Verzeichnisstruktur phpBB-3.2.0
- Veröffentlicht
- 06.01.2017
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
acp_users.php
0001 <?php
0002 /**
0003 *
0004 * This file is part of the phpBB Forum Software package.
0005 *
0006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
0007 * @license GNU General Public License, version 2 (GPL-2.0)
0008 *
0009 * For full copyright and license information, please see
0010 * the docs/CREDITS.txt file.
0011 *
0012 */
0013
0014 /**
0015 * @ignore
0016 */
0017 if (!defined('IN_PHPBB'))
0018 {
0019 exit;
0020 }
0021
0022 class acp_users
0023 {
0024 var $u_action;
0025 var $p_master;
0026
0027 function acp_users(&$p_master)
0028 {
0029 $this->p_master = &$p_master;
0030 }
0031
0032 function main($id, $mode)
0033 {
0034 global $config, $db, $user, $auth, $template;
0035 global $phpbb_root_path, $phpbb_admin_path, $phpEx;
0036 global $phpbb_dispatcher, $request;
0037 global $phpbb_container, $phpbb_log;
0038
0039 $user->add_lang(array('posting', 'ucp', 'acp/users'));
0040 $this->tpl_name = 'acp_users';
0041
0042 $error = array();
0043 $username = $request->variable('username', '', true);
0044 $user_id = $request->variable('u', 0);
0045 $action = $request->variable('action', '');
0046
0047 // Get referer to redirect user to the appropriate page after delete action
0048 $redirect = $request->variable('redirect', '');
0049 $redirect_tag = "redirect=$redirect";
0050 $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect");
0051
0052 $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
0053
0054 $form_name = 'acp_users';
0055 add_form_key($form_name);
0056
0057 // Whois (special case)
0058 if ($action == 'whois')
0059 {
0060 if (!function_exists('user_get_id_name'))
0061 {
0062 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
0063 }
0064
0065 $this->page_title = 'WHOIS';
0066 $this->tpl_name = 'simple_body';
0067
0068 $user_ip = phpbb_ip_normalise($request->variable('user_ip', ''));
0069 $domain = gethostbyaddr($user_ip);
0070 $ipwhois = user_ipwhois($user_ip);
0071
0072 $template->assign_vars(array(
0073 'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain),
0074 'MESSAGE_TEXT' => nl2br($ipwhois))
0075 );
0076
0077 return;
0078 }
0079
0080 // Show user selection mask
0081 if (!$username && !$user_id)
0082 {
0083 $this->page_title = 'SELECT_USER';
0084
0085 $template->assign_vars(array(
0086 'U_ACTION' => $this->u_action,
0087 'ANONYMOUS_USER_ID' => ANONYMOUS,
0088
0089 'S_SELECT_USER' => true,
0090 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'),
0091 ));
0092
0093 return;
0094 }
0095
0096 if (!$user_id)
0097 {
0098 $sql = 'SELECT user_id
0099 FROM ' . USERS_TABLE . "
0100 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
0101 $result = $db->sql_query($sql);
0102 $user_id = (int) $db->sql_fetchfield('user_id');
0103 $db->sql_freeresult($result);
0104
0105 if (!$user_id)
0106 {
0107 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
0108 }
0109 }
0110
0111 // Generate content for all modes
0112 $sql = 'SELECT u.*, s.*
0113 FROM ' . USERS_TABLE . ' u
0114 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
0115 WHERE u.user_id = ' . $user_id . '
0116 ORDER BY s.session_time DESC';
0117 $result = $db->sql_query_limit($sql, 1);
0118 $user_row = $db->sql_fetchrow($result);
0119 $db->sql_freeresult($result);
0120
0121 if (!$user_row)
0122 {
0123 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
0124 }
0125
0126 // Generate overall "header" for user admin
0127 $s_form_options = '';
0128
0129 // Build modes dropdown list
0130 $sql = 'SELECT module_mode, module_auth
0131 FROM ' . MODULES_TABLE . "
0132 WHERE module_basename = 'acp_users'
0133 AND module_enabled = 1
0134 AND module_class = 'acp'
0135 ORDER BY left_id, module_mode";
0136 $result = $db->sql_query($sql);
0137
0138 $dropdown_modes = array();
0139 while ($row = $db->sql_fetchrow($result))
0140 {
0141 if (!$this->p_master->module_auth_self($row['module_auth']))
0142 {
0143 continue;
0144 }
0145
0146 $dropdown_modes[$row['module_mode']] = true;
0147 }
0148 $db->sql_freeresult($result);
0149
0150 foreach ($dropdown_modes as $module_mode => $null)
0151 {
0152 $selected = ($mode == $module_mode) ? ' selected="selected"' : '';
0153 $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>';
0154 }
0155
0156 $template->assign_vars(array(
0157 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url,
0158 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"),
0159 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag),
0160 'S_FORM_OPTIONS' => $s_form_options,
0161 'MANAGED_USERNAME' => $user_row['username'])
0162 );
0163
0164 // Prevent normal users/admins change/view founders if they are not a founder by themselves
0165 if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
0166 {
0167 trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING);
0168 }
0169
0170 $this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode));
0171
0172 switch ($mode)
0173 {
0174 case 'overview':
0175
0176 if (!function_exists('user_get_id_name'))
0177 {
0178 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
0179 }
0180
0181 $user->add_lang('acp/ban');
0182
0183 $delete = $request->variable('delete', 0);
0184 $delete_type = $request->variable('delete_type', '');
0185 $ip = $request->variable('ip', 'ip');
0186
0187 /**
0188 * Run code at beginning of ACP users overview
0189 *
0190 * @event core.acp_users_overview_before
0191 * @var array user_row Current user data
0192 * @var string mode Active module
0193 * @var string action Module that should be run
0194 * @var bool submit Do we display the form only
0195 * or did the user press submit
0196 * @var array error Array holding error messages
0197 * @since 3.1.3-RC1
0198 */
0199 $vars = array('user_row', 'mode', 'action', 'submit', 'error');
0200 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars)));
0201
0202 if ($submit)
0203 {
0204 if ($delete)
0205 {
0206 if (!$auth->acl_get('a_userdel'))
0207 {
0208 send_status_line(403, 'Forbidden');
0209 trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0210 }
0211
0212 // Check if the user wants to remove himself or the guest user account
0213 if ($user_id == ANONYMOUS)
0214 {
0215 trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0216 }
0217
0218 // Founders can not be deleted.
0219 if ($user_row['user_type'] == USER_FOUNDER)
0220 {
0221 trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0222 }
0223
0224 if ($user_id == $user->data['user_id'])
0225 {
0226 trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0227 }
0228
0229 if ($delete_type)
0230 {
0231 if (confirm_box(true))
0232 {
0233 user_delete($delete_type, $user_id, $user_row['username']);
0234
0235 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username']));
0236 trigger_error($user->lang['USER_DELETED'] . adm_back_link(
0237 (empty($redirect)) ? $this->u_action : $redirect_url
0238 )
0239 );
0240 }
0241 else
0242 {
0243 $delete_confirm_hidden_fields = array(
0244 'u' => $user_id,
0245 'i' => $id,
0246 'mode' => $mode,
0247 'action' => $action,
0248 'update' => true,
0249 'delete' => 1,
0250 'delete_type' => $delete_type,
0251 );
0252
0253 // Checks if the redirection page is specified
0254 if (!empty($redirect))
0255 {
0256 $delete_confirm_hidden_fields['redirect'] = $redirect;
0257 }
0258
0259 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields));
0260 }
0261 }
0262 else
0263 {
0264 trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0265 }
0266 }
0267
0268 // Handle quicktool actions
0269 switch ($action)
0270 {
0271 case 'banuser':
0272 case 'banemail':
0273 case 'banip':
0274
0275 if ($user_id == $user->data['user_id'])
0276 {
0277 trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0278 }
0279
0280 if ($user_id == ANONYMOUS)
0281 {
0282 trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0283 }
0284
0285 if ($user_row['user_type'] == USER_FOUNDER)
0286 {
0287 trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0288 }
0289
0290 if (!check_form_key($form_name))
0291 {
0292 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0293 }
0294
0295 $ban = array();
0296
0297 switch ($action)
0298 {
0299 case 'banuser':
0300 $ban[] = $user_row['username'];
0301 $reason = 'USER_ADMIN_BAN_NAME_REASON';
0302 break;
0303
0304 case 'banemail':
0305 $ban[] = $user_row['user_email'];
0306 $reason = 'USER_ADMIN_BAN_EMAIL_REASON';
0307 break;
0308
0309 case 'banip':
0310 $ban[] = $user_row['user_ip'];
0311
0312 $sql = 'SELECT DISTINCT poster_ip
0313 FROM ' . POSTS_TABLE . "
0314 WHERE poster_id = $user_id";
0315 $result = $db->sql_query($sql);
0316
0317 while ($row = $db->sql_fetchrow($result))
0318 {
0319 $ban[] = $row['poster_ip'];
0320 }
0321 $db->sql_freeresult($result);
0322
0323 $reason = 'USER_ADMIN_BAN_IP_REASON';
0324 break;
0325 }
0326
0327 $ban_reason = $request->variable('ban_reason', $user->lang[$reason], true);
0328 $ban_give_reason = $request->variable('ban_give_reason', '', true);
0329
0330 // Log not used at the moment, we simply utilize the ban function.
