PageRenderTime 80ms CodeModel.GetById 39ms RepoModel.GetById 1ms app.codeStats 1ms

/memberlist.php

https://bitbucket.org/jablonski/yebood
PHP | 1763 lines | 1381 code | 282 blank | 100 comment | 319 complexity | 997f91fa8cab4b7784fda938a7c6be34 MD5 | raw file
Possible License(s): AGPL-1.0

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. /**
  3. *
  4. * @package phpBB3
  5. * @version $Id$
  6. * @copyright (c) 2005 phpBB Group
  7. * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  8. *
  9. */
  10. /**
  11. * @ignore
  12. */
  13. define('IN_PHPBB', true);
  14. $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
  15. $phpEx = substr(strrchr(__FILE__, '.'), 1);
  16. include($phpbb_root_path . 'common.' . $phpEx);
  17. include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
  18. // Start session management
  19. $user->session_begin();
  20. $auth->acl($user->data);
  21. $user->setup(array('memberlist', 'groups'));
  22. // Grab data
  23. $mode = request_var('mode', '');
  24. $action = request_var('action', '');
  25. $user_id = request_var('u', ANONYMOUS);
  26. $username = request_var('un', '', true);
  27. $group_id = request_var('g', 0);
  28. $topic_id = request_var('t', 0);
  29. // Check our mode...
  30. if (!in_array($mode, array('', 'group', 'viewprofile', 'email', 'contact', 'searchuser', 'leaders')))
  31. {
  32. trigger_error('NO_MODE');
  33. }
  34. switch ($mode)
  35. {
  36. case 'email':
  37. break;
  38. default:
  39. // Can this user view profiles/memberlist?
  40. if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel'))
  41. {
  42. if ($user->data['user_id'] != ANONYMOUS)
  43. {
  44. trigger_error('NO_VIEW_USERS');
  45. }
  46. login_box('', ((isset($user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)])) ? $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)] : $user->lang['LOGIN_EXPLAIN_MEMBERLIST']));
  47. }
  48. break;
  49. }
  50. $start = request_var('start', 0);
  51. $submit = (isset($_POST['submit'])) ? true : false;
  52. $default_key = 'c';
  53. $sort_key = request_var('sk', $default_key);
  54. $sort_dir = request_var('sd', 'a');
  55. // What do you want to do today? ... oops, I think that line is taken ...
  56. switch ($mode)
  57. {
  58. case 'leaders':
  59. // Display a listing of board admins, moderators
  60. include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
  61. $page_title = $user->lang['THE_TEAM'];
  62. $template_html = 'memberlist_leaders.html';
  63. $user_ary = $auth->acl_get_list(false, array('a_', 'm_'), false);
  64. $admin_id_ary = $global_mod_id_ary = $mod_id_ary = $forum_id_ary = array();
  65. foreach ($user_ary as $forum_id => $forum_ary)
  66. {
  67. foreach ($forum_ary as $auth_option => $id_ary)
  68. {
  69. if (!$forum_id)
  70. {
  71. if ($auth_option == 'a_')
  72. {
  73. $admin_id_ary = array_merge($admin_id_ary, $id_ary);
  74. }
  75. else
  76. {
  77. $global_mod_id_ary = array_merge($global_mod_id_ary, $id_ary);
  78. }
  79. continue;
  80. }
  81. else
  82. {
  83. $mod_id_ary = array_merge($mod_id_ary, $id_ary);
  84. }
  85. if ($forum_id)
  86. {
  87. foreach ($id_ary as $id)
  88. {
  89. $forum_id_ary[$id][] = $forum_id;
  90. }
  91. }
  92. }
  93. }
  94. $admin_id_ary = array_unique($admin_id_ary);
  95. $global_mod_id_ary = array_unique($global_mod_id_ary);
  96. $mod_id_ary = array_merge($mod_id_ary, $global_mod_id_ary);
  97. $mod_id_ary = array_unique($mod_id_ary);
  98. // Admin group id...
