// check to see if there is already a ban record for this user in the userban table
if ($check = $vbulletin->db->query_first("SELECT userid, liftdate FROM " . TABLE_PREFIX . "userban WHERE userid = {$user['userid']}")) {
if ($liftdate and $liftdate < $check['liftdate']) {
if (!$canunbanuser) {
print_modcp_stop_message2('no_permission_un_ban_users');
}
}
// there is already a record - just update this record
$vbulletin->db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "userban SET\n\t\t\tbandate = " . TIMENOW . ",\n\t\t\tliftdate = {$liftdate},\n\t\t\tadminid = " . $vbulletin->userinfo['userid'] . ",\n\t\t\treason = '" . $vbulletin->db->escape_string($vbulletin->GPC['reason']) . "'\n\t\t\tWHERE userid = {$user['userid']}\n\t\t");
} else {
// insert a record into the userban table
/*insert query*/
$vbulletin->db->query_write("\n\t\t\tINSERT INTO " . TABLE_PREFIX . "userban\n\t\t\t(userid, usergroupid, displaygroupid, customtitle, usertitle, adminid, bandate, liftdate, reason)\n\t\t\tVALUES\n\t\t\t({$user['userid']}, {$user['usergroupid']}, {$user['displaygroupid']}, {$user['customtitle']}, '" . $vbulletin->db->escape_string($user['usertitle']) . "', " . $vbulletin->userinfo['userid'] . ", " . TIMENOW . ", {$liftdate}, '" . $vbulletin->db->escape_string($vbulletin->GPC['reason']) . "')\n\t\t");
}
// update the user record
$userdm = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdm->set_existing($user);
$userdm->set('usergroupid', $vbulletin->GPC['usergroupid']);
$userdm->set('displaygroupid', 0);
// update the user's title if they've specified a special user title for the banned group
if ($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle'] != '') {
$userdm->set('usertitle', $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle']);
$userdm->set('customtitle', 0);
}
$userdm->save();
unset($userdm);
if ($vbulletin->GPC['period'] == 'PERMANENT') {
print_modcp_stop_message2(array('user_x_has_been_banned_permanently', $user['username']), 'banning');
} else {
print_modcp_stop_message2(array('user_x_has_been_banned_until_y', $user['username'], vbdate($vbulletin->options['dateformat'] . ' ' . $vbulletin->options['timeformat'], $liftdate)), 'banning');
}
// ###################### Start Update Avatar ################
if ($_POST['do'] == 'updateavatar') {
if (!can_moderate(0, 'caneditavatar')) {
print_modcp_stop_message2('no_permission_avatars');
}
$vbulletin->input->clean_array_gpc('p', array('avatarid' => vB_Cleaner::TYPE_INT, 'avatarurl' => vB_Cleaner::TYPE_STR, 'resize' => vB_Cleaner::TYPE_BOOL));
if (is_unalterable_user($vbulletin->GPC['userid'])) {
print_modcp_stop_message2('user_is_protected_from_alteration_by_undeletableusers_var');
}
$useavatar = iif($vbulletin->GPC['avatarid'] == -1, 0, 1);
$userinfo = fetch_userinfo($vbulletin->GPC['userid']);
if (!$userinfo) {
print_modcp_stop_message2('invalid_user_specified');
}
// init user datamanager
$userdata = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_CP);
$userdata->set_existing($userinfo);
if ($useavatar) {
if (!$vbulletin->GPC['avatarid']) {
// custom avatar
$vbulletin->input->clean_gpc('f', 'upload', vB_Cleaner::TYPE_FILE);
require_once DIR . '/includes/class_upload.php';
$upload = new vB_Upload_Userpic($vbulletin);
$upload->data = new vB_DataManager_Userpic_Avatar($vbulletin, vB_DataManager_Constants::ERRTYPE_CP);
$object =& vB_DataManager_Userpic::fetch_library($vbulletin, vB_DataManager_Constants::ERRTYPE_CP);
$upload->data->validfields = array_merge($object->validfields, $upload->data->validfields);
$upload->image =& vB_Image::instance();
$upload->userinfo =& $userinfo;
cache_permissions($userinfo, false);
// user's group doesn't have permission to use custom avatars so set override
if (!($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canuseavatar'])) {
/**
* Unvote a node
*
* @param int $nodeid Node ID.
* @return array New Node info.
* @see vB_Api_Node::getNode()
* @throws vB_Exception_Api
*/
public function unvote($nodeid)
{
$node = vB_Api::instanceInternal('node')->getNodeFullContent($nodeid);
$node = $node[$nodeid];
$this->checkCanUseRep($node);
$loginuser =& vB::getCurrentSession()->fetch_userinfo();
if ($node['userid'] == $loginuser['userid']) {
// Can't vote own node
throw new vB_Exception_Api('reputationownpost');
}
// Check if the user has already reputation this node
$existingreputation = $this->assertor->getRow('vBForum:reputation', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'nodeid' => $node['nodeid'], 'whoadded' => $loginuser['userid']));
if (!$existingreputation) {
throw new vB_Exception_Api('reputationnovote');
}
$userinfo = vB_Api::instanceInternal('user')->fetchUserinfo($node['userid']);
if (!$userinfo['userid']) {
throw new vB_Exception_Api('invalidid', 'User');
}
$usergroupcache = vB::getDatastore()->getValue('usergroupcache');
$bf_ugp_genericoptions = vB::getDatastore()->getValue('bf_ugp_genericoptions');
if (!($usergroupcache["{$userinfo['usergroupid']}"]['genericoptions'] & $bf_ugp_genericoptions['isnotbannedgroup'])) {
throw new vB_Exception_Api('reputationbanned');
}
$userinfo['reputation'] -= $existingreputation['reputation'];
// Determine this user's reputationlevelid.
