| [ Index ] |
PHP Cross Reference of MyBB 1.6.10 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 // Disallow direct access to this file for security reasons 13 if(!defined("IN_MYBB")) 14 { 15 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 16 } 17 18 // should also have a 'view coppa awaiting activation' view 19 require_once MYBB_ROOT."inc/functions_upload.php"; 20 21 22 $page->add_breadcrumb_item($lang->users, "index.php?module=user-users"); 23 24 if($mybb->input['action'] == "add" || $mybb->input['action'] == "merge" || $mybb->input['action'] == "search" || !$mybb->input['action']) 25 { 26 $sub_tabs['browse_users'] = array( 27 'title' => $lang->browse_users, 28 'link' => "index.php?module=user-users", 29 'description' => $lang->browse_users_desc 30 ); 31 32 $sub_tabs['find_users'] = array( 33 'title' => $lang->find_users, 34 'link' => "index.php?module=user-users&action=search", 35 'description' => $lang->find_users_desc 36 ); 37 38 $sub_tabs['create_user'] = array( 39 'title' => $lang->create_user, 40 'link' => "index.php?module=user-users&action=add", 41 'description' => $lang->create_user_desc 42 ); 43 44 $sub_tabs['merge_users'] = array( 45 'title' => $lang->merge_users, 46 'link' => "index.php?module=user-users&action=merge", 47 'description' => $lang->merge_users_desc 48 ); 49 } 50 51 $user_view_fields = array( 52 "avatar" => array( 53 "title" => $lang->avatar, 54 "width" => "24", 55 "align" => "" 56 ), 57 58 "username" => array( 59 "title" => $lang->username, 60 "width" => "", 61 "align" => "" 62 ), 63 64 "email" => array( 65 "title" => $lang->email, 66 "width" => "", 67 "align" => "center" 68 ), 69 70 "usergroup" => array( 71 "title" => $lang->primary_group, 72 "width" => "", 73 "align" => "center" 74 ), 75 76 "additionalgroups" => array( 77 "title" => $lang->additional_groups, 78 "width" => "", 79 "align" => "center" 80 ), 81 82 "regdate" => array( 83 "title" => $lang->registered, 84 "width" => "", 85 "align" => "center" 86 ), 87 88 "lastactive" => array( 89 "title" => $lang->last_active, 90 "width" => "", 91 "align" => "center" 92 ), 93 94 "postnum" => array( 95 "title" => $lang->post_count, 96 "width" => "", 97 "align" => "center" 98 ), 99 100 "reputation" => array( 101 "title" => $lang->reputation, 102 "width" => "", 103 "align" => "center" 104 ), 105 106 "warninglevel" => array( 107 "title" => $lang->warning_level, 108 "width" => "", 109 "align" => "center" 110 ), 111 112 "regip" => array( 113 "title" => $lang->registration_ip, 114 "width" => "", 115 "align" => "center" 116 ), 117 118 "lastip" => array( 119 "title" => $lang->last_known_ip, 120 "width" => "", 121 "align" => "center" 122 ), 123 124 "controls" => array( 125 "title" => $lang->controls, 126 "width" => "", 127 "align" => "center" 128 ) 129 ); 130 131 $sort_options = array( 132 "username" => $lang->username, 133 "regdate" => $lang->registration_date, 134 "lastactive" => $lang->last_active, 135 "numposts" => $lang->post_count, 136 "reputation" => $lang->reputation, 137 "warninglevel" => $lang->warning_level 138 ); 139 140 $plugins->run_hooks("admin_user_users_begin"); 141 142 // Initialise the views manager for user based views 143 require MYBB_ADMIN_DIR."inc/functions_view_manager.php"; 144 if($mybb->input['action'] == "views") 145 { 146 view_manager("index.php?module=user-users", "user", $user_view_fields, $sort_options, "user_search_conditions"); 147 } 148 149 if($mybb->input['action'] == "avatar_gallery") 150 { 151 $plugins->run_hooks("admin_user_users_avatar_gallery"); 152 153 $user = get_user($mybb->input['uid']); 154 if(!$user['uid']) 155 { 156 exit; 157 } 158 159 // We've selected a new avatar for this user! 160 if(isset($mybb->input['avatar'])) 161 { 162 if(!verify_post_check($mybb->input['my_post_key'])) 163 { 164 echo $lang->invalid_post_verify_key2; 165 exit; 166 } 167 168 $mybb->input['avatar'] = str_replace(array("./", ".."), "", $mybb->input['avatar']); 169 170 if(file_exists("../".$mybb->settings['avatardir']."/".$mybb->input['avatar'])) 171 { 172 $dimensions = @getimagesize("../".$mybb->settings['avatardir']."/".$mybb->input['avatar']); 173 $updated_avatar = array( 174 "avatar" => $db->escape_string($mybb->settings['avatardir']."/".$mybb->input['avatar'].'?dateline='.TIME_NOW), 175 "avatardimensions" => "{$dimensions[0]}|{$dimensions[1]}", 176 "avatartype" => "gallery" 177 ); 178 179 $db->update_query("users", $updated_avatar, "uid='".$user['uid']."'"); 180 181 $plugins->run_hooks("admin_user_users_avatar_gallery_commit"); 182 183 // Log admin action 184 log_admin_action($user['uid'], $user['username']); 185 } 186 remove_avatars($user['uid']); 187 // Now a tad of javascript to submit the parent window form 188 echo "<script type=\"text/javascript\">window.parent.submitUserForm();</script>"; 189 exit; 190 } 191 192 echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"; 193 echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"; 194 echo "<head profile=\"http://gmpg.org/xfn/1\">\n"; 195 echo " <title>{$lang->avatar_gallery}</title>\n"; 196 echo " <link rel=\"stylesheet\" href=\"styles/".$page->style."/main.css\" type=\"text/css\" />\n"; 197 echo " <link rel=\"stylesheet\" href=\"styles/".$page->style."/avatar_gallery.css\" type=\"text/css\" />\n"; 198 echo " <script type=\"text/javascript\" src=\"../jscripts/prototype.js\"></script>\n"; 199 echo " <script type=\"text/javascript\" src=\"../jscripts/general.js\"></script>\n"; 200 echo "</head>\n"; 201 echo "<body id=\"avatar_gallery\">\n"; 202 203 // Sanitize incoming path if we have one 204 $gallery = ''; 205 if(isset($mybb->input['gallery'])) 206 { 207 $gallery = str_replace(array("..", "\x0"), "", $mybb->input['gallery']); 208 } 209 210 $breadcrumb = "<a href=\"index.php?module=user-users&action=avatar_gallery&uid={$user['uid']}\">Default Gallery</a>"; 211 212 $mybb->settings['avatardir'] = "../".$mybb->settings['avatardir']; 213 214 if(!is_dir($mybb->settings['avatardir']) && is_dir(MYBB_ROOT."/images/avatars/")) 215 { 216 $mybb->settings['avatardir'] = "../images/avatars/"; 217 } 218 219 // Within a gallery 220 if(!empty($gallery)) 221 { 222 $path = $gallery."/"; 223 $real_path = $mybb->settings['avatardir']."/".$path; 224 if(is_dir($real_path)) 225 { 226 // Build friendly gallery breadcrumb 227 $gallery_path = explode("/", $gallery); 228 foreach($gallery_path as $key => $url_bit) 229 { 230 if($breadcrumb_url) $breadcrumb_url .= "/"; 231 $breadcrumb_url .= $url_bit; 232 $gallery_name = str_replace(array("_", "%20"), " ", $url_bit); 233 $gallery_name = ucwords($gallery_name); 234 235 if($gallery_path[$key+1]) 236 { 237 $breadcrumb .= " » <a href=\"index.php?module=user-users&action=avatar_gallery&uid={$user['uid']}&gallery={$breadcrumb_url}\">{$gallery_name}</a>"; 238 } 239 else 240 { 241 $breadcrumb .= " » {$gallery_name}"; 242 } 243 } 244 } 245 else 246 { 247 exit; 248 } 249 } 250 else 251 { 252 $path = ""; 253 $real_path = $mybb->settings['avatardir']; 254 } 255 256 // Get a listing of avatars/directories within this gallery 257 $sub_galleries = $avatars = array(); 258 $files = @scandir($real_path); 259 260 if(is_array($files)) 261 { 262 foreach($files as $file) 263 { 264 if($file == "." || $file == ".." || $file == ".svn") 265 { 266 continue; 267 } 268 269 // Build friendly name 270 $friendly_name = str_replace(array("_", "%20"), " ", $file); 271 $friendly_name = ucwords($friendly_name); 272 if(is_dir($real_path."/".$file)) 273 { 274 // Only add this gallery if there are avatars or galleries inside it (no empty directories!) 275 $has = 0; 276 $dh = @opendir($real_path."/".$file); 277 while(false !== ($sub_file = readdir($dh))) 278 { 279 if(preg_match("#\.(jpg|jpeg|gif|bmp|png)$#i", $sub_file) || is_dir($real_path."/".$file."/".$sub_file)) 280 { 281 $has = 1; 282 break; 283 } 284 } 285 @closedir($dh); 286 if($has == 1) 287 { 288 $sub_galleries[] = array( 289 "path" => $path.$file, 290 "friendly_name" => $friendly_name 291 ); 292 } 293 } 294 else if(preg_match("#\.(jpg|jpeg|gif|bmp|png)$#i", $file)) 295 { 296 $friendly_name = preg_replace("#\.(jpg|jpeg|gif|bmp|png)$#i", "", $friendly_name); 297 298 // Fetch dimensions 299 $dimensions = @getimagesize($real_path."/".$file); 300 301 $avatars[] = array( 302 "path" => $path.$file, 303 "friendly_name" => $friendly_name, 304 "width" => $dimensions[0], 305 "height" => $dimensions[1] 306 ); 307 } 308 } 309 } 310 311 require_once MYBB_ROOT."inc/functions_image.php"; 312 313 // Now we're done, we can simply show our gallery page 314 echo "<div id=\"gallery_breadcrumb\">{$breadcrumb}</div>\n"; 315 echo "<div id=\"gallery\">\n"; 316 echo "<ul id=\"galleries\">\n"; 317 if(is_array($sub_galleries)) 318 { 319 foreach($sub_galleries as $gallery) 320 { 321 if(!$gallery['thumb']) 322 { 323 $gallery['thumb'] = "styles/{$page->style}/images/avatar_gallery.gif"; 324 $gallery['thumb_width'] = 64; 325 $gallery['thumb_height'] = 64; 326 } 327 else 328 { 329 $gallery['thumb'] = "{$mybb->settings['avatardir']}/{$gallery['thumb']}"; 330 } 331 $scaled_dimensions = scale_image($gallery['thumb_width'], $gallery['thumb_height'], 80, 80); 332 $top = ceil((80-$scaled_dimensions['height'])/2); 333 $left = ceil((80-$scaled_dimensions['width'])/2); 334 echo "<li><a href=\"index.php?module=user-users&action=avatar_gallery&uid={$user['uid']}&gallery={$gallery['path']}\"><span class=\"image\"><img src=\"{$gallery['thumb']}\" alt=\"\" style=\"margin-top: {$top}px;\" height=\"{$scaled_dimensions['height']}\" width=\"{$scaled_dimensions['width']}\"></span><span class=\"title\">{$gallery['friendly_name']}</span></a></li>\n"; 335 } 336 } 337 echo "</ul>\n"; 338 // Build the list of any actual avatars we have 339 echo "<ul id=\"avatars\">\n"; 340 if(is_array($avatars)) 341 { 342 foreach($avatars as $avatar) 343 { 344 $scaled_dimensions = scale_image($avatar['width'], $avatar['height'], 80, 80); 345 $top = ceil((80-$scaled_dimensions['height'])/2); 346 $left = ceil((80-$scaled_dimensions['width'])/2); 347 echo "<li><a href=\"index.php?module=user-users&action=avatar_gallery&uid={$user['uid']}&avatar={$avatar['path']}&my_post_key={$mybb->post_code}\"><span class=\"image\"><img src=\"{$mybb->settings['avatardir']}/{$avatar['path']}\" alt=\"\" style=\"margin-top: {$top}px;\" height=\"{$scaled_dimensions['height']}\" width=\"{$scaled_dimensions['width']}\" /></span><span class=\"title\">{$avatar['friendly_name']}</span></a></li>\n"; 348 } 349 } 350 echo "</ul>\n"; 351 echo "</div>"; 352 echo "</body>"; 353 echo "</html>"; 354 exit; 355 } 356 357 if($mybb->input['action'] == "activate_user") 358 { 359 $plugins->run_hooks("admin_user_users_coppa_activate"); 360 361 if(!verify_post_check($mybb->input['my_post_key'])) 362 { 363 flash_message($lang->invalid_post_verify_key2, 'error'); 364 admin_redirect("index.php?module=user-users"); 365 } 366 367 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 368 $user = $db->fetch_array($query); 369 370 // Does the user not exist? 371 if(!$user['uid'] || $user['usergroup'] != 5) 372 { 373 flash_message($lang->error_invalid_user, 'error'); 374 admin_redirect("index.php?module=user-users"); 375 } 376 377 $updated_user['usergroup'] = $user['usergroup']; 378 379 // Update 380 if($user['coppauser']) 381 { 382 $updated_user = array( 383 "coppauser" => 0 384 ); 385 } 386 else 387 { 388 $db->delete_query("awaitingactivation", "uid='{$user['uid']}'"); 389 } 390 391 // Move out of awaiting activation if they're in it. 392 if($user['usergroup'] == 5) 393 { 394 $updated_user['usergroup'] = 2; 395 } 396 397 $db->update_query("users", $updated_user, "uid='{$user['uid']}'"); 398 399 $plugins->run_hooks("admin_user_users_coppa_activate_commit"); 400 401 // Log admin action 402 log_admin_action($user['uid'], $user['username']); 403 404 if($mybb->input['from'] == "home") 405 { 406 if($user['coppauser']) 407 { 408 $message = $lang->success_coppa_activated; 409 } 410 else 411 { 412 $message = $lang->success_activated; 413 } 414 415 update_admin_session('flash_message2', array('message' => $message, 'type' => 'success')); 416 } 417 else 418 { 419 if($user['coppauser']) 420 { 421 flash_message($lang->success_coppa_activated, 'success'); 422 } 423 else 424 { 425 flash_message($lang->success_activated, 'success'); 426 } 427 } 428 429 if($admin_session['data']['last_users_url']) 430 { 431 $url = $admin_session['data']['last_users_url']; 432 update_admin_session('last_users_url', ''); 433 434 if($mybb->input['from'] == "home") 435 { 436 update_admin_session('from', 'home'); 437 } 438 } 439 else 440 { 441 $url = "index.php?module=user-users&action=edit&uid={$user['uid']}"; 442 } 443 444 admin_redirect($url); 445 } 446 447 if($mybb->input['action'] == "add") 448 { 449 $plugins->run_hooks("admin_user_users_add"); 450 451 if($mybb->request_method == "post") 452 { 453 // Determine the usergroup stuff 454 if(is_array($mybb->input['additionalgroups'])) 455 { 456 foreach($mybb->input['additionalgroups'] as $key => $gid) 457 { 458 if($gid == $mybb->input['usergroup']) 459 { 460 unset($mybb->input['additionalgroups'][$key]); 461 } 462 } 463 $additionalgroups = implode(",", $mybb->input['additionalgroups']); 464 } 465 else 466 { 467 $additionalgroups = ''; 468 } 469 470 // Set up user handler. 471 require_once MYBB_ROOT."inc/datahandlers/user.php"; 472 $userhandler = new UserDataHandler('insert'); 473 474 // Set the data for the new user. 475 $new_user = array( 476 "uid" => $mybb->input['uid'], 477 "username" => $mybb->input['username'], 478 "password" => $mybb->input['password'], 479 "password2" => $mybb->input['confirm_password'], 480 "email" => $mybb->input['email'], 481 "email2" => $mybb->input['email'], 482 "usergroup" => $mybb->input['usergroup'], 483 "additionalgroups" => $additionalgroups, 484 "displaygroup" => $mybb->input['displaygroup'], 485 "profile_fields" => $mybb->input['profile_fields'], 486 "profile_fields_editable" => true, 487 ); 488 489 // Set the data of the user in the datahandler. 490 $userhandler->set_data($new_user); 491 $errors = ''; 492 493 // Validate the user and get any errors that might have occurred. 494 if(!