| [ Index ] |
PHP Cross Reference of phpBB-3.3.10-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 if (!defined('IN_PHPBB')) 18 { 19 exit; 20 } 21 22 class acp_users 23 { 24 var $u_action; 25 var $p_master; 26 27 function __construct($p_master) 28 { 29 $this->p_master = $p_master; 30 } 31 32 function main($id, $mode) 33 { 34 global $config, $db, $user, $auth, $template; 35 global $phpbb_root_path, $phpbb_admin_path, $phpEx; 36 global $phpbb_dispatcher, $request; 37 global $phpbb_container, $phpbb_log; 38 39 $user->add_lang(array('posting', 'ucp', 'acp/users')); 40 $this->tpl_name = 'acp_users'; 41 42 $error = array(); 43 $username = $request->variable('username', '', true); 44 $user_id = $request->variable('u', 0); 45 $action = $request->variable('action', ''); 46 47 // Get referer to redirect user to the appropriate page after delete action 48 $redirect = $request->variable('redirect', ''); 49 $redirect_tag = "redirect=$redirect"; 50 $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect"); 51 52 $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false; 53 54 $form_name = 'acp_users'; 55 add_form_key($form_name); 56 57 // Whois (special case) 58 if ($action == 'whois') 59 { 60 if (!function_exists('user_get_id_name')) 61 { 62 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 63 } 64 65 $this->page_title = 'WHOIS'; 66 $this->tpl_name = 'simple_body'; 67 68 $user_ip = phpbb_ip_normalise($request->variable('user_ip', '')); 69 $domain = gethostbyaddr($user_ip); 70 $ipwhois = user_ipwhois($user_ip); 71 72 $template->assign_vars(array( 73 'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), 74 'MESSAGE_TEXT' => nl2br($ipwhois)) 75 ); 76 77 return; 78 } 79 80 // Show user selection mask 81 if (!$username && !$user_id) 82 { 83 $this->page_title = 'SELECT_USER'; 84 85 $template->assign_vars(array( 86 'U_ACTION' => $this->u_action, 87 'ANONYMOUS_USER_ID' => ANONYMOUS, 88 89 'S_SELECT_USER' => true, 90 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'), 91 )); 92 93 return; 94 } 95 96 if (!$user_id) 97 { 98 $sql = 'SELECT user_id 99 FROM ' . USERS_TABLE . " 100 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; 101 $result = $db->sql_query($sql); 102 $user_id = (int) $db->sql_fetchfield('user_id'); 103 $db->sql_freeresult($result); 104 105 if (!$user_id) 106 { 107 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); 108 } 109 } 110 111 // Generate content for all modes 112 $sql = 'SELECT u.*, s.* 113 FROM ' . USERS_TABLE . ' u 114 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) 115 WHERE u.user_id = ' . $user_id . ' 116 ORDER BY s.session_time DESC'; 117 $result = $db->sql_query_limit($sql, 1); 118 $user_row = $db->sql_fetchrow($result); 119 $db->sql_freeresult($result); 120 121 if (!$user_row) 122 { 123 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); 124 } 125 126 // Generate overall "header" for user admin 127 $s_form_options = ''; 128 129 // Build modes dropdown list 130 $sql = 'SELECT module_mode, module_auth 131 FROM ' . MODULES_TABLE . " 132 WHERE module_basename = 'acp_users' 133 AND module_enabled = 1 134 AND module_class = 'acp' 135 ORDER BY left_id, module_mode"; 136 $result = $db->sql_query($sql); 137 138 $dropdown_modes = array(); 139 while ($row = $db->sql_fetchrow($result)) 140 { 141 if (!$this->p_master->module_auth_self($row['module_auth'])) 142 { 143 continue; 144 } 145 146 $dropdown_modes[$row['module_mode']] = true; 147 } 148 $db->sql_freeresult($result); 149 150 foreach ($dropdown_modes as $module_mode => $null) 151 { 152 $selected = ($mode == $module_mode) ? ' selected="selected"' : ''; 153 $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>'; 154 } 155 156 $template->assign_vars(array( 157 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url, 158 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"), 159 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag), 160 'S_FORM_OPTIONS' => $s_form_options, 161 'MANAGED_USERNAME' => $user_row['username']) 162 ); 163 164 // Prevent normal users/admins change/view founders if they are not a founder by themselves 165 if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) 166 { 167 trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING); 168 } 169 170 $this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode)); 171 172 switch ($mode) 173 { 174 case 'overview': 175 176 if (!function_exists('user_get_id_name')) 177 { 178 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 179 } 180 181 $user->add_lang('acp/ban'); 182 183 $delete = $request->variable('delete', 0); 184 $delete_type = $request->variable('delete_type', ''); 185 $ip = $request->variable('ip', 'ip'); 186 187 /** 188 * Run code at beginning of ACP users overview 189 * 190 * @event core.acp_users_overview_before 191 * @var array user_row Current user data 192 * @var string mode Active module 193 * @var string action Module that should be run 194 * @var bool submit Do we display the form only 195 * or did the user press submit 196 * @var array error Array holding error messages 197 * @since 3.1.3-RC1 198 */ 199 $vars = array('user_row', 'mode', 'action', 'submit', 'error'); 200 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars))); 201 202 if ($submit) 203 { 204 if ($delete) 205 { 206 if (!$auth->acl_get('a_userdel')) 207 { 208 send_status_line(403, 'Forbidden'); 209 trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 210 } 211 212 // Check if the user wants to remove himself or the guest user account 213 if ($user_id == ANONYMOUS) 214 { 215 trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 216 } 217 218 // Founders can not be deleted. 219 if ($user_row['user_type'] == USER_FOUNDER) 220 { 221 trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 222 } 223 224 if ($user_id == $user->data['user_id']) 225 { 226 trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 227 } 228 229 if ($delete_type) 230 { 231 if (confirm_box(true)) 232 { 233 user_delete($delete_type, $user_id, $user_row['username']); 234 235 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username'])); 236 trigger_error($user->lang['USER_DELETED'] . adm_back_link( 237 (empty($redirect)) ? $this->u_action : $redirect_url 238 ) 239 ); 240 } 241 else 242 { 243 $delete_confirm_hidden_fields = array( 244 'u' => $user_id, 245 'i' => $id, 246 'mode' => $mode, 247 'action' => $action, 248 'update' => true, 249 'delete' => 1, 250 'delete_type' => $delete_type, 251 ); 252 253 // Checks if the redirection page is specified 254 if (!empty($redirect)) 255 { 256 $delete_confirm_hidden_fields['redirect'] = $redirect; 257 } 258 259 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields)); 260 } 261 } 262 else 263 { 264 trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 265 } 266 } 267 268 // Handle quicktool actions 269 switch ($action) 270 { 271 case 'banuser': 272 case 'banemail': 273 case 'banip': 274 275 if ($user_id == $user->data['user_id']) 276 { 277 trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 278 } 279 280 if ($user_id == ANONYMOUS) 281 { 282 trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 283 } 284 285 if ($user_row['user_type'] == USER_FOUNDER) 286 { 287 trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 288 } 289 290 if (!check_form_key($form_name)) 291 { 292 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 293 } 294 295 $ban = array(); 296 297 switch ($action) 298 { 299 case 'banuser': 300 $ban[] = $user_row['username']; 301 $reason = 'USER_ADMIN_BAN_NAME_REASON'; 302 break; 303 304 case 'banemail': 305 $ban[] = $user_row['user_email']; 306 $reason = 'USER_ADMIN_BAN_EMAIL_REASON'; 307 break; 308 309 case 'banip': 310 $ban[] = $user_row['user_ip']; 311 312 $sql = 'SELECT DISTINCT poster_ip 313 FROM ' . POSTS_TABLE . " 314 WHERE poster_id = $user_id"; 315 $result = $db->sql_query($sql); 316 317 while ($row = $db->sql_fetchrow($result)) 318 { 319 $ban[] = $row['poster_ip']; 320 } 321 $db->sql_freeresult($result); 322 323 $reason = 'USER_ADMIN_BAN_IP_REASON'; 324 break; 325 } 326 327 $ban_reason = $request->variable('ban_reason', $user->lang[$reason], true); 328 $ban_give_reason = $request->variable('ban_give_reason', '', true); 329 330 // Log not used at the moment, we simply utilize the ban function. 331 $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason); 332 333 trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id)); 334 335 break; 336 337 case 'reactivate': 338 339 if ($user_id == $user->data['user_id']) 340 { 341 trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 342 } 343 344 if (!check_form_key($form_name)) 345 { 346 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 347 } 348 349 if ($user_row['user_type'] == USER_FOUNDER) 350 { 351 trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 352 } 353 354 if ($user_row['user_type'] == USER_IGNORE) 355 { 356 trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 357 } 358 359 if ($config['email_enable']) 360 { 361 if (!class_exists('messenger')) 362 { 363 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); 364 } 365 366 $server_url = generate_board_url(); 367 368 $user_actkey = gen_rand_string(mt_rand(6, 10)); 369 $email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive'; 370 371 if ($user_row['user_type'] == USER_NORMAL) 372 { 373 user_active_flip('deactivate', $user_id, INACTIVE_REMIND); 374 } 375 else 376 { 377 // Grabbing the last confirm key - we only send a reminder 378 $sql = 'SELECT user_actkey 379 FROM ' . USERS_TABLE . ' 380 WHERE user_id = ' . $user_id; 381 $result = $db->sql_query($sql); 382 $user_activation_key = (string) $db->sql_fetchfield('user_actkey'); 383 $db->sql_freeresult($result); 384 385 $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key; 386 } 387 388 if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key)) 389 { 390 $sql = 'UPDATE ' . USERS_TABLE . " 391 SET user_actkey = '" . $db->sql_escape($user_actkey) . "' 392 WHERE user_id = $user_id"; 393 $db->sql_query($sql); 394 } 395 396 $messenger = new