| [ Index ] |
PHP Cross Reference of MyBB 1.6.7 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: modcp.php 5761 2012-03-22 15:22:01Z Tomm $ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'modcp.php'); 14 15 $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_multipage,modcp_reports_allreport"; 16 $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban"; 17 $templatelist .= ",modcp_banning_multipage,modcp_banning_nobanned,modcp_banning_auser,modcp_banning_error"; 18 $templatelist .= ",modcp_banning_edit,modcp_banning_banned_user,modcp_nav,modcp_modlogs_noresults,modcp"; 19 $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements"; 20 $templatelist .= ",codebuttons,smilieinsert,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special"; 21 $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields"; 22 $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs"; 23 $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature_info,modcp_editprofile_signature_options,modcp_editprofile_signature"; 24 25 require_once "./global.php"; 26 require_once MYBB_ROOT."inc/functions_user.php"; 27 require_once MYBB_ROOT."inc/functions_upload.php"; 28 require_once MYBB_ROOT."inc/functions_modcp.php"; 29 require_once MYBB_ROOT."inc/class_parser.php"; 30 31 $parser = new postParser; 32 33 // Set up the array of ban times. 34 $bantimes = fetch_ban_times(); 35 36 // Load global language phrases 37 $lang->load("modcp"); 38 39 if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) 40 { 41 error_no_permission(); 42 } 43 44 $errors = ''; 45 // SQL for fetching items only related to forums this user moderates 46 $moderated_forums = array(); 47 if($mybb->usergroup['issupermod'] != 1) 48 { 49 $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id='{$mybb->user['usergroup']}' AND isgroup = '1')"); 50 while($forum = $db->fetch_array($query)) 51 { 52 $flist .= ",'{$forum['fid']}'"; 53 54 $children = get_child_list($forum['fid']); 55 if(!empty($children)) 56 { 57 $flist .= ",'".implode("','", $children)."'"; 58 } 59 $moderated_forums[] = $forum['fid']; 60 } 61 if($flist) 62 { 63 $tflist = " AND t.fid IN (0{$flist})"; 64 $flist = " AND fid IN (0{$flist})"; 65 } 66 } 67 else 68 { 69 $flist = $tflist = ''; 70 } 71 72 // Retrieve a list of unviewable forums 73 $unviewableforums = get_unviewable_forums(); 74 75 if($unviewableforums && !is_super_admin($mybb->user['uid'])) 76 { 77 $flist .= " AND fid NOT IN ({$unviewableforums})"; 78 $tflist .= " AND t.fid NOT IN ({$unviewableforums})"; 79 } 80 81 // Fetch the Mod CP menu 82 eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";"); 83 84 $plugins->run_hooks("modcp_start"); 85 86 // Make navigation 87 add_breadcrumb($lang->nav_modcp, "modcp.php"); 88 89 if($mybb->input['action'] == "do_reports") 90 { 91 // Verify incoming POST request 92 verify_post_check($mybb->input['my_post_key']); 93 94 if(!is_array($mybb->input['reports'])) 95 { 96 error($lang->error_noselected_reports); 97 } 98 99 $sql = '1=1'; 100 if(!$mybb->input['allbox']) 101 { 102 $mybb->input['reports'] = array_map("intval", $mybb->input['reports']); 103 $rids = implode($mybb->input['reports'], "','"); 104 $rids = "'0','{$rids}'"; 105 106 $sql = "rid IN ({$rids})"; 107 } 108 109 $plugins->run_hooks("modcp_do_reports"); 110 111 $db->update_query("reportedposts", array('reportstatus' => 1), "{$sql}{$flist}"); 112 $cache->update_reportedposts(); 113 114 $page = intval($mybb->input['page']); 115 116 redirect("modcp.php?action=reports&page={$page}", $lang->redirect_reportsmarked); 117 } 118 119 if($mybb->input['action'] == "reports") 120 { 121 add_breadcrumb($lang->mcp_nav_reported_posts, "modcp.php?action=reports"); 122 123 if(!$mybb->settings['threadsperpage']) 124 { 125 $mybb->settings['threadsperpage'] = 20; 126 } 127 128 // Figure out if we need to display multiple pages. 129 $perpage = $mybb->settings['threadsperpage']; 130 if($mybb->input['page'] != "last") 131 { 132 $page = intval($mybb->input['page']); 133 } 134 135 $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "reportstatus ='0'"); 136 $report_count = $db->fetch_field($query, "count"); 137 138 $mybb->input['rid'] = intval($mybb->input['rid']); 139 140 if($mybb->input['rid']) 141 { 142 $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'"); 143 $result = $db->fetch_field($query, "count"); 144 if(($result % $perpage) == 0) 145 { 146 $page = $result / $perpage; 147 } 148 else 149 { 150 $page = intval($result / $perpage) + 1; 151 } 152 } 153 $postcount = intval($report_count); 154 $pages = $postcount / $perpage; 155 $pages = ceil($pages); 156 157 if($mybb->input['page'] == "last") 158 { 159 $page = $pages; 160 } 161 162 if($page > $pages || $page <= 0) 163 { 164 $page = 1; 165 } 166 167 if($page && $page > 0) 168 { 169 $start = ($page-1) * $perpage; 170 } 171 else 172 { 173 $start = 0; 174 $page = 1; 175 } 176 $upper = $start+$perpage; 177 178 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports"); 179 if($postcount > $perpage) 180 { 181 eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 182 } 183 184 $query = $db->simple_select("forums", "fid, name"); 185 while($forum = $db->fetch_array($query)) 186 { 187 $forums[$forum['fid']] = $forum['name']; 188 } 189 190 $plugins->run_hooks("modcp_reports_start"); 191 192 $reports = ''; 193 $query = $db->query(" 194 SELECT r.*, u.username, up.username AS postusername, up.uid AS postuid, t.subject AS threadsubject 195 FROM ".TABLE_PREFIX."reportedposts r 196 LEFT JOIN ".TABLE_PREFIX."posts p ON (r.pid=p.pid) 197 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid) 198 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid) 199 LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid) 200 WHERE r.reportstatus='0' 201 ORDER BY r.dateline DESC 202 LIMIT {$start}, {$perpage} 203 "); 204 while($report = $db->fetch_array($query)) 205 { 206 $trow = alt_trow(); 207 if(is_moderator($report['fid'])) 208 { 209 $trow = 'trow_shaded'; 210 } 211 $report['postlink'] = get_post_link($report['pid'], $report['tid']); 212 $report['threadlink'] = get_thread_link($report['tid']); 213 $report['posterlink'] = get_profile_link($report['postuid']); 214 $report['reporterlink'] = get_profile_link($report['uid']); 215 $reportdate = my_date($mybb->settings['dateformat'], $report['dateline']); 216 $reporttime = my_date($mybb->settings['timeformat'], $report['dateline']); 217 $report['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject'])); 218 eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";"); 219 } 220 if(!$reports) 221 { 222 eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";"); 223 } 224 225 $plugins->run_hooks("modcp_reports"); 226 227 eval("\$reportedposts = \"".$templates->get("modcp_reports")."\";"); 228 output_page($reportedposts); 229 } 230 231 if($mybb->input['action'] == "allreports") 232 { 233 add_breadcrumb($lang->mcp_nav_all_reported_posts, "modcp.php?action=allreports"); 234 235 if(!$mybb->settings['threadsperpage']) 236 { 237 $mybb->settings['threadsperpage'] = 20; 238 } 239 240 // Figure out if we need to display multiple pages. 241 $perpage = $mybb->settings['threadsperpage']; 242 if($mybb->input['page'] != "last") 243 { 244 $page = intval($mybb->input['page']); 245 } 246 247 $query = $db->simple_select("reportedposts", "COUNT(rid) AS count"); 248 $warnings = $db->fetch_field($query, "count"); 249 250 if($mybb->input['rid']) 251 { 252 $mybb->input['rid'] = intval($mybb->input['rid']); 253 $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'"); 254 $result = $db->fetch_field($query, "count"); 255 if(($result % $perpage) == 0) 256 { 257 $page = $result / $perpage; 258 } 259 else 260 { 261 $page = intval($result / $perpage) + 1; 262 } 263 } 264 $postcount = intval($warnings); 265 $pages = $postcount / $perpage; 266 $pages = ceil($pages); 267 268 if($mybb->input['page'] == "last") 269 { 270 $page = $pages; 271 } 272 273 if($page > $pages || $page <= 0) 274 { 275 $page = 1; 276 } 277 278 if($page) 279 { 280 $start = ($page-1) * $perpage; 281 } 282 else 283 { 284 $start = 0; 285 $page = 1; 286 } 287 $upper = $start+$perpage; 288 289 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports"); 290 if($postcount > $perpage) 291 { 292 eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 293 } 294 295 $query = $db->simple_select("forums", "fid, name"); 296 while($forum = $db->fetch_array($query)) 297 { 298 $forums[$forum['fid']] = $forum['name']; 299 } 300 301 $plugins->run_hooks("modcp_allreports_start"); 302 303 $reports = ''; 304 $query = $db->query(" 305 SELECT r.*, u.username, up.username AS postusername, up.uid AS postuid, t.subject AS threadsubject 306 FROM ".TABLE_PREFIX."reportedposts r 307 LEFT JOIN ".TABLE_PREFIX."posts p ON (r.pid=p.pid) 308 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid) 309 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid) 310 LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid) 311 ORDER BY r.dateline DESC 312 LIMIT $start, $perpage 313 "); 314 while($report = $db->fetch_array($query)) 315 { 316 $report['postlink'] = get_post_link($report['pid'], $report['tid']); 317 $report['threadlink'] = get_thread_link($report['tid']); 318 $report['posterlink'] = get_profile_link($report['postuid']); 319 $report['reporterlink'] = get_profile_link($report['uid']); 320 321 $reportdate = my_date($mybb->settings['dateformat'], $report['dateline']); 322 $reporttime = my_date($mybb->settings['timeformat'], $report['dateline']); 323 324 if($report['reportstatus'] == 0) 325 { 326 $trow = "trow_shaded"; 327 } 328 else 329 { 330 $trow = alt_trow(); 331 } 332 333 $report['postusername'] = build_profile_link($report['postusername'], $report['postuid']); 334 335 if($report['threadsubject']) 336 { 337 $report['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject'])); 338 $report['threadsubject'] = "<a href=\"".get_thread_link($report['tid'])."\" target=\"_blank\">{$report['threadsubject']}</a>"; 339 } 340 else 341 { 342 $report['threadsubject'] = $lang->na; 343 } 344 345 eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";"); 346 } 347 348 if(!$allreports) 349 { 350 eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";"); 351 } 352 353 $plugins->run_hooks("modcp_reports"); 354 355 eval("\$allreportedposts = \"".$templates->get("modcp_reports_allreports")."\";"); 356 output_page($allreportedposts); 357 } 358 359 if($mybb->input['action'] == "modlogs") 360 { 361 add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs"); 362 363 $perpage = intval($mybb->input['perpage']); 364 if(!$perpage || $perpage <= 0) 365 { 366 $perpage = $mybb->settings['threadsperpage']; 367 } 368 369 $where = ''; 370 371 // Searching for entries by a particular user 372 if($mybb->input['uid']) 373 { 374 $where .= " AND l.uid='".intval($mybb->input['uid'])."'"; 375 } 376 377 // Searching for entries in a specific forum 378 if($mybb->input['fid']) 379 { 380 $where .= " AND t.fid='".intval($mybb->input['fid'])."'"; 381 } 382 383 // Order? 384 switch($mybb->input['sortby']) 385 { 386 case "username": 387 $sortby = "u.username"; 388 break; 389 case "forum": 390 $sortby = "f.name"; 391 break; 392 case "thread": 393 $sortby = "t.subject"; 394 break; 395 default: 396 $sortby = "l.dateline"; 397 } 398 $order = $mybb->input['order']; 399 if($order != "asc") 400 { 401 $order = "desc"; 402 } 403 404 $plugins->run_hooks("modcp_modlogs_start"); 405 406 $query = $db->query(" 407 SELECT COUNT(l.dateline) AS count 408 FROM ".TABLE_PREFIX."moderatorlog l 409 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 410 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 411 WHERE 1=1 {$where}{$tflist} 412 "); 413 $rescount = $db->fetch_field($query, "count"); 414 415 // Figure out if we need to display multiple pages. 416 if($mybb->input['page'] != "last") 417 { 418 $page = intval($mybb->input['page']); 419 } 420 421 $postcount = intval($rescount); 422 $pages = $postcount / $perpage; 423 $pages = ceil($pages); 424 425 if($mybb->input['page'] == "last") 426 { 427 $page = $pages; 428 } 429 430 if($page > $pages || $page <= 0) 431 { 432 $page = 1; 433 } 434 435 if($page) 436 { 437 $start = ($page-1) * $perpage; 438 } 439 else 440 { 441 $start = 0; 442 $page = 1; 443 } 444 445 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=modlogs&perpage=$perpage&uid={$mybb->input['uid']}&fid={$mybb->input['fid']}&sortby={$mybb->input['sortby']}&order={$mybb->input['order']}"); 446 if($postcount > $perpage) 447 { 448 eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";"); 449 } 450 $query = $db->query(" 451 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 452 FROM ".TABLE_PREFIX."moderatorlog l 453 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 454 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 455 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 456 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 457 WHERE 1=1 {$where}{$tflist} 458 ORDER BY {$sortby} {$order} 459 LIMIT {$start}, {$perpage} 460 "); 461 while($logitem = $db->fetch_array($query)) 462 { 463 $information = ''; 464 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 465 $log_date = my_date($mybb->settings['dateformat'], $logitem['dateline']); 466 $log_time = my_date($mybb->settings['timeformat'], $logitem['dateline']); 467 $trow = alt_trow(); 468 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 469 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 470 if($logitem['tsubject']) 471 { 472 $information = "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($logitem['tid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['tsubject'])."