[ Index ] |
PHP Cross Reference of phpBB-3.2.11-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 if (!defined('IN_PHPBB')) 18 { 19 exit; 20 } 21 22 class acp_users 23 { 24 var $u_action; 25 var $p_master; 26 27 function __construct($p_master) 28 { 29 $this->p_master = $p_master; 30 } 31 32 function main($id, $mode) 33 { 34 global $config, $db, $user, $auth, $template; 35 global $phpbb_root_path, $phpbb_admin_path, $phpEx; 36 global $phpbb_dispatcher, $request; 37 global $phpbb_container, $phpbb_log; 38 39 $user->add_lang(array('posting', 'ucp', 'acp/users')); 40 $this->tpl_name = 'acp_users'; 41 42 $error = array(); 43 $username = $request->variable('username', '', true); 44 $user_id = $request->variable('u', 0); 45 $action = $request->variable('action', ''); 46 47 // Get referer to redirect user to the appropriate page after delete action 48 $redirect = $request->variable('redirect', ''); 49 $redirect_tag = "redirect=$redirect"; 50 $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect"); 51 52 $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false; 53 54 $form_name = 'acp_users'; 55 add_form_key($form_name); 56 57 // Whois (special case) 58 if ($action == 'whois') 59 { 60 if (!function_exists('user_get_id_name')) 61 { 62 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 63 } 64 65 $this->page_title = 'WHOIS'; 66 $this->tpl_name = 'simple_body'; 67 68 $user_ip = phpbb_ip_normalise($request->variable('user_ip', '')); 69 $domain = gethostbyaddr($user_ip); 70 $ipwhois = user_ipwhois($user_ip); 71 72 $template->assign_vars(array( 73 'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), 74 'MESSAGE_TEXT' => nl2br($ipwhois)) 75 ); 76 77 return; 78 } 79 80 // Show user selection mask 81 if (!$username && !$user_id) 82 { 83 $this->page_title = 'SELECT_USER'; 84 85 $template->assign_vars(array( 86 'U_ACTION' => $this->u_action, 87 'ANONYMOUS_USER_ID' => ANONYMOUS, 88 89 'S_SELECT_USER' => true, 90 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'), 91 )); 92 93 return; 94 } 95 96 if (!$user_id) 97 { 98 $sql = 'SELECT user_id 99 FROM ' . USERS_TABLE . " 100 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; 101 $result = $db->sql_query($sql); 102 $user_id = (int) $db->sql_fetchfield('user_id'); 103 $db->sql_freeresult($result); 104 105 if (!$user_id) 106 { 107 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); 108 } 109 } 110 111 // Generate content for all modes 112 $sql = 'SELECT u.*, s.* 113 FROM ' . USERS_TABLE . ' u 114 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) 115 WHERE u.user_id = ' . $user_id . ' 116 ORDER BY s.session_time DESC'; 117 $result = $db->sql_query_limit($sql, 1); 118 $user_row = $db->sql_fetchrow($result); 119 $db->sql_freeresult($result); 120 121 if (!$user_row) 122 { 123 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); 124 } 125 126 // Generate overall "header" for user admin 127 $s_form_options = ''; 128 129 // Build modes dropdown list 130 $sql = 'SELECT module_mode, module_auth 131 FROM ' . MODULES_TABLE . " 132 WHERE module_basename = 'acp_users' 133 AND module_enabled = 1 134 AND module_class = 'acp' 135 ORDER BY left_id, module_mode"; 136 $result = $db->sql_query($sql); 137 138 $dropdown_modes = array(); 139 while ($row = $db->sql_fetchrow($result)) 140 { 141 if (!$this->p_master->module_auth_self($row['module_auth'])) 142 { 143 continue; 144 } 145 146 $dropdown_modes[$row['module_mode']] = true; 147 } 148 $db->sql_freeresult($result); 149 150 foreach ($dropdown_modes as $module_mode => $null) 151 { 152 $selected = ($mode == $module_mode) ? ' selected="selected"' : ''; 153 $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>'; 154 } 155 156 $template->assign_vars(array( 157 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url, 158 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"), 159 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag), 160 'S_FORM_OPTIONS' => $s_form_options, 161 'MANAGED_USERNAME' => $user_row['username']) 162 ); 163 164 // Prevent normal users/admins change/view founders if they are not a founder by themselves 165 if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) 166 { 167 trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING); 168 } 169 170 $this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode)); 171 172 switch ($mode) 173 { 174 case 'overview': 175 176 if (!function_exists('user_get_id_name')) 177 { 178 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 179 } 180 181 $user->add_lang('acp/ban'); 182 183 $delete = $request->variable('delete', 0); 184 $delete_type = $request->variable('delete_type', ''); 185 $ip = $request->variable('ip', 'ip'); 186 187 /** 188 * Run code at beginning of ACP users overview 189 * 190 * @event core.acp_users_overview_before 191 * @var array user_row Current user data 192 * @var string mode Active module 193 * @var string action Module that should be run 194 * @var bool submit Do we display the form only 195 * or did the user press submit 196 * @var array error Array holding error messages 197 * @since 3.1.3-RC1 198 */ 199 $vars = array('user_row', 'mode', 'action', 'submit', 'error'); 200 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars))); 201 202 if ($submit) 203 { 204 if ($delete) 205 { 206 if (!$auth->acl_get('a_userdel')) 207 { 208 send_status_line(403, 'Forbidden'); 209 trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 210 } 211 212 // Check if the user wants to remove himself or the guest user account 213 if ($user_id == ANONYMOUS) 214 { 215 trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 216 } 217 218 // Founders can not be deleted. 219 if ($user_row['user_type'] == USER_FOUNDER) 220 { 221 trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 222 } 223 224 if ($user_id == $user->data['user_id']) 225 { 226 trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 227 } 228 229 if ($delete_type) 230 { 231 if (confirm_box(true)) 232 { 233 user_delete($delete_type, $user_id, $user_row['username']); 234 235 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username'])); 236 trigger_error($user->lang['USER_DELETED'] . adm_back_link( 237 (empty($redirect)) ? $this->u_action : $redirect_url 238 ) 239 ); 240 } 241 else 242 { 243 $delete_confirm_hidden_fields = array( 244 'u' => $user_id, 245 'i' => $id, 246 'mode' => $mode, 247 'action' => $action, 248 'update' => true, 249 'delete' => 1, 250 'delete_type' => $delete_type, 251 ); 252 253 // Checks if the redirection page is specified 254 if (!empty($redirect)) 255 { 256 $delete_confirm_hidden_fields['redirect'] = $redirect; 257 } 258 259 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields)); 260 } 261 } 262 else 263 { 264 trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 265 } 266 } 267 268 // Handle quicktool actions 269 switch ($action) 270 { 271 case 'banuser': 272 case 'banemail': 273 case 'banip': 274 275 if ($user_id == $user->data['user_id']) 276 { 277 trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 278 } 279 280 if ($user_id == ANONYMOUS) 281 { 282 trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 283 } 284 285 if ($user_row['user_type'] == USER_FOUNDER) 286 { 287 trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 288 } 289 290 if (!check_form_key($form_name)) 291 { 292 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 293 } 294 295 $ban = array(); 296 297 switch ($action) 298 { 299 case 'banuser': 300 $ban[] = $user_row['username']; 301 $reason = 'USER_ADMIN_BAN_NAME_REASON'; 302 break; 303 304 case 'banemail': 305 $ban[] = $user_row['user_email']; 306 $reason = 'USER_ADMIN_BAN_EMAIL_REASON'; 307 break; 308 309 case 'banip': 310 $ban[] = $user_row['user_ip']; 311 312 $sql = 'SELECT DISTINCT poster_ip 313 FROM ' . POSTS_TABLE . " 314 WHERE poster_id = $user_id"; 315 $result = $db->sql_query($sql); 316 317 while ($row = $db->sql_fetchrow($result)) 318 { 319 $ban[] = $row['poster_ip']; 320 } 321 $db->sql_freeresult($result); 322 323 $reason = 'USER_ADMIN_BAN_IP_REASON'; 324 break; 325 } 326 327 $ban_reason = $request->variable('ban_reason', $user->lang[$reason], true); 328 $ban_give_reason = $request->variable('ban_give_reason', '', true); 329 330 // Log not used at the moment, we simply utilize the ban function. 331 $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason); 332 333 trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id)); 334 335 break; 336 337 case 'reactivate': 338 339 if ($user_id == $user->data['user_id']) 340 { 341 trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 342 } 343 344 if (!check_form_key($form_name)) 345 { 346 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 347 } 348 349 if ($user_row['user_type'] == USER_FOUNDER) 350 { 351 trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 352 } 353 354 if ($user_row['user_type'] == USER_IGNORE) 355 { 356 trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 357 } 358 359 if ($config['email_enable']) 360 { 361 if (!class_exists('messenger')) 362 { 363 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); 364 } 365 366 $server_url = generate_board_url(); 367 368 $user_actkey = gen_rand_string(mt_rand(6, 10)); 369 $email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive'; 370 371 if ($user_row['user_type'] == USER_NORMAL) 372 { 373 user_active_flip('deactivate', $user_id, INACTIVE_REMIND); 374 } 375 else 376 { 377 // Grabbing the last confirm key - we only send a reminder 378 $sql = 'SELECT user_actkey 379 FROM ' . USERS_TABLE . ' 380 WHERE user_id = ' . $user_id; 381 $result = $db->sql_query($sql); 382 $user_activation_key = (string) $db->sql_fetchfield('user_actkey'); 383 $db->sql_freeresult($result); 384 385 $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key; 386 } 387 388 if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key)) 389 { 390 $sql = 'UPDATE ' . USERS_TABLE . " 391 SET user_actkey = '" . $db->sql_escape($user_actkey) . "' 392 WHERE user_id = $user_id"; 393 $db->sql_query($sql); 394 } 395 396 $messenger = new