messenger(false); 397 398 $messenger->template($email_template, $user_row['user_lang']); 399 400 $messenger->set_addresses($user_row); 401 402 $messenger->anti_abuse_headers($config, $user); 403 404 $messenger->assign_vars(array( 405 'WELCOME_MSG' => html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT), 406 'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT), 407 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") 408 ); 409 410 $messenger->send(NOTIFY_EMAIL); 411 412 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username'])); 413 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array( 414 'reportee_id' => $user_id 415 )); 416 417 trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id)); 418 } 419 420 break; 421 422 case 'active': 423 424 if ($user_id == $user->data['user_id']) 425 { 426 // It is only deactivation since the user is already activated (else he would not have reached this page) 427 trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 428 } 429 430 if (!check_form_key($form_name)) 431 { 432 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 433 } 434 435 if ($user_row['user_type'] == USER_FOUNDER) 436 { 437 trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 438 } 439 440 if ($user_row['user_type'] == USER_IGNORE) 441 { 442 trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 443 } 444 445 user_active_flip('flip', $user_id); 446 447 if ($user_row['user_type'] == USER_INACTIVE) 448 { 449 if ($config['require_activation'] == USER_ACTIVATION_ADMIN) 450 { 451 /* @var $phpbb_notifications \phpbb\notification\manager */ 452 $phpbb_notifications = $phpbb_container->get('notification_manager'); 453 $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); 454 455 if (!class_exists('messenger')) 456 { 457 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); 458 } 459 460 $messenger = new messenger(false); 461 462 $messenger->template('admin_welcome_activated', $user_row['user_lang']); 463 464 $messenger->set_addresses($user_row); 465 466 $messenger->anti_abuse_headers($config, $user); 467 468 $messenger->assign_vars(array( 469 'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT)) 470 ); 471 472 $messenger->send(NOTIFY_EMAIL); 473 } 474 } 475 476 $message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED'; 477 $log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE'; 478 479 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username'])); 480 $phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array( 481 'reportee_id' => $user_id 482 )); 483 484 trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id)); 485 486 break; 487 488 case 'delsig': 489 490 if (!check_form_key($form_name)) 491 { 492 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 493 } 494 495 $sql_ary = array( 496 'user_sig' => '', 497 'user_sig_bbcode_uid' => '', 498 'user_sig_bbcode_bitfield' => '' 499 ); 500 501 $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 502 WHERE user_id = $user_id"; 503 $db->sql_query($sql); 504 505 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username'])); 506 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array( 507 'reportee_id' => $user_id 508 )); 509 510 trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 511 512 break; 513 514 case 'delavatar': 515 516 if (!check_form_key($form_name)) 517 { 518 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 519 } 520 521 // Delete old avatar if present 522 /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ 523 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 524 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_'); 525 526 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username'])); 527 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array( 528 'reportee_id' => $user_id 529 )); 530 531 trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 532 break; 533 534 case 'delposts': 535 536 if (confirm_box(true)) 537 { 538 // Delete posts, attachments, etc. 539 delete_posts('poster_id', $user_id); 540 541 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username'])); 542 trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 543 } 544 else 545 { 546 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 547 'u' => $user_id, 548 'i' => $id, 549 'mode' => $mode, 550 'action' => $action, 551 'update' => true)) 552 ); 553 } 554 555 break; 556 557 case 'delattach': 558 559 if (confirm_box(true)) 560 { 561 /** @var \phpbb\attachment\manager $attachment_manager */ 562 $attachment_manager = $phpbb_container->get('attachment.manager'); 563 $attachment_manager->delete('user', $user_id); 564 unset($attachment_manager); 565 566 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username'])); 567 trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 568 } 569 else 570 { 571 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 572 'u' => $user_id, 573 'i' => $id, 574 'mode' => $mode, 575 'action' => $action, 576 'update' => true)) 577 ); 578 } 579 580 break; 581 582 case 'deloutbox': 583 584 if (confirm_box(true)) 585 { 586 $msg_ids = array(); 587 $lang = 'EMPTY'; 588 589 $sql = 'SELECT msg_id 590 FROM ' . PRIVMSGS_TO_TABLE . " 591 WHERE author_id = $user_id 592 AND folder_id = " . PRIVMSGS_OUTBOX; 593 $result = $db->sql_query($sql); 594 595 if ($row = $db->sql_fetchrow($result)) 596 { 597 if (!function_exists('delete_pm')) 598 { 599 include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); 600 } 601 602 do 603 { 604 $msg_ids[] = (int) $row['msg_id']; 605 } 606 while ($row = $db->sql_fetchrow($result)); 607 608 $db->sql_freeresult($result); 609 610 delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX); 611 612 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username'])); 613 614 $lang = 'EMPTIED'; 615 } 616 $db->sql_freeresult($result); 617 618 trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id)); 619 } 620 else 621 { 622 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 623 'u' => $user_id, 624 'i' => $id, 625 'mode' => $mode, 626 'action' => $action, 627 'update' => true)) 628 ); 629 } 630 break; 631 632 case 'moveposts': 633 634 if (!check_form_key($form_name)) 635 { 636 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 637 } 638 639 $user->add_lang('acp/forums'); 640 641 $new_forum_id = $request->variable('new_f', 0); 642 643 if (!$new_forum_id) 644 { 645 $this->page_title = 'USER_ADMIN_MOVE_POSTS'; 646 647 $template->assign_vars(array( 648 'S_SELECT_FORUM' => true, 649 'U_ACTION' => $this->u_action . "&action=$action&u=$user_id", 650 'U_BACK' => $this->u_action . "&u=$user_id", 651 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true)) 652 ); 653 654 return; 655 } 656 657 // Is the new forum postable to? 658 $sql = 'SELECT forum_name, forum_type 659 FROM ' . FORUMS_TABLE . " 660 WHERE forum_id = $new_forum_id"; 661 $result = $db->sql_query($sql); 662 $forum_info = $db->sql_fetchrow($result); 663 $db->sql_freeresult($result); 664 665 if (!$forum_info) 666 { 667 trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 668 } 669 670 if ($forum_info['forum_type'] != FORUM_POST) 671 { 672 trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 673 } 674 675 // Two stage? 676 // Move topics comprising only posts from this user 677 $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array(); 678 $forum_id_ary = array($new_forum_id); 679 680 $sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts 681 FROM ' . POSTS_TABLE . " 682 WHERE poster_id = $user_id 683 AND forum_id <> $new_forum_id 684 GROUP BY topic_id, post_visibility"; 685 $result = $db->sql_query($sql); 686 687 while ($row = $db->sql_fetchrow($result)) 688 { 689 $topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts']; 690 } 691 $db->sql_freeresult($result); 692 693 if (count($topic_id_ary)) 694 { 695 $sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment 696 FROM ' . TOPICS_TABLE . ' 697 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); 698 $result = $db->sql_query($sql); 699 700 while ($row = $db->sql_fetchrow($result)) 701 { 702 if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved'] 703 && $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved'] 704 && $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved'] 705 && $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted']) 706 { 707 $move_topic_ary[] = $row['topic_id']; 708 } 709 else 710 { 711 $move_post_ary[$row['topic_id']]['title'] = $row['topic_title']; 712 $move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0; 713 } 714 715 $forum_id_ary[] = $row['forum_id']; 716 } 717 $db->sql_freeresult($result); 718 } 719 720 // Entire topic comprises posts by this user, move these topics 721 if (count($move_topic_ary)) 722 { 723 move_topics($move_topic_ary, $new_forum_id, false); 724 } 725 726 if (count($move_post_ary)) 727 { 728 // Create new topic 729 // Update post_ids, report_ids, attachment_ids 730 foreach ($move_post_ary as $topic_id => $post_ary) 731 { 732 // Create new topic 733 $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 734 'topic_poster' => $user_id, 735 'topic_time' => time(), 736 'forum_id' => $new_forum_id, 737 'icon_id' => 0, 738 'topic_visibility' => ITEM_APPROVED, 739 'topic_title' => $post_ary['title'], 740 'topic_first_poster_name' => $user_row['username'], 741 'topic_type' => POST_NORMAL, 742 'topic_time_limit' => 0, 743 'topic_attachment' => $post_ary['attach']) 744 ); 745 $db->sql_query($sql); 746 747 $new_topic_id = $db->sql_nextid(); 748 749 // Move posts 750 $sql = 'UPDATE ' . POSTS_TABLE . " 751 SET forum_id = $new_forum_id, topic_id = $new_topic_id 752 WHERE topic_id = $topic_id 753 AND poster_id = $user_id"; 754 $db->sql_query($sql); 755 756 if ($post_ary['attach']) 757 { 758 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " 759 SET topic_id = $new_topic_id 760 WHERE topic_id = $topic_id 761 AND poster_id = $user_id"; 762 $db->sql_query($sql); 763 } 764 765 $new_topic_id_ary[] = $new_topic_id; 766 } 767 } 768 769 $forum_id_ary = array_unique($forum_id_ary); 