[ Index ] |
PHP Cross Reference of phpBB-3.3.14-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 if (!defined('IN_PHPBB')) 18 { 19 exit; 20 } 21 22 class acp_users 23 { 24 var $u_action; 25 var $p_master; 26 27 function __construct($p_master) 28 { 29 $this->p_master = $p_master; 30 } 31 32 function main($id, $mode) 33 { 34 global $config, $db, $user, $auth, $template; 35 global $phpbb_root_path, $phpbb_admin_path, $phpEx; 36 global $phpbb_dispatcher, $request; 37 global $phpbb_container, $phpbb_log; 38 39 $user->add_lang(array('posting', 'ucp', 'acp/users')); 40 $this->tpl_name = 'acp_users'; 41 42 $error = array(); 43 $username = $request->variable('username', '', true); 44 $user_id = $request->variable('u', 0); 45 $action = $request->variable('action', ''); 46 47 // Get referer to redirect user to the appropriate page after delete action 48 $redirect = $request->variable('redirect', ''); 49 $redirect_tag = "redirect=$redirect"; 50 $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect"); 51 52 $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false; 53 54 $form_name = 'acp_users'; 55 add_form_key($form_name); 56 57 // Whois (special case) 58 if ($action == 'whois') 59 { 60 if (!function_exists('user_get_id_name')) 61 { 62 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 63 } 64 65 $this->page_title = 'WHOIS'; 66 $this->tpl_name = 'simple_body'; 67 68 $user_ip = phpbb_ip_normalise($request->variable('user_ip', '')); 69 $domain = gethostbyaddr($user_ip); 70 $ipwhois = user_ipwhois($user_ip); 71 72 $template->assign_vars(array( 73 'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), 74 'MESSAGE_TEXT' => nl2br($ipwhois)) 75 ); 76 77 return; 78 } 79 80 // Show user selection mask 81 if (!$username && !$user_id) 82 { 83 $this->page_title = 'SELECT_USER'; 84 85 $template->assign_vars(array( 86 'U_ACTION' => $this->u_action, 87 'ANONYMOUS_USER_ID' => ANONYMOUS, 88 89 'S_SELECT_USER' => true, 90 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'), 91 )); 92 93 return; 94 } 95 96 if (!$user_id) 97 { 98 $sql = 'SELECT user_id 99 FROM ' . USERS_TABLE . " 100 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; 101 $result = $db->sql_query($sql); 102 $user_id = (int) $db->sql_fetchfield('user_id'); 103 $db->sql_freeresult($result); 104 105 if (!$user_id) 106 { 107 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); 108 } 109 } 110 111 // Generate content for all modes 112 $sql = 'SELECT u.*, s.* 113 FROM ' . USERS_TABLE . ' u 114 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) 115 WHERE u.user_id = ' . $user_id . ' 116 ORDER BY s.session_time DESC'; 117 $result = $db->sql_query_limit($sql, 1); 118 $user_row = $db->sql_fetchrow($result); 119 $db->sql_freeresult($result); 120 121 if (!$user_row) 122 { 123 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); 124 } 125 126 // Generate overall "header" for user admin 127 $s_form_options = ''; 128 129 // Build modes dropdown list 130 $sql = 'SELECT module_mode, module_auth 131 FROM ' . MODULES_TABLE . " 132 WHERE module_basename = 'acp_users' 133 AND module_enabled = 1 134 AND module_class = 'acp' 135 ORDER BY left_id, module_mode"; 136 $result = $db->sql_query($sql); 137 138 $dropdown_modes = array(); 139 while ($row = $db->sql_fetchrow($result)) 140 { 141 if (!$this->p_master->module_auth_self($row['module_auth'])) 142 { 143 continue; 144 } 145 146 $dropdown_modes[$row['module_mode']] = true; 147 } 148 $db->sql_freeresult($result); 149 150 foreach ($dropdown_modes as $module_mode => $null) 151 { 152 $selected = ($mode == $module_mode) ? ' selected="selected"' : ''; 153 $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>'; 154 } 155 156 $template->assign_vars(array( 157 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url, 158 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"), 159 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag), 160 'S_FORM_OPTIONS' => $s_form_options, 161 'MANAGED_USERNAME' => $user_row['username']) 162 ); 163 164 // Prevent normal users/admins change/view founders if they are not a founder by themselves 165 if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) 166 { 167 trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING); 168 } 169 170 $this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode)); 171 172 switch ($mode) 173 { 174 case 'overview': 175 176 if (!function_exists('user_get_id_name')) 177 { 178 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 179 } 180 181 $user->add_lang('acp/ban'); 182 183 $delete = $request->variable('delete', 0); 184 $delete_type = $request->variable('delete_type', ''); 185 $ip = $request->variable('ip', 'ip'); 186 187 /** 188 * Run code at beginning of ACP users overview 189 * 190 * @event core.acp_users_overview_before 191 * @var array user_row Current user data 192 * @var string mode Active module 193 * @var string action Module that should be run 194 * @var bool submit Do we display the form only 195 * or did the user press submit 196 * @var array error Array holding error messages 197 * @since 3.1.3-RC1 198 */ 199 $vars = array('user_row', 'mode', 'action', 'submit', 'error'); 200 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars))); 201 202 if ($submit) 203 { 204 if ($delete) 205 { 206 if (!$auth->acl_get('a_userdel')) 207 { 208 send_status_line(403, 'Forbidden'); 209 trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 210 } 211 212 // Check if the user wants to remove himself or the guest user account 213 if ($user_id == ANONYMOUS) 214 { 215 trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 216 } 217 218 // Founders can not be deleted. 219 if ($user_row['user_type'] == USER_FOUNDER) 220 { 221 trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 222 } 223 224 if ($user_id == $user->data['user_id']) 225 { 226 trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 227 } 228 229 if ($delete_type) 230 { 231 if (confirm_box(true)) 232 { 233 user_delete($delete_type, $user_id, $user_row['username']); 234 235 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username'])); 236 trigger_error($user->lang['USER_DELETED'] . adm_back_link( 237 (empty($redirect)) ? $this->u_action : $redirect_url 238 ) 239 ); 240 } 241 else 242 { 243 $delete_confirm_hidden_fields = array( 244 'u' => $user_id, 245 'i' => $id, 246 'mode' => $mode, 247 'action' => $action, 248 'update' => true, 249 'delete' => 1, 250 'delete_type' => $delete_type, 251 ); 252 253 // Checks if the redirection page is specified 254 if (!empty($redirect)) 255 { 256 $delete_confirm_hidden_fields['redirect'] = $redirect; 257 } 258 259 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields)); 260 } 261 } 262 else 263 { 264 trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 265 } 266 } 267 268 // Handle quicktool actions 269 switch ($action) 270 { 271 case 'banuser': 272 case 'banemail': 273 case 'banip': 274 275 if ($user_id == $user->data['user_id']) 276 { 277 trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 278 } 279 280 if ($user_id == ANONYMOUS) 281 { 282 trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 283 } 284 285 if ($user_row['user_type'] == USER_FOUNDER) 286 { 287 trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 288 } 289 290 if (!check_form_key($form_name)) 291 { 292 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 293 } 294 295 $ban = array(); 296 297 switch ($action) 298 { 299 case 'banuser': 300 $ban[] = $user_row['username']; 301 $reason = 'USER_ADMIN_BAN_NAME_REASON'; 302 break; 303 304 case 'banemail': 305 $ban[] = $user_row['user_email']; 306 $reason = 'USER_ADMIN_BAN_EMAIL_REASON'; 307 break; 308 309 case 'banip': 310 $ban[] = $user_row['user_ip']; 311 312 $sql = 'SELECT DISTINCT poster_ip 313 FROM ' . POSTS_TABLE . " 314 WHERE poster_id = $user_id"; 315 $result = $db->sql_query($sql); 316 317 while ($row = $db->sql_fetchrow($result)) 318 { 319 $ban[] = $row['poster_ip']; 320 } 321 $db->sql_freeresult($result); 322 323 $reason = 'USER_ADMIN_BAN_IP_REASON'; 324 break; 325 } 326 327 $ban_reason = $request->variable('ban_reason', $user->lang[$reason], true); 328 $ban_give_reason = $request->variable('ban_give_reason', '', true); 329 330 // Log not used at the moment, we simply utilize the ban function. 331 $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason); 332 333 trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id)); 334 335 break; 336 337 case 'reactivate': 338 339 if ($user_id == $user->data['user_id']) 340 { 341 trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 342 } 343 344 if (!check_form_key($form_name)) 345 { 346 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 347 } 348 349 if ($user_row['user_type'] == USER_FOUNDER) 350 { 351 trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 352 } 353 354 if ($user_row['user_type'] == USER_IGNORE) 355 { 356 trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 357 } 358 359 if ($config['email_enable']) 360 { 361 if (!class_exists('messenger')) 362 { 363 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); 364 } 365 366 $server_url = generate_board_url(); 367 368 $user_actkey = gen_rand_string(mt_rand(6, 10)); 369 $email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive'; 370 371 if ($user_row['user_type'] == USER_NORMAL) 372 { 373 user_active_flip('deactivate', $user_id, INACTIVE_REMIND); 374 } 375 else 376 { 377 // Grabbing the last confirm key - we only send a reminder 378 $sql = 'SELECT user_actkey 379 FROM ' . USERS_TABLE . ' 380 WHERE user_id = ' . $user_id; 381 $result = $db->sql_query($sql); 382 $user_activation_key = (string) $db->sql_fetchfield('user_actkey'); 383 $db->sql_freeresult($result); 384 385 $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key; 386 } 387 388 // Always update actkey even if same and also update actkey expiration to 24 hours from now 389 $sql_ary = [ 390 'user_actkey' => $user_actkey, 391 'user_actkey_expiration' => $user::get_token_expiration(), 392 ]; 393 394 $sql = 'UPDATE ' . USERS_TABLE . ' 395 