} else { $t_options_new = ""; } } if (isset($_POST['t_section_new']) && is_numeric($_POST['t_section_new'])) { $t_section_new = $_POST['t_section_new']; } else { $error_msg_array[] = gettext("Invalid profile section ID or section not found"); $valid = false; } if ($valid) { if (profile_item_update($piid, $t_section_new, $t_type_new, $t_name_new, $t_options_new)) { $profile_item = profile_get_item($piid); if ($t_name_new != $profile_item['NAME'] || $t_type_new != $profile_item['TYPE'] || $t_section_new != $psid || $t_options_new != $profile_item['OPTIONS']) { $log_data = array($t_name_new, $profile_item['NAME'], $t_type_new, $profile_item['TYPE'], $t_section_new, $psid); admin_add_log_entry(CHANGE_PROFILE_ITEM, $log_data); } header_redirect("admin_prof_items.php?webtag={$webtag}&psid={$psid}&edited=true"); exit; } else { $error_msg_array[] = gettext("Failed to update profile item"); $valid = false; } } } else { if (isset($_POST['additem'])) { $redirect = "admin_prof_items.php?webtag={$webtag}&psid={$psid}&additem=true§_page={$sect_page}"; header_redirect($redirect); exit; } }
if ($process_valid && !session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid)) { $process_valid = false; } if ($process_valid && !($thread_data = thread_get($delete_tid, false, false, true))) { $process_valid = false; } if ($process_valid && !($preview_message = messages_get($delete_tid, $delete_pid, 1))) { $process_valid = false; } if ($process_valid && isset($preview_message['APPROVED'])) { $process_valid = false; } if ($process_valid && post_delete($delete_tid, $delete_pid)) { post_add_edit_text($delete_tid, $delete_pid); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid) && (!isset($preview_message['FROM_UID']) || $preview_message['FROM_UID'] != $_SESSION['UID'])) { admin_add_log_entry(DELETE_POST, array($delete_fid, $delete_tid, $delete_pid)); } } else { $valid = false; } } if ($valid) { header_redirect("admin_post_approve.php?webtag={$webtag}&page={$page}&delete_success=true"); exit; } else { $error_msg_array[] = gettext("Failed to delete some messages"); } } else { html_draw_top(array('title' => gettext('Delete Message'), 'class' => 'window_title')); html_display_msg(gettext("Delete"), gettext("Are you sure you want to delete all of the selected messages?"), "admin_post_approve.php", 'post', array('delete_messages' => gettext("Yes"), 'back' => gettext("No")), array('page' => $page, 'process' => $process_messages, 'delete_confirm' => 'Y'), '_self', 'center'); html_draw_bottom();
$t_thread_create = (double) isset($_POST['t_thread_create'][$fid]) ? $_POST['t_thread_create'][$fid] : 0; $t_post_edit = (double) isset($_POST['t_post_edit'][$fid]) ? $_POST['t_post_edit'][$fid] : 0; $t_post_delete = (double) isset($_POST['t_post_delete'][$fid]) ? $_POST['t_post_delete'][$fid] : 0; $t_post_attach = (double) isset($_POST['t_post_attach'][$fid]) ? $_POST['t_post_attach'][$fid] : 0; $t_moderator = (double) isset($_POST['t_moderator'][$fid]) ? $_POST['t_moderator'][$fid] : 0; $t_post_html = (double) isset($_POST['t_post_html'][$fid]) ? $_POST['t_post_html'][$fid] : 0; $t_post_sig = (double) isset($_POST['t_post_sig'][$fid]) ? $_POST['t_post_sig'][$fid] : 0; $t_post_approval = (double) isset($_POST['t_post_approval'][$fid]) ? $_POST['t_post_approval'][$fid] : 0; $new_group_perms = (double) $t_post_read | $t_post_create | $t_thread_create; $new_group_perms = (double) $new_group_perms | $t_post_edit | $t_post_delete; $new_group_perms = (double) $new_group_perms | $t_moderator | $t_post_attach; $new_group_perms = (double) $new_group_perms | $t_post_html | $t_post_sig | $t_post_approval; perm_update_group_folder_perms($new_gid, $fid, $new_group_perms); } } admin_add_log_entry(CREATE_USER_GROUP, array($t_name)); if (isset($_POST['add_users'])) { header_redirect("admin_user_groups_edit_users.php?webtag={$webtag}&gid={$new_gid}&added=true"); exit; } else { header_redirect("admin_user_groups.php?webtag={$webtag}&added=true"); exit; } } } } html_draw_top(array('title' => gettext('Admin - Manage User Groups - Add User Group'), 'class' => 'window_title', 'main_css' => 'admin.css')); echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Manage User Groups"), html_style_image('separator'), gettext("Add User Group"), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '800', 'center'); }
if ($valid) { $ret = rawurlencode($ret); $user_search = rawurlencode($user_search); header_redirect("admin_forum_access.php?webtag={$webtag}&user_search={$user_search}&ret={$ret}&added=true"); exit; } } } else { if (isset($_POST['remove'])) { $valid = true; if (isset($_POST['remove_user']) && is_array($_POST['remove_user'])) { foreach ($_POST['remove_user'] as $remove_user_uid) { if ($user_logon = user_get_logon($remove_user_uid)) { if (user_update_forums($remove_user_uid, $forum_fid, FORUM_USER_DISALLOWED)) { $forum_name = forum_get_name($forum_fid); admin_add_log_entry(CHANGE_FORUM_ACCESS, array($forum_name, $user_logon)); } else { $error_msg_array[] = sprintf(gettext("Failed to remove permissions from user '%s'"), $user_logon); $valid = false; } } } if ($valid) { $ret = rawurlencode($ret); $user_search = rawurlencode($user_search); header_redirect("admin_forum_access.php?webtag={$webtag}&user_search={$user_search}&ret={$ret}&removed=true"); exit; } } } }