770 $topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary)); 771 772 if (count($topic_id_ary)) 773 { 774 sync('topic_reported', 'topic_id', $topic_id_ary); 775 sync('topic', 'topic_id', $topic_id_ary); 776 } 777 778 if (count($forum_id_ary)) 779 { 780 sync('forum', 'forum_id', $forum_id_ary, false, true); 781 } 782 783 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name'])); 784 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array( 785 'reportee_id' => $user_id, 786 $forum_info['forum_name'] 787 )); 788 789 trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 790 791 break; 792 793 case 'leave_nr': 794 795 if (confirm_box(true)) 796 { 797 remove_newly_registered($user_id, $user_row); 798 799 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username'])); 800 trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id)); 801 } 802 else 803 { 804 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 805 'u' => $user_id, 806 'i' => $id, 807 'mode' => $mode, 808 'action' => $action, 809 'update' => true)) 810 ); 811 } 812 813 break; 814 815 default: 816 $u_action = $this->u_action; 817 818 /** 819 * Run custom quicktool code 820 * 821 * @event core.acp_users_overview_run_quicktool 822 * @var string action Quick tool that should be run 823 * @var array user_row Current user data 824 * @var string u_action The u_action link 825 * @var int user_id User id of the user to manage 826 * @since 3.1.0-a1 827 * @changed 3.2.2-RC1 Added u_action 828 * @changed 3.2.10-RC1 Added user_id 829 */ 830 $vars = array('action', 'user_row', 'u_action', 'user_id'); 831 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars))); 832 833 unset($u_action); 834 break; 835 } 836 837 // Handle registration info updates 838 $data = array( 839 'username' => $request->variable('user', $user_row['username'], true), 840 'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 841 'email' => strtolower($request->variable('user_email', $user_row['user_email'])), 842 'new_password' => $request->variable('new_password', '', true), 843 'password_confirm' => $request->variable('password_confirm', '', true), 844 ); 845 846 // Validation data - we do not check the password complexity setting here 847 $check_ary = array( 848 'new_password' => array( 849 array('string', true, $config['min_pass_chars'], 0), 850 array('password')), 851 'password_confirm' => array('string', true, $config['min_pass_chars'], 0), 852 ); 853 854 // Check username if altered 855 if ($data['username'] != $user_row['username']) 856 { 857 $check_ary += array( 858 'username' => array( 859 array('string', false, $config['min_name_chars'], $config['max_name_chars']), 860 array('username', $user_row['username'], true) 861 ), 862 ); 863 } 864 865 // Check email if altered 866 if ($data['email'] != $user_row['user_email']) 867 { 868 $check_ary += array( 869 'email' => array( 870 array('string', false, 6, 60), 871 array('user_email', $user_row['user_email']), 872 ), 873 ); 874 } 875 876 $error = validate_data($data, $check_ary); 877 878 if ($data['new_password'] && $data['password_confirm'] != $data['new_password']) 879 { 880 $error[] = 'NEW_PASSWORD_ERROR'; 881 } 882 883 if (!check_form_key($form_name)) 884 { 885 $error[] = 'FORM_INVALID'; 886 } 887 888 // Instantiate passwords manager 889 /* @var $passwords_manager \phpbb\passwords\manager */ 890 $passwords_manager = $phpbb_container->get('passwords.manager'); 891 892 // Which updates do we need to do? 893 $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false; 894 $update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']); 895 $update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false; 896 897 if (!count($error)) 898 { 899 $sql_ary = array(); 900 901 if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER) 902 { 903 // Only allow founders updating the founder status... 904 if ($user->data['user_type'] == USER_FOUNDER) 905 { 906 // Setting a normal member to be a founder 907 if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER) 908 { 909 // Make sure the user is not setting an Inactive or ignored user to be a founder 910 if ($user_row['user_type'] == USER_IGNORE) 911 { 912 trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 913 } 914 915 if ($user_row['user_type'] == USER_INACTIVE) 916 { 917 trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 918 } 919 920 $sql_ary['user_type'] = USER_FOUNDER; 921 } 922 else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER) 923 { 924 // Check if at least one founder is present 925 $sql = 'SELECT user_id 926 FROM ' . USERS_TABLE . ' 927 WHERE user_type = ' . USER_FOUNDER . ' 928 AND user_id <> ' . $user_id; 929 $result = $db->sql_query_limit($sql, 1); 930 $row = $db->sql_fetchrow($result); 931 $db->sql_freeresult($result); 932 933 if ($row) 934 { 935 $sql_ary['user_type'] = USER_NORMAL; 936 } 937 else 938 { 939 trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 940 } 941 } 942 } 943 } 944 945 /** 946 * Modify user data before we update it 947 * 948 * @event core.acp_users_overview_modify_data 949 * @var array user_row Current user data 950 * @var array data Submitted user data 951 * @var array sql_ary User data we udpate 952 * @since 3.1.0-a1 953 */ 954 $vars = array('user_row', 'data', 'sql_ary'); 955 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars))); 956 957 if ($update_username !== false) 958 { 959 $sql_ary['username'] = $update_username; 960 $sql_ary['username_clean'] = utf8_clean_string($update_username); 961 962 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array( 963 'reportee_id' => $user_id, 964 $user_row['username'], 965 $update_username 966 )); 967 } 968 969 if ($update_email !== false) 970 { 971 $sql_ary += ['user_email' => $update_email]; 972 973 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array( 974 'reportee_id' => $user_id, 975 $user_row['username'], 976 $user_row['user_email'], 977 $update_email 978 )); 979 } 980 981 if ($update_password) 982 { 983 $sql_ary += array( 984 'user_password' => $passwords_manager->hash($data['new_password']), 985 'user_passchg' => time(), 986 ); 987 988 $user->reset_login_keys($user_id); 989 990 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( 991 'reportee_id' => $user_id, 992 $user_row['username'] 993 )); 994 } 995 996 if (count($sql_ary)) 997 { 998 $sql = 'UPDATE ' . USERS_TABLE . ' 999 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 1000 WHERE user_id = ' . $user_id; 1001 $db->sql_query($sql); 1002 } 1003 1004 if ($update_username) 1005 { 1006 user_update_name($user_row['username'], $update_username); 1007 } 1008 1009 // Let the users permissions being updated 1010 $auth->acl_clear_prefetch($user_id); 1011 1012 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username'])); 1013 1014 trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1015 } 1016 1017 // Replace "error" strings with their real, localised form 1018 $error = array_map(array($user, 'lang'), $error); 1019 } 1020 1021 if ($user_id == $user->data['user_id']) 1022 { 1023 $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); 1024 if ($user_row['user_new']) 1025 { 1026 $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; 1027 } 1028 } 1029 else 1030 { 1031 $quick_tool_ary = array(); 1032 1033 if ($user_row['user_type'] != USER_FOUNDER) 1034 { 1035 $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP'); 1036 } 1037 1038 if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE) 1039 { 1040 $quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE')); 1041 } 1042 1043 $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); 1044 1045 if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE)) 1046 { 1047 $quick_tool_ary['reactivate'] = 'FORCE'; 1048 } 1049 1050 if ($user_row['user_new']) 1051 { 1052 $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; 1053 } 1054 } 1055 1056 if ($config['load_onlinetrack']) 1057 { 1058 $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline 1059 FROM ' . SESSIONS_TABLE . " 1060 WHERE session_user_id = $user_id"; 1061 $result = $db->sql_query($sql); 1062 $row = $db->sql_fetchrow($result); 1063 $db->sql_freeresult($result); 1064 1065 $user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0; 1066 $user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0; 1067 unset($row); 1068 } 1069 1070 /** 1071 * Add additional quick tool options and overwrite user data 1072 * 1073 * @event core.acp_users_display_overview 1074 * @var array user_row Array with user data 1075 * @var array quick_tool_ary Ouick tool options 1076 * @since 3.1.0-a1 1077 */ 1078 $vars = array('user_row', 'quick_tool_ary'); 1079 extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars))); 1080 1081 $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>'; 1082 foreach ($quick_tool_ary as $value => $lang) 1083 { 1084 $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>'; 1085 } 1086 1087 $last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit']; 1088 1089 $inactive_reason = ''; 1090 if ($user_row['user_type'] == USER_INACTIVE) 1091 { 1092 $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN']; 1093 1094 switch ($user_row['user_inactive_reason']) 1095 { 1096 case INACTIVE_REGISTER: 1097 $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER']; 1098 break; 1099 1100 case INACTIVE_PROFILE: 1101 $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE']; 1102 break; 1103 1104 case INACTIVE_MANUAL: 1105 $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL']; 1106 break; 1107 1108 case INACTIVE_REMIND: 1109 $inactive_reason = $user->lang['INACTIVE_REASON_REMIND']; 1110 break; 1111 } 1112 } 1113 1114 // Posts in Queue 1115 $sql = 'SELECT COUNT(post_id) as posts_in_queue 1116 FROM ' . POSTS_TABLE . ' 1117 WHERE poster_id = ' . $user_id . ' 1118 AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)); 1119 $result = $db->sql_query($sql); 1120 $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue'); 1121 $db->sql_freeresult($result); 1122 1123 $sql = 'SELECT