0331 $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
0332
0333 trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id));
0334
0335 break;
0336
0337 case 'reactivate':
0338
0339 if ($user_id == $user->data['user_id'])
0340 {
0341 trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0342 }
0343
0344 if (!check_form_key($form_name))
0345 {
0346 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0347 }
0348
0349 if ($user_row['user_type'] == USER_FOUNDER)
0350 {
0351 trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0352 }
0353
0354 if ($user_row['user_type'] == USER_IGNORE)
0355 {
0356 trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0357 }
0358
0359 if ($config['email_enable'])
0360 {
0361 if (!class_exists('messenger'))
0362 {
0363 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
0364 }
0365
0366 $server_url = generate_board_url();
0367
0368 $user_actkey = gen_rand_string(mt_rand(6, 10));
0369 $email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';
0370
0371 if ($user_row['user_type'] == USER_NORMAL)
0372 {
0373 user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
0374 }
0375 else
0376 {
0377 // Grabbing the last confirm key - we only send a reminder
0378 $sql = 'SELECT user_actkey
0379 FROM ' . USERS_TABLE . '
0380 WHERE user_id = ' . $user_id;
0381 $result = $db->sql_query($sql);
0382 $user_activation_key = (string) $db->sql_fetchfield('user_actkey');
0383 $db->sql_freeresult($result);
0384
0385 $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
0386 }
0387
0388 if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key))
0389 {
0390 $sql = 'UPDATE ' . USERS_TABLE . "
0391 SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
0392 WHERE user_id = $user_id";
0393 $db->sql_query($sql);
0394 }
0395
0396 $messenger = new messenger(false);
0397
0398 $messenger->template($email_template, $user_row['user_lang']);
0399
0400 $messenger->set_addresses($user_row);
0401
0402 $messenger->anti_abuse_headers($config, $user);
0403
0404 $messenger->assign_vars(array(
0405 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
0406 'USERNAME' => htmlspecialchars_decode($user_row['username']),
0407 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
0408 );
0409
0410 $messenger->send(NOTIFY_EMAIL);
0411
0412 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username']));
0413 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array(
0414 'reportee_id' => $user_id
0415 ));
0416
0417 trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id));
0418 }
0419
0420 break;
0421
0422 case 'active':
0423
0424 if ($user_id == $user->data['user_id'])
0425 {
0426 // It is only deactivation since the user is already activated (else he would not have reached this page)
0427 trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0428 }
0429
0430 if (!check_form_key($form_name))
0431 {
0432 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0433 }
0434
0435 if ($user_row['user_type'] == USER_FOUNDER)
0436 {
0437 trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0438 }
0439
0440 if ($user_row['user_type'] == USER_IGNORE)
0441 {
0442 trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0443 }
0444
0445 user_active_flip('flip', $user_id);
0446
0447 if ($user_row['user_type'] == USER_INACTIVE)
0448 {
0449 if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
0450 {
0451 /* @var $phpbb_notifications \phpbb\notification\manager */
0452 $phpbb_notifications = $phpbb_container->get('notification_manager');
0453 $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
0454
0455 if (!class_exists('messenger'))
0456 {
0457 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
0458 }
0459
0460 $messenger = new messenger(false);
0461
0462 $messenger->template('admin_welcome_activated', $user_row['user_lang']);
0463
0464 $messenger->set_addresses($user_row);
0465
0466 $messenger->anti_abuse_headers($config, $user);
0467
0468 $messenger->assign_vars(array(
0469 'USERNAME' => htmlspecialchars_decode($user_row['username']))
0470 );
0471
0472 $messenger->send(NOTIFY_EMAIL);
0473 }
0474 }
0475
0476 $message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
0477 $log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';
0478
0479 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username']));
0480 $phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array(
0481 'reportee_id' => $user_id
0482 ));
0483
0484 trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id));
0485
0486 break;
0487
0488 case 'delsig':
0489
0490 if (!check_form_key($form_name))
0491 {
0492 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0493 }
0494
0495 $sql_ary = array(
0496 'user_sig' => '',
0497 'user_sig_bbcode_uid' => '',
0498 'user_sig_bbcode_bitfield' => ''
0499 );
0500
0501 $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
0502 WHERE user_id = $user_id";
0503 $db->sql_query($sql);
0504
0505 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username']));
0506 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array(
0507 'reportee_id' => $user_id
0508 ));
0509
0510 trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0511
0512 break;
0513
0514 case 'delavatar':
0515
0516 if (!check_form_key($form_name))
0517 {
0518 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0519 }
0520
0521 // Delete old avatar if present
0522 /* @var $phpbb_avatar_manager \phpbb\avatar\manager */
0523 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
0524 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_');
0525
0526 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username']));
0527 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array(
0528 'reportee_id' => $user_id
0529 ));
0530
0531 trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0532 break;
0533
0534 case 'delposts':
0535
0536 if (confirm_box(true))
0537 {
0538 // Delete posts, attachments, etc.
0539 delete_posts('poster_id', $user_id);
0540
0541 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username']));
0542 trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0543 }
0544 else
0545 {
0546 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
0547 'u' => $user_id,
0548 'i' => $id,
0549 'mode' => $mode,
0550 'action' => $action,
0551 'update' => true))
0552 );
0553 }
0554
0555 break;
0556
0557 case 'delattach':
0558
0559 if (confirm_box(true))
0560 {
0561 /** @var \phpbb\attachment\manager $attachment_manager */
0562 $attachment_manager = $phpbb_container->get('attachment.manager');
0563 $attachment_manager->delete('user', $user_id);
0564 unset($attachment_manager);
0565
0566 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username']));
0567 trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0568 }
0569 else
0570 {
0571 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
0572 'u' => $user_id,
0573 'i' => $id,
0574 'mode' => $mode,
0575 'action' => $action,
0576 'update' => true))
0577 );
0578 }
0579
0580 break;
0581
0582 case 'deloutbox':
0583
0584 if (confirm_box(true))
0585 {
0586 $msg_ids = array();
0587 $lang = 'EMPTY';
0588
0589 $sql = 'SELECT msg_id
0590 FROM ' . PRIVMSGS_TO_TABLE . "
0591 WHERE author_id = $user_id
0592 AND folder_id = " . PRIVMSGS_OUTBOX;
0593 $result = $db->sql_query($sql);
0594
0595 if ($row = $db->sql_fetchrow($result))
0596 {
0597 if (!function_exists('delete_pm'))
0598 {
0599 include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
0600 }
0601
0602 do
0603 {
0604 $msg_ids[] = (int) $row['msg_id'];
0605 }
0606 while ($row = $db->sql_fetchrow($result));
0607
0608 $db->sql_freeresult($result);
0609
0610 delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX);
0611
0612 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username']));
0613
0614 $lang = 'EMPTIED';
0615 }
0616 $db->sql_freeresult($result);
0617
0618 trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id));
0619 }
0620 else
0621 {
0622 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
0623 'u' => $user_id,
0624 'i' => $id,
0625 'mode' => $mode,
0626 'action' => $action,
0627 'update' => true))
0628 );
0629 }
0630 break;
0631
0632 case 'moveposts':
0633
0634 if (!check_form_key($form_name))
0635 {
0636 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0637 }
0638
0639 $user->add_lang('acp/forums');
0640
0641 $new_forum_id = $request->variable('new_f', 0);
0642
0643 if (!$new_forum_id)
0644 {
0645 $this->page_title = 'USER_ADMIN_MOVE_POSTS';
0646
0647 $template->assign_vars(array(
0648 'S_SELECT_FORUM' => true,
0649 'U_ACTION' => $this->u_action . "&action=$action&u=$user_id",
0650 'U_BACK' => $this->u_action . "&u=$user_id",
0651 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true))
0652 );
0653
0654 return;
0655 }
0656
0657 // Is the new forum postable to?
0658 $sql = 'SELECT forum_name, forum_type
0659 FROM ' . FORUMS_TABLE . "
0660 WHERE forum_id = $new_forum_id";
0661 $result = $db->sql_query($sql);
0662 $forum_info = $db->sql_fetchrow($result);
0663 $db->sql_freeresult($result);
0664
0665 if (!$forum_info)
0666 {
0667 trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0668 }
0669
0670 if ($forum_info['forum_type'] != FORUM_POST)
0671 {
0672 trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0673 }
0674
0675 // Two stage?