$t_max_item_count = $_POST['t_max_item_count']; } else { $valid = false; $error_msg_array[] = gettext("Max Item Count must be between 1 and 10"); } if (isset($_POST['t_old_max_item_count']) && is_numeric($_POST['t_old_max_item_count'])) { $t_old_max_item_count = $_POST['t_old_max_item_count']; } else { $t_old_max_item_count = 0; } if ($valid && ($t_new_name != $t_old_name || $t_new_user != $t_old_user || $t_new_fid != $t_old_fid || $t_new_url != $t_old_url || $t_new_prefix != $t_old_prefix || $t_new_frequency != $t_old_frequency || $t_max_item_count != $t_old_max_item_count)) { if ($t_user_array = user_get_by_logon($t_new_user)) { $t_new_uid = $t_user_array['UID']; if (rss_feed_update($feed_id, $t_new_name, $t_new_uid, $t_new_fid, $t_new_url, $t_new_prefix, $t_new_frequency, $t_max_item_count)) { $log_data = array($t_new_name, $t_old_name, $t_new_user, $t_old_user, $t_new_fid, $t_old_fid, $t_new_url, $t_old_url, $t_new_prefix, $t_old_prefix, $t_new_frequency, $t_old_frequency); admin_add_log_entry(EDITED_RSS_FEED, $log_data); header_redirect("admin_rss_feeds.php?webtag={$webtag}&edited=true"); exit; } else { $error_msg_array[] = gettext("Failed to update RSS Feed"); } } else { $error_msg_array[] = gettext("Unknown RSS User Account"); } } } } else { if (isset($_POST['addfeed'])) { $redirect = "admin_rss_feeds.php?webtag={$webtag}&page={$page}&addfeed=true"; header_redirect($redirect); exit;
function ban_check($user_data, $send_error = true) { if (!($db = db::get())) { return false; } if (!is_array($user_data)) { return false; } $user_data_keys = array('UID', 'IPADDRESS', 'REFERER', 'LOGON', 'NICKNAME', 'EMAIL'); $user_data = array_intersect_key($user_data, array_flip($user_data_keys)); if (!($table_prefix = get_table_prefix())) { return false; } $admin_log_types_array = array(BAN_TYPE_IP => BAN_HIT_TYPE_IP, BAN_TYPE_LOGON => BAN_HIT_TYPE_LOGON, BAN_TYPE_NICK => BAN_HIT_TYPE_NICK, BAN_TYPE_EMAIL => BAN_HIT_TYPE_EMAIL, BAN_TYPE_REF => BAN_HIT_TYPE_REF); $ban_check_select_array = array(); $ban_check_where_array = array(); $user_banned = false; if (isset($user_data['IPADDRESS']) && strlen(trim($user_data['IPADDRESS'])) > 0) { $ban_check_select_array[] = sprintf("'%s' AS IPADDRESS", $db->escape($user_data['IPADDRESS'])); $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['IPADDRESS']), BAN_TYPE_IP); } if (isset($user_data['REFERER']) && strlen(trim($user_data['REFERER'])) > 0) { $ban_check_select_array[] = sprintf("'%s' AS REFERER", $db->escape($user_data['REFERER'])); $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['REFERER']), BAN_TYPE_REF); } if (!isset($user_data['UID']) || $user_data['UID'] > 0) { if (isset($user_data['LOGON']) && strlen(trim($user_data['LOGON'])) > 0) { $ban_check_select_array[] = sprintf("'%s' AS LOGON", $db->escape($user_data['LOGON'])); $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['LOGON']), BAN_TYPE_LOGON); } if (isset($user_data['NICKNAME']) && strlen(trim($user_data['NICKNAME'])) > 0) { $ban_check_select_array[] = sprintf("'%s' AS NICKNAME", $db->escape($user_data['NICKNAME'])); $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['NICKNAME']), BAN_TYPE_NICK); } if (isset($user_data['EMAIL']) && strlen(trim($user_data['EMAIL'])) > 0) { $ban_check_select_array[] = sprintf("'%s' AS EMAIL", $db->escape($user_data['EMAIL'])); $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['EMAIL']), BAN_TYPE_EMAIL); } } $ban_check_select_list = implode(", ", $ban_check_select_array); $ban_check_where_query = implode(" OR ", $ban_check_where_array); if (strlen(trim($ban_check_where_query)) > 0 && strlen(trim($ban_check_select_list)) > 0) { $current_datetime = date(MYSQL_DATETIME_MIDNIGHT, time()); $sql = "SELECT ID, BANTYPE, BANDATA, {$ban_check_select_list} "; $sql .= "FROM `{$table_prefix}BANNED` WHERE ({$ban_check_where_query}) "; $sql .= "AND (EXPIRES > CAST('{$current_datetime}' AS DATETIME) OR EXPIRES = 0)"; if (!($result = $db->query($sql))) { return false; } if ($result->num_rows > 0) { $user_banned = true; while (($ban_check_result_array = $result->fetch_assoc()) !== null) { if (isset($ban_check_result_array['BANTYPE']) && is_numeric($ban_check_result_array['BANTYPE'])) { $ban_check_type = $ban_check_result_array['BANTYPE']; if (($ban_check_data = ban_check_process_data($ban_check_result_array)) !== false) { if (isset($user_data['UID']) && $user_data['UID'] > 0) { array_push($ban_check_data, $user_data['UID'], $user_data['LOGON']); } admin_add_log_entry($admin_log_types_array[$ban_check_type], $ban_check_data); } } } } } if ($user_banned !== true) { $cached_response = false; if (($user_banned = sfs_check_banned($user_data, $cached_response)) !== false) { if ($cached_response === false) { $log_data = array($user_data['IPADDRESS'], $user_data['LOGON'], $user_data['EMAIL']); if (isset($user_data['UID'])) { $log_data[] = $user_data['UID']; } admin_add_log_entry(BAN_HIT_TYPE_SFS, $log_data); } } } if ($user_banned === true && $send_error === true) { header_status(500, 'Internal Server Error'); exit; } return $user_banned; }
post_edit_refuse($tid, $pid); html_draw_bottom(); exit; } if (forum_get_setting('require_post_approval', 'Y') && isset($preview_message['APPROVED']) && $preview_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_top(sprintf("title=%s", gettext("Error"))); post_edit_refuse($tid, $pid); html_draw_bottom(); exit; } } if (isset($_POST['endpoll'])) { if (poll_close($tid)) { post_add_edit_text($tid, 1); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $preview_message['FROM_UID'] != session::get_value('UID')) { admin_add_log_entry(EDIT_POST, array($t_fid, $tid, $pid)); } } if ($thread_data['LENGTH'] > 1) { header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&edit_success={$msg}"); exit; } else { header_redirect("discussion.php?webtag={$webtag}&edit_success={$msg}"); exit; } } html_draw_top(sprintf("title=%s", gettext("Close Poll")), "post.js", "resize_width=720", "basetarget=_blank", 'class=window_title'); echo "<h1>", gettext("Close Poll"), " {$tid}.{$pid}</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '720', 'left'); }