post_id 1124 FROM ' . POSTS_TABLE . ' 1125 WHERE poster_id = '. $user_id; 1126 $result = $db->sql_query_limit($sql, 1); 1127 $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id'); 1128 $db->sql_freeresult($result); 1129 1130 $template->assign_vars(array( 1131 'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), 1132 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])), 1133 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']), 1134 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, 1135 1136 'S_OVERVIEW' => true, 1137 'S_USER_IP' => ($user_row['user_ip']) ? true : false, 1138 'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false, 1139 'S_ACTION_OPTIONS' => $s_action_options, 1140 'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false, 1141 'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false, 1142 1143 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 1144 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 1145 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', 1146 'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', 1147 1148 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '', 1149 1150 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'], 1151 'USER' => $user_row['username'], 1152 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 1153 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], 1154 'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ', 1155 'USER_EMAIL' => $user_row['user_email'], 1156 'USER_WARNINGS' => $user_row['user_warnings'], 1157 'USER_POSTS' => $user_row['user_posts'], 1158 'USER_HAS_POSTS' => $user_row['user_has_posts'], 1159 'USER_INACTIVE_REASON' => $inactive_reason, 1160 )); 1161 1162 break; 1163 1164 case 'feedback': 1165 1166 $user->add_lang('mcp'); 1167 1168 // Set up general vars 1169 $start = $request->variable('start', 0); 1170 $deletemark = (isset($_POST['delmarked'])) ? true : false; 1171 $deleteall = (isset($_POST['delall'])) ? true : false; 1172 $marked = $request->variable('mark', array(0)); 1173 $message = $request->variable('message', '', true); 1174 1175 /* @var $pagination \phpbb\pagination */ 1176 $pagination = $phpbb_container->get('pagination'); 1177 1178 // Sort keys 1179 $sort_days = $request->variable('st', 0); 1180 $sort_key = $request->variable('sk', 't'); 1181 $sort_dir = $request->variable('sd', 'd'); 1182 1183 // Delete entries if requested and able 1184 if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) 1185 { 1186 if (!check_form_key($form_name)) 1187 { 1188 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1189 } 1190 1191 $where_sql = ''; 1192 if ($deletemark && $marked) 1193 { 1194 $sql_in = array(); 1195 foreach ($marked as $mark) 1196 { 1197 $sql_in[] = $mark; 1198 } 1199 $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); 1200 unset($sql_in); 1201 } 1202 1203 if ($where_sql || $deleteall) 1204 { 1205 $sql = 'DELETE FROM ' . LOG_TABLE . ' 1206 WHERE log_type = ' . LOG_USERS . " 1207 AND reportee_id = $user_id 1208 $where_sql"; 1209 $db->sql_query($sql); 1210 1211 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username'])); 1212 } 1213 } 1214 1215 if ($submit && $message) 1216 { 1217 if (!check_form_key($form_name)) 1218 { 1219 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1220 } 1221 1222 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username'])); 1223 $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array( 1224 'forum_id' => 0, 1225 'topic_id' => 0, 1226 $user_row['username'] 1227 )); 1228 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array( 1229 'reportee_id' => $user_id, 1230 $message 1231 )); 1232 1233 trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1234 } 1235 1236 // Sorting 1237 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1238 $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); 1239 $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); 1240 1241 $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; 1242 gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); 1243 1244 // Define where and sort sql for use in displaying logs 1245 $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0; 1246 $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC'); 1247 1248 // Grab log data 1249 $log_data = array(); 1250 $log_count = 0; 1251 $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); 1252 1253 $base_url = $this->u_action . "&u=$user_id&$u_sort_param"; 1254 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); 1255 1256 $template->assign_vars(array( 1257 'S_FEEDBACK' => true, 1258 1259 'S_LIMIT_DAYS' => $s_limit_days, 1260 'S_SORT_KEY' => $s_sort_key, 1261 'S_SORT_DIR' => $s_sort_dir, 1262 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs')) 1263 ); 1264 1265 foreach ($log_data as $row) 1266 { 1267 $template->assign_block_vars('log', array( 1268 'USERNAME' => $row['username_full'], 1269 'IP' => $row['ip'], 1270 'DATE' => $user->format_date($row['time']), 1271 'ACTION' => nl2br($row['action']), 1272 'ID' => $row['id']) 1273 ); 1274 } 1275 1276 break; 1277 1278 case 'warnings': 1279 $user->add_lang('mcp'); 1280 1281 // Set up general vars 1282 $deletemark = (isset($_POST['delmarked'])) ? true : false; 1283 $deleteall = (isset($_POST['delall'])) ? true : false; 1284 $confirm = (isset($_POST['confirm'])) ? true : false; 1285 $marked = $request->variable('mark', array(0)); 1286 1287 // Delete entries if requested and able 1288 if ($deletemark || $deleteall || $confirm) 1289 { 1290 if (confirm_box(true)) 1291 { 1292 $where_sql = ''; 1293 $deletemark = $request->variable('delmarked', 0); 1294 $deleteall = $request->variable('delall', 0); 1295 if ($deletemark && $marked) 1296 { 1297 $where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked)); 1298 } 1299 1300 if ($where_sql || $deleteall) 1301 { 1302 $sql = 'DELETE FROM ' . WARNINGS_TABLE . " 1303 WHERE user_id = $user_id 1304 $where_sql"; 1305 $db->sql_query($sql); 1306 1307 if ($deleteall) 1308 { 1309 $log_warnings = $deleted_warnings = 0; 1310 } 1311 else 1312 { 1313 $num_warnings = (int) $db->sql_affectedrows(); 1314 $deleted_warnings = ' user_warnings - ' . $num_warnings; 1315 $log_warnings = ($num_warnings > 2) ? 2 : $num_warnings; 1316 } 1317 1318 $sql = 'UPDATE ' . USERS_TABLE . " 1319 SET user_warnings = $deleted_warnings 1320 WHERE user_id = $user_id"; 1321 $db->sql_query($sql); 1322 1323 if ($log_warnings) 1324 { 1325 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings)); 1326 } 1327 else 1328 { 1329 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username'])); 1330 } 1331 } 1332 } 1333 else 1334 { 1335 $s_hidden_fields = array( 1336 'i' => $id, 1337 'mode' => $mode, 1338 'u' => $user_id, 1339 'mark' => $marked, 1340 ); 1341 if (isset($_POST['delmarked'])) 1342 { 1343 $s_hidden_fields['delmarked'] = 1; 1344 } 1345 if (isset($_POST['delall'])) 1346 { 1347 $s_hidden_fields['delall'] = 1; 1348 } 1349 if (isset($_POST['delall']) || (isset($_POST['delmarked']) && count($marked))) 1350 { 1351 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); 1352 } 1353 } 1354 } 1355 1356 $sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour 1357 FROM ' . WARNINGS_TABLE . ' w 1358 LEFT JOIN ' . LOG_TABLE . ' l 1359 ON (w.log_id = l.log_id) 1360 LEFT JOIN ' . USERS_TABLE . ' m 1361 ON (l.user_id = m.user_id) 1362 WHERE w.user_id = ' . $user_id . ' 1363 ORDER BY w.warning_time DESC'; 1364 $result = $db->sql_query($sql); 1365 1366 while ($row = $db->sql_fetchrow($result)) 1367 { 1368 if (!$row['log_operation']) 1369 { 1370 // We do not have a log-entry anymore, so there is no data available 1371 $row['action'] = $user->lang['USER_WARNING_LOG_DELETED']; 1372 } 1373 else 1374 { 1375 $row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}'; 1376 if (!empty($row['log_data'])) 1377 { 1378 $log_data_ary = @unserialize($row['log_data']); 1379 $log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary; 1380 1381 if (isset($user->lang[$row['log_operation']])) 1382 { 1383 // Check if there are more occurrences of % than arguments, if there are we fill out the arguments array 1384 // It doesn't matter if we add more arguments than placeholders 1385 if ((substr_count($row['action'], '%') - count($log_data_ary)) > 0) 1386 { 1387 $log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - count($log_data_ary), '')); 1388 } 1389 $row['action'] = vsprintf($row['action'], $log_data_ary); 1390 $row['action'] = bbcode_nl2br(censor_text($row['action'])); 1391 } 1392 else if (!empty($log_data_ary)) 1393 { 1394 $row['action'] .