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 396 WHERE user_id = ' . (int) $user_id; 397 $db->sql_query($sql); 398 399 // Start sending email 400 $messenger = new messenger(false); 401 402 $messenger->template($email_template, $user_row['user_lang']); 403 404 $messenger->set_addresses($user_row); 405 406 $messenger->anti_abuse_headers($config, $user); 407 408 $messenger->assign_vars(array( 409 'WELCOME_MSG' => html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT), 410 'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT), 411 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") 412 ); 413 414 $messenger->send(NOTIFY_EMAIL); 415 416 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username'])); 417 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array( 418 'reportee_id' => $user_id 419 )); 420 421 trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id)); 422 } 423 424 break; 425 426 case 'active': 427 428 if ($user_id == $user->data['user_id']) 429 { 430 // It is only deactivation since the user is already activated (else he would not have reached this page) 431 trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 432 } 433 434 if (!check_form_key($form_name)) 435 { 436 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 437 } 438 439 if ($user_row['user_type'] == USER_FOUNDER) 440 { 441 trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 442 } 443 444 if ($user_row['user_type'] == USER_IGNORE) 445 { 446 trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 447 } 448 449 user_active_flip('flip', $user_id); 450 451 if ($user_row['user_type'] == USER_INACTIVE) 452 { 453 if ($config['require_activation'] == USER_ACTIVATION_ADMIN) 454 { 455 /* @var $phpbb_notifications \phpbb\notification\manager */ 456 $phpbb_notifications = $phpbb_container->get('notification_manager'); 457 $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); 458 459 if (!class_exists('messenger')) 460 { 461 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); 462 } 463 464 $messenger = new messenger(false); 465 466 $messenger->template('admin_welcome_activated', $user_row['user_lang']); 467 468 $messenger->set_addresses($user_row); 469 470 $messenger->anti_abuse_headers($config, $user); 471 472 $messenger->assign_vars(array( 473 'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT)) 474 ); 475 476 $messenger->send(NOTIFY_EMAIL); 477 } 478 } 479 480 $message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED'; 481 $log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE'; 482 483 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username'])); 484 $phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array( 485 'reportee_id' => $user_id 486 )); 487 488 trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id)); 489 490 break; 491 492 case 'delsig': 493 494 if (!check_form_key($form_name)) 495 { 496 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 497 } 498 499 $sql_ary = array( 500 'user_sig' => '', 501 'user_sig_bbcode_uid' => '', 502 'user_sig_bbcode_bitfield' => '' 503 ); 504 505 $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 506 WHERE user_id = $user_id"; 507 $db->sql_query($sql); 508 509 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username'])); 510 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array( 511 'reportee_id' => $user_id 512 )); 513 514 trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 515 516 break; 517 518 case 'delavatar': 519 520 if (!check_form_key($form_name)) 521 { 522 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 523 } 524 525 // Delete old avatar if present 526 /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ 527 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 528 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_'); 529 530 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username'])); 531 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array( 532 'reportee_id' => $user_id 533 )); 534 535 trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 536 break; 537 538 case 'delposts': 539 540 if (confirm_box(true)) 541 { 542 // Delete posts, attachments, etc. 543 delete_posts('poster_id', $user_id); 544 545 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username'])); 546 trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 547 } 548 else 549 { 550 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 551 'u' => $user_id, 552 'i' => $id, 553 'mode' => $mode, 554 'action' => $action, 555 'update' => true)) 556 ); 557 } 558 559 break; 560 561 case 'delattach': 562 563 if (confirm_box(true)) 564 { 565 /** @var \phpbb\attachment\manager $attachment_manager */ 566 $attachment_manager = $phpbb_container->get('attachment.manager'); 567 $attachment_manager->delete('user', $user_id); 568 unset($attachment_manager); 569 570 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username'])); 571 trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 572 } 573 else 574 { 575 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 576 'u' => $user_id, 577 'i' => $id, 578 'mode' => $mode, 579 'action' => $action, 580 'update' => true)) 581 ); 582 } 583 584 break; 585 586 case 'deloutbox': 587 588 if (confirm_box(true)) 589 { 590 $msg_ids = array(); 591 $lang = 'EMPTY'; 592 593 $sql = 'SELECT msg_id 594 FROM ' . PRIVMSGS_TO_TABLE . " 595 WHERE author_id = $user_id 596 AND folder_id = " . PRIVMSGS_OUTBOX; 597 $result = $db->sql_query($sql); 598 599 if ($row = $db->sql_fetchrow($result)) 600 { 601 if (!function_exists('delete_pm')) 602 { 603 include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); 604 } 605 606 do 607 { 608 $msg_ids[] = (int) $row['msg_id']; 609 } 610 while ($row = $db->sql_fetchrow($result)); 611 612 $db->sql_freeresult($result); 613 614 delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX); 615 616 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username'])); 617 618 $lang = 'EMPTIED'; 619 } 620 $db->sql_freeresult($result); 621 622 trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id)); 623 } 624 else 625 { 626 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 627 'u' => $user_id, 628 'i' => $id, 629 'mode' => $mode, 630 'action' => $action, 631 'update' => true)) 632 ); 633 } 634 break; 635 636 case 'moveposts': 637 638 if (!check_form_key($form_name)) 639 { 640 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 641 } 642 643 $user->add_lang('acp/forums'); 644 645 $new_forum_id = $request->variable('new_f', 0); 646 647 if (!$new_forum_id) 648 { 649 $this->page_title = 'USER_ADMIN_MOVE_POSTS'; 650 651 $template->assign_vars(array( 652 'S_SELECT_FORUM' => true, 653 'U_ACTION' => $this->u_action . "&action=$action&u=$user_id", 654 'U_BACK' => $this->u_action . "&u=$user_id", 655 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true)) 656 ); 657 658 return; 659 } 660 661 // Is the new forum postable to? 662 $sql = 'SELECT forum_name, forum_type 663 FROM ' . FORUMS_TABLE . " 664 WHERE forum_id = $new_forum_id"; 665 $result = $db->sql_query($sql); 666 $forum_info = $db->sql_fetchrow($result); 667 $db->sql_freeresult($result); 668 669 if (!$forum_info) 670 { 671 trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 672 } 673 674 if ($forum_info['forum_type'] != FORUM_POST) 675 { 676 trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 677 } 678 679 // Two stage? 680 // Move topics comprising only posts from this user 681 $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array(); 682 $forum_id_ary = array($new_forum_id); 683 684 $sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts 685 FROM ' . POSTS_TABLE . " 686 WHERE poster_id = $user_id 687 AND forum_id <> $new_forum_id 688 GROUP BY topic_id, post_visibility"; 689 $result = $db->sql_query($sql); 690 691 while ($row = $db->sql_fetchrow($result)) 692 { 693 $topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts']; 694 } 695 $db->sql_freeresult($result); 696 697 if (count($topic_id_ary)) 698 { 699 $sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment 700 FROM ' . TOPICS_TABLE . ' 701 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); 702 $result = $db->sql_query($sql); 703 704 while ($row = $db->sql_fetchrow($result)) 705 { 706 if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved'] 707 && $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved'] 708 && $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved'] 709 && $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted']) 710 { 711 $move_topic_ary[] = $row['topic_id']; 712 } 713 else 714 { 715 $move_post_ary[$row['topic_id']]['title'] = $row['topic_title']; 716 $move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0; 717 } 718 719 $forum_id_ary[] = $row['forum_id']; 720 } 721 $db->sql_freeresult($result); 722 } 723 724 // Entire topic comprises posts by this user, move these topics 725 if (count($move_topic_ary)) 726 { 727 move_topics($move_topic_ary, $new_forum_id, false); 728 } 729 730 if (count($move_post_ary)) 731 { 732 // Create new topic 733 // Update post_ids, report_ids, attachment_ids 734 foreach ($move_post_ary as $topic_id => $post_ary) 735 { 736 // Create new topic 737 $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 738 'topic_poster' => $user_id, 739 'topic_time' => time(), 740 'forum_id' => $new_forum_id, 741 'icon_id' => 0, 742 'topic_visibility' => ITEM_APPROVED, 743 'topic_title' => $post_ary['title'], 744 'topic_first_poster_name' => $user_row['username'], 745 'topic_type' => POST_NORMAL, 746 'topic_time_limit' => 0, 747 'topic_attachment' => $post_ary['attach']) 748 ); 749 $db->sql_query($sql); 750 751 $new_topic_id = $db->sql_nextid(); 752 753 // Move posts 754 $sql = 'UPDATE ' . POSTS_TABLE . " 755 SET forum_id = $new_forum_id, topic_id = $new_topic_id 756 WHERE topic_id = $topic_id 757 AND poster_id = $user_id"; 758 $db->sql_query($sql); 759 760 if ($post_ary['attach']) 761 { 762 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " 763 SET topic_id = $new_topic_id 764 WHERE topic_id = $topic_id 765 AND poster_id = $user_id"; 766 $db->sql_query($sql); 767 } 768 769 $new_topic_id_ary[] = $new_topic_id; 770 } 771 } 772 773 $forum_id_ary = array_unique($forum_id_ary); 774 $topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary)); 775 776 if (count($topic_id_ary)) 777 { 778 sync('topic_reported', 'topic_id', $topic_id_ary); 779 sync('topic', 'topic_id', $topic_id_ary); 780 } 781 782 if (count($forum_id_ary)) 783 { 784 sync('forum', 'forum_id', $forum_id_ary, false, true); 785 } 786 787 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name'])); 788 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array( 789 'reportee_id' => $user_id, 790 $forum_info['forum_name'] 791 )); 792 793 trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 794 795 break; 796 797 case 'leave_nr': 798 799 if (confirm_box(true)) 800 { 801 remove_newly_registered($user_id, $user_row); 802 803 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username'])); 804 trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id)); 805 } 806 else 807 { 808 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 809 'u' => $user_id, 810 'i' => $id, 811 'mode' => $mode, 812 'action' => $action, 813 'update' => true)) 814 ); 815 } 816 817 break; 818 819 default: 820 $u_action = $this->u_action; 821 822 /** 823 * Run custom quicktool code 824 * 825 * @event core.acp_users_overview_run_quicktool 826 * @var string action Quick tool that should be run 827 * @var array user_row Current user data 828 * @var string u_action The u_action link 829 * @var int user_id User id of the user to manage 830 * @since 3.1.0-a1 831 * @changed 3.2.2-RC1 Added u_action 832 * @changed 3.2.10-RC1 Added user_id 833 */ 834 $vars = array('action', 'user_row', 'u_action', 'user_id'); 835 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars))); 836 837 unset($u_action); 838 break; 839 } 840 841 // Handle registration info updates 842 $data = array( 843 'username' => $request->variable('user', $user_row['username'], true), 844 'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 845 'email' => strtolower($request->variable('user_email', $user_row['user_email'])), 846 'new_password' => $request->variable('new_password', '', true), 847 'password_confirm' => $request->variable('password_confirm', '', true), 848 ); 849 850 // Validation data - we do not check the password complexity setting here 851 $check_ary = array( 852 'new_password' => array( 853 array('string', true, $config['min_pass_chars'], 0), 854 array('password')), 855 'password_confirm' => array('string', true, $config['min_pass_chars'], 0), 856 ); 857 858 // Check username if altered 859 if ($data['username'] != $user_row['username']) 860 { 861 $check_ary += array( 862 'username' => array( 863 array('string', false, $config['min_name_chars'], $config['max_name_chars']), 864 array('username', $user_row['username'], true) 865 ), 866 ); 867 } 868 869 // Check email if altered 870 if ($data['email'] != $user_row['user_email']) 871 { 872 $check_ary += array( 873 'email' => array( 874 array('string', false, 6, 60), 875 array('user_email', $user_row['user_email']), 876 ), 877 ); 878 } 879 880 $error = validate_data($data, $check_ary); 881 882 if ($data['new_password'] && $data['password_confirm'] != $data['new_password']) 883 { 884 $error[] = 'NEW_PASSWORD_ERROR'; 885 } 886 887 if (!check_form_key($form_name)) 888 { 889 $error[] = 'FORM_INVALID'; 890 } 891 892 // Instantiate passwords manager 893 /* @var $passwords_manager \phpbb\passwords\manager */ 894 $passwords_manager = $phpbb_container->get('passwords.manager'); 895 896 // Which updates do we need to do? 897 $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false; 898 $update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']); 899 $update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false; 900 901 if (!count($error)) 902 { 903 $sql_ary = array(); 904 905 if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER) 906 { 907 // Only allow founders updating the founder status... 908 if ($user->data['user_type'] == USER_FOUNDER) 909 { 910 // Setting a normal member to be a founder 911 if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER) 912 { 913 // Make sure the user is not setting an Inactive or ignored user to be a founder 914 if ($user_row['user_type'] == USER_IGNORE) 915 { 916 trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 917 } 918 919 if ($user_row['user_type'] == USER_INACTIVE) 920 { 921 trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 922 } 923 924 $sql_ary['user_type'] = USER_FOUNDER; 925 } 926 else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER) 927 { 928 // Check if at least one founder is present 929 $sql = 'SELECT user_id 930 FROM ' . USERS_TABLE . ' 931 WHERE user_type = ' . USER_FOUNDER . ' 932 AND user_id <> ' . $user_id; 933 $result = $db->sql_query_limit($sql, 1); 934 $row = $db->sql_fetchrow($result); 935 $db->sql_freeresult($result); 936 937 if ($row) 938 { 939 $sql_ary['user_type'] = USER_NORMAL; 940 } 941 else 942 { 943 trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 944 } 945 } 946 } 947 } 948 949 /** 950 * Modify user data before we update it 951 * 952 * @event core.acp_users_overview_modify_data 953 * @var array user_row Current user data 954 * @var array data Submitted user data 955 * @var array sql_ary User data we udpate 956 * @since 3.1.0-a1 957 */ 958 $vars = array('user_row', 'data', 'sql_ary'); 959 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars))); 960 961 if ($update_username !== false) 962 { 963 $sql_ary['username'] = $update_username; 964 $sql_ary['username_clean'] = utf8_clean_string($update_username); 965 966 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array( 967 'reportee_id' => $user_id, 968 $user_row['username'], 969 $update_username 970 )); 971 } 972 973 if ($update_email !== false) 974 { 975 $sql_ary += ['user_email' => $update_email]; 976 977 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array( 978 'reportee_id' => $user_id, 979 $user_row['username'], 980 $user_row['user_email'], 981 $update_email 982 )); 983 } 984 985 if ($update_password) 986 { 987 $sql_ary += array( 988 'user_password' => $passwords_manager->hash($data['new_password']), 989 'user_passchg' => time(), 990 ); 991 992 $user->reset_login_keys($user_id); 993 994 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( 995 'reportee_id' => $user_id, 996 $user_row['username'] 997 )); 998 } 999 1000 if (count($sql_ary)) 1001 { 1002 $sql = 'UPDATE ' . USERS_TABLE . ' 1003 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 1004 WHERE user_id = ' . $user_id; 1005 $db->sql_query($sql); 1006 } 1007 1008 if ($update_username) 1009 { 1010 user_update_name($user_row['username'], $update_username); 1011 } 1012 1013 // Let the users permissions being updated 1014 $auth->acl_clear_prefetch($user_id); 1015 1016 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username'])); 1017 1018 trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1019 } 1020 1021 // Replace "error" strings with their real, localised form 1022 $error = array_map(array($user, 'lang'), $error); 1023 } 1024 1025 if ($user_id == $user->data['user_id']) 1026 { 1027 $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); 1028 if ($user_row['user_new']) 1029 { 1030 $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; 1031 } 1032 } 1033 else 1034 { 1035 $quick_tool_ary = array(); 1036 1037 if ($user_row['user_type'] != USER_FOUNDER) 1038 { 1039 $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP'); 1040 } 1041 1042 if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE) 1043 { 1044 $quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE')); 1045 } 1046 1047 $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX'); 1048 1049 if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE)) 1050 { 1051 $quick_tool_ary['reactivate'] = 'FORCE'; 1052 } 1053 1054 if ($user_row['user_new']) 1055 { 1056 $quick_tool_ary['leave_nr'] = 'LEAVE_NR'; 1057 } 1058 } 1059 1060 if ($config['load_onlinetrack']) 1061 { 1062 $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline 1063 FROM ' . SESSIONS_TABLE . " 1064 WHERE session_user_id = $user_id"; 1065 $result = $db->sql_query($sql); 1066 $row = $db->sql_fetchrow($result); 1067 $db->sql_freeresult($result); 1068 1069 $user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0; 1070 $user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0; 1071 unset($row); 1072 } 1073 1074 /** 1075 * Add additional quick tool options and overwrite user data 1076 * 1077 * @event core.acp_users_display_overview 1078 * @var array user_row Array with user data 1079 * @var array quick_tool_ary Ouick tool options 1080 * @since 3.1.0-a1 1081 */ 1082 $vars = array('user_row', 'quick_tool_ary'); 1083 extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars))); 1084 1085 $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>'; 1086 foreach ($quick_tool_ary as $value => $lang) 1087 { 1088 $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>'; 1089 } 1090 1091 $last_active = $user_row['user_last_active'] ?: ($user_row['session_time'] ?? 