if (isset($_POST['summary'])) { if (isset($_POST['hashes']) && is_array($_POST['hashes'])) { $hash_array = array_filter($_POST['hashes'], 'is_md5'); } else { $hash_array = array(); } $used_post_space = format_file_size(attachments_get_post_used_space($_SESSION['UID'], $hash_array)); $free_post_space = attachments_get_free_post_space($_SESSION['UID'], $hash_array); $content_type = 'application/json; charset=UTF-8'; $content = json_encode(array('used_post_space' => $used_post_space, 'free_post_space' => $free_post_space > -1 ? format_file_size($free_post_space) : gettext("Unlimited"), 'free_upload_space' => $free_upload_space > -1 ? format_file_size($free_upload_space) : gettext("Unlimited"))); } else { if (isset($_POST['delete'])) { $valid = true; if (isset($_POST['hashes']) && is_array($_POST['hashes'])) { foreach ($_POST['hashes'] as $hash) { if (!attachments_delete($hash)) { $valid = false; } } } $content_type = 'application/json; charset=UTF-8'; $content = json_encode($valid); } else { if (isset($_FILES['upload']) && is_array($_FILES['upload'])) { for ($i = 0; $i < sizeof($_FILES['upload']['name']); $i++) { if (isset($_FILES['upload']['name'][$i]) && strlen(trim($_FILES['upload']['name'][$i])) > 0) { $file_name = trim($_FILES['upload']['name'][$i]); if (isset($_FILES['upload']['error'][$i]) && $_FILES['upload']['error'][$i] != UPLOAD_ERR_OK) { $valid = false; $error = gettext('Upload had errors'); } else {
function attachments_delete_by_aid($aid) { if (!is_md5($aid)) { return false; } if (!($db = db::get())) { return false; } if (($uid = session::get_value('UID')) === false) { return false; } // Fetch the attachment to make sure the user // is able to delete it, i.e. it belongs to them. $sql = "SELECT PAF.HASH FROM POST_ATTACHMENT_FILES PAF "; $sql .= "WHERE PAF.AID = '{$aid}' AND PAF.UID = '{$uid}'"; if (!($result = $db->query($sql))) { return false; } while ($attachment_data = $result->fetch_assoc()) { if (!attachments_delete($attachment_data['HASH'])) { return false; } } return true; }
function pm_delete_message($mid) { if (!($db = db::get())) { return false; } if (!is_numeric($mid)) { return false; } if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) { return false; } $pm_inbox_items = PM_INBOX_ITEMS; $pm_outbox = PM_OUTBOX; $pm_sent_items = PM_SENT_ITEMS; $pm_saved_out = PM_SAVED_OUT; $pm_saved_in = PM_SAVED_IN; $pm_draft_items = PM_DRAFT_ITEMS; $sql = "DELETE FROM PM_TYPE USING PM_TYPE INNER JOIN PM ON (PM.MID = PM_TYPE.MID) "; $sql .= "WHERE (((PM_TYPE.TYPE & {$pm_inbox_items}) AND PM_TYPE.UID = '{$_SESSION['UID']}') OR "; $sql .= "((PM_TYPE.TYPE & {$pm_outbox}) AND PM.FROM_UID = '{$_SESSION['UID']}') OR "; $sql .= "((PM_TYPE.TYPE & {$pm_sent_items}) AND PM_TYPE.UID = '{$_SESSION['UID']}') OR "; $sql .= "((PM_TYPE.TYPE & {$pm_saved_out}) AND PM_TYPE.UID = '{$_SESSION['UID']}') OR "; $sql .= "((PM_TYPE.TYPE & {$pm_saved_in}) AND PM_TYPE.UID = '{$_SESSION['UID']}') OR "; $sql .= "((PM_TYPE.TYPE & {$pm_draft_items}) AND PM.FROM_UID = '{$_SESSION['UID']}')) "; $sql .= "AND PM_TYPE.MID = '{$mid}'"; if (!($result = $db->query($sql))) { return false; } $sql = "DELETE FROM PM, PM_CONTENT, PM_RECIPIENT USING PM "; $sql .= "LEFT JOIN PM_CONTENT ON (PM_CONTENT.MID = PM.MID) "; $sql .= "LEFT JOIN PM_RECIPIENT ON (PM_RECIPIENT.MID = PM.MID) "; $sql .= "LEFT JOIN PM_TYPE ON (PM_TYPE.MID = PM.MID) "; $sql .= "WHERE PM_TYPE.MID IS NULL AND PM.MID = '{$mid}'"; if (!($result = $db->query($sql))) { return false; } $sql = "SELECT PAF.HASH FROM POST_ATTACHMENT_FILES PAF "; $sql .= "INNER JOIN PM_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) "; $sql .= "LEFT JOIN PM ON (PM.MID = PAI.MID) WHERE PM.MID IS NULL "; $sql .= "AND PAI.MID = '{$mid}'"; if (!($result = $db->query($sql))) { return false; } while (($attachment_data = $result->fetch_assoc()) !== null) { attachments_delete($attachment_data['HASH']); } return true; }
function admin_delete_user($uid, $delete_content = false) { if (!($db = db::get())) { return false; } if (!is_numeric($uid)) { return false; } if (!is_bool($delete_content)) { $delete_content = false; } $current_datetime = date(MYSQL_DATETIME, time()); // Mark as read cut off $modified_cutoff_datetime = forum_get_unread_cutoff_datetime(); // UID of current user if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) { return false; } // Before we delete we verify the user account exists and that // the user is not the current user account. if (($user_logon = user_get_logon($uid)) && $_SESSION['UID'] != $uid) { // Check to see if we're also deleting the user's content. if ($delete_content === true) { // Get a list of available forums if (($forum_table_prefix_array = forum_get_all_prefixes()) !