$filter_enabled = $_POST['filter_enabled']; } else { $filter_enabled = WORD_FILTER_DISABLED; } if (isset($_POST['replace_text']) && strlen(trim($_POST['replace_text'])) > 0) { $replace_text = trim($_POST['replace_text']); } else { $replace_text = ""; } if ($valid) { if ($filter_option == WORD_FILTER_TYPE_PREG && preg_match('/e[^\\/]*$/Diu', $match_text)) { $match_text = preg_replace_callback('/\\/[^\\/]*$/Diu', 'word_filter_apply_limit_preg', $match_text); } if (admin_update_word_filter($filter_id, $filter_name, $match_text, $replace_text, $filter_option, $filter_enabled)) { $log_data = array($filter_option, $match_text, $replace_text, $filter_option); admin_add_log_entry(EDIT_WORD_FILTER, $log_data); header_redirect("admin_wordfilter.php?webtag={$webtag}&updated=true"); exit; } else { $error_msg_array[] = gettext("Failed to update word filter. Check that the filter still exists."); } } } else { if (isset($_POST['addfilter'])) { $redirect = "admin_wordfilter.php?webtag={$webtag}&addfilter=true"; header_redirect($redirect); exit; } } } }
admin_add_log_entry(DELETE_THREAD, array($tid, $thread_data['TITLE'])); html_draw_top(sprintf('title=%s', gettext("Delete Thread")), 'class=window_title'); html_display_msg(gettext("Delete Thread"), gettext("Thread was successfully deleted"), 'discussion.php', 'get', array('continue' => gettext("Continue")), false, html_get_frame_name('main'), 'center'); html_draw_bottom(); exit; } else { $error_msg_array[] = gettext("Failed to delete thread."); $valid = false; } } } if (isset($_POST['undelete_thread']) && $_POST['undelete_thread'] == "Y") { if (isset($_POST['undelete_thread_confirm']) && $_POST['undelete_thread_confirm'] == "Y") { if (thread_undelete($tid)) { post_add_edit_text($tid, 1); admin_add_log_entry(UNDELETE_THREAD, array($tid, $thread_data['TITLE'])); html_draw_top(sprintf('title=%s', gettext("Undelete Thread")), 'class=window_title'); html_display_msg(gettext("Undelete Thread"), gettext("Thread was successfully undeleted"), 'thread_options.php', 'get', array('back' => gettext("Back")), array('msg' => $msg), '_self', 'center'); html_draw_bottom(); exit; } else { $error_msg_array[] = gettext("Failed to un-delete thread"); $valid = false; } } } } if ($valid) { header_redirect("thread_options.php?webtag={$webtag}&msg={$msg}&updated=true"); exit; }
function attachments_delete_thumbnail($hash) { if (!is_md5($hash)) { return false; } if (!($db = db::get())) { return false; } if (($uid = session::get_value('UID')) === false) { return false; } if (!($attachment_dir = forum_get_setting('attachment_dir'))) { return false; } // Fetch the attachment to make sure the user // is able to delete it, i.e. it belongs to them. if ($table_prefix = get_table_prefix()) { $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, "; $sql .= "PAI.PID, THREAD.FID FROM POST_ATTACHMENT_FILES PAF "; $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) "; $sql .= "LEFT JOIN `{$table_prefix}THREAD` THREAD ON (THREAD.TID = PAI.TID) "; $sql .= "WHERE PAF.HASH = '{$hash}'"; } else { $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, "; $sql .= "PAI.PID FROM POST_ATTACHMENT_FILES PAF "; $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) "; $sql .= "WHERE PAF.HASH = '{$hash}'"; } if (!($result = $db->query($sql))) { return false; } if ($result->num_rows == 0) { return false; } $attachment_data = $result->fetch_assoc(); if (!isset($attachment_data['FID'])) { $attachment_data['FID'] = 0; } if (!($attachment_data['UID'] == $uid || session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']))) { return false; } if (isset($attachment_data['TID']) && isset($attachment_data['PID'])) { post_add_edit_text($attachment_data['TID'], $attachment_data['PID']); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']) && $attachment_data['UID'] != $uid) { $log_data = array($attachment_data['TID'], $attachment_data['PID'], $attachment_data['FILENAME']); admin_add_log_entry(ATTACHMENTS_DELETE, $log_data); } } @unlink("{$attachment_dir}/{$hash}.thumb"); return true; }
$t_post_edit = (double) isset($_POST['t_post_edit']) ? $_POST['t_post_edit'] : 0; $t_post_delete = (double) isset($_POST['t_post_delete']) ? $_POST['t_post_delete'] : 0; $t_post_attach = (double) isset($_POST['t_post_attach']) ? $_POST['t_post_attach'] : 0; $t_post_html = (double) isset($_POST['t_post_html']) ? $_POST['t_post_html'] : 0; $t_post_sig = (double) isset($_POST['t_post_sig']) ? $_POST['t_post_sig'] : 0; $t_guest_access = (double) isset($_POST['t_guest_access']) ? $_POST['t_guest_access'] : 0; $t_post_approval = (double) isset($_POST['t_post_approval']) ? $_POST['t_post_approval'] : 0; $t_thread_move = (double) isset($_POST['t_thread_move']) ? $_POST['t_thread_move'] : 0; // We need a double / float here because we're storing a high bit value $t_permissions = (double) $t_post_read | $t_post_create | $t_thread_create; $t_permissions = (double) $t_permissions | $t_post_edit | $t_post_delete | $t_post_attach; $t_permissions = (double) $t_permissions | $t_post_html | $t_post_sig | $t_guest_access; $t_permissions = (double) $t_permissions | $t_post_approval | $t_thread_move; if ($valid) { if ($new_fid = folder_create($t_name, $t_description, $t_prefix, $t_allowed_types, $t_permissions)) { admin_add_log_entry(CREATE_FOLDER, array($t_name)); header_redirect("admin_folders.php?webtag={$webtag}&added=true&page={$page}"); exit; } else { $error_msg_array = gettext("Failed to create new folder"); $valid = false; } } } // Make the arrays for the allow post types dropdown $allowed_post_types = array(FOLDER_ALLOW_NORMAL_THREAD => gettext("Normal threads only"), FOLDER_ALLOW_POLL_THREAD => gettext("Poll threads only"), FOLDER_ALLOW_ALL_THREAD => gettext("Both thread types")); html_draw_top(sprintf("title=%s", gettext("Admin - Manage Folders - Add a new folder")), 'class=window_title'); echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Manage Folders"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Add a new folder"), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '500', 'center'); }