</a><br />"; 473 } 474 if($logitem['fname']) 475 { 476 $information .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($logitem['fid'])."\" target=\"_blank\">{$logitem['fname']}</a><br />"; 477 } 478 if($logitem['psubject']) 479 { 480 $information .= "<strong>{$lang->post}</strong> <a href=\"".get_post_link($logitem['pid'])."#pid{$logitem['pid']}\">".htmlspecialchars_uni($logitem['psubject'])."</a>"; 481 } 482 483 // Edited a user? 484 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 485 { 486 $data = unserialize($logitem['data']); 487 if($data['uid']) 488 { 489 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 490 } 491 } 492 493 eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";"); 494 } 495 496 if(!$results) 497 { 498 eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";"); 499 } 500 501 $plugins->run_hooks("modcp_modlogs_filter"); 502 503 // Fetch filter options 504 $sortbysel[$mybb->input['sortby']] = "selected=\"selected\""; 505 $ordersel[$mybb->input['order']] = "selected=\"selected\""; 506 $query = $db->query(" 507 SELECT DISTINCT l.uid, u.username 508 FROM ".TABLE_PREFIX."moderatorlog l 509 LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid) 510 ORDER BY u.username ASC 511 "); 512 while($user = $db->fetch_array($query)) 513 { 514 // Deleted Users 515 if(!$user['username']) 516 { 517 $user['username'] = $lang->na_deleted; 518 } 519 520 $selected = ''; 521 if($mybb->input['uid'] == $user['uid']) 522 { 523 $selected = " selected=\"selected\""; 524 } 525 $user_options .= "<option value=\"{$user['uid']}\"{$selected}>".htmlspecialchars_uni($user['username'])."</option>\n"; 526 } 527 528 $forum_select = build_forum_jump("", $mybb->input['fid'], 1, '', 0, true, '', "fid"); 529 530 eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";"); 531 output_page($modlogs); 532 } 533 534 if($mybb->input['action'] == "do_delete_announcement") 535 { 536 verify_post_check($mybb->input['my_post_key']); 537 538 $aid = intval($mybb->input['aid']); 539 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 540 $announcement = $db->fetch_array($query); 541 542 if(!$announcement['aid']) 543 { 544 error($lang->error_invalid_announcement); 545 } 546 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid']))) 547 { 548 error_no_permission(); 549 } 550 551 $plugins->run_hooks("modcp_do_delete_announcement"); 552 553 $db->delete_query("announcements", "aid='{$aid}'"); 554 $cache->update_forumsdisplay(); 555 556 redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement); 557 } 558 559 if($mybb->input['action'] == "delete_announcement") 560 { 561 $aid = intval($mybb->input['aid']); 562 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 563 564 $announcement = $db->fetch_array($query); 565 $announcement['subject'] = htmlspecialchars_uni($announcement['subject']); 566 567 if(!$announcement['aid']) 568 { 569 error($lang->error_invalid_announcement); 570 } 571 572 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid']))) 573 { 574 error_no_permission(); 575 } 576 577 $plugins->run_hooks("modcp_delete_announcement"); 578 579 eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";"); 580 output_page($announcements); 581 } 582 583 if($mybb->input['action'] == "do_new_announcement") 584 { 585 verify_post_check($mybb->input['my_post_key']); 586 587 $announcement_fid = intval($mybb->input['fid']); 588 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid))) 589 { 590 error_no_permission(); 591 } 592 593 if(!trim($mybb->input['title'])) 594 { 595 $errors[] = $lang->error_missing_title; 596 } 597 598 if(!trim($mybb->input['message'])) 599 { 600 $errors[] = $lang->error_missing_message; 601 } 602 603 if(!trim($mybb->input['fid'])) 604 { 605 $errors[] = $lang->error_missing_forum; 606 } 607 608 $startdate = @explode(" ", $mybb->input['starttime_time']); 609 $startdate = @explode(":", $startdate[0]); 610 $enddate = @explode(" ", $mybb->input['endtime_time']); 611 $enddate = @explode(":", $enddate[0]); 612 613 if(stristr($mybb->input['starttime_time'], "pm")) 614 { 615 $startdate[0] = 12+$startdate[0]; 616 if($startdate[0] >= 24) 617 { 618 $startdate[0] = "00"; 619 } 620 } 621 622 if(stristr($mybb->input['endtime_time'], "pm")) 623 { 624 $enddate[0] = 12+$enddate[0]; 625 if($enddate[0] >= 24) 626 { 627 $enddate[0] = "00"; 628 } 629 } 630 631 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 632 if(!in_array($mybb->input['starttime_month'], $months)) 633 { 634 $mybb->input['starttime_month'] = 1; 635 } 636 637 $startdate = gmmktime(intval($startdate[0]), intval($startdate[1]), 0, (int)$mybb->input['starttime_month'], intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year'])); 638 639 if($startdate < 0 || $startdate == false) 640 { 641 $errors[] = $lang->error_invalid_start_date; 642 } 643 644 if($mybb->input['endtime_type'] == "2") 645 { 646 $enddate = '0'; 647 } 648 else 649 { 650 if(!in_array($mybb->input['endtime_month'], $months)) 651 { 652 $mybb->input['endtime_month'] = 1; 653 } 654 $enddate = gmmktime(intval($enddate[0]), intval($enddate[1]), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year'])); 655 if($enddate < 0 || $enddate == false) 656 { 657 $errors[] = $lang->error_invalid_end_date; 658 } 659 elseif($enddate < $startdate) 660 { 661 $errors[] = $lang->error_end_before_start; 662 } 663 } 664 665 $plugins->run_hooks("modcp_do_new_announcement_start"); 666 667 if(!$errors) 668 { 669 $insert_announcement = array( 670 'fid' => $announcement_fid, 671 'uid' => $mybb->user['uid'], 672 'subject' => $db->escape_string($mybb->input['title']), 673 'message' => $db->escape_string($mybb->input['message']), 674 'startdate' => $startdate, 675 'enddate' => $enddate, 676 'allowhtml' => $db->escape_string($mybb->input['allowhtml']), 677 'allowmycode' => $db->escape_string($mybb->input['allowmycode']), 678 'allowsmilies' => $db->escape_string($mybb->input['allowsmilies']), 679 ); 680 681 $aid = $db->insert_query("announcements", $insert_announcement); 682 683 $plugins->run_hooks("modcp_do_new_announcement_end"); 684 685 $cache->update_forumsdisplay(); 686 redirect("modcp.php?action=announcements", $lang->redirect_add_announcement); 687 } 688 else 689 { 690 $mybb->input['action'] = 'new_announcement'; 691 } 692 } 693 694 if($mybb->input['action'] == "new_announcement") 695 { 696 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 697 add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements"); 698 699 $announcement_fid = intval($mybb->input['fid']); 700 701 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid))) 702 { 703 error_no_permission(); 704 } 705 706 // Deal with inline errors 707 if(is_array($errors)) 708 { 709 $errors = inline_error($errors); 710 711 // Set $announcement to input stuff 712 $announcement['subject'] = $mybb->input['title']; 713 $announcement['message'] = $mybb->input['message']; 714 $announcement['allowhtml'] = $mybb->input['allowhtml']; 715 $announcement['allowmycode'] = $mybb->input['allowmycode']; 716 $announcement['allowsmilies'] = $mybb->input['allowsmilies']; 717 718 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 719 if(!in_array($mybb->input['starttime_month'], $months)) 720 { 721 $mybb->input['starttime_month'] = 1; 722 } 723 724 if(!in_array($mybb->input['endtime_month'], $months)) 725 { 726 $mybb->input['endtime_month'] = 1; 727 } 728 729 $startmonth = $mybb->input['starttime_month']; 730 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 731 $startday = intval($mybb->input['starttime_day']); 732 $starttime_time = htmlspecialchars($mybb->input['starttime_time']); 733 $endmonth = $mybb->input['endtime_month']; 734 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 735 $endday = intval($mybb->input['endtime_day']); 736 $endtime_time = htmlspecialchars($mybb->input['endtime_time']); 737 } 738 else 739 { 740 // Note: dates are in GMT timezone 741 $starttime_time = gmdate("g:i a", TIME_NOW); 742 $endtime_time = gmdate("g:i a", TIME_NOW); 743 $startday = $endday = gmdate("j", TIME_NOW); 744 $startmonth = $endmonth = gmdate("m", TIME_NOW); 745 $startdateyear = gmdate("Y", TIME_NOW); 746 747 $enddateyear = $startdateyear+1; 748 } 749 750 // Generate form elements 751 for($i = 1; $i <= 31; ++$i) 752 { 753 if($startday == $i) 754 { 755 $startdateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 756 } 757 else 758 { 759 $startdateday .= "<option value=\"$i\">$i</option>\n"; 760 } 761 762 if($endday == $i) 763 { 764 $enddateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 765 } 766 else 767 { 768 $enddateday .= "<option value=\"$i\">$i</option>\n"; 769 } 770 } 771 772 $startmonthsel = $endmonthsel = array(); 773 $startmonthsel[$startmonth] = "selected=\"selected\""; 774 $endmonthsel[$endmonth] = "selected=\"selected\""; 775 776 $startdatemonth .= "<option value=\"01\" {$startmonthsel['01']}>{$lang->january}</option>\n"; 777 $enddatemonth .= "<option value=\"01\" {$endmonthsel['01']}>{$lang->january}</option>\n"; 778 $startdatemonth .= "<option value=\"02\" {$startmonthsel['02']}>{$lang->february}</option>\n"; 779 $enddatemonth .= "<option value=\"02\" {$endmonthsel['02']}>{$lang->february}</option>\n"; 780 $startdatemonth .= "<option value=\"03\" {$startmonthsel['03']}>{$lang->march}</option>\n"; 781 $enddatemonth .= "<option value=\"03\" {$endmonthsel['03']}>{$lang->march}</option>\n"; 782 $startdatemonth .= "<option value=\"04\" {$startmonthsel['04']}>{$lang->april}</option>\n"; 783 $enddatemonth .= "<option value=\"04\" {$endmonthsel['04']}>{$lang->april}</option>\n"; 784 $startdatemonth .= "<option value=\"05\" {$startmonthsel['05']}>{$lang->may}</option>\n"; 785 $enddatemonth .= "<option value=\"05\" {$endmonthsel['05']}>{$lang->may}</option>\n"; 786 $startdatemonth .= "<option value=\"06\" {$startmonthsel['06']}>{$lang->june}</option>\n"; 787 $enddatemonth .= "<option value=\"06\" {$endmonthsel['06']}>{$lang->june}</option>\n"; 788 $startdatemonth .= "<option value=\"07\" {$startmonthsel['07']}>{$lang->july}</option>\n"; 789 $enddatemonth .= "<option value=\"07\" {$endmonthsel['07']}>{$lang->july}</option>\n"; 790 $startdatemonth .= "<option value=\"08\" {$startmonthsel['08']}>{$lang->august}</option>\n"; 791 $enddatemonth .= "<option value=\"08\" {$endmonthsel['08']}>{$lang->august}</option>\n"; 792 $startdatemonth .= "<option value=\"09\" {$startmonthsel['09']}>{$lang->september}</option>\n"; 793 $enddatemonth .= "<option value=\"09\" {$endmonthsel['09']}>{$lang->september}</option>\n"; 794 $startdatemonth .= "<option value=\"10\" {$startmonthsel['10']}>{$lang->october}</option>\n"; 795 $enddatemonth .= "<option value=\"10\" {$endmonthsel['10']}>{$lang->october}</option>\n"; 796 $startdatemonth .= "<option value=\"11\" {$startmonthsel['11']}>{$lang->november}</option>\n"; 797 $enddatemonth .= "<option value=\"11\" {$endmonthsel['11']}>{$lang->november}</option>\n"; 798 $startdatemonth .= "<option value=\"12\" {$startmonthsel['12']}>{$lang->december}</option>\n"; 799 $enddatemonth .= "<option value=\"12\" {$endmonthsel['12']}>{$lang->december}</option>\n"; 800 801 $title = htmlspecialchars_uni($announcement['subject']); 802 $message = htmlspecialchars_uni($announcement['message']); 803 804 $html_sel = $mycode_sel = $smilies_sel = array(); 805 if($mybb->input['allowhtml'] || !isset($mybb->input['allowhtml'])) 806 { 807 $html_sel['yes'] = ' checked="checked"'; 808 } 809 else 810 { 811 $html_sel['no'] = ' checked="checked"'; 812 } 813 814 if($mybb->input['allowmycode'] || !isset($mybb->input['allowmycode'])) 815 { 816 $mycode_sel['yes'] = ' checked="checked"'; 817 } 818 else 819 { 820 $mycode_sel['no'] = ' checked="checked"'; 821 } 822 823 if($mybb->input['allowsmilies'] || !isset($mybb->input['allowsmilies'])) 824 { 825 $smilies_sel['yes'] = ' checked="checked"'; 826 } 827 else 828 { 829 $smilies_sel['no'] = ' checked="checked"'; 830 } 831 832 if($mybb->input['endtime_type'] == 2 || !isset($mybb->input['endtime_type'])) 833 { 834 $end_type_sel['infinite'] = ' checked="checked"'; 835 } 836 else 837 { 838 $end_type_sel['finite'] = ' checked="checked"'; 839 } 840 841 // MyCode editor 842 $codebuttons = build_mycode_inserter(); 843 $smilieinserter = build_clickable_smilies(); 844 845 $plugins->run_hooks("modcp_new_announcement"); 846 847 eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";"); 848 output_page($announcements); 849 } 850 851 if($mybb->input['action'] == "do_edit_announcement") 852 { 853 verify_post_check($mybb->input['my_post_key']); 854 855 // Get the announcement 856 $aid = intval($mybb->input['aid']); 857 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 858 $announcement = $db->fetch_array($query); 859 860 // Check that it exists 861 if(!