/** * Generate <select> markup */ protected function gen_topic_sort_options($forum_data) { // Dummy variables $sort_days = 0; $limit_days = array(); $sort_by_text = array('x' => $this->user->lang('SORTTOPICS_USER_DEFAULT'), 'a' => $this->user->lang('AUTHOR'), 't' => $this->user->lang('POST_TIME'), 'c' => $this->user->lang('SORTTOPICS_CREATED_TIME'), 'r' => $this->user->lang('REPLIES'), 's' => $this->user->lang('SUBJECT'), 'v' => $this->user->lang('VIEWS')); $sort_key = isset($forum_data['sort_topics_by']) ? $forum_data['sort_topics_by'] : $this->default_sort_by; $sort_dir = isset($forum_data['sort_topics_order']) ? $forum_data['sort_topics_order'] : $this->default_sort_order; $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param, false, $this->default_sort_by, $this->default_sort_order); return array('by' => $s_sort_key, 'order' => $s_sort_dir); }
function main($id, $mode) { global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_filesystem; global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $phpbb_log, $request; $this->id = $id; $this->db = $db; $this->config = $config; $this->template = $template; $this->user = $user; $this->phpbb_container = $phpbb_container; $this->filesystem = $phpbb_filesystem; $this->attachment_manager = $phpbb_container->get('attachment.manager'); $user->add_lang(array('posting', 'viewtopic', 'acp/attachments')); $error = $notify = array(); $submit = isset($_POST['submit']) ? true : false; $action = $request->variable('action', ''); $form_key = 'acp_attach'; add_form_key($form_key); if ($submit && !check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } switch ($mode) { case 'attach': $l_title = 'ACP_ATTACHMENT_SETTINGS'; break; case 'extensions': $l_title = 'ACP_MANAGE_EXTENSIONS'; break; case 'ext_groups': $l_title = 'ACP_EXTENSION_GROUPS'; break; case 'orphan': $l_title = 'ACP_ORPHAN_ATTACHMENTS'; break; case 'manage': $l_title = 'ACP_MANAGE_ATTACHMENTS'; break; default: trigger_error('NO_MODE', E_USER_ERROR); break; } $this->tpl_name = 'acp_attachments'; $this->page_title = $l_title; $template->assign_vars(array('L_TITLE' => $user->lang[$l_title], 'L_TITLE_EXPLAIN' => $user->lang[$l_title . '_EXPLAIN'], 'U_ACTION' => $this->u_action)); switch ($mode) { case 'attach': if (!function_exists('get_supported_image_types')) { include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; } $sql = 'SELECT group_name, cat_id FROM ' . EXTENSION_GROUPS_TABLE . ' WHERE cat_id > 0 ORDER BY cat_id'; $result = $db->sql_query($sql); $s_assigned_groups = array(); while ($row = $db->sql_fetchrow($result)) { $row['group_name'] = isset($user->lang['EXT_GROUP_' . $row['group_name']]) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; $s_assigned_groups[$row['cat_id']][] = $row['group_name']; } $db->sql_freeresult($result); $l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . (!empty($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) ? implode($user->lang['COMMA_SEPARATOR'], $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']'; $display_vars = array('title' => 'ACP_ATTACHMENT_SETTINGS', 'vars' => array('legend1' => 'ACP_ATTACHMENT_SETTINGS', 'img_max_width' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false), 'img_max_height' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false), 'img_link_width' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false), 'img_link_height' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false), 'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'upload_path' => array('lang' => 'UPLOAD_DIR', 'validate' => 'wpath', 'type' => 'text:25:100', 'explain' => true), 'display_order' => array('lang' => 'DISPLAY_ORDER', 'validate' => 'bool', 'type' => 'custom', 'method' => 'display_order', 'explain' => true), 'attachment_quota' => array('lang' => 'ATTACH_QUOTA', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true), 'max_filesize' => array('lang' => 'ATTACH_MAX_FILESIZE', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true), 'max_filesize_pm' => array('lang' => 'ATTACH_MAX_PM_FILESIZE', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true), 'max_attachments' => array('lang' => 'MAX_ATTACHMENTS', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => false), 'max_attachments_pm' => array('lang' => 'MAX_ATTACHMENTS_PM', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => false), 'secure_downloads' => array('lang' => 'SECURE_DOWNLOADS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'secure_allow_deny' => array('lang' => 'SECURE_ALLOW_DENY', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true), 'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'check_attachment_content' => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'legend2' => $l_legend_cat_images, 'img_display_inlined' => array('lang' => 'DISPLAY_INLINED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'absolute_path', 'type' => 'text:20:200', 'explain' => true, 'append' => ' <span>[ <a href="' . $this->u_action . '&action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'), 'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']))); $this->new_config = $config; $cfg_array = isset($_REQUEST['config']) ? $request->variable('config', array('' => '')) : $this->new_config; $error = array(); // We validate the complete config if whished validate_config_vars($display_vars['vars'], $cfg_array, $error); // Do not write values if there is an error if (sizeof($error)) { $submit = false; } // We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to... foreach ($display_vars['vars'] as $config_name => $null) { if (!isset($cfg_array[$config_name]) || strpos($config_name, 'legend') !== false) { continue; } $this->new_config[$config_name] = $config_value = $cfg_array[$config_name]; if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm'))) { $size_var = $request->variable($config_name, ''); $this->new_config[$config_name] = $config_value = $size_var == 'kb' ? round($config_value * 1024) : ($size_var == 'mb' ? round($config_value * 1048576) : $config_value); } if ($submit) { $config->set($config_name, $config_value); } } $this->perform_site_list(); if ($submit) { $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_ATTACH'); // Check Settings $this->test_upload($error, $this->new_config['upload_path'], false); if (!sizeof($error)) { trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); } } $template->assign_var('S_ATTACHMENT_SETTINGS', true); if ($action == 'imgmagick') { $this->new_config['img_imagick'] = $this->search_imagemagick(); } // We strip eventually manual added convert program, we only want the patch if ($this->new_config['img_imagick']) { // Change path separator $this->new_config['img_imagick'] = str_replace('\\', '/', $this->new_config['img_imagick']); $this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']); // Check for trailing slash if (substr($this->new_config['img_imagick'], -1) !== '/') { $this->new_config['img_imagick'] .= '/'; } } $supported_types = get_supported_image_types(); // Check Thumbnail Support if (!$this->new_config['img_imagick'] && (!isset($supported_types['format']) || !sizeof($supported_types['format']))) { $this->new_config['img_create_thumbnail'] = 0; } $template->assign_vars(array('U_SEARCH_IMAGICK' => $this->u_action . '&action=imgmagick', 'S_THUMBNAIL_SUPPORT' => !$this->new_config['img_imagick'] && (!isset($supported_types['format']) || !sizeof($supported_types['format'])) ? false : true)); // Secure Download Options - Same procedure as with banning $allow_deny = $this->new_config['secure_allow_deny'] ? 'ALLOWED' : 'DISALLOWED'; $sql = 'SELECT * FROM ' . SITELIST_TABLE; $result = $db->sql_query($sql); $defined_ips = ''; $ips = array(); while ($row = $db->sql_fetchrow($result)) { $value = $row['site_ip'] ? $row['site_ip'] : $row['site_hostname']; if ($value) { $defined_ips .= '<option' . ($row['ip_exclude'] ? ' class="sep"' : '') . ' value="' . $row['site_id'] . '">' . $value . '</option>'; $ips[$row['site_id']] = $value; } } $db->sql_freeresult($result); $template->assign_vars(array('S_SECURE_DOWNLOADS' => $this->new_config['secure_downloads'], 'S_DEFINED_IPS' => $defined_ips != '' ? true : false, 'S_WARNING' => sizeof($error) ? true : false, 'WARNING_MSG' => implode('<br />', $error), 'DEFINED_IPS' => $defined_ips, 'L_SECURE_TITLE' => $user->lang['DEFINE_' . $allow_deny . '_IPS'], 'L_IP_EXCLUDE' => $user->lang['EXCLUDE_FROM_' . $allow_deny . '_IP'], 'L_REMOVE_IPS' => $user->lang['REMOVE_' . $allow_deny . '_IPS'])); // Output relevant options foreach ($display_vars['vars'] as $config_key => $vars) { if (!is_array($vars) && strpos($config_key, 'legend') === false) { continue; } if (strpos($config_key, 'legend') !== false) { $template->assign_block_vars('options', array('S_LEGEND' => true, 'LEGEND' => isset($user->lang[$vars]) ? $user->lang[$vars] : $vars)); continue; } $type = explode(':', $vars['type']); $l_explain = ''; if ($vars['explain'] && isset($vars['lang_explain'])) { $l_explain = isset($user->lang[$vars['lang_explain']]) ? $user->lang[$vars['lang_explain']] : $vars['lang_explain']; } else { if ($vars['explain']) { $l_explain = isset($user->lang[$vars['lang'] . '_EXPLAIN']) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : ''; } } $content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars); if (empty($content)) { continue; } $template->assign_block_vars('options', array('KEY' => $config_key, 'TITLE' => $user->lang[$vars['lang']], 'S_EXPLAIN' => $vars['explain'], 'TITLE_EXPLAIN' => $l_explain, 'CONTENT' => $content)); unset($display_vars['vars'][$config_key]); } break; case 'extensions': if ($submit || isset($_POST['add_extension_check'])) { if ($submit) { // Change Extensions ? $extension_change_list = $request->variable('extension_change_list', array(0)); $group_select_list = $request->variable('group_select', array(0)); // Generate correct Change List $extensions = array(); for ($i = 0, $size = sizeof($extension_change_list); $i < $size; $i++) { $extensions[$extension_change_list[$i]]['group_id'] = $group_select_list[$i]; } $sql = 'SELECT * FROM ' . EXTENSIONS_TABLE . ' ORDER BY extension_id'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if ($row['group_id'] != $extensions[$row['extension_id']]['group_id']) { $sql = 'UPDATE ' . EXTENSIONS_TABLE . ' SET group_id = ' . (int) $extensions[$row['extension_id']]['group_id'] . ' WHERE extension_id = ' . $row['extension_id']; $db->sql_query($sql); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_UPDATE', false, array($row['extension'])); } } $db->sql_freeresult($result); // Delete Extension? $extension_id_list = $request->variable('extension_id_list', array(0)); if (sizeof($extension_id_list)) { $sql = 'SELECT extension FROM ' . EXTENSIONS_TABLE . ' WHERE ' . $db->sql_in_set('extension_id', $extension_id_list); $result = $db->sql_query($sql); $extension_list = ''; while ($row = $db->sql_fetchrow($result)) { $extension_list .= $extension_list == '' ? $row['extension'] : ', ' . $row['extension']; } $db->sql_freeresult($result); $sql = 'DELETE FROM ' . EXTENSIONS_TABLE . ' WHERE ' . $db->sql_in_set('extension_id', $extension_id_list); $db->sql_query($sql); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_DEL', false, array($extension_list)); } } // Add Extension? $add_extension = strtolower($request->variable('add_extension', '')); $add_extension_group = $request->variable('add_group_select', 0); $add = isset($_POST['add_extension_check']) ? true : false; if ($add_extension && $add) { if (!sizeof($error)) { $sql = 'SELECT extension_id FROM ' . EXTENSIONS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE extension = '" . $db->sql_escape($add_extension) . "'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension); } $db->sql_freeresult($result); if (!sizeof($error)) { $sql_ary = array('group_id' => $add_extension_group, 'extension' => $add_extension); $db->sql_query('INSERT INTO ' . EXTENSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_ADD', false, array($add_extension)); } } } if (!sizeof($error)) { $notify[] = $user->lang['EXTENSIONS_UPDATED']; } $cache->destroy('_extensions'); } $template->assign_vars(array('S_EXTENSIONS' => true, 'ADD_EXTENSION' => isset($add_extension) ? $add_extension : '', 'GROUP_SELECT_OPTIONS' => isset($_POST['add_extension_check']) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group'))); $sql = 'SELECT * FROM ' . EXTENSIONS_TABLE . ' ORDER BY group_id, extension'; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $old_group_id = $row['group_id']; do { $s_spacer = false; $current_group_id = $row['group_id']; if ($old_group_id != $current_group_id) { $s_spacer = true; $old_group_id = $current_group_id; } $template->assign_block_vars('extensions', array('S_SPACER' => $s_spacer, 'EXTENSION_ID' => $row['extension_id'], 'EXTENSION' => $row['extension'], 'GROUP_OPTIONS' => $this->group_select('group_select[]', $row['group_id']))); } while ($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); break; case 'ext_groups': $template->assign_var('S_EXTENSION_GROUPS', true); if ($submit) { $action = $request->variable('action', ''); $group_id = $request->variable('g', 0); if ($action != 'add' && $action != 'edit') { trigger_error('NO_MODE', E_USER_ERROR); } if (!$group_id && $action == 'edit') { trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); } if ($group_id) { $sql = 'SELECT * FROM ' . EXTENSION_GROUPS_TABLE . "\n\t\t\t\t\t\t\tWHERE group_id = {$group_id}"; $result = $db->sql_query($sql); $ext_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$ext_row) { trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); } } else { $ext_row = array(); } $group_name = $request->variable('group_name', '', true); $new_group_name = $action == 'add' ? $group_name : ($ext_row['group_name'] != $group_name ? $group_name : ''); if (!$group_name) { $error[] = $user->lang['NO_EXT_GROUP_NAME']; } // Check New Group Name if ($new_group_name) { $sql = 'SELECT group_id FROM ' . EXTENSION_GROUPS_TABLE . "\n\t\t\t\t\t\t\tWHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'"; if ($group_id) { $sql .= ' AND group_id <> ' . $group_id; } $result = $db->sql_query($sql); if ($db->sql_fetchrow($result)) { $error[] = sprintf($user->lang['EXTENSION_GROUP_EXIST'], $new_group_name); } $db->sql_freeresult($result); } if (!sizeof($error)) { // Ok, build the update/insert array $upload_icon = $request->variable('upload_icon', 'no_image'); $size_select = $request->variable('size_select', 'b'); $forum_select = $request->variable('forum_select', false); $allowed_forums = $request->variable('allowed_forums', array(0)); $allow_in_pm = isset($_POST['allow_in_pm']) ? true : false; $max_filesize = $request->variable('max_filesize', 0); $max_filesize = $size_select == 'kb' ? round($max_filesize * 1024) : ($size_select == 'mb' ? round($max_filesize * 1048576) : $max_filesize); $allow_group = isset($_POST['allow_group']) ? true : false; if ($max_filesize == $config['max_filesize']) { $max_filesize = 0; } if (!sizeof($allowed_forums)) { $forum_select = false; } $group_ary = array('group_name' => $group_name, 'cat_id' => $request->variable('special_category', ATTACHMENT_CATEGORY_NONE), 'allow_group' => $allow_group ? 1 : 0, 'upload_icon' => $upload_icon == 'no_image' ? '' : $upload_icon, 'max_filesize' => $max_filesize, 'allowed_forums' => $forum_select ? serialize($allowed_forums) : '', 'allow_in_pm' => $allow_in_pm ? 1 : 0); if ($action == 'add') { $group_ary['download_mode'] = INLINE_LINK; } $sql = $action == 'add' ? 'INSERT INTO ' . EXTENSION_GROUPS_TABLE . ' ' : 'UPDATE ' . EXTENSION_GROUPS_TABLE . ' SET '; $sql .= $db->sql_build_array($action == 'add' ? 'INSERT' : 'UPDATE', $group_ary); $sql .= $action == 'edit' ? " WHERE group_id = {$group_id}" : ''; $db->sql_query($sql); if ($action == 'add') { $group_id = $db->sql_nextid(); } $group_name = isset($user->lang['EXT_GROUP_' . $group_name]) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name)); } $extension_list = $request->variable('extensions', array(0)); if ($action == 'edit' && sizeof($extension_list)) { $sql = 'UPDATE ' . EXTENSIONS_TABLE . "\n\t\t\t\t\t\t\tSET group_id = 0\n\t\t\t\t\t\t\tWHERE group_id = {$group_id}"; $db->sql_query($sql); } if (sizeof($extension_list)) { $sql = 'UPDATE ' . EXTENSIONS_TABLE . "\n\t\t\t\t\t\t\tSET group_id = {$group_id}\n\t\t\t\t\t\t\tWHERE " . $db->sql_in_set('extension_id', $extension_list); $db->sql_query($sql); } $cache->destroy('_extensions'); if (!sizeof($error)) { $notify[] = $user->lang['SUCCESS_EXTENSION_GROUP_' . strtoupper($action)]; } } $cat_lang = array(ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'], ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'], ATTACHMENT_CATEGORY_FLASH => $user->lang['CAT_FLASH_FILES']); $group_id = $request->variable('g', 0); $action = isset($_POST['add']) ? 'add' : $action; switch ($action) { case 'delete': if (confirm_box(true)) { $sql = 'SELECT group_name FROM ' . EXTENSION_GROUPS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE group_id = {$group_id}"; $result = $db->sql_query($sql); $group_name = (string) $db->sql_fetchfield('group_name'); $db->sql_freeresult($result); $sql = 'DELETE FROM ' . EXTENSION_GROUPS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE group_id = {$group_id}"; $db->sql_query($sql); // Set corresponding Extensions to a pending Group $sql = 'UPDATE ' . EXTENSIONS_TABLE . "\n\t\t\t\t\t\t\t\tSET group_id = 0\n\t\t\t\t\t\t\t\tWHERE group_id = {$group_id}"; $db->sql_query($sql); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_DEL', false, array($group_name)); $cache->destroy('_extensions'); trigger_error($user->lang['EXTENSION_GROUP_DELETED'] . adm_back_link($this->u_action)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('i' => $id, 'mode' => $mode, 'group_id' => $group_id, 'action' => 'delete'))); } break; case 'edit': if (!$group_id) { trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); } $sql = 'SELECT * FROM ' . EXTENSION_GROUPS_TABLE . "\n\t\t\t\t\t\t\tWHERE group_id = {$group_id}"; $result = $db->sql_query($sql); $ext_group_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $forum_ids = !$ext_group_row['allowed_forums'] ? array() : unserialize(trim($ext_group_row['allowed_forums'])); // no break; // no break; case 'add': if ($action == 'add') { $ext_group_row = array('group_name' => $request->variable('group_name', '', true), 'cat_id' => 0, 'allow_group' => 1, 'allow_in_pm' => 1, 'upload_icon' => '', 'max_filesize' => 0); $forum_ids = array(); } $sql = 'SELECT * FROM ' . EXTENSIONS_TABLE . "\n\t\t\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\t\t\tOR group_id = 0\n\t\t\t\t\t\t\tORDER BY extension"; $result = $db->sql_query($sql); $extensions = $db->sql_fetchrowset($result); $db->sql_freeresult($result); if ($ext_group_row['max_filesize'] == 0) { $ext_group_row['max_filesize'] = (int) $config['max_filesize']; } $max_filesize = get_formatted_filesize($ext_group_row['max_filesize'], false, array('mb', 'kb', 'b')); $size_format = $max_filesize['si_identifier']; $ext_group_row['max_filesize'] = $max_filesize['value']; $img_path = $config['upload_icons_path']; $filename_list = ''; $no_image_select = false; $imglist = filelist($phpbb_root_path . $img_path); if (!empty($imglist[''])) { $imglist = array_values($imglist); $imglist = $imglist[0]; foreach ($imglist as $key => $img) { if (!$ext_group_row['upload_icon']) { $no_image_select = true; $selected = ''; } else { $selected = $ext_group_row['upload_icon'] == $img ? ' selected="selected"' : ''; } if (strlen($img) > 255) { continue; } $filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>'; } } $i = 0; $assigned_extensions = ''; foreach ($extensions as $num => $row) { if ($row['group_id'] == $group_id && $group_id) { $assigned_extensions .= $i ? ', ' . $row['extension'] : $row['extension']; $i++; } } $s_extension_options = ''; foreach ($extensions as $row) { $s_extension_options .= '<option' . (!$row['group_id'] ? ' class="disabled"' : '') . ' value="' . $row['extension_id'] . '"' . ($row['group_id'] == $group_id && $group_id ? ' selected="selected"' : '') . '>' . $row['extension'] . '</option>'; } $template->assign_vars(array('IMG_PATH' => $img_path, 'ACTION' => $action, 'GROUP_ID' => $group_id, 'GROUP_NAME' => $ext_group_row['group_name'], 'ALLOW_GROUP' => $ext_group_row['allow_group'], 'ALLOW_IN_PM' => $ext_group_row['allow_in_pm'], 'UPLOAD_ICON_SRC' => $phpbb_root_path . $img_path . '/' . $ext_group_row['upload_icon'], 'EXTGROUP_FILESIZE' => $ext_group_row['max_filesize'], 'ASSIGNED_EXTENSIONS' => $assigned_extensions, 'S_CATEGORY_SELECT' => $this->category_select('special_category', $group_id, 'category'), 'S_EXT_GROUP_SIZE_OPTIONS' => size_select_options($size_format), 'S_EXTENSION_OPTIONS' => $s_extension_options, 'S_FILENAME_LIST' => $filename_list, 'S_EDIT_GROUP' => true, 'S_NO_IMAGE' => $no_image_select, 'S_FORUM_IDS' => sizeof($forum_ids) ? true : false, 'U_EXTENSIONS' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i={$id}&mode=extensions"), 'U_BACK' => $this->u_action, 'L_LEGEND' => $user->lang[strtoupper($action) . '_EXTENSION_GROUP'])); $s_forum_id_options = ''; /** @todo use in-built function **/ $sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id FROM ' . FORUMS_TABLE . ' ORDER BY left_id ASC'; $result = $db->sql_query($sql, 600); $right = $cat_right = $padding_inc = 0; $padding = $forum_list = $holding = ''; $padding_store = array('0' => ''); while ($row = $db->sql_fetchrow($result)) { if ($row['forum_type'] == FORUM_CAT && $row['left_id'] + 1 == $row['right_id']) { // Non-postable forum with no subforums, don't display continue; } if (!$auth->acl_get('f_list', $row['forum_id'])) { // if the user does not have permissions to list this forum skip continue; } if ($row['left_id'] < $right) { $padding .= ' '; $padding_store[$row['parent_id']] = $padding; } else { if ($row['left_id'] > $right + 1) { $padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']]; } } $right = $row['right_id']; $selected = in_array($row['forum_id'], $forum_ids) ? ' selected="selected"' : ''; if ($row['left_id'] > $cat_right) { // make sure we don't forget anything $s_forum_id_options .= $holding; $holding = ''; } if ($row['right_id'] - $row['left_id'] > 1) { $cat_right = max($cat_right, $row['right_id']); $holding .= '<option value="' . $row['forum_id'] . '"' . ($row['forum_type'] == FORUM_POST ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>'; } else { $s_forum_id_options .= $holding . '<option value="' . $row['forum_id'] . '"' . ($row['forum_type'] == FORUM_POST ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>'; $holding = ''; } } if ($holding) { $s_forum_id_options .= $holding; } $db->sql_freeresult($result); unset($padding_store); $template->assign_vars(array('S_FORUM_ID_OPTIONS' => $s_forum_id_options)); break; } $sql = 'SELECT * FROM ' . EXTENSION_GROUPS_TABLE . ' ORDER BY allow_group DESC, allow_in_pm DESC, group_name'; $result = $db->sql_query($sql); $old_allow_group = $old_allow_pm = 1; while ($row = $db->sql_fetchrow($result)) { $s_add_spacer = $old_allow_group != $row['allow_group'] || $old_allow_pm != $row['allow_in_pm'] ? true : false; $template->assign_block_vars('groups', array('S_ADD_SPACER' => $s_add_spacer, 'S_ALLOWED_IN_PM' => $row['allow_in_pm'] ? true : false, 'S_GROUP_ALLOWED' => $row['allow_group'] ? true : false, 'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}", 'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}", 'GROUP_NAME' => isset($user->lang['EXT_GROUP_' . $row['group_name']]) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'], 'CATEGORY' => $cat_lang[$row['cat_id']])); $old_allow_group = $row['allow_group']; $old_allow_pm = $row['allow_in_pm']; } $db->sql_freeresult($result); break; case 'orphan': if ($submit) { $delete_files = isset($_POST['delete']) ? array_keys($request->variable('delete', array('' => 0))) : array(); $add_files = isset($_POST['add']) ? array_keys($request->variable('add', array('' => 0))) : array(); $post_ids = $request->variable('post_id', array('' => 0)); if (sizeof($delete_files)) { $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', $delete_files) . ' AND is_orphan = 1'; $result = $db->sql_query($sql); $delete_files = array(); while ($row = $db->sql_fetchrow($result)) { $this->attachment_manager->unlink($row['physical_filename'], 'file'); if ($row['thumbnail']) { $this->attachment_manager->unlink($row['physical_filename'], 'thumbnail'); } $delete_files[$row['attach_id']] = $row['real_filename']; } $db->sql_freeresult($result); } if (sizeof($delete_files)) { $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', array_keys($delete_files)); $db->sql_query($sql); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_ORPHAN_DEL', false, array(implode(', ', $delete_files))); $notify[] = sprintf($user->lang['LOG_ATTACH_ORPHAN_DEL'], implode($user->lang['COMMA_SEPARATOR'], $delete_files)); } $upload_list = array(); foreach ($add_files as $attach_id) { if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id])) { $upload_list[$attach_id] = $post_ids[$attach_id]; } } unset($add_files); if (sizeof($upload_list)) { $template->assign_var('S_UPLOADING_FILES', true); $sql = 'SELECT forum_id, forum_name FROM ' . FORUMS_TABLE; $result = $db->sql_query($sql); $forum_names = array(); while ($row = $db->sql_fetchrow($result)) { $forum_names[$row['forum_id']] = $row['forum_name']; } $db->sql_freeresult($result); $sql = 'SELECT forum_id, topic_id, post_id, poster_id FROM ' . POSTS_TABLE . ' WHERE ' . $db->sql_in_set('post_id', $upload_list); $result = $db->sql_query($sql); $post_info = array(); while ($row = $db->sql_fetchrow($result)) { $post_info[$row['post_id']] = $row; } $db->sql_freeresult($result); // Select those attachments we want to change... $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', array_keys($upload_list)) . ' AND is_orphan = 1'; $result = $db->sql_query($sql); $files_added = $space_taken = 0; while ($row = $db->sql_fetchrow($result)) { $post_row = $post_info[$upload_list[$row['attach_id']]]; $template->assign_block_vars('upload', array('FILE_INFO' => sprintf($user->lang['UPLOADING_FILE_TO'], $row['real_filename'], $post_row['post_id']), 'S_DENIED' => !$auth->acl_get('f_attach', $post_row['forum_id']) ? true : false, 'L_DENIED' => !$auth->acl_get('f_attach', $post_row['forum_id']) ? sprintf($user->lang['UPLOAD_DENIED_FORUM'], $forum_names[$row['forum_id']]) : '')); if (!$auth->acl_get('f_attach', $post_row['forum_id'])) { continue; } // Adjust attachment entry $sql_ary = array('in_message' => 0, 'is_orphan' => 0, 'poster_id' => $post_row['poster_id'], 'post_msg_id' => $post_row['post_id'], 'topic_id' => $post_row['topic_id']); $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE attach_id = ' . $row['attach_id']; $db->sql_query($sql); $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_attachment = 1 WHERE post_id = ' . $post_row['post_id']; $db->sql_query($sql); $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_attachment = 1 WHERE topic_id = ' . $post_row['topic_id']; $db->sql_query($sql); $space_taken += $row['filesize']; $files_added++; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_FILEUPLOAD', false, array($post_row['post_id'], $row['real_filename'])); } $db->sql_freeresult($result); if ($files_added) { $config->increment('upload_dir_size', $space_taken, false); $config->increment('num_files', $files_added, false); } } } $template->assign_vars(array('S_ORPHAN' => true)); // Just get the files with is_orphan set and older than 3 hours $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . ' WHERE is_orphan = 1 AND filetime < ' . (time() - 3 * 60 * 60) . ' ORDER BY filetime DESC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('orphan', array('FILESIZE' => get_formatted_filesize($row['filesize']), 'FILETIME' => $user->format_date($row['filetime']), 'REAL_FILENAME' => utf8_basename($row['real_filename']), 'PHYSICAL_FILENAME' => utf8_basename($row['physical_filename']), 'ATTACH_ID' => $row['attach_id'], 'POST_IDS' => !empty($post_ids[$row['attach_id']]) ? $post_ids[$row['attach_id']] : '', 'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&id=' . $row['attach_id']))); } $db->sql_freeresult($result); break; case 'manage': if ($submit) { $delete_files = isset($_POST['delete']) ? array_keys($request->variable('delete', array('' => 0))) : array(); if (sizeof($delete_files)) { // Select those attachments we want to delete... $sql = 'SELECT real_filename FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', $delete_files) . ' AND is_orphan = 0'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $deleted_filenames[] = $row['real_filename']; } $db->sql_freeresult($result); if ($num_deleted = $this->attachment_manager->delete('attach', $delete_files)) { if (sizeof($delete_files) != $num_deleted) { $error[] = $user->lang['FILES_GONE']; } $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode(', ', $deleted_filenames))); $notify[] = sprintf($user->lang['LOG_ATTACHMENTS_DELETED'], implode($user->lang['COMMA_SEPARATOR'], $deleted_filenames)); } else { $error[] = $user->lang['NO_FILES_TO_DELETE']; } } } if ($action == 'stats') { $this->handle_stats_resync(); } $stats_error = $this->check_stats_accuracy(); if ($stats_error) { $error[] = $stats_error; } $template->assign_vars(array('S_MANAGE' => true)); $start = $request->variable('start', 0); // Sort keys $sort_days = $request->variable('st', 0); $sort_key = $request->variable('sk', 't'); $sort_dir = $request->variable('sd', 'd'); // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('f' => $user->lang['FILENAME'], 't' => $user->lang['FILEDATE'], 's' => $user->lang['FILESIZE'], 'x' => $user->lang['EXTENSION'], 'd' => $user->lang['DOWNLOADS'], 'p' => $user->lang['ATTACH_POST_TYPE'], 'u' => $user->lang['AUTHOR']); $sort_by_sql = array('f' => 'a.real_filename', 't' => 'a.filetime', 's' => 'a.filesize', 'x' => 'a.extension', 'd' => 'a.download_count', 'p' => 'a.in_message', 'u' => 'u.username'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $min_filetime = $sort_days ? time() - $sort_days * 86400 : ''; $limit_filetime = $min_filetime ? " AND a.filetime >= {$min_filetime} " : ''; $start = $sort_days && isset($_POST['sort']) ? 0 : $start; $attachments_per_page = (int) $config['topics_per_page']; $stats = $this->get_attachment_stats($limit_filetime); $num_files = $stats['num_files']; $total_size = $stats['upload_dir_size']; // Make sure $start is set to the last page if it exceeds the amount /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $start = $pagination->validate_start($start, $attachments_per_page, $num_files); // If the user is trying to reach the second half of the attachments list, fetch it starting from the end $store_reverse = false; $sql_limit = $attachments_per_page; if ($start > $num_files / 2) { $store_reverse = true; // Select the sort order. Add time sort anchor for non-time sorting cases $sql_sort_anchor = $sort_key != 't' ? ', a.filetime ' . ($sort_dir == 'd' ? 'ASC' : 'DESC') : ''; $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'ASC' : 'DESC') . $sql_sort_anchor; $sql_limit = $pagination->reverse_limit($start, $sql_limit, $num_files); $sql_start = $pagination->reverse_start($start, $sql_limit, $num_files); } else { // Select the sort order. Add time sort anchor for non-time sorting cases $sql_sort_anchor = $sort_key != 't' ? ', a.filetime ' . ($sort_dir == 'd' ? 'DESC' : 'ASC') : ''; $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC') . $sql_sort_anchor; $sql_start = $start; } $attachments_list = array(); // Just get the files $sql = 'SELECT a.*, u.username, u.user_colour, t.topic_title FROM ' . ATTACHMENTS_TABLE . ' a LEFT JOIN ' . USERS_TABLE . ' u ON (u.user_id = a.poster_id) LEFT JOIN ' . TOPICS_TABLE . " t ON (a.topic_id = t.topic_id)\n\t\t\t\t\tWHERE a.is_orphan = 0\n\t\t\t\t\t\t{$limit_filetime}\n\t\t\t\t\tORDER BY {$sql_sort_order}"; $result = $db->sql_query_limit($sql, $sql_limit, $sql_start); $i = $store_reverse ? $sql_limit - 1 : 0; // Store increment value in a variable to save some conditional calls $i_increment = $store_reverse ? -1 : 1; while ($attachment_row = $db->sql_fetchrow($result)) { $attachments_list[$i] = $attachment_row; $i = $i + $i_increment; } $db->sql_freeresult($result); $base_url = $this->u_action . "&{$u_sort_param}"; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_files, $attachments_per_page, $start); $template->assign_vars(array('TOTAL_FILES' => $num_files, 'TOTAL_SIZE' => get_formatted_filesize($total_size), 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir)); // Grab extensions $extensions = $cache->obtain_attach_extensions(true); for ($i = 0, $end = sizeof($attachments_list); $i < $end; ++$i) { $row = $attachments_list[$i]; $row['extension'] = strtolower(trim((string) $row['extension'])); $comment = $row['attach_comment'] && !$row['in_message'] ? str_replace(array("\n", "\r"), array('<br />', "\n"), $row['attach_comment']) : ''; $display_cat = $extensions[$row['extension']]['display_cat']; $l_downloaded_viewed = $display_cat == ATTACHMENT_CATEGORY_NONE ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS'; $template->assign_block_vars('attachments', array('ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']), 'FILESIZE' => get_formatted_filesize((int) $row['filesize']), 'FILETIME' => $user->format_date((int) $row['filetime']), 'REAL_FILENAME' => !$row['in_message'] ? utf8_basename((string) $row['real_filename']) : '', 'PHYSICAL_FILENAME' => utf8_basename((string) $row['physical_filename']), 'EXT_GROUP_NAME' => !empty($extensions[$row['extension']]['group_name']) ? $user->lang['EXT_GROUP_' . $extensions[$row['extension']]['group_name']] : '', 'COMMENT' => $comment, 'TOPIC_TITLE' => !$row['in_message'] ? (string) $row['topic_title'] : '', 'ATTACH_ID' => (int) $row['attach_id'], 'POST_ID' => (int) $row['post_msg_id'], 'TOPIC_ID' => (int) $row['topic_id'], 'POST_IDS' => !empty($post_ids[$row['attach_id']]) ? (int) $post_ids[$row['attach_id']] : '', 'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $row['download_count']), 'S_IN_MESSAGE' => (bool) $row['in_message'], 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "t={$row['topic_id']}&p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}", 'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&id=' . $row['attach_id']))); } break; } if (sizeof($error)) { $template->assign_vars(array('S_WARNING' => true, 'WARNING_MSG' => implode('<br />', $error))); } if (sizeof($notify)) { $template->assign_vars(array('S_NOTIFY' => true, 'NOTIFY_MSG' => implode('<br />', $notify))); } }
/** * Display user notes */ function mcp_notes_user_view($action) { global $_CLASS, $_CORE_CONFIG, $config; $user_id = request_var('u', 0); $username = request_var('username', ''); $start = request_var('start', 0); $st = request_var('st', 0); $sk = request_var('sk', 'b'); $sd = request_var('sd', 'd'); $url = 'forums&file=mcp&i=notes&mode=user_notes'; $sql_where = $user_id ? "user_id = {$user_id}" : "username = '******'"; $sql = 'SELECT * FROM ' . CORE_USERS_TABLE . "\n\t\tWHERE {$sql_where}"; $result = $_CLASS['core_db']->query($sql); $userrow = $_CLASS['core_db']->fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if (!$userrow) { trigger_error('NO_USER'); } $user_id = $userrow['user_id']; $deletemark = $action === 'del_marked'; $deleteall = $action === 'del_all'; $marked = get_variable('marknote', 'REQUEST', false, 'array:int'); $usernote = request_var('usernote', '', true); // Handle any actions if (($deletemark || $deleteall) && $_CLASS['forums_auth']->acl_get('a_clearlogs')) { $where_sql = ''; if ($deletemark && !empty($marked)) { $where_sql = ' AND log_id IN (' . implode(', ', $marked) . ')'; } if ($where_sql || $deleteall) { $sql = 'DELETE FROM ' . FORUMS_LOG_TABLE . ' WHERE log_type = ' . LOG_USERS . " \n\t\t\t\t\tAND reportee_id = {$user_id}\n\t\t\t\t\t{$where_sql}"; $_CLASS['core_db']->query($sql); add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); $msg = $deletemark ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; $redirect = generate_link($url . '&u=' . $user_id); $_CLASS['core_display']->meta_refresh(3, $redirect); trigger_error($_CLASS['core_user']->lang[$msg] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } } if ($usernote && $action === 'add_feedback') { add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); $redirect = generate_link($url . '&u=' . $user_id); $_CLASS['core_display']->meta_refresh(3, $redirect); trigger_error($_CLASS['core_user']->lang['USER_FEEDBACK_ADDED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } // Generate the appropriate user information for the user we are looking at $rank_title = $rank_img = ''; //get_user_rank($userrow['user_rank'], $userrow['user_posts'], $rank_title, $rank_img); $avatar_img = ''; if (!empty($userrow['user_avatar'])) { switch ($userrow['user_avatar_type']) { case AVATAR_UPLOAD: $avatar_img = $_CORE_CONFIG['global']['path_avatar_upload'] . '/'; break; case AVATAR_GALLERY: $avatar_img = $_CORE_CONFIG['global']['path_avatar_gallery'] . '/'; break; } $avatar_img .= $userrow['user_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $userrow['user_avatar_width'] . '" height="' . $userrow['user_avatar_height'] . '" alt="" />'; } $limit_days = array(0 => $_CLASS['core_user']->lang['ALL_ENTRIES'], 1 => $_CLASS['core_user']->lang['1_DAY'], 7 => $_CLASS['core_user']->lang['7_DAYS'], 14 => $_CLASS['core_user']->lang['2_WEEKS'], 30 => $_CLASS['core_user']->lang['1_MONTH'], 90 => $_CLASS['core_user']->lang['3_MONTHS'], 180 => $_CLASS['core_user']->lang['6_MONTHS'], 365 => $_CLASS['core_user']->lang['1_YEAR']); $sort_by_text = array('a' => $_CLASS['core_user']->lang['SORT_USERNAME'], 'b' => $_CLASS['core_user']->lang['SORT_DATE'], 'c' => $_CLASS['core_user']->lang['SORT_IP'], 'd' => $_CLASS['core_user']->lang['SORT_ACTION']); $sort_by_sql = array('a' => 'l.username', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $st ? $_CLASS['core_user']->time - $st * 86400 : 0; $sql_sort = $sort_by_sql[$sk] . ' ' . ($sd == 'd' ? 'DESC' : 'ASC'); $log_data = array(); $log_count = 0; view_log('user', $log_data, $log_count, $config['posts_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); $_CLASS['core_template']->assign('S_USER_NOTES', false); if ($log_count) { $_CLASS['core_template']->assign('S_USER_NOTES', true); foreach ($log_data as $row) { $_CLASS['core_template']->assign_vars_array('usernotes', array('REPORT_BY' => $row['username'], 'REPORT_AT' => $_CLASS['core_user']->format_date($row['time']), 'ACTION' => $row['action'], 'IP' => $row['ip'], 'ID' => $row['id'])); } } $pagination = generate_pagination($url . "&u={$user_id}&st={$st}&sk={$sk}&sd={$sd}", $log_count, $config['posts_per_page'], $start); $_CLASS['core_template']->assign_array(array('U_POST_ACTION' => generate_link($url . '&u=' . $user_id), 'S_CLEAR_ALLOWED' => $_CLASS['forums_auth']->acl_get('a_clearlogs'), 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'L_TITLE' => $_CLASS['core_user']->get_lang('MCP_NOTES_USER'), 'PAGE_NUMBER' => on_page($log_count, $config['posts_per_page'], $start), 'PAGINATION' => $pagination['formated'], 'PAGINATION_ARRAY' => $pagination['array'], 'TOTAL_REPORTS' => $log_count == 1 ? $_CLASS['core_user']->get_lang('LIST_REPORT') : sprintf($_CLASS['core_user']->get_lang('LIST_REPORTS'), $log_count), 'USERNAME' => $userrow['username'], 'USER_COLOR' => !empty($userrow['user_colour']) ? $userrow['user_colour'] : '', 'RANK_TITLE' => $rank_title, 'JOINED' => $_CLASS['core_user']->format_date($userrow['user_reg_date']), 'POSTS' => $userrow['user_posts'] ? $userrow['user_posts'] : 0, 'WARNINGS' => @$userrow['user_warnings'] ? $userrow['user_warnings'] : 0, 'AVATAR_IMG' => $avatar_img, 'RANK_IMG' => $rank_img)); }
} } // Forum rules and subscription info $s_watching_forum = array('link' => '', 'link_toggle' => '', 'title' => '', 'title_toggle' => '', 'is_watching' => false); if ($config['allow_forum_notify'] && $forum_data['forum_type'] == FORUM_POST && ($auth->acl_get('f_subscribe', $forum_id) || $user->data['user_id'] == ANONYMOUS)) { $notify_status = isset($forum_data['notify_status']) ? $forum_data['notify_status'] : NULL; watch_topic_forum('forum', $s_watching_forum, $user->data['user_id'], $forum_id, 0, $notify_status, $start, $forum_data['forum_name']); } $s_forum_rules = ''; gen_forum_auth_level('forum', $forum_id, $forum_data['forum_status']); // Topic ordering options $limit_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); $sort_by_sql = array('a' => 't.topic_first_poster_name', 't' => array('t.topic_last_post_time', 't.topic_last_post_id'), 'r' => $auth->acl_get('m_approve', $forum_id) ? 't.topic_posts_approved + t.topic_posts_unapproved + t.topic_posts_softdeleted' : 't.topic_posts_approved', 's' => 'LOWER(t.topic_title)', 'v' => 't.topic_views'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param, $default_sort_days, $default_sort_key, $default_sort_dir); // Limit topics to certain time frame, obtain correct topic count if ($sort_days) { $min_post_time = time() - $sort_days * 86400; $sql = 'SELECT COUNT(topic_id) AS num_topics FROM ' . TOPICS_TABLE . "\n\t\tWHERE forum_id = {$forum_id}\n\t\t\tAND (topic_last_post_time >= {$min_post_time}\n\t\t\t\tOR topic_type = " . POST_ANNOUNCE . ' OR topic_type = ' . POST_GLOBAL . ') AND ' . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id); $result = $db->sql_query($sql); $topics_count = (int) $db->sql_fetchfield('num_topics'); $db->sql_freeresult($result); if (isset($_POST['sort'])) { $start = 0; } $sql_limit_time = "AND t.topic_last_post_time >= {$min_post_time}"; // Make sure we have information about day selection ready