$reputationlevelid = $this->assertor->getField('vBForum:reputation_userreputationlevel', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'reputation' => $userinfo['reputation']));
// init user data manager
$userdata = new vB_Datamanager_User(NULL, vB_DataManager_Constants::ERRTYPE_STANDARD);
$userdata->set_existing($userinfo);
$userdata->set('reputation', $userinfo['reputation']);
$userdata->set('reputationlevelid', intval($reputationlevelid));
$userdata->pre_save();
// Delete existing vote
$this->assertor->assertQuery('vBForum:reputation', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_DELETE, 'reputationid' => $existingreputation['reputationid']));
$userdata->save();
$condition = array('nodeid' => $nodeid);
$this->assertor->assertQuery('vBForum:updateNodeVotes', $condition);
$votesCount = $this->assertor->getField('vBForum:node', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, vB_dB_Query::COLUMNS_KEY => array('votes'), vB_dB_Query::CONDITIONS_KEY => $condition));
if ($votesCount == 0) {
/*
TODO: add test for below code
*/
/*
TODO Add a new delete event for LikedNode and replace below with a dismiss event!
*/
// we need to remove the notification
$typesByTypename = vB_Library::instance('notification')->getNotificationTypes();
$typeid = $typesByTypename[vB_Notification_LikedNode::TYPENAME]['typeid'];
$notificationInfo = array('recipient' => $node['userid'], 'sentbynodeid' => $nodeid, 'typeid' => $typeid);
$notification = $this->assertor->getRow('vBForum:notification', $notificationInfo);
if (isset($notification['notificationid'])) {
vB_Library::instance('notification')->deleteNotification($notification['notificationid']);
}
}
// Expire node cache so this like displays correctly
vB_Cache::instance()->allCacheEvent('nodeChg_' . $nodeid);
return array('nodeid' => $nodeid, 'votes' => $votesCount);
}
} else {
// Legacy Hook 'admin_moderator_killall' Removed //
$assertor->assertQuery('vBForum:moderator', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_DELETE, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'userid', 'value' => $vbulletin->GPC['userid'], 'operator' => vB_dB_Query::OPERATOR_EQ), array('field' => 'nodeid', 'value' => 0, 'operator' => vB_dB_Query::OPERATOR_GT))));
// if the user is in the moderators usergroup, then move them to registered users usergroup
if ($getuserid['usergroupid'] == 7) {
if (!$getuserid['customtitle']) {
if (!$vbulletin->usergroupcache["2"]['usertitle']) {
$gettitle = $assertor->getRow('usertitle', array(vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'minposts', 'value' => $getuserid[posts], vB_dB_Query::OPERATOR_KEY => vB_dB_Query::OPERATOR_LTE))), array('field' => array('minposts'), 'direction' => array(vB_dB_Query::SORT_DESC)));
$usertitle = $gettitle['title'];
} else {
$usertitle = $vbulletin->usergroupcache["2"]['usertitle'];
}
} else {
$usertitle = $getuserid['usertitle'];
}
$userdm = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdm->set_existing($getuserid);
$userdm->set('usergroupid', 2);
$getuserid['usergroupid'] = 2;
if ($getuserid['displaygroupid'] == 7) {
$userdm->set('displaygroupid', 2);
$getuserid['displaygroupid'] = 2;
}
$userdm->set('usertitle', $usertitle);
$userdm->save();
unset($userdm);
}
print_stop_message2('deleted_moderators_successfully', 'moderator', array('do' => 'showlist'));
}
}
print_cp_footer();
/**
* Update user's display group
*
* @param $userid User ID
* @param $usergroupid Usergroup ID to be used as display group
* @return void
*/
public function updateDisplayGroup($userid, $usergroupid)
{
$userinfo = vB_Api::instanceInternal('user')->fetchUserinfo($userid);
$membergroups = fetch_membergroupids_array($userinfo);
$permissions = $userinfo['permissions'];
$vbulletin = vB::get_registry();
$bf_ugp_genericpermissions = vB::getDatastore()->get_value('bf_ugp_genericpermissions');
if ($usergroupid == 0) {
throw new vB_Exception_Api('invalidid', array('usergroupid'));
}
if (!in_array($usergroupid, $membergroups)) {
throw new vB_Exception_Api('notmemberofdisplaygroup');
} else {
$display_usergroup = $vbulletin->usergroupcache["{$usergroupid}"];
//I'm not sure why we require canoverride to set the display group... this is *not* required
//by the the admincp user interface which uses a different method of saving.
if ($usergroupid == $userinfo['usergroupid'] or $display_usergroup['canoverride']) {
$userinfo['displaygroupid'] = $usergroupid;
// init user data manager
$userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED);
$userdata->set_existing($userinfo);
$userdata->set('displaygroupid', $usergroupid);
if (!$userinfo['customtitle']) {
$userdata->set_usertitle($userinfo['customtitle'] ? $userinfo['usertitle'] : '', false, $display_usergroup, $permissions['genericpermissions'] & $bf_ugp_genericpermissions['canusecustomtitle'] ? true : false, $permissions['genericpermissions'] & $bf_ugp_genericpermissions['cancontrolpanel'] ? true : false);
}
$userdata->save();
} else {
throw new vB_Exception_Api('usergroup_invaliddisplaygroup');
}
}
}
/**
* Updates the user status
*
* @param int UserID
* @param String Status to set
*
* @return String Updated status from user.