if (sizeof($process_links) > 0) { if (isset($_POST['delete_confirm']) && $_POST['delete_confirm'] == 'Y') { $valid = true; foreach ($process_links as $delete_lid) { $process_valid = true; if ($process_valid && !session::check_perm(USER_PERM_LINKS_MODERATE, 0)) { $process_valid = false; } if ($process_valid && !($link = links_get_single($delete_lid, false))) { $process_valid = false; } if ($process_valid && isset($link['DELETED']) && $link['DELETED'] > 0) { $process_valid = false; } if ($process_valid && links_delete($delete_lid)) { admin_add_log_entry(DELETE_LINK, array($delete_lid)); } else { $valid = false; } } if ($valid) { header_redirect("admin_link_approve.php?webtag={$webtag}&page={$page}&delete_success=true"); exit; } else { $error_msg_array[] = gettext("Failed to delete some links"); } } else { html_draw_top(array('title' => gettext('Delete Links'), 'class' => 'window_title')); html_display_msg(gettext("Delete"), gettext("Are you sure you want to delete all of the selected links?"), "admin_link_approve.php", 'post', array('delete_links' => gettext("Yes"), 'back' => gettext("No")), array('page' => $page, 'process' => $process_links, 'delete_confirm' => 'Y'), '_self', 'center'); html_draw_bottom(); exit;
$error_msg_array[] = gettext("CSS style sheet could not be uploaded. Please try again."); } else { if (isset($_FILES['cssfile']['type']) && trim($_FILES['cssfile']['type']) == 'text/css') { // Get path info for uploaded file. $path_parts = pathinfo($_FILES['cssfile']['name']); // Check the extension. This isn't fool proof, could be a renamed jpeg. Not sure // how to validate the content as CSS. Maybe try and parse it? if (isset($path_parts['extension']) && $path_parts['extension'] == 'css') { // Read the contents of the file. if ($start_page_css = @file_get_contents($_FILES['cssfile']['tmp_name'])) { // New array of forum settings. $new_forum_settings = array('start_page_css' => $start_page_css); // Save the settings. if (forum_save_settings($new_forum_settings)) { // Update admin log. admin_add_log_entry(EDITED_START_PAGE); // Redirect back to self. header_redirect("admin_startpage.php?webtag={$webtag}&uploaded=true"); exit; } } } // Something went wrong above. Show Error message. $error_msg_array[] = gettext("CSS style sheet could not be uploaded. Please try again."); } else { // File does not look like text/css $error_msg_array[] = gettext("Invalid file type, you can only upload CSS style sheet files"); } } } }
function admin_delete_user($uid, $delete_content = false) { if (!($db = db::get())) { return false; } if (!is_numeric($uid)) { return false; } if (!is_bool($delete_content)) { $delete_content = false; } // Constants for deleting PM data $pm_inbox_items = PM_INBOX_ITEMS; $pm_sent_items = PM_SENT_ITEMS; $pm_outbox_items = PM_OUTBOX_ITEMS; $pm_saved_out = PM_SAVED_OUT; $pm_saved_in = PM_SAVED_IN; $pm_draft_items = PM_DRAFT_ITEMS; $current_datetime = date(MYSQL_DATETIME, time()); // UID of current user $admin_uid = session::get_value('UID'); // Before we delete we verify the user account exists and that // the user is not the current user account. if (($user_logon = user_get_logon($uid)) && $admin_uid != $uid) { // Check to see if we're also deleting the user's content. if ($delete_content === true) { // Get a list of available forums if ($forum_table_prefix_array = forum_get_all_prefixes()) { // Loop through all forums and delete all the user data from every forum. foreach ($forum_table_prefix_array as $forum_table_prefix) { // Delete log entries created by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}ADMIN_LOG` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Links created by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Link Votes made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_VOTE` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Link Comments made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_COMMENT` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Poll Votes made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_POLL_VOTES` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Relationship data for the user and relationships // with this user made by other users. $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PEER` WHERE UID = '{$uid}' OR PEER_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete folder preferences set by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_FOLDER` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Preferences $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PREFS` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Profile. $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PROFILE` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Signature $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_SIG` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Thread Read Data $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_THREAD` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Tracking data (Post Count, etc.) $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_TRACK` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Word Filter Entries made by user $sql = "DELETE QUICK FROM `{$forum_table_prefix}WORD_FILTER` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Polls created by user $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET POLL_FLAG = 'N', "; $sql .