$announcement['aid']) 862 { 863 error($lang->error_invalid_announcement); 864 } 865 866 // Mod has permissions to edit this announcement 867 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid']))) 868 { 869 error_no_permission(); 870 } 871 872 // Basic error checking 873 if(!trim($mybb->input['title'])) 874 { 875 $errors[] = $lang->error_missing_title; 876 } 877 878 if(!trim($mybb->input['message'])) 879 { 880 $errors[] = $lang->error_missing_message; 881 } 882 883 if(!trim($mybb->input['fid'])) 884 { 885 $errors[] = $lang->error_missing_forum; 886 } 887 888 $startdate = @explode(" ", $mybb->input['starttime_time']); 889 $startdate = @explode(":", $startdate[0]); 890 $enddate = @explode(" ", $mybb->input['endtime_time']); 891 $enddate = @explode(":", $enddate[0]); 892 893 if(stristr($mybb->input['starttime_time'], "pm")) 894 { 895 $startdate[0] = 12+$startdate[0]; 896 if($startdate[0] >= 24) 897 { 898 $startdate[0] = "00"; 899 } 900 } 901 902 if(stristr($mybb->input['endtime_time'], "pm")) 903 { 904 $enddate[0] = 12+$enddate[0]; 905 if($enddate[0] >= 24) 906 { 907 $enddate[0] = "00"; 908 } 909 } 910 911 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 912 if(!in_array($mybb->input['starttime_month'], $months)) 913 { 914 $mybb->input['starttime_month'] = 1; 915 } 916 917 $startdate = gmmktime(intval($startdate[0]), intval($startdate[1]), 0, (int)$mybb->input['starttime_month'], intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year'])); 918 if($startdate < 0 || $startdate == false) 919 { 920 $errors[] = $lang->error_invalid_start_date; 921 } 922 923 if($mybb->input['endtime_type'] == "2") 924 { 925 $enddate = '0'; 926 } 927 else 928 { 929 if(!in_array($mybb->input['endtime_month'], $months)) 930 { 931 $mybb->input['endtime_month'] = 1; 932 } 933 $enddate = gmmktime(intval($enddate[0]), intval($enddate[1]), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year'])); 934 if($enddate < 0 || $enddate == false) 935 { 936 $errors[] = $lang->error_invalid_end_date; 937 } 938 elseif($enddate < $startdate) 939 { 940 $errors[] = $lang->error_end_before_start; 941 } 942 } 943 944 $plugins->run_hooks("modcp_do_edit_announcement_start"); 945 946 // Proceed to update if no errors 947 if(!$errors) 948 { 949 $update_announcement = array( 950 'uid' => $mybb->user['uid'], 951 'subject' => $db->escape_string($mybb->input['title']), 952 'message' => $db->escape_string($mybb->input['message']), 953 'startdate' => $startdate, 954 'enddate' => $enddate, 955 'allowhtml' => $db->escape_string($mybb->input['allowhtml']), 956 'allowmycode' => $db->escape_string($mybb->input['allowmycode']), 957 'allowsmilies' => $db->escape_string($mybb->input['allowsmilies']), 958 ); 959 960 $db->update_query("announcements", $update_announcement, "aid='{$aid}'"); 961 962 $plugins->run_hooks("modcp_do_edit_announcement_end"); 963 964 $cache->update_forumsdisplay(); 965 redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement); 966 } 967 else 968 { 969 $mybb->input['action'] = 'edit_announcement'; 970 } 971 } 972 973 if($mybb->input['action'] == "edit_announcement") 974 { 975 $announcement_fid = intval($mybb->input['fid']); 976 $aid = intval($mybb->input['aid']); 977 978 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 979 add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&aid={$aid}"); 980 981 // Get announcement 982 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 983 $announcement = $db->fetch_array($query); 984 985 if(!$announcement['fid']) 986 { 987 error($lang->error_invalid_announcement); 988 } 989 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid']))) 990 { 991 error_no_permission(); 992 } 993 994 if(!$announcement['startdate']) 995 { 996 // No start date? Make it now. 997 $announcement['startdate'] = TIME_NOW; 998 } 999 1000 $makeshift_end = false; 1001 if(!$announcement['enddate']) 1002 { 1003 $makeshift_end = true; 1004 $makeshift_time = TIME_NOW; 1005 if($announcement['startdate']) 1006 { 1007 $makeshift_time = $announcement['startdate']; 1008 } 1009 1010 // No end date? Make it a year from now. 1011 $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366); 1012 } 1013 1014 // Deal with inline errors 1015 if(is_array($errors)) 1016 { 1017 $errors = inline_error($errors); 1018 1019 // Set $announcement to input stuff 1020 $announcement['subject'] = $mybb->input['title']; 1021 $announcement['message'] = $mybb->input['message']; 1022 $announcement['allowhtml'] = $mybb->input['allowhtml']; 1023 $announcement['allowmycode'] = $mybb->input['allowmycode']; 1024 $announcement['allowsmilies'] = $mybb->input['allowsmilies']; 1025 1026 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1027 if(!in_array($mybb->input['starttime_month'], $months)) 1028 { 1029 $mybb->input['starttime_month'] = 1; 1030 } 1031 1032 if(!in_array($mybb->input['endtime_month'], $months)) 1033 { 1034 $mybb->input['endtime_month'] = 1; 1035 } 1036 1037 $startmonth = $mybb->input['starttime_month']; 1038 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1039 $startday = intval($mybb->input['starttime_day']); 1040 $starttime_time = htmlspecialchars($mybb->input['starttime_time']); 1041 $endmonth = $mybb->input['endtime_month']; 1042 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1043 $endday = intval($mybb->input['endtime_day']); 1044 $endtime_time = htmlspecialchars($mybb->input['endtime_time']); 1045 1046 $errored = true; 1047 } 1048 else 1049 { 1050 // Note: dates are in GMT timezone 1051 $starttime_time = gmdate('g:i a', $announcement['startdate']); 1052 $endtime_time = gmdate('g:i a', $announcement['enddate']); 1053 1054 $startday = gmdate('j', $announcement['startdate']); 1055 $endday = gmdate('j', $announcement['enddate']); 1056 1057 $startmonth = gmdate('m', $announcement['startdate']); 1058 $endmonth = gmdate('m', $announcement['enddate']); 1059 1060 $startdateyear = gmdate('Y', $announcement['startdate']); 1061 $enddateyear = gmdate('Y', $announcement['enddate']); 1062 1063 $errored = false; 1064 } 1065 1066 // Generate form elements 1067 for($i = 1; $i <= 31; ++$i) 1068 { 1069 if($startday == $i) 1070 { 1071 $startdateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 1072 } 1073 else 1074 { 1075 $startdateday .= "<option value=\"$i\">$i</option>\n"; 1076 } 1077 1078 if($endday == $i) 1079 { 1080 $enddateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 1081 } 1082 else 1083 { 1084 $enddateday .= "<option value=\"$i\">$i</option>\n"; 1085 } 1086 } 1087 1088 $startmonthsel = $endmonthsel = array(); 1089 $startmonthsel[$startmonth] = "selected=\"selected\""; 1090 $endmonthsel[$endmonth] = "selected=\"selected\""; 1091 1092 $startdatemonth .= "<option value=\"01\" {$startmonthsel['01']}>{$lang->january}</option>\n"; 1093 $enddatemonth .= "<option value=\"01\" {$endmonthsel['01']}>{$lang->january}</option>\n"; 1094 $startdatemonth .= "<option value=\"02\" {$startmonthsel['02']}>{$lang->february}</option>\n"; 1095 $enddatemonth .= "<option value=\"02\" {$endmonthsel['02']}>{$lang->february}</option>\n"; 1096 $startdatemonth .= "<option value=\"03\" {$startmonthsel['03']}>{$lang->march}</option>\n"; 1097 $enddatemonth .= "<option value=\"03\" {$endmonthsel['03']}>{$lang->march}</option>\n"; 1098 $startdatemonth .= "<option value=\"04\" {$startmonthsel['04']}>{$lang->april}</option>\n"; 1099 $enddatemonth .= "<option value=\"04\" {$endmonthsel['04']}>{$lang->april}</option>\n"; 1100 $startdatemonth .= "<option value=\"05\" {$startmonthsel['05']}>{$lang->may}</option>\n"; 1101 $enddatemonth .= "<option value=\"05\" {$endmonthsel['05']}>{$lang->may}</option>\n"; 1102 $startdatemonth .= "<option value=\"06\" {$startmonthsel['06']}>{$lang->june}</option>\n"; 1103 $enddatemonth .= "<option value=\"06\" {$endmonthsel['06']}>{$lang->june}</option>\n"; 1104 $startdatemonth .= "<option value=\"07\" {$startmonthsel['07']}>{$lang->july}</option>\n"; 1105 $enddatemonth .= "<option value=\"07\" {$endmonthsel['07']}>{$lang->july}</option>\n"; 1106 $startdatemonth .= "<option value=\"08\" {$startmonthsel['08']}>{$lang->august}</option>\n"; 1107 $enddatemonth .= "<option value=\"08\" {$endmonthsel['08']}>{$lang->august}</option>\n"; 1108 $startdatemonth .= "<option value=\"09\" {$startmonthsel['09']}>{$lang->september}</option>\n"; 1109 $enddatemonth .= "<option value=\"09\" {$endmonthsel['09']}>{$lang->september}</option>\n"; 1110 $startdatemonth .= "<option value=\"10\" {$startmonthsel['10']}>{$lang->october}</option>\n"; 1111 $enddatemonth .= "<option value=\"10\" {$endmonthsel['10']}>{$lang->october}</option>\n"; 1112 $startdatemonth .= "<option value=\"11\" {$startmonthsel['11']}>{$lang->november}</option>\n"; 1113 $enddatemonth .= "<option value=\"11\" {$endmonthsel['11']}>{$lang->november}</option>\n"; 1114 $startdatemonth .= "<option value=\"12\" {$startmonthsel['12']}>{$lang->december}</option>\n"; 1115 $enddatemonth .= "<option value=\"12\" {$endmonthsel['12']}>{$lang->december}</option>\n"; 1116 1117 $title = htmlspecialchars_uni($announcement['subject']); 1118 $message = htmlspecialchars_uni($announcement['message']); 1119 1120 $html_sel = $mycode_sel = $smilies_sel = array(); 1121 if($announcement['allowhtml']) 1122 { 1123 $html_sel['yes'] = ' checked="checked"'; 1124 } 1125 else 1126 { 1127 $html_sel['no'] = ' checked="checked"'; 1128 } 1129 1130 if($announcement['allowmycode']) 1131 { 1132 $mycode_sel['yes'] = ' checked="checked"'; 1133 } 1134 else 1135 { 1136 $mycode_sel['no'] = ' checked="checked"'; 1137 } 1138 1139 if($announcement['allowsmilies']) 1140 { 1141 $smilies_sel['yes'] = ' checked="checked"'; 1142 } 1143 else 1144 { 1145 $smilies_sel['no'] = ' checked="checked"'; 1146 } 1147 1148 if(($errored && $mybb->input['endtime_type'] == 2) || (!$errored && intval($announcement['enddate']) == 0) || $makeshift_end == true) 1149 { 1150 $end_type_sel['infinite'] = ' checked="checked"'; 1151 } 1152 else 1153 { 1154 $end_type_sel['finite'] = ' checked="checked"'; 1155 } 1156 1157 // MyCode editor 1158 $codebuttons = build_mycode_inserter(); 1159 $smilieinserter = build_clickable_smilies(); 1160 1161 $plugins->run_hooks("modcp_edit_announcement"); 1162 1163 eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";"); 1164 output_page($announcements); 1165 } 1166 1167 if($mybb->input['action'] == "announcements") 1168 { 1169 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1170 1171 // Fetch announcements into their proper arrays 1172 $query = $db->simple_select("announcements", "aid, fid, subject, enddate"); 1173 while($announcement = $db->fetch_array($query)) 1174 { 1175 if($announcement['fid'] == -1) 1176 { 1177 $global_announcements[$announcement['aid']] = $announcement; 1178 continue; 1179 } 1180 $announcements[$announcement['fid']][$announcement['aid']] = $announcement; 1181 } 1182 1183 if($mybb->usergroup['issupermod'] == 1) 1184 { 1185 if($global_announcements && $mybb->usergroup['issupermod'] == 1) 1186 { 1187 // Get the global announcements 1188 foreach($global_announcements as $aid => $announcement) 1189 { 1190 $trow = alt_trow(); 1191 if($announcement['startdate'] > TIME_NOW || ($announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0)) 1192 { 1193 $icon = "<img src=\"images/minioff.gif\" alt=\"({$lang->expired})\" title=\"{$lang->expired_announcement}\" style=\"vertical-align: middle;\" /> "; 1194 } 1195 else 1196 { 1197 $icon = "<img src=\"images/minion.gif\" alt=\"({$lang->active})\" title=\"{$lang->active_announcement}\" style=\"vertical-align: middle;\" /> "; 1198 } 1199 1200 $subject = htmlspecialchars_uni($announcement['subject']); 1201 1202 eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";"); 1203 } 1204 } 1205 else 1206 { 1207 // No global announcements 1208 eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";"); 1209 } 1210 eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";"); 1211 } 1212 else 1213 { 1214 // Moderator is not super, so don't show global annnouncemnets 1215 $announcements_global = ''; 1216 } 1217 1218 fetch_forum_announcements(); 1219 1220 if(!$announcements_forum) 1221 { 1222 eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";"); 1223 } 1224 1225 $plugins->run_hooks("modcp_announcements"); 1226 1227 eval("\$announcements = \"".$templates->get("modcp_announcements")."\";"); 1228 output_page($announcements); 1229 } 1230 1231 if($mybb->input['action'] == "do_modqueue") 1232 { 1233 require_once MYBB_ROOT."inc/class_moderation.php"; 1234 $moderation = new Moderation; 1235 1236 // Verify incoming POST request 1237 verify_post_check($mybb->input['my_post_key']); 1238 1239 $plugins->run_hooks("modcp_do_modqueue_start"); 1240 1241 if(is_array($mybb->input['threads'])) 1242 { 1243 // Fetch threads 1244 $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", array_map("intval", array_keys($mybb->input['threads'])))."){$flist}"); 1245 while($thread = $db->fetch_array($query)) 1246 { 1247 $action = $mybb->input['threads'][$thread['tid']]; 1248 if($action == "approve") 1249 { 1250 $threads_to_approve[] = $thread['tid']; 1251 } 1252 else if($action == "delete") 1253 { 1254 $threads_to_delete[] = $thread['tid']; 1255 } 1256 } 1257 if(!empty($threads_to_approve)) 1258 { 1259 $moderation->approve_threads($threads_to_approve); 1260 log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads); 1261 } 1262 if(!empty($threads_to_delete)) 1263 { 1264 foreach($threads_to_delete as $tid) 1265 { 1266 $moderation->delete_thread($tid); 1267 } 1268 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads); 1269 } 1270 1271 $plugins->run_hooks("modcp_do_modqueue_end"); 1272 1273 redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated); 1274 } 1275 else if(is_array($mybb->input['posts'])) 1276 { 1277 // Fetch posts 1278 $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", array_map("intval", array_keys($mybb->input['posts'])))."){$flist}"); 1279 while($post = $db->fetch_array($query)) 1280 { 1281 $action = $mybb->input['posts'][$post['pid']]; 1282 if($action == "approve") 1283 { 1284 $posts_to_approve[] = $post['pid']; 1285 } 1286 else if($action == "delete") 1287 { 1288 $moderation->delete_post($post['pid']); 1289 } 1290 } 1291 if(is_array($posts_to_approve)) 1292 { 1293 $moderation->approve_posts($posts_to_approve); 1294 } 1295 log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts); 1296 1297 $plugins->run_hooks("modcp_do_modqueue_end"); 1298 1299 redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated); 1300 } 1301 else if(is_array($mybb->input['attachments'])) 1302 { 1303 $query = $db->query(" 1304 SELECT a.pid, a.aid 1305 FROM ".TABLE_PREFIX."attachments a 1306 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 1307 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1308 WHERE aid IN (".implode(",", array_map("intval", array_keys($mybb->input['attachments'])))."){$tflist} 1309 "); 1310 while($attachment = $db->fetch_array($query)) 1311 { 1312 $action = $mybb->input['attachments'][$attachment['aid']]; 1313 if($action == "approve") 1314 { 1315 $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'"); 1316 } 1317 else if($action == "delete") 1318 { 1319 remove_attachment($attachment['pid'], '', $attachment['aid']); 1320 } 1321 } 1322 1323 $plugins->run_hooks("modcp_do_modqueue_end"); 1324 1325 redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated); 1326 } 1327 } 1328 1329 if($mybb->input['action'] == "modqueue") 1330 { 1331 if($mybb->input['type'] == "threads" || !