== false) { // Loop through all forums and delete all the user data from every forum. foreach ($forum_table_prefix_array as $forum_table_prefix) { // Delete log entries created by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}ADMIN_LOG` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Links created by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Link Votes made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_VOTE` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Link Comments made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_COMMENT` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Poll Votes made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_POLL_VOTES` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Relationship data for the user and relationships // with this user made by other users. $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PEER` WHERE UID = '{$uid}' OR PEER_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete folder preferences set by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_FOLDER` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Preferences $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PREFS` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Profile. $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PROFILE` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Signature $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_SIG` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Thread Read Data $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_THREAD` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Tracking data (Post Count, etc.) $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_TRACK` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Word Filter Entries made by user $sql = "DELETE QUICK FROM `{$forum_table_prefix}WORD_FILTER` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Polls created by user $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET POLL_FLAG = 'N', "; $sql .= "MODIFIED = IF(MODIFIED < CAST('{$modified_cutoff_datetime}' AS DATETIME), "; $sql .= "MODIFIED, CAST('{$current_datetime}' AS DATETIME)) WHERE BY_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete threads started by the user where // the thread only contains a single post. $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET DELETED = 'Y', "; $sql .= "MODIFIED = IF(MODIFIED < CAST('{$modified_cutoff_datetime}' AS DATETIME), "; $sql .= "MODIFIED, CAST('{$current_datetime}' AS DATETIME)) WHERE BY_UID = '{$uid}' "; $sql .= "AND LENGTH = 1"; if (!$db->query($sql)) { return false; } // Delete content of posts made by this user $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST_CONTENT` POST_CONTENT "; $sql .= "LEFT JOIN `{$forum_table_prefix}POST` POST ON (POST.TID = POST_CONTENT.TID "; $sql .= "AND POST.PID = POST_CONTENT.PID) SET POST_CONTENT.CONTENT = NULL "; $sql .= "WHERE POST.FROM_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Mark posts made by this user as approved so they don't appear in the // approval queue. $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST` "; $sql .= "SET APPROVED = CAST('{$current_datetime}' AS DATETIME), "; $sql .= "APPROVED_BY = '{$_SESSION['UID']}' WHERE FROM_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } } } // Delete User Group Entries related to this user. $sql = "DELETE QUICK FROM GROUP_USERS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Remove all PM_TYPE records $sql = "DELETE QUICK FROM PM_TYPE WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Remove all PM_RECIPIENT records $sql = "DELETE QUICK FROM PM_RECIPIENT WHERE TO_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete any PMs from this user. $sql = "DELETE QUICK FROM PM WHERE FROM_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Remove any PMs that have no recipients. $sql = "DELETE QUICK FROM PM, PM_CONTENT USING PM "; $sql .= "LEFT JOIN PM_CONTENT ON (PM_CONTENT.MID = PM.MID) "; $sql .= "LEFT JOIN PM_RECIPIENT ON (PM_RECIPIENT.MID = PM.MID) "; $sql .= "LEFT JOIN PM_TYPE ON (PM_TYPE.MID = PM.MID) "; $sql .= "WHERE PM_TYPE.MID IS NULL OR PM_RECIPIENT.MID IS NULL"; if (!$db->query($sql)) { return false; } // Delete all the attachments uploaded by the user. $sql = "SELECT HASH FROM POST_ATTACHMENT_FILES WHERE UID = '{$uid}'"; if (!($result = $db->query($sql))) { return false; } while (($attachment_data = $result->fetch_assoc()) !== null) { attachments_delete($attachment_data['HASH']); } // Delete User's PM Search Results $sql = "DELETE QUICK FROM PM_SEARCH_RESULTS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Attachments (doesn't remove the physical files). $sql = "DELETE QUICK FROM POST_ATTACHMENT_FILES WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Search Results. $sql = "DELETE QUICK FROM SEARCH_RESULTS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Sessions $sql = "DELETE QUICK FROM SESSIONS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Forum Preferences and Permissions $sql = "DELETE QUICK FROM USER_FORUM WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's History Data (Logon, Nickname, Email address changes) $sql = "DELETE QUICK FROM USER_HISTORY WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Global Preferences $sql = "DELETE QUICK FROM USER_PERM WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Global Preferences $sql = "DELETE QUICK FROM USER_PREFS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Visitor Log Data $sql = "DELETE QUICK FROM VISITOR_LOG WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Add a log entry to show what we've done. admin_add_log_entry(DELETE_USER_DATA, array($uid, $user_logon)); } // Delete the User account. $sql = "DELETE QUICK FROM USER WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Add a log entry to show what we've done. admin_add_log_entry(DELETE_USER, array($user_logon)); return true; } return false; }