= "MODIFIED = CAST('{$current_datetime}' AS DATETIME) WHERE BY_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete threads started by the user where // the thread only contains a single post. $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET DELETED = 'Y', "; $sql .= "MODIFIED = CAST('{$current_datetime}' AS DATETIME) WHERE BY_UID = '{$uid}' "; $sql .= "AND LENGTH = 1"; if (!$db->query($sql)) { return false; } // Delete content of posts made by this user $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST_CONTENT` POST_CONTENT "; $sql .= "LEFT JOIN `{$forum_table_prefix}POST` POST ON (POST.TID = POST_CONTENT.TID "; $sql .= "AND POST.PID = POST_CONTENT.PID) SET POST_CONTENT.CONTENT = NULL "; $sql .= "WHERE POST.FROM_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Mark posts made by this user as approved so they don't appear in the // approval queue. $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST` "; $sql .= "SET APPROVED = CAST('{$current_datetime}' AS DATETIME), "; $sql .= "APPROVED_BY = '{$admin_uid}' WHERE FROM_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } } } // Delete Dictionary entries added by user $sql = "DELETE QUICK FROM DICTIONARY WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User Group Entries related to this user. $sql = "DELETE QUICK FROM GROUP_USERS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's PM Content $sql = "DELETE QUICK FROM PM_CONTENT USING PM_CONTENT "; $sql .= "LEFT JOIN PM ON (PM.MID = PM_CONTENT.MID) "; $sql .= "WHERE ((PM.TYPE & {$pm_inbox_items} > 0) AND PM.TO_UID = '{$uid}') "; $sql .= "OR ((PM.TYPE & {$pm_sent_items} > 0) AND PM.FROM_UID = '{$uid}' AND PM.SMID = 0) "; $sql .= "OR ((PM.TYPE & {$pm_outbox_items} > 0) AND PM.FROM_UID = '{$uid}') "; $sql .= "OR ((PM.TYPE & {$pm_saved_out} > 0) AND PM.FROM_UID = '{$uid}') "; $sql .= "OR ((PM.TYPE & {$pm_saved_in} > 0) AND PM.TO_UID = '{$uid}') "; $sql .= "OR ((PM.TYPE & {$pm_draft_items} > 0) AND PM.FROM_UID = '{$uid}') "; if (!$db->query($sql)) { return false; } // Delete User's PMs. $sql = "DELETE QUICK FROM PM WHERE ((TYPE & {$pm_inbox_items} > 0) "; $sql .= "AND TO_UID = '{$uid}') OR ((TYPE & {$pm_sent_items} > 0) "; $sql .= "AND FROM_UID = '{$uid}' AND SMID = 0) OR ((TYPE & {$pm_outbox_items} > 0) "; $sql .= "AND FROM_UID = '{$uid}') OR ((TYPE & {$pm_saved_out} > 0) "; $sql .= "AND FROM_UID = '{$uid}') OR ((TYPE & {$pm_saved_in} > 0) "; $sql .= "AND TO_UID = '{$uid}') OR ((TYPE & {$pm_draft_items} > 0) "; $sql .= "AND FROM_UID = '{$uid}') "; if (!$db->query($sql)) { return false; } // Delete User's PM Search Results $sql = "DELETE QUICK FROM PM_SEARCH_RESULTS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Attachments (doesn't remove the physical files). $sql = "DELETE QUICK FROM POST_ATTACHMENT_FILES WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Search Results. $sql = "DELETE QUICK FROM SEARCH_RESULTS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Sessions $sql = "DELETE QUICK FROM SESSIONS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Forum Preferences and Permissions $sql = "DELETE QUICK FROM USER_FORUM WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's History Data (Logon, Nickname, Email address changes) $sql = "DELETE QUICK FROM USER_HISTORY WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Global Preferences $sql = "DELETE QUICK FROM USER_PREFS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Visitor Log Data $sql = "DELETE QUICK FROM VISITOR_LOG WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Add a log entry to show what we've done. admin_add_log_entry(DELETE_USER_DATA, array($uid, $user_logon)); } // Delete the User account. $sql = "DELETE QUICK FROM USER WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Add a log entry to show what we've done. admin_add_log_entry(DELETE_USER, array($user_logon)); return true; } return false; }
} else { $t_uri = ""; } if (isset($_POST['t_old_title']) && strlen(trim($_POST['t_old_title'])) > 0) { $t_old_title = trim($_POST['t_old_title']); } else { $t_old_title = ""; } if (isset($_POST['t_old_uri']) && strlen(trim($_POST['t_old_uri'])) > 0) { $t_old_uri = trim($_POST['t_old_uri']); } else { $t_old_uri = ""; } if ($valid) { if (forum_links_update_link($lid, $t_title, $t_uri)) { admin_add_log_entry(EDIT_FORUM_LINKS, array($lid, $t_title)); header_redirect("admin_forum_links.php?webtag={$webtag}&page={$page}&edited=true"); } else { $error_msg_array[] = sprintf(gettext("Failed to update forum link '%s'"), $t_title); $valid = false; } } } } else { if (isset($_POST['addlink'])) { header_redirect("admin_forum_links.php?webtag={$webtag}&page={$page}&addlink=true"); exit; } } } }
$old_ban_data = trim($_POST['old_bandata']); } else { $old_ban_data = ""; } if (isset($_POST['old_banexpires']) && strlen(trim($_POST['old_banexpires'])) > 0) { $old_ban_expires = trim($_POST['old_banexpires']); } else { $old_ban_expires = 0; } if ($valid) { $dup_ban_id = check_ban_data($ban_type, $ban_data); if (!$dup_ban_id || $dup_ban_id == $ban_id) { if (update_ban_data($ban_id, $ban_type, $ban_data, $ban_comment, $ban_expires)) { if ($ban_type != $old_ban_type || $ban_data != $old_ban_data || $ban_expires != $old_ban_expires) { $log_data = array($ban_id, $ban_type, $ban_data, $old_ban_type, $old_ban_data, $old_ban_expires); admin_add_log_entry(UPDATED_BAN, $log_data); } header_redirect("admin_banned.php?webtag={$webtag}&edited=true"); exit; } } else { $error_msg_array[] = gettext("Duplicate ban data entered. Please check your wildcards to see if they already match the data entered"); $valid = false; } } } } else { if (isset($_POST['addban'])) { $redirect = "admin_banned.php?webtag={$webtag}&addban=true"; header_redirect($redirect); exit;