0676 // Move topics comprising only posts from this user
0677 $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array();
0678 $forum_id_ary = array($new_forum_id);
0679
0680 $sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts
0681 FROM ' . POSTS_TABLE . "
0682 WHERE poster_id = $user_id
0683 AND forum_id <> $new_forum_id
0684 GROUP BY topic_id, post_visibility";
0685 $result = $db->sql_query($sql);
0686
0687 while ($row = $db->sql_fetchrow($result))
0688 {
0689 $topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts'];
0690 }
0691 $db->sql_freeresult($result);
0692
0693 if (sizeof($topic_id_ary))
0694 {
0695 $sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment
0696 FROM ' . TOPICS_TABLE . '
0697 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
0698 $result = $db->sql_query($sql);
0699
0700 while ($row = $db->sql_fetchrow($result))
0701 {
0702 if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved']
0703 && $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved']
0704 && $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved']
0705 && $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted'])
0706 {
0707 $move_topic_ary[] = $row['topic_id'];
0708 }
0709 else
0710 {
0711 $move_post_ary[$row['topic_id']]['title'] = $row['topic_title'];
0712 $move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0;
0713 }
0714
0715 $forum_id_ary[] = $row['forum_id'];
0716 }
0717 $db->sql_freeresult($result);
0718 }
0719
0720 // Entire topic comprises posts by this user, move these topics
0721 if (sizeof($move_topic_ary))
0722 {
0723 move_topics($move_topic_ary, $new_forum_id, false);
0724 }
0725
0726 if (sizeof($move_post_ary))
0727 {
0728 // Create new topic
0729 // Update post_ids, report_ids, attachment_ids
0730 foreach ($move_post_ary as $topic_id => $post_ary)
0731 {
0732 // Create new topic
0733 $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
0734 'topic_poster' => $user_id,
0735 'topic_time' => time(),
0736 'forum_id' => $new_forum_id,
0737 'icon_id' => 0,
0738 'topic_visibility' => ITEM_APPROVED,
0739 'topic_title' => $post_ary['title'],
0740 'topic_first_poster_name' => $user_row['username'],
0741 'topic_type' => POST_NORMAL,
0742 'topic_time_limit' => 0,
0743 'topic_attachment' => $post_ary['attach'])
0744 );
0745 $db->sql_query($sql);
0746
0747 $new_topic_id = $db->sql_nextid();
0748
0749 // Move posts
0750 $sql = 'UPDATE ' . POSTS_TABLE . "
0751 SET forum_id = $new_forum_id, topic_id = $new_topic_id
0752 WHERE topic_id = $topic_id
0753 AND poster_id = $user_id";
0754 $db->sql_query($sql);
0755
0756 if ($post_ary['attach'])
0757 {
0758 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
0759 SET topic_id = $new_topic_id
0760 WHERE topic_id = $topic_id
0761 AND poster_id = $user_id";
0762 $db->sql_query($sql);
0763 }
0764
0765 $new_topic_id_ary[] = $new_topic_id;
0766 }
0767 }
0768
0769 $forum_id_ary = array_unique($forum_id_ary);
0770 $topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
0771
0772 if (sizeof($topic_id_ary))
0773 {
0774 sync('topic_reported', 'topic_id', $topic_id_ary);
0775 sync('topic', 'topic_id', $topic_id_ary);
0776 }
0777
0778 if (sizeof($forum_id_ary))
0779 {
0780 sync('forum', 'forum_id', $forum_id_ary, false, true);
0781 }
0782
0783 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name']));
0784 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array(
0785 'reportee_id' => $user_id,
0786 $forum_info['forum_name']
0787 ));
0788
0789 trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0790
0791 break;
0792
0793 case 'leave_nr':
0794
0795 if (confirm_box(true))
0796 {
0797 remove_newly_registered($user_id, $user_row);
0798
0799 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username']));
0800 trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id));
0801 }
0802 else
0803 {
0804 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
0805 'u' => $user_id,
0806 'i' => $id,
0807 'mode' => $mode,
0808 'action' => $action,
0809 'update' => true))
0810 );
0811 }
0812
0813 break;
0814
0815 default:
0816 /**
0817 * Run custom quicktool code
0818 *
0819 * @event core.acp_users_overview_run_quicktool
0820 * @var array user_row Current user data
0821 * @var string action Quick tool that should be run
0822 * @since 3.1.0-a1
0823 */
0824 $vars = array('action', 'user_row');
0825 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));
0826 break;
0827 }
0828
0829 // Handle registration info updates
0830 $data = array(
0831 'username' => $request->variable('user', $user_row['username'], true),
0832 'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
0833 'email' => strtolower($request->variable('user_email', $user_row['user_email'])),
0834 'new_password' => $request->variable('new_password', '', true),
0835 'password_confirm' => $request->variable('password_confirm', '', true),
0836 );
0837
0838 // Validation data - we do not check the password complexity setting here
0839 $check_ary = array(
0840 'new_password' => array(
0841 array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
0842 array('password')),
0843 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
0844 );
0845
0846 // Check username if altered
0847 if ($data['username'] != $user_row['username'])
0848 {
0849 $check_ary += array(
0850 'username' => array(
0851 array('string', false, $config['min_name_chars'], $config['max_name_chars']),
0852 array('username', $user_row['username'])
0853 ),
0854 );
0855 }
0856
0857 // Check email if altered
0858 if ($data['email'] != $user_row['user_email'])
0859 {
0860 $check_ary += array(
0861 'email' => array(
0862 array('string', false, 6, 60),
0863 array('user_email', $user_row['user_email']),
0864 ),
0865 );
0866 }
0867
0868 $error = validate_data($data, $check_ary);
0869
0870 if ($data['new_password'] && $data['password_confirm'] != $data['new_password'])
0871 {
0872 $error[] = 'NEW_PASSWORD_ERROR';
0873 }
0874
0875 if (!check_form_key($form_name))
0876 {
0877 $error[] = 'FORM_INVALID';
0878 }
0879
0880 // Instantiate passwords manager
0881 /* @var $passwords_manager \phpbb\passwords\manager */
0882 $passwords_manager = $phpbb_container->get('passwords.manager');
0883
0884 // Which updates do we need to do?
0885 $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
0886 $update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']);
0887 $update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
0888
0889 if (!sizeof($error))
0890 {
0891 $sql_ary = array();
0892
0893 if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER)
0894 {
0895 // Only allow founders updating the founder status...
0896 if ($user->data['user_type'] == USER_FOUNDER)
0897 {
0898 // Setting a normal member to be a founder
0899 if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
0900 {
0901 // Make sure the user is not setting an Inactive or ignored user to be a founder
0902 if ($user_row['user_type'] == USER_IGNORE)
0903 {
0904 trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0905 }
0906
0907 if ($user_row['user_type'] == USER_INACTIVE)
0908 {
0909 trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0910 }
0911
0912 $sql_ary['user_type'] = USER_FOUNDER;
0913 }
0914 else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
0915 {
0916 // Check if at least one founder is present
0917 $sql = 'SELECT user_id
0918 FROM ' . USERS_TABLE . '
0919 WHERE user_type = ' . USER_FOUNDER . '
0920 AND user_id <> ' . $user_id;
0921 $result = $db->sql_query_limit($sql, 1);
0922 $row = $db->sql_fetchrow($result);
0923 $db->sql_freeresult($result);
0924
0925 if ($row)
0926 {
0927 $sql_ary['user_type'] = USER_NORMAL;
0928 }
0929 else
0930 {
0931 trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0932 }
0933 }
0934 }
0935 }
0936
0937 /**
0938 * Modify user data before we update it
0939 *
0940 * @event core.acp_users_overview_modify_data
0941 * @var array user_row Current user data
0942 * @var array data Submitted user data
0943 * @var array sql_ary User data we udpate
0944 * @since 3.1.0-a1
0945 */
0946 $vars = array('user_row', 'data', 'sql_ary');
0947 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars)));
0948
0949 if ($update_username !== false)
0950 {
0951 $sql_ary['username'] = $update_username;
0952 $sql_ary['username_clean'] = utf8_clean_string($update_username);
0953
0954 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
0955 'reportee_id' => $user_id,
0956 $user_row['username'],
0957 $update_username
0958 ));
0959 }
0960
0961 if ($update_email !== false)
0962 {
0963 $sql_ary += array(
0964 'user_email' => $update_email,
0965 'user_email_hash' => phpbb_email_hash($update_email),
0966 );
0967
0968 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
0969 'reportee_id' => $user_id,
0970 $user_row['username'],
0971 $user_row['user_email'],
0972 $update_email
0973 ));
0974 }
0975
0976 if ($update_password)
0977 {
0978 $sql_ary += array(
0979 'user_password' => $passwords_manager->hash($data['new_password']),
0980 'user_passchg' => time(),
0981 );
0982
0983 $user->reset_login_keys($user_id);
0984
0985 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
0986 'reportee_id' => $user_id,
0987 $user_row['username']
0988 ));
0989 }
0990
0991 if (sizeof($sql_ary))
0992 {
0993 $sql = 'UPDATE ' . USERS_TABLE . '
0994 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
0995 WHERE user_id = ' . $user_id;
0996 $db->sql_query($sql);
0997 }
0998
0999 if ($update_username)
1000 {
1001 user_update_name($user_row['username'], $update_username);
1002 }
1003
1004 // Let the users permissions being updated
1005 $auth->acl_clear_prefetch($user_id);
1006
1007 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username']));
1008
1009 trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1010 }
1011
1012 // Replace "error" strings with their real, localised form
1013 $error = array_map(array($user, 'lang'), $error);
1014 }
1015
1016 if ($user_id == $user->data['user_id'])
1017 {
1018 $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1019 if ($user_row['user_new'])
1020 {
1021 $quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1022 }
1023 }
1024 else
1025 {
1026 $quick_tool_ary = array();
1027
1028 if ($user_row['user_type'] != USER_FOUNDER)
1029 {
1030 $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP');
1031 }
1032
1033 if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE)
1034 {
1035 $quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
1036 }
1037
1038 $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1039
1040 if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE))
1041 {
1042 $quick_tool_ary['reactivate'] = 'FORCE';
1043 }
1044
1045 if ($user_row['user_new'])
1046 {
1047 $quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1048 }
1049 }
1050
1051 if ($config['load_onlinetrack'])
1052 {