*/
public function updateStatus($userid = false, $status)
{
$userContext = vB::getUserContext();
$currentUserId = $userContext->fetchUserId();
$userid = intval($userid);
$vboptions = vB::getDatastore()->getValue('options');
if (vB_String::vbStrlen($status) > $vboptions['statusMaxChars']) {
throw new vB_Exception_Api('please_enter_user_status_with_at_most_x_characters', array($vboptions['statusMaxChars']));
}
if ($userid <= 0 and $currentUserId) {
$userid = $currentUserId;
}
// check user is logged
if (!$userid or !$currentUserId) {
throw new vB_Exception_Api('invalid_userid');
}
// Check if current user canadminusers
try {
$this->checkHasAdminPermission('canadminusers');
} catch (Exception $e) {
// No. Then we need to do something here.
if ($currentUserId != $userid) {
// If current user isn't the same as passed $userid
throw new vB_Exception_Api('no_permission');
}
}
$userInfo = vB_User::fetchUserInfo($userid);
$userdata = new vB_Datamanager_User();
$userdata->set_existing($userInfo);
$userdata->set('status', $status);
$result = $userdata->save();
if (!is_array($result)) {
$userInfo = vB_User::fetchUserInfo(0, array(), 0, true);
return $userInfo['status'];
} else {
return false;
}
}
print_stop_message2('updated_user_titles_successfully', 'misc');
}
}
// ###################### Start update usernames #######################
if ($_REQUEST['do'] == 'updateusernames') {
if (!vB::getUserContext()->hasAdminPermission('canadminmaintain')) {
print_cp_no_permission();
}
if (empty($vbulletin->GPC['perpage'])) {
$vbulletin->GPC['perpage'] = 1000;
}
echo '<p>' . $vbphrase['updating_usernames'] . '</p>';
$users = $vbulletin->db->query_read("\n\t\tSELECT *\n\t\tFROM " . TABLE_PREFIX . "user\n\t\tWHERE userid >= " . $vbulletin->GPC['startat'] . "\n\t\tORDER BY userid\n\t\tLIMIT " . $vbulletin->GPC['perpage']);
$finishat = $vbulletin->GPC['startat'];
while ($user = $vbulletin->db->fetch_array($users)) {
$userman = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
$userman->set_existing($user);
$userman->update_username($user['userid'], $user['username']);
unset($userman);
echo construct_phrase($vbphrase['processing_x'], $user['userid']) . "<br />\n";
vbflush();
$finishat = $user['userid'] > $finishat ? $user['userid'] : $finishat;
}
$finishat++;
// move past the last processed user
if ($checkmore = $vbulletin->db->query_first("SELECT userid FROM " . TABLE_PREFIX . "user WHERE userid >= {$finishat} LIMIT 1")) {
$args = array();
parse_str(vB::getCurrentSession()->get('sessionurl'), $args);
$args['do'] = 'updateusernames';
$args['startat'] = $finishat;
$args['pp'] = $vbulletin->GPC['perpage'];
/**
* Deletes a moderator
*
* @return mixed The number of affected rows
*/
function delete($doquery = true)
{
$params = array();
$params[vB_dB_Query::TYPE_KEY] = vB_dB_Query::QUERY_METHOD;
$params['condition'] = $this->condition;
$moderator = $this->assertor->getRow('getModeratorInfo', $params);
if ($moderator) {
if ($moderator['usergroupid'] == 7 and !($morenodes = $this->assertor->getRow($this->table, array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, '#filters' => array(array('field' => 'userid', 'value' => $moderator[userid], 'operator' => 'EQ'), array('field' => 'moderatorid', 'value' => $moderator[moderatorid], 'operator' => 'NE'), array('field' => 'nodeid', 'value' => 0, 'operator' => 'NE')))))) {
$userdata = new vB_Datamanager_User($this->registry, vB_DataManager_Constants::ERRTYPE_SILENT);
if (!$this->info['user']) {
$userinfo = fetch_userinfo($this->fetch_field('userid'));
$userdata->set_existing($userinfo);
} else {
$userdata->set_existing($this->info['user']);
}
$userdata->set_failure_callback(array(&$this, 'update_user_failed_update'));
$userdata->set('usergroupid', 2);
$userdata->set('displaygroupid', $moderator['displaygroupid'] == 7 ? 0 : $moderator['displaygroupid']);
if ($userdata->errors) {
$this->errors = array_merge($this->errors, $userdata->errors);
return 0;
}
$userdata->save();
}
// Legacy Hook 'moderatordata_delete' Removed //
return $this->db_delete(TABLE_PREFIX, $this->table, $this->condition, $doquery);
} else {
$this->error('user_no_longer_moderator');
}
}
function process_logout()
{
global $vbulletin;
// clear all cookies beginning with COOKIE_PREFIX
$prefix_length = strlen(COOKIE_PREFIX);
foreach ($_COOKIE as $key => $val) {
$index = strpos($key, COOKIE_PREFIX);
if ($index == 0 and $index !== false) {
$key = substr($key, $prefix_length);
if (trim($key) == '') {
continue;
}
// vbsetcookie will add the cookie prefix
vbsetcookie($key, '', 1);
}
}
if ($vbulletin->userinfo['userid'] and $vbulletin->userinfo['userid'] != -1) {
// init user data manager
$userdata = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdata->set_existing($vbulletin->userinfo);
$userdata->set('lastactivity', TIMENOW - $vbulletin->options['cookietimeout']);
$userdata->set('lastvisit', TIMENOW);
$userdata->save();
// make sure any other of this user's sessions are deleted (in case they ended up with more than one)
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE userid = " . $vbulletin->userinfo['userid']);
}
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $vbulletin->db->escape_string(vB::getCurrentSession()->get('dbsessionhash')) . "'");
// Remove accesstoken from apiclient table so that a new one will be generated
if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) {
$vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET apiaccesstoken = '', userid = 0\n\t\t\tWHERE apiclientid = " . intval($vbulletin->apiclient['apiclientid']));
$vbulletin->apiclient['apiaccesstoken'] = '';
}
if ($vbulletin->session->created == true and !VB_API) {
// if we just created a session on this page, there's no reason not to use it
$newsession = $vbulletin->session;
} else {
// API should always create a new session here to generate a new accesstoken
// $newsession = new vB_Session($vbulletin, '', 0, '', vB::getCurrentSession()->get('styleid'));
