PageRenderTime 41ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 1ms

/forum/admin/admin_users.php

https://code.google.com/p/torrentpier/
PHP | 970 lines | 801 code | 119 blank | 50 comment | 167 complexity | f76c5f2ad3affcde90216b011639525d MD5 | raw file
Possible License(s): GPL-2.0
  1. <?php
  2. // ACP Header - START
  3. if (!empty($setmodules))
  4. {
  5. $module['Users']['Manage'] = basename(__FILE__);
  6. return;
  7. }
  8. require('./pagestart.php');
  9. // ACP Header - END
  10. require(INC_DIR .'bbcode.php');
  11. require(INC_DIR .'functions_post.php');
  12. require(INC_DIR .'functions_selects.php');
  13. require(INC_DIR .'functions_validate.php');
  14. require(INC_DIR .'functions_group.php');
  15. array_deep($_POST, 'trim');
  16. $html_entities_match = array('#<#', '#>#');
  17. $html_entities_replace = array('&lt;', '&gt;');
  18. $message = $error_msg = $username_sql = $signature_bbcode_uid = '';
  19. $group_moderator = $mark_list = array();
  20. $mode = isset($_REQUEST['mode']) ? $_REQUEST['mode'] : '';
  21. function return_msg_ua ($status_msg)
  22. {
  23. global $lang;
  24. $message = $status_msg;
  25. $message .= '<br /><br />';
  26. $message .= sprintf($lang['CLICK_RETURN_USERADMIN'], '<a href="'. append_sid("admin_users.php") .'">', '</a>');
  27. $message .= '<br /><br />';
  28. $message .= sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="'. append_sid("index.php?pane=right") .'">', '</a>');
  29. return $message;
  30. }
  31. //
  32. // Begin program
  33. //
  34. if ( $mode == 'edit' || $mode == 'save' && ( isset($_POST['username']) || isset($_GET[POST_USERS_URL]) || isset( $_POST[POST_USERS_URL]) ) )
  35. {
  36. attachment_quota_settings('user', @$_POST['submit'], $mode);
  37. //
  38. // Ok, the profile has been modified and submitted, let's update
  39. //
  40. if ( ( $mode == 'save' && isset( $_POST['submit'] ) ) || isset( $_POST['avatargallery'] ) || isset( $_POST['submitavatar'] ) || isset( $_POST['cancelavatar'] ) )
  41. {
  42. $user_id = (int) $_POST['id'];
  43. if (!$this_userdata = get_userdata($user_id))
  44. {
  45. message_die(GENERAL_MESSAGE, $lang['NO_USER_ID_SPECIFIED']);
  46. }
  47. if ($userdata['user_id'] != $user_id)
  48. {
  49. if (!empty($_POST['deleteuser']))
  50. {
  51. delete_user_sessions($user_id);
  52. user_delete($user_id, !empty($_POST['delete_user_posts']));
  53. if ($this_userdata['user_level'] == MOD)
  54. {
  55. $datastore->update('moderators');
  56. }
  57. message_die(GENERAL_MESSAGE, return_msg_ua($lang['USER_DELETED']));
  58. }
  59. else if (!empty($_POST['delete_user_posts']))
  60. {
  61. post_delete('user', $user_id);
  62. message_die(GENERAL_MESSAGE, return_msg_ua('User posts were deleted'));
  63. }
  64. }
  65. $username = ( !empty($_POST['username']) ) ? phpbb_clean_username($_POST['username']) : '';
  66. $email = ( !empty($_POST['email']) ) ? trim(strip_tags(htmlspecialchars( $_POST['email'] ) )) : '';
  67. $password = ( !empty($_POST['password']) ) ? trim(strip_tags(htmlspecialchars( $_POST['password'] ) )) : '';
  68. $password_confirm = ( !empty($_POST['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $_POST['password_confirm'] ) )) : '';
  69. $icq = ( !empty($_POST['icq']) ) ? trim(strip_tags( $_POST['icq'] ) ) : '';
  70. $website = ( !empty($_POST['website']) ) ? trim(strip_tags( $_POST['website'] ) ) : '';
  71. $location = ( !empty($_POST['location']) ) ? trim(strip_tags( $_POST['location'] ) ) : '';
  72. $occupation = ( !empty($_POST['occupation']) ) ? trim(strip_tags( $_POST['occupation'] ) ) : '';
  73. $interests = ( !empty($_POST['interests']) ) ? trim(strip_tags( $_POST['interests'] ) ) : '';
  74. $signature = ( !empty($_POST['signature']) ) ? trim(str_replace('<br />', "\n", $_POST['signature'] ) ) : '';
  75. validate_optional_fields($icq, $website, $location, $occupation, $interests, $signature);
  76. $allowviewonline = ( isset( $_POST['hideonline']) ) ? ( ( $_POST['hideonline'] ) ? 0 : TRUE ) : TRUE;
  77. $notifyreply = ( isset( $_POST['notifyreply']) ) ? ( ( $_POST['notifyreply'] ) ? TRUE : 0 ) : 0;
  78. $notifypm = ( isset( $_POST['notifypm']) ) ? ( ( $_POST['notifypm'] ) ? TRUE : 0 ) : TRUE;