$mybb->input['type']) 1332 { 1333 $forum_cache = $cache->read("forums"); 1334 1335 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible=0 {$flist}"); 1336 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 1337 1338 // Figure out if we need to display multiple pages. 1339 if($mybb->input['page'] != "last") 1340 { 1341 $page = intval($mybb->input['page']); 1342 } 1343 1344 $perpage = $mybb->settings['threadsperpage']; 1345 $pages = $unapproved_threads / $perpage; 1346 $pages = ceil($pages); 1347 1348 if($mybb->input['page'] == "last") 1349 { 1350 $page = $pages; 1351 } 1352 1353 if($page > $pages || $page <= 0) 1354 { 1355 $page = 1; 1356 } 1357 1358 if($page) 1359 { 1360 $start = ($page-1) * $perpage; 1361 } 1362 else 1363 { 1364 $start = 0; 1365 $page = 1; 1366 } 1367 1368 $multipage = multipage($pages, $perpage, $page, "modcp.php?action=modqueue&type=threads"); 1369 1370 $query = $db->query(" 1371 SELECT t.tid, t.dateline, t.fid, t.subject, p.message AS postmessage, u.username AS username, t.uid 1372 FROM ".TABLE_PREFIX."threads t 1373 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost) 1374 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid) 1375 WHERE t.visible='0' {$tflist} 1376 ORDER BY t.lastpost DESC 1377 LIMIT {$start}, {$perpage} 1378 "); 1379 while($thread = $db->fetch_array($query)) 1380 { 1381 $altbg = alt_trow(); 1382 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 1383 $thread['threadlink'] = get_thread_link($thread['tid']); 1384 $thread['forumlink'] = get_forum_link($thread['fid']); 1385 $forum_name = $forum_cache[$thread['fid']]['name']; 1386 $threaddate = my_date($mybb->settings['dateformat'], $thread['dateline']); 1387 $threadtime = my_date($mybb->settings['timeformat'], $thread['dateline']); 1388 $profile_link = build_profile_link($thread['username'], $thread['uid']); 1389 $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage'])); 1390 $forum = "<strong>{$lang->meta_forum} <a href=\"{$thread['forumlink']}\">{$forum_name}</a></strong>"; 1391 eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";"); 1392 } 1393 1394 if(!$threads && $mybb->input['type'] == "threads") 1395 { 1396 eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";"); 1397 } 1398 1399 if($threads) 1400 { 1401 add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&type=threads"); 1402 1403 $plugins->run_hooks("modcp_modqueue_threads_end"); 1404 1405 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 1406 eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";"); 1407 output_page($threadqueue); 1408 } 1409 $type = 'threads'; 1410 } 1411 1412 if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue)) 1413 { 1414 $forum_cache = $cache->read("forums"); 1415 1416 $query = $db->query(" 1417 SELECT COUNT(pid) AS unapprovedposts 1418 FROM ".TABLE_PREFIX."posts p 1419 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1420 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 1421 "); 1422 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 1423 1424 // Figure out if we need to display multiple pages. 1425 if($mybb->input['page'] != "last") 1426 { 1427 $page = intval($mybb->input['page']); 1428 } 1429 1430 $perpage = $mybb->settings['postsperpage']; 1431 $pages = $unapproved_posts / $perpage; 1432 $pages = ceil($pages); 1433 1434 if($mybb->input['page'] == "last") 1435 { 1436 $page = $pages; 1437 } 1438 1439 if($page > $pages || $page <= 0) 1440 { 1441 $page = 1; 1442 } 1443 1444 if($page) 1445 { 1446 $start = ($page-1) * $perpage; 1447 } 1448 else 1449 { 1450 $start = 0; 1451 $page = 1; 1452 } 1453 1454 $multipage = multipage($pages, $perpage, $page, "modcp.php?action=modqueue&type=posts"); 1455 1456 $query = $db->query(" 1457 SELECT p.pid, p.subject, p.message, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline 1458 FROM ".TABLE_PREFIX."posts p 1459 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1460 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 1461 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 1462 ORDER BY p.dateline DESC 1463 LIMIT {$start}, {$perpage} 1464 "); 1465 while($post = $db->fetch_array($query)) 1466 { 1467 $altbg = alt_trow(); 1468 $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject'])); 1469 $post['threadlink'] = get_thread_link($post['tid']); 1470 $post['forumlink'] = get_forum_link($post['fid']); 1471 $post['postlink'] = get_post_link($post['pid'], $post['tid']); 1472 $forum_name = $forum_cache[$post['fid']]['name']; 1473 $postdate = my_date($mybb->settings['dateformat'], $post['dateline']); 1474 $posttime = my_date($mybb->settings['timeformat'], $post['dateline']); 1475 $profile_link = build_profile_link($post['username'], $post['uid']); 1476 $thread = "<strong>{$lang->meta_thread} <a href=\"{$post['threadlink']}\">{$post['threadsubject']}</a></strong>"; 1477 $forum = "<strong>{$lang->meta_forum} <a href=\"{$post['forumlink']}\">{$forum_name}</a></strong><br />"; 1478 $post['message'] = nl2br(htmlspecialchars_uni($post['message'])); 1479 eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";"); 1480 } 1481 1482 if(!$posts && $mybb->input['type'] == "posts") 1483 { 1484 eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";"); 1485 } 1486 1487 if($posts) 1488 { 1489 add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&type=posts"); 1490 1491 $plugins->run_hooks("modcp_modqueue_posts_end"); 1492 1493 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 1494 eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";"); 1495 output_page($postqueue); 1496 } 1497 } 1498 1499 if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue)) 1500 { 1501 $query = $db->query(" 1502 SELECT COUNT(aid) AS unapprovedattachments 1503 FROM ".TABLE_PREFIX."attachments a 1504 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 1505 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1506 WHERE a.visible='0' {$tflist} 1507 "); 1508 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 1509 1510 // Figure out if we need to display multiple pages. 1511 if($mybb->input['page'] != "last") 1512 { 1513 $page = intval($mybb->input['page']); 1514 } 1515 1516 $perpage = $mybb->settings['postsperpage']; 1517 $pages = $unapproved_attachments / $perpage; 1518 $pages = ceil($pages); 1519 1520 if($mybb->input['page'] == "last") 1521 { 1522 $page = $pages; 1523 } 1524 1525 if($page > $pages || $page <= 0) 1526 { 1527 $page = 1; 1528 } 1529 1530 if($page) 1531 { 1532 $start = ($page-1) * $perpage; 1533 } 1534 else 1535 { 1536 $start = 0; 1537 $page = 1; 1538 } 1539 1540 $multipage = multipage($pages, $perpage, $page, "modcp.php?action=modqueue&type=attachments"); 1541 1542 $query = $db->query(" 1543 SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject 1544 FROM ".TABLE_PREFIX."attachments a 1545 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 1546 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1547 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 1548 WHERE a.visible='0' 1549 ORDER BY a.dateuploaded DESC 1550 LIMIT {$start}, {$perpage} 1551 "); 1552 while($attachment = $db->fetch_array($query)) 1553 { 1554 $altbg = alt_trow(); 1555 1556 if(!$attachment['dateuploaded']) 1557 { 1558 $attachment['dateuploaded'] = $attachment['dateline']; 1559 } 1560 1561 $attachdate = my_date($mybb->settings['dateformat'], $attachment['dateuploaded']); 1562 $attachtime = my_date($mybb->settings['timeformat'], $attachment['dateuploaded']); 1563 1564 $attachment['postsubject'] = htmlspecialchars_uni($attachment['postsubject']); 1565 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 1566 $attachment['threadsubject'] = htmlspecialchars_uni($attachment['threadsubject']); 1567 $attachment['filesize'] = get_friendly_size($attachment['filesize']); 1568 1569 $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}"; 1570 $thread_link = get_thread_link($attachment['tid']); 1571 $profile_link = build_profile_link($attachment['username'], $attachment['uid']); 1572 1573 eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";"); 1574 } 1575 1576 if(!$attachments && $mybb->input['type'] == "attachments") 1577 { 1578 eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";"); 1579 } 1580 1581 if($attachments) 1582 { 1583 add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&type=attachments"); 1584 1585 $plugins->run_hooks("modcp_modqueue_attachments_end"); 1586 1587 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 1588 eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";"); 1589 output_page($attachmentqueue); 1590 } 1591 } 1592 1593 // Still nothing? All queues are empty! :-D 1594 if(!$threadqueue && !$postqueue && !$attachmentqueue) 1595 { 1596 add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue"); 1597 1598 $plugins->run_hooks("modcp_modqueue_end"); 1599 1600 eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";"); 1601 output_page($queue); 1602 } 1603 } 1604 1605 if($mybb->input['action'] == "do_editprofile") 1606 { 1607 // Verify incoming POST request 1608 verify_post_check($mybb->input['my_post_key']); 1609 1610 $user = get_user($mybb->input['uid']); 1611 if(!$user['uid']) 1612 { 1613 error($lang->invalid_user); 1614 } 1615 1616 // Check if the current user has permission to edit this user 1617 if(!modcp_can_manage_user($user['uid'])) 1618 { 1619 error_no_permission(); 1620 } 1621 1622 $plugins->run_hooks("modcp_do_editprofile_start"); 1623 1624 // Set up user handler. 1625 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1626 $userhandler = new UserDataHandler('update'); 1627 1628 // Set the data for the new user. 1629 $updated_user = array( 1630 "uid" => $mybb->input['uid'], 1631 "profile_fields" => $mybb->input['profile_fields'], 1632 "profile_fields_editable" => true, 1633 "website" => $mybb->input['website'], 1634 "icq" => $mybb->input['icq'], 1635 "aim" => $mybb->input['aim'], 1636 "yahoo" => $mybb->input['yahoo'], 1637 "msn" => $mybb->input['msn'], 1638 "signature" => $mybb->input['signature'], 1639 "usernotes" => $mybb->input['usernotes'] 1640 ); 1641 1642 $updated_user['birthday'] = array( 1643 "day" => $mybb->input['birthday_day'], 1644 "month" => $mybb->input['birthday_month'], 1645 "year" => $mybb->input['birthday_year'] 1646 ); 1647 1648 if($mybb->input['usertitle'] != '') 1649 { 1650 $updated_user['usertitle'] = $mybb->input['usertitle']; 1651 } 1652 else if($mybb->input['reverttitle']) 1653 { 1654 $updated_user['usertitle'] = ''; 1655 } 1656 1657 if($mybb->input['remove_avatar']) 1658 { 1659 $updated_user['avatarurl'] = ''; 1660 } 1661 1662 // Set the data of the user in the datahandler. 1663 $userhandler->set_data($updated_user); 1664 $errors = ''; 1665 1666 // Validate the user and get any errors that might have occurred. 1667 if(!$userhandler->validate_user()) 1668 { 1669 $errors = $userhandler->get_friendly_errors(); 1670 $mybb->input['action'] = "editprofile"; 1671 } 1672 else 1673 { 1674 // Are we removing an avatar from this user? 1675 if($mybb->input['remove_avatar']) 1676 { 1677 $extra_user_updates = array( 1678 "avatar" => "", 1679 "avatardimensions" => "", 1680 "avatartype" => "" 1681 ); 1682 remove_avatars($user['uid']); 1683 } 1684 1685 // Moderator "Options" (suspend signature, suspend/moderate posting) 1686 $moderator_options = array( 1687 1 => array( 1688 "action" => "suspendsignature", // The moderator action we're performing 1689 "period" => "action_period", // The time period we've selected from the dropdown box 1690 "time" => "action_time", // The time we've entered 1691 "update_field" => "suspendsignature", // The field in the database to update if true 1692 "update_length" => "suspendsigtime" // The length of suspension field in the database 1693 ), 1694 2 => array( 1695 "action" => "moderateposting", 1696 "period" => "modpost_period", 1697 "time" => "modpost_time", 1698 "update_field" => "moderateposts", 1699 "update_length" => "moderationtime" 1700 ), 1701 3 => array( 1702 "action" => "suspendposting", 1703 "period" => "suspost_period", 1704 "time" => "suspost_time", 1705 "update_field" => "suspendposting", 1706 "update_length" => "suspensiontime" 1707 ) 1708 ); 1709 1710 require_once MYBB_ROOT."inc/functions_warnings.php"; 1711 foreach($moderator_options as $option) 1712 { 1713 if(!