$newsession = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), '', 0, '', vB::getCurrentSession()->get('styleid'));
}
$newsession->set('userid', 0);
$newsession->set('loggedin', 0);
$vbulletin->session =& $newsession;
// Legacy Hook 'logout_process' Removed //
}
function build_userlist($userid, $lists = array())
{
global $vbulletin;
$userid = intval($userid);
if ($userid == 0) {
return false;
}
if (empty($lists)) {
$userlists = vB::getDbAssertor()->assertQuery('vBForum:fetchuserlists', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => $userid));
foreach ($userlists as $userlist) {
$lists["{$userlist['type']}"][] = $userlist['userid'];
}
}
$userdata = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_STANDARD);
$existing = array('userid' => $userid);
$userdata->set_existing($existing);
foreach ($lists as $listtype => $values) {
$key = $listtype . 'list';
if (isset($userdata->validfields["{$key}"])) {
$userdata->set($key, implode(',', $values));
}
}
/* Now to set the ones that weren't set. */
foreach ($userdata->list_types as $listtype) {
$key = $listtype . 'list';
if ($userdata->is_field_set($key)) {
$userdata->set($key, '');
}
}
$userdata->save();
return true;
}
/**
* Removes user subscription
*
* @param int The id of the subscription
* @param int The userid the subscription is to be removed from
* @param int The id of the sub-subscriptionid
* @param bool Update user.adminoptions from subscription.adminoption (keep avatars)
*
*/
function delete_user_subscription($subscriptionid, $userid, $subid = -1, $adminoption = false)
{
$subscriptionid = intval($subscriptionid);
$userid = intval($userid);
$this->cache_user_subscriptions();
$sub =& $this->subscriptioncache["{$subscriptionid}"];
$user = vB::getDbAssertor()->getRow('fetchUsersSubscriptions', array('userid' => $userid, 'subscriptionid' => $subscriptionid, 'adminoption' => $adminoption));
if ($user['userid'] and $sub['subscriptionid']) {
$this->cache_user_subscriptions();
$sub =& $this->subscriptioncache["{$subscriptionid}"];
$tmp = unserialize($sub['cost']);
if ($subid != -1 and is_array($tmp["{$subid}"])) {
$sub = array_merge($sub, $tmp["{$subid}"]);
$units_full = array('D' => 'day', 'W' => 'week', 'M' => 'month', 'Y' => 'year');
switch ($sub['units']) {
case 'D':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'], date('Y', $user['expirydate']));
break;
case 'W':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'] * 7, date('Y', $user['expirydate']));
break;
case 'M':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']) - $sub['length'], date('j', $user['expirydate']), date('Y', $user['expirydate']));
break;
case 'Y':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']), date('Y', $user['expirydate']) - $sub['length']);
break;
}
if ($new_expires > TIMENOW) {
// new expiration is still after today so just decremement and return
vB::getDbAssertor()->update('vBForum:subscriptionlog', array('expirydate' => $new_expires), array('subscriptionid' => $subscriptionid, 'userid' => $userid));
return;
}
}
unset($tmp);
$userdm = new vB_Datamanager_User($this->registry, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdm->set_existing($user);
if ($adminoption) {
if ($user['hascustomavatar'] and $sub['adminavatar']) {
$userdm->set_bitfield('adminoptions', 'adminavatar', 1);
}
if ($user['hasprofilepic'] and $sub['adminprofilepic']) {
$userdm->set_bitfield('adminoptions', 'adminprofilepic', 1);
}
}
//access masks
if (!empty($sub['forums'])) {
if ($old_sub_masks = @unserialize($sub['forums']) and is_array($old_sub_masks)) {
// old format is serialized array with forumids for keys
$access_forums = array_keys($old_sub_masks);
} else {
// new format is comma-delimited string
$access_forums = explode(',', $sub['forums']);
}
if ($access_forums) {
vB::getDbAssertor()->delete('access', array('nodeid' => $access_forums, 'userid' => $userid));
}
}
// TODO: Restore the line when Access Masks is implemented
// $countaccess = vB::getDbAssertor()->getRow('masks', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_COUNT, 'userid' => $userid));
$membergroupids = array_diff(fetch_membergroupids_array($user, false), fetch_membergroupids_array($sub, false));
$update_userban = false;
if ($sub['nusergroupid'] == $user['usergroupid'] and $user['usergroupid'] != $user['pusergroupid']) {
// check if there are other active subscriptions that set the same primary usergroup
$subids = array(0);
foreach ($this->subscriptioncache as $subcheck) {
if ($subcheck['nusergroupid'] == $user['usergroupid'] and $subcheck['subscriptionid'] != $subscriptionid) {
$subids[] = $subcheck['subscriptionid'];
}
}
if (!empty($subids)) {
$activesub = vB::getDbAssertor()->getRow('vBForum:subscriptionlog', array('userid' => $userid, 'subscriptionid' => $subids), array('field' => 'expirydate', 'direction' => vB_dB_Query::SORT_DESC));
}
if ($activesub) {
// there is at least one active subscription with the same primary usergroup, so alter its resetgroup
vB::getDbAssertor()->update('vBForum:subscriptionlog', array('pusergroupid' => $user['pusergroupid']), array('subscriptionlogid' => $activesub['subscriptionlogid']));
// don't touch usertitle/displaygroup
$user['pusergroupid'] = $user['usergroupid'];
$sub['nusergroupid'] = 0;
} else {
$userdm->set('usergroupid', $user['pusergroupid']);
}
} else {
if ($user['isbanned'] and $user['busergroupid'] == $sub['nusergroupid']) {
$update_userban = true;
$userbansql['usergroupid'] = $user['pusergroupid'];
}
}
$groups = iif(!empty($sub['membergroupids']), $sub['membergroupids'] . ',') . $sub['nusergroupid'];
if (in_array($user['displaygroupid'], explode(',', $groups))) {
// they're displaying as one of the usergroups in the subscription
$user['displaygroupid'] = 0;
} else {
if ($user['isbanned'] and in_array($user['bandisplaygroupid'], explode(',', $groups))) {
$update_userban = true;
$userbansql['displaygroupid'] = 0;
}
}
// do their old groups still allow custom titles?