function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; $user->add_lang(array('posting', 'ucp', 'acp/users')); $this->tpl_name = 'acp_users'; $this->page_title = 'ACP_USER_' . strtoupper($mode); include $phpbb_root_path . 'includes/functions_user.' . $phpEx; include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx; $error = array(); $username = request_var('username', '', true); $user_id = request_var('u', 0); $action = request_var('action', ''); $submit = isset($_POST['update']) ? true : false; // Whois (special case) if ($action == 'whois') { $this->page_title = 'WHOIS'; $this->tpl_name = 'simple_body'; $user_ip = request_var('user_ip', ''); $domain = gethostbyaddr($user_ip); $ipwhois = ''; if ($ipwhois = user_ipwhois($user_ip)) { $ipwhois = preg_replace('#(\\s)([\\w\\-\\._\\+]+@[\\w\\-\\.]+)(\\s)#', '\\1<a href="mailto:\\2">\\2</a>\\3', $ipwhois); $ipwhois = preg_replace('#(\\s)(http:/{2}[^\\s]*)(\\s)#', '\\1<a href="\\2" target="_blank">\\2</a>\\3', $ipwhois); } $template->assign_vars(array('MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), 'MESSAGE_TEXT' => nl2br($ipwhois))); return; } // Show user selection mask if (!$username && !$user_id) { $this->page_title = 'SELECT_USER'; $template->assign_vars(array('U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=select_user&field=username'))); return; } if (!$user_id) { $sql = 'SELECT user_id FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username = '******'"; $result = $db->sql_query($sql); $user_id = (int) $db->sql_fetchfield('user_id'); $db->sql_freeresult($result); if (!$user_id) { trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action)); } } // Generate content for all modes $sql = 'SELECT u.*, s.* FROM ' . USERS_TABLE . ' u LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action)); } // Generate overall "header" for user admin $s_form_options = ''; // Include info file... include_once $phpbb_root_path . 'includes/acp/info/acp_users.' . $phpEx; $forms_ary = acp_users_info::module(); foreach ($forms_ary['modes'] as $value => $ary) { if (!$this->is_authed($ary['auth'])) { continue; } $selected = $mode == $value ? ' selected="selected"' : ''; $s_form_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($value)] . '</option>'; } $template->assign_vars(array('U_BACK' => $this->u_action, 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i={$id}&u={$user_id}"), 'U_ACTION' => $this->u_action . '&u=' . $user_id, 'S_FORM_OPTIONS' => $s_form_options)); // Prevent normal users/admins change/view founders if they are not a founder by themselves if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action)); } switch ($mode) { case 'overview': $delete = request_var('delete', 0); $delete_type = request_var('delete_type', ''); $ip = request_var('ip', 'ip'); if ($submit) { // You can't delete the founder if ($delete && $user_row['user_type'] != USER_FOUNDER) { if (!$auth->acl_get('a_userdel')) { trigger_error($user->lang['NO_ADMIN'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Check if the user wants to remove himself or the guest user account if ($user_id == ANONYMOUS) { trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id)); } if ($user_id == $user->data['user_id']) { trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id)); } if (confirm_box(true)) { user_delete($delete_type, $user_id); add_log('admin', 'LOG_USER_DELETED', $user_row['username']); trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true, 'delete' => 1, 'delete_type' => $delete_type))); } } // Handle quicktool actions switch ($action) { case 'banuser': case 'banemail': case 'banip': $ban = array(); switch ($action) { case 'banuser': $ban[] = $user_row['username']; $reason = 'USER_ADMIN_BAN_NAME_REASON'; $log = 'LOG_USER_BAN_USER'; break; case 'banemail': $ban[] = $user_row['user_email']; $reason = 'USER_ADMIN_BAN_EMAIL_REASON'; $log = 'LOG_USER_BAN_EMAIL'; break; case 'banip': $ban[] = $user_row['user_ip']; $sql = 'SELECT DISTINCT poster_ip FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\tWHERE poster_id = {$user_id}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $ban[] = $row['poster_ip']; } $db->sql_freeresult($result); $reason = 'USER_ADMIN_BAN_IP_REASON'; $log = 'LOG_USER_BAN_IP'; break; } user_ban(substr($action, 3), $ban, 0, 0, 0, $user->lang[$reason]); add_log('admin', $log, $user->lang[$reason]); add_log('user', $user_id, $log, $user->lang[$reason]); trigger_error($user->lang['BAN_SUCCESSFUL'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'reactivate': if ($config['email_enable']) { include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $server_url = generate_board_url(); $user_actkey = gen_rand_string(10); $key_len = 54 - strlen($server_url); $key_len = $key_len > 6 ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); if ($user_row['user_type'] != USER_INACTIVE) { user_active_flip($user_id, $user_row['user_type'], $user_actkey, $user_row['username']); } $messenger = new messenger(false); $messenger->template('user_resend_inactive', $user_row['user_lang']); $messenger->replyto($config['board_contact']); $messenger->to($user_row['user_email'], $user_row['username']); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array('SITENAME' => $config['sitename'], 'WELCOME_MSG' => sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), 'USERNAME' => html_entity_decode($user_row['username']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_actkey}")); $messenger->send(NOTIFY_EMAIL); add_log('admin', 'LOG_USER_REACTIVATE', $user_row['username']); add_log('user', $user_id, 'LOG_USER_REACTIVATE_USER'); trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id)); } break; case 'active': user_active_flip($user_id, $user_row['user_type'], false, $user_row['username']); $message = $user_row['user_type'] == USER_INACTIVE ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED'; $log = $user_row['user_type'] == USER_INACTIVE ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE'; add_log('user', $user_id, $log . '_USER'); if ($user_row['user_type'] == USER_INACTIVE) { set_config('num_users', $config['num_users'] + 1, true); } else { set_config('num_users', $config['num_users'] - 1, true); } // Update latest username update_last_username(); trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delsig': $sql_ary = array('user_sig' => '', 'user_sig_bbcode_uid' => '', 'user_sig_bbcode_bitfield' => 0); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); add_log('admin', 'LOG_USER_DEL_SIG', $user_row['username']); add_log('user', $user_id, 'LOG_USER_DEL_SIG_USER'); trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delavatar': $sql_ary = array('user_avatar' => '', 'user_avatar_type' => 0, 'user_avatar_width' => 0, 'user_avatar_height' => 0); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); // Delete old avatar if present if ($user_row['user_avatar'] && $user_row['user_avatar_type'] != AVATAR_GALLERY) { avatar_delete($user_row['user_avatar']); } add_log('admin', 'LOG_USER_DEL_AVATAR', $user_row['username']); add_log('user', $user_id, 'LOG_USER_DEL_AVATAR_USER'); trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delposts': if (confirm_box(true)) { $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE poster_id = {$user_id}\n\t\t\t\t\t\t\t\t\tGROUP BY topic_id"; $result = $db->sql_query($sql); $topic_id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $topic_id_ary[$row['topic_id']] = $row['total_posts']; } $db->sql_freeresult($result); if (sizeof($topic_id_ary)) { $sql = 'SELECT topic_id, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')'; $result = $db->sql_query($sql); $del_topic_ary = array(); while ($row = $db->sql_fetchrow($result)) { if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']]) { $del_topic_ary[] = $row['topic_id']; } } $db->sql_freeresult($result); if (sizeof($del_topic_ary)) { $sql = 'DELETE FROM ' . TOPICS_TABLE . ' WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')'; $db->sql_query($sql); } } // Delete posts, attachments, etc. delete_posts('poster_id', $user_id); add_log('admin', 'LOG_USER_DEL_POSTS', $user_row['username']); trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true))); } break; case 'delattach': if (confirm_box(true)) { delete_attachments('user', $user_id); add_log('admin', 'LOG_USER_DEL_ATTACH', $user_row['username']); trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true))); } break; case 'moveposts': $new_forum_id = request_var('new_f', 0); if (!$new_forum_id) { $this->page_title = 'USER_ADMIN_MOVE_POSTS'; $template->assign_vars(array('S_SELECT_FORUM' => true, 'U_ACTION' => $this->u_action . "&action={$action}&u={$user_id}", 'U_BACK' => $this->u_action . "&u={$user_id}", 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true))); return; } // Two stage? // Move topics comprising only posts from this user $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array(); $forum_id_ary = array($new_forum_id); $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE poster_id = {$user_id}\n\t\t\t\t\t\t\t\t\tAND forum_id <> {$new_forum_id}\n\t\t\t\t\t\t\t\tGROUP BY topic_id"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $topic_id_ary[$row['topic_id']] = $row['total_posts']; } $db->sql_freeresult($result); if (sizeof($topic_id_ary)) { $sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']]) { $move_topic_ary[] = $row['topic_id']; } else { $move_post_ary[$row['topic_id']]['title'] = $row['topic_title']; $move_post_ary[$row['topic_id']]['attach'] = $row['attach'] ? 1 : 0; } $forum_id_ary[] = $row['forum_id']; } $db->sql_freeresult($result); } // Entire topic comprises posts by this user, move these topics if (sizeof($move_topic_ary)) { move_topics($move_topic_ary, $new_forum_id, false); } if (sizeof($move_post_ary)) { // Create new topic // Update post_ids, report_ids, attachment_ids foreach ($move_post_ary as $topic_id => $post_ary) { // Create new topic $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array('topic_poster' => $user_id, 'topic_time' => time(), 'forum_id' => $new_forum_id, 'icon_id' => 0, 'topic_approved' => 1, 'topic_title' => $post_ary['title'], 'topic_first_poster_name' => $user_row['username'], 'topic_type' => POST_NORMAL, 'topic_time_limit' => 0, 'topic_attachment' => $post_ary['attach'])); $db->sql_query($sql); $new_topic_id = $db->sql_nextid(); // Move posts $sql = 'UPDATE ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\tSET forum_id = {$new_forum_id}, topic_id = {$new_topic_id}\n\t\t\t\t\t\t\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\t\t\t\t\t\t\t\tAND poster_id = {$user_id}"; $db->sql_query($sql); if ($post_ary['attach']) { $sql = 'UPDATE ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\t\tSET topic_id = {$new_topic_id}\n\t\t\t\t\t\t\t\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\t\t\t\t\t\t\t\t\tAND poster_id = {$user_id}"; $db->sql_query($sql); } $new_topic_id_ary[] = $new_topic_id; } } $forum_id_ary = array_unique($forum_id_ary); $topic_id_ary = array_unique(array_merge($topic_id_ary, $new_topic_id_ary)); if (sizeof($topic_id_ary)) { sync('reported', 'topic_id', $topic_id_ary); sync('topic', 'topic_id', $topic_id_ary); } if (sizeof($forum_id_ary)) { sync('forum', 'forum_id', $forum_id_ary); } $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE forum_id = {$new_forum_id}"; $result = $db->sql_query($sql, 3600); $forum_info = $db->sql_fetchrow($result); $db->sql_freeresult($result); add_log('admin', 'LOG_USER_MOVE_POSTS', $user_row['username'], $forum_info['forum_name']); add_log('user', $user_id, 'LOG_USER_MOVE_POSTS_USER', $forum_info['forum_name']); trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; } $data = array(); // Handle registration info updates $var_ary = array('user' => (string) $user_row['username'], 'user_founder' => (int) ($user_row['user_type'] == USER_FOUNDER ? 1 : 0), 'user_email' => (string) $user_row['user_email'], 'email_confirm' => (string) '', 'user_password' => (string) '', 'password_confirm' => (string) '', 'warnings' => (int) $user_row['user_warnings']); // Get the data from the form. Use data from the database if no info is provided foreach ($var_ary as $var => $default) { $data[$var] = request_var($var, $default); } // We use user within the form to circumvent auto filling $data['username'] = $data['user']; unset($data['user']); // Validation data $var_ary = array('password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 'user_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 'warnings' => array('num')); // Check username if altered if ($data['username'] != $user_row['username']) { $var_ary += array('username' => array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', $user_row['username']))); } // Check email if altered if ($data['user_email'] != $user_row['user_email']) { $var_ary += array('user_email' => array(array('string', false, 6, 60), array('email', $user_row['user_email'])), 'email_confirm' => array('string', true, 6, 60)); } $error = validate_data($data, $var_ary); if ($data['user_password'] && $data['password_confirm'] != $data['user_password']) { $error[] = 'NEW_PASSWORD_ERROR'; } if ($data['user_email'] != $user_row['user_email'] && $data['email_confirm'] != $data['user_email']) { $error[] = 'NEW_EMAIL_ERROR'; } // Which updates do we need to do? $update_warning = $user_row['user_warnings'] != $data['warnings'] ? true : false; $update_username = $user_row['username'] != $data['username'] ? $data['username'] : false; $update_password = $data['user_password'] && $user_row['user_password'] != md5($data['user_password']) ? true : false; $update_email = $data['user_email'] != $user_row['user_email'] ? $data['user_email'] : false; if (!sizeof($error)) { $sql_ary = array(); if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER) { if ($update_warning) { $sql_ary['user_warnings'] = $data['warnings']; } if ($user_row['user_type'] == USER_FOUNDER && !$data['user_founder'] || $user_row['user_type'] != USER_FOUNDER && $data['user_founder']) { $sql_ary['user_type'] = $data['user_founder'] ? USER_FOUNDER : USER_NORMAL; } } if ($update_username !== false) { $sql_ary['username'] = $update_username; add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username); } if ($update_email !== false) { $sql_ary += array('user_email' => $update_email, 'user_email_hash' => crc32(strtolower($update_email)) . strlen($update_email)); add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email); } if ($update_password) { $sql_ary += array('user_password' => md5($data['user_password']), 'user_passchg' => time()); $user->reset_login_keys($user_id); add_log('user', $user_id, 'LOG_USER_NEW_PASSWORD', $user_row['username']); } if (sizeof($sql_ary)) { $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $db->sql_query($sql); } /** * @todo adjust every data based in the number of user warnings */ if ($update_warning) { } if ($update_username) { user_update_name($user_row['username'], $update_username); } add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']); trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\\w]+' => 'USERNAME_ALPHA_ONLY', '[\\w_\\+\\. \\-\\[\\]]+' => 'USERNAME_ALPHA_SPACERS'); $quick_tool_ary = array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP', 'active' => $user_row['user_type'] == USER_INACTIVE ? 'ACTIVATE' : 'DEACTIVATE', 'delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH'); if ($config['email_enable']) { $quick_tool_ary['reactivate'] = 'FORCE'; } $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>'; foreach ($quick_tool_ary as $value => $lang) { $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>'; } $template->assign_vars(array('L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$user_char_ary[$config['allow_name_chars']] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang['CHANGE_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false, 'S_OVERVIEW' => true, 'S_USER_IP' => $user_row['user_ip'] ? true : false, 'S_USER_FOUNDER' => $user_row['user_type'] == USER_FOUNDER ? true : false, 'S_ACTION_OPTIONS' => $s_action_options, 'U_SHOW_IP' => $this->u_action . "&u={$user_id}&ip=" . ($ip == 'ip' ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 'U_SWITCH_PERMISSIONS' => $auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", "mode=switch_perm&u={$user_row['user_id']}") : '', 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 'REGISTERED_IP' => $ip == 'hostname' ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], 'USER_LASTACTIVE' => $user_row['user_lastvisit'] ? $user->format_date($user_row['user_lastvisit']) : ' - ', 'USER_EMAIL' => $user_row['user_email'], 'USER_WARNINGS' => $user_row['user_warnings'])); break; case 'feedback': $user->add_lang('mcp'); // Set up general vars $start = request_var('start', 0); $deletemark = isset($_POST['delmarked']) ? true : false; $deleteall = isset($_POST['delall']) ? true : false; $marked = request_var('mark', array(0)); $message = request_var('message', '', true); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { $where_sql = ''; if ($deletemark && $marked) { $sql_in = array(); foreach ($marked as $mark) { $sql_in[] = $mark; } $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')'; unset($sql_in); } if ($where_sql || $deleteall) { $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE log_type = ' . LOG_USERS . "\n\t\t\t\t\t\t\t{$where_sql}"; $db->sql_query($sql); add_log('admin', 'LOG_CLEAR_USER', $user_row['username']); } } if ($submit && $message) { add_log('admin', 'LOG_USER_FEEDBACK', $user_row['username']); add_log('user', $user_id, 'LOG_USER_GENERAL', $message); trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); // Grab log data $log_data = array(); $log_count = 0; view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); $template->assign_vars(array('S_FEEDBACK' => true, 'S_ON_PAGE' => on_page($log_count, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&u={$user_id}&{$u_sort_param}", $log_count, $config['topics_per_page'], $start, true), 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))); foreach ($log_data as $row) { $template->assign_block_vars('log', array('USERNAME' => $row['username'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => nl2br($row['action']), 'ID' => $row['id'])); } break; case 'profile': $cp = new custom_profile(); $cp_data = $cp_error = array(); $data = array(); $sql = 'SELECT lang_id FROM ' . LANG_TABLE . "\n\t\t\t\t\tWHERE lang_iso = '" . $db->sql_escape($user_row['user_lang']) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $user_row['iso_lang_id'] = $row['lang_id']; if ($submit) { $var_ary = array('icq' => (string) '', 'aim' => (string) '', 'msn' => (string) '', 'yim' => (string) '', 'jabber' => (string) '', 'website' => (string) '', 'location' => (string) '', 'occupation' => (string) '', 'interests' => (string) '', 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0); foreach ($var_ary as $var => $default) { $data[$var] = in_array($var, array('location', 'occupation', 'interests')) ? request_var($var, $default, true) : ($data[$var] = request_var($var, $default)); } $var_ary = array('icq' => array(array('string', true, 3, 15), array('match', true, '#^[0-9]+$#i')), 'aim' => array('string', true, 3, 17), 'msn' => array('string', true, 5, 255), 'jabber' => array(array('string', true, 5, 255), array('match', true, '#^[a-z0-9\\.\\-_\\+]+?@(.*?\\.)*?[a-z0-9\\-_]+?\\.[a-z]{2,4}(/.*)?$#i')), 'yim' => array('string', true, 5, 255), 'website' => array(array('string', true, 12, 255), array('match', true, '#^http[s]?://(.*?\\.)*?[a-z0-9\\-]+\\.[a-z]{2,4}#i')), 'location' => array('string', true, 2, 255), 'occupation' => array('string', true, 2, 500), 'interests' => array('string', true, 2, 500), 'bday_day' => array('num', true, 1, 31), 'bday_month' => array('num', true, 1, 12), 'bday_year' => array('num', true, 1901, gmdate('Y', time()))); $error = validate_data($data, $var_ary); // validate custom profile fields $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error); if (sizeof($cp_error)) { $error = array_merge($error, $cp_error); } if (!sizeof($error)) { $sql_ary = array('user_icq' => $data['icq'], 'user_aim' => $data['aim'], 'user_msnm' => $data['msn'], 'user_yim' => $data['yim'], 'user_jabber' => $data['jabber'], 'user_website' => $data['website'], 'user_from' => $data['location'], 'user_occ' => $data['occupation'], 'user_interests' => $data['interests'], 'user_birthday' => sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year'])); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); // Update Custom Fields if (sizeof($cp_data)) { $sql = 'UPDATE ' . PROFILE_FIELDS_DATA_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $cp_data) . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); if (!$db->sql_affectedrows()) { $cp_data['user_id'] = (int) $user_id; $db->return_on_error = true; $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $cp_data); $db->sql_query($sql); $db->return_on_error = false; } } trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } if (!isset($data['bday_day'])) { if ($user_row['user_birthday']) { list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']); } else { $data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0; } } $s_birthday_day_options = '<option value="0"' . (!$data['bday_day'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 32; $i++) { $selected = $i == $data['bday_day'] ? ' selected="selected"' : ''; $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_month_options = '<option value="0"' . (!$data['bday_month'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 13; $i++) { $selected = $i == $data['bday_month'] ? ' selected="selected"' : ''; $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_year_options = ''; $now = getdate(); $s_birthday_year_options = '<option value="0"' . (!$data['bday_year'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = $now['year'] - 100; $i < $now['year']; $i++) { $selected = $i == $data['bday_year'] ? ' selected="selected"' : ''; $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } unset($now); $template->assign_vars(array('ICQ' => isset($data['icq']) ? $data['icq'] : $user_row['user_icq'], 'YIM' => isset($data['yim']) ? $data['yim'] : $user_row['user_yim'], 'AIM' => isset($data['aim']) ? $data['aim'] : $user_row['user_aim'], 'MSN' => isset($data['msn']) ? $data['msn'] : $user_row['user_msnm'], 'JABBER' => isset($data['jabber']) ? $data['jabber'] : $user_row['user_jabber'], 'WEBSITE' => isset($data['website']) ? $data['website'] : $user_row['user_website'], 'LOCATION' => isset($data['location']) ? $data['location'] : $user_row['user_from'], 'OCCUPATION' => isset($data['occupation']) ? $data['occupation'] : $user_row['user_occ'], 'INTERESTS' => isset($data['interests']) ? $data['interests'] : $user_row['user_interests'], 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 'S_PROFILE' => true)); // Get additional profile fields and assign them to the template block var 'profile_fields' $user->get_profile_fields($user_id); $cp->generate_profile_fields('profile', $user_row['iso_lang_id']); break; case 'prefs': $data = array(); if ($submit) { $var_ary = array('dateformat' => (string) $config['default_dateformat'], 'lang' => (string) $config['default_lang'], 'tz' => (double) $config['board_timezone'], 'style' => (int) $config['default_style'], 'dst' => (bool) $config['board_dst'], 'viewemail' => false, 'massemail' => true, 'hideonline' => false, 'notifymethod' => 0, 'notifypm' => true, 'popuppm' => false, 'allowpm' => true, 'topic_sk' => (string) 't', 'topic_sd' => (string) 'd', 'topic_st' => 0, 'post_sk' => (string) 't', 'post_sd' => (string) 'a', 'post_st' => 0, 'view_images' => true, 'view_flash' => false, 'view_smilies' => true, 'view_sigs' => true, 'view_avatars' => true, 'view_wordcensor' => false, 'bbcode' => true, 'smilies' => true, 'sig' => true, 'notify' => false); foreach ($var_ary as $var => $default) { $data[$var] = request_var($var, $default); } $var_ary = array('dateformat' => array('string', false, 3, 30), 'lang' => array('match', false, '#^[a-z_]{2,}$#i'), 'tz' => array('num', false, -14, 14), 'topic_sk' => array('string', false, 1, 1), 'topic_sd' => array('string', false, 1, 1), 'post_sk' => array('string', false, 1, 1), 'post_sd' => array('string', false, 1, 1)); $error = validate_data($data, $var_ary); if (!sizeof($error)) { $this->optionset($user_row, 'popuppm', $data['popuppm']); $this->optionset($user_row, 'viewimg', $data['view_images']); $this->optionset($user_row, 'viewflash', $data['view_flash']); $this->optionset($user_row, 'viewsmilies', $data['view_smilies']); $this->optionset($user_row, 'viewsigs', $data['view_sigs']); $this->optionset($user_row, 'viewavatars', $data['view_avatars']); $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']); $this->optionset($user_row, 'bbcode', $data['bbcode']); $this->optionset($user_row, 'smilies', $data['smilies']); $this->optionset($user_row, 'attachsig', $data['sig']); $sql_ary = array('user_options' => $user_row['user_options'], 'user_allow_pm' => $data['allowpm'], 'user_allow_viewemail' => $data['viewemail'], 'user_allow_massemail' => $data['massemail'], 'user_allow_viewonline' => !$data['hideonline'], 'user_notify_type' => $data['notifymethod'], 'user_notify_pm' => $data['notifypm'], 'user_dst' => $data['dst'], 'user_dateformat' => $data['dateformat'], 'user_lang' => $data['lang'], 'user_timezone' => $data['tz'], 'user_style' => $data['style'], 'user_topic_sortby_type' => $data['topic_sk'], 'user_post_sortby_type' => $data['post_sk'], 'user_topic_sortby_dir' => $data['topic_sd'], 'user_post_sortby_dir' => $data['post_sd'], 'user_topic_show_days' => $data['topic_st'], 'user_post_show_days' => $data['post_st'], 'user_notify' => $data['notify']); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } $notify_method = isset($data['notifymethod']) ? $data['notifymethod'] : $user_row['user_notify_type']; $dateformat = isset($data['dateformat']) ? $data['dateformat'] : $user_row['user_dateformat']; $lang = isset($data['lang']) ? $data['lang'] : $user_row['user_lang']; $style = isset($data['style']) ? $data['style'] : $user_row['user_style']; $tz = isset($data['tz']) ? $data['tz'] : $user_row['user_timezone']; $dateformat_options = ''; foreach ($user->lang['dateformats'] as $format => $null) { $dateformat_options .= '<option value="' . $format . '"' . ($format == $dateformat ? ' selected="selected"' : '') . '>'; $dateformat_options .= $user->format_date(time(), $format, true) . (strpos($format, '|') !== false ? ' [' . $user->lang['RELATIVE_DAYS'] . ']' : ''); $dateformat_options .= '</option>'; } $s_custom = false; $dateformat_options .= '<option value="custom"'; if (!in_array($dateformat, array_keys($user->lang['dateformats']))) { $dateformat_options .= ' selected="selected"'; $s_custom = true; } $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>'; $topic_sk = isset($data['topic_sk']) ? $data['topic_sk'] : ($user_row['user_topic_sortby_type'] ? $user_row['user_topic_sortby_type'] : 't'); $post_sk = isset($data['post_sk']) ? $data['post_sk'] : ($user_row['user_post_sortby_type'] ? $user_row['user_post_sortby_type'] : 't'); $topic_sd = isset($data['topic_sd']) ? $data['topic_sd'] : ($user_row['user_topic_sortby_dir'] ? $user_row['user_topic_sortby_dir'] : 'd'); $post_sd = isset($data['post_sd']) ? $data['post_sd'] : ($user_row['user_post_sortby_dir'] ? $user_row['user_post_sortby_dir'] : 'd'); $topic_st = isset($data['topic_st']) ? $data['topic_st'] : ($user_row['user_topic_show_days'] ? $user_row['user_topic_show_days'] : 0); $post_st = isset($data['post_st']) ? $data['post_st'] : ($user_row['user_post_show_days'] ? $user_row['user_post_show_days'] : 0); $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); // Topic ordering options $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); // Post ordering options $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $_options = array('topic', 'post'); foreach ($_options as $sort_option) { ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">'; foreach (${'limit_' . $sort_option . '_days'} as $day => $text) { $selected = ${$sort_option . '_st'} == $day ? ' selected="selected"' : ''; ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; } ${'s_limit_' . $sort_option . '_days'} .= '</select>'; ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">'; foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) { $selected = ${$sort_option . '_sk'} == $key ? ' selected="selected"' : ''; ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; } ${'s_sort_' . $sort_option . '_key'} .= '</select>'; ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">'; foreach ($sort_dir_text as $key => $value) { $selected = ${$sort_option . '_sd'} == $key ? ' selected="selected"' : ''; ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; } $template->assign_vars(array('S_PREFS' => true, 'S_JABBER_DISABLED' => $config['jab_enable'] && $user->data['user_jabber'] && @extension_loaded('xml') ? false : true, 'VIEW_EMAIL' => isset($data['viewemail']) ? $data['viewemail'] : $user_row['user_allow_viewemail'], 'MASS_EMAIL' => isset($data['massemail']) ? $data['massemail'] : $user_row['user_allow_massemail'], 'ALLOW_PM' => isset($data['allowpm']) ? $data['allowpm'] : $user_row['user_allow_pm'], 'HIDE_ONLINE' => isset($data['hideonline']) ? $data['hideonline'] : !$user_row['user_allow_viewonline'], 'NOTIFY_EMAIL' => $notify_method == NOTIFY_EMAIL ? true : false, 'NOTIFY_IM' => $notify_method == NOTIFY_IM ? true : false, 'NOTIFY_BOTH' => $notify_method == NOTIFY_BOTH ? true : false, 'NOTIFY_PM' => isset($data['notifypm']) ? $data['notifypm'] : $user_row['user_notify_pm'], 'POPUP_PM' => isset($data['popuppm']) ? $data['popuppm'] : $this->optionget($user_row, 'popuppm'), 'DST' => isset($data['dst']) ? $data['dst'] : $user_row['user_dst'], 'BBCODE' => isset($data['bbcode']) ? $data['bbcode'] : $this->optionget($user_row, 'bbcode'), 'SMILIES' => isset($data['smilies']) ? $data['smilies'] : $this->optionget($user_row, 'smilies'), 'ATTACH_SIG' => isset($data['sig']) ? $data['sig'] : $this->optionget($user_row, 'attachsig'), 'NOTIFY' => isset($data['notify']) ? $data['notify'] : $user_row['user_notify'], 'VIEW_IMAGES' => isset($data['view_images']) ? $data['view_images'] : $this->optionget($user_row, 'viewimg'), 'VIEW_FLASH' => isset($data['view_flash']) ? $data['view_flash'] : $this->optionget($user_row, 'viewflash'), 'VIEW_SMILIES' => isset($data['view_smilies']) ? $data['view_smilies'] : $this->optionget($user_row, 'viewsmilies'), 'VIEW_SIGS' => isset($data['view_sigs']) ? $data['view_sigs'] : $this->optionget($user_row, 'viewsigs'), 'VIEW_AVATARS' => isset($data['view_avatars']) ? $data['view_avatars'] : $this->optionget($user_row, 'viewavatars'), 'VIEW_WORDCENSOR' => isset($data['view_wordcensor']) ? $data['view_wordcensor'] : $this->optionget($user_row, 'viewcensors'), 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days, 'S_TOPIC_SORT_KEY' => $s_sort_topic_key, 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir, 'S_POST_SORT_DAYS' => $s_limit_post_days, 'S_POST_SORT_KEY' => $s_sort_post_key, 'S_POST_SORT_DIR' => $s_sort_post_dir, 'DATE_FORMAT' => $dateformat, 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 'S_CUSTOM_DATEFORMAT' => $s_custom, 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), 'S_LANG_OPTIONS' => language_select($lang), 'S_STYLE_OPTIONS' => style_select($style), 'S_TZ_OPTIONS' => tz_select($tz))); break; case 'avatar': $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); $can_upload = file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $file_uploads ? true : false; $data = array(); if ($submit) { $delete = request_var('delete', ''); $var_ary = array('uploadurl' => (string) '', 'remotelink' => (string) '', 'width' => (string) '', 'height' => (string) ''); foreach ($var_ary as $var => $default) { $data[$var] = request_var($var, $default); } $var_ary = array('uploadurl' => array('string', true, 5, 255), 'remotelink' => array('string', true, 5, 255), 'width' => array('string', true, 1, 3), 'height' => array('string', true, 1, 3)); $error = validate_data($data, $var_ary); if (!sizeof($error)) { $data['user_id'] = $user_id; if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload && $config['allow_avatar_upload']) { list($type, $filename, $width, $height) = avatar_upload($data, $error); } else { if ($data['remotelink'] && $config['allow_avatar_remote']) { list($type, $filename, $width, $height) = avatar_remote($data, $error); } else { if ($avatar_select && $config['allow_avatar_local']) { $type = AVATAR_GALLERY; $filename = $avatar_select; // check avatar gallery if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category)) { $type = $width = $height = 0; $filename = ''; } else { list($width, $height) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $filename); $filename = $category . '/' . $filename; } } else { if ($delete) { $filename = ''; $type = $width = $height = 0; } else { $data = array(); } } } } } if (!sizeof($error)) { // Do we actually have any data to update? if (sizeof($data)) { $sql_ary = array('user_avatar' => $filename, 'user_avatar_type' => $type, 'user_avatar_width' => $width, 'user_avatar_height' => $height); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $db->sql_query($sql); // Delete old avatar if present if ($user_row['user_avatar'] && $filename != $user_row['user_avatar'] && $user_row['user_avatar_type'] != AVATAR_GALLERY) { avatar_delete($user_row['user_avatar']); } } trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } // Generate users avatar if ($user_row['user_avatar']) { $avatar_img = ''; switch ($user_row['user_avatar_type']) { case AVATAR_UPLOAD: $avatar_img = $phpbb_root_path . $config['avatar_path'] . '/'; break; case AVATAR_GALLERY: $avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/'; break; } $avatar_img .= $user_row['user_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $user_row['user_avatar_width'] . '" height="' . $user_row['user_avatar_height'] . '" alt="" />'; } else { $avatar_img = '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />'; } $display_gallery = isset($_POST['display_gallery']) ? true : false; if ($config['allow_avatar_local'] && $display_gallery) { avatar_gallery($category, $avatar_select, 4); } $template->assign_vars(array('S_AVATAR' => true, 'S_CAN_UPLOAD' => $can_upload && $config['allow_avatar_upload'] ? true : false, 'S_ALLOW_REMOTE' => $config['allow_avatar_remote'] ? true : false, 'S_DISPLAY_GALLERY' => $config['allow_avatar_local'] && !$display_gallery ? true : false, 'S_IN_GALLERY' => $config['allow_avatar_local'] && $display_gallery ? true : false, 'AVATAR_IMAGE' => $avatar_img, 'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'], 'USER_AVATAR_WIDTH' => $user_row['user_avatar_width'], 'USER_AVATAR_HEIGHT' => $user_row['user_avatar_height'], 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)))); break; case 'rank': if ($submit) { $rank_id = request_var('user_rank', 0); $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\t\t\tSET user_rank = {$rank_id}\n\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } $sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $result = $db->sql_query($sql); $s_rank_options = '<option value="0"' . (!$user_row['user_rank'] ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>'; while ($row = $db->sql_fetchrow($result)) { $selected = $user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank'] ? ' selected="selected"' : ''; $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; } $db->sql_freeresult($result); $template->assign_vars(array('S_RANK' => true, 'S_RANK_OPTIONS' => $s_rank_options)); break; case 'sig': include_once $phpbb_root_path . 'includes/functions_posting.' . $phpEx; $enable_bbcode = $config['allow_sig_bbcode'] ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false; $enable_smilies = $config['allow_sig_smilies'] ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false; $enable_urls = request_var('enable_urls', true); $signature = request_var('signature', $user_row['user_sig'], true); $preview = isset($_POST['preview']) ? true : false; if ($submit || $preview) { include_once $phpbb_root_path . 'includes/message_parser.' . $phpEx; $message_parser = new parse_message($signature); // Allowing Quote BBCode $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig'); if (sizeof($message_parser->warn_msg)) { $error[] = implode('<br />', $message_parser->warn_msg); } if (!sizeof($error) && $submit) { $sql_ary = array('user_sig' => (string) $message_parser->message, 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => (int) $message_parser->bbcode_bitfield); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $db->sql_query($sql); trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } $signature_preview = ''; if ($preview) { // Now parse it for displaying $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); unset($message_parser); } decode_message($signature, $user_row['user_sig_bbcode_uid']); $template->assign_vars(array('S_SIGNATURE' => true, 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => !$enable_bbcode ? 'checked="checked"' : '', 'S_SMILIES_CHECKED' => !$enable_smilies ? 'checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => !$enable_urls ? 'checked="checked"' : '', 'BBCODE_STATUS' => $config['allow_sig_bbcode'] ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'), 'SMILIES_STATUS' => $config['allow_sig_smilies'] ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => $config['allow_sig_img'] ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $config['allow_sig_flash'] ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'])); break; case 'attach': $start = request_var('start', 0); $deletemark = isset($_POST['delmarked']) ? true : false; $marked = request_var('mark', array(0)); // Sort keys $sort_key = request_var('sk', 'a'); $sort_dir = request_var('sd', 'd'); if ($deletemark && sizeof($marked)) { if (confirm_box(true)) { $sql = 'SELECT real_filename FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id IN (' . implode(', ', $marked) . ')'; $result = $db->sql_query($sql); $log_attachments = array(); while ($row = $db->sql_fetchrow($result)) { $log_attachments[] = $row['real_filename']; } $db->sql_freeresult($result); delete_attachments('attach', $marked); $log = sizeof($log_attachments) == 1 ? 'ATTACHMENT_DELETED' : 'ATTACHMENTS_DELETED'; $message = sizeof($log_attachments) == 1 ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']; add_log('admin', $log, implode(', ', $log_attachments)); trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'deletemark' => true, 'mark' => $marked))); } } $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); $s_sort_key = ''; foreach ($sk_text as $key => $value) { $selected = $sort_key == $key ? ' selected="selected"' : ''; $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } $s_sort_dir = ''; foreach ($sd_text as $key => $value) { $selected = $sort_dir == $key ? ' selected="selected"' : ''; $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } $order_by = $sk_sql[$sort_key] . ' ' . ($sort_dir == 'a' ? 'ASC' : 'DESC'); $sql = 'SELECT COUNT(attach_id) as num_attachments FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\tWHERE poster_id = {$user_id}"; $result = $db->sql_query_limit($sql, 1); $num_attachments = (int) $db->sql_fetchfield('num_attachments'); $db->sql_freeresult($result); $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title FROM ' . ATTACHMENTS_TABLE . ' a LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1) WHERE a.poster_id = ' . $user_id . "\n\t\t\t\t\tORDER BY {$order_by}"; $result = $db->sql_query_limit($sql, $config['posts_per_page'], $start); while ($row = $db->sql_fetchrow($result)) { if ($row['in_message']) { $view_topic = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&p={$row['post_msg_id']}"); } else { $view_topic = append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "t={$row['topic_id']}&p={$row['post_msg_id']}#{$row['post_msg_id']}"); } $template->assign_block_vars('attach', array('REAL_FILENAME' => $row['real_filename'], 'COMMENT' => nl2br($row['comment']), 'EXTENSION' => $row['extension'], 'SIZE' => $row['filesize'] >= 1048576 ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : ($row['filesize'] >= 1024 ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']), 'DOWNLOAD_COUNT' => $row['download_count'], 'POST_TIME' => $user->format_date($row['filetime']), 'TOPIC_TITLE' => $row['in_message'] ? $row['message_title'] : $row['topic_title'], 'ATTACH_ID' => $row['attach_id'], 'POST_ID' => $row['post_msg_id'], 'TOPIC_ID' => $row['topic_id'], 'S_IN_MESSAGE' => $row['in_message'], 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download.{$phpEx}", 'id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic)); } $db->sql_freeresult($result); $template->assign_vars(array('S_ATTACHMENTS' => true, 'S_ON_PAGE' => on_page($num_attachments, $config['topics_per_page'], $start), 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'PAGINATION' => generate_pagination($this->u_action . "&sk={$sort_key}&sd={$sort_dir}", $num_attachments, $config['topics_per_page'], $start, true))); break; case 'groups': $user->add_lang(array('groups', 'acp/groups')); $group_id = request_var('g', 0); switch ($action) { case 'demote': case 'promote': case 'default': group_user_attributes($action, $group_id, $user_id); if ($action == 'default') { $user_row['group_id'] = $group_id; } break; case 'delete': if (confirm_box(true)) { if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id)); } if ($error = group_user_del($group_id, $user_id)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id)); } $error = array(); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'g' => $group_id))); } break; } // Add user to group? if ($submit) { if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Add user/s to group if ($error = group_user_add($group_id, $user_id)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id)); } $error = array(); } $sql = 'SELECT ug.*, g.* FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\tWHERE ug.user_id = {$user_id}\n\t\t\t\t\t\tAND g.group_id = ug.group_id\n\t\t\t\t\tORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name"; $result = $db->sql_query($sql); $i = 0; $group_data = $id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $type = $row['group_type'] == GROUP_SPECIAL ? 'special' : ($row['user_pending'] ? 'pending' : 'normal'); $group_data[$type][$i]['group_id'] = $row['group_id']; $group_data[$type][$i]['group_name'] = $row['group_name']; $group_data[$type][$i]['group_leader'] = $row['group_leader'] ? 1 : 0; $id_ary[] = $row['group_id']; $i++; } $db->sql_freeresult($result); // Select box for other groups $sql = 'SELECT group_id, group_name, group_type FROM ' . GROUPS_TABLE . ' ' . (sizeof($id_ary) ? 'WHERE group_id NOT IN (' . implode(', ', $id_ary) . ')' : '') . ' ORDER BY group_type DESC, group_name ASC'; $result = $db->sql_query($sql); $s_group_options = ''; while ($row = $db->sql_fetchrow($result)) { if ($config['coppa_hide_groups'] && in_array($row['group_name'], array('INACTIVE_COPPA', 'REGISTERED_COPPA'))) { continue; } $s_group_options .= '<option' . ($row['group_type'] == GROUP_SPECIAL ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . ($row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; } $db->sql_freeresult($result); $current_type = ''; foreach ($group_data as $group_type => $data_ary) { if ($current_type != $group_type) { $template->assign_block_vars('group', array('S_NEW_GROUP_TYPE' => true, 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)])); } foreach ($data_ary as $data) { $template->assign_block_vars('group', array('U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=groups&mode=manage&action=edit&u={$user_id}&g={$data['group_id']}&back_link=acp_users_groups"), 'U_DEFAULT' => $this->u_action . "&action=default&u={$user_id}&g=" . $data['group_id'], 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . ($data['group_leader'] ? 'demote' : 'promote') . "&u={$user_id}&g=" . $data['group_id'], 'U_DELETE' => $this->u_action . "&action=delete&u={$user_id}&g=" . $data['group_id'], 'GROUP_NAME' => $group_type == 'special' ? $user->lang['G_' . $data['group_name']] : $data['group_name'], 'L_DEMOTE_PROMOTE' => $data['group_leader'] ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'], 'S_NO_DEFAULT' => $user_row['group_id'] != $data['group_id'] ? true : false, 'S_SPECIAL_GROUP' => $group_type == 'special' ? true : false)); } } $template->assign_vars(array('S_GROUPS' => true, 'S_GROUP_OPTIONS' => $s_group_options)); break; case 'perm': include_once $phpbb_root_path . 'includes/acp/auth.' . $phpEx; $auth_admin = new auth_admin(); $user->add_lang('acp/permissions'); $user->add_lang('acp/permissions_phpbb'); // Select auth options $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE auth_option LIKE '%\\_'\n\t\t\t\t\t\tAND is_global = 1\n\t\t\t\t\tORDER BY auth_option"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NO); $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false); } $db->sql_freeresult($result); $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE auth_option LIKE '%\\_'\n\t\t\t\t\t\tAND is_local = 1\n\t\t\t\t\tORDER BY is_global DESC, auth_option"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'local', ACL_NO); $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false); } $db->sql_freeresult($result); $template->assign_vars(array('S_PERMISSIONS' => true, 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=permissions&mode=setting_user_global&user_id[]=' . $user_id), 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id))); break; } // Assign general variables $template->assign_vars(array('S_ERROR' => sizeof($error) ? true : false, 'ERROR_MSG' => sizeof($error) ? implode('<br />', $error) : '')); }