$psid = $_POST['psid']; } else { $error_msg_array[] = gettext("Must specify a profile section ID"); $valid = false; } if (isset($_POST['t_name_new']) && strlen(trim($_POST['t_name_new'])) > 0) { $t_new_name = trim($_POST['t_name_new']); } else { $error_msg_array[] = gettext("Must specify a profile section name"); $valid = false; } if ($valid) { if (profile_section_update($psid, $t_new_name)) { $t_section_name = profile_section_get_name($psid); if ($t_new_name != $t_section_name) { admin_add_log_entry(CHANGE_PROFILE_SECT, array($t_section_name, $t_new_name)); } header_redirect("admin_prof_sect.php?webtag={$webtag}&edited=true"); exit; } } } else { if (isset($_POST['addsection'])) { $redirect = "admin_prof_sect.php?webtag={$webtag}&page={$page}&addsection=true"; header_redirect($redirect); exit; } else { if (isset($_POST['viewitems']) && is_array($_POST['viewitems'])) { list($psid) = array_keys($_POST['viewitems']); $redirect = "admin_prof_items.php?webtag={$webtag}&psid={$psid}§_page={$page}"; header_redirect($redirect);
} if ((session::get_value('UID') != $preview_message['FROM_UID'] || session::check_perm(USER_PERM_PILLORIED, 0)) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { post_edit_refuse($tid, $pid); } if (forum_get_setting('require_post_approval', 'Y') && isset($preview_message['APPROVED']) && $preview_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { post_edit_refuse($tid, $pid); } } else { html_draw_error(gettext("That post does not exist in this thread!")); } } if (isset($_POST['delete']) && is_numeric($tid) && is_numeric($pid)) { if (post_delete($tid, $pid)) { post_add_edit_text($tid, $pid); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $preview_message['FROM_UID'] != session::get_value('UID')) { admin_add_log_entry(DELETE_POST, array($t_fid, $tid, $pid)); } if ($thread_data['LENGTH'] > 1) { header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&delete_success={$msg}"); exit; } else { header_redirect("discussion.php?webtag={$webtag}&delete_success={$msg}"); exit; } } else { $error_msg_array[] = gettext("Error deleting post"); } } html_draw_top(sprintf("title=%s", gettext("Delete Message")), "post.js", "resize_width=720", "basetarget=_blank", 'class=window_title'); echo "<h1>", gettext("Delete Message"), " {$tid}.{$pid}</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
$page = $_POST['page'] > 0 ? $_POST['page'] : 1; } else { $page = 1; } } // Array to hold error messages $error_msg_array = array(); // Delete folders. if (isset($_POST['delete'])) { $valid = true; if (isset($_POST['t_delete']) && is_array($_POST['t_delete'])) { foreach ($_POST['t_delete'] as $fid => $delete_folder) { if ($valid && $delete_folder == "Y" && ($folder_data = folder_get($fid))) { if ($folder_data['THREAD_COUNT'] < 1) { if (folder_delete($fid)) { admin_add_log_entry(DELETE_FOLDER, array($folder_data['TITLE'])); } else { $error_msg_array[] = gettext("Failed to delete folder."); $valid = false; } } else { $error_msg_array[] = gettext("Cannot delete folders that still contain threads."); $valid = false; } } } if ($valid) { header_redirect("admin_folders.php?webtag={$webtag}&page={$page}&deleted=true"); exit; } }
} } else { $sort_dir = "ASC"; } if (isset($_GET['page']) && is_numeric($_GET['page'])) { $page = $_GET['page'] > 0 ? $_GET['page'] : 1; } else { $page = 1; } if (isset($_POST['delete'])) { $valid = true; if (isset($_POST['delete_group']) && is_array($_POST['delete_group'])) { foreach ($_POST['delete_group'] as $gid) { if ($group_name = perm_get_group_name($gid)) { if (perm_remove_group($gid)) { admin_add_log_entry(DELETE_USER_GROUP, array($group_name)); } else { $error_msg_array[] = sprintf(gettext("Failed to delete group %s"), $group_name); $valid = false; } } } if ($valid) { header_redirect("admin_user_groups.php?webtag={$webtag}&deleted=true"); exit; } } } html_draw_top(sprintf('title=%s', gettext("Admin - User Groups")), 'class=window_title'); $user_groups_array = perm_get_user_groups($page, $sort_by, $sort_dir); echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("User Groups"), "</h1>\n";
if (!perm_user_in_group($uid, $gid)) { perm_add_user_to_group($uid, $gid); if (($user_logon = user_get_logon($uid)) && ($group_name = perm_get_group_name($gid))) { admin_add_log_entry(ADD_USER_TO_GROUP, array($user_logon, $group_name)); } } } } } if (isset($_POST['remove'])) { if (isset($_POST['remove_user']) && is_array($_POST['remove_user'])) { foreach ($_POST['remove_user'] as $uid) { if (perm_user_in_group($uid, $gid)) { perm_remove_user_from_group($uid, $gid); if (($user_logon = user_get_logon($uid)) && ($group_name = perm_get_group_name($gid))) { admin_add_log_entry(REMOVE_USER_FROM_GROUP, array($user_logon, $group_name)); } } } } } if (!($group = perm_get_group($gid))) { html_draw_error(gettext("Supplied GID is not a user group"), 'admin_user_groups.php', 'get', array('back' => gettext("Back"))); } html_draw_top(array('title' => sprintf(gettext('Admin - Manage User Groups - %s - Add/Remove Users'), $group['GROUP_NAME']), 'class' => 'window_title', 'main_css' => 'admin.css')); $group_users_array = perm_group_get_users($gid, $start_main); echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Manage User Groups"), html_style_image('separator'), "{$group['GROUP_NAME']}", html_style_image('separator'), "", gettext("Add/Remove Users"), "</h1>\n"; if (isset($_GET['added'])) { html_display_success_msg(gettext("Successfully added group. Add users to this group by searching for them below."), '800', 'center'); } else { if (sizeof($group_users_array['user_array']) < 1) {
