Verzeichnisstruktur phpBB-3.3.15
- Veröffentlicht
- 28.08.2024
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
acp_users.php
0001 <?php
0002 /**
0003 *
0004 * This file is part of the phpBB Forum Software package.
0005 *
0006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
0007 * @license GNU General Public License, version 2 (GPL-2.0)
0008 *
0009 * For full copyright and license information, please see
0010 * the docs/CREDITS.txt file.
0011 *
0012 */
0013
0014 /**
0015 * @ignore
0016 */
0017 if (!defined('IN_PHPBB'))
0018 {
0019 exit;
0020 }
0021
0022 class acp_users
0023 {
0024 var $u_action;
0025 var $p_master;
0026
0027 function __construct($p_master)
0028 {
0029 $this->p_master = $p_master;
0030 }
0031
0032 function main($id, $mode)
0033 {
0034 global $config, $db, $user, $auth, $template;
0035 global $phpbb_root_path, $phpbb_admin_path, $phpEx;
0036 global $phpbb_dispatcher, $request;
0037 global $phpbb_container, $phpbb_log;
0038
0039 $user->add_lang(array('posting', 'ucp', 'acp/users'));
0040 $this->tpl_name = 'acp_users';
0041
0042 $error = array();
0043 $username = $request->variable('username', '', true);
0044 $user_id = $request->variable('u', 0);
0045 $action = $request->variable('action', '');
0046
0047 // Get referer to redirect user to the appropriate page after delete action
0048 $redirect = $request->variable('redirect', '');
0049 $redirect_tag = "redirect=$redirect";
0050 $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect");
0051
0052 $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
0053
0054 $form_name = 'acp_users';
0055 add_form_key($form_name);
0056
0057 // Whois (special case)
0058 if ($action == 'whois')
0059 {
0060 if (!function_exists('user_get_id_name'))
0061 {
0062 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
0063 }
0064
0065 $this->page_title = 'WHOIS';
0066 $this->tpl_name = 'simple_body';
0067
0068 $user_ip = phpbb_ip_normalise($request->variable('user_ip', ''));
0069 $domain = gethostbyaddr($user_ip);
0070 $ipwhois = user_ipwhois($user_ip);
0071
0072 $template->assign_vars(array(
0073 'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain),
0074 'MESSAGE_TEXT' => nl2br($ipwhois))
0075 );
0076
0077 return;
0078 }
0079
0080 // Show user selection mask
0081 if (!$username && !$user_id)
0082 {
0083 $this->page_title = 'SELECT_USER';
0084
0085 $template->assign_vars(array(
0086 'U_ACTION' => $this->u_action,
0087 'ANONYMOUS_USER_ID' => ANONYMOUS,
0088
0089 'S_SELECT_USER' => true,
0090 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'),
0091 ));
0092
0093 return;
0094 }
0095
0096 if (!$user_id)
0097 {
0098 $sql = 'SELECT user_id
0099 FROM ' . USERS_TABLE . "
0100 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
0101 $result = $db->sql_query($sql);
0102 $user_id = (int) $db->sql_fetchfield('user_id');
0103 $db->sql_freeresult($result);
0104
0105 if (!$user_id)
0106 {
0107 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
0108 }
0109 }
0110
0111 // Generate content for all modes
0112 $sql = 'SELECT u.*, s.*
0113 FROM ' . USERS_TABLE . ' u
0114 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
0115 WHERE u.user_id = ' . $user_id . '
0116 ORDER BY s.session_time DESC';
0117 $result = $db->sql_query_limit($sql, 1);
0118 $user_row = $db->sql_fetchrow($result);
0119 $db->sql_freeresult($result);
0120
0121 if (!$user_row)
0122 {
0123 trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
0124 }
0125
0126 // Generate overall "header" for user admin
0127 $s_form_options = '';
0128
0129 // Build modes dropdown list
0130 $sql = 'SELECT module_mode, module_auth
0131 FROM ' . MODULES_TABLE . "
0132 WHERE module_basename = 'acp_users'
0133 AND module_enabled = 1
0134 AND module_class = 'acp'
0135 ORDER BY left_id, module_mode";
0136 $result = $db->sql_query($sql);
0137
0138 $dropdown_modes = array();
0139 while ($row = $db->sql_fetchrow($result))
0140 {
0141 if (!$this->p_master->module_auth_self($row['module_auth']))
0142 {
0143 continue;
0144 }
0145
0146 $dropdown_modes[$row['module_mode']] = true;
0147 }
0148 $db->sql_freeresult($result);
0149
0150 foreach ($dropdown_modes as $module_mode => $null)
0151 {
0152 $selected = ($mode == $module_mode) ? ' selected="selected"' : '';
0153 $s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>';
0154 }
0155
0156 $template->assign_vars(array(
0157 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url,
0158 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"),
0159 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag),
0160 'S_FORM_OPTIONS' => $s_form_options,
0161 'MANAGED_USERNAME' => $user_row['username'])
0162 );
0163
0164 // Prevent normal users/admins change/view founders if they are not a founder by themselves
0165 if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
0166 {
0167 trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING);
0168 }
0169
0170 $this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode));
0171
0172 switch ($mode)
0173 {
0174 case 'overview':
0175
0176 if (!function_exists('user_get_id_name'))
0177 {
0178 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
0179 }
0180
0181 $user->add_lang('acp/ban');
0182
0183 $delete = $request->variable('delete', 0);
0184 $delete_type = $request->variable('delete_type', '');
0185 $ip = $request->variable('ip', 'ip');
0186
0187 /**
0188 * Run code at beginning of ACP users overview
0189 *
0190 * @event core.acp_users_overview_before
0191 * @var array user_row Current user data
0192 * @var string mode Active module
0193 * @var string action Module that should be run
0194 * @var bool submit Do we display the form only
0195 * or did the user press submit
0196 * @var array error Array holding error messages
0197 * @since 3.1.3-RC1
0198 */
0199 $vars = array('user_row', 'mode', 'action', 'submit', 'error');
0200 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars)));
0201
0202 if ($submit)
0203 {
0204 if ($delete)
0205 {
0206 if (!$auth->acl_get('a_userdel'))
0207 {
0208 send_status_line(403, 'Forbidden');
0209 trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0210 }
0211
0212 // Check if the user wants to remove himself or the guest user account
0213 if ($user_id == ANONYMOUS)
0214 {
0215 trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0216 }
0217
0218 // Founders can not be deleted.
0219 if ($user_row['user_type'] == USER_FOUNDER)
0220 {
0221 trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0222 }
0223
0224 if ($user_id == $user->data['user_id'])
0225 {
0226 trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0227 }
0228
0229 if ($delete_type)
0230 {
0231 if (confirm_box(true))
0232 {
0233 user_delete($delete_type, $user_id, $user_row['username']);
0234
0235 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username']));
0236 trigger_error($user->lang['USER_DELETED'] . adm_back_link(
0237 (empty($redirect)) ? $this->u_action : $redirect_url
0238 )
0239 );
0240 }
0241 else
0242 {
0243 $delete_confirm_hidden_fields = array(
0244 'u' => $user_id,
0245 'i' => $id,
0246 'mode' => $mode,
0247 'action' => $action,
0248 'update' => true,
0249 'delete' => 1,
0250 'delete_type' => $delete_type,
0251 );
0252
0253 // Checks if the redirection page is specified
0254 if (!empty($redirect))
0255 {
0256 $delete_confirm_hidden_fields['redirect'] = $redirect;
0257 }
0258
0259 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields));
0260 }
0261 }
0262 else
0263 {
0264 trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0265 }
0266 }
0267
0268 // Handle quicktool actions
0269 switch ($action)
0270 {
0271 case 'banuser':
0272 case 'banemail':
0273 case 'banip':
0274
0275 if ($user_id == $user->data['user_id'])
0276 {
0277 trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0278 }
0279
0280 if ($user_id == ANONYMOUS)
0281 {
0282 trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0283 }
0284
0285 if ($user_row['user_type'] == USER_FOUNDER)
0286 {
0287 trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0288 }
0289
0290 if (!check_form_key($form_name))
0291 {
0292 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0293 }
0294
0295 $ban = array();
0296
0297 switch ($action)
0298 {
0299 case 'banuser':
0300 $ban[] = $user_row['username'];
0301 $reason = 'USER_ADMIN_BAN_NAME_REASON';
0302 break;
0303
0304 case 'banemail':
0305 $ban[] = $user_row['user_email'];
0306 $reason = 'USER_ADMIN_BAN_EMAIL_REASON';
0307 break;
0308
0309 case 'banip':
0310 $ban[] = $user_row['user_ip'];
0311
0312 $sql = 'SELECT DISTINCT poster_ip
0313 FROM ' . POSTS_TABLE . "
0314 WHERE poster_id = $user_id";
0315 $result = $db->sql_query($sql);
0316
0317 while ($row = $db->sql_fetchrow($result))
0318 {
0319 $ban[] = $row['poster_ip'];
0320 }
0321 $db->sql_freeresult($result);
0322
0323 $reason = 'USER_ADMIN_BAN_IP_REASON';
0324 break;
0325 }
0326
0327 $ban_reason = $request->variable('ban_reason', $user->lang[$reason], true);
0328 $ban_give_reason = $request->variable('ban_give_reason', '', true);
0329
0330 // Log not used at the moment, we simply utilize the ban function.
