PageRenderTime 73ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/upload/admin/admin_user_search.php

http://torrentpier2.googlecode.com/
PHP | 1296 lines | 1116 code | 138 blank | 42 comment | 101 complexity | 743e2a588daffa0a590d7db6825ad4eb MD5 | raw file
    

  1. <?php

    2. 

  2. 

    3. 

  3. // ACP Header - START

    4. 

  4. if (!empty($setmodules))

    5. 

  5. {

    6. 

  6. 	$module['Users']['Search'] = basename(__FILE__);

    7. 

  7. 	return;

    8. 

  8. }

    9. 

  9. require('./pagestart.php');

    10. 

  10. // ACP Header - END

    11. 

  11. 

    12. 

  12. require(INC_DIR .'functions_selects.php');

    13. 

  13. 

    14. 

  14. $total_sql = '';

    15. 

  15. 

    16. 

  16. if(!isset($_POST['dosearch'])&&!isset($_GET['dosearch']))

    17. 

  17. {

    18. 

  18. 	$sql = "SELECT group_id, group_name

    19. 

  19. 				FROM ".BB_GROUPS."

    20. 

  20. 					WHERE group_single_user = 0

    21. 

  21. 						ORDER BY group_name ASC";

    22. 

  22. 

    23. 

  23. 	if(!$result = DB()->sql_query($sql))

    24. 

  24. 	{

    25. 

  25. 		message_die(GENERAL_ERROR, 'Could not select group data', '', __LINE__, __FILE__, $sql);

    26. 

  26. 	}

    27. 

  27. 

    28. 

  28. 	$group_list = '';

    29. 

  29. 

    30. 

  30. 	if(DB()->num_rows($result) != 0)

    31. 

  31. 	{

    32. 

  32. 		$template->assign_block_vars('groups_exist', array());

    33. 

  33. 

    34. 

  34. 		while($row = DB()->sql_fetchrow($result))

    35. 

  35. 		{

    36. 

  36. 			$group_list .= '<option value="'.$row['group_id'].'">'.strip_tags(htmlspecialchars($row['group_name'])).'</option>';

    37. 

  37. 		}

    38. 

  38. 	}

    39. 

  39. 

    40. 

  40. 

    41. 

  41. 	$sql = "SELECT * FROM " . BB_RANKS . "

    42. 

  42. 		WHERE rank_special = 1

    43. 

  43. 		ORDER BY rank_title";

    44. 

  44. 	if ( !($result = DB()->sql_query($sql)) )

    45. 

  45. 	{

    46. 

  46. 		message_die(GENERAL_ERROR, 'Could not obtain ranks data', '', __LINE__, __FILE__, $sql);

    47. 

  47. 	}

    48. 

  48. 	$rank_select_box = '';

    49. 

  49. 	if(DB()->num_rows($result) != 0)

    50. 

  50. 	{

    51. 

  51. 		$template->assign_block_vars('ranks_exist', array());

    52. 

  52. 		while( $row = DB()->sql_fetchrow($result) )

    53. 

  53. 		{

    54. 

  54. 			$rank = $row['rank_title'];

    55. 

  55. 			$rank_id = $row['rank_id'];

    56. 

  56. 			$rank_select_box .= '<option value="' . $rank_id . '">' . $rank . '</option>';

    57. 

  57. 		}

    58. 

  58. 	}

    59. 

  59. 

    60. 

  60. 

    61. 

  61. 	$language_list = language_select('', 'language_type');

    62. 

  62. 	$timezone_list = tz_select('', 'timezone_type');

    63. 

  63. 

    64. 

  64. 	$sql = "SELECT f.forum_id, f.forum_name, f.forum_parent, c.cat_id, c.cat_title

    65. 

  65. 				FROM ( ". BB_FORUMS ." AS f INNER JOIN ". BB_CATEGORIES ." AS c ON c.cat_id = f.cat_id )

    66. 

  66. 				ORDER BY c.cat_order, f.forum_order ASC";

    67. 

  67. 

    68. 

  68. 	if(!$result = DB()->sql_query($sql))

    69. 

  69. 	{

    70. 

  70. 		message_die(GENERAL_ERROR, 'Could not select forum data', '', __LINE__, __FILE__, $sql);

    71. 

  71. 	}

    72. 

  72. 

    73. 

  73. 	$forums = array();

    74. 

  74. 

    75. 

  75. 	if(DB()->num_rows($result) != 0)

    76. 

  76. 	{

    77. 

  77. 		$template->assign_block_vars('forums_exist', array());

    78. 

  78. 

    79. 

  79. 		$last_cat_id = -1;

    80. 

  80. 

    81. 

  81. 		$forums_list = '';

    82. 

  82. 

    83. 

  83. 		while($row = DB()->sql_fetchrow($result))

    84. 

  84. 		{

    85. 

  85. 			if($row['cat_id'] != $last_cat_id)

    86. 

  86. 			{

    87. 

  87. 				$forums_list .= '<optgroup label="'.htmlCHR($row['cat_title']).'">';

    88. 

  88. 				$last_cat_id = $row['cat_id'];

    89. 

  89. 			}

    90. 

  90. 

    91. 

  91. 			$forums_list .= '<option value="'.$row['forum_id'].'">'.(($row['forum_parent']) ? HTML_SF_SPACER : '').htmlCHR($row['forum_name']).'</option>';

    92. 

  92. 		}

    93. 

  93. 	}

    94. 

  94. 

    95. 

  95. 	$styles_list = $bb_cfg['tpl_name'];

    96. 

  96. 

    97. 

  97. 	$lastvisited = array(1, 7, 14, 30, 60, 120, 365, 500, 730, 1000);

    98. 

  98. 	$lastvisited_list = '';

    99. 

  99. 

    100. 

  100. 	foreach($lastvisited as $days)

    101. 

  101. 	{

    102. 

  102. 		$lastvisited_list .= '<option value="'.$days.'">'.$days.' '. ( ( $days > 1 ) ? $lang['DAYS'] : $lang['DAY'] ) .'</option>';

    103. 

  103. 	}

    104. 

  104. 

    105. 

  105. 	$template->assign_vars(array(

    106. 

  106. 		'TPL_ADMIN_USER_SEARCH_MAIN' => true,

    107. 

  107. 

    108. 

  108. 		'YEAR' => date("Y"),

    109. 

  109. 		'MONTH' => date("m"),

    110. 

  110. 		'DAY' => date("d"),

    111. 

  111. 		'GROUP_LIST' => $group_list,

    112. 

  112. 		'RANK_SELECT_BOX' => $rank_select_box,

    113. 

  113. 		'LANGUAGE_LIST' => $language_list,

    114. 

  114. 		'TIMEZONE_LIST' => $timezone_list,

    115. 

  115. 		'FORUMS_LIST' => $forums_list,

    116. 

  116. 		'STYLE_LIST' => $styles_list,

    117. 

  117. 		'LASTVISITED_LIST' => $lastvisited_list,

    118. 

  118. 

    119. 

  119. 		'S_SEARCH_ACTION' => 'admin_user_search.php',

    120. 

  120. 	));

    121. 

  121. }

    122. 

  122. else

    123. 

  123. {

    124. 

  124. 	$mode = '';

    125. 

  125. 

    126. 

  126. 	// validate mode

    127. 

  127. 	if(isset($_POST['search_username'])||isset($_GET['search_username']))

    128. 

  128. 	{

    129. 

  129. 		$mode = 'search_username';

    130. 

  130. 	}

    131. 

  131. 	elseif(isset($_POST['search_email'])||isset($_GET['search_email']))

    132. 

  132. 	{

    133. 

  133. 		$mode = 'search_email';

    134. 

  134. 	}

    135. 

  135. 	elseif(isset($_POST['search_ip'])||isset($_GET['search_ip']))

    136. 

  136. 	{

    137. 

  137. 		$mode = 'search_ip';

    138. 

  138. 	}

    139. 

  139. 	elseif(isset($_POST['search_joindate'])||isset($_GET['search_joindate']))

    140. 

  140. 	{

    141. 

  141. 		$mode = 'search_joindate';

    142. 

  142. 	}

    143. 

  143. 	elseif(isset($_POST['search_group'])||isset($_GET['search_group']))

    144. 

  144. 	{

    145. 

  145. 		$mode = 'search_group';

    146. 

  146. 	}

    147. 

  147. 	elseif(isset($_POST['search_rank'])||isset($_GET['search_rank']))

    148. 

  148. 	{

    149. 

  149. 		$mode = 'search_rank';

    150. 

  150. 	}

    151. 

  151. 	elseif(isset($_POST['search_postcount'])||isset($_GET['search_postcount']))

    152. 

  152. 	{

    153. 

  153. 		$mode = 'search_postcount';

    154. 

  154. 	}

    155. 

  155. 	elseif(isset($_POST['search_userfield'])||isset($_GET['search_userfield']))

    156. 

  156. 	{

    157. 

  157. 		$mode = 'search_userfield';

    158. 

  158. 	}

    159. 

  159. 	elseif(isset($_POST['search_lastvisited'])||isset($_GET['search_lastvisited']))

    160. 

  160. 	{

    161. 

  161. 		$mode = 'search_lastvisited';

    162. 

  162. 	}

    163. 

  163. 	elseif(isset($_POST['search_language'])||isset($_GET['search_language']))

    164. 

  164. 	{

    165. 

  165. 		$mode = 'search_language';

    166. 

  166. 	}

    167. 

  167. 	elseif(isset($_POST['search_timezone'])||isset($_GET['search_timezone']))

    168. 