0); 1092 1093 $inactive_reason = ''; 1094 if ($user_row['user_type'] == USER_INACTIVE) 1095 { 1096 $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN']; 1097 1098 switch ($user_row['user_inactive_reason']) 1099 { 1100 case INACTIVE_REGISTER: 1101 $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER']; 1102 break; 1103 1104 case INACTIVE_PROFILE: 1105 $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE']; 1106 break; 1107 1108 case INACTIVE_MANUAL: 1109 $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL']; 1110 break; 1111 1112 case INACTIVE_REMIND: 1113 $inactive_reason = $user->lang['INACTIVE_REASON_REMIND']; 1114 break; 1115 } 1116 } 1117 1118 // Posts in Queue 1119 $sql = 'SELECT COUNT(post_id) as posts_in_queue 1120 FROM ' . POSTS_TABLE . ' 1121 WHERE poster_id = ' . $user_id . ' 1122 AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)); 1123 $result = $db->sql_query($sql); 1124 $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue'); 1125 $db->sql_freeresult($result); 1126 1127 $sql = 'SELECT post_id 1128 FROM ' . POSTS_TABLE . ' 1129 WHERE poster_id = '. $user_id; 1130 $result = $db->sql_query_limit($sql, 1); 1131 $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id'); 1132 $db->sql_freeresult($result); 1133 1134 $template->assign_vars(array( 1135 'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])), 1136 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])), 1137 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']), 1138 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, 1139 1140 'S_OVERVIEW' => true, 1141 'S_USER_IP' => ($user_row['user_ip']) ? true : false, 1142 'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false, 1143 'S_ACTION_OPTIONS' => $s_action_options, 1144 'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false, 1145 'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false, 1146 1147 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 1148 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 1149 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', 1150 'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', 1151 1152 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '', 1153 1154 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'], 1155 'USER' => $user_row['username'], 1156 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 1157 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], 1158 'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ', 1159 'USER_EMAIL' => $user_row['user_email'], 1160 'USER_WARNINGS' => $user_row['user_warnings'], 1161 'USER_POSTS' => $user_row['user_posts'], 1162 'USER_HAS_POSTS' => $user_row['user_has_posts'], 1163 'USER_INACTIVE_REASON' => $inactive_reason, 1164 )); 1165 1166 break; 1167 1168 case 'feedback': 1169 1170 $user->add_lang('mcp'); 1171 1172 // Set up general vars 1173 $start = $request->variable('start', 0); 1174 $deletemark = (isset($_POST['delmarked'])) ? true : false; 1175 $deleteall = (isset($_POST['delall'])) ? true : false; 1176 $marked = $request->variable('mark', array(0)); 1177 $message = $request->variable('message', '', true); 1178 1179 /* @var $pagination \phpbb\pagination */ 1180 $pagination = $phpbb_container->get('pagination'); 1181 1182 // Sort keys 1183 $sort_days = $request->variable('st', 0); 1184 $sort_key = $request->variable('sk', 't'); 1185 $sort_dir = $request->variable('sd', 'd'); 1186 1187 // Delete entries if requested and able 1188 if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) 1189 { 1190 if (!check_form_key($form_name)) 1191 { 1192 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1193 } 1194 1195 $where_sql = ''; 1196 if ($deletemark && $marked) 1197 { 1198 $sql_in = array(); 1199 foreach ($marked as $mark) 1200 { 1201 $sql_in[] = $mark; 1202 } 1203 $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); 1204 unset($sql_in); 1205 } 1206 1207 if ($where_sql || $deleteall) 1208 { 1209 $sql = 'DELETE FROM ' . LOG_TABLE . ' 1210 WHERE log_type = ' . LOG_USERS . " 1211 AND reportee_id = $user_id 1212 $where_sql"; 1213 $db->sql_query($sql); 1214 1215 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username'])); 1216 } 1217 } 1218 1219 if ($submit && $message) 1220 { 1221 if (!check_form_key($form_name)) 1222 { 1223 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1224 } 1225 1226 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username'])); 1227 $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array( 1228 'forum_id' => 0, 1229 'topic_id' => 0, 1230 $user_row['username'] 1231 )); 1232 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array( 1233 'reportee_id' => $user_id, 1234 $message 1235 )); 1236 1237 trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1238 } 1239 1240 // Sorting 1241 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1242 $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); 1243 $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); 1244 1245 $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; 1246 gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); 1247 1248 // Define where and sort sql for use in displaying logs 1249 $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0; 1250 $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC'); 1251 1252 // Grab log data 1253 $log_data = array(); 1254 $log_count = 0; 1255 $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); 1256 1257 $base_url = $this->u_action . "&u=$user_id&$u_sort_param"; 1258 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); 1259 1260 $template->assign_vars(array( 1261 'S_FEEDBACK' => true, 1262 1263 'S_LIMIT_DAYS' => $s_limit_days, 1264 'S_SORT_KEY' => $s_sort_key, 1265 'S_SORT_DIR' => $s_sort_dir, 1266 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs')) 1267 ); 1268 1269 foreach ($log_data as $row) 1270 { 1271 $template->assign_block_vars('log', array( 1272 'USERNAME' => $row['username_full'], 1273 'IP' => $row['ip'], 1274 'DATE' => $user->format_date($row['time']), 1275 'ACTION' => nl2br($row['action']), 1276 'ID' => $row['id']) 1277 ); 1278 } 1279 1280 break; 1281 1282 case 'warnings': 1283 $user->add_lang('mcp'); 1284 1285 // Set up general vars 1286 $deletemark = (isset($_POST['delmarked'])) ? true : false; 1287 $deleteall = (isset($_POST['delall'])) ? true : false; 1288 $confirm = (isset($_POST['confirm'])) ? true : false; 1289 $marked = $request->variable('mark', array(0)); 1290 1291 // Delete entries if requested and able 1292 if ($deletemark || $deleteall || $confirm) 1293 { 1294 if (confirm_box(true)) 1295 { 1296 $where_sql = ''; 1297 $deletemark = $request->variable('delmarked', 0); 1298 $deleteall = $request->variable('delall', 0); 1299 if ($deletemark && $marked) 1300 { 1301 $where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked)); 1302 } 1303 1304 if ($where_sql || $deleteall) 1305 { 1306 $sql = 'DELETE FROM ' . WARNINGS_TABLE . " 1307 WHERE user_id = $user_id 1308 $where_sql"; 1309 $db->sql_query($sql); 1310 1311 if ($deleteall) 1312 { 1313 $log_warnings = $deleted_warnings = 0; 1314 } 1315 else 1316 { 1317 $num_warnings = (int) $db->sql_affectedrows(); 1318 $deleted_warnings = ' user_warnings - ' . $num_warnings; 1319 $log_warnings = ($num_warnings > 2) ? 2 : $num_warnings; 1320 } 1321 1322 $sql = 'UPDATE ' . USERS_TABLE . " 1323 SET user_warnings = $deleted_warnings 1324 WHERE user_id = $user_id"; 1325 $db->sql_query($sql); 1326 1327 if ($log_warnings) 1328 { 1329 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings)); 1330 } 1331 else 1332 { 1333 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username'])); 1334 } 1335 } 1336 } 1337 else 1338 { 1339 $s_hidden_fields = array( 1340 'i' => $id, 1341 'mode' => $mode, 1342 'u' => $user_id, 1343 'mark' => $marked, 1344 ); 1345 if (isset($_POST['delmarked'])) 1346 { 1347 $s_hidden_fields['delmarked'] = 1; 1348 } 1349 if (isset($_POST['delall'])) 1350 { 1351 $s_hidden_fields['delall'] = 1; 1352 } 1353 if (isset($_POST['delall']) || (isset($_POST['delmarked']) && count($marked))) 1354 { 1355 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields)); 1356 } 1357 } 1358 } 1359 1360 $sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour 1361 FROM ' . WARNINGS_TABLE . ' w 1362 LEFT JOIN ' . LOG_TABLE . ' l 1363 ON (w.log_id = l.log_id) 1364 LEFT JOIN ' . USERS_TABLE . ' m 1365 ON (l.user_id = m.user_id) 1366 WHERE w.user_id = ' . $user_id . ' 1367 ORDER BY w.warning_time DESC'; 1368 $result = $db->sql_query($sql); 1369 1370 while ($row = $db->sql_fetchrow($result)) 1371 { 1372 if (!$row['log_operation']) 1373 { 1374 // We do not have a log-entry anymore, so there is no data available 1375 $row['action'] = $user->lang['USER_WARNING_LOG_DELETED']; 1376 } 1377 else 1378 { 1379 $row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}'; 1380 if (!empty($row['log_data'])) 1381 { 1382 $log_data_ary = @unserialize($row['log_data']); 1383 $log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary; 1384 1385 if (isset($user->lang[$row['log_operation']])) 1386 { 1387 // Check if there are more occurrences of % than arguments, if there are we fill out the arguments array 1388 // It doesn't matter if we add more arguments than placeholders 1389 if ((substr_count($row['action'], '%') - count($log_data_ary)) > 0) 1390 { 1391 $log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - count($log_data_ary), '')); 1392 } 1393 $row['action'] = vsprintf($row['action'], $log_data_ary); 1394 $row['action'] = bbcode_nl2br(censor_text($row['action'])); 1395 } 1396 else if (!empty($log_data_ary)) 1397 { 1398 $row['action'] .