= '<br />' . implode('', $log_data_ary); 1395 } 1396 } 1397 } 1398 1399 $template->assign_block_vars('warn', array( 1400 'ID' => $row['warning_id'], 1401 'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-', 1402 'ACTION' => make_clickable($row['action']), 1403 'DATE' => $user->format_date($row['warning_time']), 1404 )); 1405 } 1406 $db->sql_freeresult($result); 1407 1408 $template->assign_vars(array( 1409 'S_WARNINGS' => true, 1410 )); 1411 1412 break; 1413 1414 case 'profile': 1415 1416 if (!function_exists('user_get_id_name')) 1417 { 1418 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1419 } 1420 1421 /* @var $cp \phpbb\profilefields\manager */ 1422 $cp = $phpbb_container->get('profilefields.manager'); 1423 1424 $cp_data = $cp_error = array(); 1425 1426 $sql = 'SELECT lang_id 1427 FROM ' . LANG_TABLE . " 1428 WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'"; 1429 $result = $db->sql_query($sql); 1430 $row = $db->sql_fetchrow($result); 1431 $db->sql_freeresult($result); 1432 1433 $user_row['iso_lang_id'] = $row['lang_id']; 1434 1435 $data = array( 1436 'jabber' => $request->variable('jabber', $user_row['user_jabber'], true), 1437 'bday_day' => 0, 1438 'bday_month' => 0, 1439 'bday_year' => 0, 1440 ); 1441 1442 if ($user_row['user_birthday']) 1443 { 1444 list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']); 1445 } 1446 1447 $data['bday_day'] = $request->variable('bday_day', $data['bday_day']); 1448 $data['bday_month'] = $request->variable('bday_month', $data['bday_month']); 1449 $data['bday_year'] = $request->variable('bday_year', $data['bday_year']); 1450 $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']); 1451 1452 /** 1453 * Modify user data on editing profile in ACP 1454 * 1455 * @event core.acp_users_modify_profile 1456 * @var array data Array with user profile data 1457 * @var bool submit Flag indicating if submit button has been pressed 1458 * @var int user_id The user id 1459 * @var array user_row Array with the full user data 1460 * @since 3.1.4-RC1 1461 */ 1462 $vars = array('data', 'submit', 'user_id', 'user_row'); 1463 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars))); 1464 1465 if ($submit) 1466 { 1467 $error = validate_data($data, array( 1468 'jabber' => array( 1469 array('string', true, 5, 255), 1470 array('jabber')), 1471 'bday_day' => array('num', true, 1, 31), 1472 'bday_month' => array('num', true, 1, 12), 1473 'bday_year' => array('num', true, 1901, gmdate('Y', time())), 1474 'user_birthday' => array('date', true), 1475 )); 1476 1477 // validate custom profile fields 1478 $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error); 1479 1480 if (count($cp_error)) 1481 { 1482 $error = array_merge($error, $cp_error); 1483 } 1484 if (!check_form_key($form_name)) 1485 { 1486 $error[] = 'FORM_INVALID'; 1487 } 1488 1489 /** 1490 * Validate profile data in ACP before submitting to the database 1491 * 1492 * @event core.acp_users_profile_validate 1493 * @var array data Array with user profile data 1494 * @var int user_id The user id 1495 * @var array user_row Array with the full user data 1496 * @var array error Array with the form errors 1497 * @since 3.1.4-RC1 1498 * @changed 3.1.12-RC1 Removed submit, added user_id, user_row 1499 */ 1500 $vars = array('data', 'user_id', 'user_row', 'error'); 1501 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars))); 1502 1503 if (!count($error)) 1504 { 1505 $sql_ary = array( 1506 'user_jabber' => $data['jabber'], 1507 'user_birthday' => $data['user_birthday'], 1508 ); 1509 1510 /** 1511 * Modify profile data in ACP before submitting to the database 1512 * 1513 * @event core.acp_users_profile_modify_sql_ary 1514 * @var array cp_data Array with the user custom profile fields data 1515 * @var array data Array with user profile data 1516 * @var int user_id The user id 1517 * @var array user_row Array with the full user data 1518 * @var array sql_ary Array with sql data 1519 * @since 3.1.4-RC1 1520 */ 1521 $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary'); 1522 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars))); 1523 1524 $sql = 'UPDATE ' . USERS_TABLE . ' 1525 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 1526 WHERE user_id = $user_id"; 1527 $db->sql_query($sql); 1528 1529 // Update Custom Fields 1530 $cp->update_profile_field_data($user_id, $cp_data); 1531 1532 trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1533 } 1534 1535 // Replace "error" strings with their real, localised form 1536 $error = array_map(array($user, 'lang'), $error); 1537 } 1538 1539 $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>'; 1540 for ($i = 1; $i < 32; $i++) 1541 { 1542 $selected = ($i == $data['bday_day']) ? ' selected="selected"' : ''; 1543 $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>"; 1544 } 1545 1546 $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>'; 1547 for ($i = 1; $i < 13; $i++) 1548 { 1549 $selected = ($i == $data['bday_month']) ? ' selected="selected"' : ''; 1550 $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>"; 1551 } 1552 1553 $now = getdate(); 1554 $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>'; 1555 for ($i = $now['year'] - 100; $i <= $now['year']; $i++) 1556 { 1557 $selected = ($i == $data['bday_year']) ? ' selected="selected"' : ''; 1558 $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>"; 1559 } 1560 unset($now); 1561 1562 $template->assign_vars(array( 1563 'JABBER' => $data['jabber'], 1564 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 1565 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 1566 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 1567 1568 'S_PROFILE' => true) 1569 ); 1570 1571 // Get additional profile fields and assign them to the template block var 'profile_fields' 1572 $user->get_profile_fields($user_id); 1573 1574 $cp->generate_profile_fields('profile', $user_row['iso_lang_id']); 1575 1576 break; 1577 1578 case 'prefs': 1579 1580 if (!function_exists('user_get_id_name')) 1581 { 1582 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1583 } 1584 1585 $data = array( 1586 'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true), 1587 'lang' => basename($request->variable('lang', $user_row['user_lang'])), 1588 'tz' => $request->variable('tz', $user_row['user_timezone']), 1589 'style' => $request->variable('style', $user_row['user_style']), 1590 'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']), 1591 'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']), 1592 'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']), 1593 'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']), 1594 'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']), 1595 'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']), 1596 1597 'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'), 1598 'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'), 1599 'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0), 1600 1601 'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'), 1602 'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'), 1603 'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0), 1604 1605 'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')), 1606 'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')), 1607 'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')), 1608 'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')), 1609 'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')), 1610 'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')), 1611 1612 'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')), 1613 'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')), 1614 'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')), 1615 'notify' => $request->variable('notify', $user_row['user_notify']), 1616 ); 1617 1618 /** 1619 * Modify users preferences data 1620 * 1621 * @event core.acp_users_prefs_modify_data 1622 * @var array data Array with users preferences data 1623 * @var array user_row Array with user data 1624 * @since 3.1.0-b3 1625 */ 1626 $vars = array('data', 'user_row'); 1627 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars))); 1628 1629 if ($submit) 1630 { 1631 $error = validate_data($data, array( 1632 'dateformat' => array('string', false, 1, 64), 1633 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), 1634 'tz' => array('timezone'), 1635 1636 'topic_sk' => array('string', false, 1, 1), 1637 'topic_sd' => array('string', false, 1, 1), 1638 'post_sk' => array('string', false, 1, 1), 1639 'post_sd' => array('string', false, 1, 1), 1640 )); 1641 1642 if (!check_form_key($form_name)) 1643 { 1644 $error[] = 'FORM_INVALID'; 1645 } 1646 1647 if (!count($error)) 1648 { 1649 $this->optionset($user_row, 'viewimg', $data['view_images']); 1650 $this->optionset($user_row, 'viewflash', $data['view_flash']); 1651 $this->optionset($user_row, 'viewsmilies', $data['view_smilies']); 1652 $this->optionset($user_row, 'viewsigs', $data['view_sigs']); 1653 $this->optionset($user_row, 'viewavatars', $data['view_avatars']); 1654 $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']); 1655 $this->optionset($user_row, 'bbcode', $data['bbcode']); 1656 $this->optionset($user_row, 'smilies', $data['smilies']); 1657 $this->optionset($user_row, 'attachsig', $data['sig']); 1658 1659 $sql_ary = array( 1660 'user_options' => $user_row['user_options'], 1661 1662 'user_allow_pm' => $data['allowpm'], 1663 'user_allow_viewemail' => $data['viewemail'], 1664 'user_allow_massemail' => $data['massemail'], 1665 'user_allow_viewonline' => !$data['hideonline'], 1666 'user_notify_type' => $data['notifymethod'], 1667 'user_notify_pm' => $data['notifypm'], 1668 1669 'user_dateformat' => $data['dateformat'], 1670 'user_lang' => $data['lang'], 1671 'user_timezone' => $data['tz'], 1672 'user_style' => $data['style'], 1673 1674 'user_topic_sortby_type' => $data['topic_sk'], 1675 'user_post_sortby_type' => $data['post_sk'], 1676 'user_topic_sortby_dir' => $data['topic_sd'], 1677 'user_post_sortby_dir' => $data['post_sd'], 1678 1679 'user_topic_show_days' => $data['topic_st'], 1680 'user_post_show_days' => $data['post_st'], 1681 1682 'user_notify' => $data['notify'], 1683 ); 1684 1685 /** 1686 * Modify SQL query before users preferences are updated 1687 * 1688 * @event core.acp_users_prefs_modify_sql 1689 * @var array data Array with users preferences data 1690 * @var array user_row Array with user data 1691 * @var array sql_ary SQL array with users preferences data to update 1692 * @var array error Array with errors data 1693 * @since 3.1.0-b3 1694 */ 1695 $vars = array('data', 'user_row', 'sql_ary', 'error'); 1696 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars))); 1697 1698 if (!count($error)) 1699 { 1700 $sql = 'UPDATE ' . USERS_TABLE . ' 1701 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 1702 WHERE user_id = $user_id"; 1703 $db->sql_query($sql); 1704 1705 // Check if user has an active session 1706 if ($user_row['session_id']) 1707 { 1708 // We'll update the session if user_allow_viewonline has changed and the user is a bot 1709 // Or if it's a regular user and the admin set it to hide the session 1710 if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE 1711 || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) 1712 { 1713 // We also need to check if the user has the permission to cloak. 