messenger(false); 397 398 $messenger->template($email_template, $user_row['user_lang']); 399 400 $messenger->set_addresses($user_row); 401 402 $messenger->anti_abuse_headers($config, $user); 403 404 $messenger->assign_vars(array( 405 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 406 'USERNAME' => htmlspecialchars_decode($user_row['username']), 407 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") 408 ); 409 410 $messenger->send(NOTIFY_EMAIL); 411 412 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username'])); 413 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array( 414 'reportee_id' => $user_id 415 )); 416 417 trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id)); 418 } 419 420 break; 421 422 case 'active': 423 424 if ($user_id == $user->data['user_id']) 425 { 426 // It is only deactivation since the user is already activated (else he would not have reached this page) 427 trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 428 } 429 430 if (!check_form_key($form_name)) 431 { 432 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 433 } 434 435 if ($user_row['user_type'] == USER_FOUNDER) 436 { 437 trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 438 } 439 440 if ($user_row['user_type'] == USER_IGNORE) 441 { 442 trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 443 } 444 445 user_active_flip('flip', $user_id); 446 447 if ($user_row['user_type'] == USER_INACTIVE) 448 { 449 if ($config['require_activation'] == USER_ACTIVATION_ADMIN) 450 { 451 /* @var $phpbb_notifications \phpbb\notification\manager */ 452 $phpbb_notifications = $phpbb_container->get('notification_manager'); 453 $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); 454 455 if (!class_exists('messenger')) 456 { 457 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); 458 } 459 460 $messenger = new messenger(false); 461 462 $messenger->template('admin_welcome_activated', $user_row['user_lang']); 463 464 $messenger->set_addresses($user_row); 465 466 $messenger->anti_abuse_headers($config, $user); 467 468 $messenger->assign_vars(array( 469 'USERNAME' => htmlspecialchars_decode($user_row['username'])) 470 ); 471 472 $messenger->send(NOTIFY_EMAIL); 473 } 474 } 475 476 $message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED'; 477 $log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE'; 478 479 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username'])); 480 $phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array( 481 'reportee_id' => $user_id 482 )); 483 484 trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id)); 485 486 break; 487 488 case 'delsig': 489 490 if (!check_form_key($form_name)) 491 { 492 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 493 } 494 495 $sql_ary = array( 496 'user_sig' => '', 497 'user_sig_bbcode_uid' => '', 498 'user_sig_bbcode_bitfield' => '' 499 ); 500 501 $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 502 WHERE user_id = $user_id"; 503 $db->sql_query($sql); 504 505 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username'])); 506 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array( 507 'reportee_id' => $user_id 508 )); 509 510 trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 511 512 break; 513 514 case 'delavatar': 515 516 if (!check_form_key($form_name)) 517 { 518 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 519 } 520 521 // Delete old avatar if present 522 /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ 523 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 524 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_'); 525 526 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username'])); 527 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array( 528 'reportee_id' => $user_id 529 )); 530 531 trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 532 break; 533 534 case 'delposts': 535 536 if (confirm_box(true)) 537 { 538 // Delete posts, attachments, etc. 539 delete_posts('poster_id', $user_id); 540 541 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username'])); 542 trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 543 } 544 else 545 { 546 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 547 'u' => $user_id, 548 'i' => $id, 549 'mode' => $mode, 550 'action' => $action, 551 'update' => true)) 552 ); 553 } 554 555 break; 556 557 case 'delattach': 558 559 if (confirm_box(true)) 560 { 561 /** @var \phpbb\attachment\manager $attachment_manager */ 562 $attachment_manager = $phpbb_container->get('attachment.manager'); 563 $attachment_manager->delete('user', $user_id); 564 unset($attachment_manager); 565 566 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username'])); 567 trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 568 } 569 else 570 { 571 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 572 'u' => $user_id, 573 'i' => $id, 574 'mode' => $mode, 575 'action' => $action, 576 'update' => true)) 577 ); 578 } 579 580 break; 581 582 case 'deloutbox': 583 584 if (confirm_box(true)) 585 { 586 $msg_ids = array(); 587 $lang = 'EMPTY'; 588 589 $sql = 'SELECT msg_id 590 FROM ' . PRIVMSGS_TO_TABLE . " 591 WHERE author_id = $user_id 592 AND folder_id = " . PRIVMSGS_OUTBOX; 593 $result = $db->sql_query($sql); 594 595 if ($row = $db->sql_fetchrow($result)) 596 { 597 if (!function_exists('delete_pm')) 598 { 599 include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); 600 } 601 602 do 603 { 604 $msg_ids[] = (int) $row['msg_id']; 605 } 606 while ($row = $db->sql_fetchrow($result)); 607 608 $db->sql_freeresult($result); 609 610 delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX); 611 612 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username'])); 613 614 $lang = 'EMPTIED'; 615 } 616 $db->sql_freeresult($result); 617 618 trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id)); 619 } 620 else 621 { 622 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 623 'u' => $user_id, 624 'i' => $id, 625 'mode' => $mode, 626 'action' => $action, 627 'update' => true)) 628 ); 629 } 630 break; 631 632 case 'moveposts': 633 634 if (!check_form_key($form_name)) 635 { 636 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 637 } 638 639 $user->add_lang('acp/forums'); 640 641 $new_forum_id = $request->variable('new_f', 0); 642 643 if (!$new_forum_id) 644 { 645 $this->page_title = 'USER_ADMIN_MOVE_POSTS'; 646 647 $template->assign_vars(array( 648 'S_SELECT_FORUM' => true, 649 'U_ACTION' => $this->u_action . "&action=$action&u=$user_id", 650 'U_BACK' => $this->u_action . "&u=$user_id", 651 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true)) 652 ); 653 654 return; 655 } 656 657 // Is the new forum postable to? 658 $sql = 'SELECT forum_name, forum_type 659 FROM ' . FORUMS_TABLE . " 660 WHERE forum_id = $new_forum_id"; 661 $result = $db->sql_query($sql); 662 $forum_info = $db->sql_fetchrow($result); 663 $db->sql_freeresult($result); 664 665 if (!$forum_info) 666 { 667 trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 668 } 669 670 if ($forum_info['forum_type'] != FORUM_POST) 671 { 672 trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 673 } 674 675 // Two stage? 676 // Move topics comprising only posts from this user 677 $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array(); 678 $forum_id_ary = array($new_forum_id); 679 680 $sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts 681 FROM ' . POSTS_TABLE . " 682 WHERE poster_id = $user_id 683 AND forum_id <> $new_forum_id 684 GROUP BY topic_id, post_visibility"; 685 $result = $db->sql_query($sql); 686 687 while ($row = $db->sql_fetchrow($result)) 688 { 689 $topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts']; 690 } 691 $db->sql_freeresult($result); 692 693 if (count($topic_id_ary)) 694 { 695 $sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment 696 FROM ' . TOPICS_TABLE . ' 697 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); 698 $result = $db->sql_query($sql); 699 700 while ($row = $db->sql_fetchrow($result)) 701 { 702 if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved'] 703 && $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved'] 704 && $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved'] 705 && $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted']) 706 { 707 $move_topic_ary[] = $row['topic_id']; 708 } 709 else 710 { 711 $move_post_ary[$row['topic_id']]['title'] = $row['topic_title']; 712 $move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0; 713 } 714 715 $forum_id_ary[] = $row['forum_id']; 716 } 717 $db->sql_freeresult($result); 718 } 719 720 // Entire topic comprises posts by this user, move these topics 721 if (count($move_topic_ary)) 722 { 723 move_topics($move_topic_ary, $new_forum_id, false); 724 } 725 726 if (count($move_post_ary)) 727 { 728 // Create new topic 729 // Update post_ids, report_ids, attachment_ids 730 foreach ($move_post_ary as $topic_id => $post_ary) 731 { 732 // Create new topic 733 $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 734 'topic_poster' => $user_id, 735 'topic_time' => time(), 736 'forum_id' => $new_forum_id, 737 'icon_id' => 0, 738 'topic_visibility' => ITEM_APPROVED, 739 'topic_title' => $post_ary['title'], 740 'topic_first_poster_name' => $user_row['username'], 741 'topic_type' => POST_NORMAL, 742 'topic_time_limit' => 0, 743 'topic_attachment' => $post_ary['attach']) 744 ); 745 $db->sql_query($sql); 746 747 $new_topic_id = $db->sql_nextid(); 748 749 // Move posts 750 $sql = 'UPDATE ' . POSTS_TABLE . " 751 SET forum_id = $new_forum_id, topic_id = $new_topic_id 752 WHERE topic_id = $topic_id 753 AND poster_id = $user_id"; 754 $db->sql_query($sql); 755 756 if ($post_ary['attach']) 757 { 758 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " 759 SET topic_id = $new_topic_id 760 WHERE topic_id = $topic_id 761 AND poster_id = $user_id"; 762 $db->sql_query($sql); 763 } 764 765 $new_topic_id_ary[] = $new_topic_id; 766 } 767 } 768 769 $forum_id_ary = array_unique($forum_id_ary); 770 $topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary)); 771 772 if (count($topic_id_ary)) 773 { 774 sync('topic_reported', 'topic_id', $topic_id_ary); 775 sync('topic', 'topic_id', $topic_id_ary); 776 } 777 778 if (count($forum_id_ary)) 779 { 780 sync('forum', 'forum_id', $forum_id_ary, false, true); 781 } 782 783 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name'])); 784 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array( 785 'reportee_id' => $user_id, 786 $forum_info['forum_name'] 787 )); 788 789 trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 790 791 break; 792 793 case 'leave_nr': 794 795 if (confirm_box(true)) 796 { 797 remove_newly_registered($user_id, $user_row); 798 799 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username'])); 800 trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id)); 801 } 802 else 803 { 804 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 805 'u' => $user_id, 806 'i' => $id, 807 'mode' => $mode, 808 'action' => $action, 809 'update' => true)) 810 ); 811 } 812 813 break; 814 815 default: 816 $u_action = $this->u_action; 817 818 /** 819 * Run custom quicktool code 820 * 821 * @event core.acp_users_overview_run_quicktool 822 * @var string action Quick tool that should be run 823 * @var array user_row Current user data 824 * @var string u_action The u_action link 825 * @var int user_id User id of the user to manage 826 * @since 3.1.0-a1 827 * @changed 3.2.2-RC1 Added u_action 828 * @changed 3.2.10-RC1 Added user_id 829 */ 830 $vars = array('action', 'user_row', 'u_action', 'user_id'); 831 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars))); 832 833 unset($u_action); 834 break; 835 } 836 837 // Handle registration info updates 838 $data = array( 839 'username' => $request->variable('user', $user_row['username'], true), 840 'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 841 'email' => strtolower($request->variable('user_email', $user_row['user_email'])), 842 'new_password' => $request->variable('new_password', '', true), 843 'password_confirm' => $request->variable('password_confirm', '', true), 844 ); 845 846 // Validation data - we do not check the password complexity setting here 847 $check_ary = array( 848 'new_password' => array( 849 array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 850 array('password')), 851 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 852 ); 853 854 // Check username if altered 855 if ($data['username'] != $user_row['username']) 856 { 857 $check_ary += array( 858 'username' => array( 859 array('string', false, $config['min_name_chars'], $config['max_name_chars']), 860 array('username', $user_row['username'], true) 861 ), 862 ); 863 } 864 865 // Check email if altered 866 if ($data['email'] != $user_row['user_email']) 867 { 868 $check_ary += array( 869 'email' => array( 870 array('string', false, 6, 60), 871 array('user_email', $user_row['user_email']), 872 ), 873 ); 874 } 875 876 $error = validate_data($data, $check_ary); 877 878 if ($data['new_password'] && $data['password_confirm'] != $data['new_password']) 879 { 880 $error[] = 'NEW_PASSWORD_ERROR'; 881 } 882 883 if (!check_form_key($form_name)) 884 { 885 $error[] = 'FORM_INVALID'; 886 } 887 888 // Instantiate passwords manager 889 /* @var $passwords_manager \phpbb\passwords\manager */ 890 $passwords_manager = $phpbb_container->get('passwords.manager'); 891 892 // Which updates do we need to do? 893 $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false; 894 $update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']); 895 $update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false; 896 897 if (!count($error)) 898 { 899 $sql_ary = array(); 900 901 if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER) 902 { 903 // Only allow founders updating the founder status... 904 if ($user->data['user_type'] == USER_FOUNDER) 905 { 906 // Setting a normal member to be a founder 907 if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER) 908 { 909 // Make sure the user is not setting an Inactive or ignored user to be a founder 910 if ($user_row['user_type'] == USER_IGNORE) 911 { 912 trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 913 } 914 915 if ($user_row['user_type'] == USER_INACTIVE) 916 { 917 trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 918 } 919 920 $sql_ary['user_type'] = USER_FOUNDER; 921 } 922 else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER) 923 { 924 // Check if at least one founder is present 925 $sql = 'SELECT user_id 926 FROM ' . USERS_TABLE . ' 927 WHERE user_type = ' . USER_FOUNDER . ' 928 AND user_id <> ' . $user_id; 929 $result = $db->sql_query_limit($sql, 1); 930 $row = $db->sql_fetchrow($result); 931 $db->sql_freeresult($result); 932 933 if ($row) 934 { 935 $sql_ary['user_type'] = USER_NORMAL; 936 } 937 else 938 { 939 trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 940 } 941 } 942 } 943 } 944 945 /** 946 * Modify user data before we update it 947 * 948 * @event core.acp_users_overview_modify_data 949 * @var array user_row Current user data 950 * @var array data Submitted user data 951 * @var array sql_ary User data we udpate 952 * @since 3.1.0-a1 953 */ 954 $vars = array('user_row', 'data', 'sql_ary'); 955 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars))); 956 957 if ($update_username !== false) 958 { 959 $sql_ary['username'] = $update_username; 960 $sql_ary['username_clean'] = utf8_clean_string($update_username); 961 962 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array( 963 'reportee_id' => $user_id, 964 $user_row['username'], 965 $update_username 966 )); 967 } 968 969 if ($update_email !== false) 970 { 971 $sql_ary += array( 972 'user_email' => $update_email, 973 'user_email_hash' => phpbb_email_hash($update_email), 974 ); 975 976 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array( 977 'reportee_id' => $user_id, 978 $user_row['username'], 979 $user_row['user_email'], 980 $update_email 981 )); 982 } 983 984 if ($update_password) 985 { 986 $sql_ary += array( 987 'user_password' => $passwords_manager->hash($data['new_password']), 988 'user_passchg' => time(), 989 ); 990 991 $user->reset_login_keys($user_id); 992 993 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( 994 'reportee_id' => $user_id, 995 $user_row['username'] 996 )); 997 } 998 999 if (count($sql_ary)) 1000 { 1001 $sql = 'UPDATE ' . USERS_TABLE . ' 1002 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 1003 WHERE user_id = ' . $user_id; 1004 $db->sql_query($sql); 1005 } 1006 1007 if ($update_username) 1008 { 1009 user_update_name($user_row['username'], $update_username); 1010 } 1011 1012 // Let the users permissions being updated 1013 $auth->acl_clear_prefetch($user_id); 1014 1015 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username'])); 1016 1017 trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1018 } 1019 1020 // Replace "error" strings with their real, localised form 1021 $error = array_map(array($user, 'lang'), $error); 1022 } 1023 1024 if ($user_id == $user->data['user_id']) 1025 { 1026 $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); 1027 if ($user_row['user_new']) 1028 { 1029 $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; 1030 } 1031 } 1032 else 1033 { 1034 $quick_tool_ary = array(); 1035 1036 if ($user_row['user_type'] != USER_FOUNDER) 1037 { 1038 $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP'); 1039 } 1040 1041 if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE) 1042 { 1043 $quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE')); 1044 } 1045 1046 $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); 1047 1048 if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE)) 1049 { 1050 $quick_tool_ary['reactivate'] = 'FORCE'; 1051 } 1052 1053 if ($user_row['user_new']) 1054 { 1055 $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; 1056 } 1057 } 1058 1059 if ($config['load_onlinetrack']) 1060 { 1061 $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline 1062 FROM ' . SESSIONS_TABLE . " 1063 WHERE session_user_id = $user_id"; 1064 $result = $db->sql_query($sql); 1065 $row = $db->sql_fetchrow($result); 1066 $db->sql_freeresult($result); 1067 1068 $user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0; 1069 $user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0; 1070 unset($row); 1071 } 1072 1073 /** 1074 * Add additional quick tool options and overwrite user data 1075 * 1076 * @event core.acp_users_display_overview 1077 * @var array user_row Array with user data 1078 * @var array quick_tool_ary Ouick tool options 1079 * @since 3.1.0-a1 1080 */ 1081 $vars = array('user_row', 'quick_tool_ary'); 1082 extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars))); 1083 1084 $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>'; 1085 foreach ($quick_tool_ary as $value => $lang) 1086 { 1087 $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>'; 1088 } 1089 1090 $last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit']; 1091 1092 $inactive_reason = ''; 1093 if ($user_row['user_type'] == USER_INACTIVE) 1094 { 1095 $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN']; 1096 1097 switch ($user_row['user_inactive_reason']) 1098 { 1099 case INACTIVE_REGISTER: 1100 $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER']; 1101 break; 1102 1103 case INACTIVE_PROFILE: 1104 $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE']; 1105 break; 1106 1107 case INACTIVE_MANUAL: 1108 $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL']; 1109 break; 1110 1111 case INACTIVE_REMIND: 1112 $inactive_reason = $user->lang['INACTIVE_REASON_REMIND']; 1113 break; 1114 } 1115 } 1116 1117 // Posts in Queue 1118 $sql = 'SELECT COUNT(post_id) as posts_in_queue 1119 FROM ' . POSTS_TABLE . ' 1120 WHERE poster_id = ' . $user_id . ' 1121 AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)); 1122 $result = $db->sql_query($sql); 1123 $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue'); 1124 $db->sql_freeresult($result); 