exp_comments WHERE " . $IDS);
foreach ($query->result_array() as $row) {
$channel_ids[] = $row['channel_id'];
$query = $this->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->db->escape_str($row['entry_id']) . "'");
$comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date');
$query = $this->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'");
$this->db->query("UPDATE exp_channel_titles\n\t\t\t\t\t\t\t\tSET comment_total = '" . $this->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}'\n\t\t\t\t\t\t\t\tWHERE entry_id = '{$row['entry_id']}'");
}
}
if (count($channel_ids) > 0) {
foreach (array_unique($channel_ids) as $channel_id) {
$this->stats->update_comment_stats($channel_id);
}
}
}
/** ----------------------------------
/** Reassign Entires to Heir
/** ----------------------------------*/
$heir_id = $this->input->post('heir');
if ($heir_id !== FALSE && is_numeric($heir_id)) {
$this->db->query("UPDATE exp_channel_titles SET author_id = '{$heir_id}' WHERE " . str_replace('member_id', 'author_id', $IDS));
$query = $this->db->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date\n\t\t\t\t\t\t\t\t FROM exp_channel_titles\n\t\t\t\t\t\t\t\t WHERE author_id = '{$heir_id}'");
$this->db->query("UPDATE exp_members\n\t\t\t\t\t\tSET total_entries = '" . $this->db->escape_str($query->row('count')) . "', last_entry_date = '" . $this->db->escape_str($query->row('entry_date')) . "'\n\t\t\t\t\t\tWHERE member_id = '{$heir_id}'");
}
/* -------------------------------------------
/* 'cp_members_member_delete_end' hook.
/* - Additional processing when a member is deleted through the CP
*/
$edata = $this->extensions->call('cp_members_member_delete_end');
if ($this->extensions->end_script === TRUE) {
return;
}
/*
/* -------------------------------------------*/
// Update
$this->stats->update_member_stats();
$cp_message = count($ids) == 1 ? $this->lang->line('member_deleted') : $this->lang->line('members_deleted');
$this->session->set_flashdata('message_success', $cp_message);
$this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members');
}
/** ---------------------------------------------
/** Delete Members
/** ---------------------------------------------*/
function member_delete()
{
global $IN, $DSP, $PREFS, $LANG, $SESS, $FNS, $DB, $STAT, $EXT;
if (!$DSP->allowed_group('can_delete_members')) {
return $DSP->no_access_message();
}
if (!$IN->GBL('delete', 'POST')) {
return $this->view_all_members();
}
/** ---------------------------------------------
/** Fetch member ID numbers and build the query
/** ---------------------------------------------*/
$ids = array();
$mids = array();
foreach ($_POST as $key => $val) {
if (strstr($key, 'delete') and !is_array($val) and $val != '') {
$ids[] = "member_id = '" . $DB->escape_str($val) . "'";
$mids[] = $DB->escape_str($val);
}
}
$IDS = implode(" OR ", $ids);
// SAFETY CHECK
// Let's fetch the Member Group ID of each member being deleted
// If there is a Super Admin in the bunch we'll run a few more safeties
$super_admins = 0;
$query = $DB->query("SELECT group_id FROM exp_members WHERE " . $IDS);
foreach ($query->result as $row) {
if ($query->row['group_id'] == 1) {
$super_admins++;
}
}
if ($super_admins > 0) {
// You must be a Super Admin to delete a Super Admin
if ($SESS->userdata['group_id'] != 1) {
return $DSP->error_message($LANG->line('must_be_superadmin_to_delete_one'));
}
// You can't detete the only Super Admin
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = '1'");
if ($super_admins >= $query->row['count']) {
return $DSP->error_message($LANG->line('can_not_delete_super_admin'));
}
}
// If we got this far we're clear to delete the members
$DB->query("DELETE FROM exp_members WHERE " . $IDS);
$DB->query("DELETE FROM exp_member_data WHERE " . $IDS);
$DB->query("DELETE FROM exp_member_homepage WHERE " . $IDS);
foreach ($mids as $val) {
$message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'");
$DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'");
$DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'");
$DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'");
$DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'");
if ($message_query->num_rows > 0) {
foreach ($message_query->result as $row) {
$count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
$DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '" . $row['recipient_id'] . "'"));
}
}
}
/** ----------------------------------
/** Are there forum posts to delete?