$userhandler->validate_user()) 495 { 496 $errors = $userhandler->get_friendly_errors(); 497 } 498 else 499 { 500 $user_info = $userhandler->insert_user(); 501 502 $plugins->run_hooks("admin_user_users_add_commit"); 503 504 // Log admin action 505 log_admin_action($user_info['uid'], $user_info['username']); 506 507 flash_message($lang->success_user_created, 'success'); 508 admin_redirect("index.php?module=user-users&action=edit&uid={$user_info['uid']}"); 509 } 510 } 511 512 // Fetch custom profile fields - only need required profile fields here 513 $query = $db->simple_select("profilefields", "*", "required=1", array('order_by' => 'disporder')); 514 while($profile_field = $db->fetch_array($query)) 515 { 516 $profile_fields['required'][] = $profile_field; 517 } 518 519 $page->add_breadcrumb_item($lang->create_user); 520 $page->output_header($lang->create_user); 521 522 $form = new Form("index.php?module=user-users&action=add", "post"); 523 524 $page->output_nav_tabs($sub_tabs, 'create_user'); 525 526 // If we have any error messages, show them 527 if($errors) 528 { 529 $page->output_inline_error($errors); 530 } 531 else 532 { 533 $mybb->input = array( 534 "usergroup" => 2 535 ); 536 } 537 538 $form_container = new FormContainer($lang->required_profile_info); 539 $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username'); 540 $form_container->output_row($lang->password." <em>*</em>", "", $form->generate_password_box('password', $mybb->input['password'], array('id' => 'password', 'autocomplete' => 'off')), 'password'); 541 $form_container->output_row($lang->confirm_password." <em>*</em>", "", $form->generate_password_box('confirm_password', $mybb->input['confirm_password'], array('id' => 'confirm_new_password')), 'confirm_new_password'); 542 $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email'); 543 544 $display_group_options[0] = $lang->use_primary_user_group; 545 $options = array(); 546 $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title')); 547 while($usergroup = $db->fetch_array($query)) 548 { 549 $options[$usergroup['gid']] = $usergroup['title']; 550 $display_group_options[$usergroup['gid']] = $usergroup['title']; 551 } 552 553 $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup'); 554 $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups'); 555 $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup'); 556 557 // Output custom profile fields - required 558 output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form); 559 560 $form_container->end(); 561 $buttons[] = $form->generate_submit_button($lang->save_user); 562 $form->output_submit_wrapper($buttons); 563 564 $form->end(); 565 $page->output_footer(); 566 } 567 568 if($mybb->input['action'] == "edit") 569 { 570 $plugins->run_hooks("admin_user_users_edit"); 571 572 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 573 $user = $db->fetch_array($query); 574 575 // Does the user not exist? 576 if(!$user['uid']) 577 { 578 flash_message($lang->error_invalid_user, 'error'); 579 admin_redirect("index.php?module=user-users"); 580 } 581 582 if($mybb->request_method == "post") 583 { 584 if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid'])) 585 { 586 flash_message($lang->error_no_perms_super_admin, 'error'); 587 admin_redirect("index.php?module=user-users"); 588 } 589 590 // Determine the usergroup stuff 591 if(is_array($mybb->input['additionalgroups'])) 592 { 593 foreach($mybb->input['additionalgroups'] as $key => $gid) 594 { 595 if($gid == $mybb->input['usergroup']) 596 { 597 unset($mybb->input['additionalgroups'][$key]); 598 } 599 } 600 $additionalgroups = implode(",", $mybb->input['additionalgroups']); 601 } 602 else 603 { 604 $additionalgroups = ''; 605 } 606 607 // Set up user handler. 608 require_once MYBB_ROOT."inc/datahandlers/user.php"; 609 $userhandler = new UserDataHandler('update'); 610 611 // Set the data for the new user. 612 $updated_user = array( 613 "uid" => $mybb->input['uid'], 614 "username" => $mybb->input['username'], 615 "email" => $mybb->input['email'], 616 "email2" => $mybb->input['email'], 617 "usergroup" => $mybb->input['usergroup'], 618 "additionalgroups" => $additionalgroups, 619 "displaygroup" => $mybb->input['displaygroup'], 620 "postnum" => $mybb->input['postnum'], 621 "usertitle" => $mybb->input['usertitle'], 622 "timezone" => $mybb->input['timezone'], 623 "language" => $mybb->input['language'], 624 "profile_fields" => $mybb->input['profile_fields'], 625 "profile_fields_editable" => true, 626 "website" => $mybb->input['website'], 627 "icq" => $mybb->input['icq'], 628 "aim" => $mybb->input['aim'], 629 "yahoo" => $mybb->input['yahoo'], 630 "msn" => $mybb->input['msn'], 631 "birthday" => array( 632 "day" => $mybb->input['bday1'], 633 "month" => $mybb->input['bday2'], 634 "year" => $mybb->input['bday3'] 635 ), 636 "style" => $mybb->input['style'], 637 "signature" => $mybb->input['signature'], 638 "dateformat" => intval($mybb->input['dateformat']), 639 "timeformat" => intval($mybb->input['timeformat']), 640 "language" => $mybb->input['language'], 641 "usernotes" => $mybb->input['usernotes'] 642 ); 643 644 if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5) 645 { 646 if($user['coppauser'] == 1) 647 { 648 $updated_user['coppa_user'] = 0; 649 } 650 } 651 if($mybb->input['new_password']) 652 { 653 $updated_user['password'] = $mybb->input['new_password']; 654 $updated_user['password2'] = $mybb->input['confirm_new_password']; 655 } 656 657 $updated_user['options'] = array( 658 "allownotices" => $mybb->input['allownotices'], 659 "hideemail" => $mybb->input['hideemail'], 660 "subscriptionmethod" => $mybb->input['subscriptionmethod'], 661 "invisible" => $mybb->input['invisible'], 662 "dstcorrection" => $mybb->input['dstcorrection'], 663 "threadmode" => $mybb->input['threadmode'], 664 "showsigs" => $mybb->input['showsigs'], 665 "showavatars" => $mybb->input['showavatars'], 666 "showquickreply" => $mybb->input['showquickreply'], 667 "receivepms" => $mybb->input['receivepms'], 668 "receivefrombuddy" => $mybb->input['receivefrombuddy'], 669 "pmnotice" => $mybb->input['pmnotice'], 670 "daysprune" => $mybb->input['daysprune'], 671 "showcodebuttons" => intval($mybb->input['showcodebuttons']), 672 "pmnotify" => $mybb->input['pmnotify'], 673 "showredirect" => $mybb->input['showredirect'] 674 ); 675 676 if($mybb->settings['usertppoptions']) 677 { 678 $updated_user['options']['tpp'] = intval($mybb->input['tpp']); 679 } 680 681 if($mybb->settings['userpppoptions']) 682 { 683 $updated_user['options']['ppp'] = intval($mybb->input['ppp']); 684 } 685 686 // Set the data of the user in the datahandler. 687 $userhandler->set_data($updated_user); 688 $errors = ''; 689 690 // Validate the user and get any errors that might have occurred. 691 if(!$userhandler->validate_user()) 692 { 693 $errors = $userhandler->get_friendly_errors(); 694 } 695 else 696 { 697 // Are we removing an avatar from this user? 698 if($mybb->input['remove_avatar']) 699 { 700 $extra_user_updates = array( 701 "avatar" => "", 702 "avatardimensions" => "", 703 "avatartype" => "" 704 ); 705 remove_avatars($user['uid']); 706 } 707 708 // Are we uploading a new avatar? 709 if($_FILES['avatar_upload']['name']) 710 { 711 $avatar = upload_avatar($_FILES['avatar_upload'], $user['uid']); 712 if($avatar['error']) 713 { 714 $errors = array($avatar['error']); 715 } 716 else 717 { 718 if($avatar['width'] > 0 && $avatar['height'] > 0) 719 { 720 $avatar_dimensions = $avatar['width']."|".$avatar['height']; 721 } 722 $extra_user_updates = array( 723 "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW, 724 "avatardimensions" => $avatar_dimensions, 725 "avatartype" => "upload" 726 ); 727 } 728 } 729 // Are we setting a new avatar from a URL? 730 else if($mybb->input['avatar_url'] && $mybb->input['avatar_url'] != $user['avatar']) 731 { 732 $mybb->input['avatar_url'] = preg_replace("#script:#i", "", $mybb->input['avatar_url']); 733 $mybb->input['avatar_url'] = htmlspecialchars_uni($mybb->input['avatar_url']); 734 $ext = get_extension($mybb->input['avatar_url']); 735 736 // Copy the avatar to the local server (work around remote URL access disabled for getimagesize) 737 $file = fetch_remote_file($mybb->input['avatar_url']); 738 if(!$file) 739 { 740 $avatar_error = $lang->error_invalidavatarurl; 741 } 742 else 743 { 744 $tmp_name = "../".$mybb->settings['avataruploadpath']."/remote_".md5(random_str()); 745 $fp = @fopen($tmp_name, "wb"); 746 if(!$fp) 747 { 748 $avatar_error = $lang->error_invalidavatarurl; 749 } 750 else 751 { 752 fwrite($fp, $file); 753 fclose($fp); 754 list($width, $height, $type) = @getimagesize($tmp_name); 755 @unlink($tmp_name); 756 echo $type; 757 if(!$type) 758 { 759 $avatar_error = $lang->error_invalidavatarurl; 760 } 761 } 762 } 763 764 if(empty($avatar_error)) 765 { 766 if($width && $height && $mybb->settings['maxavatardims'] != "") 767 { 768 list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims'])); 769 if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight)) 770 { 771 $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight); 772 $avatar_error = $lang->error_avatartoobig; 773 } 774 } 775 } 776 777 if(empty($avatar_error)) 778 { 779 if($width > 0 && $height > 0) 780 { 781 $avatar_dimensions = intval($width)."|".intval($height); 782 } 783 $extra_user_updates = array( 784 "avatar" => $db->escape_string($mybb->input['avatar_url'].'?dateline='.TIME_NOW), 785 "avatardimensions" => $avatar_dimensions, 786 "avatartype" => "remote" 787 ); 788 remove_avatars($user['uid']); 789 } 790 else 791 { 792 $errors = array($avatar_error); 793 } 794 } 795 796 // Moderator "Options" (suspend signature, suspend/moderate posting) 797 $moderator_options = array( 798 1 => array( 799 "action" => "suspendsignature", // The moderator action we're performing 800 "period" => "action_period", // The time period we've selected from the dropdown box 801 "time" => "action_time", // The time we've entered 802 "update_field" => "suspendsignature", // The field in the database to update if true 803 "update_length" => "suspendsigtime" // The length of suspension field in the database 804 ), 805 2 => array( 806 "action" => "moderateposting", 807 "period" => "modpost_period", 808 "time" => "modpost_time", 809 "update_field" => "moderateposts", 810 "update_length" => "moderationtime" 811 ), 812 3 => array( 813 "action" => "suspendposting", 814 "period" => "suspost_period", 815 "time" => "suspost_time", 816 "update_field" => "suspendposting", 817 "update_length" => "suspensiontime" 818 ) 819 ); 820 821 require_once MYBB_ROOT."inc/functions_warnings.php"; 822 foreach($moderator_options as $option) 823 { 824 if(!$mybb->input[$option['action']]) 825 { 826 if($user[$option['update_field']] == 1) 827 { 828 // We're revoking the suspension 829 $extra_user_updates[$option['update_field']] = 0; 830 $extra_user_updates[$option['update_length']] = 0; 831 } 832 833 // Skip this option if we haven't selected it 834 continue; 835 } 836 837 if($mybb->input[$option['action']]) 838 { 839 if(intval($mybb->input[$option['time']]) == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1) 840 { 841 // User has selected a type of ban, but not entered a valid time frame 842 $string = $option['action']."_error"; 843 $errors[] = $lang->$string; 844 } 845 846 if(!is_array($errors)) 847 { 848 $suspend_length = fetch_time_length(intval($mybb->input[$option['time']]), $mybb->input[$option['period']]); 849 850 if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never")) 851 { 852 // We already have a suspension, but entered a new time 853 if($suspend_length == "-1") 854 { 855 // Permanent ban on action 856 $extra_user_updates[$option['update_length']] = 0; 857 } 858 elseif($suspend_length && $suspend_length != "-1") 859 { 860 // Temporary ban on action 861 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 862 } 863 } 864 elseif(!$user[$option['update_field']]) 865 { 866 // New suspension for this user... bad user! 867 $extra_user_updates[$option['update_field']] = 1; 868 if($suspend_length == "-1") 869 { 870 $extra_user_updates[$option['update_length']] = 0; 871 } 872 else 873 { 874 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 875 } 876 } 877 } 878 } 879 } 880 881 if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting']) 882 { 883 $errors[] = $lang->suspendmoderate_error; 884 } 885 886 if(!$errors) 887 { 888 $user_info = $userhandler->update_user(); 889 $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'"); 890 891 // if we're updating the user's signature preferences, do so now 892 if($mybb->input['update_posts'] == 'enable' || $mybb->input['update_posts'] == 'disable') 893 { 894 $update_signature = array( 895 'includesig' => ($mybb->input['update_posts'] == 'enable' ? 1 : 0) 896 ); 897 $db->update_query("posts", $update_signature, "uid='{$user['uid']}'"); 898 } 899 900 $plugins->run_hooks("admin_user_users_edit_commit"); 901 902 // Log admin action 903 log_admin_action($user['uid'], $mybb->input['username']); 904 905 flash_message($lang->success_user_updated, 'success'); 906 admin_redirect("index.php?module=user-users"); 907 } 908 } 909 } 910 911 if(!