$reset_title = false;
if ($user['customtitle'] == 2) {
$groups = empty($membergroupids) ? array() : $membergroupids;
$groups[] = $user['pusergroupid'];
$bf_ugp_genericpermissions = vB::get_datastore()->get_value('bf_ugp_genericpermissions');
$usergroup = vB::getDbAssertor()->getRow('usergroup', array(vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'usergroupid', 'value' => $groups, vB_Db_Query::OPERATOR_KEY => vB_Db_Query::OPERATOR_EQ), array('field' => 'genericpermissions', 'value' => $bf_ugp_genericpermissions['canusecustomtitle'], vB_Db_Query::OPERATOR_KEY => vB_Db_Query::OPERATOR_AND))));
if (empty($usergroup['usergroupid'])) {
// no custom group any more lets set it back to the default
$reset_title = true;
}
}
if ($sub['nusergroupid'] > 0 and $user['customtitle'] == 0 or $reset_title) {
// they need a default title
$usergroup = vB::getDbAssertor()->getRow('usergroup', array('usergroupid' => $user['pusergroupid']));
if (empty($usergroup['usertitle'])) {
// should be a title based on minposts it seems then
$usergroup = vB::getDbAssertor()->getRow('usertitle', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'minposts', 'value' => $user[posts], vB_dB_Query::OPERATOR_KEY => vB_dB_Query::OPERATOR_LTE))), array('field' => 'minposts', 'direction' => vB_dB_Query::SORT_DESC));
}
if ($user['isbanned']) {
$update_userban = true;
$userbansql['customtitle'] = 0;
$userbansql['usertitle'] = $usergroup['usertitle'];
} else {
$userdm->set('customtitle', 0);
$userdm->set('usertitle', $usergroup['usertitle']);
}
}
$userdm->set('membergroupids', implode($membergroupids, ','));
// $userdm->set_bitfield('options', 'hasaccessmask', ($countaccess['count'] ? true : false));
$userdm->set('displaygroupid', $user['displaygroupid']);
$userdm->save();
unset($userdm);
vB::getDbAssertor()->update('vBForum:subscriptionlog', array('status' => 0), array('subscriptionid' => $subscriptionid, 'userid' => $userid));
if ($update_userban) {
vB::getDbAssertor()->update('userban', $userbansql, array('subscriptionid' => $subscriptionid, 'userid' => $user['userid']));
}
$mysubs = vB::getDbAssertor()->assertQuery('vBForum:subscriptionlog', array('status' => 1, 'userid' => $userid));
foreach ($mysubs as $mysub) {
$this->build_user_subscription($mysub['subscriptionid'], -1, $userid, $mysub['regdate'], $mysub['expirydate']);
}
// Legacy Hook 'paidsub_delete' Removed //
}
}
public function saveSearchPrefs($prefs)
{
if ($prefs) {
$save_prefs = serialize($prefs);
} else {
$save_prefs = '';
}
// init user data manager
$userdata = new vB_Datamanager_User($GLOBALS['vbulletin'], vB_DataManager_Constants::ERRTYPE_STANDARD);
$userdata->set_existing($this->get_record());
$userdata->set('searchprefs', $save_prefs);
// Legacy Hook 'search_doprefs_process' Removed //
$userdata->save();
}
/**
* (Re)Generates an Activation ID for a user
*
* @param integer User's ID
* @param integer The group to move the user to when they are activated
* @param integer 0 for Normal Activation, 1 for Forgotten Password
* @param boolean Whether this is an email change or not
*
* @return string The Activation ID
*
*/
function build_user_activation_id($userid, $usergroupid, $type, $emailchange = 0)
{
global $vbulletin;
if ($usergroupid == 3 or $usergroupid == 0) {
// stop them getting stuck in email confirmation group forever :)
$usergroupid = 2;
}
vB::getDbAssertor()->assertQuery('useractivation', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_DELETE, 'userid' => $userid, 'type' => $type));
$activateid = fetch_random_string(40);
/*insert query*/
vB::getDbAssertor()->assertQuery('user_replaceuseractivation', array('userid' => $userid, 'timenow' => vB::getRequest()->getTimeNow(), 'activateid' => $activateid, 'type' => $type, 'usergroupid' => $usergroupid, 'emailchange' => intval($emailchange)));
if ($userinfo = vB_User::fetchUserinfo($userid)) {
$userdata = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
$userdata->set_bitfield('options', 'noactivationmails', 0);
$userdata->save();
}
return $activateid;
}
public static function processLogout()
{
global $vbulletin;
$assertor = vB::getDbAssertor();
$userinfo = vB::getCurrentSession()->fetch_userinfo();
$timeNow = vB::getRequest()->getTimeNow();
$options = vB::getDatastore()->get_value('options');
$session = vB::getCurrentSession();
if ($userinfo['userid'] and $userinfo['userid'] != -1) {
// init user data manager
$userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
$userdata->set('lastactivity', $timeNow - $options['cookietimeout']);
$userdata->set('lastvisit', $timeNow);
$userdata->save();
if (!defined('VB_API')) {
$assertor->delete('session', array('userid' => $userinfo['userid'], 'apiaccesstoken' => null));
$assertor->delete('cpsession', array('userid' => $userinfo['userid']));
}
}
$assertor->delete('session', array('sessionhash' => $session->get('dbsessionhash')));