/** * Lists all users with warnings */ function mcp_warn_list_view($action) { global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; $user->add_lang('memberlist'); $start = request_var('start', 0); $st = request_var('st', 0); $sk = request_var('sk', 'b'); $sd = request_var('sd', 'd'); $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_WARNINGS']); $sort_by_sql = array('a' => 'username_clean', 'b' => 'user_last_warning', 'c' => 'user_warnings'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = ($st) ? (time() - ($st * 86400)) : 0; $sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC'); $users = array(); $user_count = 0; view_warned_users($users, $user_count, $config['topics_per_page'], $start, $sql_where, $sql_sort); foreach ($users as $row) { $template->assign_block_vars('user', array( 'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']), 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'USERNAME' => $row['username'], 'USERNAME_COLOUR' => ($row['user_colour']) ? '#' . $row['user_colour'] : '', 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), 'WARNING_TIME' => $user->format_date($row['user_last_warning']), 'WARNINGS' => $row['user_warnings'], )); } $template->assign_vars(array( 'U_POST_ACTION' => $this->u_action, 'S_CLEAR_ALLOWED' => ($auth->acl_get('a_clearlogs')) ? true : false, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'PAGE_NUMBER' => on_page($user_count, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination(append_sid("{$phpbb_root_path}mcp.$phpEx", "i=warn&mode=list&st=$st&sk=$sk&sd=$sd"), $user_count, $config['topics_per_page'], $start), 'TOTAL_USERS' => ($user_count == 1) ? $user->lang['LIST_USER'] : sprintf($user->lang['LIST_USERS'], $user_count), )); }
function main($id, $mode) { global $auth, $db, $user, $template; global $config, $phpbb_root_path, $phpEx; $user->add_lang('acp/common'); //-- mod start : Garage ---------------------------------------------------------------------------------------------------- //-- add $user->add_lang('acp/garage'); //-- mod finish : Garage --------------------------------------------------------------------------------------------------- $action = request_var('action', array('' => '')); if (is_array($action)) { list($action, ) = each($action); } else { $action = request_var('action', ''); } // Set up general vars $start = request_var('start', 0); $deletemark = $action == 'del_marked' ? true : false; $deleteall = $action == 'del_all' ? true : false; $marked = request_var('mark', array(0)); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); $this->tpl_name = 'mcp_logs'; $this->page_title = 'MCP_LOGS'; $forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_'))); $forum_list[] = 0; $forum_id = $topic_id = 0; switch ($mode) { case 'front': break; case 'forum_logs': $forum_id = request_var('f', 0); if (!in_array($forum_id, $forum_list)) { trigger_error('NOT_AUTHORISED'); } $forum_list = array($forum_id); break; case 'topic_logs': $topic_id = request_var('t', 0); $sql = 'SELECT forum_id FROM ' . TOPICS_TABLE . ' WHERE topic_id = ' . $topic_id; $result = $db->sql_query($sql); $forum_id = (int) $db->sql_fetchfield('forum_id'); $db->sql_freeresult($result); if (!in_array($forum_id, $forum_list)) { trigger_error('NOT_AUTHORISED'); } $forum_list = array($forum_id); break; } // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { if (confirm_box(true)) { if ($deletemark && sizeof($marked)) { $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE log_type = ' . LOG_MOD . ' AND ' . $db->sql_in_set('forum_id', $forum_list) . ' AND ' . $db->sql_in_set('log_id', $marked); $db->sql_query($sql); add_log('admin', 'LOG_CLEAR_MOD'); } else { if ($deleteall) { $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE log_type = ' . LOG_MOD . ' AND ' . $db->sql_in_set('forum_id', $forum_list); if ($mode == 'topic_logs') { $sql .= ' AND topic_id = ' . $topic_id; } $db->sql_query($sql); add_log('admin', 'LOG_CLEAR_MOD'); } } } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('f' => $forum_id, 't' => $topic_id, 'start' => $start, 'delmarked' => $deletemark, 'delall' => $deleteall, 'mark' => $marked, 'st' => $sort_days, 'sk' => $sort_key, 'sd' => $sort_dir, 'i' => $id, 'mode' => $mode, 'action' => request_var('action', array('' => ''))))); } } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); // Grab log data $log_data = array(); $log_count = 0; view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort); $template->assign_vars(array('PAGE_NUMBER' => on_page($log_count, $config['topics_per_page'], $start), 'TOTAL' => $log_count == 1 ? $user->lang['TOTAL_LOG'] : sprintf($user->lang['TOTAL_LOGS'], $log_count), 'PAGINATION' => generate_pagination($this->u_action . "&{$u_sort_param}", $log_count, $config['topics_per_page'], $start), 'L_TITLE' => $user->lang['MCP_LOGS'], 'U_POST_ACTION' => $this->u_action, 'S_CLEAR_ALLOWED' => $auth->acl_get('a_clearlogs') ? true : false, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_LOGS' => $log_count > 0)); foreach ($log_data as $row) { $data = array(); $checks = array('viewtopic', 'viewforum'); foreach ($checks as $check) { if (isset($row[$check]) && $row[$check]) { $data[] = '<a href="' . $row[$check] . '">' . $user->lang['LOGVIEW_' . strtoupper($check)] . '</a>'; } } $template->assign_block_vars('log', array('USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'DATA' => sizeof($data) ? implode(' | ', $data) : '', 'ID' => $row['id'])); } }
/** * Index Controller * Route: gallery/search * * @return Symfony\Component\HttpFoundation\Response A Symfony Response object */ public function base() { $search_id = $this->request->variable('search_id', ''); $image_id = $this->request->variable('image_id', 0); $submit = $this->request->variable('submit', false); $keywords = utf8_normalize_nfc($this->request->variable('keywords', '', true)); $add_keywords = utf8_normalize_nfc($this->request->variable('add_keywords', '', true)); $username = $this->request->variable('username', '', true); $user_id = $this->request->variable('user_id', array(0)); $search_terms = $this->request->variable('terms', 'all'); $search_album = $this->request->variable('aid', array(0)); $search_child = $this->request->variable('sc', true); $search_fields = $this->request->variable('sf', 'all'); $sort_days = $this->request->variable('st', 0); $sort_key = $this->request->variable('sk', 't'); $sort_dir = $this->request->variable('sd', 'd'); $start = $this->request->variable('start', 0); $this->user->add_lang_ext('phpbbgallery/core', array('gallery')); $this->user->add_lang('search'); /** * Build the sort options */ $limit_days = array(0 => $this->user->lang['ALL_IMAGES'], 1 => $this->user->lang['1_DAY'], 7 => $this->user->lang['7_DAYS'], 14 => $this->user->lang['2_WEEKS'], 30 => $this->user->lang['1_MONTH'], 90 => $this->user->lang['3_MONTHS'], 180 => $this->user->lang['6_MONTHS'], 365 => $this->user->lang['1_YEAR']); $sort_by_text = array('t' => $this->user->lang['TIME'], 'n' => $this->user->lang['IMAGE_NAME'], 'u' => $this->user->lang['SORT_USERNAME'], 'vc' => $this->user->lang['GALLERY_VIEWS']); $sort_by_sql = array('t' => 'image_time', 'n' => 'image_name_clean', 'u' => 'image_username_clean', 'vc' => 'image_view_count'); if ($this->gallery_config->get('allow_rates')) { $sort_by_text['ra'] = $this->user->lang['RATING']; $sort_by_sql['ra'] = 'image_rate_points'; //@todo: (phpbb_gallery_contest::$mode == phpbb_gallery_contest::MODE_SUM) ? 'image_rate_points' : 'image_rate_avg'; $sort_by_text['r'] = $this->user->lang['RATES_COUNT']; $sort_by_sql['r'] = 'image_rates'; } if ($this->gallery_config->get('allow_comments')) { $sort_by_text['c'] = $this->user->lang['COMMENTS']; $sort_by_sql['c'] = 'image_comments'; $sort_by_text['lc'] = $this->user->lang['NEW_COMMENT']; $sort_by_sql['lc'] = 'image_last_comment'; } $this->gallery_auth->load_user_premissions($this->user->data['user_id']); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $sql_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); // We will build SQL array and then build query (easely change count with rq) $sql_array = $sql_where = array(); $sql_array['FROM'] = array($this->images_table => 'i'); $sql_array['ORDER_BY'] = $sql_order; $sql_array['GROUP_BY'] = $sort_by_sql[$sort_key]; if ($keywords || $username || $user_id || $search_id || $submit) { // Let's resolve username to user id ... or array of them. if ($username) { if (strpos($username, '*') !== false && utf8_strlen(str_replace(array('*', '%'), '', $username)) < $this->config['min_search_author_chars']) { trigger_error(sprintf($this->user->lang['TOO_FEW_AUTHOR_CHARS'], $this->config['min_search_author_chars'])); } $username_parsed = strpos($username, '*') !== false ? ' username_clean ' . $this->db->sql_like_expression(str_replace('*', $this->db->get_any_char(), utf8_clean_string($this->db->sql_escape($username)))) : ' username_clean = \'' . $this->db->sql_escape(utf8_clean_string($username)) . '\''; $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE ' . $username_parsed . ' AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; $result = $this->db->sql_query_limit($sql, 100); while ($row = $this->db->sql_fetchrow($result)) { $user_id_ary[] = (int) $row['user_id']; } $this->db->sql_freeresult($result); $user_id_ary[] = (int) ANONYMOUS; $user_id = $user_id_ary; } if (!empty($user_id)) { $sql_where[] = $this->db->sql_in_set('i.image_user_id', $user_id); } // if we search in an existing search result just add the additional keywords. But we need to use "all search terms"-mode // so we can keep the old keywords in their old mode, but add the new ones as required words if ($add_keywords) { if ($search_terms == 'all') { $keywords .= ' ' . $add_keywords; } else { $search_terms = 'all'; $keywords = preg_replace('#\\s+#u', ' |', $keywords) . ' ' . $add_keywords; } } $keywords_ary = $keywords ? explode(' ', $keywords) : array(); // pre-made searches $sql = $field = $l_search_title = $search_results = ''; $total_match_count = 0; $sql_limit = 0; $search_query = ''; $matches = array('i.image_name', 'i.image_desc'); if (!sizeof($keywords_ary) && !sizeof($user_id_ary)) { trigger_error('NO_SEARCH_RESULTS'); } $matches = array('i.image_name', 'i.image_desc'); foreach ($keywords_ary as $word) { $match_search_query = ''; foreach ($matches as $match) { $match_search_query .= ($match_search_query ? ' OR ' : '') . 'LOWER(' . $match . ') '; $match_search_query .= $this->db->sql_like_expression(str_replace('*', $this->db->get_any_char(), $this->db->get_any_char() . strtolower($word) . $this->db->get_any_char())); } $search_query .= (!$search_query ? '' : ($search_terms == 'all' ? ' AND ' : ' OR ')) . '(' . $match_search_query . ')'; } $sql_where[] = $search_query; if (empty($search_album)) { $sql_where[] = $this->db->sql_in_set('i.image_album_id', $this->gallery_auth->acl_album_ids('i_view')); } else { $sql_where[] = $this->db->sql_in_set('i.image_album_id', $search_album); } $sql_array['WHERE'] = implode(' and ', array_filter($sql_where)); $sql_array['SELECT'] = 'COUNT(i.image_id) as count'; $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $search_count = $row['count']; $this->db->sql_freeresult($result); if ($search_count == 0) { trigger_error('NO_SEARCH_RESULTS'); } $sql_array['SELECT'] = '*'; $sql_array['GROUP_BY'] = 'image_id'; $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query_limit($sql, $this->gallery_config->get('items_per_page'), $start); while ($row = $this->db->sql_fetchrow($result)) { $rowset[] = $row; } $this->db->sql_freeresult($result); $this->template->assign_block_vars('imageblock', array('BLOCK_NAME' => '', 'U_BLOCK' => $this->helper->route('phpbbgallery_search'))); // Now let's get display options $show_ip = $show_ratings = $show_username = $show_views = $show_time = $show_imagename = $show_comments = $show_album = false; $show_options = $this->gallery_config->get('search_display'); if ($show_options >= 128) { $show_ip = true; $show_options = $show_options - 128; } if ($show_options >= 64) { $show_ratings = true; $show_options = $show_options - 64; } if ($show_options >= 32) { $show_username = true; $show_options = $show_options - 32; } if ($show_options >= 16) { $show_views = true; $show_options = $show_options - 16; } if ($show_options >= 8) { $show_time = true; $show_options = $show_options - 8; } if ($show_options >= 4) { $show_imagename = true; $show_options = $show_options - 4; } if ($show_options >= 2) { $show_comments = true; $show_options = $show_options - 2; } if ($show_options == 1) { $show_album = true; } foreach ($rowset as $row) { switch ($this->gallery_config->get('link_thumbnail')) { case 'image_page': $action = $this->helper->route('phpbbgallery_image', array('image_id' => $row['image_id'])); break; case 'image': $action = $this->helper->route('phpbbgallery_image_file_source', array('image_id' => $row['image_id'])); break; default: $action = false; break; } switch ($this->gallery_config->get('link_image_name')) { case 'image_page': $action_image = $this->helper->route('phpbbgallery_image', array('image_id' => $row['image_id'])); break; case 'image': $action_image = $this->helper->route('phpbbgallery_image_file_source', array('image_id' => $row['image_id'])); break; default: $action_image = false; break; } $album_data = $this->album->get_info($row['image_album_id']); $this->template->assign_block_vars('imageblock.image', array('IMAGE_ID' => $row['image_id'], 'U_IMAGE' => $action_image, 'UC_IMAGE_NAME' => $show_imagename ? $row['image_name'] : false, 'U_ALBUM' => $show_album ? $this->helper->route('phpbbgallery_album', array('album_id' => $album_data['album_id'])) : false, 'ALBUM_NAME' => $show_album ? $album_data['album_name'] : false, 'IMAGE_VIEWS' => $show_views ? $row['image_view_count'] : -1, 'UC_THUMBNAIL' => $this->helper->route('phpbbgallery_image_file_mini', array('image_id' => $row['image_id'])), 'UC_THUMBNAIL_ACTION' => $action, 'S_UNAPPROVED' => $this->gallery_auth->acl_check('m_status', $row['image_album_id'], $album_data['album_user_id']) && $row['image_status'] == \phpbbgallery\core\image\image::STATUS_UNAPPROVED ? true : false, 'S_LOCKED' => $row['image_status'] == \phpbbgallery\core\image\image::STATUS_LOCKED ? true : false, 'S_REPORTED' => $this->gallery_auth->acl_check('m_report', $row['image_album_id'], $album_data['album_user_id']) && $row['image_reported'] ? true : false, 'POSTER' => $show_username ? get_username_string('full', $row['image_user_id'], $row['image_username'], $row['image_user_colour']) : false, 'TIME' => $show_time ? $this->user->format_date($row['image_time']) : false, 'S_RATINGS' => $this->config['phpbb_gallery_allow_rates'] == 1 && $show_ratings ? $row['image_rates'] > 0 ? $row['image_rate_avg'] / 100 : $this->user->lang('NOT_RATED') : false, 'U_RATINGS' => $this->helper->route('phpbbgallery_image', array('image_id' => $row['image_id'])) . '#rating', 'L_COMMENTS' => $row['image_comments'] == 1 ? $this->user->lang['COMMENT'] : $this->user->lang['COMMENTS'], 'S_COMMENTS' => $this->config['phpbb_gallery_allow_comments'] && $this->gallery_auth->acl_check('c_read', $row['image_album_id'], $album_data['album_user_id']) && $show_comments ? $row['image_comments'] ? $row['image_comments'] : $this->user->lang['NO_COMMENTS'] : '', 'U_COMMENTS' => $this->helper->route('phpbbgallery_image', array('image_id' => $row['image_id'])) . '#comments', 'U_USER_IP' => $show_ip && $this->gallery_auth->acl_check('m_status', $row['image_album_id'], $album_data['album_user_id']) ? $row['image_user_ip'] : false, 'S_IMAGE_REPORTED' => $row['image_reported'], 'U_IMAGE_REPORTED' => '', 'S_STATUS_APPROVED' => $row['image_status'] == \phpbbgallery\core\image\image::STATUS_APPROVED, 'S_STATUS_UNAPPROVED' => $this->gallery_auth->acl_check('m_status', $row['image_album_id'], $album_data['album_user_id']) && $row['image_status'] == \phpbbgallery\core\image\image::STATUS_UNAPPROVED ? true : false, 'S_STATUS_UNAPPROVED_ACTION' => $this->gallery_auth->acl_check('m_status', $row['image_album_id'], $album_data['album_user_id']) && $row['image_status'] == \phpbbgallery\core\image\image::STATUS_UNAPPROVED ? $this->helper->route('phpbbgallery_moderate_image_approve', array('image_id' => $row['image_id'])) : '', 'S_STATUS_LOCKED' => $row['image_status'] == \phpbbgallery\core\image\image::STATUS_LOCKED, 'U_REPORT' => $this->gallery_auth->acl_check('m_report', $row['image_album_id'], $album_data['album_user_id']) && $row['image_reported'] ? '123' : '', 'U_STATUS' => '', 'L_STATUS' => $row['image_status'] == \phpbbgallery\core\image\image::STATUS_UNAPPROVED ? $this->user->lang['APPROVE_IMAGE'] : ($row['image_status'] == \phpbbgallery\core\image\image::STATUS_APPROVED ? $this->user->lang['CHANGE_IMAGE_STATUS'] : $this->user->lang['UNLOCK_IMAGE']))); } $this->template->assign_vars(array('SEARCH_MATCHES' => $this->user->lang('SEARCH'))); $url = ''; if ($keywords != '') { $params[] = 'keywords=' . $keywords; } if ($username != '') { $params[] = 'username='******'user_id[]=' . $var; } } if (isset($search_terms)) { $params[] = 'terms=' . $search_terms; } if (!empty($search_album)) { foreach ($search_album as $var) { $params[] = 'aid[]=' . $var; } } if (isset($search_child)) { $params[] = 'sc=' . $search_child; } if (isset($search_fields)) { $params[] = 'sf=' . $search_fields; } if (isset($sort_days)) { $params[] = 'st=' . $sort_days; } if (isset($sort_key)) { $params[] = 'sk=' . $sort_key; } if (isset($sort_dir)) { $params[] = 'sd=' . $sort_dir; } $url = implode('&', $params); $this->pagination->generate_template_pagination($this->helper->route('phpbbgallery_search') . '?' . $url, 'pagination', 'start', $search_count, $this->gallery_config->get('items_per_page'), $start); return $this->helper->render('gallery/search_results.html', $this->user->lang('GALLERY')); } // Is user able to search? Has search been disabled? if (!$this->auth->acl_get('u_search') || !$this->config['load_search']) { $this->template->assign_var('S_NO_SEARCH', true); trigger_error('NO_SEARCH'); } $this->template->assign_block_vars('navlinks', array('FORUM_NAME' => $this->user->lang['SEARCH'], 'U_VIEW_FORUM' => $this->helper->route('phpbbgallery_search'))); $s_albums = $this->album->get_albumbox(false, false, false, 'i_view'); $s_hidden_fields = array(); $this->template->assign_vars(array('S_SEARCH_ACTION' => $this->helper->route('phpbbgallery_search'), 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_ALBUM_OPTIONS' => $s_albums, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_IN_SEARCH' => true)); return $this->helper->render('gallery/search_body.html', $this->user->lang('GALLERY')); }
/** * Lists all users with warnings */ function mcp_warn_list_view($action) { global $phpEx, $phpbb_root_path, $config, $phpbb_container; global $template, $db, $user, $auth, $request; $user->add_lang('memberlist'); $pagination = $phpbb_container->get('pagination'); $start = $request->variable('start', 0); $st = $request->variable('st', 0); $sk = $request->variable('sk', 'b'); $sd = $request->variable('sd', 'd'); $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_WARNINGS']); $sort_by_sql = array('a' => 'username_clean', 'b' => 'warning_time', 'c' => 'user_warnings'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $st ? time() - $st * 86400 : 0; $sql_sort = $sort_by_sql[$sk] . ' ' . ($sd == 'd' ? 'DESC' : 'ASC'); $users = array(); $user_count = 0; $this->view_warnings_list($users, $user_count, $config['topics_per_page'], $start, $sql_where, $sql_sort); foreach ($users as $row) { $template->assign_block_vars('user', array('U_NOTES' => append_sid("{$phpbb_root_path}mcp.{$phpEx}", 'i=notes&mode=user_notes&u=' . $row['user_id']), 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'] ? '#' . $row['user_colour'] : '', 'U_USER' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=viewprofile&u=' . $row['user_id']), 'WARNING_TIME' => $row['warning_end'] ? $user->format_date($row['warning_end']) : $user->lang['PERMANENT'], 'WARNINGS' => $user->format_date($row['warning_time']), 'WARNING_STATUS' => $row['warning_status'] ? true : false, 'WARNING_TYPE' => $row['warning_type'] == BAN ? $user->lang['BAN'] : $user->lang['WARNING'], 'U_WARNING_POST_URL' => $row['post_id'] ? append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'p=' . $row['post_id'] . '#p' . $row['post_id']) : '', 'U_EDIT' => $auth->acl_get('m_warn') ? append_sid("{$phpbb_root_path}mcp.{$phpEx}", 'i=\\rxu\\AdvancedWarnings\\mcp\\warnings_module&mode=' . ($row['post_id'] ? 'warn_post&p=' . $row['post_id'] : 'warn_user') . '&u=' . $row['user_id'] . '&warn_id=' . $row['warning_id']) : '')); } $base_url = append_sid("{$phpbb_root_path}mcp.{$phpEx}", "i=\rxu\\AdvancedWarnings\\mcp\\warnings_module&mode=list&st={$st}&sk={$sk}&sd={$sd}"); if ($user_count) { $pagination->generate_template_pagination($base_url, 'pagination', 'start', $user_count, $config['topics_per_page'], $start); } $template->assign_vars(array('U_POST_ACTION' => $this->u_action, 'S_CLEAR_ALLOWED' => $auth->acl_get('a_clearlogs') ? true : false, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'PAGE_NUMBER' => $user_count ? $pagination->on_page($user_count, $config['topics_per_page'], $start) : '', 'TOTAL_WARNINGS' => $user->lang('LIST_WARNINGS', (int) $user_count))); }
function main($id, $mode) { global $db, $user, $auth, $template, $cache; global $config, $phpbb_root_path, $phpEx; $user->add_lang(array('acp/board', 'mods/asacp', 'mods/acp_asacp', 'install', 'acp/common')); include $phpbb_root_path . 'antispam/acp_functions.' . $phpEx; $error = $notify = array(); $submit = isset($_POST['submit']) ? true : false; $action = request_var('action', ''); add_form_key('as_acp'); if ($submit && !check_form_key('as_acp')) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $error = $options = array(); switch ($mode) { case 'ip_search': $this->tpl_name = 'antispam/mcp_asacp'; $this->page_title = 'ASACP_IP_SEARCH'; $ip = request_var('ip', ''); $type = request_var('type', ''); if ($ip) { asacp_display_ip_search($type, $ip, $this->u_action . '&ip=' . $ip, request_var('start', 0)); } $template->assign_vars(array('L_TITLE' => $user->lang['ASACP_IP_SEARCH'], 'L_TITLE_EXPLAIN' => $user->lang['ASACP_IP_SEARCH_EXPLAIN'], 'S_DATA_OUTPUT' => true, 'S_DISPLAY_IP_INPUT' => $ip ? false : true, 'U_BACK' => $type ? $this->u_action . '&ip=' . $ip : false, 'U_BACK_NONE' => $this->u_action)); break; // case 'ip_search' : // case 'ip_search' : case 'log': case 'flag': $this->tpl_name = 'mcp_logs'; if ($mode == 'log') { $this->page_title = $user->lang['ASACP_SPAM_LOG']; } else { $this->page_title = $user->lang['ASACP_FLAG_LOG']; // Reset the user flag new notification if ($user->data['user_flag_new']) { $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_flag_new = 0 WHERE user_id = ' . $user->data['user_id']); } } $user->add_lang('mcp'); // Set up general vars $start = request_var('start', 0); $action = request_var('action', array('' => '')); if (is_array($action)) { list($action, ) = each($action); } else { $action = request_var('action', ''); } $deletemark = !empty($_POST['delmarked']) || $action == 'del_marked' ? true : false; $deleteall = !empty($_POST['delall']) || $action == 'del_all' ? true : false; $marked = request_var('mark', array(0)); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); $keywords = utf8_normalize_nfc(request_var('keywords', '', true)); $keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : ''; // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { if (confirm_box(true)) { clear_spam_log($mode, $deletemark ? false : $deleteall, $marked, $keywords); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('start' => $start, 'delmarked' => $deletemark, 'delall' => $deleteall, 'mark' => $marked, 'st' => $sort_days, 'sk' => $sort_key, 'sd' => $sort_dir, 'keywords' => $keywords, 'i' => $id, 'mode' => $mode, 'action' => $this->u_action))); } } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('t' => $user->lang['SORT_DATE'], 'u' => $user->lang['SORT_USERNAME'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('t' => 'l.log_time', 'u' => 'u.username_clean', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_days = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); // Grab log data $log_data = array(); $log_count = 0; if ($mode == 'log') { view_spam_log('spam', $log_data, $log_count, $config['topics_per_page'], $start, '', $sql_days, $sql_sort, $keywords); } else { view_spam_log('flag', $log_data, $log_count, $config['topics_per_page'], $start, '', $sql_days, $sql_sort, $keywords); } $template->assign_vars(array('L_TITLE' => $this->page_title, 'L_EXPLAIN' => '', 'S_ON_PAGE' => on_page($log_count, $config['topics_per_page'], $start), 'PAGE_NUMBER' => on_page($log_count, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&{$u_sort_param}{$keywords_param}", $log_count, $config['topics_per_page'], $start), 'TOTAL' => $log_count == 1 ? $user->lang['TOTAL_LOG'] : sprintf($user->lang['TOTAL_LOGS'], $log_count), 'S_LIMIT_DAYS' => $s_limit_days, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'), 'S_CLEAR_ALLOWED' => $auth->acl_get('a_clearlogs'), 'S_KEYWORDS' => $keywords, 'S_LOGS' => $log_count > 0 ? true : false)); foreach ($log_data as $row) { $template->assign_block_vars('log', array('USERNAME' => $row['username_full'], 'REPORTEE_USERNAME' => $row['reportee_username'] && $row['user_id'] != $row['reportee_id'] ? $row['reportee_username_full'] : '', 'IP' => '<a href="' . append_sid("{$phpbb_root_path}mcp.{$phpEx}", "i={$id}&mode=ip_search&ip={$row['ip']}") . '">' . $row['ip'] . '</a>', 'DATE' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'DATA' => sizeof($row['data']) ? @vsprintf($user->lang[$row['operation'] . '_DATA'], $row['data']) : '', 'ID' => $row['id'])); } break; //case 'log' : //case 'flag' : //case 'log' : //case 'flag' : case 'flag_list': $user->add_lang('memberlist'); $this->tpl_name = 'antispam/mcp_asacp'; $this->page_title = 'ASACP_FLAG_LIST'; $start = request_var('start', 0); $limit = request_var('limit', 20); $db->sql_query('SELECT count(user_id) as cnt FROM ' . USERS_TABLE . ' WHERE user_flagged = 1'); $total = $db->sql_fetchfield('cnt'); $sql = 'SELECT user_id, username, user_colour, user_ip, user_posts FROM ' . USERS_TABLE . ' WHERE user_flagged = 1'; $result = $db->sql_query_limit($sql, $limit, $start); $cnt = 0; $output = ''; while ($row = $db->sql_fetchrow($result)) { $row['username'] = get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']); if ($auth->acl_get('m_asacp_ip_search')) { $row['user_ip'] = '<a href="' . append_sid("{$phpbb_root_path}mcp.{$phpEx}", "i={$id}&mode=ip_search&ip={$row['user_ip']}") . '">' . $row['user_ip'] . '</a>'; } if ($auth->acl_get('a_user')) { $row[$user->lang['ACTION']] = '<a href="' . append_sid("{$phpbb_root_path}adm/index.{$phpEx}", "i=users&mode=overview&u={$row['user_id']}", true, $user->session_id) . '">' . $user->lang['USER_ADMIN'] . '</a>'; } unset($row['user_id'], $row['user_colour']); $cnt++; if ($cnt == 1) { $output .= asacp_display_table_head($row); } $output .= asacp_display_table_row($row, $cnt); } $db->sql_freeresult($result); $template->assign_vars(array('L_TITLE' => $user->lang['ASACP_FLAG_LIST'], 'L_TITLE_EXPLAIN' => $user->lang['ASACP_FLAG_LIST_EXPLAIN'], 'S_DATA_OUTPUT' => true)); $template->assign_block_vars('data_output', array('TITLE' => $user->lang['USERS'], 'DATA' => $output, 'PAGINATION' => $total ? generate_pagination($this->u_action . "&limit={$limit}", $total, $limit, $start, false, 'data_output') : '')); break; //case 'flag_list' : //case 'flag_list' : default: trigger_error('NO_MODE'); break; } // switch($mode) // Display the options if there are any (setup similar to acp_board) if (sizeof($options)) { asacp_display_options($options, $error, $this->u_action); } $template->assign_vars(array('ERROR' => implode('<br />', $error), 'U_ACTION' => $this->u_action, 'U_POST_ACTION' => $this->u_action)); }
/** * Image Controller * Route: gallery/image_id/{image_id} * * @param int $image_id Image ID * @return Symfony\Component\HttpFoundation\Response A Symfony Response object */ public function base($image_id, $page = 0) { $this->user->add_lang_ext('phpbbgallery/core', array('gallery')); try { $sql = 'SELECT * FROM ' . $this->table_images . ' WHERE image_id = ' . (int) $image_id; $result = $this->db->sql_query($sql); $this->data = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); if (!$this->data) { // Image does not exist throw new \OutOfBoundsException('INVALID_IMAGE'); } $this->loader->load($this->data['image_album_id']); } catch (\Exception $e) { return $this->error($e->getMessage(), 404); } $album_id = (int) $this->data['image_album_id']; $album_data = $this->loader->get($album_id); $this->check_permissions($album_id, $album_data['album_user_id'], $this->data['image_status'], $album_data['album_auth_access']); $this->display->generate_navigation($album_data); if (!$this->user->data['is_bot'] && isset($this->user->data['session_page']) && (strpos($this->user->data['session_page'], '&image_id=' . $image_id) === false || isset($this->user->data['session_created']))) { $sql = 'UPDATE ' . $this->table_images . ' SET image_view_count = image_view_count + 1 WHERE image_id = ' . $image_id; $this->db->sql_query($sql); } // Do stuff here $page_title = $this->data['image_name']; if ($page > 1) { $page_title .= ' - ' . $this->user->lang('PAGE_TITLE_NUMBER', $page); } $s_allowed_delete = $s_allowed_edit = $s_allowed_status = false; if (($this->gallery_auth->acl_check('m_', $album_id, $album_data['album_user_id']) || $this->data['image_user_id'] == $this->user->data['user_id']) && $this->user->data['user_id'] != ANONYMOUS) { //$s_user_allowed = (($this->data['image_user_id'] == $this->user->data['user_id']) && ($album_data['album_status'] != phpbb_ext_gallery_core_album::STATUS_LOCKED)); $s_user_allowed = $this->data['image_user_id'] == $this->user->data['user_id'] && $album_data['album_status'] != 1; $s_allowed_delete = $this->gallery_auth->acl_check('i_delete', $album_id, $album_data['album_user_id']) && $s_user_allowed || $this->gallery_auth->acl_check('m_delete', $album_id, $album_data['album_user_id']); $s_allowed_edit = $this->gallery_auth->acl_check('i_edit', $album_id, $album_data['album_user_id']) && $s_user_allowed || $this->gallery_auth->acl_check('m_edit', $album_id, $album_data['album_user_id']); $s_quick_mod = $s_allowed_delete || $s_allowed_edit || $this->gallery_auth->acl_check('m_status', $album_id, $album_data['album_user_id']) || $this->gallery_auth->acl_check('m_move', $album_id, $album_data['album_user_id']); $this->user->add_lang_ext('phpbbgallery/core', 'gallery_mcp'); $this->template->assign_vars(array('S_MOD_ACTION' => $this->helper->route('phpbbgallery_moderate_image', array('image_id' => $image_id)), 'S_QUICK_MOD' => $s_quick_mod, 'S_QM_MOVE' => $this->gallery_auth->acl_check('m_move', $album_id, $album_data['album_user_id']), 'S_QM_EDIT' => $s_allowed_edit, 'S_QM_DELETE' => $s_allowed_delete, 'S_QM_REPORT' => $this->gallery_auth->acl_check('m_report', $album_id, $album_data['album_user_id']), 'S_QM_STATUS' => $this->gallery_auth->acl_check('m_status', $album_id, $album_data['album_user_id']), 'S_IMAGE_REPORTED' => $this->data['image_reported'] ? true : false, 'U_IMAGE_REPORTED' => $this->data['image_reported'] ? $this->helper->route('phpbbgallery_moderate_image', array('image_id' => $image_id)) : '', 'S_STATUS_APPROVED' => $this->data['image_status'] == \phpbbgallery\core\image\image::STATUS_APPROVED, 'S_STATUS_UNAPPROVED' => $this->data['image_status'] == \phpbbgallery\core\image\image::STATUS_UNAPPROVED, 'S_STATUS_LOCKED' => $this->data['image_status'] == \phpbbgallery\core\image\image::STATUS_LOCKED)); } $image_desc = generate_text_for_display($this->data['image_desc'], $this->data['image_desc_uid'], $this->data['image_desc_bitfield'], 7); // Let's see if we can get next end prev $sort_key = $this->request->variable('sk', $album_data['album_sort_key'] ? $album_data['album_sort_key'] : $this->config['phpbb_gallery_default_sort_key']); $sort_dir = $this->request->variable('sd', $album_data['album_sort_dir'] ? $album_data['album_sort_dir'] : $this->config['phpbb_gallery_default_sort_dir']); if (in_array($sort_key, array('r', 'ra'))) { $sql_help_sort = ', image_id ' . ($sort_dir == 'd' ? 'ASC' : 'DESC'); } else { $sql_help_sort = ', image_id ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); } $limit_days = array(); $sort_by_text = array('t' => $this->user->lang['TIME'], 'n' => $this->user->lang['IMAGE_NAME'], 'vc' => $this->user->lang['GALLERY_VIEWS'], 'u' => $this->user->lang['SORT_USERNAME']); $sort_by_sql = array('t' => 'image_time', 'n' => 'image_name_clean', 'vc' => 'image_view_count', 'u' => 'image_username_clean'); if ($this->config['phpbb_gallery_allow_rates']) { $sort_by_text['ra'] = $this->user->lang['RATING']; $sort_by_sql['ra'] = 'image_rate_points'; $sort_by_text['r'] = $this->user->lang['RATES_COUNT']; $sort_by_sql['r'] = 'image_rates'; } if ($this->config['phpbb_gallery_allow_comments']) { $sort_by_text['c'] = $this->user->lang['COMMENTS']; $sort_by_sql['c'] = 'image_comments'; $sort_by_text['lc'] = $this->user->lang['NEW_COMMENT']; $sort_by_sql['lc'] = 'image_last_comment'; } gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $sql_sort_order .= $sql_help_sort; // Let's see if there is prieveus image $sql = 'SELECT * FROM ' . $this->table_images . ' WHERE image_album_id = ' . (int) $album_id . "\n\t\t\t\tAND image_status <> 3\n\t\t\tORDER BY {$sql_sort_order}" . $sql_help_sort; $result = $this->db->sql_query($sql); $images_array = array(); while ($row = $this->db->sql_fetchrow($result)) { $images_array[] = $row; } $cur = 0; foreach ($images_array as $id => $var) { if ($var['image_id'] == $image_id) { $cur = $id; } } $next = $prev = false; if (count($images_array) > $cur + 1) { $next = array('image_id' => $images_array[$cur + 1]['image_id'], 'image_name' => $images_array[$cur + 1]['image_name']); } if ($cur > 0) { $prev = array('image_id' => $images_array[$cur - 1]['image_id'], 'image_name' => $images_array[$cur - 1]['image_name']); } $this->db->sql_freeresult($result); $this->template->assign_vars(array('UC_NEXT_IMAGE' => $next ? $this->gallery_config->get('disp_nextprev_thumbnail') ? '<a href="' . $this->helper->route('phpbbgallery_image', array('image_id' => $next['image_id'])) . '"><img style="max-width: 70px; max-height: 70px;" src="' . $this->helper->route('phpbbgallery_image_file_mini', array('image_id' => $next['image_id'])) . '" alt="' . $next['image_name'] . '"></a>' : '<a href="' . $this->helper->route('phpbbgallery_image', array('image_id' => $next['image_id'])) . '">' . $next['image_name'] . ' »» </a>' : '', 'UC_PREV_IMAGE' => $prev ? $this->gallery_config->get('disp_nextprev_thumbnail') ? '<a href="' . $this->helper->route('phpbbgallery_image', array('image_id' => $prev['image_id'])) . '"><img style="max-width: 70px; max-height: 70px;" src="' . $this->helper->route('phpbbgallery_image_file_mini', array('image_id' => $prev['image_id'])) . '" alt="' . $prev['image_name'] . '"></a>' : '<a href="' . $this->helper->route('phpbbgallery_image', array('image_id' => $prev['image_id'])) . '">«« ' . $prev['image_name'] . '</a>' : '', 'U_VIEW_ALBUM' => $this->helper->route('phpbbgallery_album', array('album_id' => $album_id)), 'UC_IMAGE' => $this->helper->route('phpbbgallery_image_file_medium', array('image_id' => $image_id)), 'U_DELETE' => $s_allowed_delete ? $this->helper->route('phpbbgallery_image_delete', array('image_id' => $image_id)) : '', 'U_EDIT' => $s_allowed_edit ? $this->helper->route('phpbbgallery_image_edit', array('image_id' => $image_id)) : '', 'U_REPORT' => $this->gallery_auth->acl_check('i_report', $album_id, $album_data['album_user_id']) && $this->data['image_user_id'] != $this->user->data['user_id'] ? $this->helper->route('phpbbgallery_image_report', array('image_id' => $image_id)) : '', 'U_STATUS' => $s_allowed_status ? $this->helper->route('phpbbgallery_moderate_image', array('image_id' => $image_id)) : '', 'CONTEST_RANK' => $this->data['image_contest_rank'] ? $this->user->lang('CONTEST_RESULT_' . $this->data['image_contest_rank']) : '', 'IMAGE_NAME' => $this->data['image_name'], 'IMAGE_DESC' => $image_desc, 'IMAGE_BBCODE' => $this->config['allow_bbcode'] ? '[image]' . $image_id . '[/image]' : '', 'IMAGE_IMGURL_BBCODE' => $this->config['phpbb_gallery_disp_image_url'] ? '[url=' . $this->url->get_uri($this->helper->route('phpbbgallery_image', array('image_id' => $image_id))) . '][img]' . $this->url->get_uri($this->helper->route('phpbbgallery_image_file_mini', array('image_id' => $image_id))) . '[/img][/url]' : '', 'IMAGE_URL' => $this->config['phpbb_gallery_disp_image_url'] ? $this->url->get_uri($this->helper->route('phpbbgallery_image', array('image_id' => $image_id))) : '', 'IMAGE_TIME' => $this->user->format_date($this->data['image_time']), 'IMAGE_VIEW' => $this->data['image_view_count'], 'POSTER_IP' => $this->auth->acl_get('a_') ? $this->data['image_user_ip'] : '', 'U_POSTER_WHOIS' => $this->auth->acl_get('a_') ? append_sid('mcp', 'mode=whois&ip=' . $this->data['image_user_ip']) : '', 'S_ALBUM_ACTION' => $this->helper->route('phpbbgallery_image', array('image_id' => $image_id)), 'U_RETURN_LINK' => $this->helper->route('phpbbgallery_album', array('album_id' => $album_id)), 'S_RETURN_LINK' => $this->user->lang('RETURN_TO', $album_data['album_name']))); switch ($this->gallery_config->get('link_imagepage')) { case 'image': $this->template->assign_vars(array('UC_IMAGE_ACTION' => $this->helper->route('phpbbgallery_image_file_source', array('image_id' => $image_id)))); break; case 'next': if ($next) { $this->template->assign_vars(array('UC_IMAGE_ACTION' => $this->helper->route('phpbbgallery_image', array('image_id' => $next['image_id'])))); } break; } $image_data = $this->data; /** * Event view image * * @event phpbbgallery.core.viewimage * @var int image_id id of the image we are viewing * @var array image_data All the data related to the image * @var array album_data All the data related to the album image is part of * @var string page_title Page title * @since 1.2.0 */ $vars = array('image_id', 'image_data', 'album_data', 'page_title'); extract($this->dispatcher->trigger_event('phpbbgallery.core.viewimage', compact($vars))); $this->data = $image_data; $user_id = $this->data['image_user_id']; $sql = $this->db->sql_build_query('SELECT', array('SELECT' => 'u.*, gu.personal_album_id, gu.user_images', 'FROM' => array(USERS_TABLE => 'u'), 'LEFT_JOIN' => array(array('FROM' => array($this->table_users => 'gu'), 'ON' => 'gu.user_id = u.user_id')), 'WHERE' => 'u.user_id = ' . $this->data['image_user_id'])); $result = $this->db->sql_query($sql); $user_cache = array(); while ($row = $this->db->sql_fetchrow($result)) { \phpbbgallery\core\user::add_user_to_cache($user_cache, $row); } $this->db->sql_freeresult($result); $user_cache[$user_id]['username'] = $this->data['image_username'] ? $this->data['image_username'] : $this->user->lang['GUEST']; $this->template->assign_vars(array('POSTER_FULL' => get_username_string('full', $user_id, $user_cache[$user_id]['username'], $user_cache[$user_id]['user_colour']), 'POSTER_COLOUR' => get_username_string('colour', $user_id, $user_cache[$user_id]['username'], $user_cache[$user_id]['user_colour']), 'POSTER_USERNAME' => get_username_string('username', $user_id, $user_cache[$user_id]['username'], $user_cache[$user_id]['user_colour']), 'U_POSTER' => get_username_string('profile', $user_id, $user_cache[$user_id]['username'], $user_cache[$user_id]['user_colour']), 'POSTER_SIGNATURE' => $user_cache[$user_id]['sig'], 'POSTER_RANK_TITLE' => $user_cache[$user_id]['rank_title'], 'POSTER_RANK_IMG' => $user_cache[$user_id]['rank_image'], 'POSTER_RANK_IMG_SRC' => $user_cache[$user_id]['rank_image_src'], 'POSTER_JOINED' => $user_cache[$user_id]['joined'], 'POSTER_POSTS' => $user_cache[$user_id]['posts'], 'POSTER_AVATAR' => $user_cache[$user_id]['avatar'], 'POSTER_WARNINGS' => $user_cache[$user_id]['warnings'], 'POSTER_AGE' => $user_cache[$user_id]['age'], 'POSTER_ONLINE_IMG' => $user_id == ANONYMOUS || !$this->config['load_onlinetrack'] ? '' : ($user_cache[$user_id]['online'] ? $this->user->img('icon_user_online', 'ONLINE') : $this->user->img('icon_user_offline', 'OFFLINE')), 'S_POSTER_ONLINE' => $user_id == ANONYMOUS || !$this->config['load_onlinetrack'] ? false : ($user_cache[$user_id]['online'] ? true : false), 'U_POSTER_PROFILE' => $user_cache[$user_id]['profile'], 'U_POSTER_SEARCH' => $user_cache[$user_id]['search'], 'U_POSTER_PM' => $user_id != ANONYMOUS && $this->config['allow_privmsg'] && $this->auth->acl_get('u_sendpm') && ($user_cache[$user_id]['allow_pm'] || $this->auth->acl_gets('a_', 'm_')) ? append_sid('./ucp.php', 'i=pm&mode=compose&u=' . $user_id) : '', 'U_POSTER_EMAIL' => $this->auth->acl_gets('a_') || !$this->config['board_hide_emails'] ? $user_cache[$user_id]['email'] : false, 'U_POSTER_JABBER' => $user_cache[$user_id]['jabber'], 'U_POSTER_GALLERY' => $user_cache[$user_id]['gallery_album'], 'POSTER_GALLERY_IMAGES' => $user_cache[$user_id]['gallery_images'], 'U_POSTER_GALLERY_SEARCH' => $user_cache[$user_id]['gallery_search'])); // Add ratings if ($this->gallery_config->get('allow_rates')) { $rating = new \phpbbgallery\core\rating($image_id, $image_data, $album_data); $user_rating = $rating->get_user_rating($this->user->data['user_id']); // Check: User didn't rate yet, has permissions, it's not the users own image and the user is logged in if (!$user_rating && $rating->is_allowed()) { $rating->display_box(); } $this->template->assign_vars(array('IMAGE_RATING' => $rating->get_image_rating($user_rating), 'S_ALLOWED_TO_RATE' => !$user_rating && $rating->is_allowed(), 'S_VIEW_RATE' => $this->gallery_auth->acl_check('i_rate', $album_id, $album_data['album_user_id']) ? true : false, 'S_RATE_ACTION' => $this->helper->route('phpbbgallery_image_rate', array('image_id' => $image_id)))); unset($rating); } /** * Posting comment */ $comments_disabled = !$this->gallery_config->get('allow_comments') || $this->gallery_config->get('comment_user_control') && !$image_data['image_allow_comments']; if (!$comments_disabled && $this->gallery_auth->acl_check('c_post', $album_id, $album_data['album_user_id']) && $album_data['album_status'] != $this->album->get_status_locked() && ($image_data['image_status'] != $this->image->get_status_locked() || $this->gallery_auth->acl_check('m_status', $album_id, $album_data['album_user_id']))) { add_form_key('gallery'); $this->user->add_lang('posting'); $this->url->_include('functions_posting', 'phpbb'); $bbcode_status = $this->config['allow_bbcode'] ? true : false; $smilies_status = $this->config['allow_smilies'] ? true : false; $img_status = $bbcode_status ? true : false; $url_status = $this->config['allow_post_links'] ? true : false; $flash_status = false; $quote_status = true; include_once $this->phpbb_root_path . 'includes/functions_display.' . $this->php_ext; // Build custom bbcodes array display_custom_bbcodes(); // Build smilies array generate_smilies('inline', 0); //$s_hide_comment_input = (time() < ($album_data['contest_start'] + $album_data['contest_end'])) ? true : false; $s_hide_comment_input = false; $this->template->assign_vars(array('S_ALLOWED_TO_COMMENT' => true, 'S_HIDE_COMMENT_INPUT' => $s_hide_comment_input, 'BBCODE_STATUS' => $bbcode_status ? sprintf($this->user->lang['BBCODE_IS_ON'], '<a href="' . $this->url->append_sid('phpbb', 'faq', 'mode=bbcode') . '">', '</a>') : sprintf($this->user->lang['BBCODE_IS_OFF'], '<a href="' . $this->url->append_sid('phpbb', 'faq', 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => $img_status ? $this->user->lang['IMAGES_ARE_ON'] : $this->user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $this->user->lang['FLASH_IS_ON'] : $this->user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $this->user->lang['SMILIES_ARE_ON'] : $this->user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => $bbcode_status && $url_status ? $this->user->lang['URL_IS_ON'] : $this->user->lang['URL_IS_OFF'], 'S_SIGNATURE_CHECKED' => $this->user->optionget('attachsig') ? ' checked="checked"' : '', 'S_BBCODE_ALLOWED' => $bbcode_status, 'S_SMILIES_ALLOWED' => $smilies_status, 'S_LINKS_ALLOWED' => $url_status, 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_URL' => $url_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => $quote_status, 'L_COMMENT_LENGTH' => sprintf($this->user->lang['COMMENT_LENGTH'], $this->gallery_config->get('comment_length')))); if ($this->misc->display_captcha('comment')) { global $phpbb_container; $captcha = $phpbb_container->get('captcha.factory')->get_instance($this->config['captcha_plugin']); $captcha->init(CONFIRM_POST); $this->template->assign_vars(array('S_CONFIRM_CODE' => true, 'CAPTCHA_TEMPLATE' => $captcha->get_template())); } // Different link, when we rate and dont comment if (!$s_hide_comment_input) { //$this->template->assign_var('S_COMMENT_ACTION', append_sid($this->url->path('full') . 'comment/' . $image_id . '/add/0')); $this->template->assign_var('S_COMMENT_ACTION', $this->helper->route('phpbbgallery_comment_add', array('image_id' => $image_id, 'comment_id' => 0))); } } else { if ($this->gallery_config->get('comment_user_control') && !$image_data['image_allow_comments']) { $this->template->assign_var('S_COMMENTS_DISABLED', true); } } /** * Listing comment */ if ($this->gallery_config->get('allow_comments') && $this->gallery_auth->acl_check('c_read', $album_id, $album_data['album_user_id'])) { $this->display_comments($image_id, $this->data, $album_id, $album_data, ($page - 1) * $this->gallery_config->get('items_per_page'), $this->gallery_config->get('items_per_page')); } return $this->helper->render('gallery/viewimage_body.html', $page_title); }