0331 $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
0332
0333 trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id));
0334
0335 break;
0336
0337 case 'reactivate':
0338
0339 if ($user_id == $user->data['user_id'])
0340 {
0341 trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0342 }
0343
0344 if (!check_form_key($form_name))
0345 {
0346 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0347 }
0348
0349 if ($user_row['user_type'] == USER_FOUNDER)
0350 {
0351 trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0352 }
0353
0354 if ($user_row['user_type'] == USER_IGNORE)
0355 {
0356 trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0357 }
0358
0359 if ($config['email_enable'])
0360 {
0361 if (!class_exists('messenger'))
0362 {
0363 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
0364 }
0365
0366 $server_url = generate_board_url();
0367
0368 $user_actkey = gen_rand_string(mt_rand(6, 10));
0369 $email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';
0370
0371 if ($user_row['user_type'] == USER_NORMAL)
0372 {
0373 user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
0374 }
0375 else
0376 {
0377 // Grabbing the last confirm key - we only send a reminder
0378 $sql = 'SELECT user_actkey
0379 FROM ' . USERS_TABLE . '
0380 WHERE user_id = ' . $user_id;
0381 $result = $db->sql_query($sql);
0382 $user_activation_key = (string) $db->sql_fetchfield('user_actkey');
0383 $db->sql_freeresult($result);
0384
0385 $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
0386 }
0387
0388 // Always update actkey even if same and also update actkey expiration to 24 hours from now
0389 $sql_ary = [
0390 'user_actkey' => $user_actkey,
0391 'user_actkey_expiration' => $user::get_token_expiration(),
0392 ];
0393
0394 $sql = 'UPDATE ' . USERS_TABLE . '
0395 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
0396 WHERE user_id = ' . (int) $user_id;
0397 $db->sql_query($sql);
0398
0399 // Start sending email
0400 $messenger = new messenger(false);
0401
0402 $messenger->template($email_template, $user_row['user_lang']);
0403
0404 $messenger->set_addresses($user_row);
0405
0406 $messenger->anti_abuse_headers($config, $user);
0407
0408 $messenger->assign_vars(array(
0409 'WELCOME_MSG' => html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
0410 'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT),
0411 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
0412 );
0413
0414 $messenger->send(NOTIFY_EMAIL);
0415
0416 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username']));
0417 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array(
0418 'reportee_id' => $user_id
0419 ));
0420
0421 trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id));
0422 }
0423
0424 break;
0425
0426 case 'active':
0427
0428 if ($user_id == $user->data['user_id'])
0429 {
0430 // It is only deactivation since the user is already activated (else he would not have reached this page)
0431 trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0432 }
0433
0434 if (!check_form_key($form_name))
0435 {
0436 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0437 }
0438
0439 if ($user_row['user_type'] == USER_FOUNDER)
0440 {
0441 trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0442 }
0443
0444 if ($user_row['user_type'] == USER_IGNORE)
0445 {
0446 trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0447 }
0448
0449 user_active_flip('flip', $user_id);
0450
0451 if ($user_row['user_type'] == USER_INACTIVE)
0452 {
0453 if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
0454 {
0455 /* @var $phpbb_notifications \phpbb\notification\manager */
0456 $phpbb_notifications = $phpbb_container->get('notification_manager');
0457 $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
0458
0459 if (!class_exists('messenger'))
0460 {
0461 include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
0462 }
0463
0464 $messenger = new messenger(false);
0465
0466 $messenger->template('admin_welcome_activated', $user_row['user_lang']);
0467
0468 $messenger->set_addresses($user_row);
0469
0470 $messenger->anti_abuse_headers($config, $user);
0471
0472 $messenger->assign_vars(array(
0473 'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT))
0474 );
0475
0476 $messenger->send(NOTIFY_EMAIL);
0477 }
0478 }
0479
0480 $message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
0481 $log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';
0482
0483 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username']));
0484 $phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array(
0485 'reportee_id' => $user_id
0486 ));
0487
0488 trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id));
0489
0490 break;
0491
0492 case 'delsig':
0493
0494 if (!check_form_key($form_name))
0495 {
0496 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0497 }
0498
0499 $sql_ary = array(
0500 'user_sig' => '',
0501 'user_sig_bbcode_uid' => '',
0502 'user_sig_bbcode_bitfield' => ''
0503 );
0504
0505 $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
0506 WHERE user_id = $user_id";
0507 $db->sql_query($sql);
0508
0509 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username']));
0510 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array(
0511 'reportee_id' => $user_id
0512 ));
0513
0514 trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0515
0516 break;
0517
0518 case 'delavatar':
0519
0520 if (!check_form_key($form_name))
0521 {
0522 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0523 }
0524
0525 // Delete old avatar if present
0526 /* @var $phpbb_avatar_manager \phpbb\avatar\manager */
0527 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
0528 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_');
0529
0530 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username']));
0531 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array(
0532 'reportee_id' => $user_id
0533 ));
0534
0535 trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0536 break;
0537
0538 case 'delposts':
0539
0540 if (confirm_box(true))
0541 {
0542 // Delete posts, attachments, etc.
0543 delete_posts('poster_id', $user_id);
0544
0545 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username']));
0546 trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0547 }
0548 else
0549 {
0550 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
0551 'u' => $user_id,
0552 'i' => $id,
0553 'mode' => $mode,
0554 'action' => $action,
0555 'update' => true))
0556 );
0557 }
0558
0559 break;
0560
0561 case 'delattach':
0562
0563 if (confirm_box(true))
0564 {
0565 /** @var \phpbb\attachment\manager $attachment_manager */
0566 $attachment_manager = $phpbb_container->get('attachment.manager');
0567 $attachment_manager->delete('user', $user_id);
0568 unset($attachment_manager);
0569
0570 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username']));
0571 trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0572 }
0573 else
0574 {
0575 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
0576 'u' => $user_id,
0577 'i' => $id,
0578 'mode' => $mode,
0579 'action' => $action,
0580 'update' => true))
0581 );
0582 }
0583
0584 break;
0585
0586 case 'deloutbox':
0587
0588 if (confirm_box(true))
0589 {
0590 $msg_ids = array();
0591 $lang = 'EMPTY';
0592
0593 $sql = 'SELECT msg_id
0594 FROM ' . PRIVMSGS_TO_TABLE . "
0595 WHERE author_id = $user_id
0596 AND folder_id = " . PRIVMSGS_OUTBOX;
0597 $result = $db->sql_query($sql);
0598
0599 if ($row = $db->sql_fetchrow($result))
0600 {
0601 if (!function_exists('delete_pm'))
0602 {
0603 include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
0604 }
0605
0606 do
0607 {
0608 $msg_ids[] = (int) $row['msg_id'];
0609 }
0610 while ($row = $db->sql_fetchrow($result));
0611
0612 $db->sql_freeresult($result);
0613
0614 delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX);
0615
0616 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username']));
0617
0618 $lang = 'EMPTIED';
0619 }
0620 $db->sql_freeresult($result);
0621
0622 trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id));
0623 }
0624 else
0625 {
0626 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
0627 'u' => $user_id,
0628 'i' => $id,
0629 'mode' => $mode,
0630 'action' => $action,
0631 'update' => true))
0632 );
0633 }
0634 break;
0635
0636 case 'moveposts':
0637
0638 if (!check_form_key($form_name))
0639 {
0640 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0641 }
0642
0643 $user->add_lang('acp/forums');
0644
0645 $new_forum_id = $request->variable('new_f', 0);
0646
0647 if (!$new_forum_id)
0648 {
0649 $this->page_title = 'USER_ADMIN_MOVE_POSTS';
0650
0651 $template->assign_vars(array(
0652 'S_SELECT_FORUM' => true,
0653 'U_ACTION' => $this->u_action . "&action=$action&u=$user_id",
0654 'U_BACK' => $this->u_action . "&u=$user_id",
0655 'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true))
0656 );
0657
0658 return;
0659 }
0660
0661 // Is the new forum postable to?
0662 $sql = 'SELECT forum_name, forum_type
0663 FROM ' . FORUMS_TABLE . "
0664 WHERE forum_id = $new_forum_id";
0665 $result = $db->sql_query($sql);
0666 $forum_info = $db->sql_fetchrow($result);
0667 $db->sql_freeresult($result);
0668
0669 if (!$forum_info)
0670 {
0671 trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0672 }
0673
0674 if ($forum_info['forum_type'] != FORUM_POST)
0675 {
0676 trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0677 }
0678
0679 // Two stage?