1053 $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
1054 FROM ' . SESSIONS_TABLE . "
1055 WHERE session_user_id = $user_id";
1056 $result = $db->sql_query($sql);
1057 $row = $db->sql_fetchrow($result);
1058 $db->sql_freeresult($result);
1059
1060 $user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;
1061 $user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
1062 unset($row);
1063 }
1064
1065 /**
1066 * Add additional quick tool options and overwrite user data
1067 *
1068 * @event core.acp_users_display_overview
1069 * @var array user_row Array with user data
1070 * @var array quick_tool_ary Ouick tool options
1071 * @since 3.1.0-a1
1072 */
1073 $vars = array('user_row', 'quick_tool_ary');
1074 extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars)));
1075
1076 $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
1077 foreach ($quick_tool_ary as $value => $lang)
1078 {
1079 $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
1080 }
1081
1082 $last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit'];
1083
1084 $inactive_reason = '';
1085 if ($user_row['user_type'] == USER_INACTIVE)
1086 {
1087 $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
1088
1089 switch ($user_row['user_inactive_reason'])
1090 {
1091 case INACTIVE_REGISTER:
1092 $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
1093 break;
1094
1095 case INACTIVE_PROFILE:
1096 $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];
1097 break;
1098
1099 case INACTIVE_MANUAL:
1100 $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];
1101 break;
1102
1103 case INACTIVE_REMIND:
1104 $inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];
1105 break;
1106 }
1107 }
1108
1109 // Posts in Queue
1110 $sql = 'SELECT COUNT(post_id) as posts_in_queue
1111 FROM ' . POSTS_TABLE . '
1112 WHERE poster_id = ' . $user_id . '
1113 AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
1114 $result = $db->sql_query($sql);
1115 $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
1116 $db->sql_freeresult($result);
1117
1118 $sql = 'SELECT post_id
1119 FROM ' . POSTS_TABLE . '
1120 WHERE poster_id = '. $user_id;
1121 $result = $db->sql_query_limit($sql, 1);
1122 $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
1123 $db->sql_freeresult($result);
1124
1125 $template->assign_vars(array(
1126 'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
1127 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
1128 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
1129 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
1130
1131 'S_OVERVIEW' => true,
1132 'S_USER_IP' => ($user_row['user_ip']) ? true : false,
1133 'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false,
1134 'S_ACTION_OPTIONS' => $s_action_options,
1135 'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false,
1136 'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false,
1137
1138 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
1139 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
1140 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
1141 'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
1142
1143 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
1144
1145 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
1146 'USER' => $user_row['username'],
1147 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']),
1148 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
1149 'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ',
1150 'USER_EMAIL' => $user_row['user_email'],
1151 'USER_WARNINGS' => $user_row['user_warnings'],
1152 'USER_POSTS' => $user_row['user_posts'],
1153 'USER_HAS_POSTS' => $user_row['user_has_posts'],
1154 'USER_INACTIVE_REASON' => $inactive_reason,
1155 ));
1156
1157 break;
1158
1159 case 'feedback':
1160
1161 $user->add_lang('mcp');
1162
1163 // Set up general vars
1164 $start = $request->variable('start', 0);
1165 $deletemark = (isset($_POST['delmarked'])) ? true : false;
1166 $deleteall = (isset($_POST['delall'])) ? true : false;
1167 $marked = $request->variable('mark', array(0));
1168 $message = $request->variable('message', '', true);
1169
1170 /* @var $pagination \phpbb\pagination */
1171 $pagination = $phpbb_container->get('pagination');
1172
1173 // Sort keys
1174 $sort_days = $request->variable('st', 0);
1175 $sort_key = $request->variable('sk', 't');
1176 $sort_dir = $request->variable('sd', 'd');
1177
1178 // Delete entries if requested and able
1179 if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
1180 {
1181 if (!check_form_key($form_name))
1182 {
1183 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1184 }
1185
1186 $where_sql = '';
1187 if ($deletemark && $marked)
1188 {
1189 $sql_in = array();
1190 foreach ($marked as $mark)
1191 {
1192 $sql_in[] = $mark;
1193 }
1194 $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
1195 unset($sql_in);
1196 }
1197
1198 if ($where_sql || $deleteall)
1199 {
1200 $sql = 'DELETE FROM ' . LOG_TABLE . '
1201 WHERE log_type = ' . LOG_USERS . "
1202 AND reportee_id = $user_id
1203 $where_sql";
1204 $db->sql_query($sql);
1205
1206 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username']));
1207 }
1208 }
1209
1210 if ($submit && $message)
1211 {
1212 if (!check_form_key($form_name))
1213 {
1214 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1215 }
1216
1217 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username']));
1218 $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
1219 'forum_id' => 0,
1220 'topic_id' => 0,
1221 $user_row['username']
1222 ));
1223 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
1224 'reportee_id' => $user_id,
1225 $message
1226 ));
1227
1228 trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1229 }
1230
1231 // Sorting
1232 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1233 $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
1234 $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
1235
1236 $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1237 gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1238
1239 // Define where and sort sql for use in displaying logs
1240 $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0;
1241 $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
1242
1243 // Grab log data
1244 $log_data = array();
1245 $log_count = 0;
1246 $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
1247
1248 $base_url = $this->u_action . "&u=$user_id&$u_sort_param";
1249 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start);
1250
1251 $template->assign_vars(array(
1252 'S_FEEDBACK' => true,
1253
1254 'S_LIMIT_DAYS' => $s_limit_days,
1255 'S_SORT_KEY' => $s_sort_key,
1256 'S_SORT_DIR' => $s_sort_dir,
1257 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))
1258 );
1259
1260 foreach ($log_data as $row)
1261 {
1262 $template->assign_block_vars('log', array(
1263 'USERNAME' => $row['username_full'],
1264 'IP' => $row['ip'],
1265 'DATE' => $user->format_date($row['time']),
1266 'ACTION' => nl2br($row['action']),
1267 'ID' => $row['id'])
1268 );
1269 }
1270
1271 break;
1272
1273 case 'warnings':
1274 $user->add_lang('mcp');
1275
1276 // Set up general vars
1277 $deletemark = (isset($_POST['delmarked'])) ? true : false;
1278 $deleteall = (isset($_POST['delall'])) ? true : false;
1279 $confirm = (isset($_POST['confirm'])) ? true : false;
1280 $marked = $request->variable('mark', array(0));
1281
1282 // Delete entries if requested and able
1283 if ($deletemark || $deleteall || $confirm)
1284 {
1285 if (confirm_box(true))
1286 {
1287 $where_sql = '';
1288 $deletemark = $request->variable('delmarked', 0);
1289 $deleteall = $request->variable('delall', 0);
1290 if ($deletemark && $marked)
1291 {
1292 $where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
1293 }
1294
1295 if ($where_sql || $deleteall)
1296 {
1297 $sql = 'DELETE FROM ' . WARNINGS_TABLE . "
1298 WHERE user_id = $user_id
1299 $where_sql";
1300 $db->sql_query($sql);
1301
1302 if ($deleteall)
1303 {
1304 $log_warnings = $deleted_warnings = 0;
1305 }
1306 else
1307 {
1308 $num_warnings = (int) $db->sql_affectedrows();
1309 $deleted_warnings = ' user_warnings - ' . $num_warnings;
1310 $log_warnings = ($num_warnings > 2) ? 2 : $num_warnings;
1311 }
1312
1313 $sql = 'UPDATE ' . USERS_TABLE . "
1314 SET user_warnings = $deleted_warnings
1315 WHERE user_id = $user_id";
1316 $db->sql_query($sql);
1317
1318 if ($log_warnings)
1319 {
1320 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings));
1321 }
1322 else
1323 {
1324 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username']));
1325 }
1326 }
1327 }
1328 else
1329 {
1330 $s_hidden_fields = array(
1331 'i' => $id,
1332 'mode' => $mode,
1333 'u' => $user_id,
1334 'mark' => $marked,
1335 );
1336 if (isset($_POST['delmarked']))
1337 {
1338 $s_hidden_fields['delmarked'] = 1;
1339 }
1340 if (isset($_POST['delall']))
1341 {
1342 $s_hidden_fields['delall'] = 1;
1343 }
1344 if (isset($_POST['delall']) || (isset($_POST['delmarked']) && sizeof($marked)))
1345 {
1346 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
1347 }
1348 }
1349 }
1350
1351 $sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour
1352 FROM ' . WARNINGS_TABLE . ' w
1353 LEFT JOIN ' . LOG_TABLE . ' l
1354 ON (w.log_id = l.log_id)
1355 LEFT JOIN ' . USERS_TABLE . ' m
1356 ON (l.user_id = m.user_id)
1357 WHERE w.user_id = ' . $user_id . '
1358 ORDER BY w.warning_time DESC';
1359 $result = $db->sql_query($sql);
1360
1361 while ($row = $db->sql_fetchrow($result))
1362 {
1363 if (!$row['log_operation'])
1364 {
1365 // We do not have a log-entry anymore, so there is no data available
1366 $row['action'] = $user->lang['USER_WARNING_LOG_DELETED'];
1367 }
1368 else
1369 {
1370 $row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}';
1371 if (!empty($row['log_data']))
1372 {
1373 $log_data_ary = @unserialize($row['log_data']);
1374 $log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary;
1375
1376 if (isset($user->lang[$row['log_operation']]))
1377 {
1378 // Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
1379 // It doesn't matter if we add more arguments than placeholders
1380 if ((substr_count($row['action'], '%') - sizeof($log_data_ary)) > 0)
1381 {
1382 $log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - sizeof($log_data_ary), ''));
1383 }
1384 $row['action'] = vsprintf($row['action'], $log_data_ary);
1385 $row['action'] = bbcode_nl2br(censor_text($row['action']));
1386 }
1387 else if (!empty($log_data_ary))
1388 {
1389 $row['action'] .= '<br />' . implode('', $log_data_ary);
1390 }
1391 }
1392 }
1393
1394 $template->assign_block_vars('warn', array(
1395 'ID' => $row['warning_id'],
1396 'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-',
1397 'ACTION' => make_clickable($row['action']),
1398 'DATE' => $user->format_date($row['warning_time']),
1399 ));
1400 }