function main($id, $mode) { global $db, $user, $auth, $template, $cache, $phpbb_container; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; global $request; $user->add_lang('mcp'); // Set up general vars $action = request_var('action', ''); $forum_id = request_var('f', 0); $topic_id = request_var('t', 0); $start = request_var('start', 0); $deletemark = $request->variable('delmarked', false, false, \phpbb\request\request_interface::POST); $deleteall = $request->variable('delall', false, false, \phpbb\request\request_interface::POST); $marked = request_var('mark', array(0)); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); $this->tpl_name = 'acp_logs'; $this->log_type = constant('LOG_' . strtoupper($mode)); $pagination = $phpbb_container->get('pagination'); // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { if (confirm_box(true)) { $conditions = array(); if ($deletemark && sizeof($marked)) { $conditions['log_id'] = array('IN' => $marked); } if ($deleteall) { if ($sort_days) { $conditions['log_time'] = array('>=', time() - $sort_days * 86400); } $keywords = utf8_normalize_nfc(request_var('keywords', '', true)); $conditions['keywords'] = $keywords; } $phpbb_log = $phpbb_container->get('log'); $phpbb_log->delete($mode, $conditions); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('f' => $forum_id, 'start' => $start, 'delmarked' => $deletemark, 'delall' => $deleteall, 'mark' => $marked, 'st' => $sort_days, 'sk' => $sort_key, 'sd' => $sort_dir, 'i' => $id, 'mode' => $mode, 'action' => $action))); } } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $keywords = utf8_normalize_nfc(request_var('keywords', '', true)); $keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : ''; $l_title = $user->lang['ACP_' . strtoupper($mode) . '_LOGS']; $l_title_explain = $user->lang['ACP_' . strtoupper($mode) . '_LOGS_EXPLAIN']; $this->page_title = $l_title; // Define forum list if we're looking @ mod logs if ($mode == 'mod') { $forum_box = '<option value="0">' . $user->lang['ALL_FORUMS'] . '</option>' . make_forum_select($forum_id); $template->assign_vars(array('S_SHOW_FORUMS' => true, 'S_FORUM_BOX' => $forum_box)); } // Grab log data $log_data = array(); $log_count = 0; $start = view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, 0, $sql_where, $sql_sort, $keywords); $base_url = $this->u_action . "&{$u_sort_param}{$keywords_param}"; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); $template->assign_vars(array('L_TITLE' => $l_title, 'L_EXPLAIN' => $l_title_explain, 'U_ACTION' => $this->u_action . "&{$u_sort_param}{$keywords_param}&start={$start}", 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'), 'S_KEYWORDS' => $keywords)); foreach ($log_data as $row) { $data = array(); $checks = array('viewtopic', 'viewlogs', 'viewforum'); foreach ($checks as $check) { if (isset($row[$check]) && $row[$check]) { $data[] = '<a href="' . $row[$check] . '">' . $user->lang['LOGVIEW_' . strtoupper($check)] . '</a>'; } } $template->assign_block_vars('log', array('USERNAME' => $row['username_full'], 'REPORTEE_USERNAME' => $row['reportee_username'] && $row['user_id'] != $row['reportee_id'] ? $row['reportee_username_full'] : '', 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'DATA' => sizeof($data) ? implode(' | ', $data) : '', 'ID' => $row['id'])); } }
/** * Get Messages from folder/user */ function get_pm_from($folder_id, $folder, $user_id) { global $user, $db, $template, $config, $auth, $phpbb_container, $phpbb_root_path, $phpEx, $request; $start = $request->variable('start', 0); // Additional vars later, pm ordering is mostly different from post ordering. :/ $sort_days = $request->variable('st', 0); $sort_key = $request->variable('sk', 't'); $sort_dir = $request->variable('sd', 'd'); /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); // PM ordering options $limit_days = array(0 => $user->lang['ALL_MESSAGES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); // No sort by Author for sentbox/outbox (already only author available) // Also, sort by msg_id for the time - private messages are not as prone to errors as posts are. if ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) { $sort_by_text = array('t' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('t' => 'p.message_time', 's' => array('p.message_subject', 'p.message_time')); } else { $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('a' => array('u.username_clean', 'p.message_time'), 't' => 'p.message_time', 's' => array('p.message_subject', 'p.message_time')); } $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $folder_sql = 't.folder_id = ' . (int) $folder_id; // Limit pms to certain time frame, obtain correct pm count if ($sort_days) { $min_post_time = time() - $sort_days * 86400; if (isset($_POST['sort'])) { $start = 0; } $sql = 'SELECT COUNT(t.msg_id) AS pm_count FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . " p\n\t\t\tWHERE {$folder_sql}\n\t\t\t\tAND t.user_id = {$user_id}\n\t\t\t\tAND t.msg_id = p.msg_id\n\t\t\t\tAND p.message_time >= {$min_post_time}"; $result = $db->sql_query_limit($sql, 1); $pm_count = (int) $db->sql_fetchfield('pm_count'); $db->sql_freeresult($result); $sql_limit_time = "AND p.message_time >= {$min_post_time}"; } else { $pm_count = !empty($folder[$folder_id]['num_messages']) ? $folder[$folder_id]['num_messages'] : 0; $sql_limit_time = ''; } $base_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&mode=view&action=view_folder&f={$folder_id}&{$u_sort_param}"); $start = $pagination->validate_start($start, $config['topics_per_page'], $pm_count); $pagination->generate_template_pagination($base_url, 'pagination', 'start', $pm_count, $config['topics_per_page'], $start); $template->assign_vars(array('TOTAL_MESSAGES' => $user->lang('VIEW_PM_MESSAGES', (int) $pm_count), 'POST_IMG' => !$auth->acl_get('u_sendpm') ? $user->img('button_topic_locked', 'POST_PM_LOCKED') : $user->img('button_pm_new', 'POST_NEW_PM'), 'S_NO_AUTH_SEND_MESSAGE' => !$auth->acl_get('u_sendpm'), 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_TOPIC_ICONS' => $config['enable_pm_icons'] ? true : false, 'U_POST_NEW_TOPIC' => $auth->acl_get('u_sendpm') ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&mode=compose') : '', 'S_PM_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&mode=view&action=view_folder&f={$folder_id}" . ($start !== 0 ? "&start={$start}" : '')))); // Grab all pm data $rowset = $pm_list = array(); // If the user is trying to reach late pages, start searching from the end $store_reverse = false; $sql_limit = $config['topics_per_page']; if ($start > $pm_count / 2) { $store_reverse = true; // Select the sort order $direction = $sort_dir == 'd' ? 'ASC' : 'DESC'; $sql_limit = $pagination->reverse_limit($start, $sql_limit, $pm_count); $sql_start = $pagination->reverse_start($start, $sql_limit, $pm_count); } else { // Select the sort order $direction = $sort_dir == 'd' ? 'DESC' : 'ASC'; $sql_start = $start; } // Sql sort order if (is_array($sort_by_sql[$sort_key])) { $sql_sort_order = implode(' ' . $direction . ', ', $sort_by_sql[$sort_key]) . ' ' . $direction; } else { $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . $direction; } $sql = 'SELECT t.*, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username, u.username_clean, u.user_colour, p.message_reported FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . " u\n\t\tWHERE t.user_id = {$user_id}\n\t\t\tAND p.author_id = u.user_id\n\t\t\tAND {$folder_sql}\n\t\t\tAND t.msg_id = p.msg_id\n\t\t\t{$sql_limit_time}\n\t\tORDER BY {$sql_sort_order}"; $result = $db->sql_query_limit($sql, $sql_limit, $sql_start); $pm_reported = array(); while ($row = $db->sql_fetchrow($result)) { $rowset[$row['msg_id']] = $row; $pm_list[] = $row['msg_id']; if ($row['message_reported']) { $pm_reported[] = $row['msg_id']; } } $db->sql_freeresult($result); // Fetch the report_ids, if there are any reported pms. if (!empty($pm_reported) && $auth->acl_getf_global('m_report')) { $sql = 'SELECT pm_id, report_id FROM ' . REPORTS_TABLE . ' WHERE report_closed = 0 AND ' . $db->sql_in_set('pm_id', $pm_reported); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $rowset[$row['pm_id']]['report_id'] = $row['report_id']; } $db->sql_freeresult($result); } $pm_list = $store_reverse ? array_reverse($pm_list) : $pm_list; return array('pm_count' => $pm_count, 'pm_list' => $pm_list, 'rowset' => $rowset); }
function main($id, $mode) { global $auth, $db, $user, $template, $request; global $config, $phpbb_container, $phpbb_log; $user->add_lang('acp/common'); $action = $request->variable('action', array('' => '')); if (is_array($action)) { list($action, ) = each($action); } else { $action = $request->variable('action', ''); } // Set up general vars $start = $request->variable('start', 0); $deletemark = $action == 'del_marked' ? true : false; $deleteall = $action == 'del_all' ? true : false; $marked = $request->variable('mark', array(0)); // Sort keys $sort_days = $request->variable('st', 0); $sort_key = $request->variable('sk', 't'); $sort_dir = $request->variable('sd', 'd'); $this->tpl_name = 'mcp_logs'; $this->page_title = 'MCP_LOGS'; /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_'))); $forum_list[] = 0; $forum_id = $topic_id = 0; switch ($mode) { case 'front': break; case 'forum_logs': $forum_id = $request->variable('f', 0); if (!in_array($forum_id, $forum_list)) { send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } $forum_list = array($forum_id); break; case 'topic_logs': $topic_id = $request->variable('t', 0); $sql = 'SELECT forum_id FROM ' . TOPICS_TABLE . ' WHERE topic_id = ' . $topic_id; $result = $db->sql_query($sql); $forum_id = (int) $db->sql_fetchfield('forum_id'); $db->sql_freeresult($result); if (!in_array($forum_id, $forum_list)) { send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } $forum_list = array($forum_id); break; } // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { if (confirm_box(true)) { if ($deletemark && sizeof($marked)) { $conditions = array('forum_id' => array('IN' => $forum_list), 'log_id' => array('IN' => $marked)); $phpbb_log->delete('mod', $conditions); } else { if ($deleteall) { $keywords = $request->variable('keywords', '', true); $conditions = array('forum_id' => array('IN' => $forum_list), 'keywords' => $keywords); if ($sort_days) { $conditions['log_time'] = array('>=', time() - $sort_days * 86400); } if ($mode == 'topic_logs') { $conditions['topic_id'] = $topic_id; } $phpbb_log->delete('mod', $conditions); } } } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('f' => $forum_id, 't' => $topic_id, 'start' => $start, 'delmarked' => $deletemark, 'delall' => $deleteall, 'mark' => $marked, 'st' => $sort_days, 'sk' => $sort_key, 'sd' => $sort_dir, 'i' => $id, 'mode' => $mode, 'action' => $request->variable('action', array('' => ''))))); } } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $keywords = $request->variable('keywords', '', true); $keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : ''; // Grab log data $log_data = array(); $log_count = 0; $start = view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort, $keywords); $base_url = $this->u_action . "&{$u_sort_param}{$keywords_param}"; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); $template->assign_vars(array('TOTAL' => $user->lang('TOTAL_LOGS', (int) $log_count), 'L_TITLE' => $user->lang['MCP_LOGS'], 'U_POST_ACTION' => $this->u_action . "&{$u_sort_param}{$keywords_param}&start={$start}", 'S_CLEAR_ALLOWED' => $auth->acl_get('a_clearlogs') ? true : false, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_LOGS' => $log_count > 0, 'S_KEYWORDS' => $keywords)); foreach ($log_data as $row) { $data = array(); $checks = array('viewpost', 'viewtopic', 'viewforum'); foreach ($checks as $check) { if (isset($row[$check]) && $row[$check]) { $data[] = '<a href="' . $row[$check] . '">' . $user->lang['LOGVIEW_' . strtoupper($check)] . '</a>'; } } $template->assign_block_vars('log', array('USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'DATA' => sizeof($data) ? implode(' | ', $data) : '', 'ID' => $row['id'])); } }
/** * View controller for display a category * * @param int $cat_id The category ID * @param int $page Page number taken from the URL * @param int $sort_days Specifies the maximum amount of days a link may be old * @param string $sort_key is the key of $sort_by_sql for the selected sorting: a|t|r|s|v|p * @param string $sort_dir is either a or d representing ASC and DESC (ascending|descending) * @param string $mode watch|unwatch * @return \Symfony\Component\HttpFoundation\Response A Symfony Response object * @throws \phpbb\exception\http_exception */ public function view($cat_id, $page, $sort_days, $sort_key, $sort_dir, $mode = '') { if (false === $this->categorie->get($cat_id)) { throw new \phpbb\exception\http_exception(404, 'DIR_ERROR_NO_CATS'); } $start = ($page - 1) * $this->config['dir_show']; $default_sort_days = 0; $default_sort_key = (string) substr($this->config['dir_default_order'], 0, 1); $default_sort_dir = (string) substr($this->config['dir_default_order'], 2); $sort_days = !$sort_days ? $this->request->variable('st', $default_sort_days) : $sort_days; $sort_key = !$sort_key ? $this->request->variable('sk', $default_sort_key) : $sort_key; $sort_dir = !$sort_dir ? $this->request->variable('sd', $default_sort_dir) : $sort_dir; $link_list = $rowset = array(); // Categorie ordering options $limit_days = array(0 => $this->user->lang['SEE_ALL'], 1 => $this->user->lang['1_DAY'], 7 => $this->user->lang['7_DAYS'], 14 => $this->user->lang['2_WEEKS'], 30 => $this->user->lang['1_MONTH'], 90 => $this->user->lang['3_MONTHS'], 180 => $this->user->lang['6_MONTHS'], 365 => $this->user->lang['1_YEAR']); $sort_by_text = array('a' => $this->user->lang['AUTHOR'], 't' => $this->user->lang['POST_TIME'], 'r' => $this->user->lang['DIR_COMMENTS_ORDER'], 's' => $this->user->lang['DIR_NAME_ORDER'], 'v' => $this->user->lang['DIR_NB_CLICKS_ORDER']); $sort_by_sql = array('a' => 'u.username_clean', 't' => array('l.link_time', 'l.link_id'), 'r' => 'l.link_comment', 's' => 'LOWER(l.link_name)', 'v' => 'l.link_view'); if ($this->config['dir_activ_pagerank']) { $sort_by_text['p'] = $this->user->lang['DIR_PR_ORDER']; $sort_by_sql['p'] = 'l.link_pagerank'; } $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param, $default_sort_days, $default_sort_key, $default_sort_dir); $u_sort_param = $sort_days === $default_sort_days && $sort_key == $default_sort_key && $sort_dir == $default_sort_dir ? array() : array('sort_days' => $sort_days, 'sort_key' => $sort_key, 'sort_dir' => $sort_dir); // Are we watching this categorie? $s_watching_categorie = array('link' => '', 'link_toggle' => '', 'title' => '', 'title_toggle' => '', 'is_watching' => false); if ($this->config['email_enable'] && $this->user->data['is_registered']) { $notify_status = isset($this->categorie->data['notify_status']) ? $this->categorie->data['notify_status'] : null; if ($message = $this->categorie->watch_categorie($mode, $s_watching_categorie, $this->user->data['user_id'], $cat_id, $notify_status)) { return $this->helper->message($message); } } // A deadline has been selected if ($sort_days) { $min_post_time = time() - $sort_days * 86400; $sql = 'SELECT COUNT(link_id) AS nb_links FROM ' . DIR_LINK_TABLE . ' WHERE link_cat = ' . (int) $cat_id . ' AND link_time >= ' . $min_post_time; $result = $this->db->sql_query($sql); $nb_links = (int) $this->db->sql_fetchfield('nb_links'); $this->db->sql_freeresult($result); if ($this->request->is_set_post('sort')) { $start = 0; } $sql_limit_time = " AND l.link_time >= {$min_post_time}"; } else { $sql_limit_time = ''; $nb_links = (int) $this->categorie->data['cat_links']; } // Make sure $start is set to the last page if it exceeds the amount $start = $this->pagination->validate_start($start, $this->config['dir_show'], $nb_links); // Build navigation links $this->categorie->generate_dir_nav($this->categorie->data); // Jumpbox $this->categorie->make_cat_jumpbox(); $base_url = array('routes' => 'ernadoo_phpbbdirectory_page_controller', 'params' => array_merge(array('cat_id' => $cat_id), $u_sort_param)); $this->pagination->generate_template_pagination($base_url, 'pagination', 'page', $nb_links, $this->config['dir_show'], $start); $this->template->assign_vars(array('S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_CATLIST' => $this->categorie->make_cat_select($cat_id), 'S_PAGE_ACTION' => $this->helper->route('ernadoo_phpbbdirectory_page_controller', array('cat_id' => $cat_id, 'page' => $page)), 'S_CAT_ID' => $cat_id, 'TOTAL_LINKS' => $this->user->lang('DIR_NB_LINKS', (int) $nb_links), 'U_NEW_SITE' => $this->helper->route('ernadoo_phpbbdirectory_new_controller', array('cat_id' => $cat_id)), 'U_WATCH_CAT' => $s_watching_categorie['link'], 'U_WATCH_CAT_TOGGLE' => $s_watching_categorie['link_toggle'], 'S_WATCH_CAT_TITLE' => $s_watching_categorie['title'], 'S_WATCH_CAT_TOGGLE' => $s_watching_categorie['title_toggle'], 'S_WATCHING_CAT' => $s_watching_categorie['is_watching'])); // If the user is trying to reach late pages, start searching from the end $store_reverse = false; $sql_limit = $this->config['dir_show']; if ($start > $nb_links / 2) { $store_reverse = true; // Select the sort order $direction = $sort_dir == 'd' ? 'ASC' : 'DESC'; $sql_limit = $this->pagination->reverse_limit($start, $sql_limit, $nb_links); $sql_start = $this->pagination->reverse_start($start, $sql_limit, $nb_links); } else { // Select the sort order $direction = $sort_dir == 'd' ? 'DESC' : 'ASC'; $sql_start = $start; } if (is_array($sort_by_sql[$sort_key])) { $sql_sort_order = implode(' ' . $direction . ', ', $sort_by_sql[$sort_key]) . ' ' . $direction; } else { $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . $direction; } // Grab just the sorted link ids $sql_array = array('SELECT' => 'l.link_id', 'FROM' => array(DIR_LINK_TABLE => 'l'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'l.link_user_id = u.user_id')), 'WHERE' => "l.link_cat = {$cat_id}\n\t\t\t\tAND l.link_active = 1\n\t\t\t\t\t{$sql_limit_time}", 'ORDER_BY' => $sql_sort_order); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query_limit($sql, $sql_limit, $sql_start); while ($row = $this->db->sql_fetchrow($result)) { $link_list[] = (int) $row['link_id']; } $this->db->sql_freeresult($result); if (sizeof($link_list)) { // We get links, informations about poster, votes and number of comments $sql_array = array('SELECT' => 'l.link_id, l.link_cat, l.link_url, l.link_user_id, l.link_comment, l. link_description, l.link_banner, l.link_rss, l. link_uid, l.link_bitfield, l.link_flags, l.link_vote, l.link_note, l.link_view, l.link_time, l.link_name, l.link_flag, l.link_pagerank, l.link_thumb, u.user_id, u.username, u.user_colour, v.vote_user_id', 'FROM' => array(DIR_LINK_TABLE => 'l'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'l.link_user_id = u.user_id'), array('FROM' => array(DIR_VOTE_TABLE => 'v'), 'ON' => 'l.link_id = v.vote_link_id AND v.vote_user_id = ' . $this->user->data['user_id'])), 'WHERE' => $this->db->sql_in_set('l.link_id', $link_list)); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query($sql); while ($site = $this->db->sql_fetchrow($result)) { $rowset[$site['link_id']] = $site; } $this->db->sql_freeresult($result); $link_list = $store_reverse ? array_reverse($link_list) : $link_list; $votes_status = $this->categorie->data['cat_allow_votes'] ? true : false; $comments_status = $this->categorie->data['cat_allow_comments'] ? true : false; foreach ($link_list as $link_id) { $site =& $rowset[$link_id]; $s_flag = $this->link->display_flag($site); $s_note = $this->link->display_note($site['link_note'], $site['link_vote'], $votes_status); $s_thumb = $this->link->display_thumb($site); $s_vote = $this->link->display_vote($site); $s_banner = $this->link->display_bann($site); $s_pr = $this->link->display_pagerank($site); $s_rss = $this->link->display_rss($site); $edit_allowed = $this->user->data['is_registered'] && ($this->auth->acl_get('m_edit_dir') || $this->user->data['user_id'] == $site['link_user_id'] && $this->auth->acl_get('u_edit_dir')); $delete_allowed = $this->user->data['is_registered'] && ($this->auth->acl_get('m_delete_dir') || $this->user->data['user_id'] == $site['link_user_id'] && $this->auth->acl_get('u_delete_dir')); $this->template->assign_block_vars('site', array('BANNER' => $s_banner, 'COUNT' => $this->user->lang('DIR_NB_CLICKS', (int) $site['link_view']), 'DESCRIPTION' => generate_text_for_display($site['link_description'], $site['link_uid'], $site['link_bitfield'], $site['link_flags']), 'LINK_ID' => $site['link_id'], 'NAME' => $site['link_name'], 'NB_COMMENT' => $comments_status ? $this->user->lang('DIR_NB_COMMS', (int) $site['link_comment']) : '', 'NB_VOTE' => $this->user->lang('DIR_NB_VOTES', (int) $site['link_vote']), 'NOTE' => $s_note, 'PAGERANK' => $s_pr, 'RSS' => $s_rss, 'TIME' => $site['link_time'] ? $this->user->format_date($site['link_time']) : '', 'USER' => get_username_string('full', $site['link_user_id'], $site['username'], $site['user_colour']), 'VOTE_LIST' => $votes_status ? $s_vote : '', 'IMG_FLAG' => $s_flag, 'ON_CLICK' => "onclick=\"window.open('" . $this->helper->route('ernadoo_phpbbdirectory_view_controller', array('link_id' => (int) $site['link_id'])) . "'); return false;\"", 'S_NEW_LINK' => (time() - $site['link_time']) / 86400 <= $this->config['dir_new_time'] ? true : false, 'U_COMMENT' => $comments_status ? $this->helper->route('ernadoo_phpbbdirectory_comment_view_controller', array('link_id' => (int) $site['link_id'])) : '', 'U_DELETE' => $delete_allowed ? $this->helper->route('ernadoo_phpbbdirectory_delete_controller', array('cat_id' => (int) $cat_id, 'link_id' => (int) $site['link_id'], '_referer' => $this->helper->get_current_url())) : '', 'U_EDIT' => $edit_allowed ? $this->helper->route('ernadoo_phpbbdirectory_edit_controller', array('cat_id' => (int) $cat_id, 'link_id' => (int) $site['link_id'])) : '', 'U_FORM_VOTE' => $votes_status ? $this->helper->route('ernadoo_phpbbdirectory_vote_controller', array('cat_id' => (int) $site['link_cat'], 'link_id' => (int) $site['link_id'])) : '', 'U_LINK' => $site['link_url'], 'U_THUMB' => $s_thumb)); } } else { $this->template->assign_block_vars('no_draw_link', array()); } $page_title = $this->user->lang['DIRECTORY'] . ' - ' . $this->categorie->data['cat_name']; $this->categorie->display(); return $this->helper->render('view_cat.html', $page_title); }
/** * Display the transactions list * * @param string $id Module id * @param string $mode Module categorie * @param string $action Action name * * @return null * @access public */ public function display_transactions($id, $mode, $action) { // Set up general vars $start = $this->request->variable('start', 0); $deletemark = $this->request->is_set('delmarked'); $deleteall = $this->request->is_set('delall'); $marked = $this->request->variable('mark', array(0)); // Sort keys $sort_days = $this->request->variable('st', 0); $sort_key = $this->request->variable('sk', 't'); $sort_dir = $this->request->variable('sd', 'd'); // Initiate an entity /** @type \skouat\ppde\entity\transactions $entity */ $entity = $this->get_container_entity(); // Delete entries if requested and able if (($deletemark || $deleteall) && $this->auth->acl_get('a_ppde_manage')) { if (confirm_box(true)) { $where_sql = ''; if ($deletemark && sizeof($marked)) { $where_sql = $this->ppde_operator->build_marked_where_sql($marked); } if ($where_sql || $deleteall) { $entity->delete(0, '', $where_sql); $this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_' . $this->lang_key_prefix . '_PURGED', time()); } } else { confirm_box(false, $this->user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('start' => $start, 'delmarked' => $deletemark, 'delall' => $deleteall, 'mark' => $marked, 'st' => $sort_days, 'sk' => $sort_key, 'sd' => $sort_dir, 'i' => $id, 'mode' => $mode, 'action' => $action))); } } $this->do_action($action); if (!$action) { /** @type \phpbb\pagination $pagination */ $pagination = $this->container->get('pagination'); // Sorting $limit_days = array(0 => $this->user->lang['ALL_ENTRIES'], 1 => $this->user->lang['1_DAY'], 7 => $this->user->lang['7_DAYS'], 14 => $this->user->lang['2_WEEKS'], 30 => $this->user->lang['1_MONTH'], 90 => $this->user->lang['3_MONTHS'], 180 => $this->user->lang['6_MONTHS'], 365 => $this->user->lang['1_YEAR']); $sort_by_text = array('txn' => $this->user->lang['PPDE_DT_SORT_TXN_ID'], 'u' => $this->user->lang['PPDE_DT_SORT_DONORS'], 'ipn' => $this->user->lang['PPDE_DT_SORT_IPN_STATUS'], 'ps' => $this->user->lang['PPDE_DT_SORT_PAYMENT_STATUS'], 't' => $this->user->lang['SORT_DATE']); $sort_by_sql = array('txn' => 'txn.txn_id', 'u' => 'u.username_clean', 'ipn' => 'txn.confirmed', 'ps' => 'txn.payment_status', 't' => 'txn.payment_time'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying transactions $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $keywords = utf8_normalize_nfc($this->request->variable('keywords', '', true)); $keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : ''; // Grab log data $log_data = array(); $log_count = 0; $this->view_txn_log($log_data, $log_count, $this->config['topics_per_page'], $start, $sql_where, $sql_sort, $keywords); $base_url = $this->u_action . '&' . $u_sort_param . $keywords_param; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $this->config['topics_per_page'], $start); $this->template->assign_vars(array('S_CLEARLOGS' => $this->auth->acl_get('a_ppde_manage'), 'S_KEYWORDS' => $keywords, 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_TXN' => $mode, 'U_ACTION' => $this->u_action . '&' . $u_sort_param . $keywords_param . '&start=' . $start)); foreach ($log_data as $row) { // Initiate vars to retrieve the 'payment_status' translation from the language key $payment_status_ary = $this->user->lang['PPDE_DT_PAYMENT_STATUS_VALUES']; $payment_status_name = strtolower($row['payment_status']); $this->template->assign_block_vars('log', array('TNX_ID' => $row['txn_id'], 'USERNAME' => $row['username_full'], 'DATE' => $this->user->format_date(strtotime($row['payment_date'])), 'ID' => $row['transaction_id'], 'CONFIRMED' => $row['confirmed'] ? $this->user->lang['PPDE_DT_VERIFIED'] : $this->user->lang['PPDE_DT_UNVERIFIED'], 'PAYMENT_STATUS' => $payment_status_ary[$payment_status_name], 'S_CONFIRMED' => $row['confirmed'] ? false : true, 'S_PAYMENT_STATUS' => $payment_status_name === 'completed' ? false : true)); unset($payment_status_name); } } }
/** * Display user notes */ function mcp_notes_user_view($action) { global $phpEx, $src_root_path, $config; global $template, $db, $user, $auth, $src_container; $user_id = request_var('u', 0); $username = request_var('username', '', true); $start = request_var('start', 0); $st = request_var('st', 0); $sk = request_var('sk', 'b'); $sd = request_var('sd', 'd'); $pagination = $src_container->get('pagination'); add_form_key('mcp_notes'); $sql_where = $user_id ? "user_id = {$user_id}" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $sql = 'SELECT * FROM ' . USERS_TABLE . "\n\t\t\tWHERE {$sql_where}"; $result = $db->sql_query($sql); $userrow = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$userrow) { trigger_error('NO_USER'); } $user_id = $userrow['user_id']; // Populate user id to the currently active module (this module) // The following method is another way of adjusting module urls. It is the easy variant if we want // to directly adjust the current module url based on data retrieved within the same module. if (strpos($this->u_action, "&u={$user_id}") === false) { $this->p_master->adjust_url('&u=' . $user_id); $this->u_action .= "&u={$user_id}"; } $deletemark = $action == 'del_marked' ? true : false; $deleteall = $action == 'del_all' ? true : false; $marked = request_var('marknote', array(0)); $usernote = utf8_normalize_nfc(request_var('usernote', '', true)); // Handle any actions if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { $where_sql = ''; if ($deletemark && $marked) { $sql_in = array(); foreach ($marked as $mark) { $sql_in[] = $mark; } $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); unset($sql_in); } if ($where_sql || $deleteall) { if (check_form_key('mcp_notes')) { $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE log_type = ' . LOG_USERS . "\n\t\t\t\t\t\t\tAND reportee_id = {$user_id}\n\t\t\t\t\t\t\t{$where_sql}"; $db->sql_query($sql); add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); $msg = $deletemark ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; } else { $msg = 'FORM_INVALID'; } $redirect = $this->u_action . '&u=' . $user_id; meta_refresh(3, $redirect); trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } } if ($usernote && $action == 'add_feedback') { if (check_form_key('mcp_notes')) { add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']); add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); $msg = $user->lang['USER_FEEDBACK_ADDED']; } else { $msg = $user->lang['FORM_INVALID']; } $redirect = $this->u_action; meta_refresh(3, $redirect); trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } // Generate the appropriate user information for the user we are looking at $rank_title = $rank_img = ''; $avatar_img = src_get_user_avatar($userrow); $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_IP'], 'd' => $user->lang['SORT_ACTION']); $sort_by_sql = array('a' => 'u.username_clean', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $st ? time() - $st * 86400 : 0; $sql_sort = $sort_by_sql[$sk] . ' ' . ($sd == 'd' ? 'DESC' : 'ASC'); $keywords = utf8_normalize_nfc(request_var('keywords', '', true)); $keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : ''; $log_data = array(); $log_count = 0; $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort, $keywords); if ($log_count) { $template->assign_var('S_USER_NOTES', true); foreach ($log_data as $row) { $template->assign_block_vars('usernotes', array('REPORT_BY' => $row['username_full'], 'REPORT_AT' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'IP' => $row['ip'], 'ID' => $row['id'])); } } $base_url = $this->u_action . "&{$u_sort_param}{$keywords_param}"; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); $template->assign_vars(array('U_POST_ACTION' => $this->u_action, 'S_CLEAR_ALLOWED' => $auth->acl_get('a_clearlogs') ? true : false, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_KEYWORDS' => $keywords, 'L_TITLE' => $user->lang['MCP_NOTES_USER'], 'TOTAL_REPORTS' => $user->lang('LIST_REPORTS', (int) $log_count), 'RANK_TITLE' => $rank_title, 'JOINED' => $user->format_date($userrow['user_regdate']), 'POSTS' => $userrow['user_posts'] ? $userrow['user_posts'] : 0, 'WARNINGS' => $userrow['user_warnings'] ? $userrow['user_warnings'] : 0, 'USERNAME_FULL' => get_username_string('full', $userrow['user_id'], $userrow['username'], $userrow['user_colour']), 'USERNAME_COLOUR' => get_username_string('colour', $userrow['user_id'], $userrow['username'], $userrow['user_colour']), 'USERNAME' => get_username_string('username', $userrow['user_id'], $userrow['username'], $userrow['user_colour']), 'U_PROFILE' => get_username_string('profile', $userrow['user_id'], $userrow['username'], $userrow['user_colour']), 'AVATAR_IMG' => $avatar_img, 'RANK_IMG' => $rank_img)); }
function main($id, $mode) { global $config, $db, $user, $auth, $template, $phpbb_container, $phpbb_log, $request; global $phpbb_root_path, $phpbb_admin_path, $phpEx; if (!function_exists('user_active_flip')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } $user->add_lang('memberlist'); $action = $request->variable('action', ''); $mark = isset($_REQUEST['mark']) ? $request->variable('mark', array(0)) : array(); $start = $request->variable('start', 0); $submit = isset($_POST['submit']); // Sort keys $sort_days = $request->variable('st', 0); $sort_key = $request->variable('sk', 'i'); $sort_dir = $request->variable('sd', 'd'); $form_key = 'acp_inactive'; add_form_key($form_key); /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); // We build the sort key and per page settings here, because they may be needed later // Number of entries to display $per_page = $request->variable('users_per_page', (int) $config['topics_per_page']); // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('i' => $user->lang['SORT_INACTIVE'], 'j' => $user->lang['SORT_REG_DATE'], 'l' => $user->lang['SORT_LAST_VISIT'], 'd' => $user->lang['SORT_LAST_REMINDER'], 'r' => $user->lang['SORT_REASON'], 'u' => $user->lang['SORT_USERNAME'], 'p' => $user->lang['SORT_POSTS'], 'e' => $user->lang['SORT_REMINDER']); $sort_by_sql = array('i' => 'user_inactive_time', 'j' => 'user_regdate', 'l' => 'user_lastvisit', 'd' => 'user_reminded_time', 'r' => 'user_inactive_reason', 'u' => 'username_clean', 'p' => 'user_posts', 'e' => 'user_reminded'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); if ($submit && sizeof($mark)) { if ($action !== 'delete' && !check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } switch ($action) { case 'activate': case 'delete': $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark); $result = $db->sql_query($sql); $user_affected = array(); while ($row = $db->sql_fetchrow($result)) { $user_affected[$row['user_id']] = $row['username']; } $db->sql_freeresult($result); if ($action == 'activate') { // Get those 'being activated'... $sql = 'SELECT user_id, username' . ($config['require_activation'] == USER_ACTIVATION_ADMIN ? ', user_email, user_lang' : '') . ' FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark) . ' AND user_type = ' . USER_INACTIVE; $result = $db->sql_query($sql); $inactive_users = array(); while ($row = $db->sql_fetchrow($result)) { $inactive_users[] = $row; } $db->sql_freeresult($result); user_active_flip('activate', $mark); if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !empty($inactive_users)) { if (!class_exists('messenger')) { include $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; } $messenger = new messenger(false); foreach ($inactive_users as $row) { $messenger->template('admin_welcome_activated', $row['user_lang']); $messenger->set_addresses($row); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username']))); $messenger->send(NOTIFY_EMAIL); } $messenger->save_queue(); } if (!empty($inactive_users)) { foreach ($inactive_users as $row) { $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE', false, array($row['username'])); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE_USER', false, array('reportee_id' => $row['user_id'])); } trigger_error(sprintf($user->lang['LOG_INACTIVE_ACTIVATE'], implode($user->lang['COMMA_SEPARATOR'], $user_affected) . ' ' . adm_back_link($this->u_action))); } // For activate we really need to redirect, else a refresh can result in users being deactivated again $u_action = $this->u_action . "&{$u_sort_param}&start={$start}"; $u_action .= $per_page != $config['topics_per_page'] ? "&users_per_page={$per_page}" : ''; redirect($u_action); } else { if ($action == 'delete') { if (confirm_box(true)) { if (!$auth->acl_get('a_userdel')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } user_delete('retain', $mark, true); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_INACTIVE_' . strtoupper($action), false, array(implode(', ', $user_affected))); trigger_error(sprintf($user->lang['LOG_INACTIVE_DELETE'], implode($user->lang['COMMA_SEPARATOR'], $user_affected) . ' ' . adm_back_link($this->u_action))); } else { $s_hidden_fields = array('mode' => $mode, 'action' => $action, 'mark' => $mark, 'submit' => 1, 'start' => $start); confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); } } } break; case 'remind': if (empty($config['email_enable'])) { trigger_error($user->lang['EMAIL_DISABLED'] . adm_back_link($this->u_action), E_USER_WARNING); } $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark) . ' AND user_inactive_reason'; $sql .= $config['require_activation'] == USER_ACTIVATION_ADMIN ? ' = ' . INACTIVE_REMIND : ' <> ' . INACTIVE_MANUAL; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { // Send the messages if (!class_exists('messenger')) { include $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; } $messenger = new messenger(); $usernames = $user_ids = array(); do { $messenger->template('user_remind_inactive', $row['user_lang']); $messenger->set_addresses($row); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username']), 'REGISTER_DATE' => $user->format_date($row['user_regdate'], false, true), 'U_ACTIVATE' => generate_board_url() . "/ucp.{$phpEx}?mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])); $messenger->send($row['user_notify_type']); $usernames[] = $row['username']; $user_ids[] = (int) $row['user_id']; } while ($row = $db->sql_fetchrow($result)); $messenger->save_queue(); // Add the remind state to the database $sql = 'UPDATE ' . USERS_TABLE . ' SET user_reminded = user_reminded + 1, user_reminded_time = ' . time() . ' WHERE ' . $db->sql_in_set('user_id', $user_ids); $db->sql_query($sql); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_INACTIVE_REMIND', false, array(implode(', ', $usernames))); trigger_error(sprintf($user->lang['LOG_INACTIVE_REMIND'], implode($user->lang['COMMA_SEPARATOR'], $usernames) . ' ' . adm_back_link($this->u_action))); } $db->sql_freeresult($result); // For remind we really need to redirect, else a refresh can result in more than one reminder $u_action = $this->u_action . "&{$u_sort_param}&start={$start}"; $u_action .= $per_page != $config['topics_per_page'] ? "&users_per_page={$per_page}" : ''; redirect($u_action); break; } } // Define where and sort sql for use in displaying logs $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $inactive = array(); $inactive_count = 0; $start = view_inactive_users($inactive, $inactive_count, $per_page, $start, $sql_where, $sql_sort); foreach ($inactive as $row) { $template->assign_block_vars('inactive', array('INACTIVE_DATE' => $user->format_date($row['user_inactive_time']), 'REMINDED_DATE' => $user->format_date($row['user_reminded_time']), 'JOINED' => $user->format_date($row['user_regdate']), 'LAST_VISIT' => !$row['user_lastvisit'] ? ' - ' : $user->format_date($row['user_lastvisit']), 'REASON' => $row['inactive_reason'], 'USER_ID' => $row['user_id'], 'POSTS' => $row['user_posts'] ? $row['user_posts'] : 0, 'REMINDED' => $row['user_reminded'], 'REMINDED_EXPLAIN' => $user->lang('USER_LAST_REMINDED', (int) $row['user_reminded'], $user->format_date($row['user_reminded_time'])), 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=users&mode=overview&redirect=acp_inactive')), 'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']), 'USER_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']), 'USER_EMAIL' => $row['user_email'], 'U_USER_ADMIN' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=users&mode=overview&u={$row['user_id']}"), 'U_SEARCH_USER' => $auth->acl_get('u_search') ? append_sid("{$phpbb_root_path}search.{$phpEx}", "author_id={$row['user_id']}&sr=posts") : '')); } $option_ary = array('activate' => 'ACTIVATE', 'delete' => 'DELETE'); if ($config['email_enable']) { $option_ary += array('remind' => 'REMIND'); } $base_url = $this->u_action . "&{$u_sort_param}&users_per_page={$per_page}"; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $inactive_count, $per_page, $start); $template->assign_vars(array('S_INACTIVE_USERS' => true, 'S_INACTIVE_OPTIONS' => build_select($option_ary), 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'USERS_PER_PAGE' => $per_page, 'U_ACTION' => $this->u_action . "&{$u_sort_param}&users_per_page={$per_page}&start={$start}")); $this->tpl_name = 'acp_inactive'; $this->page_title = 'ACP_INACTIVE_USERS'; }