  168. 	{

    169. 

  169. 		$mode = 'search_timezone';

    170. 

  170. 	}

    171. 

  171. 	elseif(isset($_POST['search_style'])||isset($_GET['search_style']))

    172. 

  172. 	{

    173. 

  173. 		$mode = 'search_style';

    174. 

  174. 	}

    175. 

  175. 	elseif(isset($_POST['search_moderators'])||isset($_GET['search_moderators']))

    176. 

  176. 	{

    177. 

  177. 		$mode = 'search_moderators';

    178. 

  178. 	}

    179. 

  179. 	elseif(isset($_POST['search_misc'])||isset($_GET['search_misc']))

    180. 

  180. 	{

    181. 

  181. 		$mode = 'search_misc';

    182. 

  182. 	}

    183. 

  183. 

    184. 

  184. 	// validate fields (that they exist)

    185. 

  185. 	switch($mode)

    186. 

  186. 	{

    187. 

  187. 		case 'search_username':

    188. 

  188. 			$username = ( isset($_GET['username']) ) ? $_GET['username'] : $_POST['username'];

    189. 

  189. 			$regex = ( @$_POST['search_username_regex'] ) ? true : ( @$_GET['regex'] ) ? true : false;

    190. 

  190. 

    191. 

  191. 			if(!$username)

    192. 

  192. 			{

    193. 

  193. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_USERNAME']);

    194. 

  194. 			}

    195. 

  195. 

    196. 

  196. 			break;

    197. 

  197. 		case 'search_email':

    198. 

  198. 			$email = ( isset($_GET['email']) ) ? $_GET['email'] : $_POST['email'];

    199. 

  199. 			$regex = ( @$_POST['search_email_regex'] ) ? true : ( @$_GET['regex'] ) ? true : false;

    200. 

  200. 

    201. 

  201. 			if(!$email)

    202. 

  202. 			{

    203. 

  203. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_EMAIL']);

    204. 

  204. 			}

    205. 

  205. 

    206. 

  206. 			break;

    207. 

  207. 		case 'search_ip':

    208. 

  208. 			$ip_address = ( isset($_POST['ip_address'] ) ) ? $_POST['ip_address'] : $_GET['ip_address'];

    209. 

  209. 

    210. 

  210. 			if(!$ip_address)

    211. 

  211. 			{

    212. 

  212. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_IP']);

    213. 

  213. 			}

    214. 

  214. 			break;

    215. 

  215. 		case 'search_joindate':

    216. 

  216. 			$date_type = ( isset($_POST['date_type'] ) ) ? $_POST['date_type'] : $_GET['date_type'];

    217. 

  217. 			$date_day = ( isset($_POST['date_day'] ) ) ? $_POST['date_day'] : $_GET['date_day'];

    218. 

  218. 			$date_month = ( isset($_POST['date_month'] ) ) ? $_POST['date_month'] : $_GET['date_month'];

    219. 

  219. 			$date_year = ( isset($_POST['date_year'] ) ) ? $_POST['date_year'] : $_GET['date_year'];

    220. 

  220. 

    221. 

  221. 			if(!$date_type || !$date_day || !$date_month || !$date_year)

    222. 

  222. 			{

    223. 

  223. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_DATE']);

    224. 

  224. 			}

    225. 

  225. 			break;

    226. 

  226. 		case 'search_group':

    227. 

  227. 			$group_id = ( isset($_POST['group_id'] ) ) ? $_POST['group_id'] : $_GET['group_id'];

    228. 

  228. 			if(!$group_id)

    229. 

  229. 			{

    230. 

  230. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_GROUP']);

    231. 

  231. 			}

    232. 

  232. 			break;

    233. 

  233. 		case 'search_rank':

    234. 

  234. 			$rank_id = ( isset($_POST['rank_id'] ) ) ? $_POST['rank_id'] : $_GET['rank_id'];

    235. 

  235. 			if(!$rank_id)

    236. 

  236. 			{

    237. 

  237. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_RANK']);

    238. 

  238. 			}

    239. 

  239. 			break;

    240. 

  240. 		case 'search_postcount':

    241. 

  241. 			$postcount_type = ( isset($_POST['postcount_type'] ) ) ? $_POST['postcount_type'] : $_GET['postcount_type'];

    242. 

  242. 			$postcount_value = ( isset($_POST['postcount_value'] ) ) ? $_POST['postcount_value'] : $_GET['postcount_value'];

    243. 

  243. 

    244. 

  244. 			if(!$postcount_type || ( !$postcount_value && $postcount_value != 0))

    245. 

  245. 			{

    246. 

  246. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_POSTCOUNT']);

    247. 

  247. 			}

    248. 

  248. 			break;

    249. 

  249. 		case 'search_userfield':

    250. 

  250. 			$userfield_type = ( isset($_POST['userfield_type'] ) ) ? $_POST['userfield_type'] : $_GET['userfield_type'];

    251. 

  251. 			$userfield_value = ( isset($_POST['userfield_value'] ) ) ? $_POST['userfield_value'] : $_GET['userfield_value'];

    252. 

  252. 			$regex = ( @$_POST['search_userfield_regex'] ) ? true : ( @$_GET['regex'] ) ? true : false;

    253. 

  253. 

    254. 

  254. 			if(!$userfield_type || !$userfield_value)

    255. 

  255. 			{

    256. 

  256. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_USERFIELD']);

    257. 

  257. 			}

    258. 

  258. 

    259. 

  259. 			break;

    260. 

  260. 		case 'search_lastvisited':

    261. 

  261. 			$lastvisited_days = ( isset($_POST['lastvisited_days'] ) ) ? $_POST['lastvisited_days'] : $_GET['lastvisited_days'];

    262. 

  262. 			$lastvisited_type = ( isset($_POST['lastvisited_type'] ) ) ? $_POST['lastvisited_type'] : $_GET['lastvisited_type'];

    263. 

  263. 

    264. 

  264. 			if(!$lastvisited_days || !$lastvisited_type)

    265. 

  265. 			{

    266. 

  266. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_LASTVISITED']);

    267. 

  267. 			}

    268. 

  268. 

    269. 

  269. 			break;

    270. 

  270. 		case 'search_language':

    271. 

  271. 			$language_type = ( isset($_POST['language_type'] ) ) ? $_POST['language_type'] : $_GET['language_type'];

    272. 

  272. 

    273. 

  273. 			if(!$language_type)

    274. 

  274. 			{

    275. 

  275. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_LANGUAGE']);

    276. 

  276. 			}

    277. 

  277. 

    278. 

  278. 			break;

    279. 

  279. 		case 'search_timezone':

    280. 

  280. 			$timezone_type = ( isset($_POST['timezone_type'] ) ) ? $_POST['timezone_type'] : $_GET['timezone_type'];

    281. 

  281. 

    282. 

  282. 			if(!$timezone_type && $timezone_type != 0)

    283. 

  283. 			{

    284. 

  284. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_TIMEZONE']);

    285. 

  285. 			}

    286. 

  286. 

    287. 

  287. 			break;

    288. 

  288. 		case 'search_style':

    289. 

  289. 			$style_type = ( isset($_POST['style_type'] ) ) ? $_POST['style_type'] : $_GET['style_type'];

    290. 

  290. 

    291. 

  291. 			if(!$style_type)

    292. 

  292. 			{

    293. 

  293. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_STYLE']);

    294. 

  294. 			}

    295. 

  295. 

    296. 

  296. 			break;

    297. 

  297. 		case 'search_moderators':

    298. 

  298. 			$moderators_forum = ( isset($_POST['moderators_forum'] ) ) ? $_POST['moderators_forum'] : $_GET['moderators_forum'];

    299. 

  299. 

    300. 

  300. 			if(!$moderators_forum)

    301. 

  301. 			{

    302. 

  302. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_MODERATORS']);

    303. 

  303. 			}

    304. 

  304. 

    305. 

  305. 			break;

    306. 

  306. 		case 'search_misc':

    307. 

  307. 		default:

    308. 

  308. 			$misc = ( isset($_POST['misc'] ) ) ? $_POST['misc'] : $_GET['misc'];

    309. 

  309. 			if(!$misc)

    310. 

  310. 			{

    311. 

  311. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID']);

    312. 

  312. 			}

    313. 

  313. 	}

    314. 

  314. 

    315. 

  315. 	$base_url = 'admin_user_search.php?dosearch=true';

    316. 

  316. 

    317. 

  317. 	$select_sql = "SELECT u.user_id, u.username, u.user_rank, u.user_email, u.user_posts, u.user_regdate, u.user_level, u.user_active, u.user_lastvisit

    318. 

  318. 						FROM ". BB_USERS ." AS u";

    319. 

  319. 

    320. 

  320. 	$lower_b = 'LOWER(';

    321. 

  321. 	$lower_e = ')';

    322. 

  322. 	if(@$regex)

    323. 

  323. 	{

    324. 

  324. 		switch(SQL_LAYER)

    325. 

  325. 		{

    326. 

  326. 			case 'postgres':

    327. 

  327. 				$op = '~';

    328. 

  328. 				break;

    329. 

  329. 			case 'oracle':

    330. 

  330. 				// Oracle uses a different syntax, we'll handle that a little later

    331. 

  331. 				break;

    332. 

  332. 			case 'mysql':

    333. 

  333. 			case 'mysql4':

    334. 

  334. 				$op = 'REGEXP';

    335. 

  335. 				break;

    336. 

  336. 			default:

    337. 

  337. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_NO_REGEXP']);

    338. 

  338. 		}

    339. 

  339. 

    340. 