// Remove accesstoken from apiclient table so that a new one will be generated
if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) {
$assertor->update('apiclient', array('apiaccesstoken' => '', 'userid' => 0), array('apiclientid' => intval($vbulletin->apiclient['apiclientid'])));
$vbulletin->apiclient['apiaccesstoken'] = '';
}
if ($vbulletin->session->created == true and (!defined('VB_API') or !VB_API)) {
// if we just created a session on this page, there's no reason not to use it
$newsession = $vbulletin->session;
} else {
// API should always create a new session here to generate a new accesstoken
$newsession = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), '', 0, '', vB::getCurrentSession()->get('styleid'));
}
$newsession->set('userid', 0);
$newsession->set('loggedin', 0);
$vbulletin->session =& $newsession;
$result = array();
$result['sessionhash'] = $newsession->get('dbsessionhash');
$result['apiaccesstoken'] = $newsession->get('apiaccesstoken');
if (defined('VB_API') and VB_API === true) {
if ($_REQUEST['api_c']) {
$assertor->update('apiclient', array('apiaccesstoken' => $result['apiaccesstoken'], 'userid' => 0), array('apiclientid' => intval($_REQUEST['api_c'])));
}
}
return $result;
}
if (!isset($evalpm_validated["{$user['languageid']}"])) {
//note that we pass the "all languages" flag as true all the time because if the function does
//caching internally and is not smart enough to check if the language requested the second time
//was cached on the first pass -- so we make sure that we load and cache all language version
//in case the second user has a different language from the first
$phraseAux = vB_Api::instanceInternal('phrase')->fetch(array('welcomepm_gemailbody', 'welcomepm_gemailsubject'));
$text_message = $phraseAux['welcomepm_gemailbody'];
$text_subject = $phraseAux['welcomepm_gemailsubject'];
$evalpm_validated["{$user['languageid']}"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
eval($evalpm_validated["{$user['languageid']}"]);
// create the DM to do error checking and insert the new PM
$userdata = new vB_Datamanager_User(null, vB_DataManager_Constants::ERRTYPE_STANDARD);
$userdata->send_welcomepm(null, $user['userid']);
// Legacy Hook 'private_insertpm_process' Removed //
// Legacy Hook 'private_insertpm_complete' Removed //
}
} else {
if ($status == -1) {
// deleted
if ($vbulletin->GPC['send_deleted']) {
if (!isset($evalemail_deleted["{$user['languageid']}"])) {
//note that we pass the "all languages" flag as true all the time because if the function does
//caching internally and is not smart enough to check if the language requested the second time
//was cached on the first pass -- so we make sure that we load and cache all language version
//in case the second user has a different language from the first
$evalemail_deleted["{$user['languageid']}"] = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('moderation_deleted', array($username, $vboptions['bbtitle']), array($vboptions['bbtitle']), $chosenlanguage);
}
foreach ($bannedusers as $banneduser) {
// get usergroup info
$getusergroupid = iif($banneduser['bandisplaygroupid'], $banneduser['bandisplaygroupid'], $banneduser['banusergroupid']);
$usergroup = $vbulletin->usergroupcache["{$getusergroupid}"];
if ($banneduser['bancustomtitle']) {
$usertitle = $banneduser['banusertitle'];
} else {
if (!$usergroup['usertitle']) {
$gettitle = vB::getDbAssertor()->getRow('usertitle', array(vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'minposts', 'value' => $banneduser['posts'], vB_Db_Query::OPERATOR_KEY => vB_Db_Query::OPERATOR_LTE)), array(array('field' => 'minposts', 'direction' => vB_dB_Query::SORT_DESC))));
$usertitle = $gettitle['title'];
} else {
$usertitle = $usergroup['usertitle'];
}
}
// update users to get their old usergroupid/displaygroupid/usertitle back
$userdm = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdm->set_existing($banneduser);
$userdm->set('usertitle', $usertitle);
$userdm->set('usergroupid', $banneduser['banusergroupid']);
$userdm->set('displaygroupid', $banneduser['bandisplaygroupid']);
$userdm->set('customtitle', $banneduser['bancustomtitle']);
$userdm->save();
unset($userdm);
$users["{$banneduser['userid']}"] = $banneduser['username'];
}
if (!empty($users)) {
// delete ban records
vB::getDbAssertor()->delete('userban', array('userid' => array_keys($users)));
// log the cron action
log_cron_action(implode(', ', $users), $nextitem, 1);
}
function post_save_each($doquery = true)
{
// Check if revision was passed as an info object or as existing
if (isset($this->info["{$this->revision}"])) {
$revision = $this->info["{$this->revision}"];
} else {
if ($this->fetch_field($this->revision) !== null) {
$revision = $this->fetch_field($this->revision);
}
}
// We were given an image and a revision number so write out a new image.