1401 $db->sql_freeresult($result);
1402
1403 $template->assign_vars(array(
1404 'S_WARNINGS' => true,
1405 ));
1406
1407 break;
1408
1409 case 'profile':
1410
1411 if (!function_exists('user_get_id_name'))
1412 {
1413 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1414 }
1415
1416 /* @var $cp \phpbb\profilefields\manager */
1417 $cp = $phpbb_container->get('profilefields.manager');
1418
1419 $cp_data = $cp_error = array();
1420
1421 $sql = 'SELECT lang_id
1422 FROM ' . LANG_TABLE . "
1423 WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
1424 $result = $db->sql_query($sql);
1425 $row = $db->sql_fetchrow($result);
1426 $db->sql_freeresult($result);
1427
1428 $user_row['iso_lang_id'] = $row['lang_id'];
1429
1430 $data = array(
1431 'jabber' => $request->variable('jabber', $user_row['user_jabber'], true),
1432 'bday_day' => 0,
1433 'bday_month' => 0,
1434 'bday_year' => 0,
1435 );
1436
1437 if ($user_row['user_birthday'])
1438 {
1439 list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
1440 }
1441
1442 $data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
1443 $data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
1444 $data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
1445 $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
1446
1447 /**
1448 * Modify user data on editing profile in ACP
1449 *
1450 * @event core.acp_users_modify_profile
1451 * @var array data Array with user profile data
1452 * @var bool submit Flag indicating if submit button has been pressed
1453 * @var int user_id The user id
1454 * @var array user_row Array with the full user data
1455 * @since 3.1.4-RC1
1456 */
1457 $vars = array('data', 'submit', 'user_id', 'user_row');
1458 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars)));
1459
1460 if ($submit)
1461 {
1462 $error = validate_data($data, array(
1463 'jabber' => array(
1464 array('string', true, 5, 255),
1465 array('jabber')),
1466 'bday_day' => array('num', true, 1, 31),
1467 'bday_month' => array('num', true, 1, 12),
1468 'bday_year' => array('num', true, 1901, gmdate('Y', time())),
1469 'user_birthday' => array('date', true),
1470 ));
1471
1472 // validate custom profile fields
1473 $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error);
1474
1475 if (sizeof($cp_error))
1476 {
1477 $error = array_merge($error, $cp_error);
1478 }
1479 if (!check_form_key($form_name))
1480 {
1481 $error[] = 'FORM_INVALID';
1482 }
1483
1484 /**
1485 * Validate profile data in ACP before submitting to the database
1486 *
1487 * @event core.acp_users_profile_validate
1488 * @var bool submit Flag indicating if submit button has been pressed
1489 * @var array data Array with user profile data
1490 * @var array error Array with the form errors
1491 * @since 3.1.4-RC1
1492 */
1493 $vars = array('submit', 'data', 'error');
1494 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars)));
1495
1496 if (!sizeof($error))
1497 {
1498 $sql_ary = array(
1499 'user_jabber' => $data['jabber'],
1500 'user_birthday' => $data['user_birthday'],
1501 );
1502
1503 /**
1504 * Modify profile data in ACP before submitting to the database
1505 *
1506 * @event core.acp_users_profile_modify_sql_ary
1507 * @var array cp_data Array with the user custom profile fields data
1508 * @var array data Array with user profile data
1509 * @var int user_id The user id
1510 * @var array user_row Array with the full user data
1511 * @var array sql_ary Array with sql data
1512 * @since 3.1.4-RC1
1513 */
1514 $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary');
1515 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars)));
1516
1517 $sql = 'UPDATE ' . USERS_TABLE . '
1518 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1519 WHERE user_id = $user_id";
1520 $db->sql_query($sql);
1521
1522 // Update Custom Fields
1523 $cp->update_profile_field_data($user_id, $cp_data);
1524
1525 trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1526 }
1527
1528 // Replace "error" strings with their real, localised form
1529 $error = array_map(array($user, 'lang'), $error);
1530 }
1531
1532 $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
1533 for ($i = 1; $i < 32; $i++)
1534 {
1535 $selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
1536 $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
1537 }
1538
1539 $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
1540 for ($i = 1; $i < 13; $i++)
1541 {
1542 $selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
1543 $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
1544 }
1545
1546 $now = getdate();
1547 $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
1548 for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
1549 {
1550 $selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
1551 $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
1552 }
1553 unset($now);
1554
1555 $template->assign_vars(array(
1556 'JABBER' => $data['jabber'],
1557 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
1558 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
1559 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
1560
1561 'S_PROFILE' => true)
1562 );
1563
1564 // Get additional profile fields and assign them to the template block var 'profile_fields'
1565 $user->get_profile_fields($user_id);
1566
1567 $cp->generate_profile_fields('profile', $user_row['iso_lang_id']);
1568
1569 break;
1570
1571 case 'prefs':
1572
1573 if (!function_exists('user_get_id_name'))
1574 {
1575 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1576 }
1577
1578 $data = array(
1579 'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true),
1580 'lang' => basename($request->variable('lang', $user_row['user_lang'])),
1581 'tz' => $request->variable('tz', $user_row['user_timezone']),
1582 'style' => $request->variable('style', $user_row['user_style']),
1583 'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']),
1584 'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']),
1585 'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']),
1586 'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']),
1587 'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']),
1588 'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']),
1589
1590 'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'),
1591 'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'),
1592 'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0),
1593
1594 'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'),
1595 'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'),
1596 'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0),
1597
1598 'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')),
1599 'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')),
1600 'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')),
1601 'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')),
1602 'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')),
1603 'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')),
1604
1605 'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')),
1606 'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')),
1607 'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')),
1608 'notify' => $request->variable('notify', $user_row['user_notify']),
1609 );
1610
1611 /**
1612 * Modify users preferences data
1613 *
1614 * @event core.acp_users_prefs_modify_data
1615 * @var array data Array with users preferences data
1616 * @var array user_row Array with user data
1617 * @since 3.1.0-b3
1618 */
1619 $vars = array('data', 'user_row');
1620 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars)));
1621
1622 if ($submit)
1623 {
1624 $error = validate_data($data, array(
1625 'dateformat' => array('string', false, 1, 64),
1626 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
1627 'tz' => array('timezone'),
1628
1629 'topic_sk' => array('string', false, 1, 1),
1630 'topic_sd' => array('string', false, 1, 1),
1631 'post_sk' => array('string', false, 1, 1),
1632 'post_sd' => array('string', false, 1, 1),
1633 ));
1634
1635 if (!check_form_key($form_name))
1636 {
1637 $error[] = 'FORM_INVALID';
1638 }
1639
1640 if (!sizeof($error))
1641 {
1642 $this->optionset($user_row, 'viewimg', $data['view_images']);
1643 $this->optionset($user_row, 'viewflash', $data['view_flash']);
1644 $this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
1645 $this->optionset($user_row, 'viewsigs', $data['view_sigs']);
1646 $this->optionset($user_row, 'viewavatars', $data['view_avatars']);
1647 $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']);
1648 $this->optionset($user_row, 'bbcode', $data['bbcode']);
1649 $this->optionset($user_row, 'smilies', $data['smilies']);
1650 $this->optionset($user_row, 'attachsig', $data['sig']);
1651
1652 $sql_ary = array(
1653 'user_options' => $user_row['user_options'],
1654
1655 'user_allow_pm' => $data['allowpm'],
1656 'user_allow_viewemail' => $data['viewemail'],
1657 'user_allow_massemail' => $data['massemail'],
1658 'user_allow_viewonline' => !$data['hideonline'],
1659 'user_notify_type' => $data['notifymethod'],
1660 'user_notify_pm' => $data['notifypm'],
1661
1662 'user_dateformat' => $data['dateformat'],
1663 'user_lang' => $data['lang'],
1664 'user_timezone' => $data['tz'],
1665 'user_style' => $data['style'],
1666
1667 'user_topic_sortby_type' => $data['topic_sk'],
1668 'user_post_sortby_type' => $data['post_sk'],
1669 'user_topic_sortby_dir' => $data['topic_sd'],
1670 'user_post_sortby_dir' => $data['post_sd'],
1671
1672 'user_topic_show_days' => $data['topic_st'],
1673 'user_post_show_days' => $data['post_st'],
1674
1675 'user_notify' => $data['notify'],
1676 );
1677
1678 /**
1679 * Modify SQL query before users preferences are updated
1680 *
1681 * @event core.acp_users_prefs_modify_sql
1682 * @var array data Array with users preferences data
1683 * @var array user_row Array with user data
1684 * @var array sql_ary SQL array with users preferences data to update
1685 * @var array error Array with errors data
1686 * @since 3.1.0-b3
1687 */
1688 $vars = array('data', 'user_row', 'sql_ary', 'error');
1689 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars)));
1690
1691 if (!sizeof($error))
1692 {
1693 $sql = 'UPDATE ' . USERS_TABLE . '
1694 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1695 WHERE user_id = $user_id";
1696 $db->sql_query($sql);
1697
1698 // Check if user has an active session
1699 if ($user_row['session_id'])
1700 {
1701 // We'll update the session if user_allow_viewonline has changed and the user is a bot
1702 // Or if it's a regular user and the admin set it to hide the session
1703 if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
1704 || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
1705 {
1706 // We also need to check if the user has the permission to cloak.