function main($id, $mode) { global $db, $user, $auth, $template, $cache; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('mcp'); // Set up general vars $action = request_var('action', ''); $forum_id = request_var('f', 0); $start = request_var('start', 0); $deletemark = !empty($_POST['delmarked']) ? true : false; $deleteall = !empty($_POST['delall']) ? true : false; $marked = request_var('mark', array(0)); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); $this->tpl_name = 'acp_logs'; $this->log_type = constant('LOG_' . strtoupper($mode)); // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { if (confirm_box(true)) { $where_sql = ''; if ($deletemark && sizeof($marked)) { $sql_in = array(); foreach ($marked as $mark) { $sql_in[] = $mark; } $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); unset($sql_in); } if ($where_sql || $deleteall) { $sql = 'DELETE FROM ' . LOG_TABLE . "\n\t\t\t\t\t\tWHERE log_type = {$this->log_type}\n\t\t\t\t\t\t{$where_sql}"; $db->sql_query($sql); add_log('admin', 'LOG_CLEAR_' . strtoupper($mode)); } } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('f' => $forum_id, 'start' => $start, 'delmarked' => $deletemark, 'delall' => $deleteall, 'mark' => $marked, 'st' => $sort_days, 'sk' => $sort_key, 'sd' => $sort_dir, 'i' => $id, 'mode' => $mode, 'action' => $action))); } } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $l_title = $user->lang['ACP_' . strtoupper($mode) . '_LOGS']; $l_title_explain = $user->lang['ACP_' . strtoupper($mode) . '_LOGS_EXPLAIN']; $this->page_title = $l_title; // Define forum list if we're looking @ mod logs if ($mode == 'mod') { $forum_box = '<option value="0">' . $user->lang['ALL_FORUMS'] . '</option>' . make_forum_select($forum_id); $template->assign_vars(array('S_SHOW_FORUMS' => true, 'S_FORUM_BOX' => $forum_box)); } // Grab log data $log_data = array(); $log_count = 0; view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, 0, $sql_where, $sql_sort); $template->assign_vars(array('L_TITLE' => $l_title, 'L_EXPLAIN' => $l_title_explain, 'U_ACTION' => $this->u_action, 'S_ON_PAGE' => on_page($log_count, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&{$u_sort_param}", $log_count, $config['topics_per_page'], $start, true), 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))); foreach ($log_data as $row) { $data = array(); $checks = array('viewtopic', 'viewlogs', 'viewforum'); foreach ($checks as $check) { if (isset($row[$check]) && $row[$check]) { $data[] = '<a href="' . $row[$check] . '">' . $user->lang['LOGVIEW_' . strtoupper($check)] . '</a>'; } } $template->assign_block_vars('log', array('USERNAME' => $row['username_full'], 'REPORTEE_USERNAME' => $row['reportee_username'] && $row['user_id'] != $row['reportee_id'] ? $row['reportee_username_full'] : '', 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'DATA' => sizeof($data) ? implode(' | ', $data) : '', 'ID' => $row['id'])); } }
function main($id, $mode) { global $db, $user, $auth, $template, $cache; global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx; $user->add_lang(array('acp/board', 'mods/asacp', 'mods/acp_asacp', 'install')); include($phpbb_root_path . 'antispam/acp_functions.' . $phpEx); $error = $notify = array(); $submit = (isset($_POST['submit'])) ? true : false; $action = request_var('action', ''); add_form_key('as_acp'); if ($submit && !check_form_key('as_acp')) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $error = $options = array(); switch ($mode) { case 'spam_words' : $this->tpl_name = 'acp_asacp'; $this->page_title = 'ASACP_SPAM_WORDS'; $word_id = request_var('w', 0); $word_data = array( 'word_text' => utf8_normalize_nfc(request_var('word_text', '', true)), 'word_regex' => request_var('word_regex', 0), 'word_regex_auto' => request_var('word_regex_auto', 0), ); switch ($action) { case 'edit' : if (!$word_id) { trigger_error('NO_SPAM_WORD'); } $result = $db->sql_query('SELECT * FROM ' . SPAM_WORDS_TABLE . ' WHERE word_id = ' . $word_id); $word = $db->sql_fetchrow($result); if (!$word) { trigger_error('NO_SPAM_WORD'); } if (!$submit) { $word_data = $word; } case 'add' : $template->assign_vars(array( 'WORD_TEXT' => $word_data['word_text'], 'WORD_REGEX' => ($word_data['word_regex']) ? true : false, 'WORD_REGEX_AUTO' => ($word_data['word_regex_auto']) ? true : false, 'S_ADD' => ($action == 'add') ? true : false, 'U_WORD_ACTION' => $this->u_action . '&action=' . $action . (($action == 'edit') ? '&w=' . $word_id : ''), )); if ($submit) { if ($word_data['word_regex']) { $delim = substr($word_data['word_text'], 0, 1); if (strrpos($word_data['word_text'], $delim) == 0) { trigger_error('SPAM_WORD_TEXT_EXPLAIN'); } } if ($action == 'add') { $db->sql_query('INSERT INTO ' . SPAM_WORDS_TABLE . ' ' . $db->sql_build_array('INSERT', $word_data)); $cache->destroy('_spam_words'); trigger_error($user->lang['SPAM_WORD_ADD_SUCCESS'] . adm_back_link($this->u_action)); } else { $db->sql_query('UPDATE ' . SPAM_WORDS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $word_data) . ' WHERE word_id = ' . $word_id); $cache->destroy('_spam_words'); trigger_error($user->lang['SPAM_WORD_EDIT_SUCCESS'] . adm_back_link($this->u_action)); } } break; case 'delete' : if (!$word_id) { trigger_error('NO_SPAM_WORD'); } $result = $db->sql_query('SELECT * FROM ' . SPAM_WORDS_TABLE . ' WHERE word_id = ' . $word_id); $word = $db->sql_fetchrow($result); if (!$word) { trigger_error('NO_SPAM_WORD'); } if (confirm_box(true)) { $db->sql_query('DELETE FROM ' . SPAM_WORDS_TABLE . ' WHERE word_id = ' . $word_id); $cache->destroy('_spam_words'); trigger_error($user->lang['SPAM_WORD_DELETE_SUCCESS'] . adm_back_link($this->u_action)); } else { confirm_box(false, 'DELETE_SPAM_WORD'); } break; default : $sql = 'SELECT * FROM ' . SPAM_WORDS_TABLE . ' ORDER BY word_text ASC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('spam_words', array( 'TEXT' => $row['word_text'], 'REGEX' => $row['word_regex'], 'REGEX_AUTO' => $row['word_regex_auto'], 'U_DELETE' => append_sid($this->u_action . '&action=delete&w=' . $row['word_id']), 'U_EDIT' => append_sid($this->u_action . '&action=edit&w=' . $row['word_id']), )); } $db->sql_freeresult($result); $template->assign_var('S_SPAM_WORD_LIST', true); break; } $template->assign_vars(array( 'L_TITLE' => $user->lang['ASACP_SPAM_WORDS'], 'L_TITLE_EXPLAIN' => $user->lang['ASACP_SPAM_WORDS_EXPLAIN'], 'S_SPAM_WORDS' => true, )); break; //case 'spam_words' : case 'ip_search' : $this->tpl_name = 'acp_asacp'; $this->page_title = 'ASACP_IP_SEARCH'; $ip = request_var('ip', ''); $type = request_var('type', ''); if ($ip) { asacp_display_ip_search($type, $ip, $this->u_action . '&ip=' . $ip, request_var('start', 0)); } $template->assign_vars(array( 'L_TITLE' => $user->lang['ASACP_IP_SEARCH'], 'L_TITLE_EXPLAIN' => $user->lang['ASACP_IP_SEARCH_EXPLAIN'], 'S_DATA_OUTPUT' => true, 'S_DISPLAY_IP_INPUT' => ($ip) ? false : true, 'U_BACK' => ($type) ? $this->u_action . '&ip=' . $ip : false, 'U_BACK_NONE' => $this->u_action, )); break; // case 'ip_search' : case 'log' : case 'flag' : $this->tpl_name = 'acp_logs'; if ($mode == 'log') { $this->page_title = $user->lang['ASACP_SPAM_LOG']; } else { $this->page_title = $user->lang['ASACP_FLAG_LOG']; // Reset the user flag new notification if ($user->data['user_flag_new']) { $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_flag_new = 0 WHERE user_id = ' . $user->data['user_id']); } } $user->add_lang('mcp'); // Set up general vars $start = request_var('start', 0); $action = request_var('action', array('' => '')); if (is_array($action)) { list($action, ) = each($action); } else { $action = request_var('action', ''); } $deletemark = (!empty($_POST['delmarked']) || $action == 'del_marked') ? true : false; $deleteall = (!empty($_POST['delall']) || $action == 'del_all') ? true : false; $marked = request_var('mark', array(0)); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); $keywords = utf8_normalize_nfc(request_var('keywords', '', true)); $keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : ''; // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { if (confirm_box(true)) { clear_spam_log($mode, (($deletemark) ? false : $deleteall), $marked, $keywords); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 'start' => $start, 'delmarked' => $deletemark, 'delall' => $deleteall, 'mark' => $marked, 'st' => $sort_days, 'sk' => $sort_key, 'sd' => $sort_dir, 'keywords' => $keywords, 'i' => $id, 'mode' => $mode, 'action' => $this->u_action)) ); } } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('t' => $user->lang['SORT_DATE'], 'u' => $user->lang['SORT_USERNAME'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('t' => 'l.log_time', 'u' => 'u.username_clean', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_days = ($sort_days) ? (time() - ($sort_days * 86400)) : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC'); // Grab log data $log_data = array(); $log_count = 0; if ($mode == 'log') { view_spam_log('spam', $log_data, $log_count, $config['topics_per_page'], $start, '', $sql_days, $sql_sort, $keywords); } else { view_spam_log('flag', $log_data, $log_count, $config['topics_per_page'], $start, '', $sql_days, $sql_sort, $keywords); } $template->assign_vars(array( 'L_TITLE' => $this->page_title, 'L_EXPLAIN' => '', 'S_ON_PAGE' => on_page($log_count, $config['topics_per_page'], $start), 'PAGE_NUMBER' => on_page($log_count, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&$u_sort_param$keywords_param", $log_count, $config['topics_per_page'], $start, true), 'TOTAL' => ($log_count == 1) ? $user->lang['TOTAL_LOG'] : sprintf($user->lang['TOTAL_LOGS'], $log_count), 'S_LIMIT_DAYS' => $s_limit_days, // Yes, these duplicates are shit, but the acp/mcp use different variables 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'), 'S_CLEAR_ALLOWED' => $auth->acl_get('a_clearlogs'), 'S_KEYWORDS' => $keywords, 'S_LOGS' => ($log_count > 0) ? true : false, )); foreach ($log_data as $row) { $template->assign_block_vars('log', array( 'USERNAME' => $row['username_full'], 'REPORTEE_USERNAME' => ($row['reportee_username'] && $row['user_id'] != $row['reportee_id']) ? $row['reportee_username_full'] : '', 'IP' => '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", "i={$id}&mode=ip_search&ip={$row['ip']}") . '">' . $row['ip'] . '</a>', 'DATE' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'DATA' => (sizeof($row['data'])) ? @vsprintf($user->lang[$row['operation'] . '_DATA'], $row['data']) : '', 'ID' => $row['id'], )); } break; //case 'log' : //case 'flag' : case 'flag_list' : $user->add_lang('memberlist'); $this->tpl_name = 'acp_asacp'; $this->page_title = 'ASACP_FLAG_LIST'; $start = request_var('start', 0); $limit = request_var('limit', 20); $db->sql_query('SELECT count(user_id) as cnt FROM ' . USERS_TABLE . ' WHERE user_flagged = 1'); $total = $db->sql_fetchfield('cnt'); $sql = 'SELECT user_id, username, user_colour, user_ip, user_posts FROM ' . USERS_TABLE . ' WHERE user_flagged = 1'; $result = $db->sql_query_limit($sql, $limit, $start); $cnt = 0; $output = ''; while ($row = $db->sql_fetchrow($result)) { $row['username'] = get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']); if ($auth->acl_get('m_asacp_ip_search')) { $row['user_ip'] = '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", "i={$id}&mode=ip_search&ip={$row['user_ip']}") . '">' . $row['user_ip'] . '</a>'; } if ($auth->acl_get('a_user')) { $row[$user->lang['ACTION']] = '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&mode=overview&u={$row['user_id']}") . '">' . $user->lang['USER_ADMIN'] . '</a>'; } unset($row['user_id'], $row['user_colour']); $cnt++; if ($cnt == 1) { $output .= asacp_display_table_head($row); } $output .= asacp_display_table_row($row, $cnt); } $db->sql_freeresult($result); $template->assign_vars(array( 'L_TITLE' => $user->lang['ASACP_FLAG_LIST'], 'L_TITLE_EXPLAIN' => $user->lang['ASACP_FLAG_LIST_EXPLAIN'], 'S_DATA_OUTPUT' => true, )); $template->assign_block_vars('data_output', array( 'TITLE' => $user->lang['USERS'], 'DATA' => $output, 'PAGINATION' => ($total) ? generate_pagination($this->u_action . "&limit=$limit", $total, $limit, $start, true, 'data_output') : '', )); break; //case 'flag_list' : case 'profile_fields' : $user->add_lang('ucp'); $this->tpl_name = 'acp_asacp'; $this->page_title = 'ASACP_PROFILE_FIELDS'; $options = array( 'legend1' => 'ASACP_PROFILE_FIELDS', ); $cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $config; foreach (antispam::$profile_fields as $field => $ary) { if ($submit) { switch ($cfg_array['asacp_profile_' . $field]) { case 1 : // Required break; case 2 : // Normal break; case 3 : // Never allowed $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array($ary['db'] => '')); $db->sql_query($sql); break; case 4 : // Post Count $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array($ary['db'] => '')) . ' WHERE user_posts < ' . (int) $cfg_array['asacp_profile_' . $field . '_post_limit']; $db->sql_query($sql); break; } } $options['asacp_profile_' . $field] = array('lang' => $ary['lang'], 'validate' => 'int:1:4', 'type' => 'custom', 'method' => 'profile_fields_select', 'explain' => false); $options['asacp_profile_' . $field . '_post_limit'] = array('lang' => $ary['lang'] . '_POST_COUNT', 'validate' => 'int:1:99999', 'type' => 'text:40:255', 'explain' => true); } $template->assign_vars(array( 'L_TITLE' => $user->lang['ASACP_PROFILE_FIELDS'], 'L_TITLE_EXPLAIN' => $user->lang['ASACP_PROFILE_FIELDS_EXPLAIN'], )); break; //case 'profile_fields' : default : $this->tpl_name = 'acp_asacp'; $this->page_title = 'ASACP_SETTINGS'; $options = array( 'legend1' => 'ASACP_SETTINGS', 'asacp_enable' => array('lang' => 'ASACP_ENABLE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_log' => array('lang' => 'ASACP_LOG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_user_flag_enable' => array('lang' => 'ASACP_USER_FLAG_ENABLE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_notify_new_flag' => array('lang' => 'ASACP_NOTIFY_NEW_FLAG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'legend2' => 'ASACP_PROFILE_FIELDS', 'asacp_profile_during_reg' => array('lang' => 'ASACP_PROFILE_DURING_REG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'legend3' => 'ASACP_AKISMET', 'asacp_akismet_enable' => array('lang' => 'ASACP_AKISMET_ENABLE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'asacp_akismet_key' => array('lang' => 'ASACP_AKISMET_KEY', 'validate' => 'string', 'type' => 'text:14:14', 'explain' => true), 'asacp_akismet_domain' => array('lang' => 'ASACP_AKISMET_DOMAIN', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true), 'asacp_akismet_post_limit' => array('lang' => 'ASACP_AKISMET_POST_LIMIT', 'validate' => 'int', 'type' => 'text:14:14', 'explain' => true), 'asacp_akismet_post_action' => array('lang' => 'ASACP_SPAM_WORDS_POSTING_ACTION', 'validate' => 'int:0:2', 'type' => 'custom', 'method' => 'spam_words_nothing_deny_approval_action', 'explain' => true), 'asacp_akismet_pm_action' => array('lang' => 'ASACP_SPAM_WORDS_PM_ACTION', 'validate' => 'int:0:1', 'type' => 'custom', 'method' => 'spam_words_nothing_deny_action', 'explain' => true), 'legend4' => 'ASACP_SPAM_WORDS', 'asacp_spam_words_enable' => array('lang' => 'ASACP_SPAM_WORDS_ENABLE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_spam_words_post_limit' => array('lang' => 'ASACP_SPAM_WORDS_POST_LIMIT', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true), 'asacp_spam_words_flag_limit' => array('lang' => 'ASACP_SPAM_WORDS_FLAG_LIMIT', 'validate' => 'int:1', 'type' => 'text:40:255', 'explain' => true), 'asacp_spam_words_posting_action' => array('lang' => 'ASACP_SPAM_WORDS_POSTING_ACTION', 'validate' => 'int:0:2', 'type' => 'custom', 'method' => 'spam_words_nothing_deny_approval_action', 'explain' => true), 'asacp_spam_words_pm_action' => array('lang' => 'ASACP_SPAM_WORDS_PM_ACTION', 'validate' => 'int:0:1', 'type' => 'custom', 'method' => 'spam_words_nothing_deny_action', 'explain' => true), 'asacp_spam_words_profile_action' => array('lang' => 'ASACP_SPAM_WORDS_PROFILE_ACTION', 'validate' => 'int:0:1', 'type' => 'custom', 'method' => 'spam_words_nothing_deny_action', 'explain' => true), 'legend5' => 'ASACP_SFS_SETTINGS', 'asacp_sfs_min_freq' => array('lang' => 'ASACP_SFS_MIN_FREQ', 'validate' => 'int:1', 'type' => 'text:6:10', 'explain' => true), 'asacp_sfs_action' => array('lang' => 'ASACP_SFS_ACTION', 'validate' => 'int:0:5', 'type' => 'custom', 'method' => 'sfs_action', 'explain' => true), 'asacp_sfs_key' => array('lang' => 'ASACP_SFS_KEY', 'validate' => 'string', 'type' => 'text:14:14', 'explain' => true), 'legend6' => 'ASACP_BAN_SETTINGS', 'asacp_ocban_username' => array('lang' => 'ASACP_BAN_USERNAME', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_ocban_deactivate' => array('lang' => 'ASACP_BAN_DEACTIVATE_USER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_ocban_move_to_group' => array('lang' => 'ASACP_BAN_MOVE_TO_GROUP', 'validate' => 'int:0', 'type' => 'custom', 'method' => 'group_list', 'explain' => true), 'asacp_ocban_delete_posts' => array('lang' => 'ASACP_BAN_DELETE_POSTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_ocban_clear_outbox' => array('lang' => 'ASACP_BAN_CLEAR_OUTBOX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_ocban_delete_avatar' => array('lang' => 'ASACP_BAN_DELETE_AVATAR', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_ocban_delete_signature' => array('lang' => 'ASACP_BAN_DELETE_SIGNATURE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'asacp_ocban_delete_profile_fields' => array('lang' => 'ASACP_BAN_DELETE_PROFILE_FIELDS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), ); if (file_exists($phpbb_root_path . 'blog/includes/functions_admin.' . $phpEx)) { $options['asacp_ocban_blog'] = array('lang' => 'ASACP_BAN_DELETE_BLOG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true); } $template->assign_vars(array( 'L_TITLE' => $user->lang['ASACP_SETTINGS'], 'L_TITLE_EXPLAIN' => '', 'S_SETTINGS' => true, 'CURRENT_VERSION' => ASACP_VERSION, 'LATEST_VERSION' => $this->asacp_latest_version(), )); break; } // switch($mode) // Display the options if there are any (setup similar to acp_board) if (sizeof($options)) { asacp_display_options($options, $error, $this->u_action); } $template->assign_vars(array( 'ERROR' => implode('<br />', $error), 'U_ACTION' => $this->u_action, )); }
function main($id, $mode) { global $config, $db, $user, $auth, $template; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; include $phpbb_root_path . 'includes/functions_user.' . $phpEx; $user->add_lang('memberlist'); $action = request_var('action', ''); $mark = isset($_REQUEST['mark']) ? request_var('mark', array(0)) : array(); $start = request_var('start', 0); $submit = isset($_POST['submit']); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 'i'); $sort_dir = request_var('sd', 'd'); $form_key = 'acp_inactive'; add_form_key($form_key); if ($submit && sizeof($mark)) { if ($action !== 'delete' && !check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } switch ($action) { case 'activate': case 'delete': $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark); $result = $db->sql_query($sql); $user_affected = array(); while ($row = $db->sql_fetchrow($result)) { $user_affected[$row['user_id']] = $row['username']; } $db->sql_freeresult($result); if ($action == 'activate') { if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { // Get those 'being activated'... $sql = 'SELECT user_id, username, user_email, user_lang FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark) . ' AND user_type = ' . USER_INACTIVE; $result = $db->sql_query($sql); $inactive_users = array(); while ($row = $db->sql_fetchrow($result)) { $inactive_users[] = $row; } $db->sql_freeresult($result); } user_active_flip('activate', $mark); if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !empty($inactive_users)) { include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(); foreach ($inactive_users as $row) { $messenger->template('admin_welcome_activated', $row['user_lang']); $messenger->to($row['user_email'], $row['username']); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username']))); $messenger->send(NOTIFY_EMAIL); } $messenger->save_queue(); } } else { if ($action == 'delete') { if (confirm_box(true)) { if (!$auth->acl_get('a_userdel')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } foreach ($mark as $user_id) { user_delete('retain', $user_id, $user_affected[$user_id]); } add_log('admin', 'LOG_INACTIVE_' . strtoupper($action), implode(', ', $user_affected)); } else { $s_hidden_fields = array('mode' => $mode, 'action' => $action, 'mark' => $mark, 'submit' => 1, 'start' => $start); confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); } } } break; case 'remind': if (empty($config['email_enable'])) { trigger_error($user->lang['EMAIL_DISABLED'] . adm_back_link($this->u_action), E_USER_WARNING); } $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark) . ' AND user_inactive_reason'; $sql .= $config['require_activation'] == USER_ACTIVATION_ADMIN ? ' = ' . INACTIVE_REMIND : ' <> ' . INACTIVE_MANUAL; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { // Send the messages include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(); $usernames = array(); do { $messenger->template('user_remind_inactive', $row['user_lang']); $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username']), 'REGISTER_DATE' => $user->format_date($row['user_regdate'], false, true), 'U_ACTIVATE' => generate_board_url() . "/ucp.{$phpEx}?mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])); $messenger->send($row['user_notify_type']); $usernames[] = $row['username']; } while ($row = $db->sql_fetchrow($result)); $messenger->save_queue(); add_log('admin', 'LOG_INACTIVE_REMIND', implode(', ', $usernames)); unset($usernames); } $db->sql_freeresult($result); break; } } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('i' => $user->lang['SORT_INACTIVE'], 'j' => $user->lang['SORT_REG_DATE'], 'l' => $user->lang['SORT_LAST_VISIT'], 'r' => $user->lang['SORT_REASON'], 'u' => $user->lang['SORT_USERNAME']); $sort_by_sql = array('i' => 'user_inactive_time', 'j' => 'user_regdate', 'l' => 'user_lastvisit', 'r' => 'user_inactive_reason', 'u' => 'username_clean'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $inactive = array(); $inactive_count = 0; $start = view_inactive_users($inactive, $inactive_count, $config['topics_per_page'], $start, $sql_where, $sql_sort); foreach ($inactive as $row) { $template->assign_block_vars('inactive', array('INACTIVE_DATE' => $user->format_date($row['user_inactive_time']), 'JOINED' => $user->format_date($row['user_regdate']), 'LAST_VISIT' => !$row['user_lastvisit'] ? ' - ' : $user->format_date($row['user_lastvisit']), 'REASON' => $row['inactive_reason'], 'USER_ID' => $row['user_id'], 'USERNAME' => $row['username'], 'U_USER_ADMIN' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=users&mode=overview&u={$row['user_id']}"))); } $option_ary = array('activate' => 'ACTIVATE', 'delete' => 'DELETE'); if ($config['email_enable']) { $option_ary += array('remind' => 'REMIND'); } $template->assign_vars(array('S_INACTIVE_USERS' => true, 'S_INACTIVE_OPTIONS' => build_select($option_ary), 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_ON_PAGE' => on_page($inactive_count, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&{$u_sort_param}", $inactive_count, $config['topics_per_page'], $start, true), 'U_ACTION' => $this->u_action . '&start=' . $start)); $this->tpl_name = 'acp_inactive'; $this->page_title = 'ACP_INACTIVE_USERS'; }
/** * Display the output for this extension * * @return null * @access public */ public function display_output() { // Check that the user has permission to access here if (!$this->auth->acl_get('a_comms_pm_stats')) { trigger_error('NOT_AUTHORISED', E_USER_WARNING); } // Add the language file $this->language->add_lang('acp_pmstats', 'david63/pmstats'); // Get message count $sql = 'SELECT COUNT(msg_id) AS total_msg FROM ' . PRIVMSGS_TO_TABLE; $result = $this->db->sql_query($sql); $total_msg = (int) $this->db->sql_fetchfield('total_msg'); $this->db->sql_freeresult($result); // If no data then no point going any further if ($total_msg == 0) { trigger_error($this->language->lang('NO_PM_DATA')); } // Start initial var setup $action = $this->request->variable('action', ''); $fc = $this->request->variable('fc', ''); $sort_key = $this->request->variable('sk', 't'); $start = $this->request->variable('start', 0); $sd = $sort_dir = $this->request->variable('sd', 'd'); $sort_dir = $sort_dir == 'd' ? ' DESC' : ' ASC'; $order_ary = array('d' => 'p.pm_deleted' . $sort_dir . ', u.username_clean ASC', 'f' => 'p.pm_forwarded' . $sort_dir . ', u.username_clean ASC', 'h' => 'holdbox' . $sort_dir . ', u.username_clean ASC', 'i' => 'inbox' . $sort_dir . ', u.username_clean ASC', 'm' => 'p.pm_marked' . $sort_dir . ', u.username_clean ASC', 'n' => 'p.pm_new' . $sort_dir . ', u.username_clean ASC', 'nb' => 'nobox' . $sort_dir . ', u.username_clean ASC', 't' => 'total' . $sort_dir . ', u.username_clean ASC', 'o' => 'outbox' . $sort_dir . ', u.username_clean ASC', 'r' => 'p.pm_replied' . $sort_dir . ', u.username_clean ASC', 's' => 'sentbox' . $sort_dir . ', u.username_clean ASC', 'sv' => 'savedbox' . $sort_dir . ', u.username_clean ASC', 'u' => 'u.username_clean' . $sort_dir, 'un' => 'p.pm_unread' . $sort_dir . ', u.username_clean ASC'); $filter_by = ''; if ($fc == 'other') { for ($i = ord($this->language->lang('START_CHARACTER')); $i <= ord($this->language->lang('END_CHARACTER')); $i++) { $filter_by .= ' AND u.username_clean ' . $this->db->sql_not_like_expression(utf8_clean_string(chr($i)) . $this->db->get_any_char()); } } else { if ($fc) { $filter_by .= ' AND u.username_clean ' . $this->db->sql_like_expression(utf8_clean_string(substr($fc, 0, 1)) . $this->db->get_any_char()); } } $sql = $this->db->sql_build_query('SELECT', array('SELECT' => 'u.user_id, u.username, u.username_clean, u.user_colour, p.pm_deleted, p.pm_new, p.pm_unread, p.pm_replied, p.pm_marked, p.pm_forwarded, SUM(IF(p.folder_id = ' . PRIVMSGS_INBOX . ', 1, 0)) AS inbox, SUM(IF(p.folder_id = ' . PRIVMSGS_SENTBOX . ', 1, 0)) AS sentbox, SUM(IF(p.folder_id = ' . PRIVMSGS_OUTBOX . ', 1, 0)) AS outbox, SUM(IF(p.folder_id = ' . PRIVMSGS_NO_BOX . ', 1, 0)) AS nobox, SUM(IF(p.folder_id = ' . PRIVMSGS_HOLD_BOX . ', 1, 0)) AS holdbox, SUM(IF(p.folder_id > ' . PRIVMSGS_INBOX . ', 1, 0)) AS savedbox, COUNT(p.folder_id) AS total', 'FROM' => array(USERS_TABLE => 'u'), 'LEFT_JOIN' => array(array('FROM' => array(PRIVMSGS_TO_TABLE => 'p'), 'ON' => 'u.user_id = p.user_id')), 'WHERE' => 'u.user_type <> ' . USER_IGNORE . $filter_by, 'ORDER_BY' => $sort_key == '' ? 'total DESC' : $order_ary[$sort_key], 'GROUP_BY' => 'u.username_clean')); $result = $this->db->sql_query_limit($sql, $this->config['topics_per_page'], $start); while ($row = $this->db->sql_fetchrow($result)) { $this->template->assign_block_vars('pm_statistics', array('DELETED' => (int) $row['pm_deleted'], 'FORWARDED' => (int) $row['pm_forwarded'], 'HOLDBOX' => $row['holdbox'], 'INBOX' => $row['inbox'], 'MARKED' => (int) $row['pm_marked'], 'NEW' => (int) $row['pm_new'], 'NOBOX' => $row['nobox'], 'OUTBOX' => $row['outbox'], 'REPLIED' => (int) $row['pm_replied'], 'SAVEDBOX' => $row['savedbox'], 'SENTBOX' => $row['sentbox'], 'UNREAD' => (int) $row['pm_unread'], 'USERNAME' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'TOTAL' => $row['total'])); } $this->db->sql_freeresult($result); $sort_by_text = array('u' => $this->language->lang('SORT_USERNAME'), 't' => $this->language->lang('SORT_TOTAL_MESSAGES'), 'i' => $this->language->lang('SORT_INBOX'), 'n' => $this->language->lang('SORT_NEW'), 'un' => $this->language->lang('SORT_UNREAD'), 'o' => $this->language->lang('SORT_OUTBOX'), 's' => $this->language->lang('SORT_SENT'), 'sv' => $this->language->lang('SORT_SAVED'), 'h' => $this->language->lang('SORT_HOLD'), 'd' => $this->language->lang('SORT_DELETED'), 'm' => $this->language->lang('SORT_MARKED'), 'r' => $this->language->lang('SORT_REPLY'), 'f' => $this->language->lang('SORT_FORWARDED'), 'nb' => $this->language->lang('SORT_NO_BOX')); $limit_days = array(); $s_sort_key = $s_limit_days = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Get total user count for pagination $sql = 'SELECT COUNT(u.user_id) AS total_users FROM ' . USERS_TABLE . ' u WHERE u.user_type <> ' . USER_IGNORE . $filter_by; $result = $this->db->sql_query($sql); $user_count = (int) $this->db->sql_fetchfield('total_users'); $this->db->sql_freeresult($result); $action = $this->u_action . '&sk=' . $sort_key . '&sd=' . $sd; $this->pagination->generate_template_pagination($action, 'pagination', 'start', $user_count, $this->config['topics_per_page'], $start); $first_characters = array(); $first_characters[''] = $this->language->lang('ALL'); for ($i = ord($this->language->lang('START_CHARACTER')); $i <= ord($this->language->lang('END_CHARACTER')); $i++) { $first_characters[chr($i)] = chr($i); } $first_characters['other'] = $this->language->lang('OTHER'); foreach ($first_characters as $char => $desc) { $this->template->assign_block_vars('first_char', array('DESC' => $desc, 'U_SORT' => $action . '&fc=' . $char)); } $this->template->assign_vars(array('MESSAGE_COUNT' => $total_msg, 'S_SORT_DIR' => $s_sort_dir, 'S_SORT_KEY' => $s_sort_key, 'U_ACTION' => $action, 'PM_STATS_VERSION' => ext::PM_STATS_VERSION)); }
/** * Get Messages from folder/user */ function get_pm_from($folder_id, $folder, $user_id) { global $user, $db, $template, $config, $auth, $phpbb_root_path, $phpEx; $start = request_var('start', 0); // Additional vars later, pm ordering is mostly different from post ordering. :/ $sort_days = request_var('st', 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); // PM ordering options $limit_days = array(0 => $user->lang['ALL_MESSAGES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); // No sort by Author for sentbox/outbox (already only author available) // Also, sort by msg_id for the time - private messages are not as prone to errors as posts are. if ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) { $sort_by_text = array('t' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('t' => 'p.msg_id', 's' => 'p.message_subject'); } else { $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('a' => 'u.username_clean', 't' => 'p.msg_id', 's' => 'p.message_subject'); } $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $folder_sql = 't.folder_id = ' . (int) $folder_id; // Limit pms to certain time frame, obtain correct pm count if ($sort_days) { $min_post_time = time() - ($sort_days * 86400); if (isset($_POST['sort'])) { $start = 0; } $sql = 'SELECT COUNT(t.msg_id) AS pm_count FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . " p WHERE $folder_sql AND t.user_id = $user_id AND t.msg_id = p.msg_id AND p.message_time >= $min_post_time"; $result = $db->sql_query_limit($sql, 1); $pm_count = (int) $db->sql_fetchfield('pm_count'); $db->sql_freeresult($result); $sql_limit_time = "AND p.message_time >= $min_post_time"; } else { $pm_count = $folder[$folder_id]['num_messages']; $sql_limit_time = ''; } $template->assign_vars(array( 'PAGINATION' => generate_pagination(append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=view&action=view_folder&f=$folder_id&$u_sort_param"), $pm_count, $config['topics_per_page'], $start), 'PAGE_NUMBER' => on_page($pm_count, $config['topics_per_page'], $start), 'TOTAL_MESSAGES' => (($pm_count == 1) ? $user->lang['VIEW_PM_MESSAGE'] : sprintf($user->lang['VIEW_PM_MESSAGES'], $pm_count)), 'POST_IMG' => (!$auth->acl_get('u_sendpm')) ? $user->img('button_topic_locked', 'PM_LOCKED') : $user->img('button_pm_new', 'POST_PM'), 'L_NO_MESSAGES' => (!$auth->acl_get('u_sendpm')) ? $user->lang['POST_PM_LOCKED'] : $user->lang['NO_MESSAGES'], 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_TOPIC_ICONS' => ($config['enable_pm_icons']) ? true : false, 'U_POST_NEW_TOPIC' => ($auth->acl_get('u_sendpm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose') : '', 'S_PM_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=view&action=view_folder&f=$folder_id")) ); // Grab all pm data $rowset = $pm_list = array(); // If the user is trying to reach late pages, start searching from the end $store_reverse = false; $sql_limit = $config['topics_per_page']; if ($start > $pm_count / 2) { $store_reverse = true; if ($start + $config['topics_per_page'] > $pm_count) { $sql_limit = min($config['topics_per_page'], max(1, $pm_count - $start)); } // Select the sort order $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'ASC' : 'DESC'); $sql_start = max(0, $pm_count - $sql_limit - $start); } else { // Select the sort order $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC'); $sql_start = $start; } $sql = 'SELECT t.*, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username, u.username_clean, u.user_colour FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . " u WHERE t.user_id = $user_id AND p.author_id = u.user_id AND $folder_sql AND t.msg_id = p.msg_id $sql_limit_time ORDER BY $sql_sort_order"; $result = $db->sql_query_limit($sql, $sql_limit, $sql_start); while ($row = $db->sql_fetchrow($result)) { $rowset[$row['msg_id']] = $row; $pm_list[] = $row['msg_id']; } $db->sql_freeresult($result); $pm_list = ($store_reverse) ? array_reverse($pm_list) : $pm_list; return array( 'pm_count' => $pm_count, 'pm_list' => $pm_list, 'rowset' => $rowset ); }
function main($checked_user) { // Get all values $sql = 'SELECT * FROM ' . $this->points_values_table; $result = $this->db->sql_query($sql); $points_values = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); // Check if user is allowed to use the logs if (!$this->auth->acl_get('u_use_logs')) { $message = $this->user->lang['NOT_AUTHORISED'] . '<br /><br /><a href="' . append_sid("{$this->phpbb_root_path}ultimatepoints") . '">« ' . $this->user->lang['BACK_TO_PREV'] . '</a>'; trigger_error($message); } // Add part to bar $this->template->assign_block_vars('navlinks', array('U_VIEW_FORUM' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'logs')), 'FORUM_NAME' => sprintf($this->user->lang['LOGS_TITLE'], $this->config['points_name']))); // Preparing the sort order $start = $this->request->variable('start', 0); $number = $points_values['number_show_per_page']; $sort_days = $this->request->variable('st', 0); $sort_key = $this->request->variable('sk', 'date'); $sort_dir = $this->request->variable('sd', 'd'); $limit_days = array(0 => $this->user->lang['ALL_POSTS'], 1 => $this->user->lang['1_DAY'], 7 => $this->user->lang['7_DAYS'], 14 => $this->user->lang['2_WEEKS'], 30 => $this->user->lang['1_MONTH'], 90 => $this->user->lang['3_MONTHS'], 180 => $this->user->lang['6_MONTHS'], 365 => $this->user->lang['1_YEAR']); $sort_by_text = array('date' => $this->user->lang['LOGS_SORT_DATE'], 'to' => $this->user->lang['LOGS_SORT_TONAME'], 'from' => $this->user->lang['LOGS_SORT_FROMNAME'], 'comment' => $this->user->lang['LOGS_SORT_COMMENT']); $sort_by_sql = array('date' => 'point_date', 'to' => 'point_recv', 'from' => 'point_send', 'comment' => 'point_comment'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); // The different log types $types = array(0 => '--', 1 => $this->user->lang['LOGS_RECV'], 2 => $this->user->lang['LOGS_SENT'], 3 => $this->user->lang['LOGS_ROBBERY_WON'], 4 => $this->user->lang['LOGS_ROBBERY_LOST']); // Grab the total amount of logs for this user $sql_array = array('SELECT' => 'COUNT(*) AS total', 'FROM' => array($this->points_log_table => 'l'), 'WHERE' => 'point_send = ' . (int) $this->user->data['user_id'] . ' OR point_recv = ' . (int) $this->user->data['user_id']); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query($sql); $max = (int) $this->db->sql_fetchfield('total'); // Grab the actual logs based on all account movements $sql_array = array('SELECT' => '*', 'FROM' => array($this->points_log_table => 'l'), 'WHERE' => 'point_send = ' . (int) $this->user->data['user_id'] . ' OR point_recv = ' . (int) $this->user->data['user_id'], 'ORDER_BY' => $sql_sort_order); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query_limit($sql, $number, $start); // Start looping all the logs while ($row = $this->db->sql_fetchrow($result)) { switch ($row['point_type']) { case 1: //Transfer $transfer_user = $row['point_send'] == $checked_user['user_id'] ? $row['point_recv'] : $row['point_send']; $sql_array = array('SELECT' => '*', 'FROM' => array(USERS_TABLE => 'u'), 'WHERE' => 'user_id = ' . (int) $transfer_user); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result1 = $this->db->sql_query($sql); $opponent = $this->db->sql_fetchrow($result1); $this->db->sql_freeresult($result1); if ($row['point_send'] == $checked_user['user_id']) { $who = get_username_string('full', $checked_user['user_id'], $checked_user['username'], $checked_user['user_colour']) . "<br />(" . $this->functions_points->number_format_points($row['point_sendold']) . "->" . $this->functions_points->number_format_points($row['point_sendold'] - $row['point_amount']) . ")"; $to = get_username_string('full', $opponent['user_id'], $opponent['username'], $opponent['user_colour']) . "<br />(" . $this->functions_points->number_format_points($row['point_recvold']) . "->" . $this->functions_points->number_format_points($row['point_recvold'] + (100 - $points_values['transfer_fee']) / 100 * $row['point_amount']) . ")"; $rows = 2; } else { $to = get_username_string('full', $checked_user['user_id'], $checked_user['username'], $checked_user['user_colour']) . "<br />(" . $this->functions_points->number_format_points($row['point_recvold']) . "->" . $this->functions_points->number_format_points($row['point_recvold'] + (100 - $points_values['transfer_fee']) / 100 * $row['point_amount']) . ")"; $who = get_username_string('full', $opponent['user_id'], $opponent['username'], $opponent['user_colour']) . "<br />(" . $this->functions_points->number_format_points($row['point_sendold']) . "->" . $this->functions_points->number_format_points($row['point_sendold'] - $row['point_amount']) . ")"; $rows = 1; } $who .= " (-" . $this->functions_points->number_format_points($row['point_amount']) . ")"; $to .= " (+" . $this->functions_points->number_format_points((100 - $points_values['transfer_fee']) / 100 * $row['point_amount']) . ")"; break; case 2: //Locked $who = get_username_string('full', $opponent['user_id'], $opponent['username'], $opponent['user_colour']); $to = "--"; break; case 3: //Robbery $transfer_user = $row['point_send'] == $checked_user['user_id'] ? $row['point_recv'] : $row['point_send']; $sql_array = array('SELECT' => '*', 'FROM' => array(USERS_TABLE => 'u'), 'WHERE' => 'user_id = ' . (int) $transfer_user); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result1 = $this->db->sql_query($sql); $opponent = $this->db->sql_fetchrow($result1); $this->db->sql_freeresult($result1); if ($row['point_send'] == $checked_user['user_id']) { $who = get_username_string('full', $checked_user['user_id'], $checked_user['username'], $checked_user['user_colour']) . "<br />(" . $this->functions_points->number_format_points($row['point_sendold']) . "->" . $this->functions_points->number_format_points($row['point_sendold'] + $row['point_amount']) . ")"; $to = get_username_string('full', $opponent['user_id'], $opponent['username'], $opponent['user_colour']) . "<br />(" . $this->functions_points->number_format_points($row['point_recvold']) . "->" . $this->functions_points->number_format_points($row['point_recvold'] - $row['point_amount']) . ")"; $rows = 3; } else { $to = get_username_string('full', $checked_user['user_id'], $checked_user['username'], $checked_user['user_colour']) . "<br />(" . $this->functions_points->number_format_points($row['point_recvold']) . "->" . $this->functions_points->number_format_points($row['point_recvold'] - $row['point_amount']) . ")"; $who = get_username_string('full', $opponent['user_id'], $opponent['username'], $opponent['user_colour']) . "<br />(" . $this->functions_points->number_format_points($row['point_sendold']) . "->" . $this->functions_points->number_format_points($row['point_sendold'] + $row['point_amount']) . ")"; $rows = 4; } $who .= " (+" . $this->functions_points->number_format_points($row['point_amount']) . ")"; $to .= " (-" . $this->functions_points->number_format_points($row['point_amount']) . ")"; break; } // Add the items to the template $this->template->assign_block_vars('logs', array('DATE' => $this->user->format_date($row['point_date']), 'COMMENT' => nl2br($row['point_comment']), 'TYPE' => $types[$rows], 'ROW' => $rows, 'WHO' => $who, 'TO' => $to)); } $this->db->sql_freeresult($result); //Start pagination $this->pagination->generate_template_pagination($this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'logs', 'sk' => $sort_key, 'sd' => $sort_dir)), 'pagination', 'start', $max, $number, $start); // Generate the page template $this->template->assign_vars(array('PAGINATION' => $this->user->lang('POINTS_LOG_COUNT', $max), 'LOTTERY_NAME' => $points_values['lottery_name'], 'BANK_NAME' => $points_values['bank_name'], 'S_LOGS_ACTION' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'logs')), 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'U_TRANSFER_USER' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'transfer_user')), 'U_LOGS' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'logs')), 'U_LOTTERY' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'lottery')), 'U_BANK' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'bank')), 'U_ROBBERY' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'robbery')), 'U_INFO' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'info')), 'U_USE_TRANSFER' => $this->auth->acl_get('u_use_transfer'), 'U_USE_LOGS' => $this->auth->acl_get('u_use_logs'), 'U_USE_LOTTERY' => $this->auth->acl_get('u_use_lottery'), 'U_USE_BANK' => $this->auth->acl_get('u_use_bank'), 'U_USE_ROBBERY' => $this->auth->acl_get('u_use_robbery'))); // Generate the page header page_header(sprintf($this->user->lang['LOGS_TITLE'], $checked_user['username'])); // Generate the page template $this->template->set_filenames(array('body' => 'points/points_logs.html')); page_footer(); }