  79. $viewemail = (int) !empty($_POST['viewemail']);
  80. $attachsig = (int) !empty($_POST['attachsig']);
  81. $user_lang = ( $_POST['language'] != $bb_cfg['board_lang'] ) ? $_POST['language'] : '';
  82. $user_timezone = ( isset($_POST['timezone']) ) ? str_replace(',', '.', doubleval($_POST['timezone'])) : $bb_cfg['board_timezone'];
  83. $user_flag = (@$_POST['user_flag'] && $_POST['user_flag'] != 'blank.gif') ? $_POST['user_flag'] : '';
  84. $user_template = ( @$_POST['template'] ) ? $_POST['template'] : @$bb_cfg['board_template'];
  85. $user_dateformat = (!empty($_POST['dateformat']) && $_POST['dateformat'] != $bb_cfg['board_dateformat']) ? $_POST['dateformat'] : '';
  86. $user_avatar_local = ( isset( $_POST['avatarselect'] ) && !empty($_POST['submitavatar'] ) && $bb_cfg['allow_avatar_local'] ) ? $_POST['avatarselect'] : ( ( isset( $_POST['avatarlocal'] ) ) ? $_POST['avatarlocal'] : '' );
  87. $user_avatar_category = ( isset($_POST['avatarcatname']) && $bb_cfg['allow_avatar_local'] ) ? htmlspecialchars($_POST['avatarcatname']) : '' ;
  88. $user_avatar_remoteurl = ( !empty($_POST['avatarremoteurl']) ) ? trim( $_POST['avatarremoteurl'] ) : '';
  89. $user_avatar_url = ( !empty($_POST['avatarurl']) ) ? trim( $_POST['avatarurl'] ) : '';
  90. $user_avatar_loc = ( @$_FILES['avatar']['tmp_name'] != "none") ? $_FILES['avatar']['tmp_name'] : '';
  91. $user_avatar_name = ( !empty($_FILES['avatar']['name']) ) ? $_FILES['avatar']['name'] : '';
  92. $user_avatar_size = ( !empty($_FILES['avatar']['size']) ) ? $_FILES['avatar']['size'] : 0;
  93. $user_avatar_filetype = ( !empty($_FILES['avatar']['type']) ) ? $_FILES['avatar']['type'] : '';
  94. $user_avatar = ( empty($user_avatar_loc) ) ? $this_userdata['user_avatar'] : '';
  95. $user_avatar_type = ( empty($user_avatar_loc) ) ? $this_userdata['user_avatar_type'] : '';
  96. $user_status = ( !empty($_POST['user_status']) ) ? intval( $_POST['user_status'] ) : 0;
  97. $user_allowpm = ( !empty($_POST['user_allowpm']) ) ? intval( $_POST['user_allowpm'] ) : 0;
  98. $user_rank = ( !empty($_POST['user_rank']) ) ? intval( $_POST['user_rank'] ) : 0;
  99. $user_allowavatar = ( !empty($_POST['user_allowavatar']) ) ? intval( $_POST['user_allowavatar'] ) : 0;
  100. if( isset( $_POST['avatargallery'] ) || isset( $_POST['submitavatar'] ) || isset( $_POST['cancelavatar'] ) )
  101. {
  102. $username = stripslashes($username);
  103. $email = stripslashes($email);
  104. $password = '';
  105. $password_confirm = '';
  106. $icq = stripslashes($icq);
  107. $website = htmlspecialchars(stripslashes($website));
  108. $location = htmlspecialchars(stripslashes($location));
  109. $occupation = htmlspecialchars(stripslashes($occupation));
  110. $interests = htmlspecialchars(stripslashes($interests));
  111. $signature = htmlspecialchars(stripslashes($signature));
  112. $user_lang = stripslashes($user_lang);
  113. $user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
  114. if ( !isset($_POST['cancelavatar']))
  115. {
  116. $user_avatar = $user_avatar_category . '/' . $user_avatar_local;
  117. $user_avatar_type = USER_AVATAR_GALLERY;
  118. }
  119. }
  120. }
  121. if( isset( $_POST['submit'] ) )
  122. {
  123. include(INC_DIR . 'ucp/usercp_avatar.php');
  124. $error = FALSE;
  125. if (stripslashes($username) != $this_userdata['username'])
  126. {
  127. unset($rename_user);
  128. if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) )
  129. {
  130. $result = validate_username($username);
  131. if ( $result['error'] )
  132. {
  133. $error = TRUE;
  134. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
  135. }
  136. else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) )
  137. {
  138. $error = TRUE;
  139. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['USERNAME_TAKEN'];
  140. }
  141. }
  142. if (!$error)
  143. {
  144. $username_sql = "username = '" . str_replace("\\'", "''", $username) . "', ";
  145. $rename_user = $username; // Used for renaming usergroup
  146. }
  147. }
  148. $passwd_sql = '';
  149. if( !empty($password) && !empty($password_confirm) )
  150. {
  151. //
  152. // Awww, the user wants to change their password, isn't that cute..