0680 // Move topics comprising only posts from this user
0681 $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array();
0682 $forum_id_ary = array($new_forum_id);
0683
0684 $sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts
0685 FROM ' . POSTS_TABLE . "
0686 WHERE poster_id = $user_id
0687 AND forum_id <> $new_forum_id
0688 GROUP BY topic_id, post_visibility";
0689 $result = $db->sql_query($sql);
0690
0691 while ($row = $db->sql_fetchrow($result))
0692 {
0693 $topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts'];
0694 }
0695 $db->sql_freeresult($result);
0696
0697 if (count($topic_id_ary))
0698 {
0699 $sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment
0700 FROM ' . TOPICS_TABLE . '
0701 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
0702 $result = $db->sql_query($sql);
0703
0704 while ($row = $db->sql_fetchrow($result))
0705 {
0706 if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved']
0707 && $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved']
0708 && $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved']
0709 && $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted'])
0710 {
0711 $move_topic_ary[] = $row['topic_id'];
0712 }
0713 else
0714 {
0715 $move_post_ary[$row['topic_id']]['title'] = $row['topic_title'];
0716 $move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0;
0717 }
0718
0719 $forum_id_ary[] = $row['forum_id'];
0720 }
0721 $db->sql_freeresult($result);
0722 }
0723
0724 // Entire topic comprises posts by this user, move these topics
0725 if (count($move_topic_ary))
0726 {
0727 move_topics($move_topic_ary, $new_forum_id, false);
0728 }
0729
0730 if (count($move_post_ary))
0731 {
0732 // Create new topic
0733 // Update post_ids, report_ids, attachment_ids
0734 foreach ($move_post_ary as $topic_id => $post_ary)
0735 {
0736 // Create new topic
0737 $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
0738 'topic_poster' => $user_id,
0739 'topic_time' => time(),
0740 'forum_id' => $new_forum_id,
0741 'icon_id' => 0,
0742 'topic_visibility' => ITEM_APPROVED,
0743 'topic_title' => $post_ary['title'],
0744 'topic_first_poster_name' => $user_row['username'],
0745 'topic_type' => POST_NORMAL,
0746 'topic_time_limit' => 0,
0747 'topic_attachment' => $post_ary['attach'])
0748 );
0749 $db->sql_query($sql);
0750
0751 $new_topic_id = $db->sql_nextid();
0752
0753 // Move posts
0754 $sql = 'UPDATE ' . POSTS_TABLE . "
0755 SET forum_id = $new_forum_id, topic_id = $new_topic_id
0756 WHERE topic_id = $topic_id
0757 AND poster_id = $user_id";
0758 $db->sql_query($sql);
0759
0760 if ($post_ary['attach'])
0761 {
0762 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
0763 SET topic_id = $new_topic_id
0764 WHERE topic_id = $topic_id
0765 AND poster_id = $user_id";
0766 $db->sql_query($sql);
0767 }
0768
0769 $new_topic_id_ary[] = $new_topic_id;
0770 }
0771 }
0772
0773 $forum_id_ary = array_unique($forum_id_ary);
0774 $topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
0775
0776 if (count($topic_id_ary))
0777 {
0778 sync('topic_reported', 'topic_id', $topic_id_ary);
0779 sync('topic', 'topic_id', $topic_id_ary);
0780 }
0781
0782 if (count($forum_id_ary))
0783 {
0784 sync('forum', 'forum_id', $forum_id_ary, false, true);
0785 }
0786
0787 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name']));
0788 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array(
0789 'reportee_id' => $user_id,
0790 $forum_info['forum_name']
0791 ));
0792
0793 trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
0794
0795 break;
0796
0797 case 'leave_nr':
0798
0799 if (confirm_box(true))
0800 {
0801 remove_newly_registered($user_id, $user_row);
0802
0803 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username']));
0804 trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id));
0805 }
0806 else
0807 {
0808 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
0809 'u' => $user_id,
0810 'i' => $id,
0811 'mode' => $mode,
0812 'action' => $action,
0813 'update' => true))
0814 );
0815 }
0816
0817 break;
0818
0819 default:
0820 $u_action = $this->u_action;
0821
0822 /**
0823 * Run custom quicktool code
0824 *
0825 * @event core.acp_users_overview_run_quicktool
0826 * @var string action Quick tool that should be run
0827 * @var array user_row Current user data
0828 * @var string u_action The u_action link
0829 * @var int user_id User id of the user to manage
0830 * @since 3.1.0-a1
0831 * @changed 3.2.2-RC1 Added u_action
0832 * @changed 3.2.10-RC1 Added user_id
0833 */
0834 $vars = array('action', 'user_row', 'u_action', 'user_id');
0835 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));
0836
0837 unset($u_action);
0838 break;
0839 }
0840
0841 // Handle registration info updates
0842 $data = array(
0843 'username' => $request->variable('user', $user_row['username'], true),
0844 'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
0845 'email' => strtolower($request->variable('user_email', $user_row['user_email'])),
0846 'new_password' => $request->variable('new_password', '', true),
0847 'password_confirm' => $request->variable('password_confirm', '', true),
0848 );
0849
0850 // Validation data - we do not check the password complexity setting here
0851 $check_ary = array(
0852 'new_password' => array(
0853 array('string', true, $config['min_pass_chars'], 0),
0854 array('password')),
0855 'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
0856 );
0857
0858 // Check username if altered
0859 if ($data['username'] != $user_row['username'])
0860 {
0861 $check_ary += array(
0862 'username' => array(
0863 array('string', false, $config['min_name_chars'], $config['max_name_chars']),
0864 array('username', $user_row['username'], true)
0865 ),
0866 );
0867 }
0868
0869 // Check email if altered
0870 if ($data['email'] != $user_row['user_email'])
0871 {
0872 $check_ary += array(
0873 'email' => array(
0874 array('string', false, 6, 60),
0875 array('user_email', $user_row['user_email']),
0876 ),
0877 );
0878 }
0879
0880 $error = validate_data($data, $check_ary);
0881
0882 if ($data['new_password'] && $data['password_confirm'] != $data['new_password'])
0883 {
0884 $error[] = 'NEW_PASSWORD_ERROR';
0885 }
0886
0887 if (!check_form_key($form_name))
0888 {
0889 $error[] = 'FORM_INVALID';
0890 }
0891
0892 // Instantiate passwords manager
0893 /* @var $passwords_manager \phpbb\passwords\manager */
0894 $passwords_manager = $phpbb_container->get('passwords.manager');
0895
0896 // Which updates do we need to do?
0897 $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
0898 $update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']);
0899 $update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
0900
0901 if (!count($error))
0902 {
0903 $sql_ary = array();
0904
0905 if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER)
0906 {
0907 // Only allow founders updating the founder status...
0908 if ($user->data['user_type'] == USER_FOUNDER)
0909 {
0910 // Setting a normal member to be a founder
0911 if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
0912 {
0913 // Make sure the user is not setting an Inactive or ignored user to be a founder
0914 if ($user_row['user_type'] == USER_IGNORE)
0915 {
0916 trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0917 }
0918
0919 if ($user_row['user_type'] == USER_INACTIVE)
0920 {
0921 trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0922 }
0923
0924 $sql_ary['user_type'] = USER_FOUNDER;
0925 }
0926 else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
0927 {
0928 // Check if at least one founder is present
0929 $sql = 'SELECT user_id
0930 FROM ' . USERS_TABLE . '
0931 WHERE user_type = ' . USER_FOUNDER . '
0932 AND user_id <> ' . $user_id;
0933 $result = $db->sql_query_limit($sql, 1);
0934 $row = $db->sql_fetchrow($result);
0935 $db->sql_freeresult($result);
0936
0937 if ($row)
0938 {
0939 $sql_ary['user_type'] = USER_NORMAL;
0940 }
0941 else
0942 {
0943 trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
0944 }
0945 }
0946 }
0947 }
0948
0949 /**
0950 * Modify user data before we update it
0951 *
0952 * @event core.acp_users_overview_modify_data
0953 * @var array user_row Current user data
0954 * @var array data Submitted user data
0955 * @var array sql_ary User data we udpate
0956 * @since 3.1.0-a1
0957 */
0958 $vars = array('user_row', 'data', 'sql_ary');
0959 extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars)));
0960
0961 if ($update_username !== false)
0962 {
0963 $sql_ary['username'] = $update_username;
0964 $sql_ary['username_clean'] = utf8_clean_string($update_username);
0965
0966 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
0967 'reportee_id' => $user_id,
0968 $user_row['username'],
0969 $update_username
0970 ));
0971 }
0972
0973 if ($update_email !== false)
0974 {
0975 $sql_ary += ['user_email' => $update_email];
0976
0977 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
0978 'reportee_id' => $user_id,
0979 $user_row['username'],
0980 $user_row['user_email'],
0981 $update_email
0982 ));
0983 }
0984
0985 if ($update_password)
0986 {
0987 $sql_ary += array(
0988 'user_password' => $passwords_manager->hash($data['new_password']),
0989 'user_passchg' => time(),
0990 );
0991
0992 $user->reset_login_keys($user_id);
0993
0994 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
0995 'reportee_id' => $user_id,
0996 $user_row['username']
0997 ));
0998 }
0999
1000 if (count($sql_ary))
1001 {
1002 $sql = 'UPDATE ' . USERS_TABLE . '
1003 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1004 WHERE user_id = ' . $user_id;
1005 $db->sql_query($sql);
1006 }
1007
1008 if ($update_username)
1009 {
1010 user_update_name($user_row['username'], $update_username);
1011 }
1012
1013 // Let the users permissions being updated
1014 $auth->acl_clear_prefetch($user_id);
1015
1016 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username']));
1017
1018 trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1019 }
1020
1021 // Replace "error" strings with their real, localised form
1022 $error = array_map(array($user, 'lang'), $error);
1023 }
1024
1025 if ($user_id == $user->data['user_id'])
1026 {
1027 $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1028 if ($user_row['user_new'])
1029 {
1030 $quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1031 }
1032 }
1033 else
1034 {
1035 $quick_tool_ary = array();
1036
1037 if ($user_row['user_type'] != USER_FOUNDER)
1038 {
1039 $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP');
1040 }
1041
1042 if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE)
1043 {
1044 $quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
1045 }
1046
1047 $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1048
1049 if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE))
1050 {
1051 $quick_tool_ary['reactivate'] = 'FORCE';
1052 }
1053
1054 if ($user_row['user_new'])
1055 {
1056 $quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1057 }