  99. $sql = 'SELECT group_id
  100. FROM ' . GROUPS_TABLE . "
  101. WHERE group_name = 'ADMINISTRATORS'";
  102. $result = $db->sql_query($sql);
  103. $admin_group_id = (int) $db->sql_fetchfield('group_id');
  104. $db->sql_freeresult($result);
  105. // Get group memberships for the admin id ary...
  106. $admin_memberships = group_memberships($admin_group_id, $admin_id_ary);
  107. $admin_user_ids = array();
  108. if (!empty($admin_memberships))
  109. {
  110. // ok, we only need the user ids...
  111. foreach ($admin_memberships as $row)
  112. {
  113. $admin_user_ids[$row['user_id']] = true;
  114. }
  115. }
  116. unset($admin_memberships);
  117. $sql = 'SELECT forum_id, forum_name
  118. FROM ' . FORUMS_TABLE;
  119. $result = $db->sql_query($sql);
  120. $forums = array();
  121. while ($row = $db->sql_fetchrow($result))
  122. {
  123. $forums[$row['forum_id']] = $row['forum_name'];
  124. }
  125. $db->sql_freeresult($result);
  126. $sql = $db->sql_build_query('SELECT', array(
  127. 'SELECT' => 'u.user_id, u.group_id as default_group, u.username, u.username_clean, u.user_colour, u.user_rank, u.user_posts, u.user_allow_pm, g.group_id, g.group_name, g.group_colour, g.group_type, ug.user_id as ug_user_id',
  128. 'FROM' => array(
  129. USERS_TABLE => 'u',
  130. GROUPS_TABLE => 'g'
  131. ),
  132. 'LEFT_JOIN' => array(
  133. array(
  134. 'FROM' => array(USER_GROUP_TABLE => 'ug'),
  135. 'ON' => 'ug.group_id = g.group_id AND ug.user_pending = 0 AND ug.user_id = ' . $user->data['user_id']
  136. )
  137. ),
  138. 'WHERE' => $db->sql_in_set('u.user_id', array_unique(array_merge($admin_id_ary, $mod_id_ary)), false, true) . '
  139. AND u.group_id = g.group_id',
  140. 'ORDER_BY' => 'g.group_name ASC, u.username_clean ASC'
  141. ));
  142. $result = $db->sql_query($sql);
  143. while ($row = $db->sql_fetchrow($result))
  144. {
  145. $which_row = (in_array($row['user_id'], $admin_id_ary)) ? 'admin' : 'mod';
  146. // We sort out admins not within the 'Administrators' group.
  147. // Else, we will list those as admin only having the permission to view logs for example.
  148. if ($which_row == 'admin' && empty($admin_user_ids[$row['user_id']]))
  149. {
  150. // Remove from admin_id_ary, because the user may be a mod instead
  151. unset($admin_id_ary[array_search($row['user_id'], $admin_id_ary)]);
  152. if (!in_array($row['user_id'], $mod_id_ary) && !in_array($row['user_id'], $global_mod_id_ary))
  153. {
  154. continue;
  155. }
  156. else
  157. {
  158. $which_row = 'mod';
  159. }
  160. }
  161. $s_forum_select = '';
  162. $undisclosed_forum = false;
  163. if (isset($forum_id_ary[$row['user_id']]) && !in_array($row['user_id'], $global_mod_id_ary))
  164. {
  165. if ($which_row == 'mod' && sizeof(array_diff(array_keys($forums), $forum_id_ary[$row['user_id']])))
  166. {
  167. foreach ($forum_id_ary[$row['user_id']] as $forum_id)
  168. {
  169. if (isset($forums[$forum_id]))
  170. {
  171. if ($auth->acl_get('f_list', $forum_id))
  172. {
  173. $s_forum_select .= '<option value="">' . $forums[$forum_id] . '</option>';
  174. }
  175. else
  176. {
  177. $undisclosed_forum = true;
  178. }
  179. }
  180. }
  181. }
  182. }
  183. // If the mod is only moderating non-viewable forums we skip the user. There is no gain in displaying the person then...
  184. if (!$s_forum_select && $undisclosed_forum)
  185. {
  186. // $s_forum_select = '<option value="">' . $user->lang['FORUM_UNDISCLOSED'] . '</option>';
  187. continue;
  188. }
  189. // The person is moderating several "public" forums, therefore the person should be listed, but not giving the real group name if hidden.