} else { $new_forum_settings['searchbots_show_active'] = "N"; } if (isset($_POST['guest_account_enabled']) && $_POST['guest_account_enabled'] == "Y") { $new_forum_settings['guest_account_enabled'] = "Y"; } else { $new_forum_settings['guest_account_enabled'] = "N"; } if (isset($_POST['guest_show_recent']) && $_POST['guest_show_recent'] == "Y") { $new_forum_settings['guest_show_recent'] = "Y"; } else { $new_forum_settings['guest_show_recent'] = "N"; } if ($valid) { if (forum_save_settings($new_forum_settings)) { admin_add_log_entry(EDIT_FORUM_SETTINGS, array($new_forum_settings['forum_name'])); header_redirect("admin_forum_settings.php?webtag={$webtag}&updated=true"); } else { $valid = false; $error_msg_array[] = gettext("Failed to update forum settings. Please try again later."); } } } } } html_draw_top(array('title' => gettext('Admin - Forum Settings'), 'class' => 'window_title', 'js' => array('js/emoticons.js', 'ckeditor/ckeditor.js'), 'main_css' => 'admin.css')); echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Forum Settings"), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '700', 'center'); } else { if (isset($_GET['updated'])) {
$t_post_html = (double) isset($_POST['t_post_html'][$fid]) ? $_POST['t_post_html'][$fid] : 0; $t_post_sig = (double) isset($_POST['t_post_sig'][$fid]) ? $_POST['t_post_sig'][$fid] : 0; $t_post_approval = (double) isset($_POST['t_post_approval'][$fid]) ? $_POST['t_post_approval'][$fid] : 0; $new_user_perms = (double) $t_post_read | $t_post_create | $t_thread_create; $new_user_perms = (double) $new_user_perms | $t_post_edit | $t_post_delete; $new_user_perms = (double) $new_user_perms | $t_moderator | $t_post_attach; $new_user_perms = (double) $new_user_perms | $t_post_html | $t_post_sig | $t_post_approval; if ($new_user_perms != $folder_array[$fid]['STATUS']) { if (!perm_update_user_folder_perms($uid, $fid, $new_user_perms)) { $error_msg_array[] = gettext("Failed to update folder access settings"); $valid = false; } } } if ($valid) { admin_add_log_entry(USER_FOLDER_PERMS_CHANGED, array($user['LOGON'])); } } // Confirmation email if (isset($_POST['t_confirm_email']) && $_POST['t_confirm_email'] == 'resend') { if (!email_send_user_confirmation($uid)) { $error_msg_array[] = gettext("Failed to resend Email confirmation to user."); $valid = false; } } } if ($valid) { $success_html = gettext("Updates saved successfully"); } } }
function attachments_delete_thumbnail($hash) { if (!is_md5($hash)) { return false; } if (!($db = db::get())) { return false; } if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) { return false; } if (!($attachment_dir = attachments_check_dir())) { return false; } $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, "; $sql .= "PAI.PID FROM POST_ATTACHMENT_FILES PAF "; $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) "; $sql .= "WHERE PAF.HASH = '{$hash}'"; if (!($result = $db->query($sql))) { return false; } if ($result->num_rows == 0) { return false; } $attachment_data = $result->fetch_assoc(); if (!isset($attachment_data['FID'])) { $attachment_data['FID'] = 0; } if (!($attachment_data['UID'] == $_SESSION['UID'] || session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']))) { return false; } if (isset($attachment_data['TID']) && isset($attachment_data['PID'])) { post_add_edit_text($attachment_data['TID'], $attachment_data['PID']); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']) && $attachment_data['UID'] != $_SESSION['UID']) { $log_data = array($attachment_data['TID'], $attachment_data['PID'], $attachment_data['FILENAME']); admin_add_log_entry(ATTACHMENTS_DELETE, $log_data); } } @unlink("{$attachment_dir}/{$hash}.thumb"); return true; }
} if (isset($_POST['title']) && strlen(trim($_POST['title'])) > 0) { $title = trim($_POST['title']); } else { $error_msg_array[] = gettext("You must specify a name!"); $valid = false; } if (isset($_POST['description']) && strlen(trim($_POST['description'])) > 0) { $description = trim($_POST['description']); } else { $description = ""; } if ($valid) { links_update($lid, $fid, $_SESSION['UID'], $title, $uri, $description); if (session::check_perm(USER_PERM_FOLDER_MODERATE, 0) && $link['UID'] != $_SESSION['UID']) { admin_add_log_entry(DELETE_LINK, array($lid)); } header_redirect("links_detail.php?webtag={$webtag}&lid={$lid}&fid={$fid}"); } } if ($user_perm_links_moderate || $link['UID'] == $_SESSION['UID']) { if (isset($_POST['hide']) && $_POST['hide'] == "confirm") { links_change_visibility($lid, false); } else { if (!isset($_POST['hide']) || isset($_POST['hide']) && $_POST['hide'] != "confirm") { links_change_visibility($lid, true); } } header_redirect("links_detail.php?webtag={$webtag}&lid={$lid}&fid={$fid}"); } }
function admin_delete_user($uid, $delete_content = false) { if (!($db = db::get())) { return false; } if (!is_numeric($uid)) { return false; } if (!is_bool($delete_content)) { $delete_content = false; } $current_datetime = date(MYSQL_DATETIME, time()); // Mark as read cut off $modified_cutoff_datetime = forum_get_unread_cutoff_datetime(); // UID of current user if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) { return false; } // Before we delete we verify the user account exists and that // the user is not the current user account. if (($user_logon = user_get_logon($uid)) && $_SESSION['UID'] != $uid) { // Check to see if we're also deleting the user's content. if ($delete_content === true) { // Get a list of available forums if (($forum_table_prefix_array = forum_get_all_prefixes()) !