1707 $user_auth = new \phpbb\auth\auth();
1708 $user_auth->acl($user_row);
1709
1710 $session_sql_ary = array(
1711 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
1712 );
1713
1714 $sql = 'UPDATE ' . SESSIONS_TABLE . '
1715 SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
1716 WHERE session_user_id = $user_id";
1717 $db->sql_query($sql);
1718
1719 unset($user_auth);
1720 }
1721 }
1722
1723 trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1724 }
1725 }
1726
1727 // Replace "error" strings with their real, localised form
1728 $error = array_map(array($user, 'lang'), $error);
1729 }
1730
1731 $dateformat_options = '';
1732 foreach ($user->lang['dateformats'] as $format => $null)
1733 {
1734 $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>';
1735 $dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : '');
1736 $dateformat_options .= '</option>';
1737 }
1738
1739 $s_custom = false;
1740
1741 $dateformat_options .= '<option value="custom"';
1742 if (!isset($user->lang['dateformats'][$data['dateformat']]))
1743 {
1744 $dateformat_options .= ' selected="selected"';
1745 $s_custom = true;
1746 }
1747 $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
1748
1749 $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
1750
1751 // Topic ordering options
1752 $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1753 $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
1754
1755 // Post ordering options
1756 $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1757 $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
1758
1759 $_options = array('topic', 'post');
1760 foreach ($_options as $sort_option)
1761 {
1762 ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
1763 foreach (${'limit_' . $sort_option . '_days'} as $day => $text)
1764 {
1765 $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : '';
1766 ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
1767 }
1768 ${'s_limit_' . $sort_option . '_days'} .= '</select>';
1769
1770 ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
1771 foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text)
1772 {
1773 $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : '';
1774 ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
1775 }
1776 ${'s_sort_' . $sort_option . '_key'} .= '</select>';
1777
1778 ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
1779 foreach ($sort_dir_text as $key => $value)
1780 {
1781 $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : '';
1782 ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1783 }
1784 ${'s_sort_' . $sort_option . '_dir'} .= '</select>';
1785 }
1786
1787 phpbb_timezone_select($template, $user, $data['tz'], true);
1788 $user_prefs_data = array(
1789 'S_PREFS' => true,
1790 'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
1791
1792 'VIEW_EMAIL' => $data['viewemail'],
1793 'MASS_EMAIL' => $data['massemail'],
1794 'ALLOW_PM' => $data['allowpm'],
1795 'HIDE_ONLINE' => $data['hideonline'],
1796 'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false,
1797 'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false,
1798 'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
1799 'NOTIFY_PM' => $data['notifypm'],
1800 'BBCODE' => $data['bbcode'],
1801 'SMILIES' => $data['smilies'],
1802 'ATTACH_SIG' => $data['sig'],
1803 'NOTIFY' => $data['notify'],
1804 'VIEW_IMAGES' => $data['view_images'],
1805 'VIEW_FLASH' => $data['view_flash'],
1806 'VIEW_SMILIES' => $data['view_smilies'],
1807 'VIEW_SIGS' => $data['view_sigs'],
1808 'VIEW_AVATARS' => $data['view_avatars'],
1809 'VIEW_WORDCENSOR' => $data['view_wordcensor'],
1810
1811 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days,
1812 'S_TOPIC_SORT_KEY' => $s_sort_topic_key,
1813 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir,
1814 'S_POST_SORT_DAYS' => $s_limit_post_days,
1815 'S_POST_SORT_KEY' => $s_sort_post_key,
1816 'S_POST_SORT_DIR' => $s_sort_post_dir,
1817
1818 'DATE_FORMAT' => $data['dateformat'],
1819 'S_DATEFORMAT_OPTIONS' => $dateformat_options,
1820 'S_CUSTOM_DATEFORMAT' => $s_custom,
1821 'DEFAULT_DATEFORMAT' => $config['default_dateformat'],
1822 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']),
1823
1824 'S_LANG_OPTIONS' => language_select($data['lang']),
1825 'S_STYLE_OPTIONS' => style_select($data['style']),
1826 );
1827
1828 /**
1829 * Modify users preferences data before assigning it to the template
1830 *
1831 * @event core.acp_users_prefs_modify_template_data
1832 * @var array data Array with users preferences data
1833 * @var array user_row Array with user data
1834 * @var array user_prefs_data Array with users preferences data to be assigned to the template
1835 * @since 3.1.0-b3
1836 */
1837 $vars = array('data', 'user_row', 'user_prefs_data');
1838 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars)));
1839
1840 $template->assign_vars($user_prefs_data);
1841
1842 break;
1843
1844 case 'avatar':
1845
1846 $avatars_enabled = false;
1847 /** @var \phpbb\avatar\manager $phpbb_avatar_manager */
1848 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
1849
1850 if ($config['allow_avatar'])
1851 {
1852 $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
1853
1854 // This is normalised data, without the user_ prefix
1855 $avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user');
1856
1857 if ($submit)
1858 {
1859 if (check_form_key($form_name))
1860 {
1861 $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
1862
1863 if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
1864 {
1865 $driver = $phpbb_avatar_manager->get_driver($driver_name);
1866 $result = $driver->process_form($request, $template, $user, $avatar_data, $error);
1867
1868 if ($result && empty($error))
1869 {
1870 // Success! Lets save the result in the database
1871 $result = array(
1872 'user_avatar_type' => $driver_name,
1873 'user_avatar' => $result['avatar'],
1874 'user_avatar_width' => $result['avatar_width'],
1875 'user_avatar_height' => $result['avatar_height'],
1876 );
1877
1878 $sql = 'UPDATE ' . USERS_TABLE . '
1879 SET ' . $db->sql_build_array('UPDATE', $result) . '
1880 WHERE user_id = ' . (int) $user_id;
1881
1882 $db->sql_query($sql);
1883 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1884 }
1885 }
1886 }
1887 else
1888 {
1889 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1890 }
1891 }
1892
1893 // Handle deletion of avatars
1894 if ($request->is_set_post('avatar_delete'))
1895 {
1896 if (!confirm_box(true))
1897 {
1898 confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
1899 'avatar_delete' => true))
1900 );
1901 }
1902 else
1903 {
1904 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
1905
1906 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1907 }
1908 }
1909
1910 $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
1911
1912 // Assign min and max values before generating avatar driver html
1913 $template->assign_vars(array(
1914 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
1915 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
1916 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
1917 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
1918 ));
1919
1920 foreach ($avatar_drivers as $current_driver)
1921 {
1922 $driver = $phpbb_avatar_manager->get_driver($current_driver);
1923
1924 $avatars_enabled = true;
1925 $template->set_filenames(array(
1926 'avatar' => $driver->get_acp_template_name(),
1927 ));
1928
1929 if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
1930 {
1931 $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
1932 $driver_upper = strtoupper($driver_name);
1933
1934 $template->assign_block_vars('avatar_drivers', array(
1935 'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
1936 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
1937
1938 'DRIVER' => $driver_name,
1939 'SELECTED' => $current_driver == $selected_driver,
1940 'OUTPUT' => $template->assign_display('avatar'),
1941 ));
1942 }
1943 }
1944 }
1945
1946 // Avatar manager is not initialized if avatars are disabled
1947 if (isset($phpbb_avatar_manager))
1948 {
1949 // Replace "error" strings with their real, localised form
1950 $error = $phpbb_avatar_manager->localize_errors($user, $error);
1951 }
1952
1953 $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true);
1954
1955 $template->assign_vars(array(
1956 'S_AVATAR' => true,
1957 'ERROR' => (!empty($error)) ? implode('<br />', $error) : '',
1958 'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
1959
1960 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
1961
1962 'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
1963
1964 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
1965 ));
1966
1967 break;
1968
1969 case 'rank':
1970
1971 if ($submit)
1972 {
1973 if (!check_form_key($form_name))
1974 {
1975 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1976 }
1977
1978 $rank_id = $request->variable('user_rank', 0);
1979
1980 $sql = 'UPDATE ' . USERS_TABLE . "
1981 SET user_rank = $rank_id
1982 WHERE user_id = $user_id";
1983 $db->sql_query($sql);
1984
1985 trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1986 }
1987
1988 $sql = 'SELECT *
1989 FROM ' . RANKS_TABLE . '
1990 WHERE rank_special = 1
1991 ORDER BY rank_title';
1992 $result = $db->sql_query($sql);
1993
1994 $s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>';
1995
1996 while ($row = $db->sql_fetchrow($result))
1997 {
1998 $selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : '';
1999 $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
2000 }
2001 $db->sql_freeresult($result);
2002
2003 $template->assign_vars(array(
2004 'S_RANK' => true,
2005 'S_RANK_OPTIONS' => $s_rank_options)
2006 );
2007
2008 break;
2009
2010 case 'sig':
2011
2012 if (!function_exists('display_custom_bbcodes'))
2013 {
2014 include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
2015 }
2016
2017 $enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false;