  153. //
  154. if($password != $password_confirm)
  155. {
  156. $error = TRUE;
  157. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PASSWORD_MISMATCH'];
  158. }
  159. else
  160. {
  161. $password = md5($password);
  162. $passwd_sql = "user_password = '$password', ";
  163. }
  164. }
  165. else if( $password && !$password_confirm )
  166. {
  167. $error = TRUE;
  168. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PASSWORD_MISMATCH'];
  169. }
  170. else if( !$password && $password_confirm )
  171. {
  172. $error = TRUE;
  173. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PASSWORD_MISMATCH'];
  174. }
  175. if ($signature != '')
  176. {
  177. $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature));
  178. $signature_bbcode_uid = ($bb_cfg['allow_bbcode']) ? make_bbcode_uid() : '';
  179. $signature = prepare_message($signature, $bb_cfg['allow_bbcode'], $bb_cfg['allow_smilies'], $signature_bbcode_uid);
  180. if ( strlen($sig_length_check) > $bb_cfg['max_sig_chars'] )
  181. {
  182. $error = TRUE;
  183. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['SIGNATURE_TOO_LONG'];
  184. }
  185. }
  186. //
  187. // Avatar stuff
  188. //
  189. $avatar_sql = "";
  190. if( isset($_POST['avatardel']) )
  191. {
  192. if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
  193. {
  194. if( @file_exists(@phpbb_realpath('./../' . $bb_cfg['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
  195. {
  196. @unlink('./../' . $bb_cfg['avatar_path'] . "/" . $this_userdata['user_avatar']);
  197. }
  198. }
  199. $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE;
  200. }
  201. else if( ( $user_avatar_loc != "" || !empty($user_avatar_url) ) && !$error )
  202. {
  203. //
  204. // Only allow one type of upload, either a
  205. // filename or a URL
  206. //
  207. if( !empty($user_avatar_loc) && !empty($user_avatar_url) )
  208. {
  209. $error = TRUE;
  210. if( isset($error_msg) )
  211. {
  212. $error_msg .= "<br />";
  213. }
  214. $error_msg .= $lang['ONLY_ONE_AVATAR'];
  215. }
  216. if( $user_avatar_loc != "" )
  217. {
  218. if( file_exists(@phpbb_realpath($user_avatar_loc)) && preg_match("/\.(gif|jpg|png)$/", $user_avatar_name) )
  219. {
  220. if( $user_avatar_size <= $bb_cfg['avatar_filesize'] && $user_avatar_size > 0)
  221. {
  222. $error_type = false;
  223. //
  224. // Opera appends the image name after the type, not big, not clever!
  225. //
  226. preg_match("'image\/[x\-]*([a-z]+)'", $user_avatar_filetype, $user_avatar_filetype);
  227. $user_avatar_filetype = $user_avatar_filetype[1];
  228. switch( $user_avatar_filetype )
  229. {
  230. case "jpeg":
  231. case "pjpeg":
  232. case "jpg":
  233. $imgtype = '.jpg';
  234. break;
  235. case "gif":
  236. $imgtype = '.gif';
  237. break;
  238. case "png":
  239. $imgtype = '.png';
  240. break;
  241. default:
  242. $error = true;
  243. $error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['AVATAR_FILETYPE'] : $lang['AVATAR_FILETYPE'];
  244. break;
  245. }
  246. if( !$error )
  247. {
  248. list($width, $height) = @getimagesize($user_avatar_loc);
  249. if( $width <= $bb_cfg['avatar_max_width'] && $height <= $bb_cfg['avatar_max_height'] )
  250. {
  251. $user_id = $this_userdata['user_id'];
  252. $avatar_filename = $user_id . $imgtype;
  253. if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
  254. {
  255. if( @file_exists(@phpbb_realpath("./../" . $bb_cfg['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
  256. {
  257. @unlink("./../" . $bb_cfg['avatar_path'] . "/". $this_userdata['user_avatar']);
  258. }
  259. }
  260. @copy($user_avatar_loc, "./../" . $bb_cfg['avatar_path'] . "/$avatar_filename");
  261. $avatar_sql = ", user_avatar = '$avatar_filename', user_avatar_type = " . USER_AVATAR_UPLOAD;
  262. }
  263. else
  264. {
  265. $l_avatar_size = sprintf($lang['AVATAR_IMAGESIZE'], $bb_cfg['avatar_max_width'], $bb_cfg['avatar_max_height']);
  266. $error = true;
  267. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
  268. }
  269. }
  270. }
  271. else
  272. {
  273. $l_avatar_size = sprintf($lang['AVATAR_FILESIZE'], round($bb_cfg['avatar_filesize'] / 1024));
  274. $error = true;
  275. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
  276. }
  277. }
  278. else
  279. {
  280. $error = true;
  281. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['AVATAR_FILETYPE'] : $lang['AVATAR_FILETYPE'];
  282. }
  283. }
  284. else if( !empty($user_avatar_url) )
  285. {
  286. //
  287. // First check what port we should connect
  288. // to, look for a :[xxxx]/ or, if that doesn't
  289. // exist assume port 80 (http)
  290. //
  291. preg_match("/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/", $user_avatar_url, $url_ary);
  292. if( !empty($url_ary[4]) )
  293. {
  294. $port = (!empty($url_ary[3])) ? $url_ary[3] : 80;
  295. $fsock = @fsockopen($url_ary[2], $port, $errno, $errstr);
  296. if( $fsock )
  297. {
  298. $base_get = "/" . $url_ary[4];
  299. //
  300. // Uses HTTP 1.1, could use HTTP 1.0 ...
