* @license GNU General Public License, version 2 (GPL-2.0) * * For full copyright and license information, please see * the docs/CREDITS.txt file. * */ /** * @ignore */ if (!defined('IN_PHPBB')) { exit; } class ucp_zebra { var $u_action; function main($id, $mode) { global $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher; $submit = (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false; $s_hidden_fields = ''; $l_mode = strtoupper($mode); if ($submit) { $data = $error = array(); $updated = false; $var_ary = array( 'usernames' => array(0), 'add' => '', ); foreach ($var_ary as $var => $default) { $data[$var] = $request->variable($var, $default, true); } if (!empty($data['add']) || count($data['usernames'])) { if (confirm_box(true)) { // Remove users if (!empty($data['usernames'])) { $user_ids = $data['usernames']; /** * Remove users from friends/foes * * @event core.ucp_remove_zebra * @var string mode Zebra type: friends|foes * @var array user_ids User ids we remove * @since 3.1.0-a1 */ $vars = array('mode', 'user_ids'); extract($phpbb_dispatcher->trigger_event('core.ucp_remove_zebra', compact($vars))); $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' WHERE user_id = ' . $user->data['user_id'] . ' AND ' . $db->sql_in_set('zebra_id', $user_ids); $db->sql_query($sql); $updated = true; } // Add users if ($data['add']) { $data['add'] = array_map('trim', array_map('utf8_clean_string', explode("\n", $data['add']))); // Do these name/s exist on a list already? If so, ignore ... we could be // 'nice' and automatically handle names added to one list present on // the other (by removing the existing one) ... but I have a feeling this // may lead to complaints $sql = 'SELECT z.*, u.username, u.username_clean FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u WHERE z.user_id = ' . $user->data['user_id'] . ' AND u.user_id = z.zebra_id'; $result = $db->sql_query($sql); $friends = $foes = array(); while ($row = $db->sql_fetchrow($result)) { if ($row['friend']) { $friends[] = utf8_clean_string($row['username']); } else { $foes[] = utf8_clean_string($row['username']); } } $db->sql_freeresult($result); // remove friends from the username array $n = count($data['add']); $data['add'] = array_diff($data['add'], $friends); if (count($data['add']) < $n && $mode == 'foes') { $error[] = $user->lang['NOT_ADDED_FOES_FRIENDS']; } // remove foes from the username array $n = count($data['add']); $data['add'] = array_diff($data['add'], $foes); if (count($data['add']) < $n && $mode == 'friends') { $error[] = $user->lang['NOT_ADDED_FRIENDS_FOES']; } // remove the user himself from the username array $n = count($data['add']); $data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username']))); if (count($data['add']) < $n) { $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_SELF']; } unset($friends, $foes, $n); if (count($data['add'])) { $sql = 'SELECT user_id, user_type FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('username_clean', $data['add']) . ' AND user_type <> ' . USER_INACTIVE; $result = $db->sql_query($sql); $user_id_ary = array(); while ($row = $db->sql_fetchrow($result)) { if ($row['user_id'] != ANONYMOUS && $row['user_type'] != USER_IGNORE) { $user_id_ary[] = $row['user_id']; } else if ($row['user_id'] != ANONYMOUS) { $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_BOTS']; } else { $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_ANONYMOUS']; } } $db->sql_freeresult($result); if (count($user_id_ary)) { // Remove users from foe list if they are admins or moderators if ($mode == 'foes') { $perms = array(); foreach ($auth->acl_get_list($user_id_ary, array('a_', 'm_')) as $forum_id => $forum_ary) { foreach ($forum_ary as $auth_option => $user_ary) { $perms = array_merge($perms, $user_ary); } } $perms = array_unique($perms); if (count($perms)) { $error[] = $user->lang['NOT_ADDED_FOES_MOD_ADMIN']; } // This may not be right ... it may yield true when perms equate to deny $user_id_ary = array_diff($user_id_ary, $perms); unset($perms); } if (count($user_id_ary)) { $sql_mode = ($mode == 'friends') ? 'friend' : 'foe'; $sql_ary = array(); foreach ($user_id_ary as $zebra_id) { $sql_ary[] = array( 'user_id' => (int) $user->data['user_id'], 'zebra_id' => (int) $zebra_id, $sql_mode => 1 ); } /** * Add users to friends/foes * * @event core.ucp_add_zebra * @var string mode Zebra type: * friends|foes * @var array sql_ary Array of * entries we add * @since 3.1.0-a1 */ $vars = array('mode', 'sql_ary'); extract($phpbb_dispatcher->trigger_event('core.ucp_add_zebra', compact($vars))); $db->sql_multi_insert(ZEBRA_TABLE, $sql_ary); $updated = true; } unset($user_id_ary); } else if (!count($error)) { $error[] = $user->lang['USER_NOT_FOUND_OR_INACTIVE']; } } } if ($request->is_ajax()) { $message = ($updated) ? $user->lang[$l_mode . '_UPDATED'] : implode('
', $error); $json_response = new \phpbb\json_response; $json_response->send(array( 'success' => $updated, 'MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $message, 'REFRESH_DATA' => array( 'time' => 3, 'url' => $this->u_action ) )); } else if ($updated) { meta_refresh(3, $this->u_action); $message = $user->lang[$l_mode . '_UPDATED'] . '
' . implode('
', $error) . ((count($error)) ? '
' : '') . '
' . sprintf($user->lang['RETURN_UCP'], '', ''); trigger_error($message); } else { $template->assign_var('ERROR', implode('
', $error)); } } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 'mode' => $mode, 'submit' => true, 'usernames' => $data['usernames'], 'add' => $data['add'])) ); } } } $sql_and = ($mode == 'friends') ? 'z.friend = 1' : 'z.foe = 1'; $sql = 'SELECT z.*, u.username, u.username_clean FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u WHERE z.user_id = ' . $user->data['user_id'] . " AND $sql_and AND u.user_id = z.zebra_id ORDER BY u.username_clean ASC"; $result = $db->sql_query($sql); $s_username_options = ''; while ($row = $db->sql_fetchrow($result)) { $s_username_options .= ''; } $db->sql_freeresult($result); $template->assign_vars(array( 'L_TITLE' => $user->lang['UCP_ZEBRA_' . $l_mode], 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=add'), 'S_USERNAME_OPTIONS' => $s_username_options, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => $this->u_action) ); $this->tpl_name = 'ucp_zebra_' . $mode; $this->page_title = 'UCP_ZEBRA_' . $l_mode; } }