| [ Index ] |
PHP Cross Reference of phpBB-3.1.12-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 if (!defined('IN_PHPBB')) 18 { 19 exit; 20 } 21 22 class acp_users 23 { 24 var $u_action; 25 var $p_master; 26 27 function acp_users(&$p_master) 28 { 29 $this->p_master = &$p_master; 30 } 31 32 function main($id, $mode) 33 { 34 global $config, $db, $user, $auth, $template, $cache; 35 global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; 36 global $phpbb_dispatcher, $request; 37 global $phpbb_container; 38 39 $user->add_lang(array('posting', 'ucp', 'acp/users')); 40 $this->tpl_name = 'acp_users'; 41 42 $error = array(); 43 $username = utf8_normalize_nfc(request_var('username', '', true)); 44 $user_id = request_var('u', 0); 45 $action = request_var('action', ''); 46 47 // Get referer to redirect user to the appropriate page after delete action 48 $redirect = request_var('redirect', ''); 49 $redirect_tag = "redirect=$redirect"; 50 $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect"); 51 52 $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false; 53 54 $form_name = 'acp_users'; 55 add_form_key($form_name); 56 57 // Whois (special case) 58 if ($action == 'whois') 59 { 60 if (!function_exists('user_get_id_name')) 61 { 62 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 63 } 64 65 $this->page_title = 'WHOIS'; 66 $this->tpl_name = 'simple_body'; 67 68 $user_ip = phpbb_ip_normalise(request_var('user_ip', '')); 69 $domain = gethostbyaddr($user_ip); 70 $ipwhois = user_ipwhois($user_ip); 71 72 $template->assign_vars(array( 73 'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), 74 'MESSAGE_TEXT' => nl2br($ipwhois)) 75 ); 76 77 return; 78 } 79 80 // Show user selection mask 81 if (!$username && !$user_id) 82 { 83 $this->page_title = 'SELECT_USER'; 84 85 $template->assign_vars(array( 86 'U_ACTION' => $this->u_action, 87 'ANONYMOUS_USER_ID' => ANONYMOUS, 88 89 'S_SELECT_USER' => true, 90 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'), 91 )); 92 93 return; 94 } 95 96 if (!$user_id) 97 { 98 $sql = 'SELECT user_id 99 FROM ' . USERS_TABLE . " 100 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; 101 $result = $db->sql_query($sql); 102 $user_id = (int) $db->sql_fetchfield('user_id'); 103 $db->sql_freeresult($result); 104 105 if (!$user_id) 106 { 107 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); 108 } 109 } 110 111 // Generate content for all modes 112 $sql = 'SELECT u.*, s.* 113 FROM ' . USERS_TABLE . ' u 114 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) 115 WHERE u.user_id = ' . $user_id . ' 116 ORDER BY s.session_time DESC'; 117 $result = $db->sql_query_limit($sql, 1); 118 $user_row = $db->sql_fetchrow($result); 119 $db->sql_freeresult($result); 120 121 if (!$user_row) 122 { 123 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); 124 } 125 126 // Generate overall "header" for user admin 127 $s_form_options = ''; 128 129 // Build modes dropdown list 130 $sql = 'SELECT module_mode, module_auth 131 FROM ' . MODULES_TABLE . " 132 WHERE module_basename = 'acp_users' 133 AND module_enabled = 1 134 AND module_class = 'acp' 135 ORDER BY left_id, module_mode"; 136 $result = $db->sql_query($sql); 137 138 $dropdown_modes = array(); 139 while ($row = $db->sql_fetchrow($result)) 140 { 141 if (!$this->p_master->module_auth_self($row['module_auth'])) 142 { 143 continue; 144 } 145 146 $dropdown_modes[$row['module_mode']] = true; 147 } 148 $db->sql_freeresult($result); 149 150 foreach ($dropdown_modes as $module_mode => $null) 151 { 152 $selected = ($mode == $module_mode) ? ' selected="selected"' : ''; 153 $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>'; 154 } 155 156 $template->assign_vars(array( 157 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url, 158 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"), 159 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag), 160 'S_FORM_OPTIONS' => $s_form_options, 161 'MANAGED_USERNAME' => $user_row['username']) 162 ); 163 164 // Prevent normal users/admins change/view founders if they are not a founder by themselves 165 if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) 166 { 167 trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING); 168 } 169 170 $this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode)); 171 172 switch ($mode) 173 { 174 case 'overview': 175 176 if (!function_exists('user_get_id_name')) 177 { 178 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 179 } 180 181 $user->add_lang('acp/ban'); 182 183 $delete = request_var('delete', 0); 184 $delete_type = request_var('delete_type', ''); 185 $ip = request_var('ip', 'ip'); 186 187 /** 188 * Run code at beginning of ACP users overview 189 * 190 * @event core.acp_users_overview_before 191 * @var array user_row Current user data 192 * @var string mode Active module 193 * @var string action Module that should be run 194 * @var bool submit Do we display the form only 195 * or did the user press submit 196 * @var array error Array holding error messages 197 * @since 3.1.3-RC1 198 */ 199 $vars = array('user_row', 'mode', 'action', 'submit', 'error'); 200 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars))); 201 202 if ($submit) 203 { 204 if ($delete) 205 { 206 if (!$auth->acl_get('a_userdel')) 207 { 208 trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 209 } 210 211 // Check if the user wants to remove himself or the guest user account 212 if ($user_id == ANONYMOUS) 213 { 214 trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 215 } 216 217 // Founders can not be deleted. 218 if ($user_row['user_type'] == USER_FOUNDER) 219 { 220 trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 221 } 222 223 if ($user_id == $user->data['user_id']) 224 { 225 trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 226 } 227 228 if ($delete_type) 229 { 230 if (confirm_box(true)) 231 { 232 user_delete($delete_type, $user_id, $user_row['username']); 233 234 add_log('admin', 'LOG_USER_DELETED', $user_row['username']); 235 trigger_error($user->lang['USER_DELETED'] . adm_back_link( 236 (empty($redirect)) ? $this->u_action : $redirect_url 237 ) 238 ); 239 } 240 else 241 { 242 $delete_confirm_hidden_fields = array( 243 'u' => $user_id, 244 'i' => $id, 245 'mode' => $mode, 246 'action' => $action, 247 'update' => true, 248 'delete' => 1, 249 'delete_type' => $delete_type, 250 ); 251 252 // Checks if the redirection page is specified 253 if (!empty($redirect)) 254 { 255 $delete_confirm_hidden_fields['redirect'] = $redirect; 256 } 257 258 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields)); 259 } 260 } 261 else 262 { 263 trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 264 } 265 } 266 267 // Handle quicktool actions 268 switch ($action) 269 { 270 case 'banuser': 271 case 'banemail': 272 case 'banip': 273 274 if ($user_id == $user->data['user_id']) 275 { 276 trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 277 } 278 279 if ($user_id == ANONYMOUS) 280 { 281 trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 282 } 283 284 if ($user_row['user_type'] == USER_FOUNDER) 285 { 286 trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 287 } 288 289 if (!check_form_key($form_name)) 290 { 291 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 292 } 293 294 $ban = array(); 295 296 switch ($action) 297 { 298 case 'banuser': 299 $ban[] = $user_row['username']; 300 $reason = 'USER_ADMIN_BAN_NAME_REASON'; 301 $log = 'LOG_USER_BAN_USER'; 302 break; 303 304 case 'banemail': 305 $ban[] = $user_row['user_email']; 306 $reason = 'USER_ADMIN_BAN_EMAIL_REASON'; 307 $log = 'LOG_USER_BAN_EMAIL'; 308 break; 309 310 case 'banip': 311 $ban[] = $user_row['user_ip']; 312 313 $sql = 'SELECT DISTINCT poster_ip 314 FROM ' . POSTS_TABLE . " 315 WHERE poster_id = $user_id"; 316 $result = $db->sql_query($sql); 317 318 while ($row = $db->sql_fetchrow($result)) 319 { 320 $ban[] = $row['poster_ip']; 321 } 322 $db->sql_freeresult($result); 323 324 $reason = 'USER_ADMIN_BAN_IP_REASON'; 325 $log = 'LOG_USER_BAN_IP'; 326 break; 327 } 328 329 $ban_reason = utf8_normalize_nfc(request_var('ban_reason', $user->lang[$reason], true)); 330 $ban_give_reason = utf8_normalize_nfc(request_var('ban_give_reason', '', true)); 331 332 // Log not used at the moment, we simply utilize the ban function. 