= '<br />' . implode('', $log_data_ary); 1399 } 1400 } 1401 } 1402 1403 $template->assign_block_vars('warn', array( 1404 'ID' => $row['warning_id'], 1405 'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-', 1406 'ACTION' => make_clickable($row['action']), 1407 'DATE' => $user->format_date($row['warning_time']), 1408 )); 1409 } 1410 $db->sql_freeresult($result); 1411 1412 $template->assign_vars(array( 1413 'S_WARNINGS' => true, 1414 )); 1415 1416 break; 1417 1418 case 'profile': 1419 1420 if (!function_exists('user_get_id_name')) 1421 { 1422 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1423 } 1424 1425 /* @var $cp \phpbb\profilefields\manager */ 1426 $cp = $phpbb_container->get('profilefields.manager'); 1427 1428 $cp_data = $cp_error = array(); 1429 1430 $sql = 'SELECT lang_id 1431 FROM ' . LANG_TABLE . " 1432 WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'"; 1433 $result = $db->sql_query($sql); 1434 $row = $db->sql_fetchrow($result); 1435 $db->sql_freeresult($result); 1436 1437 $user_row['iso_lang_id'] = $row['lang_id']; 1438 1439 $data = array( 1440 'jabber' => $request->variable('jabber', $user_row['user_jabber'], true), 1441 'bday_day' => 0, 1442 'bday_month' => 0, 1443 'bday_year' => 0, 1444 ); 1445 1446 if ($user_row['user_birthday']) 1447 { 1448 list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']); 1449 } 1450 1451 $data['bday_day'] = $request->variable('bday_day', $data['bday_day']); 1452 $data['bday_month'] = $request->variable('bday_month', $data['bday_month']); 1453 $data['bday_year'] = $request->variable('bday_year', $data['bday_year']); 1454 $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']); 1455 1456 /** 1457 * Modify user data on editing profile in ACP 1458 * 1459 * @event core.acp_users_modify_profile 1460 * @var array data Array with user profile data 1461 * @var bool submit Flag indicating if submit button has been pressed 1462 * @var int user_id The user id 1463 * @var array user_row Array with the full user data 1464 * @since 3.1.4-RC1 1465 */ 1466 $vars = array('data', 'submit', 'user_id', 'user_row'); 1467 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars))); 1468 1469 if ($submit) 1470 { 1471 $error = validate_data($data, array( 1472 'jabber' => array( 1473 array('string', true, 5, 255), 1474 array('jabber')), 1475 'bday_day' => array('num', true, 1, 31), 1476 'bday_month' => array('num', true, 1, 12), 1477 'bday_year' => array('num', true, 1901, gmdate('Y', time())), 1478 'user_birthday' => array('date', true), 1479 )); 1480 1481 // validate custom profile fields 1482 $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error); 1483 1484 if (count($cp_error)) 1485 { 1486 $error = array_merge($error, $cp_error); 1487 } 1488 if (!check_form_key($form_name)) 1489 { 1490 $error[] = 'FORM_INVALID'; 1491 } 1492 1493 /** 1494 * Validate profile data in ACP before submitting to the database 1495 * 1496 * @event core.acp_users_profile_validate 1497 * @var array data Array with user profile data 1498 * @var int user_id The user id 1499 * @var array user_row Array with the full user data 1500 * @var array error Array with the form errors 1501 * @since 3.1.4-RC1 1502 * @changed 3.1.12-RC1 Removed submit, added user_id, user_row 1503 */ 1504 $vars = array('data', 'user_id', 'user_row', 'error'); 1505 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars))); 1506 1507 if (!count($error)) 1508 { 1509 $sql_ary = array( 1510 'user_jabber' => $data['jabber'], 1511 'user_birthday' => $data['user_birthday'], 1512 ); 1513 1514 /** 1515 * Modify profile data in ACP before submitting to the database 1516 * 1517 * @event core.acp_users_profile_modify_sql_ary 1518 * @var array cp_data Array with the user custom profile fields data 1519 * @var array data Array with user profile data 1520 * @var int user_id The user id 1521 * @var array user_row Array with the full user data 1522 * @var array sql_ary Array with sql data 1523 * @since 3.1.4-RC1 1524 */ 1525 $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary'); 1526 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars))); 1527 1528 $sql = 'UPDATE ' . USERS_TABLE . ' 1529 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 1530 WHERE user_id = $user_id"; 1531 $db->sql_query($sql); 1532 1533 // Update Custom Fields 1534 $cp->update_profile_field_data($user_id, $cp_data); 1535 1536 trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1537 } 1538 1539 // Replace "error" strings with their real, localised form 1540 $error = array_map(array($user, 'lang'), $error); 1541 } 1542 1543 $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>'; 1544 for ($i = 1; $i < 32; $i++) 1545 { 1546 $selected = ($i == $data['bday_day']) ? ' selected="selected"' : ''; 1547 $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>"; 1548 } 1549 1550 $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>'; 1551 for ($i = 1; $i < 13; $i++) 1552 { 1553 $selected = ($i == $data['bday_month']) ? ' selected="selected"' : ''; 1554 $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>"; 1555 } 1556 1557 $now = getdate(); 1558 $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>'; 1559 for ($i = $now['year'] - 100; $i <= $now['year']; $i++) 1560 { 1561 $selected = ($i == $data['bday_year']) ? ' selected="selected"' : ''; 1562 $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>"; 1563 } 1564 unset($now); 1565 1566 $template->assign_vars(array( 1567 'JABBER' => $data['jabber'], 1568 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 1569 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 1570 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 1571 1572 'S_PROFILE' => true) 1573 ); 1574 1575 // Get additional profile fields and assign them to the template block var 'profile_fields' 1576 $user->get_profile_fields($user_id); 1577 1578 $cp->generate_profile_fields('profile', $user_row['iso_lang_id']); 1579 1580 break; 1581 1582 case 'prefs': 1583 1584 if (!function_exists('user_get_id_name')) 1585 { 1586 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1587 } 1588 1589 $data = array( 1590 'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true), 1591 'lang' => basename($request->variable('lang', $user_row['user_lang'])), 1592 'tz' => $request->variable('tz', $user_row['user_timezone']), 1593 'style' => $request->variable('style', $user_row['user_style']), 1594 'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']), 1595 'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']), 1596 'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']), 1597 'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']), 1598 'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']), 1599 'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']), 1600 1601 'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'), 1602 'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'), 1603 'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0), 1604 1605 'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'), 1606 'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'), 1607 'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0), 1608 1609 'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')), 1610 'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')), 1611 'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')), 1612 'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')), 1613 'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')), 1614 'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')), 1615 1616 'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')), 1617 'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')), 1618 'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')), 1619 'notify' => $request->variable('notify', $user_row['user_notify']), 1620 ); 1621 1622 /** 1623 * Modify users preferences data 1624 * 1625 * @event core.acp_users_prefs_modify_data 1626 * @var array data Array with users preferences data 1627 * @var array user_row Array with user data 1628 * @since 3.1.0-b3 1629 */ 1630 $vars = array('data', 'user_row'); 1631 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars))); 1632 1633 if ($submit) 1634 { 1635 $error = validate_data($data, array( 1636 'dateformat' => array('string', false, 1, 64), 1637 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), 1638 'tz' => array('timezone'), 1639 1640 'topic_sk' => array('string', false, 1, 1), 1641 'topic_sd' => array('string', false, 1, 1), 1642 'post_sk' => array('string', false, 1, 1), 1643 'post_sd' => array('string', false, 1, 1), 1644 )); 1645 1646 if (!check_form_key($form_name)) 1647 { 1648 $error[] = 'FORM_INVALID'; 1649 } 1650 1651 if (!count($error)) 1652 { 1653 $this->optionset($user_row, 'viewimg', $data['view_images']); 1654 $this->optionset($user_row, 'viewflash', $data['view_flash']); 1655 $this->optionset($user_row, 'viewsmilies', $data['view_smilies']); 1656 $this->optionset($user_row, 'viewsigs', $data['view_sigs']); 1657 $this->optionset($user_row, 'viewavatars', $data['view_avatars']); 1658 $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']); 1659 $this->optionset($user_row, 'bbcode', $data['bbcode']); 1660 $this->optionset($user_row, 'smilies', $data['smilies']); 1661 $this->optionset($user_row, 'attachsig', $data['sig']); 1662 1663 $sql_ary = array( 1664 'user_options' => $user_row['user_options'], 1665 1666 'user_allow_pm' => $data['allowpm'], 1667 'user_allow_viewemail' => $data['viewemail'], 1668 'user_allow_massemail' => $data['massemail'], 1669 'user_allow_viewonline' => !$data['hideonline'], 1670 'user_notify_type' => $data['notifymethod'], 1671 'user_notify_pm' => $data['notifypm'], 1672 1673 'user_dateformat' => $data['dateformat'], 1674 'user_lang' => $data['lang'], 1675 'user_timezone' => $data['tz'], 1676 'user_style' => $data['style'], 1677 1678 'user_topic_sortby_type' => $data['topic_sk'], 1679 'user_post_sortby_type' => $data['post_sk'], 1680 'user_topic_sortby_dir' => $data['topic_sd'], 1681 'user_post_sortby_dir' => $data['post_sd'], 1682 1683 'user_topic_show_days' => $data['topic_st'], 1684 'user_post_show_days' => $data['post_st'], 1685 1686 'user_notify' => $data['notify'], 1687 ); 1688 1689 /** 1690 * Modify SQL query before users preferences are updated 1691 * 1692 * @event core.acp_users_prefs_modify_sql 1693 * @var array data Array with users preferences data 1694 * @var array user_row Array with user data 1695 * @var array sql_ary SQL array with users preferences data to update 1696 * @var array error Array with errors data 1697 * @since 3.1.0-b3 1698 */ 1699 $vars = array('data', 'user_row', 'sql_ary', 'error'); 1700 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars))); 1701 1702 if (!count($error)) 1703 { 1704 $sql = 'UPDATE ' . USERS_TABLE . ' 1705 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " 1706 WHERE user_id = $user_id"; 1707 $db->sql_query($sql); 1708 1709 // Check if user has an active session 1710 if ($user_row['session_id']) 1711 { 1712 // We'll update the session if user_allow_viewonline has changed and the user is a bot 1713 // Or if it's a regular user and the admin set it to hide the session 1714 if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE 1715 || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) 1716 { 1717 // We also need to check if the user has the permission to cloak. 