== false) { // Loop through all forums and delete all the user data from every forum. foreach ($forum_table_prefix_array as $forum_table_prefix) { // Delete log entries created by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}ADMIN_LOG` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Links created by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Link Votes made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_VOTE` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Link Comments made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_COMMENT` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Poll Votes made by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_POLL_VOTES` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Relationship data for the user and relationships // with this user made by other users. $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PEER` WHERE UID = '{$uid}' OR PEER_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete folder preferences set by the user $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_FOLDER` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Preferences $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PREFS` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Profile. $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PROFILE` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Signature $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_SIG` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Thread Read Data $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_THREAD` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Tracking data (Post Count, etc.) $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_TRACK` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Word Filter Entries made by user $sql = "DELETE QUICK FROM `{$forum_table_prefix}WORD_FILTER` WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete Polls created by user $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET POLL_FLAG = 'N', "; $sql .= "MODIFIED = IF(MODIFIED < CAST('{$modified_cutoff_datetime}' AS DATETIME), "; $sql .= "MODIFIED, CAST('{$current_datetime}' AS DATETIME)) WHERE BY_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete threads started by the user where // the thread only contains a single post. $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET DELETED = 'Y', "; $sql .= "MODIFIED = IF(MODIFIED < CAST('{$modified_cutoff_datetime}' AS DATETIME), "; $sql .= "MODIFIED, CAST('{$current_datetime}' AS DATETIME)) WHERE BY_UID = '{$uid}' "; $sql .= "AND LENGTH = 1"; if (!$db->query($sql)) { return false; } // Delete content of posts made by this user $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST_CONTENT` POST_CONTENT "; $sql .= "LEFT JOIN `{$forum_table_prefix}POST` POST ON (POST.TID = POST_CONTENT.TID "; $sql .= "AND POST.PID = POST_CONTENT.PID) SET POST_CONTENT.CONTENT = NULL "; $sql .= "WHERE POST.FROM_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Mark posts made by this user as approved so they don't appear in the // approval queue. $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST` "; $sql .= "SET APPROVED = CAST('{$current_datetime}' AS DATETIME), "; $sql .= "APPROVED_BY = '{$_SESSION['UID']}' WHERE FROM_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } } } // Delete User Group Entries related to this user. $sql = "DELETE QUICK FROM GROUP_USERS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Remove all PM_TYPE records $sql = "DELETE QUICK FROM PM_TYPE WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Remove all PM_RECIPIENT records $sql = "DELETE QUICK FROM PM_RECIPIENT WHERE TO_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete any PMs from this user. $sql = "DELETE QUICK FROM PM WHERE FROM_UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Remove any PMs that have no recipients. $sql = "DELETE QUICK FROM PM, PM_CONTENT USING PM "; $sql .= "LEFT JOIN PM_CONTENT ON (PM_CONTENT.MID = PM.MID) "; $sql .= "LEFT JOIN PM_RECIPIENT ON (PM_RECIPIENT.MID = PM.MID) "; $sql .= "LEFT JOIN PM_TYPE ON (PM_TYPE.MID = PM.MID) "; $sql .= "WHERE PM_TYPE.MID IS NULL OR PM_RECIPIENT.MID IS NULL"; if (!$db->query($sql)) { return false; } // Delete all the attachments uploaded by the user. $sql = "SELECT HASH FROM POST_ATTACHMENT_FILES WHERE UID = '{$uid}'"; if (!($result = $db->query($sql))) { return false; } while (($attachment_data = $result->fetch_assoc()) !== null) { attachments_delete($attachment_data['HASH']); } // Delete User's PM Search Results $sql = "DELETE QUICK FROM PM_SEARCH_RESULTS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Attachments (doesn't remove the physical files). $sql = "DELETE QUICK FROM POST_ATTACHMENT_FILES WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Search Results. $sql = "DELETE QUICK FROM SEARCH_RESULTS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Sessions $sql = "DELETE QUICK FROM SESSIONS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Forum Preferences and Permissions $sql = "DELETE QUICK FROM USER_FORUM WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's History Data (Logon, Nickname, Email address changes) $sql = "DELETE QUICK FROM USER_HISTORY WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Global Preferences $sql = "DELETE QUICK FROM USER_PERM WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Global Preferences $sql = "DELETE QUICK FROM USER_PREFS WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Delete User's Visitor Log Data $sql = "DELETE QUICK FROM VISITOR_LOG WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Add a log entry to show what we've done. admin_add_log_entry(DELETE_USER_DATA, array($uid, $user_logon)); } // Delete the User account. $sql = "DELETE QUICK FROM USER WHERE UID = '{$uid}'"; if (!$db->query($sql)) { return false; } // Add a log entry to show what we've done. admin_add_log_entry(DELETE_USER, array($user_logon)); return true; } return false; }