333 $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason); 334 335 trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id)); 336 337 break; 338 339 case 'reactivate': 340 341 if ($user_id == $user->data['user_id']) 342 { 343 trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 344 } 345 346 if (!check_form_key($form_name)) 347 { 348 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 349 } 350 351 if ($user_row['user_type'] == USER_FOUNDER) 352 { 353 trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 354 } 355 356 if ($user_row['user_type'] == USER_IGNORE) 357 { 358 trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 359 } 360 361 if ($config['email_enable']) 362 { 363 if (!class_exists('messenger')) 364 { 365 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); 366 } 367 368 $server_url = generate_board_url(); 369 370 $user_actkey = gen_rand_string(mt_rand(6, 10)); 371 $email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive'; 372 373 if ($user_row['user_type'] == USER_NORMAL) 374 { 375 user_active_flip('deactivate', $user_id, INACTIVE_REMIND); 376 } 377 else 378 { 379 // Grabbing the last confirm key - we only send a reminder 380 $sql = 'SELECT user_actkey 381 FROM ' . USERS_TABLE . ' 382 WHERE user_id = ' . $user_id; 383 $result = $db->sql_query($sql); 384 $user_activation_key = (string) $db->sql_fetchfield('user_actkey'); 385 $db->sql_freeresult($result); 386 387 $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key; 388 } 389 390 if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key)) 391 { 392 $sql = 'UPDATE ' . USERS_TABLE . " 393 SET user_actkey = '" . $db->sql_escape($user_actkey) . "' 394 WHERE user_id = $user_id"; 395 $db->sql_query($sql); 396 } 397 398 $messenger = new messenger(false); 399 400 $messenger->template($email_template, $user_row['user_lang']); 401 402 $messenger->set_addresses($user_row); 403 404 $messenger->anti_abuse_headers($config, $user); 405 406 $messenger->assign_vars(array( 407 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 408 'USERNAME' => htmlspecialchars_decode($user_row['username']), 409 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") 410 ); 411 412 $messenger->send(NOTIFY_EMAIL); 413 414 add_log('admin', 'LOG_USER_REACTIVATE', $user_row['username']); 415 add_log('user', $user_id, 'LOG_USER_REACTIVATE_USER'); 416 417 trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id)); 418 } 419 420 break; 421 422 case 'active': 423 424 if ($user_id == $user->data['user_id']) 425 { 426 // It is only deactivation since the user is already activated (else he would not have reached this page) 427 trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 428 } 429 430 if (!check_form_key($form_name)) 431 { 432 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 433 } 434 435 if ($user_row['user_type'] == USER_FOUNDER) 436 { 437 trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 438 } 439 440 if ($user_row['user_type'] == USER_IGNORE) 441 { 442 trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 443 } 444 445 user_active_flip('flip', $user_id); 446 447 if ($user_row['user_type'] == USER_INACTIVE) 448 { 449 if ($config['require_activation'] == USER_ACTIVATION_ADMIN) 450 { 451 $phpbb_notifications = $phpbb_container->get('notification_manager'); 452 $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); 453 454 if (!class_exists('messenger')) 455 { 456 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); 457 } 458 459 $messenger = new messenger(false); 460 461 $messenger->template('admin_welcome_activated', $user_row['user_lang']); 462 463 $messenger->set_addresses($user_row); 464 465 $messenger->anti_abuse_headers($config, $user); 466 467 $messenger->assign_vars(array( 468 'USERNAME' => htmlspecialchars_decode($user_row['username'])) 469 ); 470 471 $messenger->send(NOTIFY_EMAIL); 472 } 473 } 474 475 $message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED'; 476 $log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE'; 477 478 add_log('admin', $log, $user_row['username']); 479 add_log('user', $user_id, $log . '_USER'); 480 481 trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id)); 482 483 break; 484 485 case 'delsig': 486 487 if (!check_form_key($form_name)) 488 { 489 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 490 } 491 492 $sql_ary = array( 493 'user_sig' => '', 494 'user_sig_bbcode_uid' => '', 495 'user_sig_bbcode_bitfield' => '' 496 ); 497 498 $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 499 WHERE user_id = $user_id"; 500 $db->sql_query($sql); 501 502 add_log('admin', 'LOG_USER_DEL_SIG', $user_row['username']); 503 add_log('user', $user_id, 'LOG_USER_DEL_SIG_USER'); 504 505 trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 506 507 break; 508 509 case 'delavatar': 510 511 if (!check_form_key($form_name)) 512 { 513 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 514 } 515 516 // Delete old avatar if present 517 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 518 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_'); 519 520 add_log('admin', 'LOG_USER_DEL_AVATAR', $user_row['username']); 521 add_log('user', $user_id, 'LOG_USER_DEL_AVATAR_USER'); 522 523 trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 524 break; 525 526 case 'delposts': 527 528 if (confirm_box(true)) 529 { 530 // Delete posts, attachments, etc. 531 delete_posts('poster_id', $user_id); 532 533 add_log('admin', 'LOG_USER_DEL_POSTS', $user_row['username']); 534 trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 535 } 536 else 537 { 538 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 539 'u' => $user_id, 540 'i' => $id, 541 'mode' => $mode, 542 'action' => $action, 543 'update' => true)) 544 ); 545 } 546 547 break; 548 549 case 'delattach': 550 551 if (confirm_box(true)) 552 { 553 delete_attachments('user', $user_id); 554 555 add_log('admin', 'LOG_USER_DEL_ATTACH', $user_row['username']); 556 trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 557 } 558 else 559 { 560 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 561 'u' => $user_id, 562 'i' => $id, 563 'mode' => $mode, 564 'action' => $action, 565 'update' => true)) 566 ); 567 } 568 569 break; 570 571 case 'deloutbox': 572 573 if (confirm_box(true)) 574 { 575 $msg_ids = array(); 576 $lang = 'EMPTY'; 577 578 $sql = 'SELECT msg_id 579 FROM ' . PRIVMSGS_TO_TABLE . " 580 WHERE author_id = $user_id 581 AND folder_id = " . PRIVMSGS_OUTBOX; 582 $result = $db->sql_query($sql); 583 584 if ($row = $db->sql_fetchrow($result)) 585 { 586 if (!function_exists('delete_pm')) 587 { 588 include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); 589 } 590 591 do 592 { 593 $msg_ids[] = (int) $row['msg_id']; 594 } 595 while ($row = $db->sql_fetchrow($result)); 596 597 $db->sql_freeresult($result); 598 599 delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX); 600 601 add_log('admin', 'LOG_USER_DEL_OUTBOX', $user_row['username']); 602 603 $lang = 'EMPTIED'; 604 } 605 $db->sql_freeresult($result); 606 607 trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id)); 608 } 609 else 610 { 611 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 612 'u' => $user_id, 613 'i' => $id, 614 'mode' => $mode, 615 'action' => $action, 616 'update' => true)) 617 ); 618 } 619 break; 620 621 case 'moveposts': 622 623 if (!check_form_key($form_name)) 624 { 625 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 626 } 627 628 $user->add_lang('acp/forums'); 629 630 $new_forum_id = request_var('new_f', 0); 631 632 if (!$new_forum_id) 633 { 634 $this->page_title = 'USER_ADMIN_MOVE_POSTS'; 635 636 $template->assign_vars(array( 637 'S_SELECT_FORUM' => true, 638 'U_ACTION' => $this->u_action . "&action=$action&u=$user_id", 639 'U_BACK' => $this->u_action . "&u=$user_id", 640 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true)) 641 ); 642 643 return; 644 } 645 646 // Is the new forum postable to? 647 $sql = 'SELECT forum_name, forum_type 648 FROM ' . FORUMS_TABLE . " 649 WHERE forum_id = $new_forum_id"; 650 $result = $db->sql_query($sql); 651 $forum_info = $db->sql_fetchrow($result); 652 $db->sql_freeresult($result); 653 654 if (!$forum_info) 655 { 656 trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 657 } 658 659 if ($forum_info['forum_type'] != FORUM_POST) 660 { 661 trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 662 } 663 664 // Two stage? 665 // Move topics comprising only posts from this user 666 $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array(); 667 $forum_id_ary = array($new_forum_id); 668 669 $sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts 670 FROM ' . POSTS_TABLE . " 671 WHERE poster_id = $user_id 672 AND forum_id <> $new_forum_id 673 GROUP BY topic_id, post_visibility"; 674 $result = $db->sql_query($sql); 675 676 while ($row = $db->sql_fetchrow($result)) 677 { 678 $topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts']; 679 } 680 $db->sql_freeresult($result); 681 682 if (sizeof($topic_id_ary)) 683 { 684 $sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment 685 FROM ' . TOPICS_TABLE . ' 686 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); 687 $result = $db->sql_query($sql); 688 689 while ($row = $db->sql_fetchrow($result)) 690 { 691 if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved'] 692 && $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved'] 693 && $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved'] 694 && $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted']) 695 { 696 $move_topic_ary[] = $row['topic_id']; 697 } 698 else 699 { 700 $move_post_ary[$row['topic_id']]['title'] = $row['topic_title']; 701 $move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0; 702 } 703 704 $forum_id_ary[] = $row['forum_id']; 705 } 706 $db->sql_freeresult($result); 707 } 708 709 // Entire topic comprises posts by this user, move these topics 710 if (sizeof($move_topic_ary)) 711 { 712 move_topics($move_topic_ary, $new_forum_id, false); 713 } 714 715 if (sizeof($move_post_ary)) 716 { 717 // Create new topic 718 // Update post_ids, report_ids, attachment_ids 719 foreach ($move_post_ary as $topic_id => $post_ary) 720 { 721 // Create new topic 722 $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 723 'topic_poster' => $user_id, 724 'topic_time' => time(), 725 'forum_id' => $new_forum_id, 726 'icon_id' => 0, 727 'topic_visibility' => ITEM_APPROVED, 728 'topic_title' => $post_ary['title'], 729 'topic_first_poster_name' => $user_row['username'], 730 'topic_type' => POST_NORMAL, 731 'topic_time_limit' => 0, 732 'topic_attachment' => $post_ary['attach']) 733 ); 734 $db->sql_query($sql); 735 736 $new_topic_id = $db->sql_nextid(); 737 738 // Move posts 739 $sql = 'UPDATE ' . POSTS_TABLE . " 740 SET forum_id = $new_forum_id, topic_id = $new_topic_id 741 WHERE topic_id = $topic_id 742 AND poster_id = $user_id"; 743 $db->sql_query($sql); 744 745 if ($post_ary['attach']) 746 { 747 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " 748 SET topic_id = $new_topic_id 749 WHERE topic_id = $topic_id 750 AND poster_id = $user_id"; 751 $db->sql_query($sql); 752 } 753 