1718 $user_auth = new \phpbb\auth\auth(); 1719 $user_auth->acl($user_row); 1720 1721 $session_sql_ary = array( 1722 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true, 1723 ); 1724 1725 $sql = 'UPDATE ' . SESSIONS_TABLE . ' 1726 SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . " 1727 WHERE session_user_id = $user_id"; 1728 $db->sql_query($sql); 1729 1730 unset($user_auth); 1731 } 1732 } 1733 1734 trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1735 } 1736 } 1737 1738 // Replace "error" strings with their real, localised form 1739 $error = array_map(array($user, 'lang'), $error); 1740 } 1741 1742 $dateformat_options = ''; 1743 foreach ($user->lang['dateformats'] as $format => $null) 1744 { 1745 $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>'; 1746 $dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : ''); 1747 $dateformat_options .= '</option>'; 1748 } 1749 1750 $s_custom = false; 1751 1752 $dateformat_options .= '<option value="custom"'; 1753 if (!isset($user->lang['dateformats'][$data['dateformat']])) 1754 { 1755 $dateformat_options .= ' selected="selected"'; 1756 $s_custom = true; 1757 } 1758 $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>'; 1759 1760 $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 1761 1762 // Topic ordering options 1763 $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1764 $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); 1765 1766 // Post ordering options 1767 $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1768 $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); 1769 1770 $_options = array('topic', 'post'); 1771 foreach ($_options as $sort_option) 1772 { 1773 ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">'; 1774 foreach (${'limit_' . $sort_option . '_days'} as $day => $text) 1775 { 1776 $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : ''; 1777 ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; 1778 } 1779 ${'s_limit_' . $sort_option . '_days'} .= '</select>'; 1780 1781 ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">'; 1782 foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) 1783 { 1784 $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : ''; 1785 ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; 1786 } 1787 ${'s_sort_' . $sort_option . '_key'} .= '</select>'; 1788 1789 ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">'; 1790 foreach ($sort_dir_text as $key => $value) 1791 { 1792 $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : ''; 1793 ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 1794 } 1795 ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; 1796 } 1797 1798 phpbb_timezone_select($template, $user, $data['tz'], true); 1799 $user_prefs_data = array( 1800 'S_PREFS' => true, 1801 'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true, 1802 1803 'VIEW_EMAIL' => $data['viewemail'], 1804 'MASS_EMAIL' => $data['massemail'], 1805 'ALLOW_PM' => $data['allowpm'], 1806 'HIDE_ONLINE' => $data['hideonline'], 1807 'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false, 1808 'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false, 1809 'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false, 1810 'NOTIFY_PM' => $data['notifypm'], 1811 'BBCODE' => $data['bbcode'], 1812 'SMILIES' => $data['smilies'], 1813 'ATTACH_SIG' => $data['sig'], 1814 'NOTIFY' => $data['notify'], 1815 'VIEW_IMAGES' => $data['view_images'], 1816 'VIEW_FLASH' => $data['view_flash'], 1817 'VIEW_SMILIES' => $data['view_smilies'], 1818 'VIEW_SIGS' => $data['view_sigs'], 1819 'VIEW_AVATARS' => $data['view_avatars'], 1820 'VIEW_WORDCENSOR' => $data['view_wordcensor'], 1821 1822 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days, 1823 'S_TOPIC_SORT_KEY' => $s_sort_topic_key, 1824 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir, 1825 'S_POST_SORT_DAYS' => $s_limit_post_days, 1826 'S_POST_SORT_KEY' => $s_sort_post_key, 1827 'S_POST_SORT_DIR' => $s_sort_post_dir, 1828 1829 'DATE_FORMAT' => $data['dateformat'], 1830 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 1831 'S_CUSTOM_DATEFORMAT' => $s_custom, 1832 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 1833 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), 1834 1835 'S_LANG_OPTIONS' => language_select($data['lang']), 1836 'S_STYLE_OPTIONS' => style_select($data['style']), 1837 ); 1838 1839 /** 1840 * Modify users preferences data before assigning it to the template 1841 * 1842 * @event core.acp_users_prefs_modify_template_data 1843 * @var array data Array with users preferences data 1844 * @var array user_row Array with user data 1845 * @var array user_prefs_data Array with users preferences data to be assigned to the template 1846 * @since 3.1.0-b3 1847 */ 1848 $vars = array('data', 'user_row', 'user_prefs_data'); 1849 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars))); 1850 1851 $template->assign_vars($user_prefs_data); 1852 1853 break; 1854 1855 case 'avatar': 1856 1857 $avatars_enabled = false; 1858 /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ 1859 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 1860 1861 if ($config['allow_avatar']) 1862 { 1863 $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); 1864 1865 // This is normalised data, without the user_ prefix 1866 $avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user'); 1867 1868 if ($submit) 1869 { 1870 if (check_form_key($form_name)) 1871 { 1872 $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); 1873 1874 if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) 1875 { 1876 $driver = $phpbb_avatar_manager->get_driver($driver_name); 1877 $result = $driver->process_form($request, $template, $user, $avatar_data, $error); 1878 1879 if ($result && empty($error)) 1880 { 1881 // Success! Lets save the result in the database 1882 $result = array( 1883 'user_avatar_type' => $driver_name, 1884 'user_avatar' => $result['avatar'], 1885 'user_avatar_width' => $result['avatar_width'], 1886 'user_avatar_height' => $result['avatar_height'], 1887 ); 1888 1889 /** 1890 * Modify users preferences data before assigning it to the template 1891 * 1892 * @event core.acp_users_avatar_sql 1893 * @var array user_row Array with user data 1894 * @var array result Array with user avatar data to be updated in the DB 1895 * @since 3.2.4-RC1 1896 */ 1897 $vars = array('user_row', 'result'); 1898 extract($phpbb_dispatcher->trigger_event('core.acp_users_avatar_sql', compact($vars))); 1899 1900 $sql = 'UPDATE ' . USERS_TABLE . ' 1901 SET ' . $db->sql_build_array('UPDATE', $result) . ' 1902 WHERE user_id = ' . (int) $user_id; 1903 1904 $db->sql_query($sql); 1905 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1906 } 1907 } 1908 } 1909 else 1910 { 1911 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1912 } 1913 } 1914 1915 // Handle deletion of avatars 1916 if ($request->is_set_post('avatar_delete')) 1917 { 1918 if (!confirm_box(true)) 1919 { 1920 confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array( 1921 'avatar_delete' => true)) 1922 ); 1923 } 1924 else 1925 { 1926 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_'); 1927 1928 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 1929 } 1930 } 1931 1932 $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type'])); 1933 1934 // Assign min and max values before generating avatar driver html 1935 $template->assign_vars(array( 1936 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], 1937 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], 1938 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], 1939 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], 1940 )); 1941 1942 foreach ($avatar_drivers as $current_driver) 1943 { 1944 $driver = $phpbb_avatar_manager->get_driver($current_driver); 1945 1946 $avatars_enabled = true; 1947 $template->set_filenames(array( 1948 'avatar' => $driver->get_acp_template_name(), 1949 )); 1950 1951 if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) 1952 { 1953 $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver); 1954 $driver_upper = strtoupper($driver_name); 1955 1956 $template->assign_block_vars('avatar_drivers', array( 1957 'L_TITLE' => $user->lang($driver_upper . '_TITLE'), 1958 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 1959 1960 'DRIVER' => $driver_name, 1961 'SELECTED' => $current_driver == $selected_driver, 1962 'OUTPUT' => $template->assign_display('avatar'), 1963 )); 1964 } 1965 } 1966 } 1967 1968 // Avatar manager is not initialized if avatars are disabled 1969 if (isset($phpbb_avatar_manager)) 1970 { 1971 // Replace "error" strings with their real, localised form 1972 $error = $phpbb_avatar_manager->localize_errors($user, $error); 1973 } 1974 1975 $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true); 1976 1977 $template->assign_vars(array( 1978 'S_AVATAR' => true, 1979 'ERROR' => (!empty($error)) ? implode('<br />', $error) : '', 1980 'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar), 1981 1982 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 1983 1984 'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024), 1985 1986 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled), 1987 )); 1988 1989 break; 1990 1991 case 'rank': 1992 1993 if ($submit) 1994 { 1995 if (!check_form_key($form_name)) 1996 { 1997 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 1998 } 1999 2000 $rank_id = $request->variable('user_rank', 0); 2001 2002 $sql = 'UPDATE ' . USERS_TABLE . " 2003 SET user_rank = $rank_id 2004 WHERE user_id = $user_id"; 2005 $db->sql_query($sql); 2006 2007 trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 2008 } 2009 2010 $sql = 'SELECT * 2011 FROM ' . RANKS_TABLE . ' 2012 WHERE rank_special = 1 2013 ORDER BY rank_title'; 2014 $result = $db->sql_query($sql); 2015 2016 $s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>'; 2017 2018 while ($row = $db->sql_fetchrow($result)) 2019 { 2020 $selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : ''; 2021 $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; 2022 } 2023 $db->sql_freeresult($result); 2024 2025 $template->assign_vars(array( 2026 'S_RANK' => true, 2027 'S_RANK_OPTIONS' => $s_rank_options) 2028 ); 2029 2030 break; 2031 2032 case 'sig': 2033 2034 if (!function_exists('display_custom_bbcodes')) 2035 { 2036 include($phpbb_root_path . 