  340. 		$lower_b = '';

    341. 

  341. 		$lower_e = '';

    342. 

  342. 	}

    343. 

  343. 

    344. 

  344. 	// validate data & prepare sql

    345. 

  345. 	switch($mode)

    346. 

  346. 	{

    347. 

  347. 		case 'search_username':

    348. 

  348. 			$base_url .= '&search_username=true&username='.rawurlencode(stripslashes($username));

    349. 

  349. 

    350. 

  350. 			$text = sprintf($lang['SEARCH_FOR_USERNAME'], strip_tags(htmlspecialchars(stripslashes($username))));

    351. 

  351. 

    352. 

  352. 			if(!$regex)

    353. 

  353. 			{

    354. 

  354. 				$username = preg_replace('/\*/', '%', trim(strip_tags(strtolower($username))));

    355. 

  355. 

    356. 

  356. 				if(strstr($username, '%'))

    357. 

  357. 				{

    358. 

  358. 					$op = 'LIKE';

    359. 

  359. 				}

    360. 

  360. 				else

    361. 

  361. 				{

    362. 

  362. 					$op = '=';

    363. 

  363. 				}

    364. 

  364. 			}

    365. 

  365. 			else

    366. 

  366. 			{

    367. 

  367. 				$username = preg_replace('/\\\\\\\(?<!\'|"|NULL)/', '\\', $username);

    368. 

  368. 			}

    369. 

  369. 

    370. 

  370. 			if($username == '')

    371. 

  371. 			{

    372. 

  372. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_USERNAME']);

    373. 

  373. 			}

    374. 

  374. 

    375. 

  375. 			if($regex && SQL_LAYER == 'oracle')

    376. 

  376. 			{

    377. 

  377. 				$total_sql .= "SELECT COUNT(user_id) AS total

    378. 

  378. 								FROM ".BB_USERS."

    379. 

  379. 									WHERE REGEXP_LIKE(username, '".DB()->escape($username)."')

    380. 

  380. 										AND user_id <> ".GUEST_UID;

    381. 

  381. 

    382. 

  382. 				$select_sql .= "	WHERE REGEXP_LIKE(u.username, '".DB()->escape($username)."')

    383. 

  383. 										AND u.user_id <> ".GUEST_UID;

    384. 

  384. 			}

    385. 

  385. 			else

    386. 

  386. 			{

    387. 

  387. 				$total_sql .= "SELECT COUNT(user_id) AS total

    388. 

  388. 								FROM ".BB_USERS."

    389. 

  389. 									WHERE {$lower_b}username{$lower_e} $op '".DB()->escape($username)."'

    390. 

  390. 										AND user_id <> ".GUEST_UID;

    391. 

  391. 

    392. 

  392. 				$select_sql .= "	WHERE {$lower_b}u.username{$lower_e} $op '".DB()->escape($username)."'

    393. 

  393. 										AND u.user_id <> ".GUEST_UID;

    394. 

  394. 			}

    395. 

  395. 			break;

    396. 

  396. 		case 'search_email':

    397. 

  397. 			$base_url .= '&search_email=true&email='.rawurlencode(stripslashes($email));

    398. 

  398. 

    399. 

  399. 			$text = sprintf($lang['SEARCH_FOR_EMAIL'], strip_tags(htmlspecialchars(stripslashes($email))));

    400. 

  400. 

    401. 

  401. 			if(!$regex)

    402. 

  402. 			{

    403. 

  403. 				$email = preg_replace('/\*/', '%', trim(strip_tags(strtolower($email))));

    404. 

  404. 

    405. 

  405. 				if(strstr($email, '%'))

    406. 

  406. 				{

    407. 

  407. 					$op = 'LIKE';

    408. 

  408. 				}

    409. 

  409. 				else

    410. 

  410. 				{

    411. 

  411. 					$op = '=';

    412. 

  412. 				}

    413. 

  413. 			}

    414. 

  414. 			else

    415. 

  415. 			{

    416. 

  416. 				$email = preg_replace('/\\\\\\\(?<!\'|"|NULL)/', '\\', $email);

    417. 

  417. 			}

    418. 

  418. 

    419. 

  419. 			if($email == '')

    420. 

  420. 			{

    421. 

  421. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_EMAIL']);

    422. 

  422. 			}

    423. 

  423. 

    424. 

  424. 			if($regex && SQL_LAYER == 'oracle')

    425. 

  425. 			{

    426. 

  426. 				$total_sql .= "SELECT COUNT(user_id) AS total

    427. 

  427. 								FROM ".BB_USERS."

    428. 

  428. 									WHERE REGEXP_LIKE(user_email, '".DB()->escape($email)."')

    429. 

  429. 										AND user_id <> ".GUEST_UID;

    430. 

  430. 

    431. 

  431. 				$select_sql .= "	WHERE REGEXP_LIKE(u.user_email, '".DB()->escape($email)."')

    432. 

  432. 										AND u.user_id <> ".GUEST_UID;

    433. 

  433. 			}

    434. 

  434. 			else

    435. 

  435. 			{

    436. 

  436. 				$total_sql .= "SELECT COUNT(user_id) AS total

    437. 

  437. 								FROM ".BB_USERS."

    438. 

  438. 									WHERE {$lower_b}user_email{$lower_e} $op '".DB()->escape($email)."'

    439. 

  439. 										AND user_id <> ".GUEST_UID;

    440. 

  440. 

    441. 

  441. 				$select_sql .= "	WHERE {$lower_b}u.user_email{$lower_e} $op '".DB()->escape($email)."'

    442. 

  442. 										AND u.user_id <> ".GUEST_UID;

    443. 

  443. 			}

    444. 

  444. 			break;

    445. 

  445. 		case 'search_ip':

    446. 

  446. 			$base_url .= '&search_ip=true&ip_address='.rawurlencode(stripslashes($ip_address));

    447. 

  447. 

    448. 

  448. 			// Remove any whitespace

    449. 

  449. 			$ip_address = trim($ip_address);

    450. 

  450. 

    451. 

  451. 			$text = sprintf($lang['SEARCH_FOR_IP'], strip_tags(htmlspecialchars(stripslashes($ip_address))));

    452. 

  452. 

    453. 

  453. 			unset($users);

    454. 

  454. 			$users = array();

    455. 

  455. 

    456. 

  456. 			// Let's see if they entered a full valid IPv4 address

    457. 

  457. 			if( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}$/', $ip_address) )

    458. 

  458. 			{

    459. 

  459. 				// Encode the ip into hexademicals

    460. 

  460. 				$ip = encode_ip($ip_address);

    461. 

  461. 

    462. 

  462. 				// Because we will be deleting based on IP's, we will store the encoded IP alone

    463. 

  463. 				$users[] = $ip;

    464. 

  464. 			}

    465. 

  465. 			// We will also support wildcards, is this an xxx.xxx.* address?

    466. 

  466. 			elseif( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){0,2}\.\*/', $ip_address) )

    467. 

  467. 			{

    468. 

  468. 				// Alright, now we do the ugly part, converting them to encoded ips

    469. 

  469. 				// We need to deal with the three ways it can be done

    470. 

  470. 				// xxx.*

    471. 

  471. 				// xxx.xxx.*

    472. 

  472. 				// xxx.xxx.xxx.*

    473. 

  473. 

    474. 

  474. 				// First we will split the IP into its quads

    475. 

  475. 				$ip_split = explode('.', $ip_address);

    476. 

  476. 

    477. 

  477. 				// Now we'll work with which type of wildcard we have

    478. 

  478. 				switch( count($ip_split) )

    479. 

  479. 				{

    480. 

  480. 					// xxx.xxx.xxx.*

    481. 

  481. 					case 4:

    482. 

  482. 						// We will encode the ip into hexademical quads

    483. 

  483. 						$users[] = encode_ip($ip_split[0].".".$ip_split[1].".".$ip_split[2].".255");

    484. 

  484. 						break;

    485. 

  485. 					// xxx.xxx.*

    486. 

  486. 					case 3:

    487. 

  487. 						// We will encode the ip into hexademical quads again..

    488. 

  488. 						$users[] = encode_ip($ip_split[0].".".$ip_split[1].".255.255");

    489. 

  489. 						break;

    490. 

  490. 					// xxx.*

    491. 

  491. 					case 2:

    492. 

  492. 						// We will encode the ip into hexademical quads again again....

    493. 

  493. 						$users[] = encode_ip($ip_split[0].".255.255.255");

    494. 

  494. 						break;

    495. 

  495. 				}

    496. 

  496. 			}

    497. 

  497. 			// Lastly, let's see if they have a range in the last quad, like xxx.xxx.xxx.xxx - xxx.xxx.xxx.yyy

    498. 

  498. 			elseif( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}(\s)*-(\s)*([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}$/', $ip_address) )

    499. 

  499. 			{

    500. 

  500. 				// We will split the two ranges

    501. 

  501. 				$range = preg_split('/[-\s]+/', $ip_address);

    502. 

  502. 

    503. 

  503. 				// This is where break the start and end ips into quads

    504. 

  504. 				$start_range = explode('.', $range[0]);

    505. 

  505. 				$end_range = explode('.', $range[1]);

    506. 

  506. 

    507. 

  507. 				// Confirm if we are in the same subnet or the last quad in the beginning range is greater than the last in the ending range

    508. 

  508. 				if( ($start_range[0].$start_range[1].$start_range[2] != $end_range[0].$end_range[1].$end_range[2]) || ($start_range[3] > $end_range[3]) )

    509. 

  509. 				{

    510. 

  510. 					message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_IP']);

    511. 