754 $new_topic_id_ary[] = $new_topic_id; 755 } 756 } 757 758 $forum_id_ary = array_unique($forum_id_ary); 759 $topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary)); 760 761 if (sizeof($topic_id_ary)) 762 { 763 sync('topic_reported', 'topic_id', $topic_id_ary); 764 sync('topic', 'topic_id', $topic_id_ary); 765 } 766 767 if (sizeof($forum_id_ary)) 768 { 769 sync('forum', 'forum_id', $forum_id_ary, false, true); 770 } 771 772 add_log('admin', 'LOG_USER_MOVE_POSTS', $user_row['username'], $forum_info['forum_name']); 773 add_log('user', $user_id, 'LOG_USER_MOVE_POSTS_USER', $forum_info['forum_name']); 774 775 trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 776 777 break; 778 779 case 'leave_nr': 780 781 if (confirm_box(true)) 782 { 783 remove_newly_registered($user_id, $user_row); 784 785 add_log('admin', 'LOG_USER_REMOVED_NR', $user_row['username']); 786 trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id)); 787 } 788 else 789 { 790 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 791 'u' => $user_id, 792 'i' => $id, 793 'mode' => $mode, 794 'action' => $action, 795 'update' => true)) 796 ); 797 } 798 799 break; 800 801 default: 802 /** 803 * Run custom quicktool code 804 * 805 * @event core.acp_users_overview_run_quicktool 806 * @var array user_row Current user data 807 * @var string action Quick tool that should be run 808 * @since 3.1.0-a1 809 */ 810 $vars = array('action', 'user_row'); 811 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars))); 812 break; 813 } 814 815 // Handle registration info updates 816 $data = array( 817 'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)), 818 'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 819 'email' => strtolower(request_var('user_email', $user_row['user_email'])), 820 'new_password' => $request->variable('new_password', '', true), 821 'password_confirm' => $request->variable('password_confirm', '', true), 822 ); 823 824 // Validation data - we do not check the password complexity setting here 825 $check_ary = array( 826 'new_password' => array( 827 array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 828 array('password')), 829 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 830 ); 831 832 // Check username if altered 833 if ($data['username'] != $user_row['username']) 834 { 835 $check_ary += array( 836 'username' => array( 837 array('string', false, $config['min_name_chars'], $config['max_name_chars']), 838 array('username', $user_row['username']) 839 ), 840 ); 841 } 842 843 // Check email if altered 844 if ($data['email'] != $user_row['user_email']) 845 { 846 $check_ary += array( 847 'email' => array( 848 array('string', false, 6, 60), 849 array('user_email', $user_row['user_email']), 850 ), 851 ); 852 } 853 854 $error = validate_data($data, $check_ary); 855 856 if ($data['new_password'] && $data['password_confirm'] != $data['new_password']) 857 { 858 $error[] = 'NEW_PASSWORD_ERROR'; 859 } 860 861 if (!check_form_key($form_name)) 862 { 863 $error[] = 'FORM_INVALID'; 864 } 865 866 // Instantiate passwords manager 867 $passwords_manager = $phpbb_container->get('passwords.manager'); 868 869 // Which updates do we need to do? 870 $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false; 871 $update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']); 872 $update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false; 873 874 if (!sizeof($error)) 875 { 876 $sql_ary = array(); 877 878 if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER) 879 { 880 // Only allow founders updating the founder status... 881 if ($user->data['user_type'] == USER_FOUNDER) 882 { 883 // Setting a normal member to be a founder 884 if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER) 885 { 886 // Make sure the user is not setting an Inactive or ignored user to be a founder 887 if ($user_row['user_type'] == USER_IGNORE) 888 { 889 trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 890 } 891 892 if ($user_row['user_type'] == USER_INACTIVE) 893 { 894 trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 895 } 896 897 $sql_ary['user_type'] = USER_FOUNDER; 898 } 899 else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER) 900 { 901 // Check if at least one founder is present 902 $sql = 'SELECT user_id 903 FROM ' . USERS_TABLE . ' 904 WHERE user_type = ' . USER_FOUNDER . ' 905 AND user_id <> ' . $user_id; 906 $result = $db->sql_query_limit($sql, 1); 907 $row = $db->sql_fetchrow($result); 908 $db->sql_freeresult($result); 909 910 if ($row) 911 { 912 $sql_ary['user_type'] = USER_NORMAL; 913 } 914 else 915 { 916 trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 917 } 918 } 919 } 920 } 921 922 /** 923 * Modify user data before we update it 924 * 925 * @event core.acp_users_overview_modify_data 926 * @var array user_row Current user data 927 * @var array data Submitted user data 928 * @var array sql_ary User data we udpate 929 * @since 3.1.0-a1 930 */ 931 $vars = array('user_row', 'data', 'sql_ary'); 932 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars))); 933 934 if ($update_username !== false) 935 { 936 $sql_ary['username'] = $update_username; 937 $sql_ary['username_clean'] = utf8_clean_string($update_username); 938 939 add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username); 940 } 941 942 if ($update_email !== false) 943 { 944 $sql_ary += array( 945 'user_email' => $update_email, 946 'user_email_hash' => phpbb_email_hash($update_email), 947 ); 948 949 add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email); 950 } 951 952 if ($update_password) 953 { 954 $sql_ary += array( 955 'user_password' => $passwords_manager->hash($data['new_password']), 956 'user_passchg' => time(), 957 ); 958 959 $user->reset_login_keys($user_id); 960 add_log('user', $user_id, 'LOG_USER_NEW_PASSWORD', $user_row['username']); 961 } 962 963 if (sizeof($sql_ary)) 964 { 965 $sql = 'UPDATE ' . USERS_TABLE . ' 966 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 967 WHERE user_id = ' . $user_id; 968 $db->sql_query($sql); 969 } 970 971 if ($update_username) 972 { 973 user_update_name($user_row['username'], $update_username); 974 } 975 976 // Let the users permissions being updated 977 $auth->acl_clear_prefetch($user_id); 978 979 add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']); 980 981 trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 982 } 983 984 // Replace "error" strings with their real, localised form 985 $error = array_map(array($user, 'lang'), $error); 986 } 987 988 if ($user_id == $user->data['user_id']) 989 { 990 $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); 991 if ($user_row['user_new']) 992 { 993 $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; 994 } 995 } 996 else 997 { 998 $quick_tool_ary = array(); 999 1000 if ($user_row['user_type'] != USER_FOUNDER) 1001 { 1002 $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP'); 1003 } 1004 1005 if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE) 1006 { 1007 $quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE')); 1008 } 1009 1010 $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); 1011 1012 if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE)) 1013 { 1014 $quick_tool_ary['reactivate'] = 'FORCE'; 1015 } 1016 1017 if ($user_row['user_new']) 1018 { 1019 $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; 1020 } 1021 } 1022 1023 if ($config['load_onlinetrack']) 1024 { 1025 $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline 1026 FROM ' . SESSIONS_TABLE . " 1027 WHERE session_user_id = $user_id"; 1028 $result = $db->sql_query($sql); 1029 $row = $db->sql_fetchrow($result); 1030 $db->sql_freeresult($result); 1031 1032 $user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0; 1033 $user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0; 1034 unset($row); 1035 } 1036 1037 /** 1038 * Add additional quick tool options and overwrite user data 1039 * 1040 * @event core.acp_users_display_overview 1041 * @var array user_row Array with user data 1042 * @var array quick_tool_ary Ouick tool options 1043 * @since 3.1.0-a1 1044 */ 1045 $vars = array('user_row', 'quick_tool_ary'); 1046 extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars))); 1047 1048 $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>'; 1049 foreach ($quick_tool_ary as $value => $lang) 1050 { 1051 $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>'; 1052 } 1053 1054 $last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit']; 1055 1056 $inactive_reason = ''; 1057 if ($user_row['user_type'] == USER_INACTIVE) 1058 { 1059 $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN']; 1060 1061 switch ($user_row['user_inactive_reason']) 1062 { 1063 case INACTIVE_REGISTER: 1064 $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER']; 1065 break; 1066 1067 case INACTIVE_PROFILE: 1068 $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE']; 1069 break; 1070 1071 case INACTIVE_MANUAL: 1072 $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL']; 1073 break; 1074 1075 case INACTIVE_REMIND: 1076 $inactive_reason = $user->lang['INACTIVE_REASON_REMIND']; 1077 break; 1078 } 1079 } 1080 1081 // Posts in Queue 1082 $sql = 'SELECT COUNT(post_id) as posts_in_queue 1083 FROM ' . POSTS_TABLE . ' 1084 WHERE poster_id = ' . $user_id . ' 1085 AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)); 1086 $result = $db->sql_query($sql); 1087 $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue'); 1088 $db->sql_freeresult($result); 1089 1090 $sql = 'SELECT post_id 1091 FROM ' . POSTS_TABLE . ' 1092 WHERE poster_id = '. $user_id; 1093 $result = $db->sql_query_limit($sql, 1); 1094 $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id'); 1095 $db->sql_freeresult($result); 1096 1097 $template->assign_vars(array( 1098 'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), 1099 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), 1100 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']), 1101 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, 1102 1103 'S_OVERVIEW' => true, 1104 'S_USER_IP' => ($user_row['user_ip']) ? true : false, 1105 'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false, 1106 'S_ACTION_OPTIONS' => $s_action_options, 1107 'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false, 1108 'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false, 1109 1110 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 1111 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 1112 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', 1113 'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', 1114 1115 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '', 1116 1117 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'], 1118 'USER' => $user_row['username'], 1119 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 1120 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], 1121 'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ', 1122 'USER_EMAIL' => $user_row['user_email'], 1123 'USER_WARNINGS' => $user_row['user_warnings'], 1124 'USER_POSTS' => $user_row['user_posts'], 1125 'USER_HAS_POSTS' => $user_row['user_has_posts'], 1126 'USER_INACTIVE_REASON' => $inactive_reason, 1127 )); 1128 1129 break; 1130 1131 case 'feedback': 1132 1133 $user->add_lang('mcp'); 1134 1135 // Set up general vars 1136 $start = request_var('start', 0); 1137 $deletemark = (isset($_POST['delmarked'])) ? true : false; 1138 $deleteall = (isset($_POST['delall'])) ? true : false; 1139 $marked = request_var('mark', array(0)); 1140 $message = utf8_normalize_nfc(request_var('message', '', true)); 1141 $pagination = $phpbb_container->get('pagination'); 1142 1143 // Sort keys 1144 $sort_days = request_var('st', 0); 1145 $sort_key = request_var('sk', 't'); 1146 $sort_dir = request_var('sd', 'd'); 1147 1148 // Delete entries if requested and able 1149 if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) 1150 { 1151 if (!check_form_key($form_name)) 1152 { 1153 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1154 } 1155 1156 $where_sql = ''; 1157 if ($deletemark && $marked) 1158 { 1159 $sql_in = array(); 1160 foreach ($marked as $mark) 1161 { 1162 $sql_in[] = $mark; 1163 } 1164 $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); 1165 unset($sql_in); 1166 } 1167 1168 if ($where_sql || $deleteall) 1169 { 1170 $sql = 'DELETE FROM ' . LOG_TABLE . ' 1171 WHERE log_type = ' . LOG_USERS . " 1172 AND reportee_id = $user_id 1173 $where_sql"; 1174 $db->sql_query($sql); 1175 1176 add_log('admin', 'LOG_CLEAR_USER', $user_row['username']); 1177 } 1178 } 1179 1180 if ($submit && $message) 1181 { 1182 if (!check_form_key($form_name)) 1183 { 1184 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1185 } 1186 1187 add_log('admin', 'LOG_USER_FEEDBACK', $user_row['username']); 1188 add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $user_row['username']); 1189 add_log('user', $user_id, 'LOG_USER_GENERAL', $message); 1190 1191 trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1192 } 1193 1194 // Sorting 1195 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1196 $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); 1197 $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); 1198 1199 $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; 1200 gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); 1201 1202 // Define where and sort sql for use in displaying logs 1203 $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0; 1204 $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC'); 1205 1206 // Grab log data 1207 $log_data = array(); 1208 $log_count = 0; 1209 $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); 1210 1211 $base_url = $this->u_action . "&u=$user_id&$u_sort_param"; 1212 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); 1213 1214 $template->assign_vars(array( 1215 'S_FEEDBACK' => true, 1216 1217 'S_LIMIT_DAYS' => $s_limit_days, 1218 'S_SORT_KEY' => $s_sort_key, 1219 'S_SORT_DIR' => $s_sort_dir, 1220 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs')) 1221 ); 1222 1223 foreach ($log_data as $row) 1224 { 1225 $template->assign_block_vars('log', array( 1226 'USERNAME' => $row['username_full'], 1227 'IP' => $row['ip'], 1228 'DATE' => $user->format_date($row['time']), 1229 'ACTION' => nl2br($row['action']), 1230 'ID' => $row['id']) 1231 ); 1232 } 1233 1234 break; 1235 1236 case 'warnings': 1237 $user->add_lang('mcp'); 1238 1239 // Set up general vars 1240 $start = request_var('start', 0); 1241 $deletemark = (isset($_POST['delmarked'])) ? true : false; 1242 $deleteall = (isset($_POST['delall'])) ? true : false; 1243 $confirm = (isset($_POST['confirm'])) ? true : false; 1244 $marked = request_var('mark', array(0)); 1245 $message = utf8_normalize_nfc(request_var('message', '', true)); 1246 1247 // Sort keys 1248 $sort_days = request_var('st', 0); 1249 $sort_key = request_var('sk', 't'); 1250 $sort_dir = request_var('sd', 'd'); 1251 1252 // Delete entries if requested and able 1253 if ($deletemark || $deleteall || $confirm) 1254 { 1255 if (confirm_box(true)) 1256 { 1257 $where_sql = ''; 1258 $deletemark = request_var('delmarked', 0); 1259 $deleteall = request_var('delall', 0); 1260 if ($deletemark && $marked) 1261 { 1262 $where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked)); 1263 } 1264 1265 if ($where_sql || $deleteall) 1266 { 1267 $sql = 'DELETE FROM ' . WARNINGS_TABLE . " 1268 WHERE user_id = $user_id 1269 $where_sql"; 1270 $db->sql_query($sql); 1271 1272 if ($deleteall) 1273 { 1274 $log_warnings = $deleted_warnings = 0; 1275 } 1276 else 1277 { 1278 $num_warnings = (int) $db->sql_affectedrows(); 1279 $deleted_warnings = ' user_warnings - ' . $num_warnings; 1280 $log_warnings = ($num_warnings > 2) ? 2 : $num_warnings; 1281 } 1282 1283 $sql = 'UPDATE ' . USERS_TABLE . " 1284 SET user_warnings = $deleted_warnings 1285 WHERE user_id = $user_id"; 1286 $db->sql_query($sql); 1287 1288 if ($log_warnings) 1289 { 1290 add_log('admin', 'LOG_WARNINGS_DELETED', $user_row['username'], $num_warnings); 1291 } 1292 else 1293 { 1294 add_log('admin', 'LOG_WARNINGS_DELETED_ALL', $user_row['username']); 1295 } 1296 } 1297 } 1298 else 1299 { 1300 $s_hidden_fields = array( 1301 'i' => $id, 1302 'mode' => $mode, 1303 'u' => $user_id, 1304 'mark' => $marked, 1305 ); 1306 if (isset($_POST['delmarked'])) 1307 { 1308 $s_hidden_fields['delmarked'] = 1; 1309 } 1310 if (isset($_POST['delall'])) 1311 { 1312 $s_hidden_fields['delall'] = 1; 1313 } 1314 if (isset($_POST['delall']) || (isset($_POST['delmarked']) && sizeof($marked))) 1315 { 1316 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); 1317 } 1318 } 1319 } 1320 1321 $sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour 1322 FROM ' . WARNINGS_TABLE . ' w 1323 LEFT JOIN ' . LOG_TABLE . ' l 1324 ON (w.log_id = l.log_id) 1325 LEFT JOIN ' . USERS_TABLE . ' m 1326 ON (l.user_id = m.user_id) 1327 WHERE w.user_id = ' . $user_id . ' 1328 ORDER BY w.warning_time DESC'; 1329 $result = $db->sql_query($sql); 1330 1331 while ($row = $db->sql_fetchrow($result)) 1332 { 1333 if (!$row['log_operation']) 1334 { 1335 // We do not have a log-entry anymore, so there is no data available 1336 $row['action'] = $user->lang['USER_WARNING_LOG_DELETED']; 1337 } 1338 else 1339 { 1340 $row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}'; 1341 if (!empty($row['log_data'])) 1342 { 1343 $log_data_ary = @unserialize($row['log_data']); 1344 $log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary; 1345 1346 if (isset($user->lang[$row['log_operation']])) 1347 { 1348 // Check if there are more occurrences of % than arguments, if there are we fill out the arguments array 1349 // It doesn't matter if we add more arguments than placeholders 1350 if ((substr_count($row['action'], '%') - sizeof($log_data_ary)) > 0) 1351 { 1352 $log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - sizeof($log_data_ary), '')); 1353 } 1354 $row['action'] = vsprintf($row['action'], $log_data_ary); 1355 $row['action'] = bbcode_nl2br(censor_text($row['action'])); 1356 } 1357 else if (!empty($log_data_ary)) 1358 { 1359 $row['action'] .