  301. //
  302. @fputs($fsock, "GET $base_get HTTP/1.1\r\n");
  303. @fputs($fsock, "HOST: " . $url_ary[2] . "\r\n");
  304. @fputs($fsock, "Connection: close\r\n\r\n");
  305. $avatar_data = '';
  306. while( !@feof($fsock) )
  307. {
  308. $avatar_data .= @fread($fsock, $bb_cfg['avatar_filesize']);
  309. }
  310. @fclose($fsock);
  311. if( preg_match("/Content-Length\: ([0-9]+)[^\/ ][\s]+/i", $avatar_data, $file_data1) && preg_match("/Content-Type\: image\/[x\-]*([a-z]+)[\s]+/i", $avatar_data, $file_data2) )
  312. {
  313. $file_size = $file_data1[1];
  314. $file_type = $file_data2[1];
  315. switch( $file_type )
  316. {
  317. case "jpeg":
  318. case "pjpeg":
  319. case "jpg":
  320. $imgtype = '.jpg';
  321. break;
  322. case "gif":
  323. $imgtype = '.gif';
  324. break;
  325. case "png":
  326. $imgtype = '.png';
  327. break;
  328. default:
  329. $error = true;
  330. $error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['AVATAR_FILETYPE'] : $lang['AVATAR_FILETYPE'];
  331. break;
  332. }
  333. if( !$error && $file_size > 0 && $file_size < $bb_cfg['avatar_filesize'] )
  334. {
  335. $avatar_data = substr($avatar_data, strlen($avatar_data) - $file_size, $file_size);
  336. $tmp_filename = tempnam ("/tmp", $this_userdata['user_id'] . "-");
  337. $fptr = @fopen($tmp_filename, "wb");
  338. $bytes_written = @fwrite($fptr, $avatar_data, $file_size);
  339. @fclose($fptr);
  340. if( $bytes_written == $file_size )
  341. {
  342. list($width, $height) = @getimagesize($tmp_filename);
  343. if( $width <= $bb_cfg['avatar_max_width'] && $height <= $bb_cfg['avatar_max_height'] )
  344. {
  345. $user_id = $this_userdata['user_id'];
  346. $avatar_filename = $user_id . $imgtype;
  347. if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "")
  348. {
  349. if( file_exists(@phpbb_realpath("./../" . $bb_cfg['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
  350. {
  351. @unlink("./../" . $bb_cfg['avatar_path'] . "/" . $this_userdata['user_avatar']);
  352. }
  353. }
  354. @copy($tmp_filename, "./../" . $bb_cfg['avatar_path'] . "/$avatar_filename");
  355. @unlink($tmp_filename);
  356. $avatar_sql = ", user_avatar = '$avatar_filename', user_avatar_type = " . USER_AVATAR_UPLOAD;
  357. }
  358. else
  359. {
  360. $l_avatar_size = sprintf($lang['AVATAR_IMAGESIZE'], $bb_cfg['avatar_max_width'], $bb_cfg['avatar_max_height']);
  361. $error = true;
  362. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
  363. }
  364. }
  365. else
  366. {
  367. //
  368. // Error writing file
  369. //
  370. @unlink($tmp_filename);
  371. message_die(GENERAL_ERROR, "Could not write avatar file to local storage. Please contact the board administrator with this message", "", __LINE__, __FILE__);
  372. }
  373. }
  374. }
  375. else
  376. {
  377. //
  378. // No data
  379. //
  380. $error = true;
  381. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['FILE_NO_DATA'] : $lang['FILE_NO_DATA'];
  382. }
  383. }
  384. else
  385. {
  386. //
  387. // No connection
  388. //
  389. $error = true;
  390. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['NO_CONNECTION_URL'] : $lang['NO_CONNECTION_URL'];
  391. }
  392. }
  393. else
  394. {
  395. $error = true;
  396. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['INCOMPLETE_URL'] : $lang['INCOMPLETE_URL'];
  397. }
  398. }
  399. else if( !empty($user_avatar_name) )
  400. {
  401. $l_avatar_size = sprintf($lang['AVATAR_FILESIZE'], round($bb_cfg['avatar_filesize'] / 1024));
  402. $error = true;
  403. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
  404. }
  405. }
  406. else if( $user_avatar_remoteurl != "" && $avatar_sql == "" && !$error )
  407. {
  408. if( !preg_match("#^http:\/\/#i", $user_avatar_remoteurl) )
  409. {
  410. $user_avatar_remoteurl = "http://" . $user_avatar_remoteurl;
  411. }
  412. if( preg_match("#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+\/.*?\.(gif|jpg|png)$)#is", $user_avatar_remoteurl) )
  413. {
  414. $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", $user_avatar_remoteurl) . "', user_avatar_type = " . USER_AVATAR_REMOTE;
  415. }
  416. else
  417. {
  418. $error = true;
  419. $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['WRONG_REMOTE_AVATAR_FORMAT'] : $lang['WRONG_REMOTE_AVATAR_FORMAT'];
  420. }
  421. }
  422. else if( $user_avatar_local != "" && $avatar_sql == "" && !$error )
  423. {
  424. $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", phpbb_ltrim(basename($user_avatar_category), "'") . '/' . phpbb_ltrim(basename($user_avatar_local), "'")) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
  425. }
  426. //
  427. // Update entry in DB
  428. //
  429. if( !$error )
  430. {
  431. $update_user_opt = array(
  432. 'viewemail',