  511. 				}

    512. 

  512. 

    513. 

  513. 				// Ok, we need to store each IP in the range..

    514. 

  514. 				for( $i = $start_range[3]; $i <= $end_range[3]; $i++ )

    515. 

  515. 				{

    516. 

  516. 					// let's put it in the big array..

    517. 

  517. 					$users[] = encode_ip($start_range[0].".".$start_range[1  ].".".$start_range[2].".".$i);

    518. 

  518. 				}

    519. 

  519. 			}

    520. 

  520. 			// This is not a valid IP based on what we want..

    521. 

  521. 			else

    522. 

  522. 			{

    523. 

  523. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_IP']);

    524. 

  524. 			}

    525. 

  525. 

    526. 

  526. 			$ip_in_sql = $ip_like_sql = $ip_like_sql_flylast = $ip_like_sql_flyreg = '';

    527. 

  527. 

    528. 

  528. 			foreach($users as $address)

    529. 

  529. 			{

    530. 

  530. 				// Is this IP a range?

    531. 

  531. 				if( preg_match('/(ff){1,3}$/i', $address) )

    532. 

  532. 				{

    533. 

  533. 					// num.xxx.xxx.xxx

    534. 

  534. 					if( preg_match('/[0-9a-f]{2}ffffff/i', $address) )

    535. 

  535. 					{

    536. 

  536. 						$ip_start = substr($address, 0, 2);

    537. 

  537. 					}

    538. 

  538. 					// num.num.xxx.xxx

    539. 

  539. 					elseif( preg_match('/[0-9a-f]{4}ffff/i', $address) )

    540. 

  540. 					{

    541. 

  541. 						$ip_start = substr($address, 0, 4);

    542. 

  542. 

    543. 

  543. 					}

    544. 

  544. 					// num.num.num.xxx

    545. 

  545. 					elseif( preg_match('/[0-9a-f]{6}ff/i', $address) )

    546. 

  546. 					{

    547. 

  547. 						$ip_start = substr($address, 0, 6);

    548. 

  548. 					}

    549. 

  549. 

    550. 

  550. 					$ip_like_sql_flylast = $ip_like_sql . ( $ip_like_sql != '' ) ? " OR user_last_ip LIKE '".$ip_start."%'" : "user_last_ip LIKE '".$ip_start."%'";

    551. 

  551. 					$ip_like_sql_flyreg = $ip_like_sql . ( $ip_like_sql != '' ) ? " OR user_reg_ip LIKE '".$ip_start."%'" : "user_reg_ip LIKE '".$ip_start."%'";

    552. 

  552. 					$ip_like_sql .= ( $ip_like_sql != '' ) ? " OR poster_ip LIKE '".$ip_start."%'" : "poster_ip LIKE '".$ip_start."%'";

    553. 

  553. 				}

    554. 

  554. 				else

    555. 

  555. 				{

    556. 

  556. 					$ip_in_sql .= ( $ip_in_sql == '' ) ? "'$address'" : ", '$address'";

    557. 

  557. 				}

    558. 

  558. 			}

    559. 

  559. 

    560. 

  560. 			$where_sql = '';

    561. 

  561. 			$where_sql .= ( $ip_in_sql != '' ) ? "poster_ip IN ($ip_in_sql)": "";

    562. 

  562. 			$where_sql .= ( $ip_like_sql != '' ) ? ( $where_sql != "" ) ? " OR $ip_like_sql" : "$ip_like_sql": "";

    563. 

  563. 

    564. 

  564. 			if (!$where_sql) bb_die('invalid request');

    565. 

  565. 

    566. 

  566. 			// start search

    567. 

  567. 			$no_result_search = false;

    568. 

  568. 			$ip_users_sql = '';

    569. 

  569. 			$sql = "SELECT poster_id

    570. 

  570. 						FROM ".BB_POSTS."

    571. 

  571. 							WHERE poster_id <> ".GUEST_UID."

    572. 

  572. 								AND ($where_sql)

    573. 

  573. 							GROUP BY poster_id";

    574. 

  574. 

    575. 

  575. 			if(!$result = DB()->sql_query($sql))

    576. 

  576. 			{

    577. 

  577. 				message_die(GENERAL_ERROR, "Could not count users", '', __LINE__, __FILE__, $sql);

    578. 

  578. 			}

    579. 

  579. 

    580. 

  580. 			if(DB()->num_rows($result)==0)

    581. 

  581. 			{

    582. 

  582. 				$no_result_search = true;

    583. 

  583. 				// message_die(GENERAL_MESSAGE, $lang['SEARCH_NO_RESULTS']);

    584. 

  584. 			}

    585. 

  585. 			else

    586. 

  586. 			{

    587. 

  587. 				$total_pages['total'] = DB()->num_rows($result);

    588. 

  588. 

    589. 

  589. 				$total_sql = NULL;

    590. 

  590. 

    591. 

  591. 				$ip_users_sql = '';

    592. 

  592. 

    593. 

  593. 				while($row = DB()->sql_fetchrow($result))

    594. 

  594. 				{

    595. 

  595. 					$ip_users_sql .= ( $ip_users_sql == '' ) ? $row['poster_id'] : ', '.$row['poster_id'];

    596. 

  596. 				}

    597. 

  597. 			}

    598. 

  598. 

    599. 

  599. 			// fly_indiz addon [START]

    600. 

  600. 			// user last ip

    601. 

  601. 			$where_sql = '';

    602. 

  602. 			$where_sql .= ( $ip_in_sql != '' ) ? "user_last_ip IN ($ip_in_sql)": "";

    603. 

  603. 			$where_sql .= ( $ip_like_sql_flylast != '' ) ? ( $where_sql != "" ) ? " OR $ip_like_sql_flylast" : "$ip_like_sql_flylast": "";

    604. 

  604. 			$sql = "SELECT user_id

    605. 

  605. 						FROM ".BB_USERS."

    606. 

  606. 							WHERE user_id <> ".GUEST_UID."

    607. 

  607. 								AND ($where_sql)

    608. 

  608. 							GROUP BY user_id";

    609. 

  609. 			if(!$result = DB()->sql_query($sql))

    610. 

  610. 			{

    611. 

  611. 				message_die(GENERAL_ERROR, "Could not count users", '', __LINE__, __FILE__, $sql);

    612. 

  612. 			}

    613. 

  613. 			if(DB()->num_rows($result)!=0)

    614. 

  614. 			{

    615. 

  615. 				if ($no_result_search == true) $no_result_search = false;

    616. 

  616. 				$total_pages['total'] = DB()->num_rows($result);

    617. 

  617. 				$total_sql = NULL;

    618. 

  618. 				while($row = DB()->sql_fetchrow($result))

    619. 

  619. 				{

    620. 

  620. 					$ip_users_sql .= ( $ip_users_sql == '' ) ? $row['user_id'] : ', '.$row['user_id'];

    621. 

  621. 				}

    622. 

  622. 			}

    623. 

  623. 			// user reg ip

    624. 

  624. 			$where_sql = '';

    625. 

  625. 			$where_sql .= ( $ip_in_sql != '' ) ? "user_reg_ip IN ($ip_in_sql)": "";

    626. 

  626. 			$where_sql .= ( $ip_like_sql_flyreg != '' ) ? ( $where_sql != "" ) ? " OR $ip_like_sql_flyreg" : "$ip_like_sql_flyreg": "";

    627. 

  627. 			$sql = "SELECT user_id

    628. 

  628. 						FROM ".BB_USERS."

    629. 

  629. 							WHERE user_id <> ".GUEST_UID."

    630. 

  630. 								AND ($where_sql)

    631. 

  631. 							GROUP BY user_id";

    632. 

  632. 			if(!$result = DB()->sql_query($sql))

    633. 

  633. 			{

    634. 

  634. 				message_die(GENERAL_ERROR, "Could not count users", '', __LINE__, __FILE__, $sql);

    635. 

  635. 			}

    636. 

  636. 			if(DB()->num_rows($result)!=0)

    637. 

  637. 			{

    638. 

  638. 				if ($no_result_search == true) $no_result_search = false;

    639. 

  639. 				$total_pages['total'] = DB()->num_rows($result);

    640. 

  640. 				$total_sql = NULL;

    641. 

  641. 				while($row = DB()->sql_fetchrow($result))

    642. 

  642. 				{

    643. 

  643. 					$ip_users_sql .= ( $ip_users_sql == '' ) ? $row['user_id'] : ', '.$row['user_id'];

    644. 

  644. 				}

    645. 

  645. 			}

    646. 

  646. 			if ($no_result_search == true)

    647. 

  647. 			{

    648. 

  648. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_NO_RESULTS']);

    649. 

  649. 			}

    650. 

  650. 			// fly_indiz addon [END]

    651. 

  651. 

    652. 

  652. 			$select_sql .= "	WHERE u.user_id IN ($ip_users_sql)";

    653. 

  653. 

    654. 

  654. 			break;

    655. 

  655. 		case 'search_joindate':

    656. 

  656. 			$base_url .= '&search_joindate=true&date_type='. rawurlencode($date_type) .'&date_day='. rawurlencode($date_day) .'&date_month='. rawurlencode($date_month) .'&date_year='. rawurlencode(stripslashes($date_year));

    657. 

  657. 

    658. 

  658. 			$date_type = trim(strtolower($date_type));

    659. 

  659. 

    660. 

  660. 			if($date_type != 'before' && $date_type != 'after')

    661. 

  661. 			{

    662. 

  662. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_DATE']);

    663. 

  663. 			}

    664. 

  664. 