/** ----------------------------------*/
if ($PREFS->ini('forum_is_installed') == "y") {
$DB->query("DELETE FROM exp_forum_subscriptions WHERE " . $IDS);
$DB->query("DELETE FROM exp_forum_pollvotes WHERE " . $IDS);
$IDS = str_replace('member_id', 'admin_member_id', $IDS);
$DB->query("DELETE FROM exp_forum_administrators WHERE " . $IDS);
$IDS = str_replace('admin_member_id', 'mod_member_id', $IDS);
$DB->query("DELETE FROM exp_forum_moderators WHERE " . $IDS);
$IDS = str_replace('mod_member_id', 'author_id', $IDS);
$DB->query("DELETE FROM exp_forum_topics WHERE " . $IDS);
// Snag the affected topic id's before deleting the members for the update afterwards
$query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE " . $IDS);
if ($query->num_rows > 0) {
$topic_ids = array();
foreach ($query->result as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$DB->query("DELETE FROM exp_forum_posts WHERE " . $IDS);
$DB->query("DELETE FROM exp_forum_polls WHERE " . $IDS);
// Kill any attachments
$query = $DB->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE " . str_replace('author_id', 'member_id', $IDS));
if ($query->num_rows > 0) {
// Grab the upload path
$res = $DB->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
$paths = array();
foreach ($res->result as $row) {
$paths[$row['board_id']] = $row['board_upload_path'];
}
foreach ($query->result as $row) {
if (!isset($paths[$row['board_id']])) {
continue;
}
$file = $paths[$row['board_id']] . $row['filehash'] . $row['extension'];
$thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension'];
@unlink($file);
@unlink($thumb);
$DB->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'");
}
}
// Update the forum stats
$query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum' . EXT;
require PATH_MOD . 'forum/mod.forum_core' . EXT;
}
$FRM = new Forum_Core();
foreach ($query->result as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Delete comments and update entry stats
/** -------------------------------------*/
$weblog_ids = array();
$IDS = str_replace('member_id', 'author_id', $IDS);
$query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE " . $IDS);
if ($query->num_rows > 0) {
$DB->query("DELETE FROM exp_comments WHERE " . $IDS);
foreach ($query->result as $row) {
$weblog_ids[] = $row['weblog_id'];
$query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($row['entry_id']) . "'");
$comment_date = ($query->num_rows == 0 or !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'");
$DB->query("UPDATE exp_weblog_titles \n\t\t\t\t\t\t\tSET comment_total = '" . $DB->escape_str($query->row['count']) . "', recent_comment_date = '{$comment_date}' \n\t\t\t\t\t\t\tWHERE entry_id = '{$row['entry_id']}'");
}
}
if (count($weblog_ids) > 0) {
foreach (array_unique($weblog_ids) as $weblog_id) {
$STAT->update_comment_stats($weblog_id);
}
}
/** ----------------------------------
/** Reassign Entires to Heir
/** ----------------------------------*/
$heir_id = $IN->GBL('heir', 'POST');
$entries_exit = $IN->GBL('entries_exit', 'POST');
$gallery_entries_exit = $IN->GBL('gallery_entries_exit', 'POST');
if ($heir_id !== FALSE && is_numeric($heir_id)) {
if ($entries_exit == 'yes') {
$DB->query("UPDATE exp_weblog_titles SET author_id = '{$heir_id}' WHERE \n\t\t\t\t\t" . str_replace('member_id', 'author_id', $IDS));
$query = $DB->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date\n \t\t\t\t\t\t FROM exp_weblog_titles\n \t\t\t\t\t\t WHERE author_id = '{$heir_id}'");
$DB->query("UPDATE exp_members \n \t\t\t\tSET total_entries = '" . $DB->escape_str($query->row['count']) . "', last_entry_date = '" . $DB->escape_str($query->row['entry_date']) . "' \n \t\t\t\tWHERE member_id = '{$heir_id}'");
}
if ($gallery_entries_exit == 'yes') {
$DB->query("UPDATE exp_gallery_entries SET author_id = '{$heir_id}' WHERE " . str_replace('member_id', 'author_id', $IDS));
}
}
// -------------------------------------------
// 'cp_members_member_delete_end' hook.
// - Additional processing when a member is deleted through the CP
//
$edata = $EXT->call_extension('cp_members_member_delete_end');
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
// Update global stats
$STAT->update_member_stats();
$message = count($ids) == 1 ? $DSP->qdiv('success', $LANG->line('member_deleted')) : $DSP->qdiv('success', $LANG->line('members_deleted'));
return $this->view_all_members($message);
}