1714 $user_auth = new \phpbb\auth\auth(); 1715 $user_auth->acl($user_row); 1716 1717 $session_sql_ary = array( 1718 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true, 1719 ); 1720 1721 $sql = 'UPDATE ' . SESSIONS_TABLE . ' 1722 SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . " 1723 WHERE session_user_id = $user_id"; 1724 $db->sql_query($sql); 1725 1726 unset($user_auth); 1727 } 1728 } 1729 1730 trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1731 } 1732 } 1733 1734 // Replace "error" strings with their real, localised form 1735 $error = array_map(array($user, 'lang'), $error); 1736 } 1737 1738 $dateformat_options = ''; 1739 foreach ($user->lang['dateformats'] as $format => $null) 1740 { 1741 $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>'; 1742 $dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : ''); 1743 $dateformat_options .= '</option>'; 1744 } 1745 1746 $s_custom = false; 1747 1748 $dateformat_options .= '<option value="custom"'; 1749 if (!isset($user->lang['dateformats'][$data['dateformat']])) 1750 { 1751 $dateformat_options .= ' selected="selected"'; 1752 $s_custom = true; 1753 } 1754 $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>'; 1755 1756 $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 1757 1758 // Topic ordering options 1759 $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1760 $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); 1761 1762 // Post ordering options 1763 $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1764 $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); 1765 1766 $_options = array('topic', 'post'); 1767 foreach ($_options as $sort_option) 1768 { 1769 ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">'; 1770 foreach (${'limit_' . $sort_option . '_days'} as $day => $text) 1771 { 1772 $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : ''; 1773 ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; 1774 } 1775 ${'s_limit_' . $sort_option . '_days'} .= '</select>'; 1776 1777 ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">'; 1778 foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) 1779 { 1780 $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : ''; 1781 ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; 1782 } 1783 ${'s_sort_' . $sort_option . '_key'} .= '</select>'; 1784 1785 ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">'; 1786 foreach ($sort_dir_text as $key => $value) 1787 { 1788 $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : ''; 1789 ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 1790 } 1791 ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; 1792 } 1793 1794 phpbb_timezone_select($template, $user, $data['tz'], true); 1795 $user_prefs_data = array( 1796 'S_PREFS' => true, 1797 'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true, 1798 1799 'VIEW_EMAIL' => $data['viewemail'], 1800 'MASS_EMAIL' => $data['massemail'], 1801 'ALLOW_PM' => $data['allowpm'], 1802 'HIDE_ONLINE' => $data['hideonline'], 1803 'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false, 1804 'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false, 1805 'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false, 1806 'NOTIFY_PM' => $data['notifypm'], 1807 'BBCODE' => $data['bbcode'], 1808 'SMILIES' => $data['smilies'], 1809 'ATTACH_SIG' => $data['sig'], 1810 'NOTIFY' => $data['notify'], 1811 'VIEW_IMAGES' => $data['view_images'], 1812 'VIEW_FLASH' => $data['view_flash'], 1813 'VIEW_SMILIES' => $data['view_smilies'], 1814 'VIEW_SIGS' => $data['view_sigs'], 1815 'VIEW_AVATARS' => $data['view_avatars'], 1816 'VIEW_WORDCENSOR' => $data['view_wordcensor'], 1817 1818 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days, 1819 'S_TOPIC_SORT_KEY' => $s_sort_topic_key, 1820 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir, 1821 'S_POST_SORT_DAYS' => $s_limit_post_days, 1822 'S_POST_SORT_KEY' => $s_sort_post_key, 1823 'S_POST_SORT_DIR' => $s_sort_post_dir, 1824 1825 'DATE_FORMAT' => $data['dateformat'], 1826 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 1827 'S_CUSTOM_DATEFORMAT' => $s_custom, 1828 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 1829 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), 1830 1831 'S_LANG_OPTIONS' => language_select($data['lang']), 1832 'S_STYLE_OPTIONS' => style_select($data['style']), 1833 ); 1834 1835 /** 1836 * Modify users preferences data before assigning it to the template 1837 * 1838 * @event core.acp_users_prefs_modify_template_data 1839 * @var array data Array with users preferences data 1840 * @var array user_row Array with user data 1841 * @var array user_prefs_data Array with users preferences data to be assigned to the template 1842 * @since 3.1.0-b3 1843 */ 1844 $vars = array('data', 'user_row', 'user_prefs_data'); 1845 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars))); 1846 1847 $template->assign_vars($user_prefs_data); 1848 1849 break; 1850 1851 case 'avatar': 1852 1853 $avatars_enabled = false; 1854 /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ 1855 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 1856 1857 if ($config['allow_avatar']) 1858 { 1859 $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); 1860 1861 // This is normalised data, without the user_ prefix 1862 $avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user'); 1863 1864 if ($submit) 1865 { 1866 if (check_form_key($form_name)) 1867 { 1868 $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); 1869 1870 if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) 1871 { 1872 $driver = $phpbb_avatar_manager->get_driver($driver_name); 1873 $result = $driver->process_form($request, $template, $user, $avatar_data, $error); 1874 1875 if ($result && empty($error)) 1876 { 1877 // Success! Lets save the result in the database 1878 $result = array( 1879 'user_avatar_type' => $driver_name, 1880 'user_avatar' => $result['avatar'], 1881 'user_avatar_width' => $result['avatar_width'], 1882 'user_avatar_height' => $result['avatar_height'], 1883 ); 1884 1885 /** 1886 * Modify users preferences data before assigning it to the template 1887 * 1888 * @event core.acp_users_avatar_sql 1889 * @var array user_row Array with user data 1890 * @var array result Array with user avatar data to be updated in the DB 1891 * @since 3.2.4-RC1 1892 */ 1893 $vars = array('user_row', 'result'); 1894 extract($phpbb_dispatcher->trigger_event('core.acp_users_avatar_sql', compact($vars))); 1895 1896 $sql = 'UPDATE ' . USERS_TABLE . ' 1897 SET ' . $db->sql_build_array('UPDATE', $result) . ' 1898 WHERE user_id = ' . (int) $user_id; 1899 1900 $db->sql_query($sql); 1901 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1902 } 1903 } 1904 } 1905 else 1906 { 1907 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1908 } 1909 } 1910 1911 // Handle deletion of avatars 1912 if ($request->is_set_post('avatar_delete')) 1913 { 1914 if (!confirm_box(true)) 1915 { 1916 confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array( 1917 'avatar_delete' => true)) 1918 ); 1919 } 1920 else 1921 { 1922 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_'); 1923 1924 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1925 } 1926 } 1927 1928 $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type'])); 1929 1930 // Assign min and max values before generating avatar driver html 1931 $template->assign_vars(array( 1932 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], 1933 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], 1934 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], 1935 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], 1936 )); 1937 1938 foreach ($avatar_drivers as $current_driver) 1939 { 1940 $driver = $phpbb_avatar_manager->get_driver($current_driver); 1941 1942 $avatars_enabled = true; 1943 $template->set_filenames(array( 1944 'avatar' => $driver->get_acp_template_name(), 1945 )); 1946 1947 if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) 1948 { 1949 $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver); 1950 $driver_upper = strtoupper($driver_name); 1951 1952 $template->assign_block_vars('avatar_drivers', array( 1953 'L_TITLE' => $user->lang($driver_upper . '_TITLE'), 1954 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 1955 1956 'DRIVER' => $driver_name, 1957 'SELECTED' => $current_driver == $selected_driver, 1958 'OUTPUT' => $template->assign_display('avatar'), 1959 )); 1960 } 1961 } 1962 } 1963 1964 // Avatar manager is not initialized if avatars are disabled 1965 if (isset($phpbb_avatar_manager)) 1966 { 1967 // Replace "error" strings with their real, localised form 1968 $error = $phpbb_avatar_manager->localize_errors($user, $error); 1969 } 1970 1971 $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true); 1972 1973 $template->assign_vars(array( 1974 'S_AVATAR' => true, 1975 'ERROR' => (!empty($error)) ? implode('<br />', $error) : '', 1976 'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar), 1977 1978 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 1979 1980 'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024), 1981 1982 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled), 1983 )); 1984 1985 break; 1986 1987 case 'rank': 1988 1989 if ($submit) 1990 { 1991 if (!check_form_key($form_name)) 1992 { 1993 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1994 } 1995 1996 $rank_id = $request->variable('user_rank', 0); 1997 1998 $sql = 'UPDATE ' . USERS_TABLE . " 1999 SET user_rank = $rank_id 2000 WHERE user_id = $user_id"; 2001 $db->sql_query($sql); 2002 2003 trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 2004 } 2005 2006 $sql = 'SELECT * 2007 FROM ' . RANKS_TABLE . ' 2008 WHERE rank_special = 1 2009 ORDER BY rank_title'; 2010 $result = $db->sql_query($sql); 2011 2012 $s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>'; 2013 2014 while ($row = $db->sql_fetchrow($result)) 2015 { 2016 $selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : ''; 2017 $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; 2018 } 2019 $db->sql_freeresult($result); 2020 2021 $template->assign_vars(array( 2022 'S_RANK' => true, 2023 'S_RANK_OPTIONS' => $s_rank_options) 2024 ); 2025 2026 break; 2027 2028 case 'sig': 2029 2030 if (!function_exists('display_custom_bbcodes')) 2031 { 2032 include($phpbb_root_path . 