    665. 

  665. 			$date_day = intval($date_day);

    666. 

  666. 

    667. 

  667. 			if( !preg_match('/^([1-9]|[0-2][0-9]|3[0-1])$/', $date_day) )

    668. 

  668. 			{

    669. 

  669. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_DAY']);

    670. 

  670. 			}

    671. 

  671. 

    672. 

  672. 			$date_month = intval($date_month);

    673. 

  673. 

    674. 

  674. 			if( !preg_match('/^(0?[1-9]|1[0-2])$/', $date_month) )

    675. 

  675. 			{

    676. 

  676. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_MONTH']);

    677. 

  677. 			}

    678. 

  678. 

    679. 

  679. 			$date_year = intval($date_year);

    680. 

  680. 

    681. 

  681. 			if( !preg_match('/^(20[0-9]{2}|19[0-9]{2})$/', $date_year) )

    682. 

  682. 			{

    683. 

  683. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_YEAR']);

    684. 

  684. 			}

    685. 

  685. 

    686. 

  686. 			$text = sprintf($lang['SEARCH_FOR_DATE'], strip_tags(htmlspecialchars(stripslashes($date_type))), $date_year, $date_month, $date_day);

    687. 

  687. 

    688. 

  688. 			$time = mktime(0,0,0,$date_month, $date_day, $date_year);

    689. 

  689. 

    690. 

  690. 			if($date_type == 'before')

    691. 

  691. 			{

    692. 

  692. 				$arg = '<';

    693. 

  693. 			}

    694. 

  694. 			else

    695. 

  695. 			{

    696. 

  696. 				$arg = '>';

    697. 

  697. 			}

    698. 

  698. 

    699. 

  699. 			$total_sql .= "SELECT COUNT(user_id) AS total

    700. 

  700. 							FROM ".BB_USERS."

    701. 

  701. 								WHERE user_regdate $arg $time

    702. 

  702. 									AND user_id <> ".GUEST_UID;

    703. 

  703. 

    704. 

  704. 			$select_sql .= "	WHERE u.user_regdate $arg $time

    705. 

  705. 									AND u.user_id <> ".GUEST_UID;

    706. 

  706. 

    707. 

  707. 			break;

    708. 

  708. 		case 'search_group':

    709. 

  709. 			$group_id = intval($group_id);

    710. 

  710. 

    711. 

  711. 			$base_url .= '&search_group=true&group_id='. rawurlencode($group_id);

    712. 

  712. 

    713. 

  713. 			if(!$group_id)

    714. 

  714. 			{

    715. 

  715. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_GROUP']);

    716. 

  716. 			}

    717. 

  717. 

    718. 

  718. 			$sql = "SELECT group_name

    719. 

  719. 						FROM ".BB_GROUPS."

    720. 

  720. 							WHERE group_id = $group_id

    721. 

  721. 								AND group_single_user = 0";

    722. 

  722. 

    723. 

  723. 			if(!$result = DB()->sql_query($sql))

    724. 

  724. 			{

    725. 

  725. 				message_die(GENERAL_ERROR, 'Could not select group data', '', __LINE__, __FILE__, $sql);

    726. 

  726. 			}

    727. 

  727. 

    728. 

  728. 			if(DB()->num_rows($result)==0)

    729. 

  729. 			{

    730. 

  730. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_GROUP']);

    731. 

  731. 			}

    732. 

  732. 

    733. 

  733. 			$group_name = DB()->sql_fetchrow($result);

    734. 

  734. 

    735. 

  735. 			$text = sprintf($lang['SEARCH_FOR_GROUP'], strip_tags(htmlspecialchars($group_name['group_name'])));

    736. 

  736. 

    737. 

  737. 			$total_sql .= "SELECT COUNT(u.user_id) AS total

    738. 

  738. 							FROM ".BB_USERS." AS u, ".BB_USER_GROUP." AS ug

    739. 

  739. 								WHERE u.user_id = ug.user_id

    740. 

  740. 										AND ug.group_id = $group_id

    741. 

  741. 										AND u.user_id <> ".GUEST_UID;

    742. 

  742. 

    743. 

  743. 			$select_sql .= ", ".BB_USER_GROUP." AS ug

    744. 

  744. 								WHERE u.user_id = ug.user_id

    745. 

  745. 										AND ug.group_id = $group_id

    746. 

  746. 										AND u.user_id <> ".GUEST_UID;

    747. 

  747. 

    748. 

  748. 			break;

    749. 

  749. 		case 'search_rank':

    750. 

  750. 			$rank_id = intval($rank_id);

    751. 

  751. 

    752. 

  752. 			$base_url .= '&search_rank=true&rank_id='. rawurlencode($rank_id);

    753. 

  753. 

    754. 

  754. 			if(!$rank_id)

    755. 

  755. 			{

    756. 

  756. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_RANK']);

    757. 

  757. 			}

    758. 

  758. 

    759. 

  759. 			$sql = "SELECT rank_title

    760. 

  760. 						FROM ".BB_RANKS."

    761. 

  761. 							WHERE rank_id = $rank_id

    762. 

  762. 								AND rank_special = 1";

    763. 

  763. 

    764. 

  764. 			if(!$result = DB()->sql_query($sql))

    765. 

  765. 			{

    766. 

  766. 				message_die(GENERAL_ERROR, 'Could not select rank data', '', __LINE__, __FILE__, $sql);

    767. 

  767. 			}

    768. 

  768. 

    769. 

  769. 			if(DB()->num_rows($result)==0)

    770. 

  770. 			{

    771. 

  771. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_RANK']);

    772. 

  772. 			}

    773. 

  773. 

    774. 

  774. 			$rank_title = DB()->sql_fetchrow($result);

    775. 

  775. 

    776. 

  776. 			$text = sprintf($lang['SEARCH_FOR_RANK'], strip_tags(htmlspecialchars($rank_title['rank_title'])));

    777. 

  777. 

    778. 

  778. 			$total_sql .= "SELECT COUNT(user_id) AS total

    779. 

  779. 							FROM ".BB_USERS."

    780. 

  780. 								WHERE user_rank = $rank_id

    781. 

  781. 									AND user_id <> ".GUEST_UID;

    782. 

  782. 

    783. 

  783. 			$select_sql .= "	WHERE u.user_rank = $rank_id

    784. 

  784. 									AND u.user_id <> ".GUEST_UID;

    785. 

  785. 

    786. 

  786. 			break;

    787. 

  787. 		case 'search_postcount':

    788. 

  788. 			$postcount_type = trim(strtolower($postcount_type));

    789. 

  789. 			$postcount_value = trim(strtolower($postcount_value));

    790. 

  790. 

    791. 

  791. 			$base_url .= '&search_postcount=true&postcount_type='. rawurlencode($postcount_type) .'&postcount_value='. rawurlencode(stripslashes($postcount_value));

    792. 

  792. 

    793. 

  793. 			switch($postcount_type)

    794. 

  794. 			{

    795. 

  795. 				case 'greater':

    796. 

  796. 					$postcount_value = intval($postcount_value);

    797. 

  797. 

    798. 

  798. 					$text = sprintf($lang['SEARCH_FOR_POSTCOUNT_GREATER'], $postcount_value);

    799. 

  799. 

    800. 

  800. 					$total_sql .= "SELECT COUNT(user_id) AS total

    801. 

  801. 									FROM ".BB_USERS."

    802. 

  802. 										WHERE user_posts > $postcount_value

    803. 

  803. 											AND user_id <> ".GUEST_UID;

    804. 

  804. 

    805. 

  805. 					$select_sql .= "	WHERE u.user_posts > $postcount_value

    806. 

  806. 											AND u.user_id <> ".GUEST_UID;

    807. 

  807. 					break;

    808. 

  808. 				case 'lesser':

    809. 

  809. 					$postcount_value = intval($postcount_value);

    810. 

  810. 

    811. 

  811. 					$text = sprintf($lang['SEARCH_FOR_POSTCOUNT_LESSER'], $postcount_value);

    812. 

  812. 

    813. 

  813. 					$total_sql .= "SELECT COUNT(user_id) AS total

    814. 

  814. 									FROM ".BB_USERS."

    815. 

  815. 										WHERE user_posts < $postcount_value

    816. 

  816. 											AND user_id <> ".GUEST_UID;

    817. 

  817. 

    818. 

  818. 					$select_sql .= "	WHERE u.user_posts < $postcount_value

    819. 

  819. 											AND u.user_id <> ".GUEST_UID;

    820. 

  820. 					break;

    821. 

  821. 				case 'equals':

    822. 

  822. 					// looking for a -

    823. 

  823. 					if(strstr($postcount_value, '-'))

    824. 

  824. 					{

    825. 

  825. 						$range = preg_split('/[-\s]+/', $postcount_value);

    826. 

  826. 

    827. 

  827. 						$range_begin = intval($range[0]);

    828. 

  828. 						$range_end = intval($range[1]);

    829. 

  829. 

    830. 

  830. 						if($range_begin > $range_end)

    831. 

  831. 						{

    832. 

  832. 							message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_POSTCOUNT']);

    833. 

  833. 						}

    834. 

  834. 

    835. 

  835. 						$text = sprintf($lang['SEARCH_FOR_POSTCOUNT_RANGE'], $range_begin, $range_end);

    836. 

  836. 

    837. 

  837. 						$total_sql .= "SELECT COUNT(user_id) AS total

    838. 

  838. 										FROM ".BB_USERS."

    839. 

  839. 											WHERE user_posts >= $range_begin

    840. 

  840. 												AND user_posts <= $range_end

    841. 