  190. if ($row['group_type'] == GROUP_HIDDEN && !$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') && $row['ug_user_id'] != $user->data['user_id'])
  191. {
  192. $group_name = $user->lang['GROUP_UNDISCLOSED'];
  193. $u_group = '';
  194. }
  195. else
  196. {
  197. $group_name = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
  198. $u_group = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']);
  199. }
  200. $rank_title = $rank_img = '';
  201. get_user_rank($row['user_rank'], (($row['user_id'] == ANONYMOUS) ? false : $row['user_posts']), $rank_title, $rank_img, $rank_img_src);
  202. $template->assign_block_vars($which_row, array(
  203. 'USER_ID' => $row['user_id'],
  204. 'FORUMS' => $s_forum_select,
  205. 'RANK_TITLE' => $rank_title,
  206. 'GROUP_NAME' => $group_name,
  207. 'GROUP_COLOR' => $row['group_colour'],
  208. 'RANK_IMG' => $rank_img,
  209. 'RANK_IMG_SRC' => $rank_img_src,
  210. 'U_GROUP' => $u_group,
  211. 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($row['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;u=' . $row['user_id']) : '',
  212. 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
  213. 'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
  214. 'USER_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']),
  215. 'U_VIEW_PROFILE' => get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']),
  216. ));
  217. }
  218. $db->sql_freeresult($result);
  219. $template->assign_vars(array(
  220. 'PM_IMG' => $user->img('icon_contact_pm', $user->lang['SEND_PRIVATE_MESSAGE']))
  221. );
  222. break;
  223. case 'contact':
  224. $page_title = $user->lang['IM_USER'];
  225. $template_html = 'memberlist_im.html';
  226. if (!$auth->acl_get('u_sendim'))
  227. {
  228. trigger_error('NOT_AUTHORISED');
  229. }
  230. $presence_img = '';
  231. switch ($action)
  232. {
  233. case 'aim':
  234. $lang = 'AIM';
  235. $sql_field = 'user_aim';
  236. $s_select = 'S_SEND_AIM';
  237. $s_action = '';
  238. break;
  239. case 'msnm':
  240. $lang = 'MSNM';
  241. $sql_field = 'user_msnm';
  242. $s_select = 'S_SEND_MSNM';
  243. $s_action = '';
  244. break;
  245. case 'jabber':
  246. $lang = 'JABBER';
  247. $sql_field = 'user_jabber';
  248. $s_select = (@extension_loaded('xml') && $config['jab_enable']) ? 'S_SEND_JABBER' : 'S_NO_SEND_JABBER';
  249. $s_action = append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=contact&amp;action=$action&amp;u=$user_id");
  250. break;
  251. default:
  252. trigger_error('NO_MODE', E_USER_ERROR);
  253. break;
  254. }
  255. // Grab relevant data
  256. $sql = "SELECT user_id, username, user_email, user_lang, $sql_field
  257. FROM " . USERS_TABLE . "
  258. WHERE user_id = $user_id
  259. AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';
  260. $result = $db->sql_query($sql);
  261. $row = $db->sql_fetchrow($result);
  262. $db->sql_freeresult($result);
  263. if (!$row)
  264. {
  265. trigger_error('NO_USER');
  266. }
  267. else if (empty($row[$sql_field]))
  268. {
  269. trigger_error('IM_NO_DATA');
  270. }
  271. // Post data grab actions
  272. switch ($action)
  273. {
  274. case 'jabber':
  275. add_form_key('memberlist_messaging');
  276. if ($submit && @extension_loaded('xml') && $config['jab_enable'])
  277. {