/** * Display the output for this extension * * @return null * @access public */ public function display_output() { // Add the language file $this->language->add_lang('acp_pmmonitor', 'david63/pmmonitor'); // Check that the user has permission to access here if (!$this->auth->acl_get('a_comms_pm_manage')) { trigger_error('NOT_AUTHORISED', E_USER_WARNING); } // Get message count $sql = 'SELECT COUNT(msg_id) AS total_msg FROM ' . PRIVMSGS_TO_TABLE; $result = $this->db->sql_query($sql); $total_msg = (int) $this->db->sql_fetchfield('total_msg'); $this->db->sql_freeresult($result); // If no data then no point going any further if ($total_msg == 0) { trigger_error($this->language->lang('NO_PM_DATA')); } // Start initial var setup $start = $this->request->variable('start', 0); $sort_key = $this->request->variable('sk', 'd'); $sd = $sort_dir = $this->request->variable('sd', 'd'); if ($this->request->is_set_post('delete')) { $pm_monitor_list = $this->request->variable('mark', array('')); if (!sizeof($pm_monitor_list)) { trigger_error($this->language->lang('NO_PM_SELECTED') . adm_back_link($this->u_action)); } if (confirm_box(true)) { // Restore the array to its correct format $pm_monitor_list = str_replace("'", '"', $pm_monitor_list); foreach ($pm_monitor_list as $pm_msg_list) { $pm_list[] = json_decode($pm_msg_list); } if (!function_exists('delete_pm')) { include $this->phpbb_root_path . 'includes/functions_privmsgs.' . $this->phpEx; } foreach ($pm_list as $row) { delete_pm($row['user_id'], $row['msg_ids'], $row['folder_id']); } // Add option settings change action to the admin log $phpbb_log = $this->container->get('log'); $phpbb_log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_PM_MONITOR'); } else { confirm_box(false, $this->language->lang('CONFIRM_DELETE'), build_hidden_fields(array('mark' => $pm_monitor_list, 'delete' => 'delete'))); } } $sort_dir = $sort_dir == 'd' ? ' DESC' : ' ASC'; switch ($sort_key) { case 'b': $order_by = 'u.username_clean' . $sort_dir; $order_sql = ' AND t.user_id = u.user_id '; break; case 'd': $order_by = 'p.message_time' . $sort_dir; $order_sql = ' AND t.user_id = u.user_id '; break; case 'f': $order_by = 'u.username_clean' . $sort_dir; $order_sql = ' AND t.author_id = u.user_id '; break; case 'i': $order_by = 'p.author_ip' . $sort_dir . ', u.username_clean ASC'; $order_sql = ' AND t.user_id = u.user_id '; break; case 'p': $order_by = 't.folder_id' . $sort_dir . ', u.username_clean ASC'; $order_sql = ' AND t.user_id = u.user_id '; break; case 't': $order_by = 'to_username' . $sort_dir; $order_sql = ' AND t.user_id = u.user_id '; break; } $pm_box_ary = array(PRIVMSGS_HOLD_BOX => $this->language->lang('PM_HOLDBOX'), PRIVMSGS_NO_BOX => $this->language->lang('PM_NOBOX'), PRIVMSGS_OUTBOX => $this->language->lang('PM_OUTBOX'), PRIVMSGS_SENTBOX => $this->language->lang('PM_SENTBOX'), PRIVMSGS_INBOX => $this->language->lang('PM_INBOX')); $flags = ($this->config['auth_bbcode_pm'] ? OPTION_FLAG_BBCODE : 0) + ($this->config['auth_smilies_pm'] ? OPTION_FLAG_SMILIES : 0) + ($this->config['allow_post_links'] ? OPTION_FLAG_LINKS : 0); $sql = 'SELECT p.msg_id, p.message_subject, p.message_text, p.bbcode_uid, p.bbcode_bitfield, p.message_time, p.bcc_address, p.to_address, p.author_ip, t.user_id, t.author_id, t.folder_id, LOWER(u.username) AS to_username FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . ' t, ' . USERS_TABLE . ' u WHERE p.msg_id = t.msg_id ' . $order_sql . ' ORDER BY ' . $order_by; $result = $this->db->sql_query_limit($sql, $this->config['topics_per_page'], $start); while ($row = $this->db->sql_fetchrow($result)) { $this->template->assign_block_vars('pm_row', array('AUTHOR_IP' => $row['author_ip'], 'BCC' => $row['bcc_address'] ? $this->get_msg_user_data($row['user_id'], $row['author_id']) : '', 'DATE' => $this->user->format_date($row['message_time']), 'FOLDER' => $row['folder_id'] > PRIVMSGS_INBOX ? $this->language->lang('PM_SAVED') : $pm_box_ary[$row['folder_id']], 'FROM' => $this->get_msg_user_data($row['author_id']), 'IS_GROUP' => strstr($row['to_address'], 'g') ? $this->language->lang('IS_GROUP') : '', 'LAST_VISIT_FROM' => $this->get_last_visit($row['author_id']), 'LAST_VISIT_TO' => $row['to_address'] ? $this->get_last_visit($row['user_id'], $row['author_id']) : '', 'PM_ID' => str_replace('"', "'", json_encode(array('msg_ids' => $row['msg_id'], 'user_id' => $row['user_id'], 'folder_id' => $row['folder_id']))), 'PM_KEY' => $row['msg_id'] . $row['user_id'], 'PM_SUBJECT' => $row['message_subject'], 'PM_TEXT' => generate_text_for_display($row['message_text'], $row['bbcode_uid'], $row['bbcode_bitfield'], $flags), 'TO' => $row['to_address'] ? $this->get_msg_user_data($row['user_id'], $row['author_id']) : '')); } $this->db->sql_freeresult($result); $sort_by_text = array('f' => $this->language->lang('SORT_FROM'), 't' => $this->language->lang('SORT_TO'), 'b' => $this->language->lang('SORT_BCC'), 'p' => $this->language->lang('SORT_PM_BOX'), 'i' => $this->language->lang('SORT_IP'), 'd' => $this->language->lang('SORT_DATE')); $limit_days = array(); $s_sort_key = $s_limit_days = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $action = $this->u_action . '&sk=' . $sort_key . '&sd=' . $sd; $this->pagination->generate_template_pagination($action, 'pagination', 'start', $total_msg, $this->config['topics_per_page'], $start); $this->template->assign_vars(array('MESSAGE_COUNT' => $total_msg, 'PM_MONITOR_VERSION' => ext::PM_MONITOR_VERSION, 'S_CAN_READ' => $this->auth->acl_get('a_comms_pm_manage') ? true : false, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'U_ACTION' => $this->u_action . '&action=delete')); }
/** * Lists all users with warnings */ function mcp_warn_list_view($action) { global $phpEx, $phpbb_root_path, $config, $phpbb_container; global $template, $user, $auth, $request; /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $user->add_lang('memberlist'); $start = $request->variable('start', 0); $st = $request->variable('st', 0); $sk = $request->variable('sk', 'b'); $sd = $request->variable('sd', 'd'); $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_WARNINGS']); $sort_by_sql = array('a' => 'username_clean', 'b' => 'user_last_warning', 'c' => 'user_warnings'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $st ? time() - $st * 86400 : 0; $sql_sort = $sort_by_sql[$sk] . ' ' . ($sd == 'd' ? 'DESC' : 'ASC'); $users = array(); $user_count = 0; view_warned_users($users, $user_count, $config['topics_per_page'], $start, $sql_where, $sql_sort); foreach ($users as $row) { $template->assign_block_vars('user', array('U_NOTES' => append_sid("{$phpbb_root_path}mcp.{$phpEx}", 'i=notes&mode=user_notes&u=' . $row['user_id']), 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'WARNING_TIME' => $user->format_date($row['user_last_warning']), 'WARNINGS' => $row['user_warnings'])); } $base_url = append_sid("{$phpbb_root_path}mcp.{$phpEx}", "i=warn&mode=list&st={$st}&sk={$sk}&sd={$sd}"); $pagination->generate_template_pagination($base_url, 'pagination', 'start', $user_count, $config['topics_per_page'], $start); $template->assign_vars(array('U_POST_ACTION' => $this->u_action, 'S_CLEAR_ALLOWED' => $auth->acl_get('a_clearlogs') ? true : false, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'TOTAL_USERS' => $user->lang('LIST_USERS', (int) $user_count))); }
/** * sorting in mcp * * @param string $where_sql should either be WHERE (default if ommited) or end with AND or OR * * $mode reports and reports_closed: the $where parameters uses aliases p for posts table and r for report table * $mode unapproved_posts: the $where parameters uses aliases p for posts table and t for topic table */ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql, &$sort_order_sql, &$total, $forum_id = 0, $topic_id = 0, $where_sql = 'WHERE') { global $db, $user, $auth, $template; $sort_days = request_var('st', 0); $min_time = $sort_days ? time() - $sort_days * 86400 : 0; switch ($mode) { case 'viewforum': $type = 'topics'; $default_key = 't'; $default_dir = 'd'; $sql = 'SELECT COUNT(topic_id) AS total FROM ' . TOPICS_TABLE . "\n\t\t\t\t{$where_sql} forum_id = {$forum_id}\n\t\t\t\t\tAND topic_type NOT IN (" . POST_ANNOUNCE . ', ' . POST_GLOBAL . ")\n\t\t\t\t\tAND topic_last_post_time >= {$min_time}"; if (!$auth->acl_get('m_approve', $forum_id)) { $sql .= 'AND topic_approved = 1'; } break; case 'viewtopic': $type = 'posts'; $default_key = 't'; $default_dir = 'a'; $sql = 'SELECT COUNT(post_id) AS total FROM ' . POSTS_TABLE . "\n\t\t\t\t{$where_sql} topic_id = {$topic_id}\n\t\t\t\t\tAND post_time >= {$min_time}"; if (!$auth->acl_get('m_approve', $forum_id)) { $sql .= 'AND post_approved = 1'; } break; case 'unapproved_posts': $type = 'posts'; $default_key = 't'; $default_dir = 'd'; $where_sql .= $topic_id ? ' p.topic_id = ' . $topic_id . ' AND' : ''; $sql = 'SELECT COUNT(p.post_id) AS total FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . " t\n\t\t\t\t{$where_sql} " . $db->sql_in_set('p.forum_id', $forum_id ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'))) . ' AND p.post_approved = 0 AND t.topic_id = p.topic_id AND t.topic_first_post_id <> p.post_id'; if ($min_time) { $sql .= ' AND post_time >= ' . $min_time; } break; case 'unapproved_topics': $type = 'topics'; $default_key = 't'; $default_dir = 'd'; $sql = 'SELECT COUNT(topic_id) AS total FROM ' . TOPICS_TABLE . "\n\t\t\t\t{$where_sql} " . $db->sql_in_set('forum_id', $forum_id ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'))) . ' AND topic_approved = 0'; if ($min_time) { $sql .= ' AND topic_time >= ' . $min_time; } break; case 'pm_reports': case 'pm_reports_closed': case 'reports': case 'reports_closed': $pm = strpos($mode, 'pm_') === 0 ? true : false; $type = $pm ? 'pm_reports' : 'reports'; $default_key = 't'; $default_dir = 'd'; $limit_time_sql = $min_time ? "AND r.report_time >= {$min_time}" : ''; if ($topic_id) { $where_sql .= ' p.topic_id = ' . $topic_id . ' AND '; } else { if ($forum_id) { $where_sql .= ' p.forum_id = ' . $forum_id . ' AND '; } else { if (!$pm) { $where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list(array('!f_read', '!m_report')), true, true) . ' AND '; } } } if ($mode == 'reports' || $mode == 'pm_reports') { $where_sql .= ' r.report_closed = 0 AND '; } else { $where_sql .= ' r.report_closed = 1 AND '; } if ($pm) { $sql = 'SELECT COUNT(r.report_id) AS total FROM ' . REPORTS_TABLE . ' r, ' . PRIVMSGS_TABLE . " p\n\t\t\t\t\t{$where_sql} r.post_id = 0\n\t\t\t\t\t\tAND p.msg_id = r.pm_id\n\t\t\t\t\t\t{$limit_time_sql}"; } else { $sql = 'SELECT COUNT(r.report_id) AS total FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . " p\n\t\t\t\t\t{$where_sql} r.pm_id = 0\n\t\t\t\t\tAND p.post_id = r.post_id\n\t\t\t\t\t{$limit_time_sql}"; } break; case 'viewlogs': $type = 'logs'; $default_key = 't'; $default_dir = 'd'; $sql = 'SELECT COUNT(log_id) AS total FROM ' . LOG_TABLE . "\n\t\t\t\t{$where_sql} " . $db->sql_in_set('forum_id', $forum_id ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_'))) . ' AND log_time >= ' . $min_time . ' AND log_type = ' . LOG_MOD; break; } $sort_key = request_var('sk', $default_key); $sort_dir = request_var('sd', $default_dir); $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); switch ($type) { case 'topics': $limit_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'tt' => $user->lang['TOPIC_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); $sort_by_sql = array('a' => 't.topic_first_poster_name', 't' => 't.topic_last_post_time', 'tt' => 't.topic_time', 'r' => $auth->acl_get('m_approve', $forum_id) ? 't.topic_replies_real' : 't.topic_replies', 's' => 't.topic_title', 'v' => 't.topic_views'); $limit_time_sql = $min_time ? "AND t.topic_last_post_time >= {$min_time}" : ''; break; case 'posts': $limit_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('a' => 'u.username_clean', 't' => 'p.post_time', 's' => 'p.post_subject'); $limit_time_sql = $min_time ? "AND p.post_time >= {$min_time}" : ''; break; case 'reports': $limit_days = array(0 => $user->lang['ALL_REPORTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 'r' => $user->lang['REPORTER'], 'p' => $user->lang['POST_TIME'], 't' => $user->lang['REPORT_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('a' => 'u.username_clean', 'r' => 'ru.username', 'p' => 'p.post_time', 't' => 'r.report_time', 's' => 'p.post_subject'); break; case 'pm_reports': $limit_days = array(0 => $user->lang['ALL_REPORTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 'r' => $user->lang['REPORTER'], 'p' => $user->lang['POST_TIME'], 't' => $user->lang['REPORT_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('a' => 'u.username_clean', 'r' => 'ru.username', 'p' => 'p.message_time', 't' => 'r.report_time', 's' => 'p.message_subject'); break; case 'logs': $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $limit_time_sql = $min_time ? "AND l.log_time >= {$min_time}" : ''; break; } if (!isset($sort_by_sql[$sort_key])) { $sort_key = $default_key; } $sort_order_sql = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $s_limit_days = $s_sort_key = $s_sort_dir = $sort_url = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $sort_url); $template->assign_vars(array('S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days)); if ($sort_days && $mode != 'viewlogs' || in_array($mode, array('reports', 'unapproved_topics', 'unapproved_posts')) || $where_sql != 'WHERE') { $result = $db->sql_query($sql); $total = (int) $db->sql_fetchfield('total'); $db->sql_freeresult($result); } else { $total = -1; } }
/** * sorting in mcp * * @param string $where_sql should either be WHERE (default if ommited) or end with AND or OR * * $mode reports and reports_closed: the $where parameters uses aliases p for posts table and r for report table * $mode unapproved_posts: the $where parameters uses aliases p for posts table and t for topic table */ function phpbb_mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql, &$sort_order_sql, &$total, $forum_id = 0, $topic_id = 0, $where_sql = 'WHERE') { global $db, $user, $auth, $template, $phpbb_dispatcher; $sort_days = request_var('st', 0); $min_time = $sort_days ? time() - $sort_days * 86400 : 0; switch ($mode) { case 'viewforum': $type = 'topics'; $default_key = 't'; $default_dir = 'd'; $sql = 'SELECT COUNT(topic_id) AS total FROM ' . TOPICS_TABLE . "\n\t\t\t\t{$where_sql} forum_id = {$forum_id}\n\t\t\t\t\tAND topic_type NOT IN (" . POST_ANNOUNCE . ', ' . POST_GLOBAL . ")\n\t\t\t\t\tAND topic_last_post_time >= {$min_time}"; if (!$auth->acl_get('m_approve', $forum_id)) { $sql .= 'AND topic_visibility = ' . ITEM_APPROVED; } break; case 'viewtopic': $type = 'posts'; $default_key = 't'; $default_dir = 'a'; $sql = 'SELECT COUNT(post_id) AS total FROM ' . POSTS_TABLE . "\n\t\t\t\t{$where_sql} topic_id = {$topic_id}\n\t\t\t\t\tAND post_time >= {$min_time}"; if (!$auth->acl_get('m_approve', $forum_id)) { $sql .= 'AND post_visibility = ' . ITEM_APPROVED; } break; case 'unapproved_posts': case 'deleted_posts': $visibility_const = $mode == 'unapproved_posts' ? array(ITEM_UNAPPROVED, ITEM_REAPPROVE) : ITEM_DELETED; $type = 'posts'; $default_key = 't'; $default_dir = 'd'; $where_sql .= $topic_id ? ' p.topic_id = ' . $topic_id . ' AND' : ''; $sql = 'SELECT COUNT(p.post_id) AS total FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . " t\n\t\t\t\t{$where_sql} " . $db->sql_in_set('p.forum_id', $forum_id ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'))) . ' AND ' . $db->sql_in_set('p.post_visibility', $visibility_const) . ' AND t.topic_id = p.topic_id AND t.topic_visibility <> p.post_visibility'; if ($min_time) { $sql .= ' AND post_time >= ' . $min_time; } break; case 'unapproved_topics': case 'deleted_topics': $visibility_const = $mode == 'unapproved_topics' ? array(ITEM_UNAPPROVED, ITEM_REAPPROVE) : ITEM_DELETED; $type = 'topics'; $default_key = 't'; $default_dir = 'd'; $sql = 'SELECT COUNT(topic_id) AS total FROM ' . TOPICS_TABLE . "\n\t\t\t\t{$where_sql} " . $db->sql_in_set('forum_id', $forum_id ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'))) . ' AND ' . $db->sql_in_set('topic_visibility', $visibility_const); if ($min_time) { $sql .= ' AND topic_time >= ' . $min_time; } break; case 'pm_reports': case 'pm_reports_closed': case 'reports': case 'reports_closed': $pm = strpos($mode, 'pm_') === 0 ? true : false; $type = $pm ? 'pm_reports' : 'reports'; $default_key = 't'; $default_dir = 'd'; $limit_time_sql = $min_time ? "AND r.report_time >= {$min_time}" : ''; if ($topic_id) { $where_sql .= ' p.topic_id = ' . $topic_id . ' AND '; } else { if ($forum_id) { $where_sql .= ' p.forum_id = ' . $forum_id . ' AND '; } else { if (!$pm) { $where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list(array('!f_read', '!m_report')), true, true) . ' AND '; } } } if ($mode == 'reports' || $mode == 'pm_reports') { $where_sql .= ' r.report_closed = 0 AND '; } else { $where_sql .= ' r.report_closed = 1 AND '; } if ($pm) { $sql = 'SELECT COUNT(r.report_id) AS total FROM ' . REPORTS_TABLE . ' r, ' . PRIVMSGS_TABLE . " p\n\t\t\t\t\t{$where_sql} r.post_id = 0\n\t\t\t\t\t\tAND p.msg_id = r.pm_id\n\t\t\t\t\t\t{$limit_time_sql}"; } else { $sql = 'SELECT COUNT(r.report_id) AS total FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . " p\n\t\t\t\t\t{$where_sql} r.pm_id = 0\n\t\t\t\t\t\tAND p.post_id = r.post_id\n\t\t\t\t\t\t{$limit_time_sql}"; } break; case 'viewlogs': $type = 'logs'; $default_key = 't'; $default_dir = 'd'; $sql = 'SELECT COUNT(log_id) AS total FROM ' . LOG_TABLE . "\n\t\t\t\t{$where_sql} " . $db->sql_in_set('forum_id', $forum_id ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_'))) . ' AND log_time >= ' . $min_time . ' AND log_type = ' . LOG_MOD; break; } $sort_key = request_var('sk', $default_key); $sort_dir = request_var('sd', $default_dir); $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); switch ($type) { case 'topics': $limit_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'tt' => $user->lang['TOPIC_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); $sort_by_sql = array('a' => 't.topic_first_poster_name', 't' => array('t.topic_last_post_time', 't.topic_last_post_id'), 'tt' => 't.topic_time', 'r' => $auth->acl_get('m_approve', $forum_id) ? 't.topic_posts_approved + t.topic_posts_unapproved + t.topic_posts_softdeleted' : 't.topic_posts_approved', 's' => 't.topic_title', 'v' => 't.topic_views'); $limit_time_sql = $min_time ? "AND t.topic_last_post_time >= {$min_time}" : ''; break; case 'posts': $limit_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('a' => 'u.username_clean', 't' => array('p.post_time', 'p.post_id'), 's' => 'p.post_subject'); $limit_time_sql = $min_time ? "AND p.post_time >= {$min_time}" : ''; break; case 'reports': $limit_days = array(0 => $user->lang['ALL_REPORTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 'r' => $user->lang['REPORTER'], 'p' => $user->lang['POST_TIME'], 't' => $user->lang['REPORT_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('a' => 'u.username_clean', 'r' => 'ru.username', 'p' => array('p.post_time', 'p.post_id'), 't' => 'r.report_time', 's' => 'p.post_subject'); break; case 'pm_reports': $limit_days = array(0 => $user->lang['ALL_REPORTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 'r' => $user->lang['REPORTER'], 'p' => $user->lang['POST_TIME'], 't' => $user->lang['REPORT_TIME'], 's' => $user->lang['SUBJECT']); $sort_by_sql = array('a' => 'u.username_clean', 'r' => 'ru.username', 'p' => 'p.message_time', 't' => 'r.report_time', 's' => 'p.message_subject'); break; case 'logs': $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $limit_time_sql = $min_time ? "AND l.log_time >= {$min_time}" : ''; break; } // Default total to -1 to allow editing by the event $total = -1; /** * This event allows you to control the SQL query used to get the total number * of reports the user can access. * * This total is used for the pagination and for displaying the total number * of reports to the user * * * @event core.mcp_sorting_query_before * @var string sql The current SQL search string * @var string mode An id related to the module(s) the user is viewing * @var string type Which kind of information is this being used for displaying. Posts, topics, etc... * @var int forum_id The forum id of the posts the user is trying to access, if not 0 * @var int topic_id The topic id of the posts the user is trying to access, if not 0 * @var int sort_days The max age of the oldest report to be shown, in days * @var string sort_key The way the user has decided to sort the data. * The valid values must be in the keys of the sort_by_* variables * @var string sort_dir Either 'd' for "DESC" or 'a' for 'ASC' in the SQL query * @var int limit_days The possible max ages of the oldest report for the user to choose, in days. * @var array sort_by_sql SQL text (values) for the possible names of the ways of sorting data (keys). * @var array sort_by_text Language text (values) for the possible names of the ways of sorting data (keys). * @var int min_time Integer with the minimum post time that the user is searching for * @var int limit_time_sql Time limiting options used in the SQL query. * @var int total The total number of reports that exist. Only set if you want to override the result * @var string where_sql Extra information included in the WHERE clause. It must end with "WHERE" or "AND" or "OR". * Set to "WHERE" and set total above -1 to override the total value * @since 3.1.4-RC1 */ $vars = array('sql', 'mode', 'type', 'forum_id', 'topic_id', 'sort_days', 'sort_key', 'sort_dir', 'limit_days', 'sort_by_sql', 'sort_by_text', 'min_time', 'limit_time_sql', 'total', 'where_sql'); extract($phpbb_dispatcher->trigger_event('core.mcp_sorting_query_before', compact($vars))); if (!isset($sort_by_sql[$sort_key])) { $sort_key = $default_key; } $direction = $sort_dir == 'd' ? 'DESC' : 'ASC'; if (is_array($sort_by_sql[$sort_key])) { $sort_order_sql = implode(' ' . $direction . ', ', $sort_by_sql[$sort_key]) . ' ' . $direction; } else { $sort_order_sql = $sort_by_sql[$sort_key] . ' ' . $direction; } $s_limit_days = $s_sort_key = $s_sort_dir = $sort_url = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $sort_url); $template->assign_vars(array('S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days)); if ($sort_days && $mode != 'viewlogs' || in_array($mode, array('reports', 'unapproved_topics', 'unapproved_posts', 'deleted_topics', 'deleted_posts')) || $where_sql != 'WHERE') { $result = $db->sql_query($sql); $total = (int) $db->sql_fetchfield('total'); $db->sql_freeresult($result); } else { if ($total < -1) { $total = -1; } } }
function main($id, $mode) { global $config, $db, $user, $auth, $template; global $phpbb_root_path, $phpbb_admin_path, $phpEx; global $phpbb_dispatcher, $request; global $phpbb_container, $phpbb_log; $user->add_lang(array('posting', 'ucp', 'acp/users')); $this->tpl_name = 'acp_users'; $error = array(); $username = $request->variable('username', '', true); $user_id = $request->variable('u', 0); $action = $request->variable('action', ''); // Get referer to redirect user to the appropriate page after delete action $redirect = $request->variable('redirect', ''); $redirect_tag = "redirect={$redirect}"; $redirect_url = append_sid("{$phpbb_admin_path}index.{$phpEx}", "i={$redirect}"); $submit = isset($_POST['update']) && !isset($_POST['cancel']) ? true : false; $form_name = 'acp_users'; add_form_key($form_name); // Whois (special case) if ($action == 'whois') { if (!function_exists('user_get_id_name')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } $this->page_title = 'WHOIS'; $this->tpl_name = 'simple_body'; $user_ip = phpbb_ip_normalise($request->variable('user_ip', '')); $domain = gethostbyaddr($user_ip); $ipwhois = user_ipwhois($user_ip); $template->assign_vars(array('MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), 'MESSAGE_TEXT' => nl2br($ipwhois))); return; } // Show user selection mask if (!$username && !$user_id) { $this->page_title = 'SELECT_USER'; $template->assign_vars(array('U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=select_user&field=username&select_single=true'))); return; } if (!$user_id) { $sql = 'SELECT user_id FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_id = (int) $db->sql_fetchfield('user_id'); $db->sql_freeresult($result); if (!$user_id) { trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); } } // Generate content for all modes $sql = 'SELECT u.*, s.* FROM ' . USERS_TABLE . ' u LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; $result = $db->sql_query_limit($sql, 1); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); } // Generate overall "header" for user admin $s_form_options = ''; // Build modes dropdown list $sql = 'SELECT module_mode, module_auth FROM ' . MODULES_TABLE . "\n\t\t\tWHERE module_basename = 'acp_users'\n\t\t\t\tAND module_enabled = 1\n\t\t\t\tAND module_class = 'acp'\n\t\t\tORDER BY left_id, module_mode"; $result = $db->sql_query($sql); $dropdown_modes = array(); while ($row = $db->sql_fetchrow($result)) { if (!$this->p_master->module_auth_self($row['module_auth'])) { continue; } $dropdown_modes[$row['module_mode']] = true; } $db->sql_freeresult($result); foreach ($dropdown_modes as $module_mode => $null) { $selected = $mode == $module_mode ? ' selected="selected"' : ''; $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>'; } $template->assign_vars(array('U_BACK' => empty($redirect) ? $this->u_action : $redirect_url, 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i={$id}&u={$user_id}"), 'U_ACTION' => $this->u_action . '&u=' . $user_id . (empty($redirect) ? '' : '&' . $redirect_tag), 'S_FORM_OPTIONS' => $s_form_options, 'MANAGED_USERNAME' => $user_row['username'])); // Prevent normal users/admins change/view founders if they are not a founder by themselves if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING); } $this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode)); switch ($mode) { case 'overview': if (!function_exists('user_get_id_name')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } $user->add_lang('acp/ban'); $delete = $request->variable('delete', 0); $delete_type = $request->variable('delete_type', ''); $ip = $request->variable('ip', 'ip'); /** * Run code at beginning of ACP users overview * * @event core.acp_users_overview_before * @var array user_row Current user data * @var string mode Active module * @var string action Module that should be run * @var bool submit Do we display the form only * or did the user press submit * @var array error Array holding error messages * @since 3.1.3-RC1 */ $vars = array('user_row', 'mode', 'action', 'submit', 'error'); extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars))); if ($submit) { if ($delete) { if (!$auth->acl_get('a_userdel')) { send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } // Check if the user wants to remove himself or the guest user account if ($user_id == ANONYMOUS) { trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } // Founders can not be deleted. if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_id == $user->data['user_id']) { trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($delete_type) { if (confirm_box(true)) { user_delete($delete_type, $user_id, $user_row['username']); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username'])); trigger_error($user->lang['USER_DELETED'] . adm_back_link(empty($redirect) ? $this->u_action : $redirect_url)); } else { $delete_confirm_hidden_fields = array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true, 'delete' => 1, 'delete_type' => $delete_type); // Checks if the redirection page is specified if (!empty($redirect)) { $delete_confirm_hidden_fields['redirect'] = $redirect; } confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields)); } } else { trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } } // Handle quicktool actions switch ($action) { case 'banuser': case 'banemail': case 'banip': if ($user_id == $user->data['user_id']) { trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_id == ANONYMOUS) { trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $ban = array(); switch ($action) { case 'banuser': $ban[] = $user_row['username']; $reason = 'USER_ADMIN_BAN_NAME_REASON'; break; case 'banemail': $ban[] = $user_row['user_email']; $reason = 'USER_ADMIN_BAN_EMAIL_REASON'; break; case 'banip': $ban[] = $user_row['user_ip']; $sql = 'SELECT DISTINCT poster_ip FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\tWHERE poster_id = {$user_id}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $ban[] = $row['poster_ip']; } $db->sql_freeresult($result); $reason = 'USER_ADMIN_BAN_IP_REASON'; break; } $ban_reason = $request->variable('ban_reason', $user->lang[$reason], true); $ban_give_reason = $request->variable('ban_give_reason', '', true); // Log not used at the moment, we simply utilize the ban function. $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason); trigger_error(($result === false ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'reactivate': if ($user_id == $user->data['user_id']) { trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_IGNORE) { trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($config['email_enable']) { if (!class_exists('messenger')) { include $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; } $server_url = generate_board_url(); $user_actkey = gen_rand_string(mt_rand(6, 10)); $email_template = $user_row['user_type'] == USER_NORMAL ? 'user_reactivate_account' : 'user_resend_inactive'; if ($user_row['user_type'] == USER_NORMAL) { user_active_flip('deactivate', $user_id, INACTIVE_REMIND); $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\t\t\t\t\t\t\tSET user_actkey = '" . $db->sql_escape($user_actkey) . "'\n\t\t\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); } else { // Grabbing the last confirm key - we only send a reminder $sql = 'SELECT user_actkey FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); $user_actkey = (string) $db->sql_fetchfield('user_actkey'); $db->sql_freeresult($result); } $messenger = new messenger(false); $messenger->template($email_template, $user_row['user_lang']); $messenger->set_addresses($user_row); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_actkey}")); $messenger->send(NOTIFY_EMAIL); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username'])); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array('reportee_id' => $user_id)); trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id)); } break; case 'active': if ($user_id == $user->data['user_id']) { // It is only deactivation since the user is already activated (else he would not have reached this page) trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_IGNORE) { trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } user_active_flip('flip', $user_id); if ($user_row['user_type'] == USER_INACTIVE) { if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); if (!class_exists('messenger')) { include $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; } $messenger = new messenger(false); $messenger->template('admin_welcome_activated', $user_row['user_lang']); $messenger->set_addresses($user_row); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']))); $messenger->send(NOTIFY_EMAIL); } } $message = $user_row['user_type'] == USER_INACTIVE ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED'; $log = $user_row['user_type'] == USER_INACTIVE ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE'; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username'])); $phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array('reportee_id' => $user_id)); trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delsig': if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $sql_ary = array('user_sig' => '', 'user_sig_bbcode_uid' => '', 'user_sig_bbcode_bitfield' => ''); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username'])); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array('reportee_id' => $user_id)); trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delavatar': if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } // Delete old avatar if present /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_'); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username'])); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array('reportee_id' => $user_id)); trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delposts': if (confirm_box(true)) { // Delete posts, attachments, etc. delete_posts('poster_id', $user_id); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username'])); trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true))); } break; case 'delattach': if (confirm_box(true)) { /** @var \phpbb\attachment\manager $attachment_manager */ $attachment_manager = $phpbb_container->get('attachment.manager'); $attachment_manager->delete('user', $user_id); unset($attachment_manager); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username'])); trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true))); } break; case 'deloutbox': if (confirm_box(true)) { $msg_ids = array(); $lang = 'EMPTY'; $sql = 'SELECT msg_id FROM ' . PRIVMSGS_TO_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE author_id = {$user_id}\n\t\t\t\t\t\t\t\t\t\tAND folder_id = " . PRIVMSGS_OUTBOX; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { if (!function_exists('delete_pm')) { include $phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx; } do { $msg_ids[] = (int) $row['msg_id']; } while ($row = $db->sql_fetchrow($result)); $db->sql_freeresult($result); delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username'])); $lang = 'EMPTIED'; } $db->sql_freeresult($result); trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true))); } break; case 'moveposts': if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $user->add_lang('acp/forums'); $new_forum_id = $request->variable('new_f', 0); if (!$new_forum_id) { $this->page_title = 'USER_ADMIN_MOVE_POSTS'; $template->assign_vars(array('S_SELECT_FORUM' => true, 'U_ACTION' => $this->u_action . "&action={$action}&u={$user_id}", 'U_BACK' => $this->u_action . "&u={$user_id}", 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true))); return; } // Is the new forum postable to? $sql = 'SELECT forum_name, forum_type FROM ' . FORUMS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE forum_id = {$new_forum_id}"; $result = $db->sql_query($sql); $forum_info = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$forum_info) { trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($forum_info['forum_type'] != FORUM_POST) { trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } // Two stage? // Move topics comprising only posts from this user $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array(); $forum_id_ary = array($new_forum_id); $sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE poster_id = {$user_id}\n\t\t\t\t\t\t\t\t\tAND forum_id <> {$new_forum_id}\n\t\t\t\t\t\t\t\tGROUP BY topic_id, post_visibility"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts']; } $db->sql_freeresult($result); if (sizeof($topic_id_ary)) { $sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved'] && $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved'] && $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved'] && $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted']) { $move_topic_ary[] = $row['topic_id']; } else { $move_post_ary[$row['topic_id']]['title'] = $row['topic_title']; $move_post_ary[$row['topic_id']]['attach'] = $row['topic_attachment'] ? 1 : 0; } $forum_id_ary[] = $row['forum_id']; } $db->sql_freeresult($result); } // Entire topic comprises posts by this user, move these topics if (sizeof($move_topic_ary)) { move_topics($move_topic_ary, $new_forum_id, false); } if (sizeof($move_post_ary)) { // Create new topic // Update post_ids, report_ids, attachment_ids foreach ($move_post_ary as $topic_id => $post_ary) { // Create new topic $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array('topic_poster' => $user_id, 'topic_time' => time(), 'forum_id' => $new_forum_id, 'icon_id' => 0, 'topic_visibility' => ITEM_APPROVED, 'topic_title' => $post_ary['title'], 'topic_first_poster_name' => $user_row['username'], 'topic_type' => POST_NORMAL, 'topic_time_limit' => 0, 'topic_attachment' => $post_ary['attach'])); $db->sql_query($sql); $new_topic_id = $db->sql_nextid(); // Move posts $sql = 'UPDATE ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\tSET forum_id = {$new_forum_id}, topic_id = {$new_topic_id}\n\t\t\t\t\t\t\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\t\t\t\t\t\t\t\tAND poster_id = {$user_id}"; $db->sql_query($sql); if ($post_ary['attach']) { $sql = 'UPDATE ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\t\t\t\t\t\tSET topic_id = {$new_topic_id}\n\t\t\t\t\t\t\t\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\t\t\t\t\t\t\t\t\tAND poster_id = {$user_id}"; $db->sql_query($sql); } $new_topic_id_ary[] = $new_topic_id; } } $forum_id_ary = array_unique($forum_id_ary); $topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary)); if (sizeof($topic_id_ary)) { sync('topic_reported', 'topic_id', $topic_id_ary); sync('topic', 'topic_id', $topic_id_ary); } if (sizeof($forum_id_ary)) { sync('forum', 'forum_id', $forum_id_ary, false, true); } $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name'])); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array('reportee_id' => $user_id, $forum_info['forum_name'])); trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'leave_nr': if (confirm_box(true)) { remove_newly_registered($user_id, $user_row); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username'])); trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true))); } break; default: /** * Run custom quicktool code * * @event core.acp_users_overview_run_quicktool * @var array user_row Current user data * @var string action Quick tool that should be run * @since 3.1.0-a1 */ $vars = array('action', 'user_row'); extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars))); break; } // Handle registration info updates $data = array('username' => $request->variable('user', $user_row['username'], true), 'user_founder' => $request->variable('user_founder', $user_row['user_type'] == USER_FOUNDER ? 1 : 0), 'email' => strtolower($request->variable('user_email', $user_row['user_email'])), 'new_password' => $request->variable('new_password', '', true), 'password_confirm' => $request->variable('password_confirm', '', true)); // Validation data - we do not check the password complexity setting here $check_ary = array('new_password' => array(array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars'])); // Check username if altered if ($data['username'] != $user_row['username']) { $check_ary += array('username' => array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', $user_row['username']))); } // Check email if altered if ($data['email'] != $user_row['user_email']) { $check_ary += array('email' => array(array('string', false, 6, 60), array('user_email', $user_row['user_email']))); } $error = validate_data($data, $check_ary); if ($data['new_password'] && $data['password_confirm'] != $data['new_password']) { $error[] = 'NEW_PASSWORD_ERROR'; } if (!check_form_key($form_name)) { $error[] = 'FORM_INVALID'; } // Instantiate passwords manager /* @var $passwords_manager \phpbb\passwords\manager */ $passwords_manager = $phpbb_container->get('passwords.manager'); // Which updates do we need to do? $update_username = $user_row['username'] != $data['username'] ? $data['username'] : false; $update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']); $update_email = $data['email'] != $user_row['user_email'] ? $data['email'] : false; if (!sizeof($error)) { $sql_ary = array(); if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER) { // Only allow founders updating the founder status... if ($user->data['user_type'] == USER_FOUNDER) { // Setting a normal member to be a founder if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER) { // Make sure the user is not setting an Inactive or ignored user to be a founder if ($user_row['user_type'] == USER_IGNORE) { trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_INACTIVE) { trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $sql_ary['user_type'] = USER_FOUNDER; } else { if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER) { // Check if at least one founder is present $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE user_type = ' . USER_FOUNDER . ' AND user_id <> ' . $user_id; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $sql_ary['user_type'] = USER_NORMAL; } else { trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } } } } } /** * Modify user data before we update it * * @event core.acp_users_overview_modify_data * @var array user_row Current user data * @var array data Submitted user data * @var array sql_ary User data we udpate * @since 3.1.0-a1 */ $vars = array('user_row', 'data', 'sql_ary'); extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars))); if ($update_username !== false) { $sql_ary['username'] = $update_username; $sql_ary['username_clean'] = utf8_clean_string($update_username); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array('reportee_id' => $user_id, $user_row['username'], $update_username)); } if ($update_email !