1125 1126 $sql = 'SELECT post_id 1127 FROM ' . POSTS_TABLE . ' 1128 WHERE poster_id = '. $user_id; 1129 $result = $db->sql_query_limit($sql, 1); 1130 $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id'); 1131 $db->sql_freeresult($result); 1132 1133 $template->assign_vars(array( 1134 'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), 1135 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), 1136 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']), 1137 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, 1138 1139 'S_OVERVIEW' => true, 1140 'S_USER_IP' => ($user_row['user_ip']) ? true : false, 1141 'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false, 1142 'S_ACTION_OPTIONS' => $s_action_options, 1143 'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false, 1144 'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false, 1145 1146 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 1147 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 1148 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', 1149 'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', 1150 1151 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '', 1152 1153 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'], 1154 'USER' => $user_row['username'], 1155 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 1156 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], 1157 'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ', 1158 'USER_EMAIL' => $user_row['user_email'], 1159 'USER_WARNINGS' => $user_row['user_warnings'], 1160 'USER_POSTS' => $user_row['user_posts'], 1161 'USER_HAS_POSTS' => $user_row['user_has_posts'], 1162 'USER_INACTIVE_REASON' => $inactive_reason, 1163 )); 1164 1165 break; 1166 1167 case 'feedback': 1168 1169 $user->add_lang('mcp'); 1170 1171 // Set up general vars 1172 $start = $request->variable('start', 0); 1173 $deletemark = (isset($_POST['delmarked'])) ? true : false; 1174 $deleteall = (isset($_POST['delall'])) ? true : false; 1175 $marked = $request->variable('mark', array(0)); 1176 $message = $request->variable('message', '', true); 1177 1178 /* @var $pagination \phpbb\pagination */ 1179 $pagination = $phpbb_container->get('pagination'); 1180 1181 // Sort keys 1182 $sort_days = $request->variable('st', 0); 1183 $sort_key = $request->variable('sk', 't'); 1184 $sort_dir = $request->variable('sd', 'd'); 1185 1186 // Delete entries if requested and able 1187 if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) 1188 { 1189 if (!check_form_key($form_name)) 1190 { 1191 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1192 } 1193 1194 $where_sql = ''; 1195 if ($deletemark && $marked) 1196 { 1197 $sql_in = array(); 1198 foreach ($marked as $mark) 1199 { 1200 $sql_in[] = $mark; 1201 } 1202 $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); 1203 unset($sql_in); 1204 } 1205 1206 if ($where_sql || $deleteall) 1207 { 1208 $sql = 'DELETE FROM ' . LOG_TABLE . ' 1209 WHERE log_type = ' . LOG_USERS . " 1210 AND reportee_id = $user_id 1211 $where_sql"; 1212 $db->sql_query($sql); 1213 1214 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username'])); 1215 } 1216 } 1217 1218 if ($submit && $message) 1219 { 1220 if (!check_form_key($form_name)) 1221 { 1222 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1223 } 1224 1225 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username'])); 1226 $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array( 1227 'forum_id' => 0, 1228 'topic_id' => 0, 1229 $user_row['username'] 1230 )); 1231 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array( 1232 'reportee_id' => $user_id, 1233 $message 1234 )); 1235 1236 trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1237 } 1238 1239 // Sorting 1240 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1241 $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); 1242 $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); 1243 1244 $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; 1245 gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); 1246 1247 // Define where and sort sql for use in displaying logs 1248 $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0; 1249 $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC'); 1250 1251 // Grab log data 1252 $log_data = array(); 1253 $log_count = 0; 1254 $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); 1255 1256 $base_url = $this->u_action . "&u=$user_id&$u_sort_param"; 1257 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); 1258 1259 $template->assign_vars(array( 1260 'S_FEEDBACK' => true, 1261 1262 'S_LIMIT_DAYS' => $s_limit_days, 1263 'S_SORT_KEY' => $s_sort_key, 1264 'S_SORT_DIR' => $s_sort_dir, 1265 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs')) 1266 ); 1267 1268 foreach ($log_data as $row) 1269 { 1270 $template->assign_block_vars('log', array( 1271 'USERNAME' => $row['username_full'], 1272 'IP' => $row['ip'], 1273 'DATE' => $user->format_date($row['time']), 1274 'ACTION' => nl2br($row['action']), 1275 'ID' => $row['id']) 1276 ); 1277 } 1278 1279 break; 1280 1281 case 'warnings': 1282 $user->add_lang('mcp'); 1283 1284 // Set up general vars 1285 $deletemark = (isset($_POST['delmarked'])) ? true : false; 1286 $deleteall = (isset($_POST['delall'])) ? true : false; 1287 $confirm = (isset($_POST['confirm'])) ? true : false; 1288 $marked = $request->variable('mark', array(0)); 1289 1290 // Delete entries if requested and able 1291 if ($deletemark || $deleteall || $confirm) 1292 { 1293 if (confirm_box(true)) 1294 { 1295 $where_sql = ''; 1296 $deletemark = $request->variable('delmarked', 0); 1297 $deleteall = $request->variable('delall', 0); 1298 if ($deletemark && $marked) 1299 { 1300 $where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked)); 1301 } 1302 1303 if ($where_sql || $deleteall) 1304 { 1305 $sql = 'DELETE FROM ' . WARNINGS_TABLE . " 1306 WHERE user_id = $user_id 1307 $where_sql"; 1308 $db->sql_query($sql); 1309 1310 if ($deleteall) 1311 { 1312 $log_warnings = $deleted_warnings = 0; 1313 } 1314 else 1315 { 1316 $num_warnings = (int) $db->sql_affectedrows(); 1317 $deleted_warnings = ' user_warnings - ' . $num_warnings; 1318 $log_warnings = ($num_warnings > 2) ? 2 : $num_warnings; 1319 } 1320 1321 $sql = 'UPDATE ' . USERS_TABLE . " 1322 SET user_warnings = $deleted_warnings 1323 WHERE user_id = $user_id"; 1324 $db->sql_query($sql); 1325 1326 if ($log_warnings) 1327 { 1328 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings)); 1329 } 1330 else 1331 { 1332 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username'])); 1333 } 1334 } 1335 } 1336 else 1337 { 1338 $s_hidden_fields = array( 1339 'i' => $id, 1340 'mode' => $mode, 1341 'u' => $user_id, 1342 'mark' => $marked, 1343 ); 1344 if (isset($_POST['delmarked'])) 1345 { 1346 $s_hidden_fields['delmarked'] = 1; 1347 } 1348 if (isset($_POST['delall'])) 1349 { 1350 $s_hidden_fields['delall'] = 1; 1351 } 1352 if (isset($_POST['delall']) || (isset($_POST['delmarked']) && count($marked))) 1353 { 1354 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); 1355 } 1356 } 1357 } 1358 1359 $sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour 1360 FROM ' . WARNINGS_TABLE . ' w 1361 LEFT JOIN ' . LOG_TABLE . ' l 1362 ON (w.log_id = l.log_id) 1363 LEFT JOIN ' . USERS_TABLE . ' m 1364 ON (l.user_id = m.user_id) 1365 WHERE w.user_id = ' . $user_id . ' 1366 ORDER BY w.warning_time DESC'; 1367 $result = $db->sql_query($sql); 1368 1369 while ($row = $db->sql_fetchrow($result)) 1370 { 1371 if (!$row['log_operation']) 1372 { 1373 // We do not have a log-entry anymore, so there is no data available 1374 $row['action'] = $user->lang['USER_WARNING_LOG_DELETED']; 1375 } 1376 else 1377 { 1378 $row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}'; 1379 if (!empty($row['log_data'])) 1380 { 1381 $log_data_ary = @unserialize($row['log_data']); 1382 $log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary; 1383 1384 if (isset($user->lang[$row['log_operation']])) 1385 { 1386 // Check if there are more occurrences of % than arguments, if there are we fill out the arguments array 1387 // It doesn't matter if we add more arguments than placeholders 1388 if ((substr_count($row['action'], '%') - count($log_data_ary)) > 0) 1389 { 1390 $log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - count($log_data_ary), '')); 1391 } 1392 $row['action'] = vsprintf($row['action'], $log_data_ary); 1393 $row['action'] = bbcode_nl2br(censor_text($row['action'])); 1394 } 1395 else if (!empty($log_data_ary)) 1396 { 1397 $row['action'] .