2018 $enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false;
2019 $enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false;
2020
2021 $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
2022
2023 $decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags);
2024 $signature = $request->variable('signature', $decoded_message['text'], true);
2025 $signature_preview = '';
2026
2027 if ($submit || $request->is_set_post('preview'))
2028 {
2029 $enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
2030 $enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
2031 $enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
2032
2033 if (!check_form_key($form_name))
2034 {
2035 $error[] = 'FORM_INVALID';
2036 }
2037 }
2038
2039 $bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
2040 $warn_msg = generate_text_for_storage(
2041 $signature,
2042 $bbcode_uid,
2043 $bbcode_bitfield,
2044 $bbcode_flags,
2045 $enable_bbcode,
2046 $enable_urls,
2047 $enable_smilies,
2048 $config['allow_sig_img'],
2049 $config['allow_sig_flash'],
2050 true,
2051 $config['allow_sig_links'],
2052 'sig'
2053 );
2054
2055 if (sizeof($warn_msg))
2056 {
2057 $error += $warn_msg;
2058 }
2059
2060 if (!$submit)
2061 {
2062 // Parse it for displaying
2063 $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
2064 }
2065 else
2066 {
2067 if (!sizeof($error))
2068 {
2069 $this->optionset($user_row, 'sig_bbcode', $enable_bbcode);
2070 $this->optionset($user_row, 'sig_smilies', $enable_smilies);
2071 $this->optionset($user_row, 'sig_links', $enable_urls);
2072
2073 $sql_ary = array(
2074 'user_sig' => $signature,
2075 'user_options' => $user_row['user_options'],
2076 'user_sig_bbcode_uid' => $bbcode_uid,
2077 'user_sig_bbcode_bitfield' => $bbcode_bitfield,
2078 );
2079
2080 $sql = 'UPDATE ' . USERS_TABLE . '
2081 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2082 WHERE user_id = ' . $user_id;
2083 $db->sql_query($sql);
2084
2085 trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2086 }
2087 }
2088
2089 // Replace "error" strings with their real, localised form
2090 $error = array_map(array($user, 'lang'), $error);
2091
2092 if ($request->is_set_post('preview'))
2093 {
2094 $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_bitfield);
2095 }
2096
2097 /** @var \phpbb\controller\helper $controller_helper */
2098 $controller_helper = $phpbb_container->get('controller.helper');
2099
2100 $template->assign_vars(array(
2101 'S_SIGNATURE' => true,
2102
2103 'SIGNATURE' => $decoded_message['text'],
2104 'SIGNATURE_PREVIEW' => $signature_preview,
2105
2106 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
2107 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
2108 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
2109
2110 'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
2111 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
2112 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
2113 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
2114 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
2115
2116 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
2117
2118 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
2119 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
2120 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
2121 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
2122 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
2123 );
2124
2125 // Assigning custom bbcodes
2126 display_custom_bbcodes();
2127
2128 break;
2129
2130 case 'attach':
2131 /* @var $pagination \phpbb\pagination */
2132 $pagination = $phpbb_container->get('pagination');
2133
2134 $start = $request->variable('start', 0);
2135 $deletemark = (isset($_POST['delmarked'])) ? true : false;
2136 $marked = $request->variable('mark', array(0));
2137
2138 // Sort keys
2139 $sort_key = $request->variable('sk', 'a');
2140 $sort_dir = $request->variable('sd', 'd');
2141
2142 if ($deletemark && sizeof($marked))
2143 {
2144 $sql = 'SELECT attach_id
2145 FROM ' . ATTACHMENTS_TABLE . '
2146 WHERE poster_id = ' . $user_id . '
2147 AND is_orphan = 0
2148 AND ' . $db->sql_in_set('attach_id', $marked);
2149 $result = $db->sql_query($sql);
2150
2151 $marked = array();
2152 while ($row = $db->sql_fetchrow($result))
2153 {
2154 $marked[] = $row['attach_id'];
2155 }
2156 $db->sql_freeresult($result);
2157 }
2158
2159 if ($deletemark && sizeof($marked))
2160 {
2161 if (confirm_box(true))
2162 {
2163 $sql = 'SELECT real_filename
2164 FROM ' . ATTACHMENTS_TABLE . '
2165 WHERE ' . $db->sql_in_set('attach_id', $marked);
2166 $result = $db->sql_query($sql);
2167
2168 $log_attachments = array();
2169 while ($row = $db->sql_fetchrow($result))
2170 {
2171 $log_attachments[] = $row['real_filename'];
2172 }
2173 $db->sql_freeresult($result);
2174
2175 /** @var \phpbb\attachment\manager $attachment_manager */
2176 $attachment_manager = $phpbb_container->get('attachment.manager');
2177 $attachment_manager->delete('attach', $marked);
2178 unset($attachment_manager);
2179
2180 $message = (sizeof($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
2181
2182 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments)));
2183 trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id));
2184 }
2185 else
2186 {
2187 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2188 'u' => $user_id,
2189 'i' => $id,
2190 'mode' => $mode,
2191 'action' => $action,
2192 'delmarked' => true,
2193 'mark' => $marked))
2194 );
2195 }
2196 }
2197
2198 $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
2199 $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
2200
2201 $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
2202
2203 $s_sort_key = '';
2204 foreach ($sk_text as $key => $value)
2205 {
2206 $selected = ($sort_key == $key) ? ' selected="selected"' : '';
2207 $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2208 }
2209
2210 $s_sort_dir = '';
2211 foreach ($sd_text as $key => $value)
2212 {
2213 $selected = ($sort_dir == $key) ? ' selected="selected"' : '';
2214 $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2215 }
2216
2217 if (!isset($sk_sql[$sort_key]))
2218 {
2219 $sort_key = 'a';
2220 }
2221
2222 $order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
2223
2224 $sql = 'SELECT COUNT(attach_id) as num_attachments
2225 FROM ' . ATTACHMENTS_TABLE . "
2226 WHERE poster_id = $user_id
2227 AND is_orphan = 0";
2228 $result = $db->sql_query_limit($sql, 1);
2229 $num_attachments = (int) $db->sql_fetchfield('num_attachments');
2230 $db->sql_freeresult($result);
2231
2232 $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
2233 FROM ' . ATTACHMENTS_TABLE . ' a
2234 LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id
2235 AND a.in_message = 0)
2236 LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id
2237 AND a.in_message = 1)
2238 WHERE a.poster_id = ' . $user_id . "
2239 AND a.is_orphan = 0
2240 ORDER BY $order_by";
2241 $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
2242
2243 while ($row = $db->sql_fetchrow($result))
2244 {
2245 if ($row['in_message'])
2246 {
2247 $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}");
2248 }
2249 else
2250 {
2251 $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
2252 }
2253
2254 $template->assign_block_vars('attach', array(
2255 'REAL_FILENAME' => $row['real_filename'],
2256 'COMMENT' => nl2br($row['attach_comment']),
2257 'EXTENSION' => $row['extension'],
2258 'SIZE' => get_formatted_filesize($row['filesize']),
2259 'DOWNLOAD_COUNT' => $row['download_count'],
2260 'POST_TIME' => $user->format_date($row['filetime']),
2261 'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
2262
2263 'ATTACH_ID' => $row['attach_id'],
2264 'POST_ID' => $row['post_msg_id'],
2265 'TOPIC_ID' => $row['topic_id'],
2266
2267 'S_IN_MESSAGE' => $row['in_message'],
2268
2269 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']),
2270 'U_VIEW_TOPIC' => $view_topic)
2271 );
2272 }
2273 $db->sql_freeresult($result);
2274
2275 $base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir";
2276 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
2277
2278 $template->assign_vars(array(
2279 'S_ATTACHMENTS' => true,
2280 'S_SORT_KEY' => $s_sort_key,
2281 'S_SORT_DIR' => $s_sort_dir,
2282 ));
2283
2284 break;
2285
2286 case 'groups':
2287
2288 if (!function_exists('group_user_attributes'))
2289 {
2290 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2291 }
2292
2293 $user->add_lang(array('groups', 'acp/groups'));
2294 $group_id = $request->variable('g', 0);
2295
2296 if ($group_id)
2297 {
2298 // Check the founder only entry for this group to make sure everything is well
2299 $sql = 'SELECT group_founder_manage
2300 FROM ' . GROUPS_TABLE . '
2301 WHERE group_id = ' . $group_id;
2302 $result = $db->sql_query($sql);
2303 $founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
2304 $db->sql_freeresult($result);
2305
2306 if ($user->data['user_type'] != USER_FOUNDER && $founder_manage)
2307 {
2308 trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2309 }
2310 }
2311
2312 switch ($action)
2313 {
2314 case 'demote':
2315 case 'promote':
2316 case 'default':
2317 if (!$group_id)
2318 {
2319 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2320 }
2321
2322 if (!check_link_hash($request->variable('hash', ''), 'acp_users'))
2323 {
2324 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
2325 }
2326
2327 group_user_attributes($action, $group_id, $user_id);
2328
2329 if ($action == 'default')
2330 {
2331 $user_row['group_id'] = $group_id;
2332 }
2333 break;
2334
2335 case 'delete':
2336
2337 if (confirm_box(true))
2338 {
2339 if (!$group_id)
2340 {
2341 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2342 }
2343
2344 if ($error = group_user_del($group_id, $user_id))
2345 {
2346 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2347 }
2348
2349 $error = array();
2350
2351 // The delete action was successful - therefore update the user row...