== false) { $sql_ary += array('user_email' => $update_email, 'user_email_hash' => phpbb_email_hash($update_email)); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array('reportee_id' => $user_id, $user_row['username'], $user_row['user_email'], $update_email)); } if ($update_password) { $sql_ary += array('user_password' => $passwords_manager->hash($data['new_password']), 'user_passchg' => time()); $user->reset_login_keys($user_id); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array('reportee_id' => $user_id, $user_row['username'])); } if (sizeof($sql_ary)) { $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $db->sql_query($sql); } if ($update_username) { user_update_name($user_row['username'], $update_username); } // Let the users permissions being updated $auth->acl_clear_prefetch($user_id); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username'])); trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = array_map(array($user, 'lang'), $error); } if ($user_id == $user->data['user_id']) { $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); if ($user_row['user_new']) { $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; } } else { $quick_tool_ary = array(); if ($user_row['user_type'] != USER_FOUNDER) { $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP'); } if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE) { $quick_tool_ary += array('active' => $user_row['user_type'] == USER_INACTIVE ? 'ACTIVATE' : 'DEACTIVATE'); } $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE)) { $quick_tool_ary['reactivate'] = 'FORCE'; } if ($user_row['user_new']) { $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; } } if ($config['load_onlinetrack']) { $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline FROM ' . SESSIONS_TABLE . "\n\t\t\t\t\t\tWHERE session_user_id = {$user_id}"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $user_row['session_time'] = isset($row['session_time']) ? $row['session_time'] : 0; $user_row['session_viewonline'] = isset($row['session_viewonline']) ? $row['session_viewonline'] : 0; unset($row); } /** * Add additional quick tool options and overwrite user data * * @event core.acp_users_display_overview * @var array user_row Array with user data * @var array quick_tool_ary Ouick tool options * @since 3.1.0-a1 */ $vars = array('user_row', 'quick_tool_ary'); extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars))); $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>'; foreach ($quick_tool_ary as $value => $lang) { $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>'; } $last_active = !empty($user_row['session_time']) ? $user_row['session_time'] : $user_row['user_lastvisit']; $inactive_reason = ''; if ($user_row['user_type'] == USER_INACTIVE) { $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN']; switch ($user_row['user_inactive_reason']) { case INACTIVE_REGISTER: $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER']; break; case INACTIVE_PROFILE: $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE']; break; case INACTIVE_MANUAL: $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL']; break; case INACTIVE_REMIND: $inactive_reason = $user->lang['INACTIVE_REASON_REMIND']; break; } } // Posts in Queue $sql = 'SELECT COUNT(post_id) as posts_in_queue FROM ' . POSTS_TABLE . ' WHERE poster_id = ' . $user_id . ' AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)); $result = $db->sql_query($sql); $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue'); $db->sql_freeresult($result); $sql = 'SELECT post_id FROM ' . POSTS_TABLE . ' WHERE poster_id = ' . $user_id; $result = $db->sql_query_limit($sql, 1); $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id'); $db->sql_freeresult($result); $template->assign_vars(array('L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']), 'S_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false, 'S_OVERVIEW' => true, 'S_USER_IP' => $user_row['user_ip'] ? true : false, 'S_USER_FOUNDER' => $user_row['user_type'] == USER_FOUNDER ? true : false, 'S_ACTION_OPTIONS' => $s_action_options, 'S_OWN_ACCOUNT' => $user_id == $user->data['user_id'] ? true : false, 'S_USER_INACTIVE' => $user_row['user_type'] == USER_INACTIVE ? true : false, 'U_SHOW_IP' => $this->u_action . "&u={$user_id}&ip=" . ($ip == 'ip' ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 'U_MCP_QUEUE' => $auth->acl_getf_global('m_approve') ? append_sid("{$phpbb_root_path}mcp.{$phpEx}", 'i=queue', true, $user->session_id) : '', 'U_SEARCH_USER' => $config['load_search'] && $auth->acl_get('u_search') ? append_sid("{$phpbb_root_path}search.{$phpEx}", "author_id={$user_row['user_id']}&sr=posts") : '', 'U_SWITCH_PERMISSIONS' => $auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '', 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'], 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 'REGISTERED_IP' => $ip == 'hostname' ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], 'USER_LASTACTIVE' => $last_active ? $user->format_date($last_active) : ' - ', 'USER_EMAIL' => $user_row['user_email'], 'USER_WARNINGS' => $user_row['user_warnings'], 'USER_POSTS' => $user_row['user_posts'], 'USER_HAS_POSTS' => $user_row['user_has_posts'], 'USER_INACTIVE_REASON' => $inactive_reason)); break; case 'feedback': $user->add_lang('mcp'); // Set up general vars $start = $request->variable('start', 0); $deletemark = isset($_POST['delmarked']) ? true : false; $deleteall = isset($_POST['delall']) ? true : false; $marked = $request->variable('mark', array(0)); $message = $request->variable('message', '', true); /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); // Sort keys $sort_days = $request->variable('st', 0); $sort_key = $request->variable('sk', 't'); $sort_dir = $request->variable('sd', 'd'); // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $where_sql = ''; if ($deletemark && $marked) { $sql_in = array(); foreach ($marked as $mark) { $sql_in[] = $mark; } $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); unset($sql_in); } if ($where_sql || $deleteall) { $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE log_type = ' . LOG_USERS . "\n\t\t\t\t\t\t\tAND reportee_id = {$user_id}\n\t\t\t\t\t\t\t{$where_sql}"; $db->sql_query($sql); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username'])); } } if ($submit && $message) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username'])); $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array('forum_id' => 0, 'topic_id' => 0, $user_row['username'])); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array('reportee_id' => $user_id, $message)); trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = $sort_days ? time() - $sort_days * 86400 : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); // Grab log data $log_data = array(); $log_count = 0; $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); $base_url = $this->u_action . "&u={$user_id}&{$u_sort_param}"; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); $template->assign_vars(array('S_FEEDBACK' => true, 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))); foreach ($log_data as $row) { $template->assign_block_vars('log', array('USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => nl2br($row['action']), 'ID' => $row['id'])); } break; case 'warnings': $user->add_lang('mcp'); // Set up general vars $deletemark = isset($_POST['delmarked']) ? true : false; $deleteall = isset($_POST['delall']) ? true : false; $confirm = isset($_POST['confirm']) ? true : false; $marked = $request->variable('mark', array(0)); // Delete entries if requested and able if ($deletemark || $deleteall || $confirm) { if (confirm_box(true)) { $where_sql = ''; $deletemark = $request->variable('delmarked', 0); $deleteall = $request->variable('delall', 0); if ($deletemark && $marked) { $where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked)); } if ($where_sql || $deleteall) { $sql = 'DELETE FROM ' . WARNINGS_TABLE . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}\n\t\t\t\t\t\t\t\t\t{$where_sql}"; $db->sql_query($sql); if ($deleteall) { $log_warnings = $deleted_warnings = 0; } else { $num_warnings = (int) $db->sql_affectedrows(); $deleted_warnings = ' user_warnings - ' . $num_warnings; $log_warnings = $num_warnings > 2 ? 2 : $num_warnings; } $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\t\t\t\t\tSET user_warnings = {$deleted_warnings}\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); if ($log_warnings) { $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings)); } else { $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username'])); } } } else { $s_hidden_fields = array('i' => $id, 'mode' => $mode, 'u' => $user_id, 'mark' => $marked); if (isset($_POST['delmarked'])) { $s_hidden_fields['delmarked'] = 1; } if (isset($_POST['delall'])) { $s_hidden_fields['delall'] = 1; } if (isset($_POST['delall']) || isset($_POST['delmarked']) && sizeof($marked)) { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); } } } $sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour FROM ' . WARNINGS_TABLE . ' w LEFT JOIN ' . LOG_TABLE . ' l ON (w.log_id = l.log_id) LEFT JOIN ' . USERS_TABLE . ' m ON (l.user_id = m.user_id) WHERE w.user_id = ' . $user_id . ' ORDER BY w.warning_time DESC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (!$row['log_operation']) { // We do not have a log-entry anymore, so there is no data available $row['action'] = $user->lang['USER_WARNING_LOG_DELETED']; } else { $row['action'] = isset($user->lang[$row['log_operation']]) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}'; if (!empty($row['log_data'])) { $log_data_ary = @unserialize($row['log_data']); $log_data_ary = $log_data_ary === false ? array() : $log_data_ary; if (isset($user->lang[$row['log_operation']])) { // Check if there are more occurrences of % than arguments, if there are we fill out the arguments array // It doesn't matter if we add more arguments than placeholders if (substr_count($row['action'], '%') - sizeof($log_data_ary) > 0) { $log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - sizeof($log_data_ary), '')); } $row['action'] = vsprintf($row['action'], $log_data_ary); $row['action'] = bbcode_nl2br(censor_text($row['action'])); } else { if (!empty($log_data_ary)) { $row['action'] .= '<br />' . implode('', $log_data_ary); } } } } $template->assign_block_vars('warn', array('ID' => $row['warning_id'], 'USERNAME' => $row['log_operation'] ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-', 'ACTION' => make_clickable($row['action']), 'DATE' => $user->format_date($row['warning_time']))); } $db->sql_freeresult($result); $template->assign_vars(array('S_WARNINGS' => true)); break; case 'profile': if (!function_exists('user_get_id_name')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } /* @var $cp \phpbb\profilefields\manager */ $cp = $phpbb_container->get('profilefields.manager'); $cp_data = $cp_error = array(); $sql = 'SELECT lang_id FROM ' . LANG_TABLE . "\n\t\t\t\t\tWHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $user_row['iso_lang_id'] = $row['lang_id']; $data = array('jabber' => $request->variable('jabber', $user_row['user_jabber'], true), 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0); if ($user_row['user_birthday']) { list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']); } $data['bday_day'] = $request->variable('bday_day', $data['bday_day']); $data['bday_month'] = $request->variable('bday_month', $data['bday_month']); $data['bday_year'] = $request->variable('bday_year', $data['bday_year']); $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']); /** * Modify user data on editing profile in ACP * * @event core.acp_users_modify_profile * @var array data Array with user profile data * @var bool submit Flag indicating if submit button has been pressed * @var int user_id The user id * @var array user_row Array with the full user data * @since 3.1.4-RC1 */ $vars = array('data', 'submit', 'user_id', 'user_row'); extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars))); if ($submit) { $error = validate_data($data, array('jabber' => array(array('string', true, 5, 255), array('jabber')), 'bday_day' => array('num', true, 1, 31), 'bday_month' => array('num', true, 1, 12), 'bday_year' => array('num', true, 1901, gmdate('Y', time())), 'user_birthday' => array('date', true))); // validate custom profile fields $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error); if (sizeof($cp_error)) { $error = array_merge($error, $cp_error); } if (!check_form_key($form_name)) { $error[] = 'FORM_INVALID'; } /** * Validate profile data in ACP before submitting to the database * * @event core.acp_users_profile_validate * @var bool submit Flag indicating if submit button has been pressed * @var array data Array with user profile data * @var array error Array with the form errors * @since 3.1.4-RC1 */ $vars = array('submit', 'data', 'error'); extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars))); if (!sizeof($error)) { $sql_ary = array('user_jabber' => $data['jabber'], 'user_birthday' => $data['user_birthday']); /** * Modify profile data in ACP before submitting to the database * * @event core.acp_users_profile_modify_sql_ary * @var array cp_data Array with the user custom profile fields data * @var array data Array with user profile data * @var int user_id The user id * @var array user_row Array with the full user data * @var array sql_ary Array with sql data * @since 3.1.4-RC1 */ $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary'); extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars))); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); // Update Custom Fields $cp->update_profile_field_data($user_id, $cp_data); trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = array_map(array($user, 'lang'), $error); } $s_birthday_day_options = '<option value="0"' . (!$data['bday_day'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 32; $i++) { $selected = $i == $data['bday_day'] ? ' selected="selected"' : ''; $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_month_options = '<option value="0"' . (!$data['bday_month'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 13; $i++) { $selected = $i == $data['bday_month'] ? ' selected="selected"' : ''; $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $now = getdate(); $s_birthday_year_options = '<option value="0"' . (!$data['bday_year'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = $now['year'] - 100; $i <= $now['year']; $i++) { $selected = $i == $data['bday_year'] ? ' selected="selected"' : ''; $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } unset($now); $template->assign_vars(array('JABBER' => $data['jabber'], 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 'S_PROFILE' => true)); // Get additional profile fields and assign them to the template block var 'profile_fields' $user->get_profile_fields($user_id); $cp->generate_profile_fields('profile', $user_row['iso_lang_id']); break; case 'prefs': if (!function_exists('user_get_id_name')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } $data = array('dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true), 'lang' => basename($request->variable('lang', $user_row['user_lang'])), 'tz' => $request->variable('tz', $user_row['user_timezone']), 'style' => $request->variable('style', $user_row['user_style']), 'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']), 'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']), 'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']), 'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']), 'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']), 'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']), 'topic_sk' => $request->variable('topic_sk', $user_row['user_topic_sortby_type'] ? $user_row['user_topic_sortby_type'] : 't'), 'topic_sd' => $request->variable('topic_sd', $user_row['user_topic_sortby_dir'] ? $user_row['user_topic_sortby_dir'] : 'd'), 'topic_st' => $request->variable('topic_st', $user_row['user_topic_show_days'] ? $user_row['user_topic_show_days'] : 0), 'post_sk' => $request->variable('post_sk', $user_row['user_post_sortby_type'] ? $user_row['user_post_sortby_type'] : 't'), 'post_sd' => $request->variable('post_sd', $user_row['user_post_sortby_dir'] ? $user_row['user_post_sortby_dir'] : 'a'), 'post_st' => $request->variable('post_st', $user_row['user_post_show_days'] ? $user_row['user_post_show_days'] : 0), 'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')), 'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')), 'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')), 'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')), 'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')), 'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')), 'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')), 'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')), 'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')), 'notify' => $request->variable('notify', $user_row['user_notify'])); /** * Modify users preferences data * * @event core.acp_users_prefs_modify_data * @var array data Array with users preferences data * @var array user_row Array with user data * @since 3.1.0-b3 */ $vars = array('data', 'user_row'); extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars))); if ($submit) { $error = validate_data($data, array('dateformat' => array('string', false, 1, 64), 'lang' => array('match', false, '#^[a-z_\\-]{2,}$#i'), 'tz' => array('timezone'), 'topic_sk' => array('string', false, 1, 1), 'topic_sd' => array('string', false, 1, 1), 'post_sk' => array('string', false, 1, 1), 'post_sd' => array('string', false, 1, 1))); if (!check_form_key($form_name)) { $error[] = 'FORM_INVALID'; } if (!sizeof($error)) { $this->optionset($user_row, 'viewimg', $data['view_images']); $this->optionset($user_row, 'viewflash', $data['view_flash']); $this->optionset($user_row, 'viewsmilies', $data['view_smilies']); $this->optionset($user_row, 'viewsigs', $data['view_sigs']); $this->optionset($user_row, 'viewavatars', $data['view_avatars']); $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']); $this->optionset($user_row, 'bbcode', $data['bbcode']); $this->optionset($user_row, 'smilies', $data['smilies']); $this->optionset($user_row, 'attachsig', $data['sig']); $sql_ary = array('user_options' => $user_row['user_options'], 'user_allow_pm' => $data['allowpm'], 'user_allow_viewemail' => $data['viewemail'], 'user_allow_massemail' => $data['massemail'], 'user_allow_viewonline' => !$data['hideonline'], 'user_notify_type' => $data['notifymethod'], 'user_notify_pm' => $data['notifypm'], 'user_dateformat' => $data['dateformat'], 'user_lang' => $data['lang'], 'user_timezone' => $data['tz'], 'user_style' => $data['style'], 'user_topic_sortby_type' => $data['topic_sk'], 'user_post_sortby_type' => $data['post_sk'], 'user_topic_sortby_dir' => $data['topic_sd'], 'user_post_sortby_dir' => $data['post_sd'], 'user_topic_show_days' => $data['topic_st'], 'user_post_show_days' => $data['post_st'], 'user_notify' => $data['notify']); /** * Modify SQL query before users preferences are updated * * @event core.acp_users_prefs_modify_sql * @var array data Array with users preferences data * @var array user_row Array with user data * @var array sql_ary SQL array with users preferences data to update * @var array error Array with errors data * @since 3.1.0-b3 */ $vars = array('data', 'user_row', 'sql_ary', 'error'); extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars))); if (!sizeof($error)) { $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); // Check if user has an active session if ($user_row['session_id']) { // We'll update the session if user_allow_viewonline has changed and the user is a bot // Or if it's a regular user and the admin set it to hide the session if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) { // We also need to check if the user has the permission to cloak. $user_auth = new \phpbb\auth\auth(); $user_auth->acl($user_row); $session_sql_ary = array('session_viewonline' => $user_auth->acl_get('u_hideonline') ? $sql_ary['user_allow_viewonline'] : true); $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "\n\t\t\t\t\t\t\t\t\t\tWHERE session_user_id = {$user_id}"; $db->sql_query($sql); unset($user_auth); } } trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } } // Replace "error" strings with their real, localised form $error = array_map(array($user, 'lang'), $error); } $dateformat_options = ''; foreach ($user->lang['dateformats'] as $format => $null) { $dateformat_options .= '<option value="' . $format . '"' . ($format == $data['dateformat'] ? ' selected="selected"' : '') . '>'; $dateformat_options .= $user->format_date(time(), $format, false) . (strpos($format, '|') !== false ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : ''); $dateformat_options .= '</option>'; } $s_custom = false; $dateformat_options .= '<option value="custom"'; if (!isset($user->lang['dateformats'][$data['dateformat']])) { $dateformat_options .= ' selected="selected"'; $s_custom = true; } $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>'; $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); // Topic ordering options $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); // Post ordering options $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $_options = array('topic', 'post'); foreach ($_options as $sort_option) { ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">'; foreach (${'limit_' . $sort_option . '_days'} as $day => $text) { $selected = $data[$sort_option . '_st'] == $day ? ' selected="selected"' : ''; ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; } ${'s_limit_' . $sort_option . '_days'} .= '</select>'; ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">'; foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) { $selected = $data[$sort_option . '_sk'] == $key ? ' selected="selected"' : ''; ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; } ${'s_sort_' . $sort_option . '_key'} .= '</select>'; ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">'; foreach ($sort_dir_text as $key => $value) { $selected = $data[$sort_option . '_sd'] == $key ? ' selected="selected"' : ''; ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; } phpbb_timezone_select($template, $user, $data['tz'], true); $user_prefs_data = array('S_PREFS' => true, 'S_JABBER_DISABLED' => $config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml') ? false : true, 'VIEW_EMAIL' => $data['viewemail'], 'MASS_EMAIL' => $data['massemail'], 'ALLOW_PM' => $data['allowpm'], 'HIDE_ONLINE' => $data['hideonline'], 'NOTIFY_EMAIL' => $data['notifymethod'] == NOTIFY_EMAIL ? true : false, 'NOTIFY_IM' => $data['notifymethod'] == NOTIFY_IM ? true : false, 'NOTIFY_BOTH' => $data['notifymethod'] == NOTIFY_BOTH ? true : false, 'NOTIFY_PM' => $data['notifypm'], 'BBCODE' => $data['bbcode'], 'SMILIES' => $data['smilies'], 'ATTACH_SIG' => $data['sig'], 'NOTIFY' => $data['notify'], 'VIEW_IMAGES' => $data['view_images'], 'VIEW_FLASH' => $data['view_flash'], 'VIEW_SMILIES' => $data['view_smilies'], 'VIEW_SIGS' => $data['view_sigs'], 'VIEW_AVATARS' => $data['view_avatars'], 'VIEW_WORDCENSOR' => $data['view_wordcensor'], 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days, 'S_TOPIC_SORT_KEY' => $s_sort_topic_key, 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir, 'S_POST_SORT_DAYS' => $s_limit_post_days, 'S_POST_SORT_KEY' => $s_sort_post_key, 'S_POST_SORT_DIR' => $s_sort_post_dir, 'DATE_FORMAT' => $data['dateformat'], 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 'S_CUSTOM_DATEFORMAT' => $s_custom, 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_STYLE_OPTIONS' => style_select($data['style'])); /** * Modify users preferences data before assigning it to the template * * @event core.acp_users_prefs_modify_template_data * @var array data Array with users preferences data * @var array user_row Array with user data * @var array user_prefs_data Array with users preferences data to be assigned to the template * @since 3.1.0-b3 */ $vars = array('data', 'user_row', 'user_prefs_data'); extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars))); $template->assign_vars($user_prefs_data); break; case 'avatar': $avatars_enabled = false; /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); if ($config['allow_avatar']) { $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); // This is normalised data, without the user_ prefix $avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user'); if ($submit) { if (check_form_key($form_name)) { $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) { $driver = $phpbb_avatar_manager->get_driver($driver_name); $result = $driver->process_form($request, $template, $user, $avatar_data, $error); if ($result && empty($error)) { // Success! Lets save the result in the database $result = array('user_avatar_type' => $driver_name, 'user_avatar' => $result['avatar'], 'user_avatar_width' => $result['avatar_width'], 'user_avatar_height' => $result['avatar_height']); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $result) . ' WHERE user_id = ' . (int) $user_id; $db->sql_query($sql); trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } } } else { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } } // Handle deletion of avatars if ($request->is_set_post('avatar_delete')) { if (!confirm_box(true)) { confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array('avatar_delete' => true))); } else { $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_'); trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } } $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type'])); // Assign min and max values before generating avatar driver html $template->assign_vars(array('AVATAR_MIN_WIDTH' => $config['avatar_min_width'], 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'])); foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); $avatars_enabled = true; $template->set_filenames(array('avatar' => $driver->get_acp_template_name())); if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) { $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver); $driver_upper = strtoupper($driver_name); $template->assign_block_vars('avatar_drivers', array('L_TITLE' => $user->lang($driver_upper . '_TITLE'), 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 'DRIVER' => $driver_name, 'SELECTED' => $current_driver == $selected_driver, 'OUTPUT' => $template->assign_display('avatar'))); } } } // Avatar manager is not initialized if avatars are disabled if (isset($phpbb_avatar_manager)) { // Replace "error" strings with their real, localised form $error = $phpbb_avatar_manager->localize_errors($user, $error); } $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true); $template->assign_vars(array('S_AVATAR' => true, 'ERROR' => !empty($error) ? implode('<br />', $error) : '', 'AVATAR' => empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar, 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024), 'S_AVATARS_ENABLED' => $config['allow_avatar'] && $avatars_enabled)); break; case 'rank': if ($submit) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $rank_id = $request->variable('user_rank', 0); $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\t\t\tSET user_rank = {$rank_id}\n\t\t\t\t\t\tWHERE user_id = {$user_id}"; $db->sql_query($sql); trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } $sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $result = $db->sql_query($sql); $s_rank_options = '<option value="0"' . (!$user_row['user_rank'] ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>'; while ($row = $db->sql_fetchrow($result)) { $selected = $user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank'] ? ' selected="selected"' : ''; $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; } $db->sql_freeresult($result); $template->assign_vars(array('S_RANK' => true, 'S_RANK_OPTIONS' => $s_rank_options)); break; case 'sig': if (!function_exists('display_custom_bbcodes')) { include $phpbb_root_path . 'includes/functions_display.' . $phpEx; } $enable_bbcode = $config['allow_sig_bbcode'] ? $this->optionget($user_row, 'sig_bbcode') : false; $enable_smilies = $config['allow_sig_smilies'] ? $this->optionget($user_row, 'sig_smilies') : false; $enable_urls = $config['allow_sig_links'] ? $this->optionget($user_row, 'sig_links') : false; $decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $user_row['user_sig_bbcode_bitfield']); $signature = $request->variable('signature', $decoded_message['text'], true); $signature_preview = ''; if ($submit || $request->is_set_post('preview')) { $enable_bbcode = $config['allow_sig_bbcode'] ? !$request->variable('disable_bbcode', false) : false; $enable_smilies = $config['allow_sig_smilies'] ? !$request->variable('disable_smilies', false) : false; $enable_urls = $config['allow_sig_links'] ? !$request->variable('disable_magic_url', false) : false; if (!check_form_key($form_name)) { $error[] = 'FORM_INVALID'; } } $bbcode_uid = $bbcode_bitfield = $bbcode_flags = ''; $warn_msg = generate_text_for_storage($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags, $enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], 'sig'); if (sizeof($warn_msg)) { $error += $warn_msg; } if (!$submit) { // Parse it for displaying $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags); } else { if (!sizeof($error)) { $this->optionset($user_row, 'sig_bbcode', $enable_bbcode); $this->optionset($user_row, 'sig_smilies', $enable_smilies); $this->optionset($user_row, 'sig_links', $enable_urls); $sql_ary = array('user_sig' => $signature, 'user_options' => $user_row['user_options'], 'user_sig_bbcode_uid' => $bbcode_uid, 'user_sig_bbcode_bitfield' => $bbcode_bitfield); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $db->sql_query($sql); trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } } // Replace "error" strings with their real, localised form $error = array_map(array($user, 'lang'), $error); if ($request->is_set_post('preview')) { $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_bitfield); } /** @var \phpbb\controller\helper $controller_helper */ $controller_helper = $phpbb_container->get('controller.helper'); $template->assign_vars(array('S_SIGNATURE' => true, 'SIGNATURE' => $decoded_message['text'], 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => !$enable_bbcode ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => !$enable_smilies ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => !$enable_urls ? ' checked="checked"' : '', 'BBCODE_STATUS' => $user->lang($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF', '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 'SMILIES_STATUS' => $config['allow_sig_smilies'] ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => $config['allow_sig_img'] ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $config['allow_sig_flash'] ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'URL_STATUS' => $config['allow_sig_links'] ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 'S_BBCODE_IMG' => $config['allow_sig_img'] ? true : false, 'S_BBCODE_FLASH' => $config['allow_sig_flash'] ? true : false, 'S_LINKS_ALLOWED' => $config['allow_sig_links'] ? true : false)); // Assigning custom bbcodes display_custom_bbcodes(); break; case 'attach': /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $start = $request->variable('start', 0); $deletemark = isset($_POST['delmarked']) ? true : false; $marked = $request->variable('mark', array(0)); // Sort keys $sort_key = $request->variable('sk', 'a'); $sort_dir = $request->variable('sd', 'd'); if ($deletemark && sizeof($marked)) { $sql = 'SELECT attach_id FROM ' . ATTACHMENTS_TABLE . ' WHERE poster_id = ' . $user_id . ' AND is_orphan = 0 AND ' . $db->sql_in_set('attach_id', $marked); $result = $db->sql_query($sql); $marked = array(); while ($row = $db->sql_fetchrow($result)) { $marked[] = $row['attach_id']; } $db->sql_freeresult($result); } if ($deletemark && sizeof($marked)) { if (confirm_box(true)) { $sql = 'SELECT real_filename FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', $marked); $result = $db->sql_query($sql); $log_attachments = array(); while ($row = $db->sql_fetchrow($result)) { $log_attachments[] = $row['real_filename']; } $db->sql_freeresult($result); /** @var \phpbb\attachment\manager $attachment_manager */ $attachment_manager = $phpbb_container->get('attachment.manager'); $attachment_manager->delete('attach', $marked); unset($attachment_manager); $message = sizeof($log_attachments) == 1 ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments))); trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'delmarked' => true, 'mark' => $marked))); } } $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); $s_sort_key = ''; foreach ($sk_text as $key => $value) { $selected = $sort_key == $key ? ' selected="selected"' : ''; $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } $s_sort_dir = ''; foreach ($sd_text as $key => $value) { $selected = $sort_dir == $key ? ' selected="selected"' : ''; $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } if (!isset($sk_sql[$sort_key])) { $sort_key = 'a'; } $order_by = $sk_sql[$sort_key] . ' ' . ($sort_dir == 'a' ? 'ASC' : 'DESC'); $sql = 'SELECT COUNT(attach_id) as num_attachments FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\tWHERE poster_id = {$user_id}\n\t\t\t\t\t\tAND is_orphan = 0"; $result = $db->sql_query_limit($sql, 1); $num_attachments = (int) $db->sql_fetchfield('num_attachments'); $db->sql_freeresult($result); $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title FROM ' . ATTACHMENTS_TABLE . ' a LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1) WHERE a.poster_id = ' . $user_id . "\n\t\t\t\t\t\tAND a.is_orphan = 0\n\t\t\t\t\tORDER BY {$order_by}"; $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); while ($row = $db->sql_fetchrow($result)) { if ($row['in_message']) { $view_topic = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&p={$row['post_msg_id']}"); } else { $view_topic = append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "t={$row['topic_id']}&p={$row['post_msg_id']}") . '#p' . $row['post_msg_id']; } $template->assign_block_vars('attach', array('REAL_FILENAME' => $row['real_filename'], 'COMMENT' => nl2br($row['attach_comment']), 'EXTENSION' => $row['extension'], 'SIZE' => get_formatted_filesize($row['filesize']), 'DOWNLOAD_COUNT' => $row['download_count'], 'POST_TIME' => $user->format_date($row['filetime']), 'TOPIC_TITLE' => $row['in_message'] ? $row['message_title'] : $row['topic_title'], 'ATTACH_ID' => $row['attach_id'], 'POST_ID' => $row['post_msg_id'], 'TOPIC_ID' => $row['topic_id'], 'S_IN_MESSAGE' => $row['in_message'], 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.{$phpEx}", 'mode=view&id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic)); } $db->sql_freeresult($result); $base_url = $this->u_action . "&u={$user_id}&sk={$sort_key}&sd={$sort_dir}"; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start); $template->assign_vars(array('S_ATTACHMENTS' => true, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir)); break; case 'groups': if (!function_exists('group_user_attributes')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } $user->add_lang(array('groups', 'acp/groups')); $group_id = $request->variable('g', 0); if ($group_id) { // Check the founder only entry for this group to make sure everything is well $sql = 'SELECT group_founder_manage FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . $group_id; $result = $db->sql_query($sql); $founder_manage = (int) $db->sql_fetchfield('group_founder_manage'); $db->sql_freeresult($result); if ($user->data['user_type'] != USER_FOUNDER && $founder_manage) { trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } } switch ($action) { case 'demote': case 'promote': case 'default': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } group_user_attributes($action, $group_id, $user_id); if ($action == 'default') { $user_row['group_id'] = $group_id; } break; case 'delete': if (confirm_box(true)) { if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($error = group_user_del($group_id, $user_id)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $error = array(); // The delete action was successful - therefore update the user row... $sql = 'SELECT u.*, s.* FROM ' . USERS_TABLE . ' u LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; $result = $db->sql_query_limit($sql, 1); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'g' => $group_id))); } break; case 'approve': if (confirm_box(true)) { if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } group_user_attributes($action, $group_id, $user_id); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'g' => $group_id))); } break; } // Add user to group? if ($submit) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } // Add user/s to group if ($error = group_user_add($group_id, $user_id)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $error = array(); } /** @var \phpbb\group\helper $group_helper */ $group_helper = $phpbb_container->get('group_helper'); $sql = 'SELECT ug.*, g.* FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\tWHERE ug.user_id = {$user_id}\n\t\t\t\t\t\tAND g.group_id = ug.group_id\n\t\t\t\t\tORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name"; $result = $db->sql_query($sql); $i = 0; $group_data = $id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $type = $row['group_type'] == GROUP_SPECIAL ? 'special' : ($row['user_pending'] ? 'pending' : 'normal'); $group_data[$type][$i]['group_id'] = $row['group_id']; $group_data[$type][$i]['group_name'] = $row['group_name']; $group_data[$type][$i]['group_leader'] = $row['group_leader'] ? 1 : 0; $id_ary[] = $row['group_id']; $i++; } $db->sql_freeresult($result); // Select box for other groups $sql = 'SELECT group_id, group_name, group_type, group_founder_manage FROM ' . GROUPS_TABLE . ' ' . (sizeof($id_ary) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . ' ORDER BY group_type DESC, group_name ASC'; $result = $db->sql_query($sql); $s_group_options = ''; while ($row = $db->sql_fetchrow($result)) { if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA') { continue; } // Do not display those groups not allowed to be managed if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage']) { continue; } $s_group_options .= '<option' . ($row['group_type'] == GROUP_SPECIAL ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>'; } $db->sql_freeresult($result); $current_type = ''; foreach ($group_data as $group_type => $data_ary) { if ($current_type != $group_type) { $template->assign_block_vars('group', array('S_NEW_GROUP_TYPE' => true, 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)])); } foreach ($data_ary as $data) { $template->assign_block_vars('group', array('U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=groups&mode=manage&action=edit&u={$user_id}&g={$data['group_id']}&back_link=acp_users_groups"), 'U_DEFAULT' => $this->u_action . "&action=default&u={$user_id}&g=" . $data['group_id'], 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . ($data['group_leader'] ? 'demote' : 'promote') . "&u={$user_id}&g=" . $data['group_id'], 'U_DELETE' => $this->u_action . "&action=delete&u={$user_id}&g=" . $data['group_id'], 'U_APPROVE' => $group_type == 'pending' ? $this->u_action . "&action=approve&u={$user_id}&g=" . $data['group_id'] : '', 'GROUP_NAME' => $group_type == 'special' ? $user->lang['G_' . $data['group_name']] : $data['group_name'], 'L_DEMOTE_PROMOTE' => $data['group_leader'] ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'], 'S_IS_MEMBER' => $group_type != 'pending' ? true : false, 'S_NO_DEFAULT' => $user_row['group_id'] != $data['group_id'] ? true : false, 'S_SPECIAL_GROUP' => $group_type == 'special' ? true : false)); } } $template->assign_vars(array('S_GROUPS' => true, 'S_GROUP_OPTIONS' => $s_group_options)); break; case 'perm': if (!class_exists('auth_admin')) { include $phpbb_root_path . 'includes/acp/auth.' . $phpEx; } $auth_admin = new auth_admin(); $user->add_lang('acp/permissions'); add_permission_language(); $forum_id = $request->variable('f', 0); // Global Permissions if (!$forum_id) { // Select auth options $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . ' WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . ' AND is_global = 1 ORDER BY auth_option'; $result = $db->sql_query($sql); $hold_ary = array(); while ($row = $db->sql_fetchrow($result)) { $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER); $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false); } $db->sql_freeresult($result); unset($hold_ary); } else { $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . "\n\t\t\t\t\t\tWHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . "\n\t\t\t\t\t\t\tAND is_local = 1\n\t\t\t\t\t\tORDER BY is_global DESC, auth_option"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER); $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false); } $db->sql_freeresult($result); } $s_forum_options = '<option value="0"' . (!$forum_id ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>'; $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false); $template->assign_vars(array('S_PERMISSIONS' => true, 'S_GLOBAL' => !$forum_id ? true : false, 'S_FORUM_OPTIONS' => $s_forum_options, 'U_ACTION' => $this->u_action . '&u=' . $user_id, 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=permissions&mode=setting_user_global&user_id[]=' . $user_id), 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id))); break; } // Assign general variables $template->assign_vars(array('S_ERROR' => sizeof($error) ? true : false, 'ERROR_MSG' => sizeof($error) ? implode('<br />', $error) : '')); }