  278. if (check_form_key('memberlist_messaging'))
  279. {
  280. include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
  281. $subject = sprintf($user->lang['IM_JABBER_SUBJECT'], $user->data['username'], $config['server_name']);
  282. $message = utf8_normalize_nfc(request_var('message', '', true));
  283. if (empty($message))
  284. {
  285. trigger_error('EMPTY_MESSAGE_IM');
  286. }
  287. $messenger = new messenger(false);
  288. $messenger->template('profile_send_im', $row['user_lang']);
  289. $messenger->subject(htmlspecialchars_decode($subject));
  290. $messenger->replyto($user->data['user_email']);
  291. $messenger->im($row['user_jabber'], $row['username']);
  292. $messenger->assign_vars(array(
  293. 'BOARD_CONTACT' => $config['board_contact'],
  294. 'FROM_USERNAME' => htmlspecialchars_decode($user->data['username']),
  295. 'TO_USERNAME' => htmlspecialchars_decode($row['username']),
  296. 'MESSAGE' => htmlspecialchars_decode($message))
  297. );
  298. $messenger->send(NOTIFY_IM);
  299. $s_select = 'S_SENT_JABBER';
  300. }
  301. else
  302. {
  303. trigger_error('FORM_INVALID');
  304. }
  305. }
  306. break;
  307. }
  308. // Send vars to the template
  309. $template->assign_vars(array(
  310. 'IM_CONTACT' => $row[$sql_field],
  311. 'A_IM_CONTACT' => addslashes($row[$sql_field]),
  312. 'U_AIM_CONTACT' => ($action == 'aim') ? 'aim:addbuddy?screenname=' . urlencode($row[$sql_field]) : '',
  313. 'U_AIM_MESSAGE' => ($action == 'aim') ? 'aim:goim?screenname=' . urlencode($row[$sql_field]) . '&amp;message=' . urlencode($config['sitename']) : '',
  314. 'USERNAME' => $row['username'],
  315. 'CONTACT_NAME' => $row[$sql_field],
  316. 'SITENAME' => $config['sitename'],
  317. 'PRESENCE_IMG' => $presence_img,
  318. 'L_SEND_IM_EXPLAIN' => $user->lang['IM_' . $lang],
  319. 'L_IM_SENT_JABBER' => sprintf($user->lang['IM_SENT_JABBER'], $row['username']),
  320. $s_select => true,
  321. 'S_IM_ACTION' => $s_action)
  322. );
  323. break;
  324. case 'viewprofile':
  325. // Display a profile
  326. if ($user_id == ANONYMOUS && !$username)
  327. {
  328. trigger_error('NO_USER');
  329. }
  330. // Get user...
  331. $sql = 'SELECT *
  332. FROM ' . USERS_TABLE . '
  333. WHERE ' . (($username) ? "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : "user_id = $user_id");
  334. $result = $db->sql_query($sql);
  335. $member = $db->sql_fetchrow($result);
  336. $db->sql_freeresult($result);
  337. if (!$member)
  338. {
  339. trigger_error('NO_USER');
  340. }
  341. // a_user admins and founder are able to view inactive users and bots to be able to manage them more easily
  342. // Normal users are able to see at least users having only changed their profile settings but not yet reactivated.
  343. if (!$auth->acl_get('a_user') && $user->data['user_type'] != USER_FOUNDER)
  344. {
  345. if ($member['user_type'] == USER_IGNORE)
  346. {
  347. trigger_error('NO_USER');
  348. }
  349. else if ($member['user_type'] == USER_INACTIVE && $member['user_inactive_reason'] != INACTIVE_PROFILE)
  350. {
  351. trigger_error('NO_USER');
  352. }
  353. }
  354. $user_id = (int) $member['user_id'];
  355. // Get group memberships
  356. // Also get visiting user's groups to determine hidden group memberships if necessary.