  841. 												AND user_id <> ".GUEST_UID;

    842. 

  842. 

    843. 

  843. 						$select_sql .= "	WHERE u.user_posts >= $range_begin

    844. 

  844. 												AND u.user_posts <= $range_end

    845. 

  845. 												AND u.user_id <> ".GUEST_UID;

    846. 

  846. 					}

    847. 

  847. 					else

    848. 

  848. 					{

    849. 

  849. 						$postcount_value = intval($postcount_value);

    850. 

  850. 

    851. 

  851. 						$text = sprintf($lang['SEARCH_FOR_POSTCOUNT_EQUALS'], $postcount_value);

    852. 

  852. 

    853. 

  853. 						$total_sql .= "SELECT COUNT(user_id) AS total

    854. 

  854. 										FROM ".BB_USERS."

    855. 

  855. 											WHERE user_posts = $postcount_value

    856. 

  856. 												AND user_id <> ".GUEST_UID;

    857. 

  857. 

    858. 

  858. 						$select_sql .= "	WHERE u.user_posts = $postcount_value

    859. 

  859. 												AND u.user_id <> ".GUEST_UID;

    860. 

  860. 					}

    861. 

  861. 					break;

    862. 

  862. 				default:

    863. 

  863. 					message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID']);

    864. 

  864. 			}

    865. 

  865. 

    866. 

  866. 			break;

    867. 

  867. 		case 'search_userfield':

    868. 

  868. 			$base_url .= '&search_userfield=true&userfield_type='. rawurlencode($userfield_type) .'&userfield_value='. rawurlencode(stripslashes($userfield_value));

    869. 

  869. 

    870. 

  870. 			$text = strip_tags(htmlspecialchars(stripslashes($userfield_value)));

    871. 

  871. 

    872. 

  872. 			if(!$regex)

    873. 

  873. 			{

    874. 

  874. 				$userfield_value = preg_replace('/\*/', '%', trim(strip_tags(strtolower($userfield_value))));

    875. 

  875. 

    876. 

  876. 				if(strstr($userfield_value, '%'))

    877. 

  877. 				{

    878. 

  878. 					$op = 'LIKE';

    879. 

  879. 				}

    880. 

  880. 				else

    881. 

  881. 				{

    882. 

  882. 					$op = '=';

    883. 

  883. 				}

    884. 

  884. 			}

    885. 

  885. 			else

    886. 

  886. 			{

    887. 

  887. 				$userfield_value = preg_replace('/\\\\\\\(?<!\'|"|NULL)/', '\\', $userfield_value);

    888. 

  888. 			}

    889. 

  889. 

    890. 

  890. 			if($userfield_value == '')

    891. 

  891. 			{

    892. 

  892. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_USERFIELD']);

    893. 

  893. 			}

    894. 

  894. 

    895. 

  895. 			$userfield_type = trim(strtolower($userfield_type));

    896. 

  896. 

    897. 

  897. 			switch($userfield_type)

    898. 

  898. 			{

    899. 

  899. 				case 'icq':

    900. 

  900. 					$text = sprintf($lang['SEARCH_FOR_USERFIELD_ICQ'],$text);

    901. 

  901. 					$field = 'user_icq';

    902. 

  902. 					break;

    903. 

  903. 				case 'skype':

    904. 

  904. 					$text = sprintf($lang['SEARCH_FOR_USERFIELD_SKYPE'],$text);

    905. 

  905. 					$field = 'user_skype';

    906. 

  906. 					break;

    907. 

  907. 				case 'website':

    908. 

  908. 					$text = sprintf($lang['SEARCH_FOR_USERFIELD_WEBSITE'],$text);

    909. 

  909. 					$field = 'user_website';

    910. 

  910. 					break;

    911. 

  911. 				case 'location':

    912. 

  912. 					$text = sprintf($lang['SEARCH_FOR_USERFIELD_LOCATION'],$text);

    913. 

  913. 					$field = 'user_from';

    914. 

  914. 					break;

    915. 

  915. 				case 'interests':

    916. 

  916. 					$text = sprintf($lang['SEARCH_FOR_USERFIELD_INTERESTS'],$text);

    917. 

  917. 					$field = 'user_interests';

    918. 

  918. 					break;

    919. 

  919. 				case 'occupation':

    920. 

  920. 					$text = sprintf($lang['SEARCH_FOR_USERFIELD_OCCUPATION'],$text);

    921. 

  921. 					$field = 'user_occ';

    922. 

  922. 					break;

    923. 

  923. 				default:

    924. 

  924. 					message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID']);

    925. 

  925. 			}

    926. 

  926. 

    927. 

  927. 			if($regex && SQL_LAYER == 'oracle')

    928. 

  928. 			{

    929. 

  929. 				$total_sql .= "SELECT COUNT(user_id) AS total

    930. 

  930. 								FROM ".BB_USERS."

    931. 

  931. 									WHERE REGEXP_LIKE($field, '".DB()->escape($userfield_value)."')

    932. 

  932. 										AND user_id <> ".GUEST_UID;

    933. 

  933. 

    934. 

  934. 				$select_sql .= "	WHERE REGEXP_LIKE(u.$field, '".DB()->escape($userfield_value)."')

    935. 

  935. 										AND u.user_id <> ".GUEST_UID;

    936. 

  936. 			}

    937. 

  937. 			else

    938. 

  938. 			{

    939. 

  939. 				$total_sql .= "SELECT COUNT(user_id) AS total

    940. 

  940. 								FROM ".BB_USERS."

    941. 

  941. 									WHERE {$lower_b}$field{$lower_e} $op '".DB()->escape($userfield_value)."'

    942. 

  942. 										AND user_id <> ".GUEST_UID;

    943. 

  943. 

    944. 

  944. 				$select_sql .= "	WHERE {$lower_b}u.$field{$lower_e} $op '".DB()->escape($userfield_value)."'

    945. 

  945. 										AND u.user_id <> ".GUEST_UID;

    946. 

  946. 			}

    947. 

  947. 

    948. 

  948. 			break;

    949. 

  949. 		case 'search_lastvisited':

    950. 

  950. 			$lastvisited_type = trim(strtolower($lastvisited_type));

    951. 

  951. 			$lastvisited_days = intval($lastvisited_days);

    952. 

  952. 

    953. 

  953. 			$base_url .= '&search_lastvisited=true&lastvisited_type='. rawurlencode(stripslashes($lastvisited_type)) .'&lastvisited_days='. rawurlencode($lastvisited_days);

    954. 

  954. 

    955. 

  955. 			$lastvisited_seconds = ( TIMENOW - ( ( ( $lastvisited_days * 24 ) * 60 ) * 60 ) );

    956. 

  956. 

    957. 

  957. 			switch($lastvisited_type)

    958. 

  958. 			{

    959. 

  959. 				case 'in':

    960. 

  960. 					$text = sprintf($lang['SEARCH_FOR_LASTVISITED_INTHELAST'], $lastvisited_days, ( ( $lastvisited_days > 1 ) ? $lang['DAYS'] : $lang['DAY'] ) );

    961. 

  961. 

    962. 

  962. 					$total_sql .= "SELECT COUNT(user_id) AS total

    963. 

  963. 									FROM ".BB_USERS."

    964. 

  964. 										WHERE user_lastvisit >= $lastvisited_seconds

    965. 

  965. 											AND user_id <> ".GUEST_UID;

    966. 

  966. 

    967. 

  967. 					$select_sql .= "	WHERE u.user_lastvisit >= $lastvisited_seconds

    968. 

  968. 											AND u.user_id <> ".GUEST_UID;

    969. 

  969. 					break;

    970. 

  970. 				case 'after':

    971. 

  971. 					$text = sprintf($lang['SEARCH_FOR_LASTVISITED_AFTERTHELAST'], $lastvisited_days, ( ( $lastvisited_days > 1 ) ? $lang['DAYS'] : $lang['DAY'] ));

    972. 

  972. 

    973. 

  973. 					$total_sql .= "SELECT COUNT(user_id) AS total

    974. 

  974. 									FROM ".BB_USERS."

    975. 

  975. 										WHERE user_lastvisit < $lastvisited_seconds

    976. 

  976. 											AND user_id <> ".GUEST_UID;

    977. 

  977. 

    978. 

  978. 					$select_sql .= "	WHERE u.user_lastvisit < $lastvisited_seconds

    979. 

  979. 											AND u.user_id <> ".GUEST_UID;

    980. 

  980. 

    981. 

  981. 					break;

    982. 

  982. 				default:

    983. 

  983. 					message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_LASTVISITED']);

    984. 

  984. 			}

    985. 

  985. 

    986. 

  986. 			break;

    987. 

  987. 		case 'search_language':

    988. 

  988. 			$base_url .= '&search_language=true&language_type='. rawurlencode(stripslashes($language_type));

    989. 

  989. 

    990. 

  990. 			$language_type = trim(strtolower(stripslashes($language_type)));

    991. 

  991. 

    992. 

  992. 			if($language_type == '')

    993. 

  993. 			{

    994. 

  994. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_LANGUAGE']);

    995. 

  995. 			}

    996. 

  996. 

    997. 

  997. 			$text = sprintf($lang['SEARCH_FOR_LANGUAGE'], strip_tags(htmlspecialchars($language_type)));

    998. 

  998. 

    999. 

  999. 			$total_sql .= "SELECT COUNT(user_id) AS total

    1000. 

  1000. 							FROM ".BB_USERS."

    1001. 

  1001. 								WHERE user_lang = '".DB()->escape($language_type)."'

    1002. 