if (!empty($this->info['filedata']) and isset($revision)) {
$ext = empty($this->existing['aextension']) ? 'gif' : $this->existing['aextension'];
$oldfilename = $this->fetch_path($this->fetch_field('userid'), $revision, false, $ext);
$oldthumbfilename = $this->fetch_path($this->fetch_field('userid'), $revision, true, $ext);
$newfilename = $this->fetch_path($this->fetch_field('userid'), $revision + 1, false, $ext);
$thumbfilename = $this->fetch_path($this->fetch_field('userid'), $revision + 1, true, $ext);
if ($filenum = fopen($newfilename, 'wb')) {
$table = $this->fetchTableBase($this->table);
if ($revision) {
$this->deleteFile($oldfilename);
if ($table == 'customavatar') {
$this->deleteFile($oldthumbfilename);
}
}
@fwrite($filenum, $this->info['filedata']);
@fclose($filenum);
// init user data manager
$userdata = new vB_Datamanager_User($this->registry, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdata->setr('userid', $this->fetch_field('userid'));
$userdata->condition = array('userid' => $this->fetch_field('userid'));
$userdata->set($this->revision, $revision + 1);
$userdata->save();
unset($userdata);
if ($table == 'customavatar') {
if ($this->info['filedata_thumb']) {
$thumbnail['filedata'] =& $this->info['filedata_thumb'];
} else {
$thumbnail = $this->fetch_thumbnail($newfilename, true);
}
require_once DIR . '/includes/functions_file.php';
$newfiledetails = pathinfo($newfilename);
$fields = " filename = '{$newfiledetails['basename']}'";
if ($thumbnail['filedata'] and vbmkdir(dirname($thumbfilename)) and $filenum = @fopen($thumbfilename, 'wb')) {
@fwrite($filenum, $thumbnail['filedata']);
@fclose($filenum);
if ($thumbnail['height'] and $thumbnail['width']) {
$fields .= ", width_thumb = {$thumbnail['width']}, height_thumb = {$thumbnail['height']}";
}
unset($thumbnail);
}
$this->registry->db->query_write("\n\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "customavatar\n\t\t\t\t\t\tSET {$fields}\n\t\t\t\t\t\tWHERE userid = " . $this->fetch_field('userid'));
}
return true;
} else {
$this->error('upload_invalid_imagepath');
return false;
}
} else {
return true;
}
}
$groupids["{$usergroupid}"]["{$points}"]['ids'] = $ids;
$groupids["{$usergroupid}"]["{$points}"]['id'] = $infractiongroupid;
}
}
unset($infractiongroupid, $infractiongroupids, $ids);
}
foreach ($primaryupdates as $joinusergroupid => $ids) {
vB::getDbAssertor()->assertQuery('updateUserInfractions', array('joinusergroupid' => $joinusergroupid, 'pointlevel' => empty($groupids[$joinusergroupid]) ? array() : $groupids[$joinusergroupid], 'ids' => $ids));
$log = array($titles["{$joinusergroupid}"], '*', $primarynames["{$joinusergroupid}"]);
// the "1" indicates to use the second line of the phrase specified for this task
log_cron_action(serialize($log), $nextitem, 1);
}
unset($groupids);
$vbulletin =& vB::get_registry();
foreach ($userupdates as $userid => $info) {
$userdm = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
$user = array('userid' => $userid);
$userdm->set_existing($user);
if ($info['title']) {
$userdm->set('usertitle', $info['title']);
}
if ($info['rank']) {
$userdm->setr('rank', $info['rank']);
}
$userdm->save();
unset($userdm);
}
foreach ($secondaryupdates as $joinusergroupid => $ids) {
if ($ids) {
vB::getDbAssertor()->assertQuery('vBForum:updateUserMemberGroupsByUserId', array('usergroupid' => $joinusergroupid, 'auth' => $ids));
}
/**
* Applies the automatic ban to the user
*
* @param array User Info for the user to ban
* @param array Data for the automatic ban to apply (returned from getAutomaticBanToApply)
* @param array Data for the infraction that's being given
*/
protected function applyAutomaticBan(array $userInfo, array $banToApply, array $data)
{
$currentBan = $this->assertor->getRow('userban', array('userid' => $userInfo['userid']));
$user = vB::getCurrentSession()->fetch_userinfo();
// Drop the ban hammer
if ($currentBan) {
if (($banToApply['liftdate'] == 0 or $currentBan['liftdate'] < $banToApply['liftdate']) and $currentBan['liftdate'] != 0) {
// there is already a record - just update this record
$this->assertor->update('userban', array('bandate' => vB::getRequest()->getTimeNow(), 'liftdate' => $banToApply['liftdate'], 'adminid' => $user['userid'], 'reason' => $data['banreason']), array('userid' => $userInfo['userid']));
}
} else {
// insert a record into the userban table
/*insert query*/
$this->assertor->insert('userban', array('userid' => $userInfo['userid'], 'usergroupid' => $userInfo['usergroupid'], 'displaygroupid' => $userInfo['displaygroupid'], 'customtitle' => $userInfo['customtitle'], 'usertitle' => $userInfo['usertitle'], 'bandate' => vB::getRequest()->getTimeNow(), 'liftdate' => $banToApply['liftdate'], 'adminid' => $user['userid'], 'reason' => $data['banreason']));
}
//$existingUserInfo = $this->assertor->getRow('user', array('userid' => $userInfo['userid']));
$existingUserInfo = vB_User::fetchUserinfo($userInfo['userid']);
// update the user record
$userdata = new vB_Datamanager_User(vB::get_registry(), vB_DataManager_Constants::ERRTYPE_SILENT);
$userdata->set_existing($existingUserInfo);
$userdata->set('usergroupid', $banToApply['banusergroupid']);
$userdata->set('displaygroupid', 0);
// update the user's title if they've specified a special user title for the banned group
$bannedUserGroups = vB_Api::instanceInternal('usergroup')->fetchBannedUsergroups();