'includes/functions_display.' . $phpEx); 2033 } 2034 2035 $enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false; 2036 $enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false; 2037 $enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false; 2038 2039 $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0); 2040 2041 $decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags); 2042 $signature = $request->variable('signature', $decoded_message['text'], true); 2043 $signature_preview = ''; 2044 2045 if ($submit || $request->is_set_post('preview')) 2046 { 2047 $enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false; 2048 $enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false; 2049 $enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false; 2050 2051 if (!check_form_key($form_name)) 2052 { 2053 $error[] = 'FORM_INVALID'; 2054 } 2055 } 2056 2057 $bbcode_uid = $bbcode_bitfield = $bbcode_flags = ''; 2058 $warn_msg = generate_text_for_storage( 2059 $signature, 2060 $bbcode_uid, 2061 $bbcode_bitfield, 2062 $bbcode_flags, 2063 $enable_bbcode, 2064 $enable_urls, 2065 $enable_smilies, 2066 $config['allow_sig_img'], 2067 $config['allow_sig_flash'], 2068 true, 2069 $config['allow_sig_links'], 2070 'sig' 2071 ); 2072 2073 if (count($warn_msg)) 2074 { 2075 $error += $warn_msg; 2076 } 2077 2078 if (!$submit) 2079 { 2080 // Parse it for displaying 2081 $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags); 2082 } 2083 else 2084 { 2085 if (!count($error)) 2086 { 2087 $this->optionset($user_row, 'sig_bbcode', $enable_bbcode); 2088 $this->optionset($user_row, 'sig_smilies', $enable_smilies); 2089 $this->optionset($user_row, 'sig_links', $enable_urls); 2090 2091 $sql_ary = array( 2092 'user_sig' => $signature, 2093 'user_options' => $user_row['user_options'], 2094 'user_sig_bbcode_uid' => $bbcode_uid, 2095 'user_sig_bbcode_bitfield' => $bbcode_bitfield, 2096 ); 2097 2098 /** 2099 * Modify user signature before it is stored in the DB 2100 * 2101 * @event core.acp_users_modify_signature_sql_ary 2102 * @var array user_row Array with user data 2103 * @var array sql_ary Array with user signature data to be updated in the DB 2104 * @since 3.2.4-RC1 2105 */ 2106 $vars = array('user_row', 'sql_ary'); 2107 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_signature_sql_ary', compact($vars))); 2108 2109 $sql = 'UPDATE ' . USERS_TABLE . ' 2110 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 2111 WHERE user_id = ' . $user_id; 2112 $db->sql_query($sql); 2113 2114 trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 2115 } 2116 } 2117 2118 // Replace "error" strings with their real, localised form 2119 $error = array_map(array($user, 'lang'), $error); 2120 2121 if ($request->is_set_post('preview')) 2122 { 2123 $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags); 2124 } 2125 2126 /** @var \phpbb\controller\helper $controller_helper */ 2127 $controller_helper = $phpbb_container->get('controller.helper'); 2128 2129 $template->assign_vars(array( 2130 'S_SIGNATURE' => true, 2131 2132 'SIGNATURE' => $decoded_message['text'], 2133 'SIGNATURE_PREVIEW' => $signature_preview, 2134 2135 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '', 2136 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '', 2137 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '', 2138 2139 'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 2140 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 2141 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 2142 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 2143 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 2144 2145 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']), 2146 2147 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 2148 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 2149 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false, 2150 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false, 2151 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) 2152 ); 2153 2154 // Assigning custom bbcodes 2155 display_custom_bbcodes(); 2156 2157 break; 2158 2159 case 'attach': 2160 /* @var $pagination \phpbb\pagination */ 2161 $pagination = $phpbb_container->get('pagination'); 2162 2163 $start = $request->variable('start', 0); 2164 $deletemark = (isset($_POST['delmarked'])) ? true : false; 2165 $marked = $request->variable('mark', array(0)); 2166 2167 // Sort keys 2168 $sort_key = $request->variable('sk', 'a'); 2169 $sort_dir = $request->variable('sd', 'd'); 2170 2171 if ($deletemark && count($marked)) 2172 { 2173 $sql = 'SELECT attach_id 2174 FROM ' . ATTACHMENTS_TABLE . ' 2175 WHERE poster_id = ' . $user_id . ' 2176 AND is_orphan = 0 2177 AND ' . $db->sql_in_set('attach_id', $marked); 2178 $result = $db->sql_query($sql); 2179 2180 $marked = array(); 2181 while ($row = $db->sql_fetchrow($result)) 2182 { 2183 $marked[] = $row['attach_id']; 2184 } 2185 $db->sql_freeresult($result); 2186 } 2187 2188 if ($deletemark && count($marked)) 2189 { 2190 if (confirm_box(true)) 2191 { 2192 $sql = 'SELECT real_filename 2193 FROM ' . ATTACHMENTS_TABLE . ' 2194 WHERE ' . $db->sql_in_set('attach_id', $marked); 2195 $result = $db->sql_query($sql); 2196 2197 $log_attachments = array(); 2198 while ($row = $db->sql_fetchrow($result)) 2199 { 2200 $log_attachments[] = $row['real_filename']; 2201 } 2202 $db->sql_freeresult($result); 2203 2204 /** @var \phpbb\attachment\manager $attachment_manager */ 2205 $attachment_manager = $phpbb_container->get('attachment.manager'); 2206 $attachment_manager->delete('attach', $marked); 2207 unset($attachment_manager); 2208 2209 $message = (count($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']; 2210 2211 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments))); 2212 trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id)); 2213 } 2214 else 2215 { 2216 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2217 'u' => $user_id, 2218 'i' => $id, 2219 'mode' => $mode, 2220 'action' => $action, 2221 'delmarked' => true, 2222 'mark' => $marked)) 2223 ); 2224 } 2225 } 2226 2227 $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); 2228 $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); 2229 2230 $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 2231 2232 $s_sort_key = ''; 2233 foreach ($sk_text as $key => $value) 2234 { 2235 $selected = ($sort_key == $key) ? ' selected="selected"' : ''; 2236 $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 2237 } 2238 2239 $s_sort_dir = ''; 2240 foreach ($sd_text as $key => $value) 2241 { 2242 $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; 2243 $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 2244 } 2245 2246 if (!isset($sk_sql[$sort_key])) 2247 { 2248 $sort_key = 'a'; 2249 } 2250 2251 $order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC'); 2252 2253 $sql = 'SELECT COUNT(attach_id) as num_attachments 2254 FROM ' . ATTACHMENTS_TABLE . " 2255 WHERE poster_id = $user_id 2256 AND is_orphan = 0"; 2257 $result = $db->sql_query_limit($sql, 1); 2258 $num_attachments = (int) $db->sql_fetchfield('num_attachments'); 2259 $db->sql_freeresult($result); 2260 2261 $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title 2262 FROM ' . ATTACHMENTS_TABLE . ' a 2263 LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id 2264 AND a.in_message = 0) 2265 LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id 2266 AND a.in_message = 1) 2267 WHERE a.poster_id = ' . $user_id . " 2268 AND a.is_orphan = 0 2269 ORDER BY $order_by"; 2270 $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); 2271 2272 while ($row = $db->sql_fetchrow($result)) 2273 { 2274 if ($row['in_message']) 2275 { 2276 $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}"); 2277 } 2278 else 2279 { 2280 $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . '#p' . $row['post_msg_id']; 2281 } 2282 2283 $template->assign_block_vars('attach', array( 2284 'REAL_FILENAME' => $row['real_filename'], 2285 'COMMENT' => nl2br($row['attach_comment']), 2286 'EXTENSION' => $row['extension'], 2287 'SIZE' => get_formatted_filesize($row['filesize']), 2288 'DOWNLOAD_COUNT' => $row['download_count'], 2289 'POST_TIME' => $user->format_date($row['filetime']), 2290 'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'], 2291 2292 'ATTACH_ID' => $row['attach_id'], 2293 'POST_ID' => $row['post_msg_id'], 2294 'TOPIC_ID' => $row['topic_id'], 2295 2296 'S_IN_MESSAGE' => $row['in_message'], 2297 2298 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']), 2299 'U_VIEW_TOPIC' => $view_topic) 2300 ); 2301 } 2302 $db->sql_freeresult($result); 2303 2304 $base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir"; 2305 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start); 2306 2307 $template->assign_vars(array( 2308 'S_ATTACHMENTS' => true, 2309 'S_SORT_KEY' => $s_sort_key, 2310 'S_SORT_DIR' => $s_sort_dir, 2311 )); 2312 2313 break; 2314 2315 case 'groups': 2316 2317 if (!function_exists('group_user_attributes')) 2318 { 2319 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 2320 } 2321 2322 $user->add_lang(array('groups', 'acp/groups')); 2323 $group_id = $request->variable('g', 0); 2324 2325 if ($group_id) 2326 { 2327 // Check the founder only entry for this group to make sure everything is well 2328 $sql = 'SELECT group_founder_manage 2329 FROM ' . GROUPS_TABLE . ' 2330 WHERE group_id = ' . $group_id; 2331 $result = $db->sql_query($sql); 2332 $founder_manage = (int) $db->sql_fetchfield('group_founder_manage'); 2333 $db->sql_freeresult($result); 2334 2335 if ($user->data['user_type'] != USER_FOUNDER && $founder_manage) 2336 { 2337 trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2338 } 2339 } 2340 2341 switch ($action) 2342 { 2343 case 'demote': 2344 case 'promote': 2345 case 'default': 2346 if (!