$errors) 912 { 913 $user['usertitle'] = htmlspecialchars_decode($user['usertitle']); 914 $mybb->input = $user; 915 916 $options = array( 917 'bday1', 'bday2', 'bday3', 918 'new_password', 'confirm_new_password', 919 'action_time', 'action_period', 920 'modpost_period', 'moderateposting', 'modpost_time', 'suspost_period', 'suspost_time' 921 ); 922 923 foreach($options as $option) 924 { 925 if(!isset($mybb->input[$option])) 926 { 927 $mybb->input[$option] = ''; 928 } 929 } 930 931 // We need to fetch this users profile field values 932 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 933 $mybb->input['profile_fields'] = $db->fetch_array($query); 934 } 935 936 if($mybb->input['bday1'] || $mybb->input['bday2'] || $mybb->input['bday3']) 937 { 938 $mybb->input['bday'][0] = $mybb->input['bday1']; 939 $mybb->input['bday'][1] = $mybb->input['bday2']; 940 $mybb->input['bday'][2] = intval($mybb->input['bday3']); 941 } 942 else 943 { 944 $mybb->input['bday'] = array(0, 0, ''); 945 946 if($user['birthday']) 947 { 948 $mybb->input['bday'] = explode('-', $user['birthday']); 949 } 950 } 951 952 // Fetch custom profile fields 953 $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder')); 954 while($profile_field = $db->fetch_array($query)) 955 { 956 if($profile_field['required'] == 1) 957 { 958 $profile_fields['required'][] = $profile_field; 959 } 960 else 961 { 962 $profile_fields['optional'][] = $profile_field; 963 } 964 } 965 966 $page->add_breadcrumb_item($lang->edit_user.": ".htmlspecialchars_uni($user['username'])); 967 $page->output_header($lang->edit_user); 968 969 $sub_tabs['edit_user'] = array( 970 'title' => $lang->edit_user, 971 'description' => $lang->edit_user_desc 972 ); 973 974 $form = new Form("index.php?module=user-users&action=edit&uid={$user['uid']}", "post", "", 1); 975 echo "<script type=\"text/javascript\">\n function submitUserForm() { $('tab_overview').up('FORM').submit(); }</script>\n"; 976 977 $page->output_nav_tabs($sub_tabs, 'edit_user'); 978 979 // If we have any error messages, show them 980 if($errors) 981 { 982 $page->output_inline_error($errors); 983 } 984 985 // Is this user a COPPA user? We show a warning & activate link 986 if($user['coppauser']) 987 { 988 echo $lang->sprintf($lang->warning_coppa_user, $user['uid']); 989 } 990 991 $tabs = array( 992 "overview" => $lang->overview, 993 "profile" => $lang->profile, 994 "settings" => $lang->account_settings, 995 "signature" => $lang->signature, 996 "avatar" => $lang->avatar, 997 "modoptions" => $lang->mod_options 998 ); 999 $page->output_tab_control($tabs); 1000 1001 // 1002 // OVERVIEW 1003 // 1004 echo "<div id=\"tab_overview\">\n"; 1005 $table = new Table; 1006 $table->construct_header($lang->avatar, array('class' => 'align_center')); 1007 $table->construct_header($lang->general_account_stats, array('colspan' => '2', 'class' => 'align_center')); 1008 1009 // Avatar 1010 $avatar_dimensions = explode("|", $user['avatardimensions']); 1011 if($user['avatar']) 1012 { 1013 if($user['avatardimensions']) 1014 { 1015 require_once MYBB_ROOT."inc/functions_image.php"; 1016 list($width, $height) = explode("|", $user['avatardimensions']); 1017 $scaled_dimensions = scale_image($width, $height, 120, 120); 1018 } 1019 else 1020 { 1021 $scaled_dimensions = array( 1022 "width" => 120, 1023 "height" => 120 1024 ); 1025 } 1026 if (!stristr($user['avatar'], 'http://')) 1027 { 1028 $user['avatar'] = "../{$user['avatar']}\n"; 1029 } 1030 } 1031 else 1032 { 1033 $user['avatar'] = "styles/{$page->style}/images/default_avatar.gif"; 1034 $scaled_dimensions = array( 1035 "width" => 120, 1036 "height" => 120 1037 ); 1038 } 1039 $avatar_top = ceil((126-$scaled_dimensions['height'])/2); 1040 if($user['lastactive']) 1041 { 1042 $last_active = my_date($mybb->settings['dateformat'], $user['lastactive']).", ".my_date($mybb->settings['timeformat'], $user['lastactive']); 1043 } 1044 else 1045 { 1046 $last_active = $lang->never; 1047 } 1048 $reg_date = my_date($mybb->settings['dateformat'], $user['regdate']).", ".my_date($mybb->settings['timeformat'], $user['regdate']); 1049 if($user['dst'] == 1) 1050 { 1051 $timezone = $user['timezone']+1; 1052 } 1053 else 1054 { 1055 $timezone = $user['timezone']; 1056 } 1057 $local_time = gmdate($mybb->settings['dateformat'], TIME_NOW + ($timezone * 3600)).", ".gmdate($mybb->settings['timeformat'], TIME_NOW + ($timezone * 3600)); 1058 $days_registered = (TIME_NOW - $user['regdate']) / (24*3600); 1059 $posts_per_day = 0; 1060 if($days_registered > 0) 1061 { 1062 $posts_per_day = round($user['postnum'] / $days_registered, 2); 1063 if($posts_per_day > $user['postnum']) 1064 { 1065 $posts_per_day = $user['postnum']; 1066 } 1067 } 1068 $stats = $cache->read("stats"); 1069 $posts = $stats['numposts']; 1070 if($posts == 0) 1071 { 1072 $percent_posts = "0"; 1073 } 1074 else 1075 { 1076 $percent_posts = round($user['postnum']*100/$posts, 2); 1077 } 1078 1079 $user_permissions = user_permissions($user['uid']); 1080 1081 // Fetch the reputation for this user 1082 if($user_permissions['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1) 1083 { 1084 $reputation = get_reputation($user['reputation']); 1085 } 1086 else 1087 { 1088 $reputation = "-"; 1089 } 1090 1091 if($mybb->settings['enablewarningsystem'] != 0 && $user_permissions['canreceivewarnings'] != 0) 1092 { 1093 $warning_level = round($user['warningpoints']/$mybb->settings['maxwarningpoints']*100); 1094 if($warning_level > 100) 1095 { 1096 $warning_level = 100; 1097 } 1098 $warning_level = get_colored_warning_level($warning_level); 1099 } 1100 1101 $age = $lang->na; 1102 if($user['birthday']) 1103 { 1104 $age = get_age($user['birthday']); 1105 } 1106 1107 $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" style=\"margin-top: {$avatar_top}px\" width=\"{$scaled_dimensions['width']}\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('rowspan' => 6, 'width' => 1)); 1108 $table->construct_cell("<strong>{$lang->email_address}:</strong> <a href=\"mailto:".htmlspecialchars_uni($user['email'])."\">".htmlspecialchars_uni($user['email'])."</a>"); 1109 $table->construct_cell("<strong>{$lang->last_active}:</strong> {$last_active}"); 1110 $table->construct_row(); 1111 $table->construct_cell("<strong>{$lang->registration_date}:</strong> {$reg_date}"); 1112 $table->construct_cell("<strong>{$lang->local_time}:</strong> {$local_time}"); 1113 $table->construct_row(); 1114 $table->construct_cell("<strong>{$lang->posts}:</strong> {$user['postnum']}"); 1115 $table->construct_cell("<strong>{$lang->age}:</strong> {$age}"); 1116 $table->construct_row(); 1117 $table->construct_cell("<strong>{$lang->posts_per_day}:</strong> {$posts_per_day}"); 1118 $table->construct_cell("<strong>{$lang->reputation}:</strong> {$reputation}"); 1119 $table->construct_row(); 1120 $table->construct_cell("<strong>{$lang->percent_of_total_posts}:</strong> {$percent_posts}"); 1121 $table->construct_cell("<strong>{$lang->warning_level}:</strong> {$warning_level}"); 1122 $table->construct_row(); 1123 $table->construct_cell("<strong>{$lang->registration_ip}:</strong> {$user['regip']}"); 1124 $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> {$user['lastip']}"); 1125 $table->construct_row(); 1126 1127 $table->output("{$lang->user_overview}: {$user['username']}"); 1128 echo "</div>\n"; 1129 1130 // 1131 // PROFILE 1132 // 1133 echo "<div id=\"tab_profile\">\n"; 1134 1135 $form_container = new FormContainer($lang->required_profile_info.": {$user['username']}"); 1136 $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username'); 1137 $form_container->output_row($lang->new_password, $lang->new_password_desc, $form->generate_password_box('new_password', $mybb->input['new_password'], array('id' => 'new_password', 'autocomplete' => 'off')), 'new_password'); 1138 $form_container->output_row($lang->confirm_new_password, $lang->new_password_desc, $form->generate_password_box('confirm_new_password', $mybb->input['confirm_new_password'], array('id' => 'confirm_new_password')), 'confirm_new_password'); 1139 $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email'); 1140 1141 $display_group_options[0] = $lang->use_primary_user_group; 1142 $options = array(); 1143 $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title')); 1144 while($usergroup = $db->fetch_array($query)) 1145 { 1146 $options[$usergroup['gid']] = $usergroup['title']; 1147 $display_group_options[$usergroup['gid']] = $usergroup['title']; 1148 } 1149 1150 if(!is_array($mybb->input['additionalgroups'])) 1151 { 1152 $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']); 1153 } 1154 1155 $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup'); 1156 $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups'); 1157 $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup'); 1158 $form_container->output_row($lang->post_count." <em>*</em>", "", $form->generate_text_box('postnum', $mybb->input['postnum'], array('id' => 'postnum')), 'postnum'); 1159 1160 // Output custom profile fields - required 1161 if(!isset($profile_fields['required'])) 1162 { 1163 $profile_fields['required'] = array(); 1164 } 1165 output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form); 1166 1167 $form_container->end(); 1168 1169 $form_container = new FormContainer($lang->optional_profile_info.": {$user['username']}"); 1170 $form_container->output_row($lang->custom_user_title, $lang->custom_user_title_desc, $form->generate_text_box('usertitle', $mybb->input['usertitle'], array('id' => 'usertitle')), 'usertitle'); 1171 $form_container->output_row($lang->website, "", $form->generate_text_box('website', $mybb->input['website'], array('id' => 'website')), 'website'); 1172 $form_container->output_row($lang->icq_number, "", $form->generate_text_box('icq', $mybb->input['icq'], array('id' => 'icq')), 'icq'); 1173 $form_container->output_row($lang->aim_handle, "", $form->generate_text_box('aim', $mybb->input['aim'], array('id' => 'aim')), 'aim'); 1174 $form_container->output_row($lang->yahoo_messanger_handle, "", $form->generate_text_box('yahoo', $mybb->input['yahoo'], array('id' => 'yahoo')), 'yahoo'); 1175 $form_container->output_row($lang->msn_messanger_handle, "", $form->generate_text_box('msn', $mybb->input['msn'], array('id' => 'msn')), 'msn'); 1176 1177 // Birthday 1178 $birthday_days = array(0 => ''); 1179 for($i = 1; $i <= 31; $i++) 1180 { 1181 $birthday_days[$i] = $i; 1182 } 1183 1184 $birthday_months = array( 1185 0 => '', 1186 1 => $lang->january, 1187 2 => $lang->february, 1188 3 => $lang->march, 1189 4 => $lang->april, 1190 5 => $lang->may, 1191 6 => $lang->june, 1192 7 => $lang->july, 1193 8 => $lang->august, 1194 9 => $lang->september, 1195 10 => $lang->october, 1196 11 => $lang->november, 1197 12 => $lang->december 1198 ); 1199 1200 $birthday_row = $form->generate_select_box('bday1', $birthday_days, $mybb->input['bday'][0], array('id' => 'bday_day')); 1201 $birthday_row .= ' '.$form->generate_select_box('bday2', $birthday_months, $mybb->input['bday'][1], array('id' => 'bday_month')); 1202 $birthday_row .= ' '.$form->generate_text_box('bday3', $mybb->input['bday'][2], array('id' => 'bday_year', 'style' => 'width: 3em;')); 1203 1204 $form_container->output_row($lang->birthday, "", $birthday_row, 'birthday'); 1205 1206 // Output custom profile fields - optional 1207 output_custom_profile_fields($profile_fields['optional'], $mybb->input['profile_fields'], $form_container, $form); 1208 1209 $form_container->end(); 1210 echo "</div>\n"; 1211 1212 // 1213 // ACCOUNT SETTINGS 1214 // 1215 1216 // Plugin hook note - we should add hooks in above each output_row for the below so users can add their own options to each group :> 1217 1218 echo "<div id=\"tab_settings\">\n"; 1219 $form_container = new FormContainer($lang->account_settings.": {$user['username']}"); 1220 $login_options = array( 1221 $form->generate_check_box("invisible", 1, $lang->hide_from_whos_online, array("checked" => $mybb->input['invisible'])), 1222 ); 1223 $form_container->output_row($lang->login_cookies_privacy, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $login_options)."</div>"); 1224 1225 if($mybb->input['pmnotice'] > 1) 1226 { 1227 $mybb->input['pmnotice'] = 1; 1228 } 1229 1230 $messaging_options = array( 1231 $form->generate_check_box("allownotices", 1, $lang->recieve_admin_emails, array("checked" => $mybb->input['allownotices'])), 1232 $form->generate_check_box("hideemail", 1, $lang->hide_email_from_others, array("checked" => $mybb->input['hideemail'])), 1233 $form->generate_check_box("receivepms", 1, $lang->recieve_pms_from_others, array("checked" => $mybb->input['receivepms'])), 1234 $form->generate_check_box("receivefrombuddy", 1, $lang->recieve_pms_from_buddy, array("checked" => $mybb->input['receivefrombuddy'])), 1235 $form->generate_check_box("pmnotice", 1, $lang->alert_new_pms, array("checked" => $mybb->input['pmnotice'])), 1236 $form->generate_check_box("pmnotify", 1, $lang->email_notify_new_pms, array("checked" => $mybb->input['pmnotify'])), 1237 "<label for=\"subscriptionmethod\">{$lang->default_thread_subscription_mode}:</label><br />".$form->generate_select_box("subscriptionmethod", array($lang->do_not_subscribe, $lang->no_email_notification, $lang->instant_email_notification), $mybb->input['subscriptionmethod'], array('id' => 'subscriptionmethod')) 1238 ); 1239 $form_container->output_row($lang->messaging_and_notification, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $messaging_options)."</div>"); 1240 1241 $date_format_options = array($lang->use_default); 1242 foreach($date_formats as $key => $format) 1243 { 1244 $date_format_options[$key] = my_date($format, TIME_NOW, "", 0); 1245 } 1246 1247 $time_format_options = array($lang->use_default); 1248 foreach($time_formats as $key => $format) 1249 { 1250 $time_format_options[$key] = my_date($format, TIME_NOW, "", 0); 1251 } 1252 1253 $date_options = array( 1254 "<label for=\"dateformat\">{$lang->date_format}:</label><br />".$form->generate_select_box("dateformat", $date_format_options, $mybb->input['dateformat'], array('id' => 'dateformat')), 1255 "<label for=\"dateformat\">{$lang->time_format}:</label><br />".$form->generate_select_box("timeformat", $time_format_options, $mybb->input['timeformat'], array('id' => 'timeformat')), 1256 "<label for=\"timezone\">{$lang->time_zone}:</label><br />".build_timezone_select("timezone", $mybb->input['timezone']), 1257 "<label for=\"dstcorrection\">{$lang->daylight_savings_time_correction}:</label><br />".$form->generate_select_box("dstcorrection", array(2 => $lang->automatically_detect, 1 => $lang->always_use_dst_correction, 0 => $lang->never_use_dst_correction), $mybb->input['dstcorrection'], array('id' => 'dstcorrection')) 1258 ); 1259 $form_container->output_row($lang->date_and_time_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $date_options)."</div>"); 1260 1261 1262 $tpp_options = array($lang->use_default); 1263 if($mybb->settings['usertppoptions']) 1264 { 1265 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 1266 if(is_array($explodedtpp)) 1267 { 1268 foreach($explodedtpp as $tpp) 1269 { 1270 if($tpp <= 0) continue; 1271 $tpp_options[$tpp] = $tpp; 1272 } 1273 } 1274 } 1275 1276 $thread_age_options = array( 1277 0 => $lang->use_default, 1278 1 => $lang->show_threads_last_day, 1279 5 => $lang->show_threads_last_5_days, 1280 10 => $lang->show_threads_last_10_days, 1281 20 => $lang->show_threads_last_20_days, 1282 50 => $lang->show_threads_last_50_days, 1283 75 => $lang->show_threads_last_75_days, 1284 100 => $lang->show_threads_last_100_days, 1285 365 => $lang->show_threads_last_year, 1286 9999 => $lang->show_all_threads 1287 ); 1288 1289 $forum_options = array( 1290 "<label for=\"tpp\">{$lang->threads_per_page}:</label><br />".