= '<br />' . implode('', $log_data_ary); 1360 } 1361 } 1362 } 1363 1364 $template->assign_block_vars('warn', array( 1365 'ID' => $row['warning_id'], 1366 'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-', 1367 'ACTION' => make_clickable($row['action']), 1368 'DATE' => $user->format_date($row['warning_time']), 1369 )); 1370 } 1371 $db->sql_freeresult($result); 1372 1373 $template->assign_vars(array( 1374 'S_WARNINGS' => true, 1375 )); 1376 1377 break; 1378 1379 case 'profile': 1380 1381 if (!function_exists('user_get_id_name')) 1382 { 1383 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1384 } 1385 1386 $cp = $phpbb_container->get('profilefields.manager'); 1387 1388 $cp_data = $cp_error = array(); 1389 1390 $sql = 'SELECT lang_id 1391 FROM ' . LANG_TABLE . " 1392 WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'"; 1393 $result = $db->sql_query($sql); 1394 $row = $db->sql_fetchrow($result); 1395 $db->sql_freeresult($result); 1396 1397 $user_row['iso_lang_id'] = $row['lang_id']; 1398 1399 $data = array( 1400 'jabber' => utf8_normalize_nfc(request_var('jabber', $user_row['user_jabber'], true)), 1401 'bday_day' => 0, 1402 'bday_month' => 0, 1403 'bday_year' => 0, 1404 ); 1405 1406 if ($user_row['user_birthday']) 1407 { 1408 list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']); 1409 } 1410 1411 $data['bday_day'] = request_var('bday_day', $data['bday_day']); 1412 $data['bday_month'] = request_var('bday_month', $data['bday_month']); 1413 $data['bday_year'] = request_var('bday_year', $data['bday_year']); 1414 $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']); 1415 1416 /** 1417 * Modify user data on editing profile in ACP 1418 * 1419 * @event core.acp_users_modify_profile 1420 * @var array data Array with user profile data 1421 * @var bool submit Flag indicating if submit button has been pressed 1422 * @var int user_id The user id 1423 * @var array user_row Array with the full user data 1424 * @since 3.1.4-RC1 1425 */ 1426 $vars = array('data', 'submit', 'user_id', 'user_row'); 1427 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars))); 1428 1429 if ($submit) 1430 { 1431 $error = validate_data($data, array( 1432 'jabber' => array( 1433 array('string', true, 5, 255), 1434 array('jabber')), 1435 'bday_day' => array('num', true, 1, 31), 1436 'bday_month' => array('num', true, 1, 12), 1437 'bday_year' => array('num', true, 1901, gmdate('Y', time())), 1438 'user_birthday' => array('date', true), 1439 )); 1440 1441 // validate custom profile fields 1442 $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error); 1443 1444 if (sizeof($cp_error)) 1445 { 1446 $error = array_merge($error, $cp_error); 1447 } 1448 if (!check_form_key($form_name)) 1449 { 1450 $error[] = 'FORM_INVALID'; 1451 } 1452 1453 /** 1454 * Validate profile data in ACP before submitting to the database 1455 * 1456 * @event core.acp_users_profile_validate 1457 * @var bool submit Flag indicating if submit button has been pressed 1458 * @var array data Array with user profile data 1459 * @var array error Array with the form errors 1460 * @since 3.1.4-RC1 1461 */ 1462 $vars = array('submit', 'data', 'error'); 1463 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars))); 1464 1465 if (!sizeof($error)) 1466 { 1467 $sql_ary = array( 1468 'user_jabber' => $data['jabber'], 1469 'user_birthday' => $data['user_birthday'], 1470 ); 1471 1472 /** 1473 * Modify profile data in ACP before submitting to the database 1474 * 1475 * @event core.acp_users_profile_modify_sql_ary 1476 * @var array cp_data Array with the user custom profile fields data 1477 * @var array data Array with user profile data 1478 * @var int user_id The user id 1479 * @var array user_row Array with the full user data 1480 * @var array sql_ary Array with sql data 1481 * @since 3.1.4-RC1 1482 */ 1483 $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary'); 1484 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars))); 1485 1486 $sql = 'UPDATE ' . USERS_TABLE . ' 1487 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 1488 WHERE user_id = $user_id"; 1489 $db->sql_query($sql); 1490 1491 // Update Custom Fields 1492 $cp->update_profile_field_data($user_id, $cp_data); 1493 1494 trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1495 } 1496 1497 // Replace "error" strings with their real, localised form 1498 $error = array_map(array($user, 'lang'), $error); 1499 } 1500 1501 $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>'; 1502 for ($i = 1; $i < 32; $i++) 1503 { 1504 $selected = ($i == $data['bday_day']) ? ' selected="selected"' : ''; 1505 $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>"; 1506 } 1507 1508 $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>'; 1509 for ($i = 1; $i < 13; $i++) 1510 { 1511 $selected = ($i == $data['bday_month']) ? ' selected="selected"' : ''; 1512 $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>"; 1513 } 1514 $s_birthday_year_options = ''; 1515 1516 $now = getdate(); 1517 $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>'; 1518 for ($i = $now['year'] - 100; $i <= $now['year']; $i++) 1519 { 1520 $selected = ($i == $data['bday_year']) ? ' selected="selected"' : ''; 1521 $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>"; 1522 } 1523 unset($now); 1524 1525 $template->assign_vars(array( 1526 'JABBER' => $data['jabber'], 1527 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 1528 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 1529 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 1530 1531 'S_PROFILE' => true) 1532 ); 1533 1534 // Get additional profile fields and assign them to the template block var 'profile_fields' 1535 $user->get_profile_fields($user_id); 1536 1537 $cp->generate_profile_fields('profile', $user_row['iso_lang_id']); 1538 1539 break; 1540 1541 case 'prefs': 1542 1543 if (!function_exists('user_get_id_name')) 1544 { 1545 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1546 } 1547 1548 $data = array( 1549 'dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)), 1550 'lang' => basename(request_var('lang', $user_row['user_lang'])), 1551 'tz' => request_var('tz', $user_row['user_timezone']), 1552 'style' => request_var('style', $user_row['user_style']), 1553 'viewemail' => request_var('viewemail', $user_row['user_allow_viewemail']), 1554 'massemail' => request_var('massemail', $user_row['user_allow_massemail']), 1555 'hideonline' => request_var('hideonline', !$user_row['user_allow_viewonline']), 1556 'notifymethod' => request_var('notifymethod', $user_row['user_notify_type']), 1557 'notifypm' => request_var('notifypm', $user_row['user_notify_pm']), 1558 'allowpm' => request_var('allowpm', $user_row['user_allow_pm']), 1559 1560 'topic_sk' => request_var('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'), 1561 'topic_sd' => request_var('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'), 1562 'topic_st' => request_var('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0), 1563 1564 'post_sk' => request_var('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'), 1565 'post_sd' => request_var('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'), 1566 'post_st' => request_var('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0), 1567 1568 'view_images' => request_var('view_images', $this->optionget($user_row, 'viewimg')), 1569 'view_flash' => request_var('view_flash', $this->optionget($user_row, 'viewflash')), 1570 'view_smilies' => request_var('view_smilies', $this->optionget($user_row, 'viewsmilies')), 1571 'view_sigs' => request_var('view_sigs', $this->optionget($user_row, 'viewsigs')), 1572 'view_avatars' => request_var('view_avatars', $this->optionget($user_row, 'viewavatars')), 1573 'view_wordcensor' => request_var('view_wordcensor', $this->optionget($user_row, 'viewcensors')), 1574 1575 'bbcode' => request_var('bbcode', $this->optionget($user_row, 'bbcode')), 1576 'smilies' => request_var('smilies', $this->optionget($user_row, 'smilies')), 1577 'sig' => request_var('sig', $this->optionget($user_row, 'attachsig')), 1578 'notify' => request_var('notify', $user_row['user_notify']), 1579 ); 1580 1581 /** 1582 * Modify users preferences data 1583 * 1584 * @event core.acp_users_prefs_modify_data 1585 * @var array data Array with users preferences data 1586 * @var array user_row Array with user data 1587 * @since 3.1.0-b3 1588 */ 1589 $vars = array('data', 'user_row'); 1590 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars))); 1591 1592 if ($submit) 1593 { 1594 $error = validate_data($data, array( 1595 'dateformat' => array('string', false, 1, 64), 1596 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), 1597 'tz' => array('timezone'), 1598 1599 'topic_sk' => array('string', false, 1, 1), 1600 'topic_sd' => array('string', false, 1, 1), 1601 'post_sk' => array('string', false, 1, 1), 1602 'post_sd' => array('string', false, 1, 1), 1603 )); 1604 1605 if (!check_form_key($form_name)) 1606 { 1607 $error[] = 'FORM_INVALID'; 1608 } 1609 1610 if (!sizeof($error)) 1611 { 1612 $this->optionset($user_row, 'viewimg', $data['view_images']); 1613 $this->optionset($user_row, 'viewflash', $data['view_flash']); 1614 $this->optionset($user_row, 'viewsmilies', $data['view_smilies']); 1615 $this->optionset($user_row, 'viewsigs', $data['view_sigs']); 1616 $this->optionset($user_row, 'viewavatars', $data['view_avatars']); 1617 $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']); 1618 $this->optionset($user_row, 'bbcode', $data['bbcode']); 1619 $this->optionset($user_row, 'smilies', $data['smilies']); 1620 $this->optionset($user_row, 'attachsig', $data['sig']); 1621 1622 $sql_ary = array( 1623 'user_options' => $user_row['user_options'], 1624 1625 'user_allow_pm' => $data['allowpm'], 1626 'user_allow_viewemail' => $data['viewemail'], 1627 'user_allow_massemail' => $data['massemail'], 1628 'user_allow_viewonline' => !$data['hideonline'], 1629 'user_notify_type' => $data['notifymethod'], 1630 'user_notify_pm' => $data['notifypm'], 1631 1632 'user_dateformat' => $data['dateformat'], 1633 'user_lang' => $data['lang'], 1634 'user_timezone' => $data['tz'], 1635 'user_style' => $data['style'], 1636 1637 'user_topic_sortby_type' => $data['topic_sk'], 1638 'user_post_sortby_type' => $data['post_sk'], 1639 'user_topic_sortby_dir' => $data['topic_sd'], 1640 'user_post_sortby_dir' => $data['post_sd'], 1641 1642 'user_topic_show_days' => $data['topic_st'], 1643 'user_post_show_days' => $data['post_st'], 1644 1645 'user_notify' => $data['notify'], 1646 ); 1647 1648 /** 1649 * Modify SQL query before users preferences are updated 1650 * 1651 * @event core.acp_users_prefs_modify_sql 1652 * @var array data Array with users preferences data 1653 * @var array user_row Array with user data 1654 * @var array sql_ary SQL array with users preferences data to update 1655 * @var array error Array with errors data 1656 * @since 3.1.0-b3 1657 */ 1658 $vars = array('data', 'user_row', 'sql_ary', 'error'); 1659 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars))); 1660 1661 if (!sizeof($error)) 1662 { 1663 $sql = 'UPDATE ' . USERS_TABLE . ' 1664 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 1665 WHERE user_id = $user_id"; 1666 $db->sql_query($sql); 1667 1668 // Check if user has an active session 1669 if ($user_row['session_id']) 1670 { 1671 // We'll update the session if user_allow_viewonline has changed and the user is a bot 1672 // Or if it's a regular user and the admin set it to hide the session 1673 if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE 1674 || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) 1675 { 1676 // We also need to check if the user has the permission to cloak. 