1058 }
1059
1060 if ($config['load_onlinetrack'])
1061 {
1062 $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
1063 FROM ' . SESSIONS_TABLE . "
1064 WHERE session_user_id = $user_id";
1065 $result = $db->sql_query($sql);
1066 $row = $db->sql_fetchrow($result);
1067 $db->sql_freeresult($result);
1068
1069 $user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;
1070 $user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
1071 unset($row);
1072 }
1073
1074 /**
1075 * Add additional quick tool options and overwrite user data
1076 *
1077 * @event core.acp_users_display_overview
1078 * @var array user_row Array with user data
1079 * @var array quick_tool_ary Ouick tool options
1080 * @since 3.1.0-a1
1081 */
1082 $vars = array('user_row', 'quick_tool_ary');
1083 extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars)));
1084
1085 $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
1086 foreach ($quick_tool_ary as $value => $lang)
1087 {
1088 $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
1089 }
1090
1091 $last_active = $user_row['user_last_active'] ?: ($user_row['session_time'] ?? 0);
1092
1093 $inactive_reason = '';
1094 if ($user_row['user_type'] == USER_INACTIVE)
1095 {
1096 $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
1097
1098 switch ($user_row['user_inactive_reason'])
1099 {
1100 case INACTIVE_REGISTER:
1101 $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
1102 break;
1103
1104 case INACTIVE_PROFILE:
1105 $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];
1106 break;
1107
1108 case INACTIVE_MANUAL:
1109 $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];
1110 break;
1111
1112 case INACTIVE_REMIND:
1113 $inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];
1114 break;
1115 }
1116 }
1117
1118 // Posts in Queue
1119 $sql = 'SELECT COUNT(post_id) as posts_in_queue
1120 FROM ' . POSTS_TABLE . '
1121 WHERE poster_id = ' . $user_id . '
1122 AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
1123 $result = $db->sql_query($sql);
1124 $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
1125 $db->sql_freeresult($result);
1126
1127 $sql = 'SELECT post_id
1128 FROM ' . POSTS_TABLE . '
1129 WHERE poster_id = '. $user_id;
1130 $result = $db->sql_query_limit($sql, 1);
1131 $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
1132 $db->sql_freeresult($result);
1133
1134 $template->assign_vars(array(
1135 'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
1136 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
1137 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
1138 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
1139
1140 'S_OVERVIEW' => true,
1141 'S_USER_IP' => ($user_row['user_ip']) ? true : false,
1142 'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false,
1143 'S_ACTION_OPTIONS' => $s_action_options,
1144 'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false,
1145 'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false,
1146
1147 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
1148 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
1149 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
1150 'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
1151
1152 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
1153
1154 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
1155 'USER' => $user_row['username'],
1156 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']),
1157 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
1158 'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ',
1159 'USER_EMAIL' => $user_row['user_email'],
1160 'USER_WARNINGS' => $user_row['user_warnings'],
1161 'USER_POSTS' => $user_row['user_posts'],
1162 'USER_HAS_POSTS' => $user_row['user_has_posts'],
1163 'USER_INACTIVE_REASON' => $inactive_reason,
1164 ));
1165
1166 break;
1167
1168 case 'feedback':
1169
1170 $user->add_lang('mcp');
1171
1172 // Set up general vars
1173 $start = $request->variable('start', 0);
1174 $deletemark = (isset($_POST['delmarked'])) ? true : false;
1175 $deleteall = (isset($_POST['delall'])) ? true : false;
1176 $marked = $request->variable('mark', array(0));
1177 $message = $request->variable('message', '', true);
1178
1179 /* @var $pagination \phpbb\pagination */
1180 $pagination = $phpbb_container->get('pagination');
1181
1182 // Sort keys
1183 $sort_days = $request->variable('st', 0);
1184 $sort_key = $request->variable('sk', 't');
1185 $sort_dir = $request->variable('sd', 'd');
1186
1187 // Delete entries if requested and able
1188 if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
1189 {
1190 if (!check_form_key($form_name))
1191 {
1192 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1193 }
1194
1195 $where_sql = '';
1196 if ($deletemark && $marked)
1197 {
1198 $sql_in = array();
1199 foreach ($marked as $mark)
1200 {
1201 $sql_in[] = $mark;
1202 }
1203 $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
1204 unset($sql_in);
1205 }
1206
1207 if ($where_sql || $deleteall)
1208 {
1209 $sql = 'DELETE FROM ' . LOG_TABLE . '
1210 WHERE log_type = ' . LOG_USERS . "
1211 AND reportee_id = $user_id
1212 $where_sql";
1213 $db->sql_query($sql);
1214
1215 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username']));
1216 }
1217 }
1218
1219 if ($submit && $message)
1220 {
1221 if (!check_form_key($form_name))
1222 {
1223 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1224 }
1225
1226 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username']));
1227 $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
1228 'forum_id' => 0,
1229 'topic_id' => 0,
1230 $user_row['username']
1231 ));
1232 $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
1233 'reportee_id' => $user_id,
1234 $message
1235 ));
1236
1237 trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1238 }
1239
1240 // Sorting
1241 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1242 $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
1243 $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
1244
1245 $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1246 gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1247
1248 // Define where and sort sql for use in displaying logs
1249 $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0;
1250 $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
1251
1252 // Grab log data
1253 $log_data = array();
1254 $log_count = 0;
1255 $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
1256
1257 $base_url = $this->u_action . "&u=$user_id&$u_sort_param";
1258 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start);
1259
1260 $template->assign_vars(array(
1261 'S_FEEDBACK' => true,
1262
1263 'S_LIMIT_DAYS' => $s_limit_days,
1264 'S_SORT_KEY' => $s_sort_key,
1265 'S_SORT_DIR' => $s_sort_dir,
1266 'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))
1267 );
1268
1269 foreach ($log_data as $row)
1270 {
1271 $template->assign_block_vars('log', array(
1272 'USERNAME' => $row['username_full'],
1273 'IP' => $row['ip'],
1274 'DATE' => $user->format_date($row['time']),
1275 'ACTION' => nl2br($row['action']),
1276 'ID' => $row['id'])
1277 );
1278 }
1279
1280 break;
1281
1282 case 'warnings':
1283 $user->add_lang('mcp');
1284
1285 // Set up general vars
1286 $deletemark = (isset($_POST['delmarked'])) ? true : false;
1287 $deleteall = (isset($_POST['delall'])) ? true : false;
1288 $confirm = (isset($_POST['confirm'])) ? true : false;
1289 $marked = $request->variable('mark', array(0));
1290
1291 // Delete entries if requested and able
1292 if ($deletemark || $deleteall || $confirm)
1293 {
1294 if (confirm_box(true))
1295 {
1296 $where_sql = '';
1297 $deletemark = $request->variable('delmarked', 0);
1298 $deleteall = $request->variable('delall', 0);
1299 if ($deletemark && $marked)
1300 {
1301 $where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
1302 }
1303
1304 if ($where_sql || $deleteall)
1305 {
1306 $sql = 'DELETE FROM ' . WARNINGS_TABLE . "
1307 WHERE user_id = $user_id
1308 $where_sql";
1309 $db->sql_query($sql);
1310
1311 if ($deleteall)
1312 {
1313 $log_warnings = $deleted_warnings = 0;
1314 }
1315 else
1316 {
1317 $num_warnings = (int) $db->sql_affectedrows();
1318 $deleted_warnings = ' user_warnings - ' . $num_warnings;
1319 $log_warnings = ($num_warnings > 2) ? 2 : $num_warnings;
1320 }
1321
1322 $sql = 'UPDATE ' . USERS_TABLE . "
1323 SET user_warnings = $deleted_warnings
1324 WHERE user_id = $user_id";
1325 $db->sql_query($sql);
1326
1327 if ($log_warnings)
1328 {
1329 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings));
1330 }
1331 else
1332 {
1333 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username']));
1334 }
1335 }
1336 }
1337 else
1338 {
1339 $s_hidden_fields = array(
1340 'i' => $id,
1341 'mode' => $mode,
1342 'u' => $user_id,
1343 'mark' => $marked,
1344 );
1345 if (isset($_POST['delmarked']))
1346 {
1347 $s_hidden_fields['delmarked'] = 1;
1348 }
1349 if (isset($_POST['delall']))
1350 {
1351 $s_hidden_fields['delall'] = 1;
1352 }
1353 if (isset($_POST['delall']) || (isset($_POST['delmarked']) && count($marked)))
1354 {
1355 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
1356 }
1357 }
1358 }
1359
1360 $sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour
1361 FROM ' . WARNINGS_TABLE . ' w
1362 LEFT JOIN ' . LOG_TABLE . ' l
1363 ON (w.log_id = l.log_id)
1364 LEFT JOIN ' . USERS_TABLE . ' m
1365 ON (l.user_id = m.user_id)
1366 WHERE w.user_id = ' . $user_id . '
1367 ORDER BY w.warning_time DESC';
1368 $result = $db->sql_query($sql);
1369
1370 while ($row = $db->sql_fetchrow($result))
1371 {
1372 if (!$row['log_operation'])
1373 {
1374 // We do not have a log-entry anymore, so there is no data available
1375 $row['action'] = $user->lang['USER_WARNING_LOG_DELETED'];
1376 }
1377 else
1378 {
1379 $row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}';
1380 if (!empty($row['log_data']))
1381 {
1382 $log_data_ary = @unserialize($row['log_data']);
1383 $log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary;
1384
1385 if (isset($user->lang[$row['log_operation']]))
1386 {
1387 // Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
1388 // It doesn't matter if we add more arguments than placeholders
1389 if ((substr_count($row['action'], '%') - count($log_data_ary)) > 0)
1390 {
1391 $log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - count($log_data_ary), ''));
1392 }
1393 $row['action'] = vsprintf($row['action'], $log_data_ary);
1394 $row['action'] = bbcode_nl2br(censor_text($row['action']));
1395 }
1396 else if (!empty($log_data_ary))
1397 {
1398 $row['action'] .= '<br />' . implode('', $log_data_ary);
1399 }
1400 }
1401 }
1402
1403 $template->assign_block_vars('warn', array(
1404 'ID' => $row['warning_id'],
1405 'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-',
1406 'ACTION' => make_clickable($row['action']),
1407 'DATE' => $user->format_date($row['warning_time']),
1408 ));
1409 }