if ($bannedUserGroups[$banToApply['banusergroupid']]['usertitle'] != '') {
$userdata->set('usertitle', $bannedUserGroups[$banToApply['banusergroupid']]['usertitle']);
$userdata->set('customtitle', 0);
}
$userdata->save();
unset($userdata);
}
protected function updateUser($userid)
{
$query = $this->assertor->assertQuery('userlist', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'userid' => $userid));
$ignore = array();
$follow = array();
foreach ($query as $record) {
if ($record['type'] == 'ignore') {
$ignore[] = $record['relationid'];
}
if ($record['type'] == 'follow' and $record['friend'] == 'yes') {
$follow[] = $record['relationid'];
}
}
$userInfo = vB::getCurrentSession()->fetch_userinfo();
$userdata = new vB_Datamanager_User();
$userdata->set_existing($userInfo);
$userdata->set('buddylist', $follow);
$userdata->set('ignorelist', $ignore);
return $userdata->save();
}
/*insert query*/
vB::getDbAssertor()->assertQuery('insertAccess', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => $userid, 'nodeid' => $nodeid, 'accessmask' => $val));
} else {
if ($oldcache["{$userid}"]["{$nodeid}"] != '-1' and $val == '-1') {
vB::getDbAssertor()->delete('access', array('nodeid' => $nodeid, 'userid' => $userid));
} else {
vB::getDbAssertor()->update('access', array(accessmask => $val), array('nodeid' => $nodeid, 'userid' => $userid));
}
}
}
$userinfo = array('userid' => $userid, 'masks' => 0);
$query = vB::getDbAssertor()->assertQuery('fetchAccessMaskForUser', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => $userid));
if ($query and $query->valid()) {
$userinfo = $query->current();
}
$userdm = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_CP);
$userdm->set_existing($userinfo);
$userdm->set_bitfield('options', 'hasaccessmask', $userinfo['masks'] ? true : false);
$userdm->save();
unset($userdm);
}
/** @todo update this when subscriptions are implemented */
// if (!empty($userlist))
// {
// require_once(DIR . '/includes/functions_databuild.php');
// update_subscriptions($userlist);
// }
print_stop_message2('saved_user_channel_access_successfully', 'accessmask', array('do' => 'modify'));
}
// ###################### Start reset all access masks for forum #######################
if ($_REQUEST['do'] == 'resetchannel') {
$userinfo = fetch_userinfo($vbulletin->GPC['userid']);
if (!$userinfo) {
print_stop_message2('invalid_user_specified');
}
if ($vbulletin->GPC['useprofilepic']) {
$vbulletin->input->clean_gpc('f', 'upload', vB_Cleaner::TYPE_FILE);
require_once DIR . '/includes/class_upload.php';
$upload = new vB_Upload_Userpic($vbulletin);
$upload->data = new vB_Datamanager_Userpic_Profilepic($vbulletin, vB_DataManager_Constants::ERRTYPE_CP, 'userpic');
$upload->image =& vB_Image::instance();
$upload->userinfo =& $userinfo;
cache_permissions($userinfo, false);
// user's group doesn't have permission to use custom avatars so set override
if (!($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canprofilepic'])) {
// init user datamanager
$userdata = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_CP);
$userdata->set_existing($userinfo);
$userdata->set_bitfield('adminoptions', 'adminprofilepic', 1);
$userdata->save();
unset($userdata);
}
if ($vbulletin->GPC['resize']) {
if ($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canprofilepic']) {
$upload->maxwidth = $userinfo['permissions']['profilepicmaxwidth'];
$upload->maxheight = $userinfo['permissions']['profilepicmaxheight'];
#$upload->maxuploadsize = $userinfo['permissions']['profilepicmaxsize'];
#$upload->allowanimation = ($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cananimateprofilepic']) ? true : false;
}
}
if (!$upload->process_upload($vbulletin->GPC['profilepicurl'])) {
print_stop_message2(array('there_were_errors_encountered_with_your_upload_x', $upload->fetch_error()));
if ($_POST['do'] == 'doeditreputation') {
$vbulletin->input->clean_array_gpc('p', array('reputation' => vB_Cleaner::TYPE_ARRAY, 'reputationid' => vB_Cleaner::TYPE_INT, 'oldreputation' => vB_Cleaner::TYPE_INT, 'userid' => vB_Cleaner::TYPE_INT));
$insertValues = array();
$structure = $assertor->fetchTableStructure('vBForum:reputation');
foreach ($vbulletin->GPC['reputation'] as $field => $value) {
if (in_array($field, $structure['structure'])) {
$insertValues[$field] = $value;
}
}
if (!empty($insertValues)) {
$assertor->update('vBForum:reputation', $insertValues, array('reputationid' => $vbulletin->GPC['reputationid']));
if ($vbulletin->GPC['oldreputation'] != $vbulletin->GPC['reputation']['reputation']) {
$diff = $vbulletin->GPC['oldreputation'] - $vbulletin->GPC['reputation']['reputation'];
$user = fetch_userinfo($vbulletin->GPC['userid']);
if ($user) {
$userdm = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdm->set_existing($user);
$userdm->set('reputation', "reputation - {$diff}", false);
$userdm->save();
unset($userdm);
}
}
}
print_stop_message2('saved_reputation_successfully', 'adminreputation', array('do' => 'list', 'u' => $vbulletin->GPC['userid']));
}
// *************************************************************************************************
if ($_POST['do'] == 'killreputation') {
$vbulletin->input->clean_array_gpc('p', array('reputationid' => vB_Cleaner::TYPE_INT));
$repinfo = verify_id('reputation', $vbulletin->GPC['reputationid'], 0, 1);
$user = fetch_userinfo($repinfo['userid']);
if ($user) {