$form->generate_select_box("tpp", $tpp_options, $mybb->input['tpp'], array('id' => 'tpp')), 1291 "<label for=\"daysprune\">{$lang->default_thread_age_view}:</label><br />".$form->generate_select_box("daysprune", $thread_age_options, $mybb->input['daysprune'], array('id' => 'daysprune')) 1292 ); 1293 $form_container->output_row($lang->forum_display_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $forum_options)."</div>"); 1294 1295 $ppp_options = array($lang->use_default); 1296 if($mybb->settings['userpppoptions']) 1297 { 1298 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 1299 if(is_array($explodedppp)) 1300 { 1301 foreach($explodedppp as $ppp) 1302 { 1303 if($ppp <= 0) continue; 1304 $ppp_options[$ppp] = $ppp; 1305 } 1306 } 1307 } 1308 1309 $thread_options = array( 1310 $form->generate_check_box("showsigs", 1, $lang->display_users_sigs, array("checked" => $mybb->input['showsigs'])), 1311 $form->generate_check_box("showavatars", 1, $lang->display_users_avatars, array("checked" => $mybb->input['showavatars'])), 1312 $form->generate_check_box("showquickreply", 1, $lang->show_quick_reply, array("checked" => $mybb->input['showquickreply'])), 1313 "<label for=\"ppp\">{$lang->posts_per_page}:</label><br />".$form->generate_select_box("ppp", $ppp_options, $mybb->input['ppp'], array('id' => 'ppp')), 1314 "<label for=\"threadmode\">{$lang->default_thread_view_mode}:</label><br />".$form->generate_select_box("threadmode", array("" => $lang->use_default, "linear" => $lang->linear_mode, "threaded" => $lang->threaded_mode), $mybb->input['threadmode'], array('id' => 'threadmode')) 1315 ); 1316 $form_container->output_row($lang->thread_view_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $thread_options)."</div>"); 1317 1318 $languages = array_merge(array('' => $lang->use_default), $lang->get_languages()); 1319 1320 $other_options = array( 1321 $form->generate_check_box("showredirect", 1, $lang->show_redirect, array("checked" => $mybb->input['showredirect'])), 1322 $form->generate_check_box("showcodebuttons", "1", $lang->show_code_buttons, array("checked" => $mybb->input['showcodebuttons'])), 1323 "<label for=\"style\">{$lang->theme}:</label><br />".build_theme_select("style", $mybb->input['style'], 0, "", true), 1324 "<label for=\"language\">{$lang->board_language}:</label><br />".$form->generate_select_box("language", $languages, $mybb->input['language'], array('id' => 'language')) 1325 ); 1326 $form_container->output_row($lang->other_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $other_options)."</div>"); 1327 1328 $form_container->end(); 1329 echo "</div>\n"; 1330 1331 // 1332 // SIGNATURE EDITOR 1333 // 1334 $signature_editor = $form->generate_text_area("signature", $mybb->input['signature'], array('id' => 'signature', 'rows' => 15, 'cols' => '70', 'style' => 'width: 95%')); 1335 $sig_smilies = $lang->off; 1336 if($mybb->settings['sigsmilies'] == 1) 1337 { 1338 $sig_smilies = $lang->on; 1339 } 1340 $sig_mycode = $lang->off; 1341 if($mybb->settings['sigmycode'] == 1) 1342 { 1343 $sig_mycode = $lang->on; 1344 $signature_editor .= build_mycode_inserter("signature"); 1345 } 1346 $sig_html = $lang->off; 1347 if($mybb->settings['sightml'] == 1) 1348 { 1349 $sig_html = $lang->on; 1350 } 1351 $sig_imgcode = $lang->off; 1352 if($mybb->settings['sigimgcode'] == 1) 1353 { 1354 $sig_imgcode = $lang->on; 1355 } 1356 echo "<div id=\"tab_signature\">\n"; 1357 $form_container = new FormContainer("{$lang->signature}: {$user['username']}"); 1358 $form_container->output_row($lang->signature, $lang->sprintf($lang->signature_desc, $sig_mycode, $sig_smilies, $sig_imgcode, $sig_html), $signature_editor, 'signature'); 1359 1360 $periods = array( 1361 "hours" => $lang->expire_hours, 1362 "days" => $lang->expire_days, 1363 "weeks" => $lang->expire_weeks, 1364 "months" => $lang->expire_months, 1365 "never" => $lang->expire_permanent 1366 ); 1367 1368 // Are we already suspending the signature? 1369 if($mybb->input['suspendsignature']) 1370 { 1371 $sig_checked = 1; 1372 1373 // Display how much time is left on the ban for the user to extend it 1374 if($user['suspendsigtime'] == "0") 1375 { 1376 // Permanent 1377 $lang->suspend_expire_info = $lang->suspend_sig_perm; 1378 } 1379 else 1380 { 1381 // There's a limit to the suspension! 1382 $expired = my_date($mybb->settings['dateformat'], $user['suspendsigtime'])." @ ".my_date($mybb->settings['timeformat'], $user['suspendsigtime']); 1383 $lang->suspend_expire_info = $lang->sprintf($lang->suspend_expire_info, $expired); 1384 } 1385 $user_suspend_info = ' 1386 <tr> 1387 <td colspan="2">'.$lang->suspend_expire_info.'<br />'.$lang->suspend_sig_extend.'</td> 1388 </tr>'; 1389 } 1390 else 1391 { 1392 $sig_checked = 0; 1393 $user_suspend_info = ''; 1394 } 1395 1396 $actions = ' 1397 <script type="text/javascript"> 1398 <!-- 1399 var sig_checked = "'.$sig_checked.'"; 1400 1401 function toggleAction() 1402 { 1403 if($("suspend_action").visible() == true) 1404 { 1405 $("suspend_action").hide(); 1406 } 1407 else 1408 { 1409 $("suspend_action").show(); 1410 } 1411 } 1412 // --> 1413 </script> 1414 1415 <dl style="margin-top: 0; margin-bottom: 0; width: 100%;"> 1416 <dt>'.$form->generate_check_box("suspendsignature", 1, $lang->suspend_sig_box, array('checked' => $sig_checked, 'onclick' => 'toggleAction();')).'</dt> 1417 <dd style="margin-top: 4px;" id="suspend_action" class="actions"> 1418 <table cellpadding="4">'.$user_suspend_info.' 1419 <tr> 1420 <td width="30%"><small>'.$lang->expire_length.'</small></td> 1421 <td>'.$form->generate_text_box('action_time', $mybb->input['action_time'], array('style' => 'width: 2em;')).' '.$form->generate_select_box('action_period', $periods, $mybb->input['action_period']).'</td> 1422 </tr> 1423 </table> 1424 </dd> 1425 </dl> 1426 1427 <script type="text/javascript"> 1428 <!-- 1429 if(sig_checked == 0) 1430 { 1431 $("suspend_action").hide(); 1432 } 1433 // --> 1434 </script>'; 1435 1436 $form_container->output_row($lang->suspend_sig, $lang->suspend_sig_info, $actions); 1437 1438 $signature_options = array( 1439 $form->generate_radio_button("update_posts", "enable", $lang->enable_sig_in_all_posts, array("checked" => 0)), 1440 $form->generate_radio_button("update_posts", "disable", $lang->disable_sig_in_all_posts, array("checked" => 0)), 1441 $form->generate_radio_button("update_posts", "no", $lang->do_nothing, array("checked" => 1)) 1442 ); 1443 1444 $form_container->output_row($lang->signature_preferences, "", implode("<br />", $signature_options)); 1445 1446 $form_container->end(); 1447 echo "</div>\n"; 1448 1449 // 1450 // AVATAR MANAGER 1451 // 1452 echo "<div id=\"tab_avatar\">\n"; 1453 $table = new Table; 1454 $table->construct_header($lang->current_avatar, array('colspan' => 2)); 1455 1456 $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" width=\"{$scaled_dimensions['width']}\" style=\"margin-top: {$avatar_top}px\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('width' => 1)); 1457 1458 $avatar_url = ''; 1459 if($user['avatartype'] == "upload" || stristr($user['avatar'], $mybb->settings['avataruploadpath'])) 1460 { 1461 $current_avatar_msg = "<br /><strong>{$lang->user_current_using_uploaded_avatar}</strong>"; 1462 } 1463 else if($user['avatartype'] == "gallery" || stristr($user['avatar'], $mybb->settings['avatardir'])) 1464 { 1465 $current_avatar_msg = "<br /><strong>{$lang->user_current_using_gallery_avatar}</strong>"; 1466 } 1467 elseif($user['avatartype'] == "remote" || my_strpos(my_strtolower($user['avatar']), "http://") !== false) 1468 { 1469 $current_avatar_msg = "<br /><strong>{$lang->user_current_using_remote_avatar}</strong>"; 1470 $avatar_url = $user['avatar']; 1471 } 1472 1473 if($errors) 1474 { 1475 $avatar_url = $mybb->input['avatar_url']; 1476 } 1477 1478 if($mybb->settings['maxavatardims'] != "") 1479 { 1480 list($max_width, $max_height) = explode("x", my_strtolower($mybb->settings['maxavatardims'])); 1481 $max_size = "<br />{$lang->max_dimensions_are} {$max_width}x{$max_height}"; 1482 } 1483 1484 if($mybb->settings['avatarsize']) 1485 { 1486 $maximum_size = get_friendly_size($mybb->settings['avatarsize']*1024); 1487 $max_size .= "<br />{$lang->avatar_max_size} {$maximum_size}"; 1488 } 1489 1490 if($user['avatar']) 1491 { 1492 $remove_avatar = "<br /><br />".$form->generate_check_box("remove_avatar", 1, "<strong>{$lang->remove_avatar}</strong>"); 1493 } 1494 1495 $table->construct_cell($lang->avatar_desc."{$remove_avatar}<br /><small>{$max_size}</small>"); 1496 $table->construct_row(); 1497 1498 $table->output($lang->avatar.": {$user['username']}"); 1499 1500 // Custom avatar 1501 if($mybb->settings['avatarresizing'] == "auto") 1502 { 1503 $auto_resize = $lang->avatar_auto_resize; 1504 } 1505 else if($mybb->settings['avatarresizing'] == "user") 1506 { 1507 $auto_resize = "<input type=\"checkbox\" name=\"auto_resize\" value=\"1\" checked=\"checked\" id=\"auto_resize\" /> <label for=\"auto_resize\">{$lang->attempt_to_auto_resize}</label></span>"; 1508 } 1509 $form_container = new FormContainer($lang->specify_custom_avatar); 1510 $form_container->output_row($lang->upload_avatar, $auto_resize, $form->generate_file_upload_box('avatar_upload', array('id' => 'avatar_upload')), 'avatar_upload'); 1511 $form_container->output_row($lang->or_specify_avatar_url, "", $form->generate_text_box('avatar_url', $avatar_url, array('id' => 'avatar_url')), 'avatar_url'); 1512 $form_container->end(); 1513 1514 // Select an image from the gallery 1515 echo "<div class=\"border_wrapper\">"; 1516 echo "<div class=\"title\">.. {$lang->or_select_avatar_gallery}</div>"; 1517 echo "<iframe src=\"index.php?module=user-users&action=avatar_gallery&uid={$user['uid']}\" width=\"100%\" height=\"350\" frameborder=\"0\"></iframe>"; 1518 echo "</div>"; 1519 echo "</div>"; 1520 1521 // 1522 // MODERATOR OPTIONS 1523 // 1524 $periods = array( 1525 "hours" => $lang->expire_hours, 1526 "days" => $lang->expire_days, 1527 "weeks" => $lang->expire_weeks, 1528 "months" => $lang->expire_months, 1529 "never" => $lang->expire_permanent 1530 ); 1531 1532 echo "<div id=\"tab_modoptions\">\n"; 1533 $form_container = new FormContainer($lang->mod_options.": {$user['username']}"); 1534 $form_container->output_row($lang->user_notes, '', $form->generate_text_area('usernotes', $mybb->input['usernotes'], array('id' => 'usernotes')), 'usernotes'); 1535 1536 // Mod posts 1537 // Generate check box 1538 $modpost_options = $form->generate_select_box('modpost_period', $periods, $mybb->input['modpost_period'], array('id' => 'modpost_period')); 1539 1540 // Do we have any existing suspensions here? 1541 $existing_info = ''; 1542 if($user['moderateposts'] || ($mybb->input['moderateposting'] && !empty($errors))) 1543 { 1544 $mybb->input['moderateposting'] = 1; 1545 if($user['moderationtime'] != 0) 1546 { 1547 $expired = my_date($mybb->settings['dateformat'], $user['moderationtime']).", ".my_date($mybb->settings['timeformat'], $user['moderationtime']); 1548 $existing_info = $lang->sprintf($lang->moderate_length, $expired); 1549 } 1550 else 1551 { 1552 $existing_info = $lang->moderated_perm; 1553 } 1554 } 1555 1556 $modpost_div = '<div id="modpost">'.$existing_info.''.$lang->moderate_for.' '.$form->generate_text_box("modpost_time", $mybb->input['modpost_time'], array('style' => 'width: 2em;')).' '.$modpost_options.'</div>'; 1557 $lang->moderate_posts_info = $lang->sprintf($lang->moderate_posts_info, $user['username']); 1558 $form_container->output_row($form->generate_check_box("moderateposting", 1, $lang->moderate_posts, array("id" => "moderateposting", "onclick" => "toggleBox('modpost');", "checked" => $mybb->input['moderateposting'])), $lang->moderate_posts_info, $modpost_div); 1559 1560 // Suspend posts 1561 // Generate check box 1562 $suspost_options = $form->generate_select_box('suspost_period', $periods, $mybb->input['suspost_period'], array('id' => 'suspost_period')); 1563 1564 // Do we have any existing suspensions here? 1565 if($user['suspendposting'] || ($mybb->input['suspendposting'] && !empty($errors))) 1566 { 1567 $mybb->input['suspendposting'] = 1; 1568 1569 if($user['suspensiontime'] == 0 || $mybb->input['suspost_period'] == "never") 1570 { 1571 $existing_info = $lang->suspended_perm; 1572 } 1573 else 1574 { 1575 $suspost_date = my_date($mybb->settings['dateformat'], $user['suspensiontime'])." ".my_date($mybb->settings['timeformat'], $user['suspensiontime']); 1576 $existing_info = $lang->sprintf($lang->suspend_length, $suspost_date); 1577 } 1578 } 1579 1580 $suspost_div = '<div id="suspost">'.$existing_info.''.$lang->suspend_for.' '.$form->generate_text_box("suspost_time", $mybb->input['suspost_time'], array('style' => 'width: 2em;')).' '.$suspost_options.'</div>'; 1581 $lang->suspend_posts_info = $lang->sprintf($lang->suspend_posts_info, $user['username']); 1582 $form_container->output_row($form->generate_check_box("suspendposting", 1, $lang->suspend_posts, array("id" => "suspendposting", "onclick" => "toggleBox('suspost');", "checked" => $mybb->input['suspendposting'])), $lang->suspend_posts_info, $suspost_div); 1583 1584 1585 $form_container->end(); 1586 echo "</div>\n"; 1587 1588 $buttons[] = $form->generate_submit_button($lang->save_user); 1589 $form->output_submit_wrapper($buttons); 1590 1591 $form->end(); 1592 1593 echo '<script type="text/javascript"> 1594 <!-- 1595 1596 function toggleBox(action) 1597 { 1598 if(action == "modpost") 1599 { 1600 $("suspendposting").checked = false; 1601 $("suspost").hide(); 1602 1603 if($("moderateposting").checked == true) 1604 { 1605 $("modpost").show(); 1606 } 1607 else if($("moderateposting").checked == false) 1608 { 1609 $("modpost").hide(); 1610 } 1611 } 1612 else if(action == "suspost") 1613 { 1614 $("moderateposting").checked = false; 1615 $("modpost").hide(); 1616 1617 if($("suspendposting").checked == true) 1618 { 1619 $("suspost").show(); 1620 } 1621 else if($("suspendposting").checked == false) 1622 { 1623 $("suspost").hide(); 1624 } 1625 } 1626 } 1627 1628 if($("moderateposting").checked == false) 1629 { 1630 $("modpost").hide(); 1631 } 1632 else 1633 { 1634 $("modpost").show(); 1635 } 1636 1637 if($("suspendposting").checked == false) 1638 { 1639 $("suspost").hide(); 1640 } 1641 else 1642 { 1643 $("suspost").show(); 1644 } 1645 1646 // --> 1647 </script>'; 1648 1649 $page->output_footer(); 1650 } 1651 1652 if($mybb->input['action'] == "delete") 1653 { 1654 $plugins->run_hooks("admin_user_users_delete"); 1655 1656 $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'"); 1657 $user = $db->fetch_array($query); 1658 1659 // Does the user not exist? 