1410 $db->sql_freeresult($result);
1411
1412 $template->assign_vars(array(
1413 'S_WARNINGS' => true,
1414 ));
1415
1416 break;
1417
1418 case 'profile':
1419
1420 if (!function_exists('user_get_id_name'))
1421 {
1422 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1423 }
1424
1425 /* @var $cp \phpbb\profilefields\manager */
1426 $cp = $phpbb_container->get('profilefields.manager');
1427
1428 $cp_data = $cp_error = array();
1429
1430 $sql = 'SELECT lang_id
1431 FROM ' . LANG_TABLE . "
1432 WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
1433 $result = $db->sql_query($sql);
1434 $row = $db->sql_fetchrow($result);
1435 $db->sql_freeresult($result);
1436
1437 $user_row['iso_lang_id'] = $row['lang_id'];
1438
1439 $data = array(
1440 'jabber' => $request->variable('jabber', $user_row['user_jabber'], true),
1441 'bday_day' => 0,
1442 'bday_month' => 0,
1443 'bday_year' => 0,
1444 );
1445
1446 if ($user_row['user_birthday'])
1447 {
1448 list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
1449 }
1450
1451 $data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
1452 $data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
1453 $data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
1454 $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
1455
1456 /**
1457 * Modify user data on editing profile in ACP
1458 *
1459 * @event core.acp_users_modify_profile
1460 * @var array data Array with user profile data
1461 * @var bool submit Flag indicating if submit button has been pressed
1462 * @var int user_id The user id
1463 * @var array user_row Array with the full user data
1464 * @since 3.1.4-RC1
1465 */
1466 $vars = array('data', 'submit', 'user_id', 'user_row');
1467 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars)));
1468
1469 if ($submit)
1470 {
1471 $error = validate_data($data, array(
1472 'jabber' => array(
1473 array('string', true, 5, 255),
1474 array('jabber')),
1475 'bday_day' => array('num', true, 1, 31),
1476 'bday_month' => array('num', true, 1, 12),
1477 'bday_year' => array('num', true, 1901, gmdate('Y', time())),
1478 'user_birthday' => array('date', true),
1479 ));
1480
1481 // validate custom profile fields
1482 $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error);
1483
1484 if (count($cp_error))
1485 {
1486 $error = array_merge($error, $cp_error);
1487 }
1488 if (!check_form_key($form_name))
1489 {
1490 $error[] = 'FORM_INVALID';
1491 }
1492
1493 /**
1494 * Validate profile data in ACP before submitting to the database
1495 *
1496 * @event core.acp_users_profile_validate
1497 * @var array data Array with user profile data
1498 * @var int user_id The user id
1499 * @var array user_row Array with the full user data
1500 * @var array error Array with the form errors
1501 * @since 3.1.4-RC1
1502 * @changed 3.1.12-RC1 Removed submit, added user_id, user_row
1503 */
1504 $vars = array('data', 'user_id', 'user_row', 'error');
1505 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars)));
1506
1507 if (!count($error))
1508 {
1509 $sql_ary = array(
1510 'user_jabber' => $data['jabber'],
1511 'user_birthday' => $data['user_birthday'],
1512 );
1513
1514 /**
1515 * Modify profile data in ACP before submitting to the database
1516 *
1517 * @event core.acp_users_profile_modify_sql_ary
1518 * @var array cp_data Array with the user custom profile fields data
1519 * @var array data Array with user profile data
1520 * @var int user_id The user id
1521 * @var array user_row Array with the full user data
1522 * @var array sql_ary Array with sql data
1523 * @since 3.1.4-RC1
1524 */
1525 $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary');
1526 extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars)));
1527
1528 $sql = 'UPDATE ' . USERS_TABLE . '
1529 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1530 WHERE user_id = $user_id";
1531 $db->sql_query($sql);
1532
1533 // Update Custom Fields
1534 $cp->update_profile_field_data($user_id, $cp_data);
1535
1536 trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1537 }
1538
1539 // Replace "error" strings with their real, localised form
1540 $error = array_map(array($user, 'lang'), $error);
1541 }
1542
1543 $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
1544 for ($i = 1; $i < 32; $i++)
1545 {
1546 $selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
1547 $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
1548 }
1549
1550 $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
1551 for ($i = 1; $i < 13; $i++)
1552 {
1553 $selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
1554 $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
1555 }
1556
1557 $now = getdate();
1558 $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
1559 for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
1560 {
1561 $selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
1562 $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
1563 }
1564 unset($now);
1565
1566 $template->assign_vars(array(
1567 'JABBER' => $data['jabber'],
1568 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
1569 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
1570 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
1571
1572 'S_PROFILE' => true)
1573 );
1574
1575 // Get additional profile fields and assign them to the template block var 'profile_fields'
1576 $user->get_profile_fields($user_id);
1577
1578 $cp->generate_profile_fields('profile', $user_row['iso_lang_id']);
1579
1580 break;
1581
1582 case 'prefs':
1583
1584 if (!function_exists('user_get_id_name'))
1585 {
1586 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1587 }
1588
1589 $data = array(
1590 'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true),
1591 'lang' => basename($request->variable('lang', $user_row['user_lang'])),
1592 'tz' => $request->variable('tz', $user_row['user_timezone']),
1593 'style' => $request->variable('style', $user_row['user_style']),
1594 'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']),
1595 'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']),
1596 'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']),
1597 'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']),
1598 'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']),
1599 'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']),
1600
1601 'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'),
1602 'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'),
1603 'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0),
1604
1605 'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'),
1606 'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'),
1607 'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0),
1608
1609 'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')),
1610 'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')),
1611 'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')),
1612 'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')),
1613 'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')),
1614 'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')),
1615
1616 'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')),
1617 'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')),
1618 'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')),
1619 'notify' => $request->variable('notify', $user_row['user_notify']),
1620 );
1621
1622 /**
1623 * Modify users preferences data
1624 *
1625 * @event core.acp_users_prefs_modify_data
1626 * @var array data Array with users preferences data
1627 * @var array user_row Array with user data
1628 * @since 3.1.0-b3
1629 */
1630 $vars = array('data', 'user_row');
1631 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars)));
1632
1633 if ($submit)
1634 {
1635 $error = validate_data($data, array(
1636 'dateformat' => array('string', false, 1, 64),
1637 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
1638 'tz' => array('timezone'),
1639
1640 'topic_sk' => array('string', false, 1, 1),
1641 'topic_sd' => array('string', false, 1, 1),
1642 'post_sk' => array('string', false, 1, 1),
1643 'post_sd' => array('string', false, 1, 1),
1644 ));
1645
1646 if (!check_form_key($form_name))
1647 {
1648 $error[] = 'FORM_INVALID';
1649 }
1650
1651 if (!count($error))
1652 {
1653 $this->optionset($user_row, 'viewimg', $data['view_images']);
1654 $this->optionset($user_row, 'viewflash', $data['view_flash']);
1655 $this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
1656 $this->optionset($user_row, 'viewsigs', $data['view_sigs']);
1657 $this->optionset($user_row, 'viewavatars', $data['view_avatars']);
1658 $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']);
1659 $this->optionset($user_row, 'bbcode', $data['bbcode']);
1660 $this->optionset($user_row, 'smilies', $data['smilies']);
1661 $this->optionset($user_row, 'attachsig', $data['sig']);
1662
1663 $sql_ary = array(
1664 'user_options' => $user_row['user_options'],
1665
1666 'user_allow_pm' => $data['allowpm'],
1667 'user_allow_viewemail' => $data['viewemail'],
1668 'user_allow_massemail' => $data['massemail'],
1669 'user_allow_viewonline' => !$data['hideonline'],
1670 'user_notify_type' => $data['notifymethod'],
1671 'user_notify_pm' => $data['notifypm'],
1672
1673 'user_dateformat' => $data['dateformat'],
1674 'user_lang' => $data['lang'],
1675 'user_timezone' => $data['tz'],
1676 'user_style' => $data['style'],
1677
1678 'user_topic_sortby_type' => $data['topic_sk'],
1679 'user_post_sortby_type' => $data['post_sk'],
1680 'user_topic_sortby_dir' => $data['topic_sd'],
1681 'user_post_sortby_dir' => $data['post_sd'],
1682
1683 'user_topic_show_days' => $data['topic_st'],
1684 'user_post_show_days' => $data['post_st'],
1685
1686 'user_notify' => $data['notify'],
1687 );
1688
1689 /**
1690 * Modify SQL query before users preferences are updated
1691 *
1692 * @event core.acp_users_prefs_modify_sql
1693 * @var array data Array with users preferences data
1694 * @var array user_row Array with user data
1695 * @var array sql_ary SQL array with users preferences data to update
1696 * @var array error Array with errors data
1697 * @since 3.1.0-b3
1698 */
1699 $vars = array('data', 'user_row', 'sql_ary', 'error');
1700 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars)));
1701
1702 if (!count($error))
1703 {
1704 $sql = 'UPDATE ' . USERS_TABLE . '
1705 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1706 WHERE user_id = $user_id";
1707 $db->sql_query($sql);
1708
1709 // Check if user has an active session
1710 if ($user_row['session_id'])
1711 {
1712 // We'll update the session if user_allow_viewonline has changed and the user is a bot
1713 // Or if it's a regular user and the admin set it to hide the session
1714 if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
1715 || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
1716 {
1717 // We also need to check if the user has the permission to cloak.