  433. 'attachsig',
  434. );
  435. $user_opt = $this_userdata['user_opt'];
  436. foreach ($update_user_opt as $opt)
  437. {
  438. setbit($user_opt, $bf['user_opt'][$opt], !empty($_POST[$opt]));
  439. }
  440. $sql = "UPDATE " . USERS_TABLE . "
  441. SET " . $username_sql . $passwd_sql . "
  442. user_email = '" . str_replace("\'", "''", $email) . "',
  443. user_icq = '" . str_replace("\'", "''", $icq) . "',
  444. user_website = '" . str_replace("\'", "''", $website) . "',
  445. user_occ = '" . str_replace("\'", "''", $occupation) . "',
  446. user_from = '" . str_replace("\'", "''", $location) . "',
  447. user_from_flag = '$user_flag',
  448. user_interests = '" . str_replace("\'", "''", $interests) . "',
  449. user_sig = '" . str_replace("\'", "''", $signature) . "',
  450. user_opt = $user_opt,
  451. user_allow_viewonline = $allowviewonline,
  452. user_notify = $notifyreply,
  453. user_notify_pm = $notifypm,
  454. user_sig_bbcode_uid = '$signature_bbcode_uid',
  455. user_allowavatar = $user_allowavatar,
  456. user_allow_pm = $user_allowpm,
  457. user_lang = '" . str_replace("\'", "''", $user_lang) . "',
  458. user_timezone = $user_timezone,
  459. user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "',
  460. user_active = $user_status,
  461. user_rank = $user_rank" . $avatar_sql . ",
  462. user_actkey = ''
  463. WHERE user_id = $user_id";
  464. if( $result = $db->sql_query($sql) )
  465. {
  466. // Delete user session, to prevent the user navigating the forum (if logged in) when disabled
  467. if (!$user_status)
  468. {
  469. delete_user_sessions($user_id);
  470. }
  471. $message .= $lang['ADMIN_USER_UPDATED'];
  472. }
  473. else
  474. {
  475. $error = TRUE;
  476. $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ADMIN_USER_FAIL'];
  477. }
  478. if ($this_userdata['user_level'] == MOD)
  479. {
  480. $datastore->update('moderators');
  481. }
  482. if ($this_userdata['user_active'] != $user_status)
  483. {
  484. $log_action_type = (!$user_status) ? 'adm_user_ban' : 'adm_user_unban';
  485. $log_action->admin($log_action_type, array(
  486. 'log_msg' => 'user: '. get_usernames_for_log($user_id),
  487. ));
  488. }
  489. $message .= '<br /><br />' . sprintf($lang['CLICK_RETURN_USERADMIN'], '<a href="' . append_sid("admin_users.php") . '">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="' . append_sid("index.php?pane=right") . '">', '</a>');
  490. message_die(GENERAL_MESSAGE, $message);
  491. }
  492. else
  493. {
  494. $template->assign_vars(array('ERROR_MESSAGE' => $error_msg));
  495. $username = htmlspecialchars(stripslashes($username));
  496. $email = stripslashes($email);
  497. $password = '';
  498. $password_confirm = '';
  499. $icq = stripslashes($icq);
  500. $website = htmlspecialchars(stripslashes($website));
  501. $location = htmlspecialchars(stripslashes($location));
  502. $occupation = htmlspecialchars(stripslashes($occupation));
  503. $interests = htmlspecialchars(stripslashes($interests));
  504. $signature = htmlspecialchars(stripslashes($signature));
  505. $user_lang = stripslashes($user_lang);
  506. $user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
  507. }
  508. }
  509. else if( !isset( $_POST['submit'] ) && $mode != 'save' && !isset( $_POST['avatargallery'] ) && !isset( $_POST['submitavatar'] ) && !isset( $_POST['cancelavatar'] ) )
  510. {
  511. if( isset( $_GET[POST_USERS_URL]) || isset( $_POST[POST_USERS_URL]) )
  512. {
  513. $user_id = ( isset( $_POST[POST_USERS_URL]) ) ? intval( $_POST[POST_USERS_URL]) : intval( $_GET[POST_USERS_URL]);
  514. $this_userdata = get_userdata($user_id);
  515. if( !$this_userdata )
  516. {
  517. message_die(GENERAL_MESSAGE, $lang['NO_USER_ID_SPECIFIED'] );
  518. }
  519. }
  520. else
  521. {
  522. $this_userdata = get_userdata($_POST['username'], true);
  523. if( !$this_userdata )
  524. {
  525. message_die(GENERAL_MESSAGE, $lang['NO_USER_ID_SPECIFIED'] );
  526. }
  527. }
  528. //
  529. // Now parse and display it as a template
  530. //
  531. $user_id = $this_userdata['user_id'];
  532. $username = $this_userdata['username'];
  533. $email = $this_userdata['user_email'];
  534. $password = '';
  535. $password_confirm = '';
  536. $icq = $this_userdata['user_icq'];
  537. $website = htmlspecialchars($this_userdata['user_website']);
  538. $location = htmlspecialchars($this_userdata['user_from']);
  539. $user_flag = htmlspecialchars($this_userdata['user_from_flag']);
  540. $occupation = htmlspecialchars($this_userdata['user_occ']);
  541. $interests = htmlspecialchars($this_userdata['user_interests']);
  542. $signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig'];
  543. $signature = preg_replace($html_entities_match, $html_entities_replace, $signature);