1660 if(!$user['uid']) 1661 { 1662 flash_message($lang->error_invalid_user, 'error'); 1663 admin_redirect("index.php?module=user-users"); 1664 } 1665 1666 if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid'])) 1667 { 1668 flash_message($lang->error_no_perms_super_admin, 'error'); 1669 admin_redirect("index.php?module=user-users"); 1670 } 1671 1672 // User clicked no 1673 if($mybb->input['no']) 1674 { 1675 admin_redirect("index.php?module=user-users"); 1676 } 1677 1678 if($mybb->request_method == "post") 1679 { 1680 // Delete the user 1681 $db->delete_query("userfields", "ufid='{$user['uid']}'"); 1682 $db->delete_query("privatemessages", "uid='{$user['uid']}'"); 1683 $db->delete_query("events", "uid='{$user['uid']}'"); 1684 $db->delete_query("forumsubscriptions", "uid='{$user['uid']}'"); 1685 $db->delete_query("threadsubscriptions", "uid='{$user['uid']}'"); 1686 $db->delete_query("sessions", "uid='{$user['uid']}'"); 1687 $db->delete_query("banned", "uid='{$user['uid']}'"); 1688 $db->delete_query("threadratings", "uid='{$user['uid']}'"); 1689 $db->delete_query("users", "uid='{$user['uid']}'"); 1690 $db->delete_query("joinrequests", "uid='{$user['uid']}'"); 1691 $db->delete_query("warnings", "uid='{$user['uid']}'"); 1692 $db->delete_query("reputation", "uid='{$user['uid']}' OR adduid='{$user['uid']}'"); 1693 $db->delete_query("awaitingactivation", "uid='{$user['uid']}'"); 1694 $db->delete_query("posts", "uid = '{$user['uid']}' AND visible = '-2'"); 1695 $db->delete_query("threads", "uid = '{$user['uid']}' AND visible = '-2'"); 1696 1697 // Update forum stats 1698 update_stats(array('numusers' => '-1')); 1699 1700 // Update forums & threads if user is the lastposter 1701 $db->update_query("posts", array('uid' => 0), "uid='{$user['uid']}'"); 1702 $db->update_query("forums", array("lastposteruid" => 0), "lastposteruid = '{$user['uid']}'"); 1703 $db->update_query("threads", array("lastposteruid" => 0), "lastposteruid = '{$user['uid']}'"); 1704 1705 // Did this user have an uploaded avatar? 1706 if($user['avatartype'] == "upload") 1707 { 1708 // Removes the ./ at the beginning the timestamp on the end... 1709 @unlink("../".substr($user['avatar'], 2, -20)); 1710 } 1711 1712 // Was this user a moderator? 1713 if(is_moderator($user['uid'])) 1714 { 1715 $db->delete_query("moderators", "id='{$user['uid']}' AND isgroup = '0'"); 1716 $cache->update_moderators(); 1717 } 1718 1719 $plugins->run_hooks("admin_user_users_delete_commit"); 1720 1721 // Log admin action 1722 log_admin_action($user['uid'], $user['username']); 1723 1724 flash_message($lang->success_user_deleted, 'success'); 1725 admin_redirect("index.php?module=user-users"); 1726 } 1727 else 1728 { 1729 $page->output_confirm_action("index.php?module=user-users&action=delete&uid={$user['uid']}", $lang->user_deletion_confirmation); 1730 } 1731 } 1732 1733 if($mybb->input['action'] == "referrers") 1734 { 1735 $plugins->run_hooks("admin_user_users_referrers"); 1736 1737 $page->add_breadcrumb_item($lang->show_referrers); 1738 $page->output_header($lang->show_referrers); 1739 1740 $sub_tabs['referrers'] = array( 1741 'title' => $lang->show_referrers, 1742 'link' => "index.php?module=user-users&action=referrers&uid={$mybb->input['uid']}", 1743 'description' => $lang->show_referrers_desc 1744 ); 1745 1746 $page->output_nav_tabs($sub_tabs, 'referrers'); 1747 1748 // Fetch default admin view 1749 $default_view = fetch_default_view("user"); 1750 if(!$default_view) 1751 { 1752 $default_view = "0"; 1753 } 1754 $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc")); 1755 $admin_view = $db->fetch_array($query); 1756 1757 if($mybb->input['type']) 1758 { 1759 $admin_view['view_type'] = $mybb->input['type']; 1760 } 1761 1762 $admin_view['conditions'] = unserialize($admin_view['conditions']); 1763 $admin_view['conditions']['referrer'] = $mybb->input['uid']; 1764 1765 $view = build_users_view($admin_view); 1766 1767 // No referred users 1768 if(!$view) 1769 { 1770 $table = new Table; 1771 $table->construct_cell($lang->error_no_referred_users); 1772 $table->construct_row(); 1773 $table->output($lang->show_referrers); 1774 } 1775 else 1776 { 1777 echo $view; 1778 } 1779 1780 $page->output_footer(); 1781 } 1782 1783 if($mybb->input['action'] == "ipaddresses") 1784 { 1785 $plugins->run_hooks("admin_user_users_ipaddresses"); 1786 1787 $page->add_breadcrumb_item($lang->ip_addresses); 1788 $page->output_header($lang->ip_addresses); 1789 1790 $sub_tabs['ipaddresses'] = array( 1791 'title' => $lang->show_ip_addresses, 1792 'link' => "index.php?module=user-users&action=ipaddresses&uid={$mybb->input['uid']}", 1793 'description' => $lang->show_ip_addresses_desc 1794 ); 1795 1796 $page->output_nav_tabs($sub_tabs, 'ipaddresses'); 1797 1798 $query = $db->simple_select("users", "uid, regip, username, lastip", "uid='{$mybb->input['uid']}'", array('limit' => 1)); 1799 $user = $db->fetch_array($query); 1800 1801 // Log admin action 1802 log_admin_action($user['uid'], $user['username']); 1803 1804 $table = new Table; 1805 1806 $table->construct_header($lang->ip_address); 1807 $table->construct_header($lang->controls, array('width' => 200, 'class' => "align_center")); 1808 1809 if(empty($user['lastip'])) 1810 { 1811 $user['lastip'] = $lang->unknown; 1812 $controls = ''; 1813 } 1814 else 1815 { 1816 $popup = new PopupMenu("user_last", $lang->options); 1817 $popup->add_item($lang->show_users_regged_with_ip, 1818 "index.php?module=user-users&action=search&results=1&conditions=".urlencode(serialize(array("regip" => $user['lastip'])))); 1819 $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&results=1&action=search&conditions=".urlencode(serialize(array("postip" => $user['lastip'])))); 1820 $popup->add_item($lang->info_on_ip, "{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$user['lastip']}", "MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$user['lastip']}', 'iplookup', 500, 250); return false;"); 1821 $popup->add_item($lang->ban_ip, "index.php?module=config-banning&filter={$user['lastip']}"); 1822 $controls = $popup->fetch(); 1823 } 1824 $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> {$user['lastip']}"); 1825 $table->construct_cell($controls, array('class' => "align_center")); 1826 $table->construct_row(); 1827 1828 if(empty($user['regip'])) 1829 { 1830 $user['regip'] = $lang->unknown; 1831 $controls = ''; 1832 } 1833 else 1834 { 1835 $popup = new PopupMenu("user_reg", $lang->options); 1836 $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&results=1&action=search&conditions=".urlencode(serialize(array("regip" => $user['regip'])))); 1837 $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&results=1&action=search&conditions=".urlencode(serialize(array("postip" => $user['regip'])))); 1838 $popup->add_item($lang->info_on_ip, "{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$user['regip']}", "MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$user['regip']}', 'iplookup', 500, 250); return false;"); 1839 $popup->add_item($lang->ban_ip, "index.php?module=config-banning&filter={$user['regip']}"); 1840 $controls = $popup->fetch(); 1841 } 1842 $table->construct_cell("<strong>{$lang->registration_ip}:</strong> {$user['regip']}"); 1843 $table->construct_cell($controls, array('class' => "align_center")); 1844 $table->construct_row(); 1845 1846 $counter = 0; 1847 1848 $query = $db->simple_select("posts", "DISTINCT ipaddress", "uid='{$mybb->input['uid']}'"); 1849 while($ip = $db->fetch_array($query)) 1850 { 1851 ++$counter; 1852 $popup = new PopupMenu("id_{$counter}", $lang->options); 1853 $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&results=1&action=search&conditions=".urlencode(serialize(array("regip" => $ip['ipaddress'])))); 1854 $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&results=1&action=search&conditions=".urlencode(serialize(array("postip" => $ip['ipaddress'])))); 1855 $popup->add_item($lang->info_on_ip, "{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$ip['ipaddress']}", "MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$ip['ipaddress']}', 'iplookup', 500, 250); return false;"); 1856 $popup->add_item($lang->ban_ip, "index.php?module=config-banning&filter={$ip['ipaddress']}"); 1857 $controls = $popup->fetch(); 1858 1859 $table->construct_cell($ip['ipaddress']); 1860 $table->construct_cell($controls, array('class' => "align_center")); 1861 $table->construct_row(); 1862 } 1863 1864 $table->output($lang->ip_address_for." {$user['username']}"); 1865 1866 $page->output_footer(); 1867 } 1868 1869 if($mybb->input['action'] == "merge") 1870 { 1871 $plugins->run_hooks("admin_user_users_merge"); 1872 1873 if($mybb->request_method == "post") 1874 { 1875 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['source_username']))."'"); 1876 $source_user = $db->fetch_array($query); 1877 if(!$source_user['uid']) 1878 { 1879 $errors[] = $lang->error_invalid_user_source; 1880 } 1881 1882 $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['destination_username']))."'"); 1883 $destination_user = $db->fetch_array($query); 1884 if(!$destination_user['uid']) 1885 { 1886 $errors[] = $lang->error_invalid_user_destination; 1887 } 1888 1889 // If we're not a super admin and we're merging a source super admin or a destination super admin then dissallow this action 1890 if(!is_super_admin($mybb->user['uid']) && (is_super_admin($source_user['uid']) || is_super_admin($destination_user['uid']))) 1891 { 1892 flash_message($lang->error_no_perms_super_admin, 'error'); 1893 admin_redirect("index.php?module=user-users"); 1894 } 1895 1896 if($source_user['uid'] == $destination_user['uid']) 1897 { 1898 $errors[] = $lang->error_cannot_merge_same_account; 1899 } 1900 1901 if(empty($errors)) 1902 { 1903 // Begin to merge the accounts 1904 $uid_update = array( 1905 "uid" => $destination_user['uid'] 1906 ); 1907 $query = $db->simple_select("adminoptions", "uid", "uid='{$destination_user['uid']}'"); 1908 $existing_admin_options = $db->fetch_field($query, "uid"); 1909 1910 // Only carry over admin options/permissions if we don't already have them 1911 if(!$existing_admin_options) 1912 { 1913 $db->update_query("adminoptions", $uid_update, "uid='{$source_user['uid']}'"); 1914 } 1915 1916 $db->update_query("adminlog", $uid_update, "uid='{$source_user['uid']}'"); 1917 $db->update_query("announcements", $uid_update, "uid='{$source_user['uid']}'"); 1918 $db->update_query("events", $uid_update, "uid='{$source_user['uid']}'"); 1919 $db->update_query("threadsubscriptions", $uid_update, "uid='{$source_user['uid']}'"); 1920 $db->update_query("forumsubscriptions", $uid_update, "uid='{$source_user['uid']}'"); 1921 $db->update_query("joinrequests", $uid_update, "uid='{$source_user['uid']}'"); 1922 $db->update_query("moderatorlog", $uid_update, "uid='{$source_user['uid']}'"); 1923 $db->update_query("pollvotes", $uid_update, "uid='{$source_user['uid']}'"); 1924 $db->update_query("posts", $uid_update, "uid='{$source_user['uid']}'"); 1925 $db->update_query("privatemessages", $uid_update, "uid='{$source_user['uid']}'"); 1926 $db->update_query("reportedposts", $uid_update, "uid='{$source_user['uid']}'"); 1927 $db->update_query("threadratings", $uid_update, "uid='{$source_user['uid']}'"); 1928 $db->update_query("threads", $uid_update, "uid='{$source_user['uid']}'"); 1929 $db->delete_query("sessions", "uid='{$source_user['uid']}'"); 1930 1931 // Is the source user a moderator? 1932 if($groupscache[$source_user['usergroup']]['canmodcp']) 1933 { 1934 $db->delete_query("moderators", "id='{$source_user['uid']}' AND isgroup = '0'"); 1935 1936 // Update the moderator cache... 1937 $cache->update_moderators(); 1938 } 1939 1940 // Forums & Threads 1941 $db->update_query("forums", array("lastposteruid" => $destination_user['uid']), "lastposteruid = '{$source_user['uid']}'"); 1942 $db->update_query("threads", array("lastposteruid" => $destination_user['uid']), "lastposteruid = '{$source_user['uid']}'"); 1943 1944 // Banning 1945 $db->update_query("banned", array('admin' => $destination_user['uid']), "admin = '{$source_user['uid']}'"); 1946 1947 // Merging Reputation 1948 // First, let's change all the details over to our new user... 1949 $rep_update = array( 1950 "adduid" => $destination_user['uid'], 1951 "uid" => $destination_user['uid'] 1952 ); 1953 $db->update_query("reputation", $rep_update, "adduid = '".$source_user['uid']."' OR uid = '".$source_user['uid']."'"); 1954 1955 // Now that all the repuation is merged, figure out what to do with this user's comments... 1956 $options = array( 1957 "order_by" => "uid", 1958 "order_dir" => "ASC" 1959 ); 1960 1961 $to_remove = array(); 1962 $query = $db->simple_select("reputation", "*", "adduid = '".$destination_user['uid']."'"); 1963 while($rep = $db->fetch_array($query)) 1964 { 1965 if($rep['pid'] == 0 && $mybb->settings['multirep'] == 0 && $last_result['uid'] == $rep['uid']) 1966 { 1967 // Multiple reputation is disallowed, and this isn't a post, so let's remove this comment 1968 $to_remove[] = $rep['rid']; 1969 } 1970 1971 // Remove comments or posts liked by "me" 1972 if($last_result['uid'] == $destination_user['uid'] || $rep['uid'] == $destination_user['uid']) 1973 { 1974 if(!in_array($rep['rid'], $to_remove)) 1975 { 1976 $to_remove[] = $rep['rid']; 1977 continue; 1978 } 1979 } 1980 1981 $last_result = array( 1982 "rid" => $rep['rid'], 1983 "uid" => $rep['uid'] 1984 ); 1985 } 1986 1987 // Remove any reputations we've selected to remove... 1988 if(!empty($to_remove)) 1989 { 1990 $imp = implode(",", $to_remove); 1991 $db->delete_query("reputation", "rid IN (".