1718 $user_auth = new \phpbb\auth\auth();
1719 $user_auth->acl($user_row);
1720
1721 $session_sql_ary = array(
1722 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
1723 );
1724
1725 $sql = 'UPDATE ' . SESSIONS_TABLE . '
1726 SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
1727 WHERE session_user_id = $user_id";
1728 $db->sql_query($sql);
1729
1730 unset($user_auth);
1731 }
1732 }
1733
1734 trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1735 }
1736 }
1737
1738 // Replace "error" strings with their real, localised form
1739 $error = array_map(array($user, 'lang'), $error);
1740 }
1741
1742 $dateformat_options = '';
1743 foreach ($user->lang['dateformats'] as $format => $null)
1744 {
1745 $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>';
1746 $dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : '');
1747 $dateformat_options .= '</option>';
1748 }
1749
1750 $s_custom = false;
1751
1752 $dateformat_options .= '<option value="custom"';
1753 if (!isset($user->lang['dateformats'][$data['dateformat']]))
1754 {
1755 $dateformat_options .= ' selected="selected"';
1756 $s_custom = true;
1757 }
1758 $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
1759
1760 $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
1761
1762 // Topic ordering options
1763 $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1764 $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
1765
1766 // Post ordering options
1767 $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1768 $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
1769
1770 $_options = array('topic', 'post');
1771 foreach ($_options as $sort_option)
1772 {
1773 ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
1774 foreach (${'limit_' . $sort_option . '_days'} as $day => $text)
1775 {
1776 $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : '';
1777 ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
1778 }
1779 ${'s_limit_' . $sort_option . '_days'} .= '</select>';
1780
1781 ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
1782 foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text)
1783 {
1784 $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : '';
1785 ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
1786 }
1787 ${'s_sort_' . $sort_option . '_key'} .= '</select>';
1788
1789 ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
1790 foreach ($sort_dir_text as $key => $value)
1791 {
1792 $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : '';
1793 ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1794 }
1795 ${'s_sort_' . $sort_option . '_dir'} .= '</select>';
1796 }
1797
1798 phpbb_timezone_select($template, $user, $data['tz'], true);
1799 $user_prefs_data = array(
1800 'S_PREFS' => true,
1801 'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
1802
1803 'VIEW_EMAIL' => $data['viewemail'],
1804 'MASS_EMAIL' => $data['massemail'],
1805 'ALLOW_PM' => $data['allowpm'],
1806 'HIDE_ONLINE' => $data['hideonline'],
1807 'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false,
1808 'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false,
1809 'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
1810 'NOTIFY_PM' => $data['notifypm'],
1811 'BBCODE' => $data['bbcode'],
1812 'SMILIES' => $data['smilies'],
1813 'ATTACH_SIG' => $data['sig'],
1814 'NOTIFY' => $data['notify'],
1815 'VIEW_IMAGES' => $data['view_images'],
1816 'VIEW_FLASH' => $data['view_flash'],
1817 'VIEW_SMILIES' => $data['view_smilies'],
1818 'VIEW_SIGS' => $data['view_sigs'],
1819 'VIEW_AVATARS' => $data['view_avatars'],
1820 'VIEW_WORDCENSOR' => $data['view_wordcensor'],
1821
1822 'S_TOPIC_SORT_DAYS' => $s_limit_topic_days,
1823 'S_TOPIC_SORT_KEY' => $s_sort_topic_key,
1824 'S_TOPIC_SORT_DIR' => $s_sort_topic_dir,
1825 'S_POST_SORT_DAYS' => $s_limit_post_days,
1826 'S_POST_SORT_KEY' => $s_sort_post_key,
1827 'S_POST_SORT_DIR' => $s_sort_post_dir,
1828
1829 'DATE_FORMAT' => $data['dateformat'],
1830 'S_DATEFORMAT_OPTIONS' => $dateformat_options,
1831 'S_CUSTOM_DATEFORMAT' => $s_custom,
1832 'DEFAULT_DATEFORMAT' => $config['default_dateformat'],
1833 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']),
1834
1835 'S_LANG_OPTIONS' => language_select($data['lang']),
1836 'S_STYLE_OPTIONS' => style_select($data['style']),
1837 );
1838
1839 /**
1840 * Modify users preferences data before assigning it to the template
1841 *
1842 * @event core.acp_users_prefs_modify_template_data
1843 * @var array data Array with users preferences data
1844 * @var array user_row Array with user data
1845 * @var array user_prefs_data Array with users preferences data to be assigned to the template
1846 * @since 3.1.0-b3
1847 */
1848 $vars = array('data', 'user_row', 'user_prefs_data');
1849 extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars)));
1850
1851 $template->assign_vars($user_prefs_data);
1852
1853 break;
1854
1855 case 'avatar':
1856
1857 $avatars_enabled = false;
1858 /** @var \phpbb\avatar\manager $phpbb_avatar_manager */
1859 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
1860
1861 if ($config['allow_avatar'])
1862 {
1863 $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
1864
1865 // This is normalised data, without the user_ prefix
1866 $avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user');
1867
1868 if ($submit)
1869 {
1870 if (check_form_key($form_name))
1871 {
1872 $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
1873
1874 if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
1875 {
1876 $driver = $phpbb_avatar_manager->get_driver($driver_name);
1877 $result = $driver->process_form($request, $template, $user, $avatar_data, $error);
1878
1879 if ($result && empty($error))
1880 {
1881 // Success! Lets save the result in the database
1882 $result = array(
1883 'user_avatar_type' => $driver_name,
1884 'user_avatar' => $result['avatar'],
1885 'user_avatar_width' => $result['avatar_width'],
1886 'user_avatar_height' => $result['avatar_height'],
1887 );
1888
1889 /**
1890 * Modify users preferences data before assigning it to the template
1891 *
1892 * @event core.acp_users_avatar_sql
1893 * @var array user_row Array with user data
1894 * @var array result Array with user avatar data to be updated in the DB
1895 * @since 3.2.4-RC1
1896 */
1897 $vars = array('user_row', 'result');
1898 extract($phpbb_dispatcher->trigger_event('core.acp_users_avatar_sql', compact($vars)));
1899
1900 $sql = 'UPDATE ' . USERS_TABLE . '
1901 SET ' . $db->sql_build_array('UPDATE', $result) . '
1902 WHERE user_id = ' . (int) $user_id;
1903
1904 $db->sql_query($sql);
1905 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1906 }
1907 }
1908 }
1909 else
1910 {
1911 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1912 }
1913 }
1914
1915 // Handle deletion of avatars
1916 if ($request->is_set_post('avatar_delete'))
1917 {
1918 if (!confirm_box(true))
1919 {
1920 confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
1921 'avatar_delete' => true))
1922 );
1923 }
1924 else
1925 {
1926 $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
1927
1928 trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1929 }
1930 }
1931
1932 $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
1933
1934 // Assign min and max values before generating avatar driver html
1935 $template->assign_vars(array(
1936 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
1937 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
1938 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
1939 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
1940 ));
1941
1942 foreach ($avatar_drivers as $current_driver)
1943 {
1944 $driver = $phpbb_avatar_manager->get_driver($current_driver);
1945
1946 $avatars_enabled = true;
1947 $template->set_filenames(array(
1948 'avatar' => $driver->get_acp_template_name(),
1949 ));
1950
1951 if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
1952 {
1953 $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
1954 $driver_upper = strtoupper($driver_name);
1955
1956 $template->assign_block_vars('avatar_drivers', array(
1957 'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
1958 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
1959
1960 'DRIVER' => $driver_name,
1961 'SELECTED' => $current_driver == $selected_driver,
1962 'OUTPUT' => $template->assign_display('avatar'),
1963 ));
1964 }
1965 }
1966 }
1967
1968 // Avatar manager is not initialized if avatars are disabled
1969 if (isset($phpbb_avatar_manager))
1970 {
1971 // Replace "error" strings with their real, localised form
1972 $error = $phpbb_avatar_manager->localize_errors($user, $error);
1973 }
1974
1975 $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true);
1976
1977 $template->assign_vars(array(
1978 'S_AVATAR' => true,
1979 'ERROR' => (!empty($error)) ? implode('<br />', $error) : '',
1980 'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
1981
1982 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
1983
1984 'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
1985
1986 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
1987 ));
1988
1989 break;
1990
1991 case 'rank':
1992
1993 if ($submit)
1994 {
1995 if (!check_form_key($form_name))
1996 {
1997 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1998 }
1999
2000 $rank_id = $request->variable('user_rank', 0);
2001
2002 $sql = 'UPDATE ' . USERS_TABLE . "
2003 SET user_rank = $rank_id
2004 WHERE user_id = $user_id";
2005 $db->sql_query($sql);
2006
2007 trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2008 }
2009
2010 $sql = 'SELECT *
2011 FROM ' . RANKS_TABLE . '
2012 WHERE rank_special = 1
2013 ORDER BY rank_title';
2014 $result = $db->sql_query($sql);
2015
2016 $s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>';
2017
2018 while ($row = $db->sql_fetchrow($result))
2019 {
2020 $selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : '';
2021 $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
2022 }
2023 $db->sql_freeresult($result);
2024
2025 $template->assign_vars(array(
2026 'S_RANK' => true,
2027 'S_RANK_OPTIONS' => $s_rank_options)
2028 );
2029
2030 break;
2031
2032 case 'sig':
2033
2034 if (!function_exists('display_custom_bbcodes'))
2035 {
2036 include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
2037 }
2038
2039 $enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false;