  544. $viewemail = bf($this_userdata['user_opt'], 'user_opt', 'viewemail');
  545. $notifypm = $this_userdata['user_notify_pm'];
  546. $notifyreply = $this_userdata['user_notify'];
  547. $attachsig = bf($this_userdata['user_opt'], 'user_opt', 'attachsig');
  548. $allowviewonline = $this_userdata['user_allow_viewonline'];
  549. $user_avatar = $this_userdata['user_avatar'];
  550. $user_avatar_type = $this_userdata['user_avatar_type'];
  551. $user_timezone = $this_userdata['user_timezone'];
  552. $user_lang = ($this_userdata['user_lang']) ? $this_userdata['user_lang'] : $bb_cfg['default_lang'];
  553. $user_dateformat = ($this_userdata['user_dateformat']) ? $this_userdata['user_dateformat'] : $bb_cfg['default_dateformat'];
  554. $user_status = $this_userdata['user_active'];
  555. $user_allowavatar = $this_userdata['user_allowavatar'];
  556. $user_allowpm = $this_userdata['user_allow_pm'];
  557. $bbcode_status = ($bb_cfg['allow_bbcode']) ? $lang['BBCODE_IS_ON'] : $lang['BBCODE_IS_OFF'];
  558. $smilies_status = ($bb_cfg['allow_smilies']) ? $lang['SMILIES_ARE_ON'] : $lang['SMILIES_ARE_OFF'];
  559. }
  560. if( isset($_POST['avatargallery']) && !$error )
  561. {
  562. if( !$error )
  563. {
  564. $user_id = intval($_POST['id']);
  565. $dir = @opendir("../" . $bb_cfg['avatar_gallery_path']);
  566. $avatar_images = array();
  567. while( $file = @readdir($dir) )
  568. {
  569. if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $bb_cfg['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $bb_cfg['avatar_gallery_path'] . "/" . $file)) )
  570. {
  571. $sub_dir = @opendir("../" . $bb_cfg['avatar_gallery_path'] . "/" . $file);
  572. $avatar_row_count = 0;
  573. $avatar_col_count = 0;
  574. while( $sub_file = @readdir($sub_dir) )
  575. {
  576. if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) )
  577. {
  578. $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file;
  579. $avatar_col_count++;
  580. if( $avatar_col_count == 5 )
  581. {
  582. $avatar_row_count++;
  583. $avatar_col_count = 0;
  584. }
  585. }
  586. }
  587. }
  588. }
  589. @closedir($dir);
  590. if( isset($_POST['avatarcategory']) )
  591. {
  592. $category = htmlspecialchars($_POST['avatarcategory']);
  593. }
  594. else
  595. {
  596. list($category, ) = each($avatar_images);
  597. }
  598. @reset($avatar_images);
  599. $s_categories = "";
  600. while( list($key) = each($avatar_images) )
  601. {
  602. $selected = ( $key == $category ) ? "selected=\"selected\"" : "";
  603. if( count($avatar_images[$key]) )
  604. {
  605. $s_categories .= '<option value="' . $key . '"' . $selected . '>' . ucfirst($key) . '</option>';
  606. }
  607. }
  608. $s_colspan = 0;
  609. for($i = 0; $i < count($avatar_images[$category]); $i++)
  610. {
  611. $template->assign_block_vars("avatar_row", array());
  612. $s_colspan = max($s_colspan, count($avatar_images[$category][$i]));
  613. for($j = 0; $j < count($avatar_images[$category][$i]); $j++)
  614. {
  615. $template->assign_block_vars("avatar_row.avatar_column", array(
  616. "AVATAR_IMAGE" => "../" . $bb_cfg['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j])
  617. );
  618. $template->assign_block_vars("avatar_row.avatar_option_column", array(
  619. "S_OPTIONS_AVATAR" => $avatar_images[$category][$i][$j])
  620. );
  621. }
  622. }
  623. $s_hidden_fields = '<input type="hidden" name="mode" value="edit" /><input type="hidden" name="avatarcatname" value="' . $category . '" />';
  624. $s_hidden_fields .= '<input type="hidden" name="id" value="' . $user_id . '" />';
  625. $s_hidden_fields .= '<input type="hidden" name="username" value="' . str_replace("\"", "&quot;", $username) . '" />';
  626. $s_hidden_fields .= '<input type="hidden" name="email" value="' . str_replace("\"", "&quot;", $email) . '" />';
  627. $s_hidden_fields .= '<input type="hidden" name="icq" value="' . str_replace("\"", "&quot;", $icq) . '" />';
  628. $s_hidden_fields .= '<input type="hidden" name="website" value="' . str_replace("\"", "&quot;", $website) . '" />';
  629. $s_hidden_fields .= '<input type="hidden" name="location" value="' . str_replace("\"", "&quot;", $location) . '" />';
  630. // FLAGHACK-start
  631. $s_hidden_fields .= '<input type="hidden" name="user_flag" value="' . $user_flag . '" />';
  632. // FLAGHACK-end
  633. $s_hidden_fields .= '<input type="hidden" name="occupation" value="' . str_replace("\"", "&quot;", $occupation) . '" />';
  634. $s_hidden_fields .= '<input type="hidden" name="interests" value="' . str_replace("\"", "&quot;", $interests) . '" />';
  635. $s_hidden_fields .= '<input type="hidden" name="signature" value="' . str_replace("\"", "&quot;", $signature) . '" />';