function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; $user->add_lang(array('posting', 'ucp', 'acp/users')); $this->tpl_name = 'acp_users'; $this->page_title = 'ACP_USER_' . strtoupper($mode); $error = array(); $username = utf8_normalize_nfc(request_var('username', '', true)); $user_id = request_var('u', 0); $action = request_var('action', ''); $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false; $form_name = 'acp_users'; add_form_key($form_name); // Whois (special case) if ($action == 'whois') { include($phpbb_root_path . 'includes/functions_user.' . $phpEx); $this->page_title = 'WHOIS'; $this->tpl_name = 'simple_body'; $user_ip = request_var('user_ip', ''); $domain = gethostbyaddr($user_ip); $ipwhois = user_ipwhois($user_ip); $template->assign_vars(array( 'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), 'MESSAGE_TEXT' => nl2br($ipwhois)) ); return; } // Show user selection mask if (!$username && !$user_id) { $this->page_title = 'SELECT_USER'; $template->assign_vars(array( 'U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'), )); return; } if (!$user_id) { $sql = 'SELECT user_id FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_id = (int) $db->sql_fetchfield('user_id'); $db->sql_freeresult($result); if (!$user_id) { trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); } } // Generate content for all modes $sql = 'SELECT u.*, s.* FROM ' . USERS_TABLE . ' u LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); } // Generate overall "header" for user admin $s_form_options = ''; // Build modes dropdown list $sql = 'SELECT module_mode, module_auth FROM ' . MODULES_TABLE . " WHERE module_basename = 'users' AND module_enabled = 1 AND module_class = 'acp' ORDER BY left_id, module_mode"; $result = $db->sql_query($sql); $dropdown_modes = array(); while ($row = $db->sql_fetchrow($result)) { if (!$this->p_master->module_auth($row['module_auth'])) { continue; } $dropdown_modes[$row['module_mode']] = true; } $db->sql_freeresult($result); foreach ($dropdown_modes as $module_mode => $null) { $selected = ($mode == $module_mode) ? ' selected="selected"' : ''; $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>'; } $template->assign_vars(array( 'U_BACK' => $this->u_action, 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"), 'U_ACTION' => $this->u_action . '&u=' . $user_id, 'S_FORM_OPTIONS' => $s_form_options, 'MANAGED_USERNAME' => $user_row['username']) ); // Prevent normal users/admins change/view founders if they are not a founder by themselves if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING); } switch ($mode) { case 'overview': include($phpbb_root_path . 'includes/functions_user.' . $phpEx); $user->add_lang('acp/ban'); $delete = request_var('delete', 0); $delete_type = request_var('delete_type', ''); $ip = request_var('ip', 'ip'); if ($submit) { // You can't delete the founder if ($delete && $user_row['user_type'] != USER_FOUNDER) { if (!$auth->acl_get('a_userdel')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } // Check if the user wants to remove himself or the guest user account if ($user_id == ANONYMOUS) { trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_id == $user->data['user_id']) { trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (confirm_box(true)) { user_delete($delete_type, $user_id, $user_row['username']); add_log('admin', 'LOG_USER_DELETED', $user_row['username']); trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 'u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true, 'delete' => 1, 'delete_type' => $delete_type)) ); } } // Handle quicktool actions switch ($action) { case 'banuser': case 'banemail': case 'banip': if ($user_id == $user->data['user_id']) { trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $ban = array(); switch ($action) { case 'banuser': $ban[] = $user_row['username']; $reason = 'USER_ADMIN_BAN_NAME_REASON'; $log = 'LOG_USER_BAN_USER'; break; case 'banemail': $ban[] = $user_row['user_email']; $reason = 'USER_ADMIN_BAN_EMAIL_REASON'; $log = 'LOG_USER_BAN_EMAIL'; break; case 'banip': $ban[] = $user_row['user_ip']; $sql = 'SELECT DISTINCT poster_ip FROM ' . POSTS_TABLE . " WHERE poster_id = $user_id"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $ban[] = $row['poster_ip']; } $db->sql_freeresult($result); $reason = 'USER_ADMIN_BAN_IP_REASON'; $log = 'LOG_USER_BAN_IP'; break; } $ban_reason = utf8_normalize_nfc(request_var('ban_reason', $user->lang[$reason], true)); $ban_give_reason = utf8_normalize_nfc(request_var('ban_give_reason', '', true)); // Log not used at the moment, we simply utilize the ban function. $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason); trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'reactivate': if ($user_id == $user->data['user_id']) { trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_IGNORE) { trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($config['email_enable']) { include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); $server_url = generate_board_url(); $user_actkey = gen_rand_string(10); $key_len = 54 - (strlen($server_url)); $key_len = ($key_len > 6) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive'; if ($user_row['user_type'] == USER_NORMAL) { user_active_flip('deactivate', $user_id, INACTIVE_REMIND); $sql = 'UPDATE ' . USERS_TABLE . " SET user_actkey = '" . $db->sql_escape($user_actkey) . "' WHERE user_id = $user_id"; $db->sql_query($sql); } else { // Grabbing the last confirm key - we only send a reminder $sql = 'SELECT user_actkey FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); $user_actkey = (string) $db->sql_fetchfield('user_actkey'); $db->sql_freeresult($result); } $messenger = new messenger(false); $messenger->template($email_template, $user_row['user_lang']); $messenger->to($user_row['user_email'], $user_row['username']); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") ); $messenger->send(NOTIFY_EMAIL); add_log('admin', 'LOG_USER_REACTIVATE', $user_row['username']); add_log('user', $user_id, 'LOG_USER_REACTIVATE_USER'); trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id)); } break; case 'active': if ($user_id == $user->data['user_id']) { // It is only deactivation since the user is already activated (else he would not have reached this page) trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_IGNORE) { trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } user_active_flip('flip', $user_id); $message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED'; $log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE'; add_log('admin', $log, $user_row['username']); add_log('user', $user_id, $log . '_USER'); trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delsig': if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $sql_ary = array( 'user_sig' => '', 'user_sig_bbcode_uid' => '', 'user_sig_bbcode_bitfield' => '' ); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = $user_id"; $db->sql_query($sql); add_log('admin', 'LOG_USER_DEL_SIG', $user_row['username']); add_log('user', $user_id, 'LOG_USER_DEL_SIG_USER'); trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delavatar': if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $sql_ary = array( 'user_avatar' => '', 'user_avatar_type' => 0, 'user_avatar_width' => 0, 'user_avatar_height' => 0, ); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = $user_id"; $db->sql_query($sql); // Delete old avatar if present if ($user_row['user_avatar'] && $user_row['user_avatar_type'] != AVATAR_GALLERY) { avatar_delete('user', $user_row); } add_log('admin', 'LOG_USER_DEL_AVATAR', $user_row['username']); add_log('user', $user_id, 'LOG_USER_DEL_AVATAR_USER'); trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; case 'delposts': if (confirm_box(true)) { // Delete posts, attachments, etc. delete_posts('poster_id', $user_id); add_log('admin', 'LOG_USER_DEL_POSTS', $user_row['username']); trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 'u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true)) ); } break; case 'delattach': if (confirm_box(true)) { delete_attachments('user', $user_id); add_log('admin', 'LOG_USER_DEL_ATTACH', $user_row['username']); trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 'u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true)) ); } break; case 'moveposts': if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $user->add_lang('acp/forums'); $new_forum_id = request_var('new_f', 0); if (!$new_forum_id) { $this->page_title = 'USER_ADMIN_MOVE_POSTS'; $template->assign_vars(array( 'S_SELECT_FORUM' => true, 'U_ACTION' => $this->u_action . "&action=$action&u=$user_id", 'U_BACK' => $this->u_action . "&u=$user_id", 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true)) ); return; } // Is the new forum postable to? $sql = 'SELECT forum_name, forum_type FROM ' . FORUMS_TABLE . " WHERE forum_id = $new_forum_id"; $result = $db->sql_query($sql); $forum_info = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$forum_info) { trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($forum_info['forum_type'] != FORUM_POST) { trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } // Two stage? // Move topics comprising only posts from this user $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array(); $forum_id_ary = array($new_forum_id); $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts FROM ' . POSTS_TABLE . " WHERE poster_id = $user_id AND forum_id <> $new_forum_id GROUP BY topic_id"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $topic_id_ary[$row['topic_id']] = $row['total_posts']; } $db->sql_freeresult($result); if (sizeof($topic_id_ary)) { $sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real, topic_attachment FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']]) { $move_topic_ary[] = $row['topic_id']; } else { $move_post_ary[$row['topic_id']]['title'] = $row['topic_title']; $move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0; } $forum_id_ary[] = $row['forum_id']; } $db->sql_freeresult($result); } // Entire topic comprises posts by this user, move these topics if (sizeof($move_topic_ary)) { move_topics($move_topic_ary, $new_forum_id, false); } if (sizeof($move_post_ary)) { // Create new topic // Update post_ids, report_ids, attachment_ids foreach ($move_post_ary as $topic_id => $post_ary) { // Create new topic $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'topic_poster' => $user_id, 'topic_time' => time(), 'forum_id' => $new_forum_id, 'icon_id' => 0, 'topic_approved' => 1, 'topic_title' => $post_ary['title'], 'topic_first_poster_name' => $user_row['username'], 'topic_type' => POST_NORMAL, 'topic_time_limit' => 0, 'topic_attachment' => $post_ary['attach']) ); $db->sql_query($sql); $new_topic_id = $db->sql_nextid(); // Move posts $sql = 'UPDATE ' . POSTS_TABLE . " SET forum_id = $new_forum_id, topic_id = $new_topic_id WHERE topic_id = $topic_id AND poster_id = $user_id"; $db->sql_query($sql); if ($post_ary['attach']) { $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " SET topic_id = $new_topic_id WHERE topic_id = $topic_id AND poster_id = $user_id"; $db->sql_query($sql); } $new_topic_id_ary[] = $new_topic_id; } } $forum_id_ary = array_unique($forum_id_ary); $topic_id_ary = array_unique(array_merge($topic_id_ary, $new_topic_id_ary)); if (sizeof($topic_id_ary)) { sync('reported', 'topic_id', $topic_id_ary); sync('topic', 'topic_id', $topic_id_ary); } if (sizeof($forum_id_ary)) { sync('forum', 'forum_id', $forum_id_ary, false, true); } add_log('admin', 'LOG_USER_MOVE_POSTS', $user_row['username'], $forum_info['forum_name']); add_log('user', $user_id, 'LOG_USER_MOVE_POSTS_USER', $forum_info['forum_name']); trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); break; } // Handle registration info updates $data = array( 'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)), 'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 'email' => strtolower(request_var('user_email', $user_row['user_email'])), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), ); // Validation data - we do not check the password complexity setting here $check_ary = array( 'new_password' => array( array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), ); // Check username if altered if ($data['username'] != $user_row['username']) { $check_ary += array( 'username' => array( array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', $user_row['username']) ), ); } // Check email if altered if ($data['email'] != $user_row['user_email']) { $check_ary += array( 'email' => array( array('string', false, 6, 60), array('email', $user_row['user_email']) ), 'email_confirm' => array('string', true, 6, 60) ); } $error = validate_data($data, $check_ary); if ($data['new_password'] && $data['password_confirm'] != $data['new_password']) { $error[] = 'NEW_PASSWORD_ERROR'; } if ($data['email'] != $user_row['user_email'] && $data['email_confirm'] != $data['email']) { $error[] = 'NEW_EMAIL_ERROR'; } if (!check_form_key($form_name)) { $error[] = 'FORM_INVALID'; } // Which updates do we need to do? $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false; $update_password = ($data['new_password'] && !phpbb_check_hash($user_row['user_password'], $data['new_password'])) ? true : false; $update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false; if (!sizeof($error)) { $sql_ary = array(); if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER) { // Only allow founders updating the founder status... if ($user->data['user_type'] == USER_FOUNDER) { // Setting a normal member to be a founder if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER) { // Make sure the user is not setting an Inactive or ignored user to be a founder if ($user_row['user_type'] == USER_IGNORE) { trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($user_row['user_type'] == USER_INACTIVE) { trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $sql_ary['user_type'] = USER_FOUNDER; } else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER) { // Check if at least one founder is present $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE user_type = ' . USER_FOUNDER . ' AND user_id <> ' . $user_id; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $sql_ary['user_type'] = USER_NORMAL; } else { trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } } } } if ($update_username !== false) { $sql_ary['username'] = $update_username; $sql_ary['username_clean'] = utf8_clean_string($update_username); add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username); } if ($update_email !== false) { $sql_ary += array( 'user_email' => $update_email, 'user_email_hash' => crc32($update_email) . strlen($update_email) ); add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email); } if ($update_password) { $sql_ary += array( 'user_password' => phpbb_hash($data['new_password']), 'user_passchg' => time(), 'user_pass_convert' => 0, ); $user->reset_login_keys($user_id); add_log('user', $user_id, 'LOG_USER_NEW_PASSWORD', $user_row['username']); } if (sizeof($sql_ary)) { $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $db->sql_query($sql); } if ($update_username) { user_update_name($user_row['username'], $update_username); } // Let the users permissions being updated $auth->acl_clear_prefetch($user_id); add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']); trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } if ($user_id == $user->data['user_id']) { $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH'); } else { $quick_tool_ary = array(); if ($user_row['user_type'] != USER_FOUNDER) { $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP'); } if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE) { $quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE')); } $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH'); if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE)) { $quick_tool_ary['reactivate'] = 'FORCE'; } } $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>'; foreach ($quick_tool_ary as $value => $lang) { $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>'; } if ($config['load_onlinetrack']) { $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline FROM ' . SESSIONS_TABLE . " WHERE session_user_id = $user_id"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0; $user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0; unset($row); } $last_visit = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit']; $inactive_reason = ''; if ($user_row['user_type'] == USER_INACTIVE) { $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN']; switch ($user_row['user_inactive_reason']) { case INACTIVE_REGISTER: $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER']; break; case INACTIVE_PROFILE: $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE']; break; case INACTIVE_MANUAL: $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL']; break; case INACTIVE_REMIND: $inactive_reason = $user->lang['INACTIVE_REASON_REMIND']; break; } } $template->assign_vars(array( 'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, 'S_OVERVIEW' => true, 'S_USER_IP' => ($user_row['user_ip']) ? true : false, 'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false, 'S_ACTION_OPTIONS' => $s_action_options, 'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false, 'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false, 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}") : '', 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], 'USER_LASTACTIVE' => ($last_visit) ? $user->format_date($last_visit) : ' - ', 'USER_EMAIL' => $user_row['user_email'], 'USER_WARNINGS' => $user_row['user_warnings'], 'USER_POSTS' => $user_row['user_posts'], 'USER_INACTIVE_REASON' => $inactive_reason, )); break; case 'feedback': $user->add_lang('mcp'); // Set up general vars $start = request_var('start', 0); $deletemark = (isset($_POST['delmarked'])) ? true : false; $deleteall = (isset($_POST['delall'])) ? true : false; $marked = request_var('mark', array(0)); $message = utf8_normalize_nfc(request_var('message', '', true)); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $where_sql = ''; if ($deletemark && $marked) { $sql_in = array(); foreach ($marked as $mark) { $sql_in[] = $mark; } $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); unset($sql_in); } if ($where_sql || $deleteall) { $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE log_type = ' . LOG_USERS . " $where_sql"; $db->sql_query($sql); add_log('admin', 'LOG_CLEAR_USER', $user_row['username']); } } if ($submit && $message) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } add_log('admin', 'LOG_USER_FEEDBACK', $user_row['username']); add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $user_row['username']); add_log('user', $user_id, 'LOG_USER_GENERAL', $message); trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Define where and sort sql for use in displaying logs $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0; $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC'); // Grab log data $log_data = array(); $log_count = 0; view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); $template->assign_vars(array( 'S_FEEDBACK' => true, 'S_ON_PAGE' => on_page($log_count, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&u=$user_id&$u_sort_param", $log_count, $config['topics_per_page'], $start, true), 'S_LIMIT_DAYS' => $s_limit_days, 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs')) ); foreach ($log_data as $row) { $template->assign_block_vars('log', array( 'USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => nl2br($row['action']), 'ID' => $row['id']) ); } break; case 'profile': include($phpbb_root_path . 'includes/functions_user.' . $phpEx); include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx); $cp = new custom_profile(); $cp_data = $cp_error = array(); $sql = 'SELECT lang_id FROM ' . LANG_TABLE . " WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $user_row['iso_lang_id'] = $row['lang_id']; $data = array( 'icq' => request_var('icq', $user_row['user_icq']), 'aim' => request_var('aim', $user_row['user_aim']), 'msn' => request_var('msn', $user_row['user_msnm']), 'yim' => request_var('yim', $user_row['user_yim']), 'jabber' => utf8_normalize_nfc(request_var('jabber', $user_row['user_jabber'], true)), 'website' => request_var('website', $user_row['user_website']), 'location' => utf8_normalize_nfc(request_var('location', $user_row['user_from'], true)), 'occupation' => utf8_normalize_nfc(request_var('occupation', $user_row['user_occ'], true)), 'interests' => utf8_normalize_nfc(request_var('interests', $user_row['user_interests'], true)), 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0, ); if ($user_row['user_birthday']) { list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']); } $data['bday_day'] = request_var('bday_day', $data['bday_day']); $data['bday_month'] = request_var('bday_month', $data['bday_month']); $data['bday_year'] = request_var('bday_year', $data['bday_year']); if ($submit) { $error = validate_data($data, array( 'icq' => array( array('string', true, 3, 15), array('match', true, '#^[0-9]+$#i')), 'aim' => array('string', true, 3, 255), 'msn' => array('string', true, 5, 255), 'jabber' => array( array('string', true, 5, 255), array('jabber')), 'yim' => array('string', true, 5, 255), 'website' => array( array('string', true, 12, 255), array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i')), 'location' => array('string', true, 2, 255), 'occupation' => array('string', true, 2, 500), 'interests' => array('string', true, 2, 500), 'bday_day' => array('num', true, 1, 31), 'bday_month' => array('num', true, 1, 12), 'bday_year' => array('num', true, 1901, gmdate('Y', time())), )); // validate custom profile fields $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error); if (sizeof($cp_error)) { $error = array_merge($error, $cp_error); } if (!check_form_key($form_name)) { $error[] = 'FORM_INVALID'; } if (!sizeof($error)) { $sql_ary = array( 'user_icq' => $data['icq'], 'user_aim' => $data['aim'], 'user_msnm' => $data['msn'], 'user_yim' => $data['yim'], 'user_jabber' => $data['jabber'], 'user_website' => $data['website'], 'user_from' => $data['location'], 'user_occ' => $data['occupation'], 'user_interests'=> $data['interests'], 'user_birthday' => sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']), ); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = $user_id"; $db->sql_query($sql); // Update Custom Fields if (sizeof($cp_data)) { switch ($db->sql_layer) { case 'oracle': case 'firebird': case 'postgres': $right_delim = $left_delim = '"'; break; case 'sqlite': case 'mssql': case 'mssql_odbc': $right_delim = ']'; $left_delim = '['; break; case 'mysql': case 'mysql4': case 'mysqli': $right_delim = $left_delim = '`'; break; } foreach ($cp_data as $key => $value) { $cp_data[$left_delim . $key . $right_delim] = $value; unset($cp_data[$key]); } $sql = 'UPDATE ' . PROFILE_FIELDS_DATA_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $cp_data) . " WHERE user_id = $user_id"; $db->sql_query($sql); if (!$db->sql_affectedrows()) { $cp_data['user_id'] = (int) $user_id; $db->sql_return_on_error(true); $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $cp_data); $db->sql_query($sql); $db->sql_return_on_error(false); } } trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 32; $i++) { $selected = ($i == $data['bday_day']) ? ' selected="selected"' : ''; $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>"; } $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 13; $i++) { $selected = ($i == $data['bday_month']) ? ' selected="selected"' : ''; $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>"; } $s_birthday_year_options = ''; $now = getdate(); $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>'; for ($i = $now['year'] - 100; $i < $now['year']; $i++) { $selected = ($i == $data['bday_year']) ? ' selected="selected"' : ''; $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>"; } unset($now); $template->assign_vars(array( 'ICQ' => $data['icq'], 'YIM' => $data['yim'], 'AIM' => $data['aim'], 'MSN' => $data['msn'], 'JABBER' => $data['jabber'], 'WEBSITE' => $data['website'], 'LOCATION' => $data['location'], 'OCCUPATION' => $data['occupation'], 'INTERESTS' => $data['interests'], 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 'S_PROFILE' => true) ); // Get additional profile fields and assign them to the template block var 'profile_fields' $user->get_profile_fields($user_id); $cp->generate_profile_fields('profile', $user_row['iso_lang_id']); break; case 'prefs': include($phpbb_root_path . 'includes/functions_user.' . $phpEx); $data = array( 'dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)), 'lang' => basename(request_var('lang', $user_row['user_lang'])), 'tz' => request_var('tz', (float) $user_row['user_timezone']), 'style' => request_var('style', $user_row['user_style']), 'dst' => request_var('dst', $user_row['user_dst']), 'viewemail' => request_var('viewemail', $user_row['user_allow_viewemail']), 'massemail' => request_var('massemail', $user_row['user_allow_massemail']), 'hideonline' => request_var('hideonline', !$user_row['user_allow_viewonline']), 'notifymethod' => request_var('notifymethod', $user_row['user_notify_type']), 'notifypm' => request_var('notifypm', $user_row['user_notify_pm']), 'popuppm' => request_var('popuppm', $this->optionget($user_row, 'popuppm')), 'allowpm' => request_var('allowpm', $user_row['user_allow_pm']), 'topic_sk' => request_var('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'), 'topic_sd' => request_var('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'), 'topic_st' => request_var('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0), 'post_sk' => request_var('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'), 'post_sd' => request_var('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'), 'post_st' => request_var('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0), 'view_images' => request_var('view_images', $this->optionget($user_row, 'viewimg')), 'view_flash' => request_var('view_flash', $this->optionget($user_row, 'viewflash')), 'view_smilies' => request_var('view_smilies', $this->optionget($user_row, 'viewsmilies')), 'view_sigs' => request_var('view_sigs', $this->optionget($user_row, 'viewsigs')), 'view_avatars' => request_var('view_avatars', $this->optionget($user_row, 'viewavatars')), 'view_wordcensor' => request_var('view_wordcensor', $this->optionget($user_row, 'viewcensors')), 'bbcode' => request_var('bbcode', $this->optionget($user_row, 'bbcode')), 'smilies' => request_var('smilies', $this->optionget($user_row, 'smilies')), 'sig' => request_var('sig', $this->optionget($user_row, 'attachsig')), 'notify' => request_var('notify', $user_row['user_notify']), ); if ($submit) { $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), 'tz' => array('num', false, -14, 14), 'topic_sk' => array('string', false, 1, 1), 'topic_sd' => array('string', false, 1, 1), 'post_sk' => array('string', false, 1, 1), 'post_sd' => array('string', false, 1, 1), )); if (!check_form_key($form_name)) { $error[] = 'FORM_INVALID'; } if (!sizeof($error)) { $this->optionset($user_row, 'popuppm', $data['popuppm']); $this->optionset($user_row, 'viewimg', $data['view_images']); $this->optionset($user_row, 'viewflash', $data['view_flash']); $this->optionset($user_row, 'viewsmilies', $data['view_smilies']); $this->optionset($user_row, 'viewsigs', $data['view_sigs']); $this->optionset($user_row, 'viewavatars', $data['view_avatars']); $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']); $this->optionset($user_row, 'bbcode', $data['bbcode']); $this->optionset($user_row, 'smilies', $data['smilies']); $this->optionset($user_row, 'attachsig', $data['sig']); $sql_ary = array( 'user_options' => $user_row['user_options'], 'user_allow_pm' => $data['allowpm'], 'user_allow_viewemail' => $data['viewemail'], 'user_allow_massemail' => $data['massemail'], 'user_allow_viewonline' => !$data['hideonline'], 'user_notify_type' => $data['notifymethod'], 'user_notify_pm' => $data['notifypm'], 'user_dst' => $data['dst'], 'user_dateformat' => $data['dateformat'], 'user_lang' => $data['lang'], 'user_timezone' => $data['tz'], 'user_style' => $data['style'], 'user_topic_sortby_type' => $data['topic_sk'], 'user_post_sortby_type' => $data['post_sk'], 'user_topic_sortby_dir' => $data['topic_sd'], 'user_post_sortby_dir' => $data['post_sd'], 'user_topic_show_days' => $data['topic_st'], 'user_post_show_days' => $data['post_st'], 'user_notify' => $data['notify'], ); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = $user_id"; $db->sql_query($sql); trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } $dateformat_options = ''; foreach ($user->lang['dateformats'] as $format => $null) { $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>'; $dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : ''); $dateformat_options .= '</option>'; } $s_custom = false; $dateformat_options .= '<option value="custom"'; if (!in_array($data['dateformat'], array_keys($user->lang['dateformats']))) { $dateformat_options .= ' selected="selected"'; $s_custom = true; } $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>'; $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); // Topic ordering options $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); // Post ordering options $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); $_options = array('topic', 'post'); foreach ($_options as $sort_option) { ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">'; foreach (${'limit_' . $sort_option . '_days'} as $day => $text) { $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : ''; ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; } ${'s_limit_' . $sort_option . '_days'} .= '</select>'; ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">'; foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) { $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : ''; ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; } ${'s_sort_' . $sort_option . '_key'} .= '</select>'; ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">'; foreach ($sort_dir_text as $key => $value) { $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : ''; ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; } $template->assign_vars(array( 'S_PREFS' => true, 'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true, 'VIEW_EMAIL' => $data['viewemail'], 'MASS_EMAIL' => $data['massemail'], 'ALLOW_PM' => $data['allowpm'], 'HIDE_ONLINE' => $data['hideonline'], 'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false, 'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false, 'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false, 'NOTIFY_PM' => $data['notifypm'], 'POPUP_PM' => $data['popuppm'], 'DST' => $data['dst'], 'BBCODE' => $data['bbcode'], 'SMILIES' => $data['smilies'], 'ATTACH_SIG' => $data['sig'], 'NOTIFY' => $data['notify'], 'VIEW_IMAGES' => $data['view_images'], 'VIEW_FLASH' => $data['view_flash'], 'VIEW_SMILIES' => $data['view_smilies'], 'VIEW_SIGS' => $data['view_sigs'], 'VIEW_AVATARS' => $data['view_avatars'], 'VIEW_WORDCENSOR' => $data['view_wordcensor'], 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days, 'S_TOPIC_SORT_KEY' => $s_sort_topic_key, 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir, 'S_POST_SORT_DAYS' => $s_limit_post_days, 'S_POST_SORT_KEY' => $s_sort_post_key, 'S_POST_SORT_DIR' => $s_sort_post_dir, 'DATE_FORMAT' => $data['dateformat'], 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 'S_CUSTOM_DATEFORMAT' => $s_custom, 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_STYLE_OPTIONS' => style_select($data['style']), 'S_TZ_OPTIONS' => tz_select($data['tz'], true), ) ); break; case 'avatar': include($phpbb_root_path . 'includes/functions_display.' . $phpEx); include($phpbb_root_path . 'includes/functions_user.' . $phpEx); $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; if ($submit) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (avatar_process_user($error, $user_row)) { trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_row['user_id'])); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } // Generate users avatar $avatar_img = ($user_row['user_avatar']) ? get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']) : '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />'; $display_gallery = (isset($_POST['display_gallery'])) ? true : false; $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); if ($config['allow_avatar_local'] && $display_gallery) { avatar_gallery($category, $avatar_select, 4); } $template->assign_vars(array( 'S_AVATAR' => true, 'S_CAN_UPLOAD' => ($can_upload && $config['allow_avatar_upload']) ? true : false, 'S_ALLOW_REMOTE' => ($config['allow_avatar_remote']) ? true : false, 'S_DISPLAY_GALLERY' => ($config['allow_avatar_local'] && !$display_gallery) ? true : false, 'S_IN_GALLERY' => ($config['allow_avatar_local'] && $display_gallery) ? true : false, 'AVATAR_IMAGE' => $avatar_img, 'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'], 'USER_AVATAR_WIDTH' => $user_row['user_avatar_width'], 'USER_AVATAR_HEIGHT' => $user_row['user_avatar_height'], 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024))) ); break; case 'rank': if ($submit) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $rank_id = request_var('user_rank', 0); $sql = 'UPDATE ' . USERS_TABLE . " SET user_rank = $rank_id WHERE user_id = $user_id"; $db->sql_query($sql); trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } $sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $result = $db->sql_query($sql); $s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>'; while ($row = $db->sql_fetchrow($result)) { $selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : ''; $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; } $db->sql_freeresult($result); $template->assign_vars(array( 'S_RANK' => true, 'S_RANK_OPTIONS' => $s_rank_options) ); break; case 'sig': include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx); $enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', !$user->optionget('bbcode'))) ? false : true) : false; $enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', !$user->optionget('smilies'))) ? false : true) : false; $enable_urls = ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false; $signature = utf8_normalize_nfc(request_var('signature', (string) $user_row['user_sig'], true)); $preview = (isset($_POST['preview'])) ? true : false; if ($submit || $preview) { include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx); $message_parser = new parse_message($signature); // Allowing Quote BBCode $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig'); if (sizeof($message_parser->warn_msg)) { $error[] = implode('<br />', $message_parser->warn_msg); } if (!check_form_key($form_name)) { $error = 'FORM_INVALID'; } if (!sizeof($error) && $submit) { $sql_ary = array( 'user_sig' => (string) $message_parser->message, 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => (string) $message_parser->bbcode_bitfield ); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $db->sql_query($sql); trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } $signature_preview = ''; if ($preview) { // Now parse it for displaying $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); unset($message_parser); } decode_message($signature, $user_row['user_sig_bbcode_uid']); $template->assign_vars(array( 'S_SIGNATURE' => true, 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '', 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false, 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false, 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) ); // Assigning custom bbcodes display_custom_bbcodes(); break; case 'attach': $start = request_var('start', 0); $deletemark = (isset($_POST['delmarked'])) ? true : false; $marked = request_var('mark', array(0)); // Sort keys $sort_key = request_var('sk', 'a'); $sort_dir = request_var('sd', 'd'); if ($deletemark && sizeof($marked)) { $sql = 'SELECT attach_id FROM ' . ATTACHMENTS_TABLE . ' WHERE poster_id = ' . $user_id . ' AND is_orphan = 0 AND ' . $db->sql_in_set('attach_id', $marked); $result = $db->sql_query($sql); $marked = array(); while ($row = $db->sql_fetchrow($result)) { $marked[] = $row['attach_id']; } $db->sql_freeresult($result); } if ($deletemark && sizeof($marked)) { if (confirm_box(true)) { $sql = 'SELECT real_filename FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', $marked); $result = $db->sql_query($sql); $log_attachments = array(); while ($row = $db->sql_fetchrow($result)) { $log_attachments[] = $row['real_filename']; } $db->sql_freeresult($result); delete_attachments('attach', $marked); $message = (sizeof($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']; add_log('admin', 'LOG_ATTACHMENTS_DELETED', implode(', ', $log_attachments)); trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 'u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'delmarked' => true, 'mark' => $marked)) ); } } $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); $s_sort_key = ''; foreach ($sk_text as $key => $value) { $selected = ($sort_key == $key) ? ' selected="selected"' : ''; $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } $s_sort_dir = ''; foreach ($sd_text as $key => $value) { $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } if (!isset($sk_sql[$sort_key])) { $sort_key = 'a'; } $order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC'); $sql = 'SELECT COUNT(attach_id) as num_attachments FROM ' . ATTACHMENTS_TABLE . " WHERE poster_id = $user_id AND is_orphan = 0"; $result = $db->sql_query_limit($sql, 1); $num_attachments = (int) $db->sql_fetchfield('num_attachments'); $db->sql_freeresult($result); $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title FROM ' . ATTACHMENTS_TABLE . ' a LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1) WHERE a.poster_id = ' . $user_id . " AND a.is_orphan = 0 ORDER BY $order_by"; $result = $db->sql_query_limit($sql, $config['posts_per_page'], $start); while ($row = $db->sql_fetchrow($result)) { if ($row['in_message']) { $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}"); } else { $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . '#p' . $row['post_msg_id']; } $template->assign_block_vars('attach', array( 'REAL_FILENAME' => $row['real_filename'], 'COMMENT' => nl2br($row['attach_comment']), 'EXTENSION' => $row['extension'], 'SIZE' => ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']), 'DOWNLOAD_COUNT' => $row['download_count'], 'POST_TIME' => $user->format_date($row['filetime']), 'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'], 'ATTACH_ID' => $row['attach_id'], 'POST_ID' => $row['post_msg_id'], 'TOPIC_ID' => $row['topic_id'], 'S_IN_MESSAGE' => $row['in_message'], 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic) ); } $db->sql_freeresult($result); $template->assign_vars(array( 'S_ATTACHMENTS' => true, 'S_ON_PAGE' => on_page($num_attachments, $config['topics_per_page'], $start), 'S_SORT_KEY' => $s_sort_key, 'S_SORT_DIR' => $s_sort_dir, 'PAGINATION' => generate_pagination($this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir", $num_attachments, $config['topics_per_page'], $start, true)) ); break; case 'groups': include($phpbb_root_path . 'includes/functions_user.' . $phpEx); $user->add_lang(array('groups', 'acp/groups')); $group_id = request_var('g', 0); if ($group_id) { // Check the founder only entry for this group to make sure everything is well $sql = 'SELECT group_founder_manage FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . $group_id; $result = $db->sql_query($sql); $founder_manage = (int) $db->sql_fetchfield('group_founder_manage'); $db->sql_freeresult($result); if ($user->data['user_type'] != USER_FOUNDER && $founder_manage) { trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } } else { $founder_manage = 0; } switch ($action) { case 'demote': case 'promote': case 'default': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } group_user_attributes($action, $group_id, $user_id); if ($action == 'default') { $user_row['group_id'] = $group_id; } break; case 'delete': if (confirm_box(true)) { if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if ($error = group_user_del($group_id, $user_id)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $error = array(); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 'u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'g' => $group_id)) ); } break; } // Add user to group? if ($submit) { if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } // Add user/s to group if ($error = group_user_add($group_id, $user_id)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } $error = array(); } $sql = 'SELECT ug.*, g.* FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug WHERE ug.user_id = $user_id AND g.group_id = ug.group_id ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name"; $result = $db->sql_query($sql); $i = 0; $group_data = $id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal'); $group_data[$type][$i]['group_id'] = $row['group_id']; $group_data[$type][$i]['group_name'] = $row['group_name']; $group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0; $id_ary[] = $row['group_id']; $i++; } $db->sql_freeresult($result); // Select box for other groups $sql = 'SELECT group_id, group_name, group_type, group_founder_manage FROM ' . GROUPS_TABLE . ' ' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . ' ORDER BY group_type DESC, group_name ASC'; $result = $db->sql_query($sql); $s_group_options = ''; while ($row = $db->sql_fetchrow($result)) { if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA') { continue; } // Do not display those groups not allowed to be managed if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage']) { continue; } $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; } $db->sql_freeresult($result); $current_type = ''; foreach ($group_data as $group_type => $data_ary) { if ($current_type != $group_type) { $template->assign_block_vars('group', array( 'S_NEW_GROUP_TYPE' => true, 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)]) ); } foreach ($data_ary as $data) { $template->assign_block_vars('group', array( 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"), 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'], 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'], 'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'], 'GROUP_NAME' => ($group_type == 'special') ? $user->lang['G_' . $data['group_name']] : $data['group_name'], 'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'], 'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false, 'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false, ) ); } } $template->assign_vars(array( 'S_GROUPS' => true, 'S_GROUP_OPTIONS' => $s_group_options) ); break; case 'perm': include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); $auth_admin = new auth_admin(); $user->add_lang('acp/permissions'); add_permission_language(); $forum_id = request_var('f', 0); // Global Permissions if (!$forum_id) { // Select auth options $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . ' WHERE auth_option ' . $db->sql_like_expression($db->any_char . '_') . ' AND is_global = 1 ORDER BY auth_option'; $result = $db->sql_query($sql); $hold_ary = array(); while ($row = $db->sql_fetchrow($result)) { $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER); $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false); } $db->sql_freeresult($result); unset($hold_ary); } else { $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . " WHERE auth_option " . $db->sql_like_expression($db->any_char . '_') . " AND is_local = 1 ORDER BY is_global DESC, auth_option"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER); $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false); } $db->sql_freeresult($result); } $s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>'; $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false); $template->assign_vars(array( 'S_PERMISSIONS' => true, 'S_GLOBAL' => (!$forum_id) ? true : false, 'S_FORUM_OPTIONS' => $s_forum_options, 'U_ACTION' => $this->u_action . '&u=' . $user_id, 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id), 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id)) ); break; } // Assign general variables $template->assign_vars(array( 'S_ERROR' => (sizeof($error)) ? true : false, 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '') ); }