$group_id) 2347 { 2348 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2349 } 2350 2351 if (!check_link_hash($request->variable('hash', ''), 'acp_users')) 2352 { 2353 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); 2354 } 2355 2356 group_user_attributes($action, $group_id, $user_id); 2357 2358 if ($action == 'default') 2359 { 2360 $user_row['group_id'] = $group_id; 2361 } 2362 break; 2363 2364 case 'delete': 2365 2366 if (confirm_box(true)) 2367 { 2368 if (!$group_id) 2369 { 2370 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2371 } 2372 2373 if ($error = group_user_del($group_id, $user_id)) 2374 { 2375 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2376 } 2377 2378 $error = array(); 2379 2380 // The delete action was successful - therefore update the user row... 2381 $sql = 'SELECT u.*, s.* 2382 FROM ' . USERS_TABLE . ' u 2383 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) 2384 WHERE u.user_id = ' . $user_id . ' 2385 ORDER BY s.session_time DESC'; 2386 $result = $db->sql_query_limit($sql, 1); 2387 $user_row = $db->sql_fetchrow($result); 2388 $db->sql_freeresult($result); 2389 } 2390 else 2391 { 2392 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2393 'u' => $user_id, 2394 'i' => $id, 2395 'mode' => $mode, 2396 'action' => $action, 2397 'g' => $group_id)) 2398 ); 2399 } 2400 2401 break; 2402 2403 case 'approve': 2404 2405 if (confirm_box(true)) 2406 { 2407 if (!$group_id) 2408 { 2409 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2410 } 2411 group_user_attributes($action, $group_id, $user_id); 2412 } 2413 else 2414 { 2415 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2416 'u' => $user_id, 2417 'i' => $id, 2418 'mode' => $mode, 2419 'action' => $action, 2420 'g' => $group_id)) 2421 ); 2422 } 2423 2424 break; 2425 } 2426 2427 // Add user to group? 2428 if ($submit) 2429 { 2430 2431 if (!check_form_key($form_name)) 2432 { 2433 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2434 } 2435 2436 if (!$group_id) 2437 { 2438 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2439 } 2440 2441 // Add user/s to group 2442 if ($error = group_user_add($group_id, $user_id)) 2443 { 2444 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2445 } 2446 2447 $error = array(); 2448 } 2449 2450 /** @var \phpbb\group\helper $group_helper */ 2451 $group_helper = $phpbb_container->get('group_helper'); 2452 2453 $sql = 'SELECT ug.*, g.* 2454 FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug 2455 WHERE ug.user_id = $user_id 2456 AND g.group_id = ug.group_id 2457 ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name"; 2458 $result = $db->sql_query($sql); 2459 2460 $i = 0; 2461 $group_data = $id_ary = array(); 2462 while ($row = $db->sql_fetchrow($result)) 2463 { 2464 $type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal'); 2465 2466 $group_data[$type][$i]['group_id'] = $row['group_id']; 2467 $group_data[$type][$i]['group_name'] = $row['group_name']; 2468 $group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0; 2469 2470 $id_ary[] = $row['group_id']; 2471 2472 $i++; 2473 } 2474 $db->sql_freeresult($result); 2475 2476 // Select box for other groups 2477 $sql = 'SELECT group_id, group_name, group_type, group_founder_manage 2478 FROM ' . GROUPS_TABLE . ' 2479 ' . ((count($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . ' 2480 ORDER BY group_type DESC, group_name ASC'; 2481 $result = $db->sql_query($sql); 2482 2483 $s_group_options = ''; 2484 while ($row = $db->sql_fetchrow($result)) 2485 { 2486 if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA') 2487 { 2488 continue; 2489 } 2490 2491 // Do not display those groups not allowed to be managed 2492 if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage']) 2493 { 2494 continue; 2495 } 2496 2497 $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>'; 2498 } 2499 $db->sql_freeresult($result); 2500 2501 $current_type = ''; 2502 foreach ($group_data as $group_type => $data_ary) 2503 { 2504 if ($current_type != $group_type) 2505 { 2506 $template->assign_block_vars('group', array( 2507 'S_NEW_GROUP_TYPE' => true, 2508 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)]) 2509 ); 2510 } 2511 2512 foreach ($data_ary as $data) 2513 { 2514 $template->assign_block_vars('group', array( 2515 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"), 2516 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 2517 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 2518 'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'], 2519 'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '', 2520 2521 'GROUP_NAME' => $group_helper->get_name($data['group_name']), 2522 'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'], 2523 2524 'S_IS_MEMBER' => ($group_type != 'pending') ? true : false, 2525 'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false, 2526 'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false, 2527 ) 2528 ); 2529 } 2530 } 2531 2532 $template->assign_vars(array( 2533 'S_GROUPS' => true, 2534 'S_GROUP_OPTIONS' => $s_group_options) 2535 ); 2536 2537 break; 2538 2539 case 'perm': 2540 2541 if (!class_exists('auth_admin')) 2542 { 2543 include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); 2544 } 2545 2546 $auth_admin = new auth_admin(); 2547 2548 $user->add_lang('acp/permissions'); 2549 add_permission_language(); 2550 2551 $forum_id = $request->variable('f', 0); 2552 2553 // Global Permissions 2554 if (!$forum_id) 2555 { 2556 // Select auth options 2557 $sql = 'SELECT auth_option, is_local, is_global 2558 FROM ' . ACL_OPTIONS_TABLE . ' 2559 WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . ' 2560 AND is_global = 1 2561 ORDER BY auth_option'; 2562 $result = $db->sql_query($sql); 2563 2564 $hold_ary = array(); 2565 2566 while ($row = $db->sql_fetchrow($result)) 2567 { 2568 $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER); 2569 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false); 2570 } 2571 $db->sql_freeresult($result); 2572 2573 unset($hold_ary); 2574 } 2575 else 2576 { 2577 $sql = 'SELECT auth_option, is_local, is_global 2578 FROM ' . ACL_OPTIONS_TABLE . " 2579 WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . " 2580 AND is_local = 1 2581 ORDER BY is_global DESC, auth_option"; 2582 $result = $db->sql_query($sql); 2583 2584 while ($row = $db->sql_fetchrow($result)) 2585 { 2586 $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER); 2587 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false); 2588 } 2589 $db->sql_freeresult($result); 2590 } 2591 2592 $s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>'; 2593 $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false); 2594 2595 $template->assign_vars(array( 2596 'S_PERMISSIONS' => true, 2597 2598 'S_GLOBAL' => (!$forum_id) ? true : false, 2599 'S_FORUM_OPTIONS' => $s_forum_options, 2600 2601 'U_ACTION' => $this->u_action . '&u=' . $user_id, 2602 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id), 2603 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id)) 2604 ); 2605 2606 break; 2607 2608 default: 2609 $u_action = $this->u_action; 2610 2611 /** 2612 * Additional modes provided by extensions 2613 * 2614 * @event core.acp_users_mode_add 2615 * @var string mode New mode 2616 * @var int user_id User id of the user to manage 2617 * @var array user_row Array with user data 2618 * @var array error Array with errors data 2619 * @var string u_action The u_action link 2620 * @since 3.2.2-RC1 2621 * @changed 3.2.10-RC1 Added u_action 2622 */ 2623 $vars = array('mode', 'user_id', 'user_row', 'error', 'u_action'); 2624 extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars))); 2625 2626 unset($u_action); 2627 break; 2628 } 2629 2630 // Assign general variables 2631 $template->assign_vars(array( 2632 'S_ERROR' => (count($error)) ? true : false, 2633 'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '') 2634 ); 2635 } 2636 2637 /** 2638 * Set option bit field for user options in a user row array. 2639 * 2640 * Optionset replacement for this module based on $user->optionset. 2641 * 2642 * @param array $user_row Row from the users table. 2643 * @param int $key Option key, as defined in $user->keyoptions property. 2644 * @param bool $value True to set the option, false to clear the option. 2645 * @param int $data Current bit field value, or false to use $user_row['user_options'] 2646 * @return int|bool If $data is false, the bit field is modified and 2647 * written back to $user_row['user_options'], and 2648 * return value is true if the bit field changed and 2649 * false otherwise. If $data is not false, the new 2650 * bitfield value is returned. 2651 */ 2652 function optionset(&$user_row, $key, $value, $data = false) 2653 { 2654 global $user; 2655 2656 $var = ($data !== false) ? $data : $user_row['user_options']; 2657 2658 $new_var = phpbb_optionset($user->keyoptions[$key], $value, $var); 2659 2660 if ($data === false) 2661 { 2662 if ($new_var != $var) 2663 { 2664 $user_row['user_options'] = $new_var; 2665 return true; 2666 } 2667 else 2668 { 2669 return false; 2670 } 2671 } 2672 else 2673 { 2674 return $new_var; 2675 } 2676 } 2677 2678 /** 2679 * Get option bit field from user options in a user row array. 2680 * 2681 * Optionget replacement for this module based on $user->optionget. 2682 * 2683 * @param array $user_row Row from the users table. 2684 * @param int $key option key, as defined in $user->keyoptions property. 2685 * @param int $data bit field value to use, or false to use $user_row['user_options'] 2686 * @return bool true if the option is set in the bit field, false otherwise 2687 */ 2688 function optionget(&$user_row, $key, $data = false) 2689 { 2690 global $user; 2691 2692 $var = ($data !== false) ? $data : $user_row['user_options']; 2693 return phpbb_optionget($user->keyoptions[$key], $var); 2694 } 2695 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Feb 22 20:16:20 2023 | Cross-referenced by PHPXref 0.7.1 |