= '<br />' . implode('', $log_data_ary); 1398 } 1399 } 1400 } 1401 1402 $template->assign_block_vars('warn', array( 1403 'ID' => $row['warning_id'], 1404 'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-', 1405 'ACTION' => make_clickable($row['action']), 1406 'DATE' => $user->format_date($row['warning_time']), 1407 )); 1408 } 1409 $db->sql_freeresult($result); 1410 1411 $template->assign_vars(array( 1412 'S_WARNINGS' => true, 1413 )); 1414 1415 break; 1416 1417 case 'profile': 1418 1419 if (!function_exists('user_get_id_name')) 1420 { 1421 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1422 } 1423 1424 /* @var $cp \phpbb\profilefields\manager */ 1425 $cp = $phpbb_container->get('profilefields.manager'); 1426 1427 $cp_data = $cp_error = array(); 1428 1429 $sql = 'SELECT lang_id 1430 FROM ' . LANG_TABLE . " 1431 WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'"; 1432 $result = $db->sql_query($sql); 1433 $row = $db->sql_fetchrow($result); 1434 $db->sql_freeresult($result); 1435 1436 $user_row['iso_lang_id'] = $row['lang_id']; 1437 1438 $data = array( 1439 'jabber' => $request->variable('jabber', $user_row['user_jabber'], true), 1440 'bday_day' => 0, 1441 'bday_month' => 0, 1442 'bday_year' => 0, 1443 ); 1444 1445 if ($user_row['user_birthday']) 1446 { 1447 list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']); 1448 } 1449 1450 $data['bday_day'] = $request->variable('bday_day', $data['bday_day']); 1451 $data['bday_month'] = $request->variable('bday_month', $data['bday_month']); 1452 $data['bday_year'] = $request->variable('bday_year', $data['bday_year']); 1453 $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']); 1454 1455 /** 1456 * Modify user data on editing profile in ACP 1457 * 1458 * @event core.acp_users_modify_profile 1459 * @var array data Array with user profile data 1460 * @var bool submit Flag indicating if submit button has been pressed 1461 * @var int user_id The user id 1462 * @var array user_row Array with the full user data 1463 * @since 3.1.4-RC1 1464 */ 1465 $vars = array('data', 'submit', 'user_id', 'user_row'); 1466 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars))); 1467 1468 if ($submit) 1469 { 1470 $error = validate_data($data, array( 1471 'jabber' => array( 1472 array('string', true, 5, 255), 1473 array('jabber')), 1474 'bday_day' => array('num', true, 1, 31), 1475 'bday_month' => array('num', true, 1, 12), 1476 'bday_year' => array('num', true, 1901, gmdate('Y', time())), 1477 'user_birthday' => array('date', true), 1478 )); 1479 1480 // validate custom profile fields 1481 $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error); 1482 1483 if (count($cp_error)) 1484 { 1485 $error = array_merge($error, $cp_error); 1486 } 1487 if (!check_form_key($form_name)) 1488 { 1489 $error[] = 'FORM_INVALID'; 1490 } 1491 1492 /** 1493 * Validate profile data in ACP before submitting to the database 1494 * 1495 * @event core.acp_users_profile_validate 1496 * @var array data Array with user profile data 1497 * @var int user_id The user id 1498 * @var array user_row Array with the full user data 1499 * @var array error Array with the form errors 1500 * @since 3.1.4-RC1 1501 * @changed 3.1.12-RC1 Removed submit, added user_id, user_row 1502 */ 1503 $vars = array('data', 'user_id', 'user_row', 'error'); 1504 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars))); 1505 1506 if (!count($error)) 1507 { 1508 $sql_ary = array( 1509 'user_jabber' => $data['jabber'], 1510 'user_birthday' => $data['user_birthday'], 1511 ); 1512 1513 /** 1514 * Modify profile data in ACP before submitting to the database 1515 * 1516 * @event core.acp_users_profile_modify_sql_ary 1517 * @var array cp_data Array with the user custom profile fields data 1518 * @var array data Array with user profile data 1519 * @var int user_id The user id 1520 * @var array user_row Array with the full user data 1521 * @var array sql_ary Array with sql data 1522 * @since 3.1.4-RC1 1523 */ 1524 $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary'); 1525 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars))); 1526 1527 $sql = 'UPDATE ' . USERS_TABLE . ' 1528 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 1529 WHERE user_id = $user_id"; 1530 $db->sql_query($sql); 1531 1532 // Update Custom Fields 1533 $cp->update_profile_field_data($user_id, $cp_data); 1534 1535 trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1536 } 1537 1538 // Replace "error" strings with their real, localised form 1539 $error = array_map(array($user, 'lang'), $error); 1540 } 1541 1542 $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>'; 1543 for ($i = 1; $i < 32; $i++) 1544 { 1545 $selected = ($i == $data['bday_day']) ? ' selected="selected"' : ''; 1546 $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>"; 1547 } 1548 1549 $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>'; 1550 for ($i = 1; $i < 13; $i++) 1551 { 1552 $selected = ($i == $data['bday_month']) ? ' selected="selected"' : ''; 1553 $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>"; 1554 } 1555 1556 $now = getdate(); 1557 $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>'; 1558 for ($i = $now['year'] - 100; $i <= $now['year']; $i++) 1559 { 1560 $selected = ($i == $data['bday_year']) ? ' selected="selected"' : ''; 1561 $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>"; 1562 } 1563 unset($now); 1564 1565 $template->assign_vars(array( 1566 'JABBER' => $data['jabber'], 1567 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 1568 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 1569 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 1570 1571 'S_PROFILE' => true) 1572 ); 1573 1574 // Get additional profile fields and assign them to the template block var 'profile_fields' 1575 $user->get_profile_fields($user_id); 1576 1577 $cp->generate_profile_fields('profile', $user_row['iso_lang_id']); 1578 1579 break; 1580 1581 case 'prefs': 1582 1583 if (!function_exists('user_get_id_name')) 1584 { 1585 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1586 } 1587 1588 $data = array( 1589 'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true), 1590 'lang' => basename($request->variable('lang', $user_row['user_lang'])), 1591 'tz' => $request->variable('tz', $user_row['user_timezone']), 1592 'style' => $request->variable('style', $user_row['user_style']), 1593 'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']), 1594 'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']), 1595 'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']), 1596 'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']), 1597 'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']), 1598 'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']), 1599 1600 'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'), 1601 'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'), 1602 'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0), 1603 1604 'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'), 1605 'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'), 1606 'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0), 1607 1608 'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')), 1609 'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')), 1610 'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')), 1611 'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')), 1612 'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')), 1613 'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')), 1614 1615 'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')), 1616 'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')), 1617 'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')), 1618 'notify' => $request->variable('notify', $user_row['user_notify']), 1619 ); 1620 1621 /** 1622 * Modify users preferences data 1623 * 1624 * @event core.acp_users_prefs_modify_data 1625 * @var array data Array with users preferences data 1626 * @var array user_row Array with user data 1627 * @since 3.1.0-b3 1628 */ 1629 $vars = array('data', 'user_row'); 1630 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars))); 1631 1632 if ($submit) 1633 { 1634 $error = validate_data($data, array( 1635 'dateformat' => array('string', false, 1, 64), 1636 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), 1637 'tz' => array('timezone'), 1638 1639 'topic_sk' => array('string', false, 1, 1), 1640 'topic_sd' => array('string', false, 1, 1), 1641 'post_sk' => array('string', false, 1, 1), 1642 'post_sd' => array('string', false, 1, 1), 1643 )); 1644 1645 if (!check_form_key($form_name)) 1646 { 1647 $error[] = 'FORM_INVALID'; 1648 } 1649 1650 if (!count($error)) 1651 { 1652 $this->optionset($user_row, 'viewimg', $data['view_images']); 1653 $this->optionset($user_row, 'viewflash', $data['view_flash']); 1654 $this->optionset($user_row, 'viewsmilies', $data['view_smilies']); 1655 $this->optionset($user_row, 'viewsigs', $data['view_sigs']); 1656 $this->optionset($user_row, 'viewavatars', $data['view_avatars']); 1657 $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']); 1658 $this->optionset($user_row, 'bbcode', $data['bbcode']); 1659 $this->optionset($user_row, 'smilies', $data['smilies']); 1660 $this->optionset($user_row, 'attachsig', $data['sig']); 1661 1662 $sql_ary = array( 1663 'user_options' => $user_row['user_options'], 1664 1665 'user_allow_pm' => $data['allowpm'], 1666 'user_allow_viewemail' => $data['viewemail'], 1667 'user_allow_massemail' => $data['massemail'], 1668 'user_allow_viewonline' => !$data['hideonline'], 1669 'user_notify_type' => $data['notifymethod'], 1670 'user_notify_pm' => $data['notifypm'], 1671 1672 'user_dateformat' => $data['dateformat'], 1673 'user_lang' => $data['lang'], 1674 'user_timezone' => $data['tz'], 1675 'user_style' => $data['style'], 1676 1677 'user_topic_sortby_type' => $data['topic_sk'], 1678 'user_post_sortby_type' => $data['post_sk'], 1679 'user_topic_sortby_dir' => $data['topic_sd'], 1680 'user_post_sortby_dir' => $data['post_sd'], 1681 1682 'user_topic_show_days' => $data['topic_st'], 1683 'user_post_show_days' => $data['post_st'], 1684 1685 'user_notify' => $data['notify'], 1686 ); 1687 1688 /** 1689 * Modify SQL query before users preferences are updated 1690 * 1691 * @event core.acp_users_prefs_modify_sql 1692 * @var array data Array with users preferences data 1693 * @var array user_row Array with user data 1694 * @var array sql_ary SQL array with users preferences data to update 1695 * @var array error Array with errors data 1696 * @since 3.1.0-b3 1697 */ 1698 $vars = array('data', 'user_row', 'sql_ary', 'error'); 1699 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars))); 1700 1701 if (!count($error)) 1702 { 1703 $sql = 'UPDATE ' . USERS_TABLE . ' 1704 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 1705 WHERE user_id = $user_id"; 1706 $db->sql_query($sql); 1707 1708 // Check if user has an active session 1709 if ($user_row['session_id']) 1710 { 1711 // We'll update the session if user_allow_viewonline has changed and the user is a bot 1712 // Or if it's a regular user and the admin set it to hide the session 1713 if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE 1714 || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) 1715 { 1716 // We also need to check if the user has the permission to cloak. 