  636. $s_hidden_fields .= '<input type="hidden" name="viewemail" value="' . $viewemail . '" />';
  637. $s_hidden_fields .= '<input type="hidden" name="notifypm" value="' . $notifypm . '" />';
  638. $s_hidden_fields .= '<input type="hidden" name="notifyreply" value="' . $notifyreply . '" />';
  639. $s_hidden_fields .= '<input type="hidden" name="attachsig" value="' . $attachsig . '" />';
  640. $s_hidden_fields .= '<input type="hidden" name="hideonline" value="' . !$allowviewonline . '" />';
  641. $s_hidden_fields .= '<input type="hidden" name="language" value="' . $user_lang . '" />';
  642. $s_hidden_fields .= '<input type="hidden" name="timezone" value="' . $user_timezone . '" />';
  643. $s_hidden_fields .= '<input type="hidden" name="dateformat" value="' . htmlCHR($user_dateformat) . '" />';
  644. $s_hidden_fields .= '<input type="hidden" name="user_status" value="' . $user_status . '" />';
  645. $s_hidden_fields .= '<input type="hidden" name="user_allowpm" value="' . $user_allowpm . '" />';
  646. $s_hidden_fields .= '<input type="hidden" name="user_allowavatar" value="' . $user_allowavatar . '" />';
  647. $s_hidden_fields .= '<input type="hidden" name="user_rank" value="' . $user_rank . '" />';
  648. $template->assign_vars(array(
  649. 'TPL_ADMIN_USER_AVATAR_GALLERY' => true,
  650. "L_USER_EXPLAIN" => $lang['USER_ADMIN_EXPLAIN'],
  651. "S_OPTIONS_CATEGORIES" => $s_categories,
  652. "S_COLSPAN" => $s_colspan,
  653. "S_PROFILE_ACTION" => append_sid("admin_users.php?mode=$mode"),
  654. "S_HIDDEN_FIELDS" => $s_hidden_fields)
  655. );
  656. }
  657. }
  658. else
  659. {
  660. $s_hidden_fields = '<input type="hidden" name="mode" value="save" />';
  661. $s_hidden_fields .= '<input type="hidden" name="id" value="' . $this_userdata['user_id'] . '" />';
  662. if( !empty($user_avatar_local) )
  663. {
  664. $s_hidden_fields .= '<input type="hidden" name="avatarlocal" value="' . $user_avatar_local . '" /><input type="hidden" name="avatarcatname" value="' . $user_avatar_category . '" />';
  665. }
  666. if( $user_avatar_type )
  667. {
  668. switch( $user_avatar_type )
  669. {
  670. case USER_AVATAR_UPLOAD:
  671. $avatar = '<img src="../' . $bb_cfg['avatar_path'] . '/' . $user_avatar . '" alt="" />';
  672. break;
  673. case USER_AVATAR_REMOTE:
  674. $avatar = '<img src="' . $user_avatar . '" alt="" />';
  675. break;
  676. case USER_AVATAR_GALLERY:
  677. $avatar = '<img src="../' . $bb_cfg['avatar_gallery_path'] . '/' . $user_avatar . '" alt="" />';
  678. break;
  679. }
  680. }
  681. else
  682. {
  683. $avatar = "";
  684. }
  685. $sql = "SELECT * FROM " . RANKS_TABLE . "
  686. WHERE rank_special = 1
  687. ORDER BY rank_title";
  688. if ( !($result = $db->sql_query($sql)) )
  689. {
  690. message_die(GENERAL_ERROR, 'Could not obtain ranks data', '', __LINE__, __FILE__, $sql);
  691. }
  692. $rank_select_box = '<option value="0">' . $lang['NO_ASSIGNED_RANK'] . '</option>';
  693. while( $row = $db->sql_fetchrow($result) )
  694. {
  695. $rank = $row['rank_title'];
  696. $rank_id = $row['rank_id'];
  697. $selected = ( $this_userdata['user_rank'] == $rank_id ) ? ' selected="selected"' : '';
  698. $rank_select_box .= '<option value="' . $rank_id . '"' . $selected . '>' . $rank . '</option>';
  699. }
  700. //
  701. // Let's do an overall check for settings/versions which would prevent
  702. // us from doing file uploads....
  703. //
  704. $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
  705. $form_enctype = ( !@$ini_val('file_uploads') || phpversion() == '4.0.4pl1' || !$bb_cfg['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
  706. // query to get the list of flags
  707. $sql = "SELECT *
  708. FROM " . COUNTRIES_TABLE . "
  709. ORDER BY country_id";
  710. if(!$flags_result = $db->sql_query($sql))
  711. {
  712. message_die(GENERAL_ERROR, "Couldn't obtain flags information.", "", __LINE__, __FILE__, $sql);
  713. }
  714. $flag_row = $db->sql_fetchrowset($flags_result);
  715. $num_flags = $db->sql_numrows($flags_result);
  716. // build the html select statement
  717. if(!defined('COUNTRIES_LANG'))
  718. {
  719. include(LANG_DIR . "lang_countries.php");
  720. }
  721. $flag_start_image = 'blank.gif' ;
  722. $selected = ( isset($user_flag) ) ? '' : HTML_SELECTED;
  723. $flag_select = "<select name=\"user_flag\" onChange=\"document.images['user_flag'].src = '../images/flags/' + this.value + '.png';\" >";
  724. $flag_select .= "<option value=\"blank.gif\"$selected>" . $lang['SELECT_COUNTRY'] . "</option>";
  725. for ($i = 0; $i < $num_flags; $i++)
  726. {
  727. $country_code = $flag_row[$i]['country_code'];
  728. $country_name = $lang['COUNTRIES'][$country_code];
  729. $flag_image = $country_code . '.png';
  730. $selected = ( isset( $user_flag) ) ? (($user_flag == $country_code) ? HTML_SELECTED : '' ) : '' ;