  1002. 									AND user_id <> ".GUEST_UID;

    1003. 

  1003. 

    1004. 

  1004. 			$select_sql .= "	WHERE u.user_lang = '".DB()->escape($language_type)."'

    1005. 

  1005. 									AND u.user_id <> ".GUEST_UID;

    1006. 

  1006. 

    1007. 

  1007. 			break;

    1008. 

  1008. 		case 'search_timezone':

    1009. 

  1009. 			$base_url .= '&search_timezone=true&timezone_type='. rawurlencode(stripslashes($timezone_type));

    1010. 

  1010. 			$text = sprintf($lang['SEARCH_FOR_TIMEZONE'], strip_tags(htmlspecialchars(stripslashes($timezone_type))));

    1011. 

  1011. 

    1012. 

  1012. 			$timezone_type = intval($timezone_type);

    1013. 

  1013. 

    1014. 

  1014. 			$total_sql .= "SELECT COUNT(user_id) AS total

    1015. 

  1015. 							FROM ".BB_USERS."

    1016. 

  1016. 								WHERE user_timezone = $timezone_type

    1017. 

  1017. 									AND user_id <> ".GUEST_UID;

    1018. 

  1018. 

    1019. 

  1019. 			$select_sql .= "	WHERE u.user_timezone = $timezone_type

    1020. 

  1020. 									AND u.user_id <> ".GUEST_UID;

    1021. 

  1021. 

    1022. 

  1022. 			break;

    1023. 

  1023. 		case 'search_style':

    1024. 

  1024. 			message_die(GENERAL_MESSAGE, 'Disabled');

    1025. 

  1025. 			break;

    1026. 

  1026. 		case 'search_moderators':

    1027. 

  1027. 			$base_url .= '&search_moderators=true&moderators_forum='. rawurlencode(stripslashes($moderators_forum));

    1028. 

  1028. 			$moderators_forum = intval($moderators_forum);

    1029. 

  1029. 

    1030. 

  1030. 			$sql = "SELECT forum_name

    1031. 

  1031. 						FROM ".BB_FORUMS."

    1032. 

  1032. 							WHERE forum_id = ".$moderators_forum;

    1033. 

  1033. 

    1034. 

  1034. 

    1035. 

  1035. 			if(!$result = DB()->sql_query($sql))

    1036. 

  1036. 			{

    1037. 

  1037. 				message_die(GENERAL_ERROR, 'Could not select forum data', '', __LINE__, __FILE__, $sql);

    1038. 

  1038. 			}

    1039. 

  1039. 

    1040. 

  1040. 			if(DB()->num_rows($result)==0)

    1041. 

  1041. 			{

    1042. 

  1042. 				message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID_MODERATORS']);

    1043. 

  1043. 			}

    1044. 

  1044. 

    1045. 

  1045. 			$forum_name = DB()->sql_fetchrow($result);

    1046. 

  1046. 

    1047. 

  1047. 			$text = sprintf($lang['SEARCH_FOR_MODERATORS'], htmlCHR($forum_name['forum_name']));

    1048. 

  1048. 

    1049. 

  1049. 			$total_sql .= "SELECT COUNT(DISTINCT u.user_id) AS total

    1050. 

  1050. 							FROM ".BB_USERS." AS u, ".BB_GROUPS." AS g, ".BB_USER_GROUP." AS ug, ".BB_AUTH_ACCESS." AS aa

    1051. 

  1051. 								WHERE u.user_id = ug.user_id

    1052. 

  1052. 									AND ug.group_id = g.group_id

    1053. 

  1053. 									AND	g.group_id = aa.group_id

    1054. 

  1054. 									AND aa.forum_id = ". $moderators_forum ."

    1055. 

  1055. 									AND aa.forum_perm & ". BF_AUTH_MOD ."

    1056. 

  1056. 									AND u.user_id <> ".GUEST_UID;

    1057. 

  1057. 

    1058. 

  1058. 			$select_sql .= ", ".BB_GROUPS." AS g, ".BB_USER_GROUP." AS ug, ".BB_AUTH_ACCESS." AS aa

    1059. 

  1059. 								WHERE u.user_id = ug.user_id

    1060. 

  1060. 									AND ug.group_id = g.group_id

    1061. 

  1061. 									AND	g.group_id = aa.group_id

    1062. 

  1062. 									AND aa.forum_id = ". $moderators_forum ."

    1063. 

  1063. 									AND aa.forum_perm & ". BF_AUTH_MOD ."

    1064. 

  1064. 									AND u.user_id <> ".GUEST_UID."

    1065. 

  1065. 								GROUP BY u.user_id, u.username, u.user_email, u.user_posts, u.user_regdate, u.user_level, u.user_active, u.user_lastvisit";

    1066. 

  1066. 			break;

    1067. 

  1067. 		case 'search_misc':

    1068. 

  1068. 		default:

    1069. 

  1069. 			$misc = trim(strtolower($misc));

    1070. 

  1070. 

    1071. 

  1071. 			$base_url .= '&search_misc=true&misc='. rawurlencode(stripslashes($misc));

    1072. 

  1072. 

    1073. 

  1073. 			switch($misc)

    1074. 

  1074. 			{

    1075. 

  1075. 				case 'admins':

    1076. 

  1076. 					$text = $lang['SEARCH_FOR_ADMINS'];

    1077. 

  1077. 

    1078. 

  1078. 					$total_sql .= "SELECT COUNT(user_id) AS total

    1079. 

  1079. 									FROM ".BB_USERS."

    1080. 

  1080. 										WHERE user_level = ".ADMIN."

    1081. 

  1081. 											AND user_id <> ".GUEST_UID;

    1082. 

  1082. 

    1083. 

  1083. 					$select_sql .= "	WHERE u.user_level = ".ADMIN."

    1084. 

  1084. 											AND u.user_id <> ".GUEST_UID;

    1085. 

  1085. 					break;

    1086. 

  1086. 				case 'mods':

    1087. 

  1087. 					$text = $lang['SEARCH_FOR_MODS'];

    1088. 

  1088. 

    1089. 

  1089. 					$total_sql .= "SELECT COUNT(user_id) AS total

    1090. 

  1090. 									FROM ".BB_USERS."

    1091. 

  1091. 										WHERE user_level = ".MOD."

    1092. 

  1092. 											AND user_id <> ".GUEST_UID;

    1093. 

  1093. 

    1094. 

  1094. 					$select_sql .= "	WHERE u.user_level = ".MOD."

    1095. 

  1095. 											AND u.user_id <> ".GUEST_UID;

    1096. 

  1096. 					break;

    1097. 

  1097. 				case 'banned':

    1098. 

  1098. 					$text = $lang['SEARCH_FOR_BANNED'];

    1099. 

  1099. 

    1100. 

  1100. 					$total_sql .= "SELECT COUNT(u.user_id) AS total

    1101. 

  1101. 									FROM ".BB_USERS." AS u, ".BB_BANLIST." AS b

    1102. 

  1102. 										WHERE u.user_id = b.ban_userid

    1103. 

  1103. 											AND u.user_id <> ".GUEST_UID;

    1104. 

  1104. 

    1105. 

  1105. 					$select_sql .= ", ".BB_BANLIST." AS b

    1106. 

  1106. 										WHERE u.user_id = b.ban_userid

    1107. 

  1107. 											AND u.user_id <> ".GUEST_UID;

    1108. 

  1108. 

    1109. 

  1109. 					break;

    1110. 

  1110. 				case 'disabled':

    1111. 

  1111. 					$text = $lang['SEARCH_FOR_DISABLED'];

    1112. 

  1112. 

    1113. 

  1113. 					$total_sql .= "SELECT COUNT(user_id) AS total

    1114. 

  1114. 									FROM ".BB_USERS."

    1115. 

  1115. 										WHERE user_active = 0

    1116. 

  1116. 											AND user_id <> ".GUEST_UID;

    1117. 

  1117. 

    1118. 

  1118. 					$select_sql .= "	WHERE u.user_active = 0

    1119. 

  1119. 											AND u.user_id <> ".GUEST_UID;

    1120. 

  1120. 

    1121. 

  1121. 					break;

    1122. 

  1122. 				default:

    1123. 

  1123. 					message_die(GENERAL_MESSAGE, $lang['SEARCH_INVALID']);

    1124. 

  1124. 			}

    1125. 

  1125. 	}

    1126. 

  1126. 

    1127. 

  1127. 	if(@$regex)

    1128. 

  1128. 	{

    1129. 

  1129. 		$base_url .= '&regex=1';

    1130. 

  1130. 	}

    1131. 

  1131. 

    1132. 

  1132. 	$select_sql .= "	ORDER BY ";

    1133. 

  1133. 

    1134. 

  1134. 	switch(strtolower(@$_GET['sort']))

    1135. 

  1135. 	{

    1136. 

  1136. 		case 'regdate':

    1137. 

  1137. 			$sort = 'regdate';

    1138. 

  1138. 

    1139. 

  1139. 			$select_sql .= 'u.user_regdate';

    1140. 

  1140. 			break;

    1141. 

  1141. 		case 'posts':

    1142. 

  1142. 			$sort = 'posts';

    1143. 

  1143. 

    1144. 

  1144. 			$select_sql .= 'u.user_posts';

    1145. 

  1145. 			break;

    1146. 

  1146. 		case 'user_email':

    1147. 

  1147. 			$sort = 'user_email';

    1148. 

  1148. 

    1149. 

  1149. 			$select_sql .= 'u.user_email';

    1150. 

  1150. 			break;

    1151. 