1717 $user_auth = new \phpbb\auth\auth(); 1718 $user_auth->acl($user_row); 1719 1720 $session_sql_ary = array( 1721 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true, 1722 ); 1723 1724 $sql = 'UPDATE ' . SESSIONS_TABLE . ' 1725 SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . " 1726 WHERE session_user_id = $user_id"; 1727 $db->sql_query($sql); 1728 1729 unset($user_auth); 1730 } 1731 } 1732 1733 trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1734 } 1735 } 1736 1737 // Replace "error" strings with their real, localised form 1738 $error = array_map(array($user, 'lang'), $error); 1739 } 1740 1741 $dateformat_options = ''; 1742 foreach ($user->lang['dateformats'] as $format => $null) 1743 { 1744 $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>'; 1745 $dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : ''); 1746 $dateformat_options .= '</option>'; 1747 } 1748 1749 $s_custom = false; 1750 1751 $dateformat_options .= '<option value="custom"'; 1752 if (!isset($user->lang['dateformats'][$data['dateformat']])) 1753 { 1754 $dateformat_options .= ' selected="selected"'; 1755 $s_custom = true; 1756 } 1757 $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>'; 1758 1759 $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 1760 1761 // Topic ordering options 1762 $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1763 $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); 1764 1765 // Post ordering options 1766 $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1767 $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); 1768 1769 $_options = array('topic', 'post'); 1770 foreach ($_options as $sort_option) 1771 { 1772 ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">'; 1773 foreach (${'limit_' . $sort_option . '_days'} as $day => $text) 1774 { 1775 $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : ''; 1776 ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; 1777 } 1778 ${'s_limit_' . $sort_option . '_days'} .= '</select>'; 1779 1780 ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">'; 1781 foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) 1782 { 1783 $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : ''; 1784 ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; 1785 } 1786 ${'s_sort_' . $sort_option . '_key'} .= '</select>'; 1787 1788 ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">'; 1789 foreach ($sort_dir_text as $key => $value) 1790 { 1791 $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : ''; 1792 ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 1793 } 1794 ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; 1795 } 1796 1797 phpbb_timezone_select($template, $user, $data['tz'], true); 1798 $user_prefs_data = array( 1799 'S_PREFS' => true, 1800 'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true, 1801 1802 'VIEW_EMAIL' => $data['viewemail'], 1803 'MASS_EMAIL' => $data['massemail'], 1804 'ALLOW_PM' => $data['allowpm'], 1805 'HIDE_ONLINE' => $data['hideonline'], 1806 'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false, 1807 'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false, 1808 'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false, 1809 'NOTIFY_PM' => $data['notifypm'], 1810 'BBCODE' => $data['bbcode'], 1811 'SMILIES' => $data['smilies'], 1812 'ATTACH_SIG' => $data['sig'], 1813 'NOTIFY' => $data['notify'], 1814 'VIEW_IMAGES' => $data['view_images'], 1815 'VIEW_FLASH' => $data['view_flash'], 1816 'VIEW_SMILIES' => $data['view_smilies'], 1817 'VIEW_SIGS' => $data['view_sigs'], 1818 'VIEW_AVATARS' => $data['view_avatars'], 1819 'VIEW_WORDCENSOR' => $data['view_wordcensor'], 1820 1821 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days, 1822 'S_TOPIC_SORT_KEY' => $s_sort_topic_key, 1823 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir, 1824 'S_POST_SORT_DAYS' => $s_limit_post_days, 1825 'S_POST_SORT_KEY' => $s_sort_post_key, 1826 'S_POST_SORT_DIR' => $s_sort_post_dir, 1827 1828 'DATE_FORMAT' => $data['dateformat'], 1829 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 1830 'S_CUSTOM_DATEFORMAT' => $s_custom, 1831 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 1832 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), 1833 1834 'S_LANG_OPTIONS' => language_select($data['lang']), 1835 'S_STYLE_OPTIONS' => style_select($data['style']), 1836 ); 1837 1838 /** 1839 * Modify users preferences data before assigning it to the template 1840 * 1841 * @event core.acp_users_prefs_modify_template_data 1842 * @var array data Array with users preferences data 1843 * @var array user_row Array with user data 1844 * @var array user_prefs_data Array with users preferences data to be assigned to the template 1845 * @since 3.1.0-b3 1846 */ 1847 $vars = array('data', 'user_row', 'user_prefs_data'); 1848 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars))); 1849 1850 $template->assign_vars($user_prefs_data); 1851 1852 break; 1853 1854 case 'avatar': 1855 1856 $avatars_enabled = false; 1857 /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ 1858 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 1859 1860 if ($config['allow_avatar']) 1861 { 1862 $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); 1863 1864 // This is normalised data, without the user_ prefix 1865 $avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user'); 1866 1867 if ($submit) 1868 { 1869 if (check_form_key($form_name)) 1870 { 1871 $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); 1872 1873 if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) 1874 { 1875 $driver = $phpbb_avatar_manager->get_driver($driver_name); 1876 $result = $driver->process_form($request, $template, $user, $avatar_data, $error); 1877 1878 if ($result && empty($error)) 1879 { 1880 // Success! Lets save the result in the database 1881 $result = array( 1882 'user_avatar_type' => $driver_name, 1883 'user_avatar' => $result['avatar'], 1884 'user_avatar_width' => $result['avatar_width'], 1885 'user_avatar_height' => $result['avatar_height'], 1886 ); 1887 1888 /** 1889 * Modify users preferences data before assigning it to the template 1890 * 1891 * @event core.acp_users_avatar_sql 1892 * @var array user_row Array with user data 1893 * @var array result Array with user avatar data to be updated in the DB 1894 * @since 3.2.4-RC1 1895 */ 1896 $vars = array('user_row', 'result'); 1897 extract($phpbb_dispatcher->trigger_event('core.acp_users_avatar_sql', compact($vars))); 1898 1899 $sql = 'UPDATE ' . USERS_TABLE . ' 1900 SET ' . $db->sql_build_array('UPDATE', $result) . ' 1901 WHERE user_id = ' . (int) $user_id; 1902 1903 $db->sql_query($sql); 1904 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1905 } 1906 } 1907 } 1908 else 1909 { 1910 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1911 } 1912 } 1913 1914 // Handle deletion of avatars 1915 if ($request->is_set_post('avatar_delete')) 1916 { 1917 if (!confirm_box(true)) 1918 { 1919 confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array( 1920 'avatar_delete' => true)) 1921 ); 1922 } 1923 else 1924 { 1925 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_'); 1926 1927 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1928 } 1929 } 1930 1931 $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type'])); 1932 1933 // Assign min and max values before generating avatar driver html 1934 $template->assign_vars(array( 1935 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], 1936 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], 1937 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], 1938 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], 1939 )); 1940 1941 foreach ($avatar_drivers as $current_driver) 1942 { 1943 $driver = $phpbb_avatar_manager->get_driver($current_driver); 1944 1945 $avatars_enabled = true; 1946 $template->set_filenames(array( 1947 'avatar' => $driver->get_acp_template_name(), 1948 )); 1949 1950 if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) 1951 { 1952 $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver); 1953 $driver_upper = strtoupper($driver_name); 1954 1955 $template->assign_block_vars('avatar_drivers', array( 1956 'L_TITLE' => $user->lang($driver_upper . '_TITLE'), 1957 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 1958 1959 'DRIVER' => $driver_name, 1960 'SELECTED' => $current_driver == $selected_driver, 1961 'OUTPUT' => $template->assign_display('avatar'), 1962 )); 1963 } 1964 } 1965 } 1966 1967 // Avatar manager is not initialized if avatars are disabled 1968 if (isset($phpbb_avatar_manager)) 1969 { 1970 // Replace "error" strings with their real, localised form 1971 $error = $phpbb_avatar_manager->localize_errors($user, $error); 1972 } 1973 1974 $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true); 1975 1976 $template->assign_vars(array( 1977 'S_AVATAR' => true, 1978 'ERROR' => (!empty($error)) ? implode('<br />', $error) : '', 1979 'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar), 1980 1981 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 1982 1983 'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024), 1984 1985 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled), 1986 )); 1987 1988 break; 1989 1990 case 'rank': 1991 1992 if ($submit) 1993 { 1994 if (!check_form_key($form_name)) 1995 { 1996 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1997 } 1998 1999 $rank_id = $request->variable('user_rank', 0); 2000 2001 $sql = 'UPDATE ' . USERS_TABLE . " 2002 SET user_rank = $rank_id 2003 WHERE user_id = $user_id"; 2004 $db->sql_query($sql); 2005 2006 trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 2007 } 2008 2009 $sql = 'SELECT * 2010 FROM ' . RANKS_TABLE . ' 2011 WHERE rank_special = 1 2012 ORDER BY rank_title'; 2013 $result = $db->sql_query($sql); 2014 2015 $s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>'; 2016 2017 while ($row = $db->sql_fetchrow($result)) 2018 { 2019 $selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : ''; 2020 $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; 2021 } 2022 $db->sql_freeresult($result); 2023 2024 $template->assign_vars(array( 2025 'S_RANK' => true, 2026 'S_RANK_OPTIONS' => $s_rank_options) 2027 ); 2028 2029 break; 2030 2031 case 'sig': 2032 2033 if (!function_exists('display_custom_bbcodes')) 2034 { 2035 include($phpbb_root_path . 