$mybb->input[$option['action']]) 1714 { 1715 if($user[$option['update_field']] == 1) 1716 { 1717 // We're revoking the suspension 1718 $extra_user_updates[$option['update_field']] = 0; 1719 $extra_user_updates[$option['update_length']] = 0; 1720 } 1721 1722 // Skip this option if we haven't selected it 1723 continue; 1724 } 1725 1726 if($mybb->input[$option['action']]) 1727 { 1728 if(intval($mybb->input[$option['time']]) == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1) 1729 { 1730 // User has selected a type of ban, but not entered a valid time frame 1731 $string = $option['action']."_error"; 1732 $errors[] = $lang->$string; 1733 } 1734 1735 if(!is_array($errors)) 1736 { 1737 $suspend_length = fetch_time_length(intval($mybb->input[$option['time']]), $mybb->input[$option['period']]); 1738 1739 if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never")) 1740 { 1741 // We already have a suspension, but entered a new time 1742 if($suspend_length == "-1") 1743 { 1744 // Permanent ban on action 1745 $extra_user_updates[$option['update_length']] = 0; 1746 } 1747 elseif($suspend_length && $suspend_length != "-1") 1748 { 1749 // Temporary ban on action 1750 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 1751 } 1752 } 1753 elseif(!$user[$option['update_field']]) 1754 { 1755 // New suspension for this user... bad user! 1756 $extra_user_updates[$option['update_field']] = 1; 1757 if($suspend_length == "-1") 1758 { 1759 $extra_user_updates[$option['update_length']] = 0; 1760 } 1761 else 1762 { 1763 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 1764 } 1765 } 1766 } 1767 } 1768 } 1769 1770 // Those with javascript turned off will be able to select both - cheeky! 1771 // Check to make sure we're not moderating AND suspending posting 1772 if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting']) 1773 { 1774 $errors[] = $lang->suspendmoderate_error; 1775 } 1776 1777 if(is_array($errors)) 1778 { 1779 $mybb->input['action'] = "editprofile"; 1780 } 1781 else 1782 { 1783 $plugins->run_hooks("modcp_do_editprofile_update"); 1784 1785 // Continue with the update if there is no errors 1786 $user_info = $userhandler->update_user(); 1787 $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'"); 1788 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user); 1789 1790 $plugins->run_hooks("modcp_do_editprofile_end"); 1791 1792 redirect("modcp.php?action=finduser", $lang->redirect_user_updated); 1793 } 1794 } 1795 } 1796 1797 if($mybb->input['action'] == "editprofile") 1798 { 1799 add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile"); 1800 1801 $user = get_user($mybb->input['uid']); 1802 if(!$user['uid']) 1803 { 1804 error($lang->invalid_user); 1805 } 1806 1807 // Check if the current user has permission to edit this user 1808 if(!modcp_can_manage_user($user['uid'])) 1809 { 1810 error_no_permission(); 1811 } 1812 1813 if($user['website'] == "" || $user['website'] == "http://") 1814 { 1815 $user['website'] = "http://"; 1816 } 1817 1818 if($user['icq'] != "0") 1819 { 1820 $user['icq'] = intval($user['icq']); 1821 } 1822 if($user['icq'] == 0) 1823 { 1824 $user['icq'] = ""; 1825 } 1826 1827 if(!$errors) 1828 { 1829 $mybb->input = array_merge($user, $mybb->input); 1830 list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = explode("-", $user['birthday']); 1831 } 1832 else 1833 { 1834 $errors = inline_error($errors); 1835 } 1836 1837 // Sanitize all input 1838 foreach(array('usertitle', 'website', 'icq', 'aim', 'yahoo', 'msn', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field) 1839 { 1840 $mybb->input[$field] = htmlspecialchars_uni($mybb->input[$field]); 1841 } 1842 1843 if($user['usertitle'] == "") 1844 { 1845 $query = $db->simple_select("usertitles", "*", "posts <='".$user['postnum']."'", array('order_by' => 'posts', 'order_dir' => 'DESC', 'limit' => 1)); 1846 $utitle = $db->fetch_array($query); 1847 $defaulttitle = $utitle['title']; 1848 } 1849 else 1850 { 1851 if(!$user['displaygroup']) 1852 { 1853 $user['displaygroup'] = $user['usergroup']; 1854 } 1855 1856 $displaygroupfields = array( 1857 "usertitle" 1858 ); 1859 $display_group = usergroup_displaygroup($user['displaygroup']); 1860 $defaulttitle = $display_group['usertitle']; 1861 } 1862 if(empty($user['usertitle'])) 1863 { 1864 $lang->current_custom_usertitle = ''; 1865 } 1866 1867 $bdaysel = ''; 1868 for($i = 1; $i <= 31; ++$i) 1869 { 1870 if($mybb->input['birthday_day'] == $i) 1871 { 1872 $bdaydaysel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 1873 } 1874 else 1875 { 1876 $bdaydaysel .= "<option value=\"$i\">$i</option>\n"; 1877 } 1878 } 1879 $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"'; 1880 1881 $plugins->run_hooks("modcp_editprofile_start"); 1882 1883 // Fetch profile fields 1884 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 1885 $user_fields = $db->fetch_array($query); 1886 1887 $requiredfields = ''; 1888 $customfields = ''; 1889 $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder')); 1890 while($profilefield = $db->fetch_array($query)) 1891 { 1892 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 1893 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 1894 $thing = explode("\n", $profilefield['type'], "2"); 1895 $type = $thing[0]; 1896 $options = $thing[1]; 1897 $field = "fid{$profilefield['fid']}"; 1898 $select = ''; 1899 if($errors) 1900 { 1901 $userfield = $mybb->input['profile_fields'][$field]; 1902 } 1903 else 1904 { 1905 $userfield = $user_fields[$field]; 1906 } 1907 if($type == "multiselect") 1908 { 1909 if($errors) 1910 { 1911 $useropts = $userfield; 1912 } 1913 else 1914 { 1915 $useropts = explode("\n", $userfield); 1916 } 1917 if(is_array($useropts)) 1918 { 1919 foreach($useropts as $key => $val) 1920 { 1921 $seloptions[$val] = $val; 1922 } 1923 } 1924 $expoptions = explode("\n", $options); 1925 if(is_array($expoptions)) 1926 { 1927 foreach($expoptions as $key => $val) 1928 { 1929 $val = trim($val); 1930 $val = str_replace("\n", "\\n", $val); 1931 1932 $sel = ""; 1933 if($val == $seloptions[$val]) 1934 { 1935 $sel = " selected=\"selected\""; 1936 } 1937 $select .= "<option value=\"$val\"$sel>$val</option>\n"; 1938 } 1939 if(!$profilefield['length']) 1940 { 1941 $profilefield['length'] = 3; 1942 } 1943 $code = "<select name=\"profile_fields[$field][]\" size=\"{$profilefield['length']}\" multiple=\"multiple\">$select</select>"; 1944 } 1945 } 1946 elseif($type == "select") 1947 { 1948 $expoptions = explode("\n", $options); 1949 if(is_array($expoptions)) 1950 { 1951 foreach($expoptions as $key => $val) 1952 { 1953 $val = trim($val); 1954 $val = str_replace("\n", "\\n", $val); 1955 $sel = ""; 1956 if($val == $userfield) 1957 { 1958 $sel = " selected=\"selected\""; 1959 } 1960 $select .= "<option value=\"$val\"$sel>$val</option>"; 1961 } 1962 if(!$profilefield['length']) 1963 { 1964 $profilefield['length'] = 1; 1965 } 1966 $code = "<select name=\"profile_fields[$field]\" size=\"{$profilefield['length']}\">$select</select>"; 1967 } 1968 } 1969 elseif($type == "radio") 1970 { 1971 $expoptions = explode("\n", $options); 1972 if(is_array($expoptions)) 1973 { 1974 foreach($expoptions as $key => $val) 1975 { 1976 $checked = ""; 1977 if($val == $userfield) 1978 { 1979 $checked = " checked=\"checked\""; 1980 } 1981 $code .= "<input type=\"radio\" class=\"radio\" name=\"profile_fields[$field]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />"; 1982 } 1983 } 1984 } 1985 elseif($type == "checkbox") 1986 { 1987 if($errors) 1988 { 1989 $useropts = $userfield; 1990 } 1991 else 1992 { 1993 $useropts = explode("\n", $userfield); 1994 } 1995 if(is_array($useropts)) 1996 { 1997 foreach($useropts as $key => $val) 1998 { 1999 $seloptions[$val] = $val; 2000 } 2001 } 2002 $expoptions = explode("\n", $options); 2003 if(is_array($expoptions)) 2004 { 2005 foreach($expoptions as $key => $val) 2006 { 2007 $checked = ""; 2008 if($val == $seloptions[$val]) 2009 { 2010 $checked = " checked=\"checked\""; 2011 } 2012 $code .= "<input type=\"checkbox\" class=\"checkbox\" name=\"profile_fields[$field][]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />"; 2013 } 2014 } 2015 } 2016 elseif($type == "textarea") 2017 { 2018 $value = htmlspecialchars_uni($userfield); 2019 $code = "<textarea name=\"profile_fields[$field]\" rows=\"6\" cols=\"30\" style=\"width: 95%\">$value</textarea>"; 2020 } 2021 else 2022 { 2023 $value = htmlspecialchars_uni($userfield); 2024 $maxlength = ""; 2025 if($profilefield['maxlength'] > 0) 2026 { 2027 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 2028 } 2029 $code = "<input type=\"text\" name=\"profile_fields[$field]\" class=\"textbox\" size=\"{$profilefield['length']}\"{$maxlength} value=\"$value\" />"; 2030 } 2031 if($profilefield['required'] == 1) 2032 { 2033 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 2034 } 2035 else 2036 { 2037 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 2038 } 2039 $altbg = alt_trow(); 2040 $code = ""; 2041 $select = ""; 2042 $val = ""; 2043 $options = ""; 2044 $expoptions = ""; 2045 $useropts = ""; 2046 $seloptions = ""; 2047 } 2048 if($customfields) 2049 { 2050 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 2051 } 2052 2053 $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']); 2054 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 2055 2056 $codebuttons = build_mycode_inserter("signature"); 2057 2058 // Do we mark the suspend signature box? 2059 if($user['suspendsignature'] || ($mybb->input['suspendsignature'] && !empty($errors))) 2060 { 2061 $checked = 1; 2062 $checked_item = "checked=\"checked\""; 2063 } 2064 else 2065 { 2066 $checked = 0; 2067 } 2068 2069 // Do we mark the moderate posts box? 2070 if($user['moderateposts'] || ($mybb->input['moderateposting'] && !empty($errors))) 2071 { 2072 $modpost_check = 1; 2073 $modpost_checked = "checked=\"checked\""; 2074 } 2075 else 2076 { 2077 $modpost_check = 0; 2078 } 2079 2080 // Do we mark the suspend posts box? 2081 if($user['suspendposting'] || ($mybb->input['suspendposting'] && !empty($errors))) 2082 { 2083 $suspost_check = 1; 2084 $suspost_checked = "checked=\"checked\""; 2085 } 2086 else 2087 { 2088 $suspost_check = 0; 2089 } 2090 2091 $moderator_options = array( 2092 1 => array( 2093 "action" => "suspendsignature", // The input action for this option 2094 "option" => "suspendsignature", // The field in the database that this option relates to 2095 "length" => "suspendsigtime", // The length of suspension field in the database 2096 "select_option" => "action" // The name of the select box of this option 2097 ), 2098 2 => array( 2099 "action" => "moderateposting", 2100 "option" => "moderateposts", 2101 "length" => "moderationtime", 2102 "select_option" => "modpost" 2103 ), 2104 3 => array( 2105 "action" => "suspendposting", 2106 "option" => "suspendposting", 2107 "length" => "suspensiontime", 2108 "select_option" => "suspost" 2109 ) 2110 ); 2111 2112 $periods = array( 2113 "hours" => $lang->expire_hours, 2114 "days" => $lang->expire_days, 2115 "weeks" => $lang->expire_weeks, 2116 "months" => $lang->expire_months, 2117 "never" => $lang->expire_permanent 2118 ); 2119 2120 foreach($moderator_options as $option) 2121 { 2122 // Display the suspension info, if this user has this option suspended 2123 if($user[$option['option']]) 2124 { 2125 if($user[$option['length']] == 0) 2126 { 2127 // User has a permanent ban 2128 $string = $option['option']."_perm"; 2129 $suspension_info = $lang->$string; 2130 } 2131 else 2132 { 2133 // User has a temporary (or limited) ban 2134 $string = $option['option']."_for"; 2135 $for_date = my_date($mybb->settings['dateformat'], $user[$option['length']]); 2136 $for_time = my_date($mybb->settings['timeformat'], $user[$option['length']]); 2137 $suspension_info = $lang->sprintf($lang->$string, $for_date, $for_time); 2138 } 2139 2140 switch($option['option']) 2141 { 2142 case "suspendsignature": 2143 eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 2144 break; 2145 case "moderateposts": 2146 eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 2147 break; 2148 case "suspendposting": 2149 eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 2150 break; 2151 } 2152 } 2153 2154 // Generate the boxes for this option 2155 $selection_options = ''; 2156 foreach($periods as $key => $value) 2157 { 2158 $string = $option['select_option']."_period"; 2159 if($mybb->input[$string] == $key) 2160 { 2161 $selected = "selected=\"selected\""; 2162 } 2163 else 2164 { 2165 $selected = ''; 2166 } 2167 2168 eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";"); 2169 } 2170 2171 $select_name = $option['select_option']."_period"; 2172 switch($option['option']) 2173 { 2174 case "suspendsignature": 2175 eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";"); 2176 break; 2177 case "moderateposts": 2178 eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 2179 break; 2180 case "suspendposting": 2181 eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 2182 break; 2183 } 2184 } 2185 2186 eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";"); 2187 2188 $plugins->run_hooks("modcp_editprofile_end"); 2189 2190 eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";"); 2191 output_page($edituser); 2192 } 2193 2194 if($mybb->input['action'] == "finduser") 2195 { 2196 add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser"); 2197 2198 $perpage = intval($mybb->input['perpage']); 2199 if(!