$imp.")"); 1992 } 1993 1994 // Calculate the new reputation for this user... 1995 $query = $db->simple_select("reputation", "SUM(reputation) as total_rep", "uid='{$destination_user['uid']}'"); 1996 $total_reputation = $db->fetch_field($query, "total_rep"); 1997 1998 $db->update_query("users", array('reputation' => intval($total_reputation)), "uid='{$destination_user['uid']}'"); 1999 2000 // Additional updates for non-uid fields 2001 $last_poster = array( 2002 "lastposteruid" => $destination_user['uid'], 2003 "lastposter" => $db->escape_string($destination_user['username']) 2004 ); 2005 $db->update_query("forums", $last_poster, "lastposteruid='{$source_user['uid']}'"); 2006 $db->update_query("threads", $last_poster, "lastposteruid='{$source_user['uid']}'"); 2007 $edit_uid = array( 2008 "edituid" => $destination_user['uid'] 2009 ); 2010 $db->update_query("posts", $edit_uid, "edituid='{$source_user['uid']}'"); 2011 2012 $from_uid = array( 2013 "fromid" => $destination_user['uid'] 2014 ); 2015 $db->update_query("privatemessages", $from_uid, "fromid='{$source_user['uid']}'"); 2016 $to_uid = array( 2017 "toid" => $destination_user['uid'] 2018 ); 2019 $db->update_query("privatemessages", $to_uid, "toid='{$source_user['uid']}'"); 2020 2021 // Delete the old user 2022 $db->delete_query("users", "uid='{$source_user['uid']}'"); 2023 $db->delete_query("banned", "uid='{$source_user['uid']}'"); 2024 2025 // Get a list of forums where post count doesn't apply 2026 $fids = array(); 2027 $query = $db->simple_select("forums", "fid", "usepostcounts=0"); 2028 while($fid = $db->fetch_field($query, "fid")) 2029 { 2030 $fids[] = $fid; 2031 } 2032 2033 $fids_not_in = ''; 2034 if(!empty($fids)) 2035 { 2036 $fids_not_in = "AND fid NOT IN(".implode(',', $fids).")"; 2037 } 2038 2039 // Update user post count 2040 $query = $db->simple_select("posts", "COUNT(*) AS postnum", "uid='".$destination_user['uid']."' {$fids_not_in}"); 2041 $num = $db->fetch_array($query); 2042 $updated_count = array( 2043 "postnum" => $num['postnum'] 2044 ); 2045 $db->update_query("users", $updated_count, "uid='{$destination_user['uid']}'"); 2046 2047 // Use the earliest registration date 2048 if($destination_user['regdate'] > $source_user['regdate']) 2049 { 2050 $db->update_query("users", array('regdate' => $source_user['regdate']), "uid='{$destination_user['uid']}'"); 2051 } 2052 2053 update_stats(array('numusers' => '-1')); 2054 2055 $plugins->run_hooks("admin_user_users_merge_commit"); 2056 2057 // Log admin action 2058 log_admin_action($source_user['uid'], $source_user['username'], $destination_user['uid'], $destination_user['username']); 2059 2060 // Redirect! 2061 flash_message("<strong>{$source_user['username']}</strong> {$lang->success_merged} {$destination_user['username']}", "success"); 2062 admin_redirect("index.php?module=user-users"); 2063 exit; 2064 } 2065 } 2066 2067 $page->add_breadcrumb_item($lang->merge_users); 2068 $page->output_header($lang->merge_users); 2069 2070 $page->output_nav_tabs($sub_tabs, 'merge_users'); 2071 2072 // If we have any error messages, show them 2073 if($errors) 2074 { 2075 $page->output_inline_error($errors); 2076 } 2077 2078 $form = new Form("index.php?module=user-users&action=merge", "post"); 2079 2080 $form_container = new FormContainer($lang->merge_users); 2081 $form_container->output_row($lang->source_account." <em>*</em>", $lang->source_account_desc, $form->generate_text_box('source_username', $mybb->input['source_username'], array('id' => 'source_username')), 'source_username'); 2082 $form_container->output_row($lang->destination_account." <em>*</em>", $lang->destination_account_desc, $form->generate_text_box('destination_username', $mybb->input['destination_username'], array('id' => 'destination_username')), 'destination_username'); 2083 $form_container->end(); 2084 2085 // Autocompletion for usernames 2086 echo ' 2087 <script type="text/javascript" src="../jscripts/autocomplete.js?ver=140"></script> 2088 <script type="text/javascript"> 2089 <!-- 2090 new autoComplete("source_username", "../xmlhttp.php?action=get_users", {valueSpan: "username"}); 2091 new autoComplete("destination_username", "../xmlhttp.php?action=get_users", {valueSpan: "username"}); 2092 // --> 2093 </script>'; 2094 2095 $buttons[] = $form->generate_submit_button($lang->merge_user_accounts); 2096 $form->output_submit_wrapper($buttons); 2097 $form->end(); 2098 2099 $page->output_footer(); 2100 } 2101 2102 if($mybb->input['action'] == "search") 2103 { 2104 $plugins->run_hooks("admin_user_users_search"); 2105 2106 if($mybb->request_method == "post" || $mybb->input['results'] == 1) 2107 { 2108 // Build view options from incoming search options 2109 if($mybb->input['vid']) 2110 { 2111 $query = $db->simple_select("adminviews", "*", "vid='".intval($mybb->input['vid'])."'"); 2112 $admin_view = $db->fetch_array($query); 2113 // View does not exist or this view is private and does not belong to the current user 2114 if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid'])) 2115 { 2116 unset($admin_view); 2117 } 2118 } 2119 2120 if($mybb->input['search_id'] && $admin_session['data']['user_views'][$mybb->input['search_id']]) 2121 { 2122 $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']]; 2123 unset($admin_view['extra_sql']); 2124 } 2125 else 2126 { 2127 // Don't have a view? Fetch the default 2128 if(!$admin_view['vid']) 2129 { 2130 $default_view = fetch_default_view("user"); 2131 if(!$default_view) 2132 { 2133 $default_view = "0"; 2134 } 2135 $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc")); 2136 $admin_view = $db->fetch_array($query); 2137 } 2138 } 2139 2140 // Override specific parts of the view 2141 unset($admin_view['vid']); 2142 2143 if($mybb->input['type']) 2144 { 2145 $admin_view['view_type'] = $mybb->input['type']; 2146 } 2147 2148 if($mybb->input['conditions']) 2149 { 2150 $admin_view['conditions'] = $mybb->input['conditions']; 2151 } 2152 2153 if($mybb->input['sortby']) 2154 { 2155 $admin_view['sortby'] = $mybb->input['sortby']; 2156 } 2157 2158 if(intval($mybb->input['perpage'])) 2159 { 2160 $admin_view['perpage'] = $mybb->input['perpage']; 2161 } 2162 2163 if($mybb->input['order']) 2164 { 2165 $admin_view['sortorder'] = $mybb->input['order']; 2166 } 2167 2168 if($mybb->input['displayas']) 2169 { 2170 $admin_view['view_type'] = $mybb->input['displayas']; 2171 } 2172 2173 if($mybb->input['profile_fields']) 2174 { 2175 $admin_view['custom_profile_fields'] = $mybb->input['profile_fields']; 2176 } 2177 2178 $results = build_users_view($admin_view); 2179 2180 if($results) 2181 { 2182 $page->output_header($lang->find_users); 2183 echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>"; 2184 $page->output_nav_tabs($sub_tabs, 'find_users'); 2185 echo $results; 2186 $page->output_footer(); 2187 } 2188 else 2189 { 2190 if($mybb->input['from'] == "home") 2191 { 2192 flash_message($lang->error_no_users_found, 'error'); 2193 admin_redirect("index.php"); 2194 exit; 2195 } 2196 else 2197 { 2198 $errors[] = $lang->error_no_users_found; 2199 } 2200 } 2201 } 2202 2203 $page->add_breadcrumb_item($lang->find_users); 2204 $page->output_header($lang->find_users); 2205 2206 $page->output_nav_tabs($sub_tabs, 'find_users'); 2207 2208 // If we have any error messages, show them 2209 if($errors) 2210 { 2211 $page->output_inline_error($errors); 2212 } 2213 2214 if(!$mybb->input['displayas']) 2215 { 2216 $mybb->input['displayas'] = "card"; 2217 } 2218 2219 $form = new Form("index.php?module=user-users&action=search", "post"); 2220 2221 user_search_conditions($mybb->input, $form); 2222 2223 $form_container = new FormContainer($lang->display_options); 2224 $sort_directions = array( 2225 "asc" => $lang->ascending, 2226 "desc" => $lang->descending 2227 ); 2228 $form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby'))." {$lang->in} ".$form->generate_select_box('order', $sort_directions, $mybb->input['order'], array('id' => 'order')), 'sortby'); 2229 $form_container->output_row($lang->results_per_page, "", $form->generate_text_box('perpage', $mybb->input['perpage'], array('id' => 'perpage')), 'perpage'); 2230 $form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('displayas', 'table', $lang->table, array('checked' => ($mybb->input['displayas'] != "card" ? true : false)))."<br />".$form->generate_radio_button('displayas', 'card', $lang->business_card, array('checked' => ($mybb->input['displayas'] == "card" ? true : false)))); 2231 $form_container->end(); 2232 2233 $buttons[] = $form->generate_submit_button($lang->find_users); 2234 $form->output_submit_wrapper($buttons); 2235 $form->end(); 2236 2237 $page->output_footer(); 2238 } 2239 2240 if($mybb->input['action'] == "inline_edit") 2241 { 2242 $plugins->run_hooks("admin_user_users_inline"); 2243 2244 if($mybb->input['vid'] || $mybb->cookies['acp_view']) 2245 { 2246 // We have a custom view 2247 if(!$mybb->cookies['acp_view']) 2248 { 2249 // Set a cookie 2250 my_setcookie("acp_view", $mybb->input['vid'], 60); 2251 } 2252 elseif($mybb->cookies['acp_view']) 2253 { 2254 // We already have a cookie, so let's use it... 2255 $mybb->input['vid'] = $mybb->cookies['acp_view']; 2256 } 2257 2258 $vid_url = "&vid=".$mybb->input['vid']; 2259 } 2260 2261 // First, collect the user IDs that we're performing the moderation on 2262 $ids = explode("|", $mybb->cookies['inlinemod_useracp']); 2263 foreach($ids as $id) 2264 { 2265 if($id != '') 2266 { 2267 $selected[] = intval($id); 2268 } 2269 } 2270 2271 // If there isn't anything to select, then output an error 2272 if(!is_array($selected)) 2273 { 2274 if($mybb->input['inline_action'] != "multilift" && $mybb->request_method != "post") 2275 { 2276 $errors[] = $lang->error_inline_no_users_selected; 2277 } 2278 } 2279 2280 if($errors) 2281 { 2282 // Don't show views, but show the user list if there's errors 2283 $inline = true; 2284 $mybb->input['action'] = ''; 2285 } 2286 else 2287 { 2288 // Let's continue! 2289 // Verify incoming POST request 2290 if(!verify_post_check($mybb->input['my_post_key'])) 2291 { 2292 flash_message($lang->invalid_post_verify_key2, 'error'); 2293 admin_redirect("index.php?module=user-user"); 2294 } 2295 $sub_tabs['manage_users'] = array( 2296 "title" => $lang->manage_users, 2297 "link" => "./", 2298 "description" => $lang->manage_users_desc 2299 ); 2300 $page->add_breadcrumb_item($lang->manage_users); 2301 2302 if(!is_array($selected)) 2303 { 2304 // Not selected any users, show error 2305 flash_message($lang->error_inline_no_users_selected, 'error'); 2306 admin_redirect("index.php?module=user-users".$vid_url); 2307 } 2308 2309 switch($mybb->input['inline_action']) 2310 { 2311 case 'multiactivate': 2312 // Run through the activating users, so that users already registered (but have been selected) aren't affected 2313 if(is_array($selected)) 2314 { 2315 $sql_array = implode(",", $selected); 2316 $query = $db->simple_select("users", "uid", "usergroup = '5' AND uid IN (".$sql_array.")"); 2317 while($user = $db->fetch_array($query)) 2318 { 2319 $to_update[] = $user['uid']; 2320 } 2321 } 2322 2323 if(is_array($to_update)) 2324 { 2325 $sql_array = implode(",", $to_update); 2326 $db->write_query("UPDATE ".TABLE_PREFIX."users SET usergroup = '2' WHERE uid IN (".$sql_array.")"); 2327 2328 // Action complete, grab stats and show success message - redirect user 2329 $to_update_count = count($to_update); 2330 $lang->inline_activated = $lang->sprintf($lang->inline_activated, my_number_format($to_update_count)); 2331 2332 if($to_update_count != count($selected)) 2333 { 2334 // The update count is different to how many we selected! 2335 $not_updated_count = count($selected) - $to_update_count; 2336 $lang->inline_activated_more = $lang->sprintf($lang->inline_activated_more, my_number_format($not_updated_count)); 2337 $lang->inline_activated = $lang->inline_activated."<br />".$lang->inline_activated_more; // Add these stats to the message 2338 } 2339 2340 $mybb->input['action'] = "inline_activated"; // Force a change to the action so we can add it to the adminlog 2341 log_admin_action($to_update_count); // Add to adminlog 2342 my_unsetcookie("inlinemod_useracp"); // Unset the cookie, so that the users aren't still selected when we're redirected 2343 2344 flash_message($lang->inline_activated, 'success'); 2345 admin_redirect("index.php?module=user-users".$vid_url); 2346 } 2347 else 2348 { 2349 // Nothing was updated, show an error 2350 flash_message($lang->inline_activated_failed, 'error'); 2351 admin_redirect("index.php?module=user-users".$vid_url); 2352 } 2353 break; 2354 case 'multilift': 2355 // Get the users that are banned, and check that they have been selected 2356 if($mybb->input['no']) 2357 { 2358 admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No' 2359 } 2360 2361 if($mybb->request_method == "post") 2362 { 2363 $sql_array = implode(",", $selected); 2364 $query = $db->simple_select("banned", "*", "uid IN (".$sql_array.")"); 2365 $to_be_unbanned = $db->num_rows($query); 2366 while($ban = $db->fetch_array($query)) 2367 { 2368 $updated_group = array( 2369 "usergroup" => $ban['oldgroup'], 2370 "additionalgroups" => $ban['oldadditionalgroups'], 2371 "displaygroup" => $ban['olddisplaygroup'] 2372 ); 2373 $db->update_query("users", $updated_group, "uid = '".$ban['uid']."'"); 2374 $db->delete_query("banned", "uid = '".$ban['uid']."'"); 2375 } 2376 2377 $cache->update_banned(); 2378 $cache->update_moderators(); 2379 2380 $mybb->input['action'] = "inline_lift"; 2381 log_admin_action($to_be_unbanned); 2382 my_unsetcookie("inlinemod_useracp"); 2383 2384 $lang->success_ban_lifted = $lang->sprintf($lang->success_ban_lifted, my_number_format($to_be_unbanned)); 2385 flash_message($lang->success_ban_lifted, 'success'); 2386 admin_redirect("index.php?module=user-users".$vid_url); 2387 } 2388 else 2389 { 2390 $page->output_confirm_action("index.php?module=user-users&action=inline_edit&inline_action=multilift", $lang->confirm_multilift); 2391 } 2392 2393 break; 2394 case 'multiban': 2395 if($mybb->input['processed'] == 1) 2396 { 2397 // We've posted ban information! 2398 // Build an array of users to ban, =D 2399 $sql_array = implode(",", $selected); 2400 // Build a cache array for this users that have been banned already 2401 $query = $db->simple_select("banned", "uid", "uid IN (".$sql_array.")"); 2402 while($user = $db->fetch_array($query)) 2403 { 2404 $bannedcache[] = "u_".$user['uid']; 2405 } 2406 2407 // Collect the users 2408 $query = $db->simple_select("users", "uid, username, usergroup, additionalgroups, displaygroup", "uid IN (".