'includes/functions_display.' . $phpEx); 2036 } 2037 2038 $enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false; 2039 $enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false; 2040 $enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false; 2041 2042 $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0); 2043 2044 $decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags); 2045 $signature = $request->variable('signature', $decoded_message['text'], true); 2046 $signature_preview = ''; 2047 2048 if ($submit || $request->is_set_post('preview')) 2049 { 2050 $enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false; 2051 $enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false; 2052 $enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false; 2053 2054 if (!check_form_key($form_name)) 2055 { 2056 $error[] = 'FORM_INVALID'; 2057 } 2058 } 2059 2060 $bbcode_uid = $bbcode_bitfield = $bbcode_flags = ''; 2061 $warn_msg = generate_text_for_storage( 2062 $signature, 2063 $bbcode_uid, 2064 $bbcode_bitfield, 2065 $bbcode_flags, 2066 $enable_bbcode, 2067 $enable_urls, 2068 $enable_smilies, 2069 $config['allow_sig_img'], 2070 $config['allow_sig_flash'], 2071 true, 2072 $config['allow_sig_links'], 2073 'sig' 2074 ); 2075 2076 if (count($warn_msg)) 2077 { 2078 $error += $warn_msg; 2079 } 2080 2081 if (!$submit) 2082 { 2083 // Parse it for displaying 2084 $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags); 2085 } 2086 else 2087 { 2088 if (!count($error)) 2089 { 2090 $this->optionset($user_row, 'sig_bbcode', $enable_bbcode); 2091 $this->optionset($user_row, 'sig_smilies', $enable_smilies); 2092 $this->optionset($user_row, 'sig_links', $enable_urls); 2093 2094 $sql_ary = array( 2095 'user_sig' => $signature, 2096 'user_options' => $user_row['user_options'], 2097 'user_sig_bbcode_uid' => $bbcode_uid, 2098 'user_sig_bbcode_bitfield' => $bbcode_bitfield, 2099 ); 2100 2101 /** 2102 * Modify user signature before it is stored in the DB 2103 * 2104 * @event core.acp_users_modify_signature_sql_ary 2105 * @var array user_row Array with user data 2106 * @var array sql_ary Array with user signature data to be updated in the DB 2107 * @since 3.2.4-RC1 2108 */ 2109 $vars = array('user_row', 'sql_ary'); 2110 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_signature_sql_ary', compact($vars))); 2111 2112 $sql = 'UPDATE ' . USERS_TABLE . ' 2113 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 2114 WHERE user_id = ' . $user_id; 2115 $db->sql_query($sql); 2116 2117 trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 2118 } 2119 } 2120 2121 // Replace "error" strings with their real, localised form 2122 $error = array_map(array($user, 'lang'), $error); 2123 2124 if ($request->is_set_post('preview')) 2125 { 2126 $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags); 2127 } 2128 2129 /** @var \phpbb\controller\helper $controller_helper */ 2130 $controller_helper = $phpbb_container->get('controller.helper'); 2131 2132 $template->assign_vars(array( 2133 'S_SIGNATURE' => true, 2134 2135 'SIGNATURE' => $decoded_message['text'], 2136 'SIGNATURE_PREVIEW' => $signature_preview, 2137 2138 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '', 2139 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '', 2140 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '', 2141 2142 'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 2143 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 2144 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 2145 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 2146 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 2147 2148 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']), 2149 2150 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 2151 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 2152 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false, 2153 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false, 2154 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) 2155 ); 2156 2157 // Assigning custom bbcodes 2158 display_custom_bbcodes(); 2159 2160 break; 2161 2162 case 'attach': 2163 /* @var $pagination \phpbb\pagination */ 2164 $pagination = $phpbb_container->get('pagination'); 2165 2166 $start = $request->variable('start', 0); 2167 $deletemark = (isset($_POST['delmarked'])) ? true : false; 2168 $marked = $request->variable('mark', array(0)); 2169 2170 // Sort keys 2171 $sort_key = $request->variable('sk', 'a'); 2172 $sort_dir = $request->variable('sd', 'd'); 2173 2174 if ($deletemark && count($marked)) 2175 { 2176 $sql = 'SELECT attach_id 2177 FROM ' . ATTACHMENTS_TABLE . ' 2178 WHERE poster_id = ' . $user_id . ' 2179 AND is_orphan = 0 2180 AND ' . $db->sql_in_set('attach_id', $marked); 2181 $result = $db->sql_query($sql); 2182 2183 $marked = array(); 2184 while ($row = $db->sql_fetchrow($result)) 2185 { 2186 $marked[] = $row['attach_id']; 2187 } 2188 $db->sql_freeresult($result); 2189 } 2190 2191 if ($deletemark && count($marked)) 2192 { 2193 if (confirm_box(true)) 2194 { 2195 $sql = 'SELECT real_filename 2196 FROM ' . ATTACHMENTS_TABLE . ' 2197 WHERE ' . $db->sql_in_set('attach_id', $marked); 2198 $result = $db->sql_query($sql); 2199 2200 $log_attachments = array(); 2201 while ($row = $db->sql_fetchrow($result)) 2202 { 2203 $log_attachments[] = $row['real_filename']; 2204 } 2205 $db->sql_freeresult($result); 2206 2207 /** @var \phpbb\attachment\manager $attachment_manager */ 2208 $attachment_manager = $phpbb_container->get('attachment.manager'); 2209 $attachment_manager->delete('attach', $marked); 2210 unset($attachment_manager); 2211 2212 $message = (count($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']; 2213 2214 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments))); 2215 trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id)); 2216 } 2217 else 2218 { 2219 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2220 'u' => $user_id, 2221 'i' => $id, 2222 'mode' => $mode, 2223 'action' => $action, 2224 'delmarked' => true, 2225 'mark' => $marked)) 2226 ); 2227 } 2228 } 2229 2230 $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); 2231 $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); 2232 2233 $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 2234 2235 $s_sort_key = ''; 2236 foreach ($sk_text as $key => $value) 2237 { 2238 $selected = ($sort_key == $key) ? ' selected="selected"' : ''; 2239 $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 2240 } 2241 2242 $s_sort_dir = ''; 2243 foreach ($sd_text as $key => $value) 2244 { 2245 $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; 2246 $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 2247 } 2248 2249 if (!isset($sk_sql[$sort_key])) 2250 { 2251 $sort_key = 'a'; 2252 } 2253 2254 $order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC'); 2255 2256 $sql = 'SELECT COUNT(attach_id) as num_attachments 2257 FROM ' . ATTACHMENTS_TABLE . " 2258 WHERE poster_id = $user_id 2259 AND is_orphan = 0"; 2260 $result = $db->sql_query_limit($sql, 1); 2261 $num_attachments = (int) $db->sql_fetchfield('num_attachments'); 2262 $db->sql_freeresult($result); 2263 2264 $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title 2265 FROM ' . ATTACHMENTS_TABLE . ' a 2266 LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id 2267 AND a.in_message = 0) 2268 LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id 2269 AND a.in_message = 1) 2270 WHERE a.poster_id = ' . $user_id . " 2271 AND a.is_orphan = 0 2272 ORDER BY $order_by"; 2273 $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); 2274 2275 while ($row = $db->sql_fetchrow($result)) 2276 { 2277 if ($row['in_message']) 2278 { 2279 $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}"); 2280 } 2281 else 2282 { 2283 $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . '#p' . $row['post_msg_id']; 2284 } 2285 2286 $template->assign_block_vars('attach', array( 2287 'REAL_FILENAME' => $row['real_filename'], 2288 'COMMENT' => nl2br($row['attach_comment']), 2289 'EXTENSION' => $row['extension'], 2290 'SIZE' => get_formatted_filesize($row['filesize']), 2291 'DOWNLOAD_COUNT' => $row['download_count'], 2292 'POST_TIME' => $user->format_date($row['filetime']), 2293 'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'], 2294 2295 'ATTACH_ID' => $row['attach_id'], 2296 'POST_ID' => $row['post_msg_id'], 2297 'TOPIC_ID' => $row['topic_id'], 2298 2299 'S_IN_MESSAGE' => $row['in_message'], 2300 2301 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']), 2302 'U_VIEW_TOPIC' => $view_topic) 2303 ); 2304 } 2305 $db->sql_freeresult($result); 2306 2307 $base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir"; 2308 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start); 2309 2310 $template->assign_vars(array( 2311 'S_ATTACHMENTS' => true, 2312 'S_SORT_KEY' => $s_sort_key, 2313 'S_SORT_DIR' => $s_sort_dir, 2314 )); 2315 2316 break; 2317 2318 case 'groups': 2319 2320 if (!function_exists('group_user_attributes')) 2321 { 2322 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 2323 } 2324 2325 $user->add_lang(array('groups', 'acp/groups')); 2326 $group_id = $request->variable('g', 0); 2327 2328 if ($group_id) 2329 { 2330 // Check the founder only entry for this group to make sure everything is well 2331 $sql = 'SELECT group_founder_manage 2332 FROM ' . GROUPS_TABLE . ' 2333 WHERE group_id = ' . $group_id; 2334 $result = $db->sql_query($sql); 2335 $founder_manage = (int) $db->sql_fetchfield('group_founder_manage'); 2336 $db->sql_freeresult($result); 2337 2338 if ($user->data['user_type'] != USER_FOUNDER && $founder_manage) 2339 { 2340 trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2341 } 2342 } 2343 2344 switch ($action) 2345 { 2346 case 'demote': 2347 case 'promote': 2348 case 'default': 2349 if (!