$perpage || $perpage <= 0) 2200 { 2201 $perpage = $mybb->settings['threadsperpage']; 2202 } 2203 $where = ''; 2204 2205 if($mybb->input['username']) 2206 { 2207 $where = " AND LOWER(username) LIKE '%".my_strtolower($db->escape_string_like($mybb->input['username']))."%'"; 2208 } 2209 2210 // Sort order & direction 2211 switch($mybb->input['sortby']) 2212 { 2213 case "lastvisit": 2214 $sortby = "lastvisit"; 2215 break; 2216 case "postnum": 2217 $sortby = "postnum"; 2218 break; 2219 case "username": 2220 $sortby = "username"; 2221 break; 2222 default: 2223 $sortby = "regdate"; 2224 } 2225 $order = $mybb->input['order']; 2226 if($order != "asc") 2227 { 2228 $order = "desc"; 2229 } 2230 2231 $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}"); 2232 $user_count = $db->fetch_field($query, "count"); 2233 2234 // Figure out if we need to display multiple pages. 2235 if($mybb->input['page'] != "last") 2236 { 2237 $page = intval($mybb->input['page']); 2238 } 2239 2240 $pages = $user_count / $perpage; 2241 $pages = ceil($pages); 2242 2243 if($mybb->input['page'] == "last") 2244 { 2245 $page = $pages; 2246 } 2247 2248 if($page > $pages || $page <= 0) 2249 { 2250 $page = 1; 2251 } 2252 if($page) 2253 { 2254 $start = ($page-1) * $perpage; 2255 } 2256 else 2257 { 2258 $start = 0; 2259 $page = 1; 2260 } 2261 2262 $page_url = 'modcp.php?action=finduser'; 2263 foreach(array('username', 'sortby', 'order') as $field) 2264 { 2265 if($mybb->input[$field]) 2266 { 2267 $page_url .= "&{$field}=".htmlspecialchars_uni($mybb->input[$field]); 2268 $mybb->input[$field] = htmlspecialchars_uni($mybb->input[$field]); 2269 } 2270 } 2271 2272 $multipage = multipage($user_count, $perpage, $page, $page_url); 2273 2274 $usergroups_cache = $cache->read("usergroups"); 2275 2276 $plugins->run_hooks("modcp_finduser_start"); 2277 2278 // Fetch out results 2279 $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start)); 2280 while($user = $db->fetch_array($query)) 2281 { 2282 $alt_row = alt_trow(); 2283 $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 2284 $user['postnum'] = my_number_format($user['postnum']); 2285 $regdate = my_date($mybb->settings['dateformat'], $user['regdate']); 2286 $regtime = my_date($mybb->settings['timeformat'], $user['regdate']); 2287 $lastdate = my_date($mybb->settings['dateformat'], $user['lastvisit']); 2288 $lasttime = my_date($mybb->settings['timeformat'], $user['lastvisit']); 2289 $usergroup = $usergroups_cache[$user['usergroup']]['title']; 2290 eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";"); 2291 } 2292 2293 // No results? 2294 if(!$users) 2295 { 2296 eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";"); 2297 } 2298 2299 $plugins->run_hooks("modcp_finduser_end"); 2300 2301 eval("\$finduser = \"".$templates->get("modcp_finduser")."\";"); 2302 output_page($finduser); 2303 } 2304 2305 if($mybb->input['action'] == "warninglogs") 2306 { 2307 add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs"); 2308 2309 // Filter options 2310 $where_sql = ''; 2311 if($mybb->input['filter']['username']) 2312 { 2313 $search['username'] = $db->escape_string($mybb->input['filter']['username']); 2314 $query = $db->simple_select("users", "uid", "username='{$search['username']}'"); 2315 $mybb->input['filter']['uid'] = $db->fetch_field($query, "uid"); 2316 $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']); 2317 } 2318 if($mybb->input['filter']['uid']) 2319 { 2320 $search['uid'] = intval($mybb->input['filter']['uid']); 2321 $where_sql .= " AND w.uid='{$search['uid']}'"; 2322 if(!isset($mybb->input['search']['username'])) 2323 { 2324 $user = get_user($mybb->input['search']['uid']); 2325 $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']); 2326 } 2327 } 2328 if($mybb->input['filter']['mod_username']) 2329 { 2330 $search['mod_username'] = $db->escape_string($mybb->input['filter']['mod_username']); 2331 $query = $db->simple_select("users", "uid", "username='{$search['mod_username']}'"); 2332 $mybb->input['filter']['mod_uid'] = $db->fetch_field($query, "uid"); 2333 $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']); 2334 } 2335 if($mybb->input['filter']['mod_uid']) 2336 { 2337 $search['mod_uid'] = intval($mybb->input['filter']['mod_uid']); 2338 $where_sql .= " AND w.issuedby='{$search['mod_uid']}'"; 2339 if(!isset($mybb->input['search']['mod_username'])) 2340 { 2341 $mod_user = get_user($mybb->input['search']['uid']); 2342 $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']); 2343 } 2344 } 2345 if($mybb->input['filter']['reason']) 2346 { 2347 $search['reason'] = $db->escape_string($mybb->input['filter']['reason']); 2348 $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')"; 2349 $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']); 2350 } 2351 $sortbysel = array(); 2352 switch($mybb->input['filter']['sortby']) 2353 { 2354 case "username": 2355 $sortby = "u.username"; 2356 $sortbysel['username'] = ' selected="selected"'; 2357 break; 2358 case "expires": 2359 $sortby = "w.expires"; 2360 $sortbysel['expires'] = ' selected="selected"'; 2361 break; 2362 case "issuedby": 2363 $sortby = "i.username"; 2364 $sortbysel['issuedby'] = ' selected="selected"'; 2365 break; 2366 default: // "dateline" 2367 $sortby = "w.dateline"; 2368 $sortbysel['dateline'] = ' selected="selected"'; 2369 } 2370 $order = $mybb->input['filter']['order']; 2371 $ordersel = array(); 2372 if($order != "asc") 2373 { 2374 $order = "desc"; 2375 $ordersel['desc'] = ' selected="selected"'; 2376 } 2377 else 2378 { 2379 $ordersel['asc'] = ' selected="selected"'; 2380 } 2381 2382 $plugins->run_hooks("modcp_warninglogs_start"); 2383 2384 // Pagination stuff 2385 $sql = " 2386 SELECT COUNT(wid) as count 2387 FROM 2388 ".TABLE_PREFIX."warnings w 2389 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 2390 WHERE 1=1 2391 {$where_sql} 2392 "; 2393 $query = $db->query($sql); 2394 $total_warnings = $db->fetch_field($query, 'count'); 2395 $page = 1; 2396 if(isset($mybb->input['page']) && intval($mybb->input['page']) > 0) 2397 { 2398 $page = intval($mybb->input['page']); 2399 } 2400 $per_page = 20; 2401 if(isset($mybb->input['filter']['per_page']) && intval($mybb->input['filter']['per_page']) > 0) 2402 { 2403 $per_page = intval($mybb->input['filter']['per_page']); 2404 } 2405 $start = ($page-1) * $per_page; 2406 // Build the base URL for pagination links 2407 $url = 'modcp.php?action=warninglogs'; 2408 if(is_array($mybb->input['filter']) && count($mybb->input['filter'])) 2409 { 2410 foreach($mybb->input['filter'] as $field => $value) 2411 { 2412 $value = urlencode($value); 2413 $url .= "&filter[{$field}]={$value}"; 2414 } 2415 } 2416 $multipage = multipage($total_warnings, $per_page, $page, $url); 2417 2418 // The actual query 2419 $sql = " 2420 SELECT 2421 w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby, 2422 t.title, 2423 u.uid, u.username, u.usergroup, u.displaygroup, 2424 i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup 2425 FROM ".TABLE_PREFIX."warnings w 2426 LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid) 2427 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 2428 LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby) 2429 WHERE 1=1 2430 {$where_sql} 2431 ORDER BY {$sortby} {$order} 2432 LIMIT {$start}, {$per_page} 2433 "; 2434 $query = $db->query($sql); 2435 2436 2437 $warning_list = ''; 2438 while($row = $db->fetch_array($query)) 2439 { 2440 $trow = alt_trow(); 2441 $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']); 2442 $username_link = build_profile_link($username, $row['uid']); 2443 $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']); 2444 $mod_username_link = build_profile_link($mod_username, $row['mod_uid']); 2445 $issued_date = my_date($mybb->settings['dateformat'], $row['dateline']).' '.my_date($mybb->settings['timeformat'], $row['dateline']); 2446 $revoked_text = ''; 2447 if($row['daterevoked'] > 0) 2448 { 2449 $revoked_date = my_date($mybb->settings['dateformat'], $row['daterevoked']).' '.my_date($mybb->settings['timeformat'], $row['daterevoked']); 2450 eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";"); 2451 } 2452 if($row['expires'] > 0) 2453 { 2454 $expire_date = my_date($mybb->settings['dateformat'], $row['expires']).' '.my_date($mybb->settings['timeformat'], $row['expires']); 2455 } 2456 else 2457 { 2458 $expire_date = $lang->never; 2459 } 2460 $title = $row['title']; 2461 if(empty($row['title'])) 2462 { 2463 $title = $row['custom_title']; 2464 } 2465 $title = htmlspecialchars_uni($title); 2466 if($row['points'] >= 0) 2467 { 2468 $points = '+'.$row['points']; 2469 } 2470 2471 eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";"); 2472 } 2473 2474 if(!$warning_list) 2475 { 2476 eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";"); 2477 } 2478 2479 $plugins->run_hooks("modcp_warninglogs_end"); 2480 2481 eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";"); 2482 output_page($warninglogs); 2483 } 2484 2485 if($mybb->input['action'] == "ipsearch") 2486 { 2487 add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch"); 2488 2489 if($mybb->input['ipaddress']) 2490 { 2491 if(!is_array($groupscache)) 2492 { 2493 $groupscache = $cache->read("usergroups"); 2494 } 2495 2496 $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']); 2497 2498 // Searching post IP addresses 2499 if($mybb->input['search_posts']) 2500 { 2501 // IPv6 IP 2502 if(strpos($mybb->input['ipaddress'], ":") !== false) 2503 { 2504 $post_ip_sql = "ipaddress LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."'"; 2505 } 2506 else 2507 { 2508 $ip_range = fetch_longipv4_range($mybb->input['ipaddress']); 2509 if(!is_array($ip_range)) 2510 { 2511 $post_ip_sql = "longipaddress='{$ip_range}'"; 2512 } 2513 else 2514 { 2515 $post_ip_sql = "longipaddress > '{$ip_range[0]}' AND longipaddress < '{$ip_range[1]}'"; 2516 } 2517 } 2518 $plugins->run_hooks("modcp_ipsearch_posts_start"); 2519 $query = $db->query(" 2520 SELECT COUNT(pid) AS count 2521 FROM ".TABLE_PREFIX."posts 2522 WHERE {$post_ip_sql} 2523 "); 2524 $post_results = $db->fetch_field($query, "count"); 2525 } 2526 2527 // Searching user IP addresses 2528 if($mybb->input['search_users']) 2529 { 2530 // IPv6 IP 2531 if(strpos($mybb->input['ipaddress'], ":") !== false) 2532 { 2533 $user_ip_sql = "regip LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."' OR lastip LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."'"; 2534 } 2535 else 2536 { 2537 $ip_range = fetch_longipv4_range($mybb->input['ipaddress']); 2538 if(!is_array($ip_range)) 2539 { 2540 $user_ip_sql = "longregip='{$ip_range}' OR longlastip='{$ip_range}'"; 2541 } 2542 else 2543 { 2544 $user_ip_sql = "(longregip > '{$ip_range[0]}' AND longregip < '{$ip_range[1]}') OR (longlastip > '{$ip_range[0]}' AND longlastip < '{$ip_range[1]}')"; 2545 } 2546 } 2547 $plugins->run_hooks("modcp_ipsearch_users_start"); 2548 $query = $db->query(" 2549 SELECT COUNT(uid) AS count 2550 FROM ".TABLE_PREFIX."users 2551 WHERE {$user_ip_sql} 2552 "); 2553 $user_results = $db->fetch_field($query, "count"); 2554 } 2555 2556 $total_results = $post_results+$user_results; 2557 2558 // Now we have the result counts, paginate 2559 $perpage = intval($mybb->input['perpage']); 2560 if(!$perpage || $perpage <= 0) 2561 { 2562 $perpage = $mybb->settings['threadsperpage']; 2563 } 2564 2565 // Figure out if we need to display multiple pages. 2566 if($mybb->input['page'] != "last") 2567 { 2568 $page = intval($mybb->input['page']); 2569 } 2570 2571 $pages = $total_results / $perpage; 2572 $pages = ceil($pages); 2573 2574 if($mybb->input['page'] == "last") 2575 { 2576 $page = $pages; 2577 } 2578 2579 if($page > $pages || $page <= 0) 2580 { 2581 $page = 1; 2582 } 2583 2584 if($page) 2585 { 2586 $start = ($page-1) * $perpage; 2587 } 2588 else 2589 { 2590 $start = 0; 2591 $page = 1; 2592 } 2593 2594 $page_url = "modcp.php?action=ipsearch&perpage={$perpage}"; 2595 foreach(array('ipaddress', 'search_users', 'search_posts') as $input) 2596 { 2597 if(!$mybb->input[$input]) continue; 2598 $page_url .= "&{$input}=".htmlspecialchars_uni($mybb->input[$input]); 2599 } 2600 $multipage = multipage($total_results, $perpage, $page, $page_url); 2601 2602 $post_limit = $perpage; 2603 if($mybb->input['search_users'] && $start <= $user_results) 2604 { 2605 $query = $db->query(" 2606 SELECT username, uid, regip, lastip 2607 FROM ".TABLE_PREFIX."users 2608 WHERE {$user_ip_sql} 2609 ORDER BY regdate DESC 2610 LIMIT {$start}, {$perpage} 2611 "); 2612 while($ipaddress = $db->fetch_array($query)) 2613 { 2614 $result = false; 2615 $profile_link = build_profile_link($ipaddress['username'], $ipaddress['uid']); 2616 $trow = alt_trow(); 2617 $regexp_ip = str_replace("\*", "(.