$sql_array.")"); 2409 2410 if($mybb->input['bantime'] == '---') 2411 { 2412 $lifted = 0; 2413 } 2414 else 2415 { 2416 $lifted = ban_date2timestamp($mybb->input['bantime']); 2417 } 2418 2419 $banned_count = 0; 2420 while($user = $db->fetch_array($query)) 2421 { 2422 if($user['uid'] == $mybb->user['uid'] || is_super_admin($user['uid'])) 2423 { 2424 // We remove ourselves and Super Admins from the mix 2425 continue; 2426 } 2427 2428 if(is_array($bannedcache) && in_array("u_".$user['uid'], $bannedcache)) 2429 { 2430 // User already has a ban, update it! 2431 $update_array = array( 2432 "admin" => intval($mybb->user['uid']), 2433 "dateline" => TIME_NOW, 2434 "bantime" => $db->escape_string($mybb->input['bantime']), 2435 "lifted" => $db->escape_string($lifted), 2436 "reason" => $db->escape_string($mybb->input['reason']) 2437 ); 2438 $db->update_query("banned", $update_array, "uid = '".$user['uid']."'"); 2439 } 2440 else 2441 { 2442 // Not currently banned - insert the ban 2443 $insert_array = array( 2444 'uid' => $user['uid'], 2445 'gid' => intval($mybb->input['usergroup']), 2446 'oldgroup' => $user['usergroup'], 2447 'oldadditionalgroups' => $user['additionalgroups'], 2448 'olddisplaygroup' => $user['displaygroup'], 2449 'admin' => intval($mybb->user['uid']), 2450 'dateline' => TIME_NOW, 2451 'bantime' => $db->escape_string($mybb->input['bantime']), 2452 'lifted' => $db->escape_string($lifted), 2453 'reason' => $db->escape_string($mybb->input['reason']) 2454 ); 2455 $db->insert_query('banned', $insert_array); 2456 } 2457 2458 // Moved the user to the 'Banned' Group 2459 $update_array = array( 2460 'usergroup' => 7, 2461 'displaygroup' => 0, 2462 'additionalgroups' => '', 2463 ); 2464 $db->update_query('users', $update_array, "uid = '{$user['uid']}'"); 2465 2466 $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'"); 2467 $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'"); 2468 2469 $cache->update_banned(); 2470 ++$banned_count; 2471 } 2472 $mybb->input['action'] = "inline_banned"; 2473 log_admin_action($banned_count, $lifted); 2474 my_unsetcookie("inlinemod_useracp"); // Remove the cookie of selected users as we've finished with them 2475 2476 $lang->users_banned = $lang->sprintf($lang->users_banned, $banned_count); 2477 flash_message($lang->users_banned, 'success'); 2478 admin_redirect("index.php?module=user-users".$vid_url); 2479 } 2480 2481 $page->output_header($lang->manage_users); 2482 $page->output_nav_tabs($sub_tabs, 'manage_users'); 2483 2484 // Provide the user with a warning of what they're about to do 2485 $table = new Table; 2486 $lang->mass_ban_info = $lang->sprintf($lang->mass_ban_info, count($selected)); 2487 $table->construct_cell($lang->mass_ban_info); 2488 $table->construct_row(); 2489 $table->output($lang->important); 2490 2491 // If there's any errors, display inline 2492 if($errors) 2493 { 2494 $page->output_inline_error($errors); 2495 } 2496 2497 $form = new Form("index.php?module=user-users", "post"); 2498 echo $form->generate_hidden_field('action', 'inline_edit'); 2499 echo $form->generate_hidden_field('inline_action', 'multiban'); 2500 echo $form->generate_hidden_field('processed', '1'); 2501 2502 $form_container = new FormContainer('<div class="float_right"><a href="index.php?module=user-users&action=inline_edit&inline_action=multilift&my_post_key='.$mybb->post_code.'">'.$lang->lift_bans.'</a></div>'.$lang->mass_ban); 2503 $form_container->output_row($lang->ban_reason, "", $form->generate_text_box('reason', $mybb->input['reason'], array('id' => 'reason')), 'reason'); 2504 $ban_times = fetch_ban_times(); 2505 foreach($ban_times as $time => $period) 2506 { 2507 if($time != '---') 2508 { 2509 $friendly_time = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time)); 2510 $period = "{$period} ({$friendly_time})"; 2511 } 2512 $length_list[$time] = $period; 2513 } 2514 $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime'); 2515 $form_container->end(); 2516 2517 $buttons[] = $form->generate_submit_button($lang->ban_users); 2518 $form->output_submit_wrapper($buttons); 2519 $form->end(); 2520 $page->output_footer(); 2521 break; 2522 case 'multidelete': 2523 if($mybb->input['no']) 2524 { 2525 admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No 2526 } 2527 else 2528 { 2529 if($mybb->input['processed'] == 1) 2530 { 2531 // Admin wants these users, gone! 2532 $sql_array = implode(",", $selected); 2533 $query = $db->simple_select("users", "uid", "uid IN (".$sql_array.")"); 2534 $to_be_deleted = $db->num_rows($query); 2535 while($user = $db->fetch_array($query)) 2536 { 2537 if($user['uid'] == $mybb->user['uid'] || is_super_admin($user['uid'])) 2538 { 2539 // Remove me and super admins 2540 continue; 2541 } 2542 else 2543 { 2544 // Run delete queries 2545 $db->update_query("posts", array('uid' => 0), "uid='{$user['uid']}'"); 2546 $db->delete_query("userfields", "ufid='{$user['uid']}'"); 2547 $db->delete_query("privatemessages", "uid='{$user['uid']}'"); 2548 $db->delete_query("events", "uid='{$user['uid']}'"); 2549 $db->delete_query("moderators", "id='{$user['uid']}' AND isgroup = '0'"); 2550 $db->delete_query("forumsubscriptions", "uid='{$user['uid']}'"); 2551 $db->delete_query("threadsubscriptions", "uid='{$user['uid']}'"); 2552 $db->delete_query("sessions", "uid='{$user['uid']}'"); 2553 $db->delete_query("banned", "uid='{$user['uid']}'"); 2554 $db->delete_query("threadratings", "uid='{$user['uid']}'"); 2555 $db->delete_query("users", "uid='{$user['uid']}'"); 2556 $db->delete_query("joinrequests", "uid='{$user['uid']}'"); 2557 $db->delete_query("warnings", "uid='{$user['uid']}'"); 2558 } 2559 } 2560 // Update forum stats, remove the cookie and redirect the user 2561 update_stats(array('numusers' => '-'.$to_be_deleted.'')); 2562 my_unsetcookie("inlinemod_useracp"); 2563 $mybb->input['action'] = "inline_delete"; 2564 log_admin_action($to_be_deleted); 2565 2566 $lang->users_deleted = $lang->sprintf($lang->users_deleted, $to_be_deleted); 2567 flash_message($lang->users_deleted, 'success'); 2568 admin_redirect("index.php?module=user-users".$vid_url); 2569 } 2570 2571 $to_be_deleted = count($selected); 2572 $lang->confirm_multidelete = $lang->sprintf($lang->confirm_multidelete, my_number_format($to_be_deleted)); 2573 $page->output_confirm_action("index.php?module=user-users&action=inline_edit&inline_action=multidelete&my_post_key={$mybb->post_code}&processed=1", $lang->confirm_multidelete); 2574 } 2575 break; 2576 case 'multiprune': 2577 if($mybb->input['processed'] == 1) 2578 { 2579 if(($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year']) && $mybb->input['set']) 2580 { 2581 $errors[] = $lang->multi_selected_dates; 2582 } 2583 2584 $day = intval($mybb->input['day']); 2585 $month = intval($mybb->input['month']); 2586 $year = intval($mybb->input['year']); 2587 2588 // Selected a date - check if the date the user entered is valid 2589 if($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year']) 2590 { 2591 // Is the date sort of valid? 2592 if($day < 1 || $day > 31 || $month < 1 || $month > 12 || ($month == 2 && $day > 29)) 2593 { 2594 $errors[] = $lang->incorrect_date; 2595 } 2596 2597 // Check the month 2598 $months = get_bdays($year); 2599 if($day > $months[$month]-1) 2600 { 2601 $errors[] = $lang->incorrect_date; 2602 } 2603 2604 // Check the year 2605 if($year != 0 && ($year < (date("Y")-100)) || $year > date("Y")) 2606 { 2607 $errors[] = $lang->incorrect_date; 2608 } 2609 2610 if(!$errors) 2611 { 2612 // No errors, so let's continue and set the date to delete from 2613 $date = mktime(date('H'), date('i'), date('s'), $month, $day, $year); // Generate a unix time stamp 2614 } 2615 } 2616 elseif($mybb->input['set'] > 0) 2617 { 2618 // Set options 2619 // For this purpose, 1 month = 31 days 2620 $base_time = 24 * 60 * 60; 2621 2622 switch($mybb->input['set']) 2623 { 2624 case '1': 2625 $threshold = $base_time * 31; // 1 month = 31 days, in the standard terms 2626 break; 2627 case '2': 2628 $threshold = $base_time * 93; // 3 months = 31 days * 3 2629 break; 2630 case '3': 2631 $threshold = $base_time * 183; // 6 months = 365 days / 2 2632 break; 2633 case '4': 2634 $threshold = $base_time * 365; // 1 year = 365 days 2635 break; 2636 case '5': 2637 $threshold = $base_time * 548; // 18 months = 365 + 183 2638 break; 2639 case '6': 2640 $threshold = $base_time * 730; // 2 years = 365 * 2 2641 break; 2642 } 2643 2644 if(!$threshold) 2645 { 2646 // An option was entered that isn't in the dropdown box 2647 $errors[] = $lang->no_set_option; 2648 } 2649 else 2650 { 2651 $date = TIME_NOW - $threshold; 2652 } 2653 } 2654 else 2655 { 2656 $errors[] = $lang->no_prune_option; 2657 } 2658 2659 if(!$errors) 2660 { 2661 $sql_array = implode(",", $selected); 2662 $prune_array = array(); 2663 $query = $db->simple_select("users", "uid", "uid IN (".$sql_array.")"); 2664 while($user = $db->fetch_array($query)) 2665 { 2666 // Protect Super Admins 2667 if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid'])) 2668 { 2669 continue; 2670 } 2671 2672 $return_array = delete_user_posts($user['uid'], $date); // Delete user posts, and grab a list of threads to delete 2673 if($return_array && is_array($return_array)) 2674 { 2675 $prune_array = array_merge_recursive($prune_array, $return_array); 2676 } 2677 } 2678 2679 // No posts were found for the user, return error 2680 if(!is_array($prune_array) || count($prune_array) == 0) 2681 { 2682 flash_message($lang->prune_fail, 'error'); 2683 admin_redirect("index.php?module=user-users".$vid_url); 2684 } 2685 2686 // Require the rebuild functions 2687 require_once MYBB_ROOT.'/inc/functions.php'; 2688 require_once MYBB_ROOT.'/inc/functions_rebuild.php'; 2689 2690 // We've finished deleting user's posts, so let's delete the threads 2691 if(is_array($prune_array['to_delete']) && count($prune_array['to_delete']) > 0) 2692 { 2693 foreach($prune_array['to_delete'] as $tid) 2694 { 2695 $db->delete_query("threads", "tid='$tid'"); 2696 $db->delete_query("threads", "closed='moved|$tid'"); 2697 $db->delete_query("threadsubscriptions", "tid='$tid'"); 2698 $db->delete_query("polls", "tid='$tid'"); 2699 $db->delete_query("threadsread", "tid='$tid'"); 2700 $db->delete_query("threadratings", "tid='$tid'"); 2701 } 2702 } 2703 2704 // After deleting threads, rebuild the thread counters for the affected threads 2705 if(is_array($prune_array['thread_update']) && count($prune_array['thread_update']) > 0) 2706 { 2707 $sql_array = implode(",", $prune_array['thread_update']); 2708 $query = $db->simple_select("threads", "tid", "tid IN (".$sql_array.")", array('order_by' => 'tid', 'order_dir' => 'asc')); 2709 while($thread = $db->fetch_array($query)) 2710 { 2711 rebuild_thread_counters($thread['tid']); 2712 } 2713 } 2714 2715 // After updating thread counters, update the affected forum counters 2716 if(is_array($prune_array['forum_update']) && count($prune_array['forum_update']) > 0) 2717 { 2718 $sql_array = implode(",", $prune_array['forum_update']); 2719 $query = $db->simple_select("forums", "fid", "fid IN (".$sql_array.")", array('order_by' => 'fid', 'order_dir' => 'asc')); 2720 while($forum = $db->fetch_array($query)) 2721 { 2722 // Because we have a recursive array merge, check to see if there isn't a duplicated forum to update 2723 if($looped_forum == $forum['fid']) 2724 { 2725 continue; 2726 } 2727 $looped_forum = $forum['fid']; 2728 rebuild_forum_counters($forum['fid']); 2729 } 2730 } 2731 2732 //log_admin_action(); 2733 my_unsetcookie("inlinemod_useracp"); // We've got our users, remove the cookie 2734 flash_message($lang->prune_complete, 'success'); 2735 admin_redirect("index.php?module=user-users".$vid_url); 2736 } 2737 } 2738 2739 $page->output_header($lang->manage_users); 2740 $page->output_nav_tabs($sub_tabs, 'manage_users'); 2741 2742 // Display a table warning 2743 $table = new Table; 2744 $lang->mass_prune_info = $lang->sprintf($lang->mass_prune_info, count($selected)); 2745 $table->construct_cell($lang->mass_prune_info); 2746 $table->construct_row(); 2747 $table->output($lang->important); 2748 2749 if($errors) 2750 { 2751 $page->output_inline_error($errors); 2752 } 2753 2754 // Display the prune options 2755 $form = new Form("index.php?module=user-users", "post"); 2756 echo $form->generate_hidden_field('action', 'inline_edit'); 2757 echo $form->generate_hidden_field('inline_action', 'multiprune'); 2758 echo $form->generate_hidden_field('processed', '1'); 2759 2760 $form_container = new FormContainer($lang->mass_prune_posts); 2761 2762 // Generate a list of days (1 - 31) 2763 $day_options = array(); 2764 $day_options[] = " "; 2765 for($i = 1; $i <= 31; ++$i) 2766 { 2767 $day_options[] = $i; 2768 } 2769 2770 // Generate a list of months (1 - 12) 2771 $month_options = array(); 2772 $month_options[] = " "; 2773 for($i = 1; $i <= 12; ++$i) 2774 { 2775 $string = "month_{$i}"; 2776 $month_options[] = $lang->$string; 2777 } 2778 $date_box = $form->generate_select_box('day', $day_options, $mybb->input['day']); 2779 $month_box = $form->generate_select_box('month', $month_options, $mybb->input['month']); 2780 $year_box = $form->generate_text_box('year', $mybb->input['year'], array('id' => 'year', 'style' => 'width: 50px;')); 2781 2782 $prune_select = $date_box.$month_box.$year_box; 2783 $form_container->output_row($lang->manual_date, "", $prune_select, 'date'); 2784 2785 // Generate the set date box 2786 $set_options = array(); 2787 $set_options[] = $lang->set_an_option; 2788 for($i = 1; $i <= 6; ++$i) 2789 { 2790 $string = "option_{$i}"; 2791 $set_options[] = $lang->$string; 2792 } 2793 2794 $form_container->output_row($lang->relative_date, "", $lang->delete_posts." ".