$group_id) 2350 { 2351 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2352 } 2353 2354 if (!check_link_hash($request->variable('hash', ''), 'acp_users')) 2355 { 2356 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); 2357 } 2358 2359 group_user_attributes($action, $group_id, $user_id); 2360 2361 if ($action == 'default') 2362 { 2363 $user_row['group_id'] = $group_id; 2364 } 2365 break; 2366 2367 case 'delete': 2368 2369 if (confirm_box(true)) 2370 { 2371 if (!$group_id) 2372 { 2373 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2374 } 2375 2376 if ($error = group_user_del($group_id, $user_id)) 2377 { 2378 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2379 } 2380 2381 $error = array(); 2382 2383 // The delete action was successful - therefore update the user row... 2384 $sql = 'SELECT u.*, s.* 2385 FROM ' . USERS_TABLE . ' u 2386 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) 2387 WHERE u.user_id = ' . $user_id . ' 2388 ORDER BY s.session_time DESC'; 2389 $result = $db->sql_query_limit($sql, 1); 2390 $user_row = $db->sql_fetchrow($result); 2391 $db->sql_freeresult($result); 2392 } 2393 else 2394 { 2395 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2396 'u' => $user_id, 2397 'i' => $id, 2398 'mode' => $mode, 2399 'action' => $action, 2400 'g' => $group_id)) 2401 ); 2402 } 2403 2404 break; 2405 2406 case 'approve': 2407 2408 if (confirm_box(true)) 2409 { 2410 if (!$group_id) 2411 { 2412 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2413 } 2414 group_user_attributes($action, $group_id, $user_id); 2415 } 2416 else 2417 { 2418 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2419 'u' => $user_id, 2420 'i' => $id, 2421 'mode' => $mode, 2422 'action' => $action, 2423 'g' => $group_id)) 2424 ); 2425 } 2426 2427 break; 2428 } 2429 2430 // Add user to group? 2431 if ($submit) 2432 { 2433 2434 if (!check_form_key($form_name)) 2435 { 2436 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2437 } 2438 2439 if (!$group_id) 2440 { 2441 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2442 } 2443 2444 // Add user/s to group 2445 if ($error = group_user_add($group_id, $user_id)) 2446 { 2447 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2448 } 2449 2450 $error = array(); 2451 } 2452 2453 /** @var \phpbb\group\helper $group_helper */ 2454 $group_helper = $phpbb_container->get('group_helper'); 2455 2456 $sql = 'SELECT ug.*, g.* 2457 FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug 2458 WHERE ug.user_id = $user_id 2459 AND g.group_id = ug.group_id 2460 ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name"; 2461 $result = $db->sql_query($sql); 2462 2463 $i = 0; 2464 $group_data = $id_ary = array(); 2465 while ($row = $db->sql_fetchrow($result)) 2466 { 2467 $type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal'); 2468 2469 $group_data[$type][$i]['group_id'] = $row['group_id']; 2470 $group_data[$type][$i]['group_name'] = $row['group_name']; 2471 $group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0; 2472 2473 $id_ary[] = $row['group_id']; 2474 2475 $i++; 2476 } 2477 $db->sql_freeresult($result); 2478 2479 // Select box for other groups 2480 $sql = 'SELECT group_id, group_name, group_type, group_founder_manage 2481 FROM ' . GROUPS_TABLE . ' 2482 ' . ((count($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . ' 2483 ORDER BY group_type DESC, group_name ASC'; 2484 $result = $db->sql_query($sql); 2485 2486 $s_group_options = ''; 2487 while ($row = $db->sql_fetchrow($result)) 2488 { 2489 if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA') 2490 { 2491 continue; 2492 } 2493 2494 // Do not display those groups not allowed to be managed 2495 if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage']) 2496 { 2497 continue; 2498 } 2499 2500 $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>'; 2501 } 2502 $db->sql_freeresult($result); 2503 2504 $current_type = ''; 2505 foreach ($group_data as $group_type => $data_ary) 2506 { 2507 if ($current_type != $group_type) 2508 { 2509 $template->assign_block_vars('group', array( 2510 'S_NEW_GROUP_TYPE' => true, 2511 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)]) 2512 ); 2513 } 2514 2515 foreach ($data_ary as $data) 2516 { 2517 $template->assign_block_vars('group', array( 2518 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"), 2519 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 2520 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 2521 'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'], 2522 'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '', 2523 2524 'GROUP_NAME' => $group_helper->get_name($data['group_name']), 2525 'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'], 2526 2527 'S_IS_MEMBER' => ($group_type != 'pending') ? true : false, 2528 'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false, 2529 'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false, 2530 ) 2531 ); 2532 } 2533 } 2534 2535 $template->assign_vars(array( 2536 'S_GROUPS' => true, 2537 'S_GROUP_OPTIONS' => $s_group_options) 2538 ); 2539 2540 break; 2541 2542 case 'perm': 2543 2544 if (!class_exists('auth_admin')) 2545 { 2546 include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); 2547 } 2548 2549 $auth_admin = new auth_admin(); 2550 2551 $user->add_lang('acp/permissions'); 2552 add_permission_language(); 2553 2554 $forum_id = $request->variable('f', 0); 2555 2556 // Global Permissions 2557 if (!$forum_id) 2558 { 2559 // Select auth options 2560 $sql = 'SELECT auth_option, is_local, is_global 2561 FROM ' . ACL_OPTIONS_TABLE . ' 2562 WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . ' 2563 AND is_global = 1 2564 ORDER BY auth_option'; 2565 $result = $db->sql_query($sql); 2566 2567 $hold_ary = array(); 2568 2569 while ($row = $db->sql_fetchrow($result)) 2570 { 2571 $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER); 2572 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false); 2573 } 2574 $db->sql_freeresult($result); 2575 2576 unset($hold_ary); 2577 } 2578 else 2579 { 2580 $sql = 'SELECT auth_option, is_local, is_global 2581 FROM ' . ACL_OPTIONS_TABLE . " 2582 WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . " 2583 AND is_local = 1 2584 ORDER BY is_global DESC, auth_option"; 2585 $result = $db->sql_query($sql); 2586 2587 while ($row = $db->sql_fetchrow($result)) 2588 { 2589 $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER); 2590 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false); 2591 } 2592 $db->sql_freeresult($result); 2593 } 2594 2595 $s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>'; 2596 $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false); 2597 2598 $template->assign_vars(array( 2599 'S_PERMISSIONS' => true, 2600 2601 'S_GLOBAL' => (!$forum_id) ? true : false, 2602 'S_FORUM_OPTIONS' => $s_forum_options, 2603 2604 'U_ACTION' => $this->u_action . '&u=' . $user_id, 2605 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id), 2606 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id)) 2607 ); 2608 2609 break; 2610 2611 default: 2612 $u_action = $this->u_action; 2613 2614 /** 2615 * Additional modes provided by extensions 2616 * 2617 * @event core.acp_users_mode_add 2618 * @var string mode New mode 2619 * @var int user_id User id of the user to manage 2620 * @var array user_row Array with user data 2621 * @var array error Array with errors data 2622 * @var string u_action The u_action link 2623 * @since 3.2.2-RC1 2624 * @changed 3.2.10-RC1 Added u_action 2625 */ 2626 $vars = array('mode', 'user_id', 'user_row', 'error', 'u_action'); 2627 extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars))); 2628 2629 unset($u_action); 2630 break; 2631 } 2632 2633 // Assign general variables 2634 $template->assign_vars(array( 2635 'S_ERROR' => (count($error)) ? true : false, 2636 'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '') 2637 ); 2638 } 2639 2640 /** 2641 * Set option bit field for user options in a user row array. 2642 * 2643 * Optionset replacement for this module based on $user->optionset. 2644 * 2645 * @param array $user_row Row from the users table. 2646 * @param int $key Option key, as defined in $user->keyoptions property. 2647 * @param bool $value True to set the option, false to clear the option. 2648 * @param int $data Current bit field value, or false to use $user_row['user_options'] 2649 * @return int|bool If $data is false, the bit field is modified and 2650 * written back to $user_row['user_options'], and 2651 * return value is true if the bit field changed and 2652 * false otherwise. If $data is not false, the new 2653 * bitfield value is returned. 2654 */ 2655 function optionset(&$user_row, $key, $value, $data = false) 2656 { 2657 global $user; 2658 2659 $var = ($data !== false) ? $data : $user_row['user_options']; 2660 2661 $new_var = phpbb_optionset($user->keyoptions[$key], $value, $var); 2662 2663 if ($data === false) 2664 { 2665 if ($new_var != $var) 2666 { 2667 $user_row['user_options'] = $new_var; 2668 return true; 2669 } 2670 else 2671 { 2672 return false; 2673 } 2674 } 2675 else 2676 { 2677 return $new_var; 2678 } 2679 } 2680 2681 /** 2682 * Get option bit field from user options in a user row array. 2683 * 2684 * Optionget replacement for this module based on $user->optionget. 2685 * 2686 * @param array $user_row Row from the users table. 2687 * @param int $key option key, as defined in $user->keyoptions property. 2688 * @param int $data bit field value to use, or false to use $user_row['user_options'] 2689 * @return bool true if the option is set in the bit field, false otherwise 2690 */ 2691 function optionget(&$user_row, $key, $data = false) 2692 { 2693 global $user; 2694 2695 $var = ($data !== false) ? $data : $user_row['user_options']; 2696 return phpbb_optionget($user->keyoptions[$key], $var); 2697 } 2698 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Nov 11 20:33:01 2020 | Cross-referenced by PHPXref 0.7.1 |