1677 $user_auth = new \phpbb\auth\auth(); 1678 $user_auth->acl($user_row); 1679 1680 $session_sql_ary = array( 1681 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true, 1682 ); 1683 1684 $sql = 'UPDATE ' . SESSIONS_TABLE . ' 1685 SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . " 1686 WHERE session_user_id = $user_id"; 1687 $db->sql_query($sql); 1688 1689 unset($user_auth); 1690 } 1691 } 1692 1693 trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1694 } 1695 } 1696 1697 // Replace "error" strings with their real, localised form 1698 $error = array_map(array($user, 'lang'), $error); 1699 } 1700 1701 $dateformat_options = ''; 1702 foreach ($user->lang['dateformats'] as $format => $null) 1703 { 1704 $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>'; 1705 $dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : ''); 1706 $dateformat_options .= '</option>'; 1707 } 1708 1709 $s_custom = false; 1710 1711 $dateformat_options .= '<option value="custom"'; 1712 if (!isset($user->lang['dateformats'][$data['dateformat']])) 1713 { 1714 $dateformat_options .= ' selected="selected"'; 1715 $s_custom = true; 1716 } 1717 $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>'; 1718 1719 $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 1720 1721 // Topic ordering options 1722 $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1723 $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); 1724 1725 // Post ordering options 1726 $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1727 $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); 1728 1729 $_options = array('topic', 'post'); 1730 foreach ($_options as $sort_option) 1731 { 1732 ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">'; 1733 foreach (${'limit_' . $sort_option . '_days'} as $day => $text) 1734 { 1735 $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : ''; 1736 ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; 1737 } 1738 ${'s_limit_' . $sort_option . '_days'} .= '</select>'; 1739 1740 ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">'; 1741 foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) 1742 { 1743 $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : ''; 1744 ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; 1745 } 1746 ${'s_sort_' . $sort_option . '_key'} .= '</select>'; 1747 1748 ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">'; 1749 foreach ($sort_dir_text as $key => $value) 1750 { 1751 $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : ''; 1752 ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 1753 } 1754 ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; 1755 } 1756 1757 phpbb_timezone_select($template, $user, $data['tz'], true); 1758 $user_prefs_data = array( 1759 'S_PREFS' => true, 1760 'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true, 1761 1762 'VIEW_EMAIL' => $data['viewemail'], 1763 'MASS_EMAIL' => $data['massemail'], 1764 'ALLOW_PM' => $data['allowpm'], 1765 'HIDE_ONLINE' => $data['hideonline'], 1766 'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false, 1767 'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false, 1768 'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false, 1769 'NOTIFY_PM' => $data['notifypm'], 1770 'BBCODE' => $data['bbcode'], 1771 'SMILIES' => $data['smilies'], 1772 'ATTACH_SIG' => $data['sig'], 1773 'NOTIFY' => $data['notify'], 1774 'VIEW_IMAGES' => $data['view_images'], 1775 'VIEW_FLASH' => $data['view_flash'], 1776 'VIEW_SMILIES' => $data['view_smilies'], 1777 'VIEW_SIGS' => $data['view_sigs'], 1778 'VIEW_AVATARS' => $data['view_avatars'], 1779 'VIEW_WORDCENSOR' => $data['view_wordcensor'], 1780 1781 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days, 1782 'S_TOPIC_SORT_KEY' => $s_sort_topic_key, 1783 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir, 1784 'S_POST_SORT_DAYS' => $s_limit_post_days, 1785 'S_POST_SORT_KEY' => $s_sort_post_key, 1786 'S_POST_SORT_DIR' => $s_sort_post_dir, 1787 1788 'DATE_FORMAT' => $data['dateformat'], 1789 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 1790 'S_CUSTOM_DATEFORMAT' => $s_custom, 1791 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 1792 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), 1793 1794 'S_LANG_OPTIONS' => language_select($data['lang']), 1795 'S_STYLE_OPTIONS' => style_select($data['style']), 1796 ); 1797 1798 /** 1799 * Modify users preferences data before assigning it to the template 1800 * 1801 * @event core.acp_users_prefs_modify_template_data 1802 * @var array data Array with users preferences data 1803 * @var array user_row Array with user data 1804 * @var array user_prefs_data Array with users preferences data to be assigned to the template 1805 * @since 3.1.0-b3 1806 */ 1807 $vars = array('data', 'user_row', 'user_prefs_data'); 1808 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars))); 1809 1810 $template->assign_vars($user_prefs_data); 1811 1812 break; 1813 1814 case 'avatar': 1815 1816 $avatars_enabled = false; 1817 /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ 1818 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 1819 1820 if ($config['allow_avatar']) 1821 { 1822 $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); 1823 1824 // This is normalised data, without the user_ prefix 1825 $avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user'); 1826 1827 if ($submit) 1828 { 1829 if (check_form_key($form_name)) 1830 { 1831 $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); 1832 1833 if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) 1834 { 1835 $driver = $phpbb_avatar_manager->get_driver($driver_name); 1836 $result = $driver->process_form($request, $template, $user, $avatar_data, $error); 1837 1838 if ($result && empty($error)) 1839 { 1840 // Success! Lets save the result in the database 1841 $result = array( 1842 'user_avatar_type' => $driver_name, 1843 'user_avatar' => $result['avatar'], 1844 'user_avatar_width' => $result['avatar_width'], 1845 'user_avatar_height' => $result['avatar_height'], 1846 ); 1847 1848 $sql = 'UPDATE ' . USERS_TABLE . ' 1849 SET ' . $db->sql_build_array('UPDATE', $result) . ' 1850 WHERE user_id = ' . (int) $user_id; 1851 1852 $db->sql_query($sql); 1853 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1854 } 1855 } 1856 } 1857 else 1858 { 1859 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1860 } 1861 } 1862 1863 // Handle deletion of avatars 1864 if ($request->is_set_post('avatar_delete')) 1865 { 1866 if (!confirm_box(true)) 1867 { 1868 confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array( 1869 'avatar_delete' => true)) 1870 ); 1871 } 1872 else 1873 { 1874 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_'); 1875 1876 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1877 } 1878 } 1879 1880 $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type'])); 1881 1882 // Assign min and max values before generating avatar driver html 1883 $template->assign_vars(array( 1884 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], 1885 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], 1886 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], 1887 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], 1888 )); 1889 1890 foreach ($avatar_drivers as $current_driver) 1891 { 1892 $driver = $phpbb_avatar_manager->get_driver($current_driver); 1893 1894 $avatars_enabled = true; 1895 $template->set_filenames(array( 1896 'avatar' => $driver->get_acp_template_name(), 1897 )); 1898 1899 if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) 1900 { 1901 $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver); 1902 $driver_upper = strtoupper($driver_name); 1903 1904 $template->assign_block_vars('avatar_drivers', array( 1905 'L_TITLE' => $user->lang($driver_upper . '_TITLE'), 1906 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 1907 1908 'DRIVER' => $driver_name, 1909 'SELECTED' => $current_driver == $selected_driver, 1910 'OUTPUT' => $template->assign_display('avatar'), 1911 )); 1912 } 1913 } 1914 } 1915 1916 // Avatar manager is not initialized if avatars are disabled 1917 if (isset($phpbb_avatar_manager)) 1918 { 1919 // Replace "error" strings with their real, localised form 1920 $error = $phpbb_avatar_manager->localize_errors($user, $error); 1921 } 1922 1923 $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true); 1924 1925 $template->assign_vars(array( 1926 'S_AVATAR' => true, 1927 'ERROR' => (!empty($error)) ? implode('<br />', $error) : '', 1928 'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar), 1929 1930 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 1931 1932 'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024), 1933 1934 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled), 1935 )); 1936 1937 break; 1938 1939 case 'rank': 1940 1941 if ($submit) 1942 { 1943 if (!check_form_key($form_name)) 1944 { 1945 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1946 } 1947 1948 $rank_id = request_var('user_rank', 0); 1949 1950 $sql = 'UPDATE ' . USERS_TABLE . " 1951 SET user_rank = $rank_id 1952 WHERE user_id = $user_id"; 1953 $db->sql_query($sql); 1954 1955 trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1956 } 1957 1958 $sql = 'SELECT * 1959 FROM ' . RANKS_TABLE . ' 1960 WHERE rank_special = 1 1961 ORDER BY rank_title'; 1962 $result = $db->sql_query($sql); 1963 1964 $s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>'; 1965 1966 while ($row = $db->sql_fetchrow($result)) 1967 { 1968 $selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : ''; 1969 $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; 1970 } 1971 $db->sql_freeresult($result); 1972 1973 $template->assign_vars(array( 1974 'S_RANK' => true, 1975 'S_RANK_OPTIONS' => $s_rank_options) 1976 ); 1977 1978 break; 1979 1980 case 'sig': 1981 1982 if (!function_exists('generate_smilies')) 1983 { 1984 include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); 1985 } 1986 1987 if (!function_exists('display_custom_bbcodes')) 1988 { 1989 include($phpbb_root_path . 