$form->generate_select_box('set', $set_options, $mybb->input['set']), 'set'); 2795 $form_container->end(); 2796 2797 $buttons[] = $form->generate_submit_button($lang->prune_posts); 2798 $form->output_submit_wrapper($buttons); 2799 $form->end(); 2800 $page->output_footer(); 2801 break; 2802 case 'multiusergroup': 2803 if($mybb->input['processed'] == 1) 2804 { 2805 // Determine additional usergroups 2806 if(is_array($mybb->input['additionalgroups'])) 2807 { 2808 foreach($mybb->input['additionalgroups'] as $key => $gid) 2809 { 2810 if($gid == $mybb->input['usergroup']) 2811 { 2812 unset($mybb->input['additionalgroups'][$key]); 2813 } 2814 } 2815 $additionalgroups = implode(",", array_map('intval', $mybb->input['additionalgroups'])); 2816 } 2817 else 2818 { 2819 $additionalgroups = ''; 2820 } 2821 2822 // Create an update array 2823 $update_array = array( 2824 "usergroup" => intval($mybb->input['usergroup']), 2825 "additionalgroups" => $additionalgroups, 2826 "displaygroup" => intval($mybb->input['displaygroup']) 2827 ); 2828 2829 // Do the usergroup update for all those selected 2830 // If the a selected user is a super admin, don't update that user 2831 foreach($selected as $user) 2832 { 2833 if(!is_super_admin($user)) 2834 { 2835 $users_to_update[] = $user; 2836 } 2837 } 2838 2839 $to_update_count = count($users_to_update); 2840 if($to_update_count > 0 && is_array($users_to_update)) 2841 { 2842 // Update the users in the database 2843 $sql = implode(",", $users_to_update); 2844 $db->update_query("users", $update_array, "uid IN (".$sql.")"); 2845 2846 // Redirect the admin... 2847 $mybb->input['action'] = "inline_usergroup"; 2848 log_admin_action($to_update_count); 2849 my_unsetcookie("inlinemod_useracp"); 2850 flash_message($lang->success_mass_usergroups, 'success'); 2851 admin_redirect("index.php?module=user-users".$vid_url); 2852 } 2853 else 2854 { 2855 // They tried to edit super admins! Uh-oh! 2856 $errors[] = $lang->no_usergroup_changed; 2857 } 2858 } 2859 2860 $page->output_header($lang->manage_users); 2861 $page->output_nav_tabs($sub_tabs, 'manage_users'); 2862 2863 // Display a table warning 2864 $table = new Table; 2865 $lang->usergroup_info = $lang->sprintf($lang->usergroup_info, count($selected)); 2866 $table->construct_cell($lang->usergroup_info); 2867 $table->construct_row(); 2868 $table->output($lang->important); 2869 2870 if($errors) 2871 { 2872 $page->output_inline_error($errors); 2873 } 2874 2875 // Display the usergroup options 2876 $form = new Form("index.php?module=user-users", "post"); 2877 echo $form->generate_hidden_field('action', 'inline_edit'); 2878 echo $form->generate_hidden_field('inline_action', 'multiusergroup'); 2879 echo $form->generate_hidden_field('processed', '1'); 2880 2881 $form_container = new FormContainer($lang->mass_usergroups); 2882 2883 // Usergroups 2884 $display_group_options[0] = $lang->use_primary_user_group; 2885 $options = array(); 2886 $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title')); 2887 while($usergroup = $db->fetch_array($query)) 2888 { 2889 $options[$usergroup['gid']] = $usergroup['title']; 2890 $display_group_options[$usergroup['gid']] = $usergroup['title']; 2891 } 2892 2893 if(!is_array($mybb->input['additionalgroups'])) 2894 { 2895 $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']); 2896 } 2897 2898 $form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup'); 2899 $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups'); 2900 $form_container->output_row($lang->display_user_group, "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup'); 2901 2902 $form_container->end(); 2903 2904 $buttons[] = $form->generate_submit_button($lang->alter_usergroups); 2905 $form->output_submit_wrapper($buttons); 2906 $form->end(); 2907 $page->output_footer(); 2908 break; 2909 } 2910 } 2911 } 2912 2913 if(!$mybb->input['action']) 2914 { 2915 $plugins->run_hooks("admin_user_users_start"); 2916 2917 $page->output_header($lang->browse_users); 2918 echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>"; 2919 2920 $page->output_nav_tabs($sub_tabs, 'browse_users'); 2921 2922 if(isset($mybb->input['search_id']) && $admin_session['data']['user_views'][$mybb->input['search_id']]) 2923 { 2924 $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']]; 2925 unset($admin_view['extra_sql']); 2926 } 2927 else 2928 { 2929 // Showing a specific view 2930 if(isset($mybb->input['vid'])) 2931 { 2932 $query = $db->simple_select("adminviews", "*", "vid='".intval($mybb->input['vid'])."'"); 2933 $admin_view = $db->fetch_array($query); 2934 // View does not exist or this view is private and does not belong to the current user 2935 if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid'])) 2936 { 2937 unset($admin_view); 2938 } 2939 } 2940 2941 // Don't have a view? Fetch the default 2942 if(!isset($admin_view)) 2943 { 2944 $default_view = fetch_default_view("user"); 2945 if(!$default_view) 2946 { 2947 $default_view = "0"; 2948 } 2949 $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc")); 2950 $admin_view = $db->fetch_array($query); 2951 } 2952 } 2953 2954 // Fetch a list of all of the views for this user 2955 $popup = new PopupMenu("views", $lang->views); 2956 2957 $query = $db->simple_select("adminviews", "*", "type='user' AND (visibility=2 OR uid={$mybb->user['uid']})", array("order_by" => "title")); 2958 while($view = $db->fetch_array($query)) 2959 { 2960 $popup->add_item(htmlspecialchars_uni($view['title']), "index.php?module=user-users&vid={$view['vid']}"); 2961 } 2962 $popup->add_item("<em>{$lang->manage_views}</em>", "index.php?module=user-users&action=views"); 2963 $admin_view['popup'] = $popup->fetch(); 2964 2965 if(isset($mybb->input['type'])) 2966 { 2967 $admin_view['view_type'] = $mybb->input['type']; 2968 } 2969 2970 $results = build_users_view($admin_view); 2971 2972 if(!$results) 2973 { 2974 // If we came from the home page and clicked on the "Activate Users" link, send them back to here 2975 if($admin_session['data']['from'] == "home") 2976 { 2977 flash_message($admin_session['data']['flash_message2']['message'], $admin_session['data']['flash_message2']['type']); 2978 update_admin_session('flash_message2', ''); 2979 update_admin_session('from', ''); 2980 admin_redirect("index.php"); 2981 exit; 2982 } 2983 else 2984 { 2985 $errors[] = $lang->error_no_users_found; 2986 } 2987 } 2988 2989 // If we have any error messages, show them 2990 if($errors) 2991 { 2992 if($inline != true) 2993 { 2994 echo "<div style=\"display: inline; float: right;\">{$admin_view['popup']}</div><br />\n"; 2995 } 2996 $page->output_inline_error($errors); 2997 } 2998 2999 echo $results; 3000 3001 $page->output_footer(); 3002 } 3003 3004 function build_users_view($view) 3005 { 3006 global $mybb, $db, $cache, $lang, $user_view_fields, $page; 3007 3008 $view_title = ''; 3009 if($view['title']) 3010 { 3011 $title_string = "view_title_{$view['vid']}"; 3012 3013 if($lang->$title_string) 3014 { 3015 $view['title'] = $lang->$title_string; 3016 } 3017 3018 $view_title .= " (".htmlspecialchars_uni($view['title']).")"; 3019 } 3020 3021 // Build the URL to this view 3022 if(!isset($view['url'])) 3023 { 3024 $view['url'] = "index.php?module=user-users"; 3025 } 3026 if(!is_array($view['conditions'])) 3027 { 3028 $view['conditions'] = unserialize($view['conditions']); 3029 } 3030 if(!is_array($view['fields'])) 3031 { 3032 $view['fields'] = unserialize($view['fields']); 3033 } 3034 if(!is_array($view['custom_profile_fields'])) 3035 { 3036 $view['custom_profile_fields'] = unserialize($view['custom_profile_fields']); 3037 } 3038 if(isset($mybb->input['username'])) 3039 { 3040 $view['conditions']['username'] = $mybb->input['username']; 3041 } 3042 if($view['vid']) 3043 { 3044 $view['url'] .= "&vid={$view['vid']}"; 3045 } 3046 else 3047 { 3048 // If this is a custom view we need to save everything ready to pass it on from page to page 3049 global $admin_session; 3050 if(!$mybb->input['search_id']) 3051 { 3052 $search_id = md5(random_str()); 3053 $admin_session['data']['user_views'][$search_id] = $view; 3054 update_admin_session('user_views', $admin_session['data']['user_views']); 3055 $mybb->input['search_id'] = $search_id; 3056 } 3057 $view['url'] .= "&search_id=".htmlspecialchars_uni($mybb->input['search_id']); 3058 } 3059 3060 if(isset($mybb->input['username'])) 3061 { 3062 $view['url'] .= "&username=".urlencode(htmlspecialchars_uni($mybb->input['username'])); 3063 } 3064 3065 if(!isset($admin_session['data']['last_users_view']) || $admin_session['data']['last_users_view'] != str_replace("&", "&", $view['url'])) 3066 { 3067 update_admin_session('last_users_url', str_replace("&", "&", $view['url'])); 3068 } 3069 3070 if(isset($view['conditions']['referrer'])){ 3071 $view['url'] .= "&action=referrers&uid=".htmlspecialchars_uni($view['conditions']['referrer']); 3072 } 3073 3074 // Do we not have any views? 3075 if(empty($view)) 3076 { 3077 return false; 3078 } 3079 3080 $table = new Table; 3081 3082 // Build header for table based view 3083 if($view['view_type'] != "card") 3084 { 3085 foreach($view['fields'] as $field) 3086 { 3087 if(!$user_view_fields[$field]) 3088 { 3089 continue; 3090 } 3091 $view_field = $user_view_fields[$field]; 3092 $field_options = array(); 3093 if($view_field['width']) 3094 { 3095 $field_options['width'] = $view_field['width']; 3096 } 3097 if($view_field['align']) 3098 { 3099 $field_options['class'] = "align_".$view_field['align']; 3100 } 3101 $table->construct_header($view_field['title'], $field_options); 3102 } 3103 $table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />"); // Create a header for the "select" boxes 3104 } 3105 3106 $search_sql = '1=1'; 3107 3108 // Build the search SQL for users 3109 3110 // List of valid LIKE search fields 3111 $user_like_fields = array("username", "email", "website", "icq", "aim", "yahoo", "msn", "signature", "usertitle"); 3112 foreach($user_like_fields as $search_field) 3113 { 3114 if(!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field.'_blank']) 3115 { 3116 $search_sql .= " AND u.{$search_field} LIKE '%".$db->escape_string_like($view['conditions'][$search_field])."%'"; 3117 } 3118 else if(!empty($view['conditions'][$search_field.'_blank'])) 3119 { 3120 $search_sql .= " AND u.{$search_field} != ''"; 3121 } 3122 } 3123 3124 // EXACT matching fields 3125 $user_exact_fields = array("referrer"); 3126 foreach($user_exact_fields as $search_field) 3127 { 3128 if(!empty($view['conditions'][$search_field])) 3129 { 3130 $search_sql .= " AND u.{$search_field}='".$db->escape_string($view['conditions'][$search_field])."'"; 3131 } 3132 } 3133 3134 // LESS THAN or GREATER THAN 3135 $direction_fields = array("postnum"); 3136 foreach($direction_fields as $search_field) 3137 { 3138 $direction_field = $search_field."_dir"; 3139 if(!empty($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field]) 3140 { 3141 switch($view['conditions'][$direction_field]) 3142 { 3143 case "greater_than": 3144 $direction = ">"; 3145 break; 3146 case "less_than": 3147 $direction = "<"; 3148 break; 3149 default: 3150 $direction = "="; 3151 } 3152 $search_sql .= " AND u.{$search_field}{$direction}'".$db->escape_string($view['conditions'][$search_field])."'"; 3153 } 3154 } 3155 3156 // Registration searching 3157 $reg_fields = array("regdate"); 3158 foreach($reg_fields as $search_field) 3159 { 3160 if(!empty($view['conditions'][$search_field]) && intval($view['conditions'][$search_field])) 3161 { 3162 $threshold = TIME_NOW - (intval($view['conditions'][$search_field]) * 24 * 60 * 60); 3163 3164 $search_sql .= " AND u.{$search_field} >= '{$threshold}'"; 3165 } 3166 } 3167 3168 // IP searching 3169 $ip_fields = array("regip", "lastip"); 3170 foreach($ip_fields as $search_field) 3171 { 3172 if(!empty($view['conditions'][$search_field])) 3173 { 3174 // IPv6 IP 3175 if(strpos($view['conditions'][$search_field], ":") !== false) 3176 { 3177 $view['conditions'][$search_field] = str_replace("*", "%", $view['conditions'][$search_field]); 3178 $ip_sql = "{$search_field} LIKE '".$db->escape_string($view['conditions'][$search_field])."'"; 3179 } 3180 else 3181 { 3182 $ip_range = fetch_longipv4_range($view['conditions'][$search_field]); 3183 if(!is_array($ip_range)) 3184 { 3185 $ip_sql = "long{$search_field}='{$ip_range}'"; 3186 } 3187 else 3188 { 3189 $ip_sql = "long{$search_field} > '{$ip_range[0]}' AND long{$search_field} < '{$ip_range[1]}'"; 3190 } 3191 } 3192 $search_sql .= " AND {$ip_sql}"; 3193 } 3194 } 3195 3196 // Post IP searching 3197 if(!empty($view['conditions']['postip'])) 3198 { 3199 // IPv6 IP 3200 if(strpos($view['conditions']['postip'], ":") !== false) 3201 { 3202 $view['conditions']['postip'] = str_replace("*", "%", $view['conditions']['postip']); 3203 $ip_sql = "ipaddress LIKE '".$db->escape_string($view['conditions']['postip'])."'"; 3204 } 3205 else 3206 { 3207 $ip_range = fetch_longipv4_range($view['conditions']['postip']); 3208 if(!is_array($ip_range)) 3209 { 3210 $ip_sql = "longipaddress='{$ip_range}'"; 3211 } 3212 else 3213 { 3214 $ip_sql = "longipaddress > '{$ip_range[0]}' AND longipaddress < '{$ip_range[1]}'"; 3215 } 3216 } 3217 $ip_uids = array(0); 3218 $query = $db->simple_select("posts", "uid", $ip_sql); 3219 while($uid = $db->fetch_field($query, "uid")) 3220 { 3221 $ip_uids[] = $uid; 3222 } 3223 $search_sql .= " AND u.uid IN(".implode(',', $ip_uids).")"; 3224 unset($ip_uids); 3225 } 3226 3227 // Custom Profile Field searching 3228 if($view['custom_profile_fields']) 3229 { 3230 $userfield_sql = '1=1'; 3231 foreach($view['custom_profile_fields'] as $column => $input) 3232 { 3233 if(is_array($input)) 3234 { 3235 foreach($input as $value => $text) 3236 { 3237 if($value == $column) 3238 { 3239 $value = $text; 3240 } 3241 3242 if($value == $lang->na) 3243 { 3244 continue; 3245 } 3246 3247 if(strpos($column, '_blank') !== false) 3248 { 3249 $column = str_replace('_blank', '', $column); 3250 $userfield_sql .= ' AND '.$db->escape_string($column)." != ''"; 3251 } 3252 else 3253 { 3254 $userfield_sql .= ' AND '.$db->escape_string($column)."='".$db->escape_string($value)."'"; 3255 } 3256 } 3257 } 3258 else if(!empty($input)) 3259 { 3260 if($input == $lang->na) 3261 { 3262 continue; 3263 } 3264 3265 if(strpos($column, '_blank') !== false) 3266 { 3267 $column = str_replace('_blank', '', $column); 3268 $userfield_sql .= ' AND '.$db->escape_string($column)." != ''"; 3269 } 3270 else 3271 { 3272 $userfield_sql .= ' AND '.$db->escape_string($column)." LIKE '%".$db->escape_string($input)."%'"; 3273 } 3274 } 3275 } 3276 3277 if($userfield_sql != '1=1') 3278 { 3279 $userfield_uids = array(0); 3280 $query = $db->simple_select("userfields", "ufid", $userfield_sql); 3281 while($userfield = $db->fetch_array($query)) 3282 { 3283 $userfield_uids[] = $userfield['ufid']; 3284 } 3285 $search_sql .= " AND u.uid IN(".implode(',', $userfield_uids).")"; 3286 unset($userfield_uids); 3287 } 3288 } 3289 3290 // Usergroup based searching 3291 if(iss