  1151. 		case 'lastvisit':

    1152. 

  1152. 			$sort = 'lastvisit';

    1153. 

  1153. 

    1154. 

  1154. 			$select_sql .= 'u.user_lastvisit';

    1155. 

  1155. 			break;

    1156. 

  1156. 		case 'username':

    1157. 

  1157. 		default:

    1158. 

  1158. 			$sort = 'username';

    1159. 

  1159. 

    1160. 

  1160. 			$select_sql .= 'u.username';

    1161. 

  1161. 	}

    1162. 

  1162. 

    1163. 

  1163. 	switch(@$_GET['order'])

    1164. 

  1164. 	{

    1165. 

  1165. 		case 'DESC':

    1166. 

  1166. 			$order = 'DESC';

    1167. 

  1167. 			$o_order = 'ASC';

    1168. 

  1168. 			break;

    1169. 

  1169. 		default:

    1170. 

  1170. 			$o_order = 'DESC';

    1171. 

  1171. 			$order = 'ASC';

    1172. 

  1172. 	}

    1173. 

  1173. 

    1174. 

  1174. 	$select_sql .= " $order";

    1175. 

  1175. 

    1176. 

  1176. 	$page = ( isset($_GET['page']) ) ? intval($_GET['page']) : intval(trim(@$_POST['page']));

    1177. 

  1177. 

    1178. 

  1178. 	if($page < 1)

    1179. 

  1179. 	{

    1180. 

  1180. 		$page = 1;

    1181. 

  1181. 	}

    1182. 

  1182. 

    1183. 

  1183. 	if($page == 1)

    1184. 

  1184. 	{

    1185. 

  1185. 		$offset = 0;

    1186. 

  1186. 	}

    1187. 

  1187. 	else

    1188. 

  1188. 	{

    1189. 

  1189. 		$offset = ( ($page - 1) * $bb_cfg['topics_per_page']);

    1190. 

  1190. 	}

    1191. 

  1191. 

    1192. 

  1192. 	$limit = "LIMIT $offset, ".$bb_cfg['topics_per_page'];

    1193. 

  1193. 

    1194. 

  1194. 	$select_sql .= " $limit";

    1195. 

  1195. 

    1196. 

  1196. 	if(!is_null($total_sql))

    1197. 

  1197. 	{

    1198. 

  1198. 		if(!$result = DB()->sql_query($total_sql))

    1199. 

  1199. 		{

    1200. 

  1200. 			message_die(GENERAL_ERROR, "Could not count users", '', __LINE__, __FILE__, $total_sql);

    1201. 

  1201. 		}

    1202. 

  1202. 

    1203. 

  1203. 		$total_pages = DB()->sql_fetchrow($result);

    1204. 

  1204. 

    1205. 

  1205. 		if($total_pages['total'] == 0)

    1206. 

  1206. 		{

    1207. 

  1207. 			message_die(GENERAL_MESSAGE, $lang['SEARCH_NO_RESULTS']);

    1208. 

  1208. 		}

    1209. 

  1209. 	}

    1210. 

  1210. 	$num_pages = ceil( ( $total_pages['total'] / $bb_cfg['topics_per_page'] ) );

    1211. 

  1211. 

    1212. 

  1212. 	$pagination = '';

    1213. 

  1213. 

    1214. 

  1214. 	if($page > 1)

    1215. 

  1215. 	{

    1216. 

  1216. 		$pagination .= '<a href="'.$base_url.'&sort='.$sort.'&order='.$order.'&page='.($page - 1).'">'. $lang['PREVIOUS'] .'</a>';

    1217. 

  1217. 	}

    1218. 

  1218. 

    1219. 

  1219. 	if($page < $num_pages)

    1220. 

  1220. 	{

    1221. 

  1221. 		$pagination .= ( $pagination == '' ) ? '<a href="'.$base_url.'&sort='.$sort.'&order='.$order.'&page='. ($page + 1) .'">'.$lang['NEXT'].'</a>' : ' | <a href="'.$base_url.'&sort='.$sort.'&order='.$order.'&page='. ($page + 1) .'">'.$lang['NEXT'].'</a>';

    1222. 

  1222. 	}

    1223. 

  1223. 	if ($num_pages > 2)

    1224. 

  1224. 	{

    1225. 

  1225. 		$pagination .= '&nbsp;&nbsp;<input type="text" name="page" maxlength="5" size="2" class="post" />&nbsp;<input type="submit" name="submit" value="'.$lang['GO'].'" class="post" />';

    1226. 

  1226. 	}

    1227. 

  1227. 	$template->assign_vars(array(

    1228. 

  1228. 		'TPL_ADMIN_USER_SEARCH_RESULTS' => true,

    1229. 

  1229. 

    1230. 

  1230. 		'PAGE_NUMBER' => sprintf($lang['PAGE_OF'], $page, $num_pages),

    1231. 

  1231. 		'PAGINATION' => $pagination,

    1232. 

  1232. 		'NEW_SEARCH' => sprintf($lang['SEARCH_USERS_NEW'],$text, $total_pages['total'], 'admin_user_search.php'),

    1233. 

  1233. 

    1234. 

  1234. 		'U_USERNAME' => ($sort == 'username') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=username&order=$order",

    1235. 

  1235. 		'U_EMAIL' => ($sort == 'user_email') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=user_email&order=$order",

    1236. 

  1236. 		'U_POSTS' => ($sort == 'posts') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=posts&order=$order",

    1237. 

  1237. 		'U_JOINDATE' => ($sort == 'regdate') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=regdate&order=$order",

    1238. 

  1238. 		'U_LASTVISIT' => ($sort == 'lastvisit') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=lastvisit&order=$order",

    1239. 

  1239. 

    1240. 

  1240. 		'S_POST_ACTION' => "$base_url&sort=$sort&order=$order"

    1241. 

  1241. 	));

    1242. 

  1242. 

    1243. 

  1243. 	if(!$result = DB()->sql_query($select_sql))

    1244. 

  1244. 	{

    1245. 

  1245. 		message_die(GENERAL_ERROR, "Could not select user data", '', __LINE__, __FILE__, $select_sql);

    1246. 

  1246. 	}

    1247. 

  1247. 

    1248. 

  1248. 	$rowset = DB()->sql_fetchrowset($result);

    1249. 

  1249. 

    1250. 

  1250. 	$users_sql = '';

    1251. 

  1251. 

    1252. 

  1252. 	foreach($rowset as $array)

    1253. 

  1253. 	{

    1254. 

  1254. 		$users_sql .= ( $users_sql == '' ) ? $array['user_id'] : ', '.$array['user_id'];

    1255. 

  1255. 	}

    1256. 

  1256. 

    1257. 

  1257. 	$sql = "SELECT ban_userid AS user_id

    1258. 

  1258. 				FROM ". BB_BANLIST ."

    1259. 

  1259. 					WHERE ban_userid IN ($users_sql)";

    1260. 

  1260. 

    1261. 

  1261. 	if(!$result = DB()->sql_query($sql))

    1262. 

  1262. 	{

    1263. 

  1263. 		message_die(GENERAL_ERROR, "Could not select banned data", '', __LINE__, __FILE__, $sql);

    1264. 

  1264. 	}

    1265. 

  1265. 

    1266. 

  1266. 	unset($banned);

    1267. 

  1267. 

    1268. 

  1268. 	$banned = array();

    1269. 

  1269. 

    1270. 

  1270. 	while($row = DB()->sql_fetchrow($result))

    1271. 

  1271. 	{

    1272. 

  1272. 		$banned[$row['user_id']] = true;

    1273. 

  1273. 	}

    1274. 

  1274. 

    1275. 

  1275. 	for($i = 0; $i < count($rowset); $i++)

    1276. 

  1276. 	{

    1277. 

  1277. 		$row_class = !($i % 2) ? 'row1' : 'row2';

    1278. 

  1278. 

    1279. 

  1279. 		$template->assign_block_vars('userrow', array(

    1280. 

  1280. 			'ROW_CLASS' => $row_class,

    1281. 

  1281. 			'USER' => profile_url($rowset[$i]),

    1282. 

  1282. 			'EMAIL' => $rowset[$i]['user_email'],

    1283. 

  1283. 			'JOINDATE' => bb_date($rowset[$i]['user_regdate']),

    1284. 

  1284. 			'LASTVISIT' => bb_date($rowset[$i]['user_lastvisit']),

    1285. 

  1285. 			'POSTS' => $rowset[$i]['user_posts'],

    1286. 

  1286. 			'BAN' => ( ( !isset($banned[$rowset[$i]['user_id']]) ) ? $lang['NOT_BANNED'] : $lang['BANNED'] ),

    1287. 

  1287. 			'ABLED' => ( ( $rowset[$i]['user_active'] ) ? $lang['ENABLED'] : $lang['DISABLED'] ),

    1288. 

  1288. 

    1289. 

  1289. 			'U_VIEWPOSTS' => "../search.php?search_author=1&amp;uid={$rowset[$i]['user_id']}",

    1290. 

  1290. 			'U_MANAGE' => '../profile.php?mode=editprofile&'. POST_USERS_URL .'='.$rowset[$i]['user_id'].'&admin=1',

    1291. 

  1291. 			'U_PERMISSIONS' => 'admin_ug_auth.php?mode=user&'. POST_USERS_URL .'='. $rowset[$i]['user_id'],

    1292. 

  1292. 		));

    1293. 

  1293. 	}

    1294. 

  1294. }

    1295. 

  1295. 

    1296. 

  1296. print_page('admin_user_search.tpl', 'admin');
    1297.