'includes/functions_display.' . $phpEx); 1990 } 1991 1992 $enable_bbcode = ($config['allow_sig_bbcode']) ? (bool) $this->optionget($user_row, 'sig_bbcode') : false; 1993 $enable_smilies = ($config['allow_sig_smilies']) ? (bool) $this->optionget($user_row, 'sig_smilies') : false; 1994 $enable_urls = ($config['allow_sig_links']) ? (bool) $this->optionget($user_row, 'sig_links') : false; 1995 $signature = utf8_normalize_nfc(request_var('signature', (string) $user_row['user_sig'], true)); 1996 1997 $preview = (isset($_POST['preview'])) ? true : false; 1998 1999 if ($submit || $preview) 2000 { 2001 if (!class_exists('messenger')) 2002 { 2003 include($phpbb_root_path . 'includes/message_parser.' . $phpEx); 2004 } 2005 2006 $enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', false)) ? false : true) : false; 2007 $enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', false)) ? false : true) : false; 2008 $enable_urls = ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false; 2009 2010 $message_parser = new parse_message($signature); 2011 2012 // Allowing Quote BBCode 2013 $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig'); 2014 2015 if (sizeof($message_parser->warn_msg)) 2016 { 2017 $error[] = implode('<br />', $message_parser->warn_msg); 2018 } 2019 2020 if (!check_form_key($form_name)) 2021 { 2022 $error = 'FORM_INVALID'; 2023 } 2024 2025 if (!sizeof($error) && $submit) 2026 { 2027 $this->optionset($user_row, 'sig_bbcode', $enable_bbcode); 2028 $this->optionset($user_row, 'sig_smilies', $enable_smilies); 2029 $this->optionset($user_row, 'sig_links', $enable_urls); 2030 2031 $sql_ary = array( 2032 'user_sig' => (string) $message_parser->message, 2033 'user_options' => $user_row['user_options'], 2034 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 2035 'user_sig_bbcode_bitfield' => (string) $message_parser->bbcode_bitfield 2036 ); 2037 2038 $sql = 'UPDATE ' . USERS_TABLE . ' 2039 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 2040 WHERE user_id = ' . $user_id; 2041 $db->sql_query($sql); 2042 2043 trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 2044 } 2045 2046 // Replace "error" strings with their real, localised form 2047 $error = array_map(array($user, 'lang'), $error); 2048 } 2049 2050 $signature_preview = ''; 2051 2052 if ($preview) 2053 { 2054 // Now parse it for displaying 2055 $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); 2056 unset($message_parser); 2057 } 2058 2059 decode_message($signature, $user_row['user_sig_bbcode_uid']); 2060 2061 $template->assign_vars(array( 2062 'S_SIGNATURE' => true, 2063 2064 'SIGNATURE' => $signature, 2065 'SIGNATURE_PREVIEW' => $signature_preview, 2066 2067 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '', 2068 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '', 2069 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '', 2070 2071 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), 2072 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 2073 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 2074 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 2075 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 2076 2077 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']), 2078 2079 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 2080 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 2081 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false, 2082 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false, 2083 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) 2084 ); 2085 2086 // Assigning custom bbcodes 2087 display_custom_bbcodes(); 2088 2089 break; 2090 2091 case 'attach': 2092 2093 $start = request_var('start', 0); 2094 $deletemark = (isset($_POST['delmarked'])) ? true : false; 2095 $marked = request_var('mark', array(0)); 2096 $pagination = $phpbb_container->get('pagination'); 2097 2098 // Sort keys 2099 $sort_key = request_var('sk', 'a'); 2100 $sort_dir = request_var('sd', 'd'); 2101 2102 if ($deletemark && sizeof($marked)) 2103 { 2104 $sql = 'SELECT attach_id 2105 FROM ' . ATTACHMENTS_TABLE . ' 2106 WHERE poster_id = ' . $user_id . ' 2107 AND is_orphan = 0 2108 AND ' . $db->sql_in_set('attach_id', $marked); 2109 $result = $db->sql_query($sql); 2110 2111 $marked = array(); 2112 while ($row = $db->sql_fetchrow($result)) 2113 { 2114 $marked[] = $row['attach_id']; 2115 } 2116 $db->sql_freeresult($result); 2117 } 2118 2119 if ($deletemark && sizeof($marked)) 2120 { 2121 if (confirm_box(true)) 2122 { 2123 $sql = 'SELECT real_filename 2124 FROM ' . ATTACHMENTS_TABLE . ' 2125 WHERE ' . $db->sql_in_set('attach_id', $marked); 2126 $result = $db->sql_query($sql); 2127 2128 $log_attachments = array(); 2129 while ($row = $db->sql_fetchrow($result)) 2130 { 2131 $log_attachments[] = $row['real_filename']; 2132 } 2133 $db->sql_freeresult($result); 2134 2135 delete_attachments('attach', $marked); 2136 2137 $message = (sizeof($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']; 2138 2139 add_log('admin', 'LOG_ATTACHMENTS_DELETED', implode($user->lang['COMMA_SEPARATOR'], $log_attachments)); 2140 trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id)); 2141 } 2142 else 2143 { 2144 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2145 'u' => $user_id, 2146 'i' => $id, 2147 'mode' => $mode, 2148 'action' => $action, 2149 'delmarked' => true, 2150 'mark' => $marked)) 2151 ); 2152 } 2153 } 2154 2155 $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); 2156 $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); 2157 2158 $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 2159 2160 $s_sort_key = ''; 2161 foreach ($sk_text as $key => $value) 2162 { 2163 $selected = ($sort_key == $key) ? ' selected="selected"' : ''; 2164 $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 2165 } 2166 2167 $s_sort_dir = ''; 2168 foreach ($sd_text as $key => $value) 2169 { 2170 $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; 2171 $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 2172 } 2173 2174 if (!isset($sk_sql[$sort_key])) 2175 { 2176 $sort_key = 'a'; 2177 } 2178 2179 $order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC'); 2180 2181 $sql = 'SELECT COUNT(attach_id) as num_attachments 2182 FROM ' . ATTACHMENTS_TABLE . " 2183 WHERE poster_id = $user_id 2184 AND is_orphan = 0"; 2185 $result = $db->sql_query_limit($sql, 1); 2186 $num_attachments = (int) $db->sql_fetchfield('num_attachments'); 2187 $db->sql_freeresult($result); 2188 2189 $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title 2190 FROM ' . ATTACHMENTS_TABLE . ' a 2191 LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id 2192 AND a.in_message = 0) 2193 LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id 2194 AND a.in_message = 1) 2195 WHERE a.poster_id = ' . $user_id . " 2196 AND a.is_orphan = 0 2197 ORDER BY $order_by"; 2198 $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); 2199 2200 while ($row = $db->sql_fetchrow($result)) 2201 { 2202 if ($row['in_message']) 2203 { 2204 $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}"); 2205 } 2206 else 2207 { 2208 $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . '#p' . $row['post_msg_id']; 2209 } 2210 2211 $template->assign_block_vars('attach', array( 2212 'REAL_FILENAME' => $row['real_filename'], 2213 'COMMENT' => nl2br($row['attach_comment']), 2214 'EXTENSION' => $row['extension'], 2215 'SIZE' => get_formatted_filesize($row['filesize']), 2216 'DOWNLOAD_COUNT' => $row['download_count'], 2217 'POST_TIME' => $user->format_date($row['filetime']), 2218 'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'], 2219 2220 'ATTACH_ID' => $row['attach_id'], 2221 'POST_ID' => $row['post_msg_id'], 2222 'TOPIC_ID' => $row['topic_id'], 2223 2224 'S_IN_MESSAGE' => $row['in_message'], 2225 2226 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']), 2227 'U_VIEW_TOPIC' => $view_topic) 2228 ); 2229 } 2230 $db->sql_freeresult($result); 2231 2232 $base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir"; 2233 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start); 2234 2235 $template->assign_vars(array( 2236 'S_ATTACHMENTS' => true, 2237 'S_SORT_KEY' => $s_sort_key, 2238 'S_SORT_DIR' => $s_sort_dir, 2239 )); 2240 2241 break; 2242 2243 case 'groups': 2244 2245 if (!function_exists('group_user_attributes')) 2246 { 2247 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 2248 } 2249 2250 $user->add_lang(array('groups', 'acp/groups')); 2251 $group_id = request_var('g', 0); 2252 2253 if ($group_id) 2254 { 2255 // Check the founder only entry for this group to make sure everything is well 2256 $sql = 'SELECT group_founder_manage 2257 FROM ' . GROUPS_TABLE . ' 2258 WHERE group_id = ' . $group_id; 2259 $result = $db->sql_query($sql); 2260 $founder_manage = (int) $db->sql_fetchfield('group_founder_manage'); 2261 $db->sql_freeresult($result); 2262 2263 if ($user->data['user_type'] != USER_FOUNDER && $founder_manage) 2264 { 2265 trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2266 } 2267 } 2268 else 2269 { 2270 $founder_manage = 0; 2271 } 2272 2273 switch ($action) 2274 { 2275 case 'demote': 2276 case 'promote': 2277 case 'default': 2278 if (!