*)", preg_quote($mybb->input['ipaddress'], "#")); 2618 // Reg IP matches 2619 if(preg_match("#{$regexp_ip}#i", $ipaddress['regip'])) 2620 { 2621 $ip = $ipaddress['regip']; 2622 $subject = "<strong>{$lang->ipresult_regip}</strong> {$profile_link}"; 2623 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 2624 $result = true; 2625 } 2626 // Last known IP matches 2627 if(preg_match("#{$regexp_ip}#i", $ipaddress['lastip'])) 2628 { 2629 $ip = $ipaddress['lastip']; 2630 $subject = "<strong>{$lang->ipresult_lastip}</strong> {$profile_link}"; 2631 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 2632 $result = true; 2633 } 2634 2635 if($result) 2636 { 2637 --$post_limit; 2638 } 2639 } 2640 } 2641 $post_start = 0; 2642 if($total_results > $user_results && $post_limit) 2643 { 2644 $post_start = $start-$user_results; 2645 if($post_start < 0) 2646 { 2647 $post_start = 0; 2648 } 2649 } 2650 if($mybb->input['search_posts'] && (!$mybb->input['search_users'] || ($mybb->input['search_users'] && $post_limit > 0))) 2651 { 2652 $ipaddresses = $tids = $uids = array(); 2653 $query = $db->query(" 2654 SELECT username AS postusername, uid, subject, pid, tid, ipaddress 2655 FROM ".TABLE_PREFIX."posts 2656 WHERE {$post_ip_sql} 2657 ORDER BY dateline DESC 2658 LIMIT {$post_start}, {$post_limit} 2659 "); 2660 while($ipaddress = $db->fetch_array($query)) 2661 { 2662 $tids[$ipaddress['tid']] = $ipaddress['pid']; 2663 $uids[$ipaddress['uid']] = $ipaddress['pid']; 2664 $ipaddresses[$ipaddress['pid']] = $ipaddress; 2665 } 2666 2667 if(!empty($ipaddresses)) 2668 { 2669 $query = $db->simple_select("threads", "subject, tid", "tid IN(".implode(',', array_keys($tids)).")"); 2670 while($thread = $db->fetch_array($query)) 2671 { 2672 $ipaddresses[$tids[$thread['tid']]]['threadsubject'] = $thread['subject']; 2673 } 2674 unset($tids); 2675 2676 $query = $db->simple_select("users", "username, uid", "uid IN(".implode(',', array_keys($uids)).")"); 2677 while($user = $db->fetch_array($query)) 2678 { 2679 $ipaddresses[$uids[$user['uid']]]['username'] = $user['username']; 2680 } 2681 unset($uids); 2682 2683 foreach($ipaddresses as $ipaddress) 2684 { 2685 $ip = $ipaddress['ipaddress']; 2686 if(!$ipaddress['username']) $ipaddress['username'] = $ipaddress['postusername']; // Guest username support 2687 $trow = alt_trow(); 2688 if(!$ipaddress['subject']) 2689 { 2690 $ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}"; 2691 } 2692 $subject = "<strong>{$lang->ipresult_post}</strong> <a href=\"".get_post_link($ipaddress['pid'], $ipaddress['tid'])."\">".htmlspecialchars_uni($ipaddress['subject'])."</a> {$lang->by} ".build_profile_link($ipaddress['username'], $ipaddress['uid']); 2693 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 2694 } 2695 } 2696 } 2697 2698 if(!$results) 2699 { 2700 eval("\$results = \"".$templates->get("modcp_ipsearch_noresults")."\";"); 2701 } 2702 2703 if($ipaddressvalue) 2704 { 2705 $lang->ipsearch_results = $lang->sprintf($lang->ipsearch_results, $ipaddressvalue); 2706 } 2707 else 2708 { 2709 $lang->ipsearch_results = $lang->ipsearch; 2710 } 2711 2712 if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], ":")) 2713 { 2714 $misc_info_link = "<div class=\"float_right\">(<a href=\"modcp.php?action=iplookup&ipaddress=".htmlspecialchars_uni($mybb->input['ipaddress'])."\" onclick=\"MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress=".htmlspecialchars_uni($mybb->input['ipaddress'])."', 'iplookup', 500, 250); return false;\">{$lang->info_on_ip}</a>)</div>"; 2715 } 2716 2717 eval("\$ipsearch_results = \"".$templates->get("modcp_ipsearch_results")."\";"); 2718 } 2719 2720 // Fetch filter options 2721 if(!$mybb->input['ipaddress']) 2722 { 2723 $mybb->input['search_posts'] = 1; 2724 $mybb->input['search_users'] = 1; 2725 } 2726 if($mybb->input['search_posts']) 2727 { 2728 $postsearchselect = "checked=\"checked\""; 2729 } 2730 if($mybb->input['search_users']) 2731 { 2732 $usersearchselect = "checked=\"checked\""; 2733 } 2734 2735 $plugins->run_hooks("modcp_ipsearch_end"); 2736 2737 eval("\$ipsearch = \"".$templates->get("modcp_ipsearch")."\";"); 2738 output_page($ipsearch); 2739 } 2740 2741 if($mybb->input['action'] == "iplookup") 2742 { 2743 $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress'])); 2744 $ipaddress_location = $lang->na; 2745 $ipaddress_host_name = $lang->na; 2746 $modcp_ipsearch_misc_info = ''; 2747 if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], ":")) 2748 { 2749 // Return GeoIP information if it is available to us 2750 if(function_exists('geoip_record_by_name')) 2751 { 2752 $ip_record = @geoip_record_by_name($mybb->input['ipaddress']); 2753 if($ip_record) 2754 { 2755 $ipaddress_location = htmlspecialchars_uni($ip_record['country_name']); 2756 if($ip_record['city']) 2757 { 2758 $ipaddress_location .= $lang->comma.htmlspecialchars_uni($ip_record['city']); 2759 } 2760 } 2761 } 2762 2763 $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress'])); 2764 2765 // gethostbyaddr returns the same ip on failure 2766 if($ipaddress_host_name == $mybb->input['ipaddress']) 2767 { 2768 $ipaddress_host_name = $lang->na; 2769 } 2770 } 2771 2772 $plugins->run_hooks("modcp_iplookup_end"); 2773 2774 eval("\$iplookup = \"".$templates->get('modcp_ipsearch_misc_info')."\";"); 2775 output_page($iplookup); 2776 } 2777 2778 if($mybb->input['action'] == "banning") 2779 { 2780 add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning"); 2781 2782 if(!$mybb->settings['threadsperpage']) 2783 { 2784 $mybb->settings['threadsperpage'] = 20; 2785 } 2786 2787 // Figure out if we need to display multiple pages. 2788 $perpage = $mybb->settings['threadsperpage']; 2789 if($mybb->input['page'] != "last") 2790 { 2791 $page = intval($mybb->input['page']); 2792 } 2793 2794 $query = $db->simple_select("banned", "COUNT(uid) AS count"); 2795 $banned_count = $db->fetch_field($query, "count"); 2796 2797 $postcount = intval($banned_count); 2798 $pages = $postcount / $perpage; 2799 $pages = ceil($pages); 2800 2801 if($mybb->input['page'] == "last") 2802 { 2803 $page = $pages; 2804 } 2805 2806 if($page > $pages || $page <= 0) 2807 { 2808 $page = 1; 2809 } 2810 2811 if($page) 2812 { 2813 $start = ($page-1) * $perpage; 2814 } 2815 else 2816 { 2817 $start = 0; 2818 $page = 1; 2819 } 2820 $upper = $start+$perpage; 2821 2822 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=banning"); 2823 if($postcount > $perpage) 2824 { 2825 eval("\$allbannedpages = \"".$templates->get("modcp_banning_multipage")."\";"); 2826 } 2827 2828 $plugins->run_hooks("modcp_banning_start"); 2829 2830 $query = $db->query(" 2831 SELECT b.*, a.username AS adminuser, u.username 2832 FROM ".TABLE_PREFIX."banned b 2833 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 2834 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 2835 ORDER BY lifted ASC 2836 LIMIT {$start}, {$perpage} 2837 "); 2838 2839 // Get the banned users 2840 while($banned = $db->fetch_array($query)) 2841 { 2842 $profile_link = build_profile_link($banned['username'], $banned['uid']); 2843 2844 // Only show the edit & lift links if current user created ban, or is super mod/admin 2845 $edit_link = ''; 2846 if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) 2847 { 2848 $edit_link = "<br /><span class=\"smalltext\"><a href=\"modcp.php?action=banuser&uid={$banned['uid']}\">{$lang->edit_ban}</a> | <a href=\"modcp.php?action=liftban&uid={$banned['uid']}&my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></span>"; 2849 } 2850 2851 $admin_profile = build_profile_link($banned['adminuser'], $banned['admin']); 2852 2853 $trow = alt_trow(); 2854 2855 if($banned['reason']) 2856 { 2857 $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason'])); 2858 } 2859 else 2860 { 2861 $banned['reason'] = $lang->na; 2862 } 2863 2864 if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---') 2865 { 2866 $banlength = $lang->permanent; 2867 $timeremaining = $lang->na; 2868 } 2869 else 2870 { 2871 $banlength = $bantimes[$banned['bantime']]; 2872 $remaining = $banned['lifted']-TIME_NOW; 2873 2874 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 2875 2876 if($remaining < 3600) 2877 { 2878 $timeremaining = "<span style=\"color: red;\">({$timeremaining} {$lang->ban_remaining})</span>"; 2879 } 2880 else if($remaining < 86400) 2881 { 2882 $timeremaining = "<span style=\"color: maroon;\">({$timeremaining} {$lang->ban_remaining})</span>"; 2883 } 2884 else if($remaining < 604800) 2885 { 2886 $timeremaining = "<span style=\"color: green;\">({$timeremaining} {$lang->ban_remaining})</span>"; 2887 } 2888 else 2889 { 2890 $timeremaining = "({$timeremaining} {$lang->ban_remaining})"; 2891 } 2892 } 2893 2894 eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";"); 2895 } 2896 2897 if(!$bannedusers) 2898 { 2899 eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";"); 2900 } 2901 2902 $plugins->run_hooks("modcp_banning"); 2903 2904 eval("\$bannedpage = \"".$templates->get("modcp_banning")."\";"); 2905 output_page($bannedpage); 2906 } 2907 2908 if($mybb->input['action'] == "liftban") 2909 { 2910 // Verify incoming POST request 2911 verify_post_check($mybb->input['my_post_key']); 2912 2913 $query = $db->simple_select("banned", "*", "uid='".intval($mybb->input['uid'])."'"); 2914 $ban = $db->fetch_array($query); 2915 2916 if(!$ban['uid']) 2917 { 2918 error($lang->error_invalidban); 2919 } 2920 2921 // Permission to edit this ban? 2922 if($mybb->user['uid'] != $ban['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 2923 { 2924 error_no_permission(); 2925 } 2926 2927 $plugins->run_hooks("modcp_liftban_start"); 2928 2929 $query = $db->simple_select("users", "username", "uid = '{$ban['uid']}'"); 2930 $username = $db->fetch_field($query, "username"); 2931 2932 $updated_group = array( 2933 'usergroup' => $ban['oldgroup'], 2934 'additionalgroups' => $ban['oldadditionalgroups'], 2935 'displaygroup' => $ban['olddisplaygroup'] 2936 ); 2937 $db->update_query("users", $updated_group, "uid='{$ban['uid']}'"); 2938 $db->delete_query("banned", "uid='{$ban['uid']}'"); 2939 2940 $cache->update_banned(); 2941 $cache->update_moderators(); 2942 log_moderator_action(array("uid" => $ban['uid'], "username" => $username), $lang->lifted_ban); 2943 2944 $plugins->run_hooks("modcp_liftban_end"); 2945 2946 redirect("modcp.php?action=banning", $lang->redirect_banlifted); 2947 } 2948 2949 if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post") 2950 { 2951 // Verify incoming POST request 2952 verify_post_check($mybb->input['my_post_key']); 2953 2954 // Editing an existing ban 2955 if($mybb->input['uid']) 2956 { 2957 // Get the users info from their uid 2958 $query = $db->query(" 2959 SELECT b.*, u.uid, u.usergroup, u.additionalgroups, u.displaygroup 2960 FROM ".TABLE_PREFIX."banned b 2961 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 2962 WHERE b.uid='{$mybb->input['uid']}' 2963 "); 2964 $user = $db->fetch_array($query); 2965 if(!$user['uid']) 2966 { 2967 error($lang->error_invalidban); 2968 } 2969 2970 // Permission to edit this ban? 2971 if($mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 2972 { 2973 error_no_permission(); 2974 } 2975 } 2976 // Creating a new ban 2977 else 2978 { 2979 // Get the users info from their Username 2980 $query = $db->simple_select("users", "uid, username, usergroup, additionalgroups, displaygroup", "username = '".$db->escape_string($mybb->input['username'])."'", array('limit' => 1)); 2981 $user = $db->fetch_array($query); 2982 if(!$user['uid']) 2983 { 2984 $errors[] = $lang->invalid_username; 2985 } 2986 } 2987 2988 if($user['uid'] == $mybb->user['uid']) 2989 { 2990 $errors[] = $lang->error_cannotbanself; 2991 } 2992 2993 // Have permissions to ban this user? 2994 if(!modcp_can_manage_user($user['uid'])) 2995 { 2996 $errors[] = $lang->error_cannotbanuser; 2997 } 2998 2999 // Check for an incoming reason 3000 if(!$mybb->input['banreason']) 3001 { 3002 $errors[] = $lang->error_nobanreason; 3003 } 3004 3005 // Check banned group 3006 $query = $db->simple_select("usergroups", "gid", "isbannedgroup=1 AND gid='".intval($mybb->input['usergroup'])."'"); 3007 if(!$db->fetch_field($query, "gid")) 3008 { 3009 $errors[] = $lang->error_nobangroup; 3010 } 3011 3012 // If this is a new ban, we check the user isn't already part of a banned group 3013 if(!$mybb->input['uid'] && $user['uid']) 3014 { 3015 $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'"); 3016 if($db->fetch_field($query, "uid")) 3017 { 3018 $errors[] = $lang->error_useralreadybanned; 3019 } 3020 } 3021 3022 $plugins->run_hooks("modcp_do_banuser_start"); 3023 3024 // Still no errors? Ban the user 3025 if(!