'includes/functions_display.' . $phpEx); 2037 } 2038 2039 $enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false; 2040 $enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false; 2041 $enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false; 2042 2043 $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0); 2044 2045 $decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags); 2046 $signature = $request->variable('signature', $decoded_message['text'], true); 2047 $signature_preview = ''; 2048 2049 if ($submit || $request->is_set_post('preview')) 2050 { 2051 $enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false; 2052 $enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false; 2053 $enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false; 2054 2055 if (!check_form_key($form_name)) 2056 { 2057 $error[] = 'FORM_INVALID'; 2058 } 2059 } 2060 2061 $bbcode_uid = $bbcode_bitfield = $bbcode_flags = ''; 2062 $warn_msg = generate_text_for_storage( 2063 $signature, 2064 $bbcode_uid, 2065 $bbcode_bitfield, 2066 $bbcode_flags, 2067 $enable_bbcode, 2068 $enable_urls, 2069 $enable_smilies, 2070 $config['allow_sig_img'], 2071 $config['allow_sig_flash'], 2072 true, 2073 $config['allow_sig_links'], 2074 'sig' 2075 ); 2076 2077 if (count($warn_msg)) 2078 { 2079 $error += $warn_msg; 2080 } 2081 2082 if (!$submit) 2083 { 2084 // Parse it for displaying 2085 $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags); 2086 } 2087 else 2088 { 2089 if (!count($error)) 2090 { 2091 $this->optionset($user_row, 'sig_bbcode', $enable_bbcode); 2092 $this->optionset($user_row, 'sig_smilies', $enable_smilies); 2093 $this->optionset($user_row, 'sig_links', $enable_urls); 2094 2095 $sql_ary = array( 2096 'user_sig' => $signature, 2097 'user_options' => $user_row['user_options'], 2098 'user_sig_bbcode_uid' => $bbcode_uid, 2099 'user_sig_bbcode_bitfield' => $bbcode_bitfield, 2100 ); 2101 2102 /** 2103 * Modify user signature before it is stored in the DB 2104 * 2105 * @event core.acp_users_modify_signature_sql_ary 2106 * @var array user_row Array with user data 2107 * @var array sql_ary Array with user signature data to be updated in the DB 2108 * @since 3.2.4-RC1 2109 */ 2110 $vars = array('user_row', 'sql_ary'); 2111 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_signature_sql_ary', compact($vars))); 2112 2113 $sql = 'UPDATE ' . USERS_TABLE . ' 2114 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 2115 WHERE user_id = ' . $user_id; 2116 $db->sql_query($sql); 2117 2118 trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); 2119 } 2120 } 2121 2122 // Replace "error" strings with their real, localised form 2123 $error = array_map(array($user, 'lang'), $error); 2124 2125 if ($request->is_set_post('preview')) 2126 { 2127 $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags); 2128 } 2129 2130 /** @var \phpbb\controller\helper $controller_helper */ 2131 $controller_helper = $phpbb_container->get('controller.helper'); 2132 2133 $template->assign_vars(array( 2134 'S_SIGNATURE' => true, 2135 2136 'SIGNATURE' => $decoded_message['text'], 2137 'SIGNATURE_PREVIEW' => $signature_preview, 2138 2139 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '', 2140 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '', 2141 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '', 2142 2143 'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 2144 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 2145 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 2146 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 2147 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 2148 2149 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']), 2150 2151 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 2152 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 2153 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false, 2154 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false, 2155 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) 2156 ); 2157 2158 // Assigning custom bbcodes 2159 display_custom_bbcodes(); 2160 2161 break; 2162 2163 case 'attach': 2164 /* @var $pagination \phpbb\pagination */ 2165 $pagination = $phpbb_container->get('pagination'); 2166 2167 $start = $request->variable('start', 0); 2168 $deletemark = (isset($_POST['delmarked'])) ? true : false; 2169 $marked = $request->variable('mark', array(0)); 2170 2171 // Sort keys 2172 $sort_key = $request->variable('sk', 'a'); 2173 $sort_dir = $request->variable('sd', 'd'); 2174 2175 if ($deletemark && count($marked)) 2176 { 2177 $sql = 'SELECT attach_id 2178 FROM ' . ATTACHMENTS_TABLE . ' 2179 WHERE poster_id = ' . $user_id . ' 2180 AND is_orphan = 0 2181 AND ' . $db->sql_in_set('attach_id', $marked); 2182 $result = $db->sql_query($sql); 2183 2184 $marked = array(); 2185 while ($row = $db->sql_fetchrow($result)) 2186 { 2187 $marked[] = $row['attach_id']; 2188 } 2189 $db->sql_freeresult($result); 2190 } 2191 2192 if ($deletemark && count($marked)) 2193 { 2194 if (confirm_box(true)) 2195 { 2196 $sql = 'SELECT real_filename 2197 FROM ' . ATTACHMENTS_TABLE . ' 2198 WHERE ' . $db->sql_in_set('attach_id', $marked); 2199 $result = $db->sql_query($sql); 2200 2201 $log_attachments = array(); 2202 while ($row = $db->sql_fetchrow($result)) 2203 { 2204 $log_attachments[] = $row['real_filename']; 2205 } 2206 $db->sql_freeresult($result); 2207 2208 /** @var \phpbb\attachment\manager $attachment_manager */ 2209 $attachment_manager = $phpbb_container->get('attachment.manager'); 2210 $attachment_manager->delete('attach', $marked); 2211 unset($attachment_manager); 2212 2213 $message = (count($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']; 2214 2215 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments))); 2216 trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id)); 2217 } 2218 else 2219 { 2220 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2221 'u' => $user_id, 2222 'i' => $id, 2223 'mode' => $mode, 2224 'action' => $action, 2225 'delmarked' => true, 2226 'mark' => $marked)) 2227 ); 2228 } 2229 } 2230 2231 $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); 2232 $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); 2233 2234 $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 2235 2236 $s_sort_key = ''; 2237 foreach ($sk_text as $key => $value) 2238 { 2239 $selected = ($sort_key == $key) ? ' selected="selected"' : ''; 2240 $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 2241 } 2242 2243 $s_sort_dir = ''; 2244 foreach ($sd_text as $key => $value) 2245 { 2246 $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; 2247 $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; 2248 } 2249 2250 if (!isset($sk_sql[$sort_key])) 2251 { 2252 $sort_key = 'a'; 2253 } 2254 2255 $order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC'); 2256 2257 $sql = 'SELECT COUNT(attach_id) as num_attachments 2258 FROM ' . ATTACHMENTS_TABLE . " 2259 WHERE poster_id = $user_id 2260 AND is_orphan = 0"; 2261 $result = $db->sql_query_limit($sql, 1); 2262 $num_attachments = (int) $db->sql_fetchfield('num_attachments'); 2263 $db->sql_freeresult($result); 2264 2265 $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title 2266 FROM ' . ATTACHMENTS_TABLE . ' a 2267 LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id 2268 AND a.in_message = 0) 2269 LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id 2270 AND a.in_message = 1) 2271 WHERE a.poster_id = ' . $user_id . " 2272 AND a.is_orphan = 0 2273 ORDER BY $order_by"; 2274 $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); 2275 2276 while ($row = $db->sql_fetchrow($result)) 2277 { 2278 if ($row['in_message']) 2279 { 2280 $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}"); 2281 } 2282 else 2283 { 2284 $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . '#p' . $row['post_msg_id']; 2285 } 2286 2287 $template->assign_block_vars('attach', array( 2288 'REAL_FILENAME' => $row['real_filename'], 2289 'COMMENT' => nl2br($row['attach_comment']), 2290 'EXTENSION' => $row['extension'], 2291 'SIZE' => get_formatted_filesize($row['filesize']), 2292 'DOWNLOAD_COUNT' => $row['download_count'], 2293 'POST_TIME' => $user->format_date($row['filetime']), 2294 'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'], 2295 2296 'ATTACH_ID' => $row['attach_id'], 2297 'POST_ID' => $row['post_msg_id'], 2298 'TOPIC_ID' => $row['topic_id'], 2299 2300 'S_IN_MESSAGE' => $row['in_message'], 2301 2302 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']), 2303 'U_VIEW_TOPIC' => $view_topic) 2304 ); 2305 } 2306 $db->sql_freeresult($result); 2307 2308 $base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir"; 2309 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start); 2310 2311 $template->assign_vars(array( 2312 'S_ATTACHMENTS' => true, 2313 'S_SORT_KEY' => $s_sort_key, 2314 'S_SORT_DIR' => $s_sort_dir, 2315 )); 2316 2317 break; 2318 2319 case 'groups': 2320 2321 if (!function_exists('group_user_attributes')) 2322 { 2323 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 2324 } 2325 2326 $user->add_lang(array('groups', 'acp/groups')); 2327 $group_id = $request->variable('g', 0); 2328 2329 if ($group_id) 2330 { 2331 // Check the founder only entry for this group to make sure everything is well 2332 $sql = 'SELECT group_founder_manage 2333 FROM ' . GROUPS_TABLE . ' 2334 WHERE group_id = ' . $group_id; 2335 $result = $db->sql_query($sql); 2336 $founder_manage = (int) $db->sql_fetchfield('group_founder_manage'); 2337 $db->sql_freeresult($result); 2338 2339 if ($user->data['user_type'] != USER_FOUNDER && $founder_manage) 2340 { 2341 trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2342 } 2343 } 2344 2345 switch ($action) 2346 { 2347 case 'demote': 2348 case 'promote': 2349 case 'default': 2350 if (!