2352 $sql = 'SELECT u.*, s.*
2353 FROM ' . USERS_TABLE . ' u
2354 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
2355 WHERE u.user_id = ' . $user_id . '
2356 ORDER BY s.session_time DESC';
2357 $result = $db->sql_query_limit($sql, 1);
2358 $user_row = $db->sql_fetchrow($result);
2359 $db->sql_freeresult($result);
2360 }
2361 else
2362 {
2363 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2364 'u' => $user_id,
2365 'i' => $id,
2366 'mode' => $mode,
2367 'action' => $action,
2368 'g' => $group_id))
2369 );
2370 }
2371
2372 break;
2373
2374 case 'approve':
2375
2376 if (confirm_box(true))
2377 {
2378 if (!$group_id)
2379 {
2380 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2381 }
2382 group_user_attributes($action, $group_id, $user_id);
2383 }
2384 else
2385 {
2386 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2387 'u' => $user_id,
2388 'i' => $id,
2389 'mode' => $mode,
2390 'action' => $action,
2391 'g' => $group_id))
2392 );
2393 }
2394
2395 break;
2396 }
2397
2398 // Add user to group?
2399 if ($submit)
2400 {
2401
2402 if (!check_form_key($form_name))
2403 {
2404 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2405 }
2406
2407 if (!$group_id)
2408 {
2409 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2410 }
2411
2412 // Add user/s to group
2413 if ($error = group_user_add($group_id, $user_id))
2414 {
2415 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2416 }
2417
2418 $error = array();
2419 }
2420
2421 /** @var \phpbb\group\helper $group_helper */
2422 $group_helper = $phpbb_container->get('group_helper');
2423
2424 $sql = 'SELECT ug.*, g.*
2425 FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug
2426 WHERE ug.user_id = $user_id
2427 AND g.group_id = ug.group_id
2428 ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name";
2429 $result = $db->sql_query($sql);
2430
2431 $i = 0;
2432 $group_data = $id_ary = array();
2433 while ($row = $db->sql_fetchrow($result))
2434 {
2435 $type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal');
2436
2437 $group_data[$type][$i]['group_id'] = $row['group_id'];
2438 $group_data[$type][$i]['group_name'] = $row['group_name'];
2439 $group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0;
2440
2441 $id_ary[] = $row['group_id'];
2442
2443 $i++;
2444 }
2445 $db->sql_freeresult($result);
2446
2447 // Select box for other groups
2448 $sql = 'SELECT group_id, group_name, group_type, group_founder_manage
2449 FROM ' . GROUPS_TABLE . '
2450 ' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
2451 ORDER BY group_type DESC, group_name ASC';
2452 $result = $db->sql_query($sql);
2453
2454 $s_group_options = '';
2455 while ($row = $db->sql_fetchrow($result))
2456 {
2457 if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA')
2458 {
2459 continue;
2460 }
2461
2462 // Do not display those groups not allowed to be managed
2463 if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage'])
2464 {
2465 continue;
2466 }
2467
2468 $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>';
2469 }
2470 $db->sql_freeresult($result);
2471
2472 $current_type = '';
2473 foreach ($group_data as $group_type => $data_ary)
2474 {
2475 if ($current_type != $group_type)
2476 {
2477 $template->assign_block_vars('group', array(
2478 'S_NEW_GROUP_TYPE' => true,
2479 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)])
2480 );
2481 }
2482
2483 foreach ($data_ary as $data)
2484 {
2485 $template->assign_block_vars('group', array(
2486 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
2487 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2488 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2489 'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'],
2490 'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
2491
2492 'GROUP_NAME' => ($group_type == 'special') ? $user->lang['G_' . $data['group_name']] : $data['group_name'],
2493 'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],
2494
2495 'S_IS_MEMBER' => ($group_type != 'pending') ? true : false,
2496 'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false,
2497 'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false,
2498 )
2499 );
2500 }
2501 }
2502
2503 $template->assign_vars(array(
2504 'S_GROUPS' => true,
2505 'S_GROUP_OPTIONS' => $s_group_options)
2506 );
2507
2508 break;
2509
2510 case 'perm':
2511
2512 if (!class_exists('auth_admin'))
2513 {
2514 include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
2515 }
2516
2517 $auth_admin = new auth_admin();
2518
2519 $user->add_lang('acp/permissions');
2520 add_permission_language();
2521
2522 $forum_id = $request->variable('f', 0);
2523
2524 // Global Permissions
2525 if (!$forum_id)
2526 {
2527 // Select auth options
2528 $sql = 'SELECT auth_option, is_local, is_global
2529 FROM ' . ACL_OPTIONS_TABLE . '
2530 WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . '
2531 AND is_global = 1
2532 ORDER BY auth_option';
2533 $result = $db->sql_query($sql);
2534
2535 $hold_ary = array();
2536
2537 while ($row = $db->sql_fetchrow($result))
2538 {
2539 $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
2540 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
2541 }
2542 $db->sql_freeresult($result);
2543
2544 unset($hold_ary);
2545 }
2546 else
2547 {
2548 $sql = 'SELECT auth_option, is_local, is_global
2549 FROM ' . ACL_OPTIONS_TABLE . "
2550 WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . "
2551 AND is_local = 1
2552 ORDER BY is_global DESC, auth_option";
2553 $result = $db->sql_query($sql);
2554
2555 while ($row = $db->sql_fetchrow($result))
2556 {
2557 $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER);
2558 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
2559 }
2560 $db->sql_freeresult($result);
2561 }
2562
2563 $s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>';
2564 $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false);
2565
2566 $template->assign_vars(array(
2567 'S_PERMISSIONS' => true,
2568
2569 'S_GLOBAL' => (!$forum_id) ? true : false,
2570 'S_FORUM_OPTIONS' => $s_forum_options,
2571
2572 'U_ACTION' => $this->u_action . '&u=' . $user_id,
2573 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id),
2574 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id))
2575 );
2576
2577 break;
2578
2579 }
2580
2581 // Assign general variables
2582 $template->assign_vars(array(
2583 'S_ERROR' => (sizeof($error)) ? true : false,
2584 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '')
2585 );
2586 }
2587
2588 /**
2589 * Set option bit field for user options in a user row array.
2590 *
2591 * Optionset replacement for this module based on $user->optionset.
2592 *
2593 * @param array $user_row Row from the users table.
2594 * @param int $key Option key, as defined in $user->keyoptions property.
2595 * @param bool $value True to set the option, false to clear the option.
2596 * @param int $data Current bit field value, or false to use $user_row['user_options']
2597 * @return int|bool If $data is false, the bit field is modified and
2598 * written back to $user_row['user_options'], and
2599 * return value is true if the bit field changed and
2600 * false otherwise. If $data is not false, the new
2601 * bitfield value is returned.
2602 */
2603 function optionset(&$user_row, $key, $value, $data = false)
2604 {
2605 global $user;
2606
2607 $var = ($data !== false) ? $data : $user_row['user_options'];
2608
2609 $new_var = phpbb_optionset($user->keyoptions[$key], $value, $var);
2610
2611 if ($data === false)
2612 {
2613 if ($new_var != $var)
2614 {
2615 $user_row['user_options'] = $new_var;
2616 return true;
2617 }
2618 else
2619 {
2620 return false;
2621 }
2622 }
2623 else
2624 {
2625 return $new_var;
2626 }
2627 }
2628
2629 /**
2630 * Get option bit field from user options in a user row array.
2631 *
2632 * Optionget replacement for this module based on $user->optionget.
2633 *
2634 * @param array $user_row Row from the users table.
2635 * @param int $key option key, as defined in $user->keyoptions property.
2636 * @param int $data bit field value to use, or false to use $user_row['user_options']
2637 * @return bool true if the option is set in the bit field, false otherwise
2638 */
2639 function optionget(&$user_row, $key, $data = false)
2640 {
2641 global $user;
2642
2643 $var = ($data !== false) ? $data : $user_row['user_options'];
2644 return phpbb_optionget($user->keyoptions[$key], $var);
2645 }
2646 }
2647