$errors) 3026 { 3027 // Ban the user 3028 if($mybb->input['liftafter'] == '---') 3029 { 3030 $lifted = 0; 3031 } 3032 else 3033 { 3034 $lifted = ban_date2timestamp($mybb->input['liftafter'], $user['dateline']); 3035 } 3036 3037 if($mybb->input['uid']) 3038 { 3039 $update_array = array( 3040 'gid' => intval($mybb->input['usergroup']), 3041 'admin' => intval($mybb->user['uid']), 3042 'dateline' => TIME_NOW, 3043 'bantime' => $db->escape_string($mybb->input['liftafter']), 3044 'lifted' => $db->escape_string($lifted), 3045 'reason' => $db->escape_string($mybb->input['banreason']) 3046 ); 3047 3048 $db->update_query('banned', $update_array, "uid='{$user['uid']}'"); 3049 } 3050 else 3051 { 3052 $insert_array = array( 3053 'uid' => $user['uid'], 3054 'gid' => intval($mybb->input['usergroup']), 3055 'oldgroup' => $user['usergroup'], 3056 'oldadditionalgroups' => $user['additionalgroups'], 3057 'olddisplaygroup' => $user['displaygroup'], 3058 'admin' => intval($mybb->user['uid']), 3059 'dateline' => TIME_NOW, 3060 'bantime' => $db->escape_string($mybb->input['liftafter']), 3061 'lifted' => $db->escape_string($lifted), 3062 'reason' => $db->escape_string($mybb->input['banreason']) 3063 ); 3064 3065 $db->insert_query('banned', $insert_array); 3066 } 3067 3068 // Move the user to the banned group 3069 $update_array = array( 3070 'usergroup' => intval($mybb->input['usergroup']), 3071 'displaygroup' => 0, 3072 'additionalgroups' => '', 3073 ); 3074 $db->update_query('users', $update_array, "uid = {$user['uid']}"); 3075 3076 $cache->update_banned(); 3077 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user); 3078 3079 $plugins->run_hooks("modcp_do_banuser_end"); 3080 3081 if($mybb->input['uid']) 3082 { 3083 redirect("modcp.php?action=banning", $lang->redirect_banuser_updated); 3084 } 3085 else 3086 { 3087 redirect("modcp.php?action=banning", $lang->redirect_banuser); 3088 } 3089 } 3090 // Otherwise has errors, throw back to ban page 3091 else 3092 { 3093 $mybb->input['action'] = "banuser"; 3094 } 3095 } 3096 3097 if($mybb->input['action'] == "banuser") 3098 { 3099 add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning"); 3100 3101 if($mybb->input['uid']) 3102 { 3103 add_breadcrumb($lang->mcp_nav_ban_user); 3104 } 3105 else 3106 { 3107 add_breadcrumb($lang->mcp_nav_editing_ban); 3108 } 3109 3110 $plugins->run_hooks("modcp_banuser_start"); 3111 3112 // If incoming user ID, we are editing a ban 3113 if($mybb->input['uid']) 3114 { 3115 $query = $db->query(" 3116 SELECT b.*, u.username, u.uid 3117 FROM ".TABLE_PREFIX."banned b 3118 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 3119 WHERE b.uid='{$mybb->input['uid']}' 3120 "); 3121 $banned = $db->fetch_array($query); 3122 if($banned['username']) 3123 { 3124 $username = htmlspecialchars_uni($banned['username']); 3125 $banreason = htmlspecialchars_uni($banned['reason']); 3126 $uid = $mybb->input['uid']; 3127 $user = get_user($banned['uid']); 3128 $lang->ban_user = $lang->edit_ban; // Swap over lang variables 3129 eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";"); 3130 } 3131 } 3132 3133 // New ban! 3134 if(!$banuser_username) 3135 { 3136 if($mybb->input['uid']) 3137 { 3138 $user = get_user($mybb->input['uid']); 3139 $username = $user['username']; 3140 } 3141 else 3142 { 3143 $username = htmlspecialchars_uni($mybb->input['username']); 3144 } 3145 eval("\$banuser_username = \"".$templates->get("modcp_banuser_addusername")."\";"); 3146 } 3147 3148 // Coming back to this page from an error? 3149 if($errors) 3150 { 3151 $errors = inline_error($errors); 3152 $banned = array( 3153 "bantime" => $mybb->input['liftafter'], 3154 "reason" => $mybb->input['reason'], 3155 "gid" => $mybb->input['gid'] 3156 ); 3157 $banreason = htmlspecialchars_uni($mybb->input['banreason']); 3158 } 3159 3160 // Generate the banned times dropdown 3161 foreach($bantimes as $time => $title) 3162 { 3163 $liftlist .= "<option value=\"{$time}\""; 3164 if($banned['bantime'] == $time) 3165 { 3166 $liftlist .= " selected=\"selected\""; 3167 } 3168 $thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $banned['dateline'])); 3169 if($time == '---') 3170 { 3171 $liftlist .= ">{$title}</option>\n"; 3172 } 3173 else 3174 { 3175 $liftlist .= ">{$title} ({$thatime})</option>\n"; 3176 } 3177 } 3178 3179 $bangroups = ''; 3180 $query = $db->simple_select("usergroups", "gid, title", "isbannedgroup=1"); 3181 while($item = $db->fetch_array($query)) 3182 { 3183 $selected = ""; 3184 if($banned['gid'] == $item['gid']) 3185 { 3186 $selected = " selected=\"selected\""; 3187 } 3188 $bangroups .= "<option value=\"{$item['gid']}\"{$selected}>".htmlspecialchars_uni($item['title'])."</option>\n"; 3189 } 3190 3191 $lift_link = "<div class=\"float_right\"><a href=\"modcp.php?action=liftban&uid={$user['uid']}&my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></div>"; 3192 3193 $plugins->run_hooks("modcp_banuser_end"); 3194 3195 eval("\$banuser = \"".$templates->get("modcp_banuser")."\";"); 3196 output_page($banuser); 3197 } 3198 3199 if($mybb->input['action'] == "do_modnotes") 3200 { 3201 // Verify incoming POST request 3202 verify_post_check($mybb->input['my_post_key']); 3203 3204 $plugins->run_hooks("modcp_do_modnotes_start"); 3205 3206 // Update Moderator Notes cache 3207 $update_cache = array( 3208 "modmessage" => $mybb->input['modnotes'] 3209 ); 3210 $cache->update("modnotes", $update_cache); 3211 3212 $plugins->run_hooks("modcp_do_modnotes_end"); 3213 3214 redirect("modcp.php", $lang->redirect_modnotes); 3215 } 3216 3217 if(!$mybb->input['action']) 3218 { 3219 $query = $db->query(" 3220 SELECT COUNT(aid) AS unapprovedattachments 3221 FROM ".TABLE_PREFIX."attachments a 3222 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 3223 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3224 WHERE a.visible='0' {$tflist} 3225 "); 3226 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 3227 3228 if($unapproved_attachments > 0) 3229 { 3230 $query = $db->query(" 3231 SELECT t.tid, p.pid, p.uid, t.username, a.filename, a.dateuploaded 3232 FROM ".TABLE_PREFIX."attachments a 3233 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 3234 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3235 WHERE a.visible='0' {$tflist} 3236 ORDER BY a.dateuploaded DESC 3237 LIMIT 1 3238 "); 3239 $attachment = $db->fetch_array($query); 3240 $attachment['date'] = my_date($mybb->settings['dateformat'], $attachment['dateuploaded']); 3241 $attachment['time'] = my_date($mybb->settings['timeformat'], $attachment['dateuploaded']); 3242 $attachment['profilelink'] = build_profile_link($attachment['username'], $attachment['uid']); 3243 $attachment['link'] = get_post_link($attachment['pid'], $attachment['tid']); 3244 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 3245 3246 eval("\$latest_attachment = \"".$templates->get("modcp_lastattachment")."\";"); 3247 } 3248 else 3249 { 3250 $latest_attachment = "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>"; 3251 } 3252 3253 $query = $db->query(" 3254 SELECT COUNT(pid) AS unapprovedposts 3255 FROM ".TABLE_PREFIX."posts p 3256 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3257 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 3258 "); 3259 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 3260 3261 if($unapproved_posts > 0) 3262 { 3263 $query = $db->query(" 3264 SELECT p.pid, p.tid, p.subject, p.uid, p.username, p.dateline 3265 FROM ".TABLE_PREFIX."posts p 3266 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3267 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 3268 ORDER BY p.dateline DESC 3269 LIMIT 1 3270 "); 3271 $post = $db->fetch_array($query); 3272 $post['date'] = my_date($mybb->settings['dateformat'], $post['dateline']); 3273 $post['time'] = my_date($mybb->settings['timeformat'], $post['dateline']); 3274 $post['profilelink'] = build_profile_link($post['username'], $post['uid']); 3275 $post['link'] = get_post_link($post['pid'], $post['tid']); 3276 $post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']); 3277 if(my_strlen($post['subject']) > 25) 3278 { 3279 $post['subject'] = my_substr($post['subject'], 0, 25)."..."; 3280 } 3281 $post['subject'] = htmlspecialchars_uni($post['subject']); 3282 $post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']); 3283 3284 eval("\$latest_post = \"".$templates->get("modcp_lastpost")."\";"); 3285 } 3286 else 3287 { 3288 $latest_post = "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>"; 3289 } 3290 3291 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible=0 {$flist}"); 3292 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 3293 3294 if($unapproved_threads > 0) 3295 { 3296 $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible=0 {$flist}", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => 1)); 3297 $thread = $db->fetch_array($query); 3298 $thread['date'] = my_date($mybb->settings['dateformat'], $thread['dateline']); 3299 $thread['time'] = my_date($mybb->settings['timeformat'], $thread['dateline']); 3300 $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']); 3301 $thread['link'] = get_thread_link($thread['tid']); 3302 $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']); 3303 if(my_strlen($thread['subject']) > 25) 3304 { 3305 $post['subject'] = my_substr($thread['subject'], 0, 25)."..."; 3306 } 3307 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 3308 $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']); 3309 3310 eval("\$latest_thread = \"".$templates->get("modcp_lastthread")."\";"); 3311 } 3312 else 3313 { 3314 $latest_thread = "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>"; 3315 } 3316 3317 $where = ''; 3318 if($tflist) 3319 { 3320 $where = "WHERE (t.fid <> 0 {$tflist}) OR (!l.fid)"; 3321 } 3322 3323 $query = $db->query(" 3324 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 3325 FROM ".TABLE_PREFIX."moderatorlog l 3326 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 3327 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 3328 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 3329 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 3330 {$where} 3331 ORDER BY l.dateline DESC 3332 LIMIT 5 3333 "); 3334 3335 while($logitem = $db->fetch_array($query)) 3336 { 3337 $information = ''; 3338 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 3339 $log_date = my_date($mybb->settings['dateformat'], $logitem['dateline']); 3340 $log_time = my_date($mybb->settings['timeformat'], $logitem['dateline']); 3341 $trow = alt_trow(); 3342 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 3343 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 3344 if($logitem['tsubject']) 3345 { 3346 $information = "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($logitem['tid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['tsubject'])."</a><br />"; 3347 } 3348 if($logitem['fname']) 3349 { 3350 $information .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($logitem['fid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['fname'])."</a><br />"; 3351 } 3352 if($logitem['psubject']) 3353 { 3354 $information .= "<strong>{$lang->post}</strong> <a href=\"".get_post_link($logitem['pid'])."#pid{$logitem['pid']}\">".htmlspecialchars_uni($logitem['psubject'])."</a>"; 3355 } 3356 3357 // Edited a user? 3358 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 3359 { 3360 $data = unserialize($logitem['data']); 3361 if($data['uid']) 3362 { 3363 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 3364 } 3365 } 3366 3367 eval("\$modlogresults .= \"".$templates->get("modcp_modlogs_result")."\";"); 3368 } 3369 3370 if(!$modlogresults) 3371 { 3372 eval("\$modlogresults = \"".$templates->get("modcp_modlogs_noresults")."\";"); 3373 } 3374 3375 $query = $db->query(" 3376 SELECT b.*, a.username AS adminuser, u.username, (b.lifted-".TIME_NOW.") AS remaining 3377 FROM ".TABLE_PREFIX."banned b 3378 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 3379 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 3380 WHERE b.bantime != '---' AND b.bantime != 'perm' 3381 ORDER BY remaining ASC 3382 LIMIT 5 3383 "); 3384 3385 // Get the banned users 3386 while($banned = $db->fetch_array($query)) 3387 { 3388 $profile_link = build_profile_link($banned['username'], $banned['uid']); 3389 3390 // Only show the edit & lift links if current user created ban, or is super mod/admin 3391 $edit_link = ''; 3392 if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) 3393 { 3394 $edit_link = "<br /><span class=\"smalltext\"><a href=\"modcp.php?action=banuser&uid={$banned['uid']}\">{$lang->edit_ban}</a> | <a href=\"modcp.php?action=liftban&uid={$banned['uid']}&my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></span>"; 3395 } 3396 3397 $admin_profile = build_profile_link($banned['adminuser'], $banned['admin']); 3398 3399 $trow = alt_trow(); 3400 3401 if($banned['reason']) 3402 { 3403 $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason'])); 3404 } 3405 else 3406 { 3407 $banned['reason'] = $lang->na; 3408 } 3409 3410 if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---') 3411 { 3412 $banlength = $lang->permanent; 3413 $timeremaining = $lang->na; 3414 } 3415 else 3416 { 3417 $banlength = $bantimes[$banned['bantime']]; 3418 $remaining = $banned['remaining']; 3419 3420 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 3421 3422 if($remaining <= 0) 3423 { 3424 $timeremaining = "<span style=\"color: red;\">({$lang->ban_ending_imminently})</span>"; 3425 } 3426 else if($remaining < 3600) 3427 { 3428 $timeremaining = "<span style=\"color: red;\">({$timeremaining} {$lang->ban_remaining})</span>"; 3429 } 3430 else if($remaining < 86400) 3431 { 3432 $timeremaining = "<span style=\"color: maroon;\">({$timeremaining} {$lang->ban_remaining})</span>"; 3433 } 3434 else if($remaining < 604800) 3435 { 3436 $timeremaining = "<span style=\"color: green;\">({$timeremaining} {$lang->ban_remaining})</span>"; 3437 } 3438 else 3439 { 3440 $timeremaining = "({$timeremaining} {$lang->ban_remaining})"; 3441 } 3442 } 3443 3444 eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";"); 3445 } 3446 3447 if(!$bannedusers) 3448 { 3449 eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";"); 3450 } 3451 3452 $modnotes = $cache->read("modnotes"); 3453 $modnotes = htmlspecialchars_uni($modnotes['modmessage']); 3454 3455 $plugins->run_hooks("modcp_end"); 3456 3457 eval("\$modcp = \"".$templates->get("modcp")."\";"); 3458 output_page($modcp); 3459 } 3460 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sat Mar 31 17:55:03 2012 | Cross-referenced by PHPXref 0.7.1 |