$group_id) 2351 { 2352 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2353 } 2354 2355 if (!check_link_hash($request->variable('hash', ''), 'acp_users')) 2356 { 2357 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); 2358 } 2359 2360 group_user_attributes($action, $group_id, $user_id); 2361 2362 if ($action == 'default') 2363 { 2364 $user_row['group_id'] = $group_id; 2365 } 2366 break; 2367 2368 case 'delete': 2369 2370 if (confirm_box(true)) 2371 { 2372 if (!$group_id) 2373 { 2374 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2375 } 2376 2377 if ($error = group_user_del($group_id, $user_id)) 2378 { 2379 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2380 } 2381 2382 $error = array(); 2383 2384 // The delete action was successful - therefore update the user row... 2385 $sql = 'SELECT u.*, s.* 2386 FROM ' . USERS_TABLE . ' u 2387 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) 2388 WHERE u.user_id = ' . $user_id . ' 2389 ORDER BY s.session_time DESC'; 2390 $result = $db->sql_query_limit($sql, 1); 2391 $user_row = $db->sql_fetchrow($result); 2392 $db->sql_freeresult($result); 2393 } 2394 else 2395 { 2396 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2397 'u' => $user_id, 2398 'i' => $id, 2399 'mode' => $mode, 2400 'action' => $action, 2401 'g' => $group_id)) 2402 ); 2403 } 2404 2405 break; 2406 2407 case 'approve': 2408 2409 if (confirm_box(true)) 2410 { 2411 if (!$group_id) 2412 { 2413 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2414 } 2415 group_user_attributes($action, $group_id, $user_id); 2416 } 2417 else 2418 { 2419 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 2420 'u' => $user_id, 2421 'i' => $id, 2422 'mode' => $mode, 2423 'action' => $action, 2424 'g' => $group_id)) 2425 ); 2426 } 2427 2428 break; 2429 } 2430 2431 // Add user to group? 2432 if ($submit) 2433 { 2434 2435 if (!check_form_key($form_name)) 2436 { 2437 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2438 } 2439 2440 if (!$group_id) 2441 { 2442 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2443 } 2444 2445 // Add user/s to group 2446 if ($error = group_user_add($group_id, $user_id)) 2447 { 2448 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); 2449 } 2450 2451 $error = array(); 2452 } 2453 2454 /** @var \phpbb\group\helper $group_helper */ 2455 $group_helper = $phpbb_container->get('group_helper'); 2456 2457 $sql = 'SELECT ug.*, g.* 2458 FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug 2459 WHERE ug.user_id = $user_id 2460 AND g.group_id = ug.group_id 2461 ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name"; 2462 $result = $db->sql_query($sql); 2463 2464 $i = 0; 2465 $group_data = $id_ary = array(); 2466 while ($row = $db->sql_fetchrow($result)) 2467 { 2468 $type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal'); 2469 2470 $group_data[$type][$i]['group_id'] = $row['group_id']; 2471 $group_data[$type][$i]['group_name'] = $row['group_name']; 2472 $group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0; 2473 2474 $id_ary[] = $row['group_id']; 2475 2476 $i++; 2477 } 2478 $db->sql_freeresult($result); 2479 2480 // Select box for other groups 2481 $sql = 'SELECT group_id, group_name, group_type, group_founder_manage 2482 FROM ' . GROUPS_TABLE . ' 2483 ' . ((count($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . ' 2484 ORDER BY group_type DESC, group_name ASC'; 2485 $result = $db->sql_query($sql); 2486 2487 $s_group_options = ''; 2488 while ($row = $db->sql_fetchrow($result)) 2489 { 2490 if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA') 2491 { 2492 continue; 2493 } 2494 2495 // Do not display those groups not allowed to be managed 2496 if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage']) 2497 { 2498 continue; 2499 } 2500 2501 $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>'; 2502 } 2503 $db->sql_freeresult($result); 2504 2505 $current_type = ''; 2506 foreach ($group_data as $group_type => $data_ary) 2507 { 2508 if ($current_type != $group_type) 2509 { 2510 $template->assign_block_vars('group', array( 2511 'S_NEW_GROUP_TYPE' => true, 2512 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)]) 2513 ); 2514 } 2515 2516 foreach ($data_ary as $data) 2517 { 2518 $template->assign_block_vars('group', array( 2519 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"), 2520 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 2521 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 2522 'U_DELETE' => count($id_ary) > 1 ? $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'] : '', 2523 'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '', 2524 2525 'GROUP_NAME' => $group_helper->get_name($data['group_name']), 2526 'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'], 2527 2528 'S_IS_MEMBER' => ($group_type != 'pending') ? true : false, 2529 'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false, 2530 'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false, 2531 ) 2532 ); 2533 } 2534 } 2535 2536 $template->assign_vars(array( 2537 'S_GROUPS' => true, 2538 'S_GROUP_OPTIONS' => $s_group_options) 2539 ); 2540 2541 break; 2542 2543 case 'perm': 2544 2545 if (!class_exists('auth_admin')) 2546 { 2547 include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); 2548 } 2549 2550 $auth_admin = new auth_admin(); 2551 2552 $user->add_lang('acp/permissions'); 2553 add_permission_language(); 2554 2555 $forum_id = $request->variable('f', 0); 2556 2557 // Global Permissions 2558 if (!$forum_id) 2559 { 2560 // Select auth options 2561 $sql = 'SELECT auth_option, is_local, is_global 2562 FROM ' . ACL_OPTIONS_TABLE . ' 2563 WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . ' 2564 AND is_global = 1 2565 ORDER BY auth_option'; 2566 $result = $db->sql_query($sql); 2567 2568 $hold_ary = array(); 2569 2570 while ($row = $db->sql_fetchrow($result)) 2571 { 2572 $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER); 2573 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false); 2574 } 2575 $db->sql_freeresult($result); 2576 2577 unset($hold_ary); 2578 } 2579 else 2580 { 2581 $sql = 'SELECT auth_option, is_local, is_global 2582 FROM ' . ACL_OPTIONS_TABLE . " 2583 WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . " 2584 AND is_local = 1 2585 ORDER BY is_global DESC, auth_option"; 2586 $result = $db->sql_query($sql); 2587 2588 while ($row = $db->sql_fetchrow($result)) 2589 { 2590 $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER); 2591 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false); 2592 } 2593 $db->sql_freeresult($result); 2594 } 2595 2596 $s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>'; 2597 $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false); 2598 2599 $template->assign_vars(array( 2600 'S_PERMISSIONS' => true, 2601 2602 'S_GLOBAL' => (!$forum_id) ? true : false, 2603 'S_FORUM_OPTIONS' => $s_forum_options, 2604 2605 'U_ACTION' => $this->u_action . '&u=' . $user_id, 2606 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id), 2607 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id)) 2608 ); 2609 2610 break; 2611 2612 default: 2613 $u_action = $this->u_action; 2614 2615 /** 2616 * Additional modes provided by extensions 2617 * 2618 * @event core.acp_users_mode_add 2619 * @var string mode New mode 2620 * @var int user_id User id of the user to manage 2621 * @var array user_row Array with user data 2622 * @var array error Array with errors data 2623 * @var string u_action The u_action link 2624 * @since 3.2.2-RC1 2625 * @changed 3.2.10-RC1 Added u_action 2626 */ 2627 $vars = array('mode', 'user_id', 'user_row', 'error', 'u_action'); 2628 extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars))); 2629 2630 unset($u_action); 2631 break; 2632 } 2633 2634 // Assign general variables 2635 $template->assign_vars(array( 2636 'S_ERROR' => (count($error)) ? true : false, 2637 'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '') 2638 ); 2639 } 2640 2641 /** 2642 * Set option bit field for user options in a user row array. 2643 * 2644 * Optionset replacement for this module based on $user->optionset. 2645 * 2646 * @param array $user_row Row from the users table. 2647 * @param int $key Option key, as defined in $user->keyoptions property. 2648 * @param bool $value True to set the option, false to clear the option. 2649 * @param int $data Current bit field value, or false to use $user_row['user_options'] 2650 * @return int|bool If $data is false, the bit field is modified and 2651 * written back to $user_row['user_options'], and 2652 * return value is true if the bit field changed and 2653 * false otherwise. If $data is not false, the new 2654 * bitfield value is returned. 2655 */ 2656 function optionset(&$user_row, $key, $value, $data = false) 2657 { 2658 global $user; 2659 2660 $var = ($data !== false) ? $data : $user_row['user_options']; 2661 2662 $new_var = phpbb_optionset($user->keyoptions[$key], $value, $var); 2663 2664 if ($data === false) 2665 { 2666 if ($new_var != $var) 2667 { 2668 $user_row['user_options'] = $new_var; 2669 return true; 2670 } 2671 else 2672 { 2673 return false; 2674 } 2675 } 2676 else 2677 { 2678 return $new_var; 2679 } 2680 } 2681 2682 /** 2683 * Get option bit field from user options in a user row array. 2684 * 2685 * Optionget replacement for this module based on $user->optionget. 2686 * 2687 * @param array $user_row Row from the users table. 2688 * @param int $key option key, as defined in $user->keyoptions property. 2689 * @param int $data bit field value to use, or false to use $user_row['user_options'] 2690 * @return bool true if the option is set in the bit field, false otherwise 2691 */ 2692 function optionget(&$user_row, $key, $data = false) 2693 { 2694 global $user; 2695 2696 $var = ($data !== false) ? $data : $user_row['user_options']; 2697 return phpbb_optionget($user->keyoptions[$key], $var); 2698 } 2699 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Mon Nov 25 19:05:08 2024 | Cross-referenced by PHPXref 0.7.1 |