  731. $flag_select .= "\t<option value=\"$country_code\"$selected>$country_name</option>";
  732. if ( isset( $user_flag) && ($user_flag == $country_code))
  733. {
  734. $flag_start_image = $flag_image ;
  735. }
  736. }
  737. $flag_select .= '</select>';
  738. $template->assign_vars(array(
  739. 'TPL_ADMIN_USER_EDIT' => true,
  740. 'USERNAME' => $username,
  741. 'EMAIL' => $email,
  742. 'ICQ' => $icq,
  743. 'OCCUPATION' => $occupation,
  744. 'INTERESTS' => $interests,
  745. 'LOCATION' => $location,
  746. 'L_FLAG' => $lang['COUNTRY_FLAG'],
  747. 'FLAG_SELECT' => $flag_select,
  748. 'FLAG_START' => $flag_start_image,
  749. 'WEBSITE' => $website,
  750. 'SIGNATURE' => str_replace('<br />', "\n", $signature),
  751. 'VIEW_EMAIL_YES' => ($viewemail) ? 'checked="checked"' : '',
  752. 'VIEW_EMAIL_NO' => (!$viewemail) ? 'checked="checked"' : '',
  753. 'HIDE_USER_YES' => (!$allowviewonline) ? 'checked="checked"' : '',
  754. 'HIDE_USER_NO' => ($allowviewonline) ? 'checked="checked"' : '',
  755. 'NOTIFY_PM_YES' => ($notifypm) ? 'checked="checked"' : '',
  756. 'NOTIFY_PM_NO' => (!$notifypm) ? 'checked="checked"' : '',
  757. 'ALWAYS_ADD_SIGNATURE_YES' => ($attachsig) ? 'checked="checked"' : '',
  758. 'ALWAYS_ADD_SIGNATURE_NO' => (!$attachsig) ? 'checked="checked"' : '',
  759. 'NOTIFY_REPLY_YES' => ( $notifyreply ) ? 'checked="checked"' : '',
  760. 'NOTIFY_REPLY_NO' => ( !$notifyreply ) ? 'checked="checked"' : '',
  761. 'ADMIN_AVATAR' => $avatar,
  762. 'LANGUAGE_SELECT' => language_select($user_lang),
  763. 'TIMEZONE_SELECT' => tz_select($user_timezone),
  764. 'STYLE_SELECT' => $bb_cfg['tpl_name'],
  765. 'DATE_FORMAT' => $user_dateformat,
  766. 'ALLOW_PM_YES' => ($user_allowpm) ? 'checked="checked"' : '',
  767. 'ALLOW_PM_NO' => (!$user_allowpm) ? 'checked="checked"' : '',
  768. 'ALLOW_AVATAR_YES' => ($user_allowavatar) ? 'checked="checked"' : '',
  769. 'ALLOW_AVATAR_NO' => (!$user_allowavatar) ? 'checked="checked"' : '',
  770. 'USER_ACTIVE_YES' => ($user_status) ? 'checked="checked"' : '',
  771. 'USER_ACTIVE_NO' => (!$user_status) ? 'checked="checked"' : '',
  772. 'RANK_SELECT_BOX' => $rank_select_box,
  773. 'L_USER_EXPLAIN' => $lang['USER_ADMIN_EXPLAIN'],
  774. 'L_BOARD_LANGUAGE' => $lang['BOARD_LANG'],
  775. 'L_ALWAYS_ADD_SIGNATURE' => $lang['ALWAYS_ADD_SIG'],
  776. 'L_SPECIAL' => $lang['USER_SPECIAL'],
  777. 'L_SPECIAL_EXPLAIN' => $lang['USER_SPECIAL_EXPLAIN'],
  778. 'L_USER_ACTIVE' => $lang['USER_STATUS'],
  779. 'L_ALLOW_PM' => $lang['USER_ALLOWPM'],
  780. 'L_ALLOW_AVATAR' => $lang['USER_ALLOWAVATAR'],
  781. 'L_AVATAR_EXP' => $lang['ADMIN_AVATAR_EXPLAIN'],
  782. 'L_DELETE_AVATAR' => $lang['DELETE_IMAGE'],
  783. 'L_AVATAR_GALLERY' => $lang['SELECT_FROM_GALLERY'],
  784. 'L_SHOW_GALLERY' => $lang['VIEW_AVATAR_GALLERY'],
  785. 'L_LINK_REMOTE_AVATAR' => $lang['LINK_REMOTE_AVATAR'],
  786. 'L_SIGNATURE_EXP' => sprintf($lang['SIGNATURE_EXPLAIN'], $bb_cfg['max_sig_chars'] ),
  787. 'L_NOTIFY_ON_REPLY' => $lang['ALWAYS_NOTIFY'],
  788. 'L_PROFILE_INFO_NOTICE' => $lang['PROFILE_INFO_WARN'],
  789. 'S_FORM_ENCTYPE' => $form_enctype,
  790. 'BBCODE_STATUS' => sprintf(@$bbcode_status, '<a href="../' . append_sid("faq.php?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
  791. 'SMILIES_STATUS' => @$smilies_status,
  792. 'L_DELETE_USER' => $lang['USER_DELETE'],
  793. 'L_DELETE_USER_EXPLAIN' => $lang['USER_DELETE_EXPLAIN'],
  794. 'L_SELECT_RANK' => $lang['RANK_TITLE'],
  795. 'S_HIDDEN_FIELDS' => $s_hidden_fields,
  796. 'S_PROFILE_ACTION' => append_sid("admin_users.php"))
  797. );
  798. if( file_exists(@phpbb_realpath('./../' . $bb_cfg['avatar_path'])) && ($bb_cfg['allow_avatar_upload'] == TRUE) )
  799. {
  800. if ( $form_enctype != '' )
  801. {
  802. $template->assign_block_vars('avatar_local_upload', array() );
  803. }
  804. $template->assign_block_vars('avatar_remote_upload', array() );
  805. }
  806. if( file_exists(@phpbb_realpath('./../' . $bb_cfg['avatar_gallery_path'])) && ($bb_cfg['allow_avatar_local'] == TRUE) )
  807. {
  808. $template->assign_block_vars('avatar_local_gallery', array() );
  809. }
  810. if( $bb_cfg['allow_avatar_remote'] == TRUE )
  811. {
  812. $template->assign_block_vars('avatar_remote_link', array() );
  813. }
  814. }
  815. }
  816. else
  817. {
  818. //
  819. // Default user selection box
  820. //
  821. $template->assign_vars(array(
  822. 'TPL_ADMIN_USER_SELECT' => true,
  823. 'L_USER_EXPLAIN' => $lang['USER_ADMIN_EXPLAIN'],
  824. 'U_SEARCH_USER' => append_sid("./../search.php?mode=searchuser"),
  825. 'S_USER_ACTION' => append_sid("admin_users.php"),
  826. 'S_USER_SELECT' => @$select_list)
  827. );
  828. }
  829. print_page('admin_users.tpl', 'admin');