2040 $enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false;
2041 $enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false;
2042
2043 $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
2044
2045 $decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags);
2046 $signature = $request->variable('signature', $decoded_message['text'], true);
2047 $signature_preview = '';
2048
2049 if ($submit || $request->is_set_post('preview'))
2050 {
2051 $enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
2052 $enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
2053 $enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
2054
2055 if (!check_form_key($form_name))
2056 {
2057 $error[] = 'FORM_INVALID';
2058 }
2059 }
2060
2061 $bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
2062 $warn_msg = generate_text_for_storage(
2063 $signature,
2064 $bbcode_uid,
2065 $bbcode_bitfield,
2066 $bbcode_flags,
2067 $enable_bbcode,
2068 $enable_urls,
2069 $enable_smilies,
2070 $config['allow_sig_img'],
2071 $config['allow_sig_flash'],
2072 true,
2073 $config['allow_sig_links'],
2074 'sig'
2075 );
2076
2077 if (count($warn_msg))
2078 {
2079 $error += $warn_msg;
2080 }
2081
2082 if (!$submit)
2083 {
2084 // Parse it for displaying
2085 $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
2086 }
2087 else
2088 {
2089 if (!count($error))
2090 {
2091 $this->optionset($user_row, 'sig_bbcode', $enable_bbcode);
2092 $this->optionset($user_row, 'sig_smilies', $enable_smilies);
2093 $this->optionset($user_row, 'sig_links', $enable_urls);
2094
2095 $sql_ary = array(
2096 'user_sig' => $signature,
2097 'user_options' => $user_row['user_options'],
2098 'user_sig_bbcode_uid' => $bbcode_uid,
2099 'user_sig_bbcode_bitfield' => $bbcode_bitfield,
2100 );
2101
2102 /**
2103 * Modify user signature before it is stored in the DB
2104 *
2105 * @event core.acp_users_modify_signature_sql_ary
2106 * @var array user_row Array with user data
2107 * @var array sql_ary Array with user signature data to be updated in the DB
2108 * @since 3.2.4-RC1
2109 */
2110 $vars = array('user_row', 'sql_ary');
2111 extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_signature_sql_ary', compact($vars)));
2112
2113 $sql = 'UPDATE ' . USERS_TABLE . '
2114 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2115 WHERE user_id = ' . $user_id;
2116 $db->sql_query($sql);
2117
2118 trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2119 }
2120 }
2121
2122 // Replace "error" strings with their real, localised form
2123 $error = array_map(array($user, 'lang'), $error);
2124
2125 if ($request->is_set_post('preview'))
2126 {
2127 $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
2128 }
2129
2130 /** @var \phpbb\controller\helper $controller_helper */
2131 $controller_helper = $phpbb_container->get('controller.helper');
2132
2133 $template->assign_vars(array(
2134 'S_SIGNATURE' => true,
2135
2136 'SIGNATURE' => $decoded_message['text'],
2137 'SIGNATURE_PREVIEW' => $signature_preview,
2138
2139 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
2140 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
2141 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
2142
2143 'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
2144 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
2145 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
2146 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
2147 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
2148
2149 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
2150
2151 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
2152 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
2153 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
2154 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
2155 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
2156 );
2157
2158 // Assigning custom bbcodes
2159 display_custom_bbcodes();
2160
2161 break;
2162
2163 case 'attach':
2164 /* @var $pagination \phpbb\pagination */
2165 $pagination = $phpbb_container->get('pagination');
2166
2167 $start = $request->variable('start', 0);
2168 $deletemark = (isset($_POST['delmarked'])) ? true : false;
2169 $marked = $request->variable('mark', array(0));
2170
2171 // Sort keys
2172 $sort_key = $request->variable('sk', 'a');
2173 $sort_dir = $request->variable('sd', 'd');
2174
2175 if ($deletemark && count($marked))
2176 {
2177 $sql = 'SELECT attach_id
2178 FROM ' . ATTACHMENTS_TABLE . '
2179 WHERE poster_id = ' . $user_id . '
2180 AND is_orphan = 0
2181 AND ' . $db->sql_in_set('attach_id', $marked);
2182 $result = $db->sql_query($sql);
2183
2184 $marked = array();
2185 while ($row = $db->sql_fetchrow($result))
2186 {
2187 $marked[] = $row['attach_id'];
2188 }
2189 $db->sql_freeresult($result);
2190 }
2191
2192 if ($deletemark && count($marked))
2193 {
2194 if (confirm_box(true))
2195 {
2196 $sql = 'SELECT real_filename
2197 FROM ' . ATTACHMENTS_TABLE . '
2198 WHERE ' . $db->sql_in_set('attach_id', $marked);
2199 $result = $db->sql_query($sql);
2200
2201 $log_attachments = array();
2202 while ($row = $db->sql_fetchrow($result))
2203 {
2204 $log_attachments[] = $row['real_filename'];
2205 }
2206 $db->sql_freeresult($result);
2207
2208 /** @var \phpbb\attachment\manager $attachment_manager */
2209 $attachment_manager = $phpbb_container->get('attachment.manager');
2210 $attachment_manager->delete('attach', $marked);
2211 unset($attachment_manager);
2212
2213 $message = (count($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
2214
2215 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments)));
2216 trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id));
2217 }
2218 else
2219 {
2220 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2221 'u' => $user_id,
2222 'i' => $id,
2223 'mode' => $mode,
2224 'action' => $action,
2225 'delmarked' => true,
2226 'mark' => $marked))
2227 );
2228 }
2229 }
2230
2231 $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
2232 $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
2233
2234 $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
2235
2236 $s_sort_key = '';
2237 foreach ($sk_text as $key => $value)
2238 {
2239 $selected = ($sort_key == $key) ? ' selected="selected"' : '';
2240 $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2241 }
2242
2243 $s_sort_dir = '';
2244 foreach ($sd_text as $key => $value)
2245 {
2246 $selected = ($sort_dir == $key) ? ' selected="selected"' : '';
2247 $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2248 }
2249
2250 if (!isset($sk_sql[$sort_key]))
2251 {
2252 $sort_key = 'a';
2253 }
2254
2255 $order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
2256
2257 $sql = 'SELECT COUNT(attach_id) as num_attachments
2258 FROM ' . ATTACHMENTS_TABLE . "
2259 WHERE poster_id = $user_id
2260 AND is_orphan = 0";
2261 $result = $db->sql_query_limit($sql, 1);
2262 $num_attachments = (int) $db->sql_fetchfield('num_attachments');
2263 $db->sql_freeresult($result);
2264
2265 $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
2266 FROM ' . ATTACHMENTS_TABLE . ' a
2267 LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id
2268 AND a.in_message = 0)
2269 LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id
2270 AND a.in_message = 1)
2271 WHERE a.poster_id = ' . $user_id . "
2272 AND a.is_orphan = 0
2273 ORDER BY $order_by";
2274 $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
2275
2276 while ($row = $db->sql_fetchrow($result))
2277 {
2278 if ($row['in_message'])
2279 {
2280 $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}");
2281 }
2282 else
2283 {
2284 $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
2285 }
2286
2287 $template->assign_block_vars('attach', array(
2288 'REAL_FILENAME' => $row['real_filename'],
2289 'COMMENT' => nl2br($row['attach_comment']),
2290 'EXTENSION' => $row['extension'],
2291 'SIZE' => get_formatted_filesize($row['filesize']),
2292 'DOWNLOAD_COUNT' => $row['download_count'],
2293 'POST_TIME' => $user->format_date($row['filetime']),
2294 'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
2295
2296 'ATTACH_ID' => $row['attach_id'],
2297 'POST_ID' => $row['post_msg_id'],
2298 'TOPIC_ID' => $row['topic_id'],
2299
2300 'S_IN_MESSAGE' => $row['in_message'],
2301
2302 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']),
2303 'U_VIEW_TOPIC' => $view_topic)
2304 );
2305 }
2306 $db->sql_freeresult($result);
2307
2308 $base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir";
2309 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
2310
2311 $template->assign_vars(array(
2312 'S_ATTACHMENTS' => true,
2313 'S_SORT_KEY' => $s_sort_key,
2314 'S_SORT_DIR' => $s_sort_dir,
2315 ));
2316
2317 break;
2318
2319 case 'groups':
2320
2321 if (!function_exists('group_user_attributes'))
2322 {
2323 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2324 }
2325
2326 $user->add_lang(array('groups', 'acp/groups'));
2327 $group_id = $request->variable('g', 0);
2328
2329 if ($group_id)
2330 {
2331 // Check the founder only entry for this group to make sure everything is well
2332 $sql = 'SELECT group_founder_manage
2333 FROM ' . GROUPS_TABLE . '
2334 WHERE group_id = ' . $group_id;
2335 $result = $db->sql_query($sql);
2336 $founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
2337 $db->sql_freeresult($result);
2338
2339 if ($user->data['user_type'] != USER_FOUNDER && $founder_manage)
2340 {
2341 trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2342 }
2343 }
2344
2345 switch ($action)
2346 {
2347 case 'demote':
2348 case 'promote':
2349 case 'default':
2350 if (!$group_id)
2351 {
2352 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2353 }
2354
2355 if (!check_link_hash($request->variable('hash', ''), 'acp_users'))
2356 {
2357 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
2358 }
2359
2360 group_user_attributes($action, $group_id, $user_id);
2361
2362 if ($action == 'default')
2363 {
2364 $user_row['group_id'] = $group_id;
2365 }
2366 break;
2367
2368 case 'delete':
2369
2370 if (confirm_box(true))
2371 {
2372 if (!$group_id)
2373 {
2374 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2375 }
2376
2377 if ($error = group_user_del($group_id, $user_id))
2378 {
2379 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2380 }
2381
2382 $error = array();
2383
2384 // The delete action was successful - therefore update the user row...