$group_id) 2279 { 2280 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2281 } 2282 2283 if (!check_link_hash($request->variable('hash', ''), 'acp_users')) 2284 { 2285 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); 2286 } 2287 2288 group_user_attributes($action, $group_id, $user_id); 2289 2290 if ($action == 'default') 2291 { 2292 $user_row['group_id'] = $group_id; 2293 } 2294 break; 2295 2296 case 'delete': 2297 2298 if (confirm_box(true)) 2299 { 2300 if (!$group_id) 2301 { 2302 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2303 } 2304 2305 if ($error = group_user_del($group_id, $user_id)) 2306 { 2307 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2308 } 2309 2310 $error = array(); 2311 2312 // The delete action was successful - therefore update the user row... 2313 $sql = 'SELECT u.*, s.* 2314 FROM ' . USERS_TABLE . ' u 2315 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) 2316 WHERE u.user_id = ' . $user_id . ' 2317 ORDER BY s.session_time DESC'; 2318 $result = $db->sql_query_limit($sql, 1); 2319 $user_row = $db->sql_fetchrow($result); 2320 $db->sql_freeresult($result); 2321 } 2322 else 2323 { 2324 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2325 'u' => $user_id, 2326 'i' => $id, 2327 'mode' => $mode, 2328 'action' => $action, 2329 'g' => $group_id)) 2330 ); 2331 } 2332 2333 break; 2334 2335 case 'approve': 2336 2337 if (confirm_box(true)) 2338 { 2339 if (!$group_id) 2340 { 2341 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2342 } 2343 group_user_attributes($action, $group_id, $user_id); 2344 } 2345 else 2346 { 2347 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2348 'u' => $user_id, 2349 'i' => $id, 2350 'mode' => $mode, 2351 'action' => $action, 2352 'g' => $group_id)) 2353 ); 2354 } 2355 2356 break; 2357 } 2358 2359 // Add user to group? 2360 if ($submit) 2361 { 2362 2363 if (!check_form_key($form_name)) 2364 { 2365 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2366 } 2367 2368 if (!$group_id) 2369 { 2370 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2371 } 2372 2373 // Add user/s to group 2374 if ($error = group_user_add($group_id, $user_id)) 2375 { 2376 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2377 } 2378 2379 $error = array(); 2380 } 2381 2382 $sql = 'SELECT ug.*, g.* 2383 FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug 2384 WHERE ug.user_id = $user_id 2385 AND g.group_id = ug.group_id 2386 ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name"; 2387 $result = $db->sql_query($sql); 2388 2389 $i = 0; 2390 $group_data = $id_ary = array(); 2391 while ($row = $db->sql_fetchrow($result)) 2392 { 2393 $type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal'); 2394 2395 $group_data[$type][$i]['group_id'] = $row['group_id']; 2396 $group_data[$type][$i]['group_name'] = $row['group_name']; 2397 $group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0; 2398 2399 $id_ary[] = $row['group_id']; 2400 2401 $i++; 2402 } 2403 $db->sql_freeresult($result); 2404 2405 // Select box for other groups 2406 $sql = 'SELECT group_id, group_name, group_type, group_founder_manage 2407 FROM ' . GROUPS_TABLE . ' 2408 ' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . ' 2409 ORDER BY group_type DESC, group_name ASC'; 2410 $result = $db->sql_query($sql); 2411 2412 $s_group_options = ''; 2413 while ($row = $db->sql_fetchrow($result)) 2414 { 2415 if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA') 2416 { 2417 continue; 2418 } 2419 2420 // Do not display those groups not allowed to be managed 2421 if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage']) 2422 { 2423 continue; 2424 } 2425 2426 $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; 2427 } 2428 $db->sql_freeresult($result); 2429 2430 $current_type = ''; 2431 foreach ($group_data as $group_type => $data_ary) 2432 { 2433 if ($current_type != $group_type) 2434 { 2435 $template->assign_block_vars('group', array( 2436 'S_NEW_GROUP_TYPE' => true, 2437 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)]) 2438 ); 2439 } 2440 2441 foreach ($data_ary as $data) 2442 { 2443 $template->assign_block_vars('group', array( 2444 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"), 2445 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 2446 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 2447 'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'], 2448 'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '', 2449 2450 'GROUP_NAME' => ($group_type == 'special') ? $user->lang['G_' . $data['group_name']] : $data['group_name'], 2451 'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'], 2452 2453 'S_IS_MEMBER' => ($group_type != 'pending') ? true : false, 2454 'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false, 2455 'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false, 2456 ) 2457 ); 2458 } 2459 } 2460 2461 $template->assign_vars(array( 2462 'S_GROUPS' => true, 2463 'S_GROUP_OPTIONS' => $s_group_options) 2464 ); 2465 2466 break; 2467 2468 case 'perm': 2469 2470 if (!class_exists('auth_admin')) 2471 { 2472 include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); 2473 } 2474 2475 $auth_admin = new auth_admin(); 2476 2477 $user->add_lang('acp/permissions'); 2478 add_permission_language(); 2479 2480 $forum_id = request_var('f', 0); 2481 2482 // Global Permissions 2483 if (!$forum_id) 2484 { 2485 // Select auth options 2486 $sql = 'SELECT auth_option, is_local, is_global 2487 FROM ' . ACL_OPTIONS_TABLE . ' 2488 WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . ' 2489 AND is_global = 1 2490 ORDER BY auth_option'; 2491 $result = $db->sql_query($sql); 2492 2493 $hold_ary = array(); 2494 2495 while ($row = $db->sql_fetchrow($result)) 2496 { 2497 $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER); 2498 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false); 2499 } 2500 $db->sql_freeresult($result); 2501 2502 unset($hold_ary); 2503 } 2504 else 2505 { 2506 $sql = 'SELECT auth_option, is_local, is_global 2507 FROM ' . ACL_OPTIONS_TABLE . " 2508 WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . " 2509 AND is_local = 1 2510 ORDER BY is_global DESC, auth_option"; 2511 $result = $db->sql_query($sql); 2512 2513 while ($row = $db->sql_fetchrow($result)) 2514 { 2515 $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER); 2516 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false); 2517 } 2518 $db->sql_freeresult($result); 2519 } 2520 2521 $s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>'; 2522 $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false); 2523 2524 $template->assign_vars(array( 2525 'S_PERMISSIONS' => true, 2526 2527 'S_GLOBAL' => (!$forum_id) ? true : false, 2528 'S_FORUM_OPTIONS' => $s_forum_options, 2529 2530 'U_ACTION' => $this->u_action . '&u=' . $user_id, 2531 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id), 2532 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id)) 2533 ); 2534 2535 break; 2536 2537 } 2538 2539 // Assign general variables 2540 $template->assign_vars(array( 2541 'S_ERROR' => (sizeof($error)) ? true : false, 2542 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '') 2543 ); 2544 } 2545 2546 /** 2547 * Set option bit field for user options in a user row array. 2548 * 2549 * Optionset replacement for this module based on $user->optionset. 2550 * 2551 * @param array $user_row Row from the users table. 2552 * @param int $key Option key, as defined in $user->keyoptions property. 2553 * @param bool $value True to set the option, false to clear the option. 2554 * @param int $data Current bit field value, or false to use $user_row['user_options'] 2555 * @return int|bool If $data is false, the bit field is modified and 2556 * written back to $user_row['user_options'], and 2557 * return value is true if the bit field changed and 2558 * false otherwise. If $data is not false, the new 2559 * bitfield value is returned. 2560 */ 2561 function optionset(&$user_row, $key, $value, $data = false) 2562 { 2563 global $user; 2564 2565 $var = ($data !== false) ? $data : $user_row['user_options']; 2566 2567 $new_var = phpbb_optionset($user->keyoptions[$key], $value, $var); 2568 2569 if ($data === false) 2570 { 2571 if ($new_var != $var) 2572 { 2573 $user_row['user_options'] = $new_var; 2574 return true; 2575 } 2576 else 2577 { 2578 return false; 2579 } 2580 } 2581 else 2582 { 2583 return $new_var; 2584 } 2585 } 2586 2587 /** 2588 * Get option bit field from user options in a user row array. 2589 * 2590 * Optionget replacement for this module based on $user->optionget. 2591 * 2592 * @param array $user_row Row from the users table. 2593 * @param int $key option key, as defined in $user->keyoptions property. 2594 * @param int $data bit field value to use, or false to use $user_row['user_options'] 2595 * @return bool true if the option is set in the bit field, false otherwise 2596 */ 2597 function optionget(&$user_row, $key, $data = false) 2598 { 2599 global $user; 2600 2601 $var = ($data !== false) ? $data : $user_row['user_options']; 2602 return phpbb_optionget($user->keyoptions[$key], $var); 2603 } 2604 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jan 11 00:25:41 2018 | Cross-referenced by PHPXref 0.7.1 |