2385 $sql = 'SELECT u.*, s.*
2386 FROM ' . USERS_TABLE . ' u
2387 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
2388 WHERE u.user_id = ' . $user_id . '
2389 ORDER BY s.session_time DESC';
2390 $result = $db->sql_query_limit($sql, 1);
2391 $user_row = $db->sql_fetchrow($result);
2392 $db->sql_freeresult($result);
2393 }
2394 else
2395 {
2396 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2397 'u' => $user_id,
2398 'i' => $id,
2399 'mode' => $mode,
2400 'action' => $action,
2401 'g' => $group_id))
2402 );
2403 }
2404
2405 break;
2406
2407 case 'approve':
2408
2409 if (confirm_box(true))
2410 {
2411 if (!$group_id)
2412 {
2413 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2414 }
2415 group_user_attributes($action, $group_id, $user_id);
2416 }
2417 else
2418 {
2419 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2420 'u' => $user_id,
2421 'i' => $id,
2422 'mode' => $mode,
2423 'action' => $action,
2424 'g' => $group_id))
2425 );
2426 }
2427
2428 break;
2429 }
2430
2431 // Add user to group?
2432 if ($submit)
2433 {
2434
2435 if (!check_form_key($form_name))
2436 {
2437 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2438 }
2439
2440 if (!$group_id)
2441 {
2442 trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2443 }
2444
2445 // Add user/s to group
2446 if ($error = group_user_add($group_id, $user_id))
2447 {
2448 trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2449 }
2450
2451 $error = array();
2452 }
2453
2454 /** @var \phpbb\group\helper $group_helper */
2455 $group_helper = $phpbb_container->get('group_helper');
2456
2457 $sql = 'SELECT ug.*, g.*
2458 FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug
2459 WHERE ug.user_id = $user_id
2460 AND g.group_id = ug.group_id
2461 ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name";
2462 $result = $db->sql_query($sql);
2463
2464 $i = 0;
2465 $group_data = $id_ary = array();
2466 while ($row = $db->sql_fetchrow($result))
2467 {
2468 $type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal');
2469
2470 $group_data[$type][$i]['group_id'] = $row['group_id'];
2471 $group_data[$type][$i]['group_name'] = $row['group_name'];
2472 $group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0;
2473
2474 $id_ary[] = $row['group_id'];
2475
2476 $i++;
2477 }
2478 $db->sql_freeresult($result);
2479
2480 // Select box for other groups
2481 $sql = 'SELECT group_id, group_name, group_type, group_founder_manage
2482 FROM ' . GROUPS_TABLE . '
2483 ' . ((count($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
2484 ORDER BY group_type DESC, group_name ASC';
2485 $result = $db->sql_query($sql);
2486
2487 $s_group_options = '';
2488 while ($row = $db->sql_fetchrow($result))
2489 {
2490 if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA')
2491 {
2492 continue;
2493 }
2494
2495 // Do not display those groups not allowed to be managed
2496 if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage'])
2497 {
2498 continue;
2499 }
2500
2501 $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>';
2502 }
2503 $db->sql_freeresult($result);
2504
2505 $current_type = '';
2506 foreach ($group_data as $group_type => $data_ary)
2507 {
2508 if ($current_type != $group_type)
2509 {
2510 $template->assign_block_vars('group', array(
2511 'S_NEW_GROUP_TYPE' => true,
2512 'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)])
2513 );
2514 }
2515
2516 foreach ($data_ary as $data)
2517 {
2518 $template->assign_block_vars('group', array(
2519 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
2520 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2521 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2522 'U_DELETE' => count($id_ary) > 1 ? $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'] : '',
2523 'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
2524
2525 'GROUP_NAME' => $group_helper->get_name($data['group_name']),
2526 'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],
2527
2528 'S_IS_MEMBER' => ($group_type != 'pending') ? true : false,
2529 'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false,
2530 'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false,
2531 )
2532 );
2533 }
2534 }
2535
2536 $template->assign_vars(array(
2537 'S_GROUPS' => true,
2538 'S_GROUP_OPTIONS' => $s_group_options)
2539 );
2540
2541 break;
2542
2543 case 'perm':
2544
2545 if (!class_exists('auth_admin'))
2546 {
2547 include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
2548 }
2549
2550 $auth_admin = new auth_admin();
2551
2552 $user->add_lang('acp/permissions');
2553 add_permission_language();
2554
2555 $forum_id = $request->variable('f', 0);
2556
2557 // Global Permissions
2558 if (!$forum_id)
2559 {
2560 // Select auth options
2561 $sql = 'SELECT auth_option, is_local, is_global
2562 FROM ' . ACL_OPTIONS_TABLE . '
2563 WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . '
2564 AND is_global = 1
2565 ORDER BY auth_option';
2566 $result = $db->sql_query($sql);
2567
2568 $hold_ary = array();
2569
2570 while ($row = $db->sql_fetchrow($result))
2571 {
2572 $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
2573 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
2574 }
2575 $db->sql_freeresult($result);
2576
2577 unset($hold_ary);
2578 }
2579 else
2580 {
2581 $sql = 'SELECT auth_option, is_local, is_global
2582 FROM ' . ACL_OPTIONS_TABLE . "
2583 WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . "
2584 AND is_local = 1
2585 ORDER BY is_global DESC, auth_option";
2586 $result = $db->sql_query($sql);
2587
2588 while ($row = $db->sql_fetchrow($result))
2589 {
2590 $hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER);
2591 $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
2592 }
2593 $db->sql_freeresult($result);
2594 }
2595
2596 $s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>';
2597 $s_forum_options .= make_forum_select($forum_id, false, true, false, false, false);
2598
2599 $template->assign_vars(array(
2600 'S_PERMISSIONS' => true,
2601
2602 'S_GLOBAL' => (!$forum_id) ? true : false,
2603 'S_FORUM_OPTIONS' => $s_forum_options,
2604
2605 'U_ACTION' => $this->u_action . '&u=' . $user_id,
2606 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id),
2607 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id))
2608 );
2609
2610 break;
2611
2612 default:
2613 $u_action = $this->u_action;
2614
2615 /**
2616 * Additional modes provided by extensions
2617 *
2618 * @event core.acp_users_mode_add
2619 * @var string mode New mode
2620 * @var int user_id User id of the user to manage
2621 * @var array user_row Array with user data
2622 * @var array error Array with errors data
2623 * @var string u_action The u_action link
2624 * @since 3.2.2-RC1
2625 * @changed 3.2.10-RC1 Added u_action
2626 */
2627 $vars = array('mode', 'user_id', 'user_row', 'error', 'u_action');
2628 extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars)));
2629
2630 unset($u_action);
2631 break;
2632 }
2633
2634 // Assign general variables
2635 $template->assign_vars(array(
2636 'S_ERROR' => (count($error)) ? true : false,
2637 'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '')
2638 );
2639 }
2640
2641 /**
2642 * Set option bit field for user options in a user row array.
2643 *
2644 * Optionset replacement for this module based on $user->optionset.
2645 *
2646 * @param array $user_row Row from the users table.
2647 * @param int $key Option key, as defined in $user->keyoptions property.
2648 * @param bool $value True to set the option, false to clear the option.
2649 * @param int $data Current bit field value, or false to use $user_row['user_options']
2650 * @return int|bool If $data is false, the bit field is modified and
2651 * written back to $user_row['user_options'], and
2652 * return value is true if the bit field changed and
2653 * false otherwise. If $data is not false, the new
2654 * bitfield value is returned.
2655 */
2656 function optionset(&$user_row, $key, $value, $data = false)
2657 {
2658 global $user;
2659
2660 $var = ($data !== false) ? $data : $user_row['user_options'];
2661
2662 $new_var = phpbb_optionset($user->keyoptions[$key], $value, $var);
2663
2664 if ($data === false)
2665 {
2666 if ($new_var != $var)
2667 {
2668 $user_row['user_options'] = $new_var;
2669 return true;
2670 }
2671 else
2672 {
2673 return false;
2674 }
2675 }
2676 else
2677 {
2678 return $new_var;
2679 }
2680 }
2681
2682 /**
2683 * Get option bit field from user options in a user row array.
2684 *
2685 * Optionget replacement for this module based on $user->optionget.
2686 *
2687 * @param array $user_row Row from the users table.
2688 * @param int $key option key, as defined in $user->keyoptions property.
2689 * @param int $data bit field value to use, or false to use $user_row['user_options']
2690 * @return bool true if the option is set in the bit field, false otherwise
2691 */
2692 function optionget(&$user_row, $key, $data = false)
2693 {
2694 global $user;
2695
2696 $var = ($data !== false) ? $data : $user_row['user_options'];
2697 return phpbb_optionget($user->keyoptions[$key], $var);
2698 }
2699 }
2700