  357. $auth_hidden_groups = ($user_id === (int) $user->data['user_id'] || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? true : false;
  358. $sql_uid_ary = ($auth_hidden_groups) ? array($user_id) : array($user_id, (int) $user->data['user_id']);
  359. // Do the SQL thang
  360. $sql = 'SELECT g.group_id, g.group_name, g.group_type, ug.user_id
  361. FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
  362. WHERE ' . $db->sql_in_set('ug.user_id', $sql_uid_ary) . '
  363. AND g.group_id = ug.group_id
  364. AND ug.user_pending = 0';
  365. $result = $db->sql_query($sql);
  366. // Divide data into profile data and current user data
  367. $profile_groups = $user_groups = array();
  368. while ($row = $db->sql_fetchrow($result))
  369. {
  370. $row['user_id'] = (int) $row['user_id'];
  371. $row['group_id'] = (int) $row['group_id'];
  372. if ($row['user_id'] == $user_id)
  373. {
  374. $profile_groups[] = $row;
  375. }
  376. else
  377. {
  378. $user_groups[$row['group_id']] = $row['group_id'];
  379. }
  380. }
  381. $db->sql_freeresult($result);
  382. // Filter out hidden groups and sort groups by name
  383. $group_data = $group_sort = array();
  384. foreach ($profile_groups as $row)
  385. {
  386. if ($row['group_type'] == GROUP_SPECIAL)
  387. {
  388. // Lookup group name in language dictionary
  389. if (isset($user->lang['G_' . $row['group_name']]))
  390. {
  391. $row['group_name'] = $user->lang['G_' . $row['group_name']];
  392. }
  393. }
  394. else if (!$auth_hidden_groups && $row['group_type'] == GROUP_HIDDEN && !isset($user_groups[$row['group_id']]))
  395. {
  396. // Skip over hidden groups the user cannot see
  397. continue;
  398. }
  399. $group_sort[$row['group_id']] = utf8_clean_string($row['group_name']);
  400. $group_data[$row['group_id']] = $row;
  401. }
  402. unset($profile_groups);
  403. unset($user_groups);
  404. asort($group_sort);
  405. $group_options = '';
  406. foreach ($group_sort as $group_id => $null)
  407. {
  408. $row = $group_data[$group_id];
  409. $group_options .= '<option value="' . $row['group_id'] . '"' . (($row['group_id'] == $member['group_id']) ? ' selected="selected"' : '') . '>' . $row['group_name'] . '</option>';
  410. }
  411. unset($group_data);
  412. unset($group_sort);
  413. // What colour is the zebra
  414. $sql = 'SELECT friend, foe
  415. FROM ' . ZEBRA_TABLE . "
  416. WHERE zebra_id = $user_id
  417. AND user_id = {$user->data['user_id']}";
  418. $result = $db->sql_query($sql);
  419. $row = $db->sql_fetchrow($result);
  420. $foe = ($row['foe']) ? true : false;
  421. $friend = ($row['friend']) ? true : false;
  422. $db->sql_freeresult($result);
  423. if ($config['load_onlinetrack'])
  424. {
  425. $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
  426. FROM ' . SESSIONS_TABLE . "
  427. WHERE session_user_id = $user_id";
  428. $result = $db->sql_query($sql);
  429. $row = $db->sql_fetchrow($result);
  430. $db->sql_freeresult($result);
  431. $member['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;
  432. $member['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
  433. unset($row);
  434. }
  435. if ($config['load_user_activity'])
  436. {
  437. display_user_activity($member);
  438. }
  439. // Do the relevant calculations
  440. $memberdays = max(1, round((time() - $member['user_regdate']) / 86400));
  441. $posts_per_day = $member['user_posts'] / $memberdays;
  442. $percentage = ($config['num_posts']) ? min(100, ($member['user_posts'] / $config['num_posts']) * 100) : 0;
  443. if ($member['user_sig'])
  444. {
  445. $member['user_sig'] = censor_text($member['user_sig']);
  446. if ($member['user_sig_bbcode_bitfield'])
  447. {
  448. include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
  449. $bbcode = new bbcode();
  450. $bbcode->bbcode_second_pass($member['user_sig'], $member['user_sig_bbcode_uid'], $member['user_sig_bbcode_bitfield']);
  451. }
  452. $member['user_sig'] = bbcode_nl2br($member['user_sig']);
  453. $member['user_sig'] = smiley_text($member['user_sig']);
  454. }
  455. $poster_avatar = get_user_avatar($member['user_avatar'], $member['user_avatar_type'], $member['user_avatar_width'], $member['user_avatar_height']);
  456. // We need to check if the modules 'zebra' ('friends' & 'foes' mode), 'notes' ('user_notes' mode) and 'warn' ('warn_user' mode) are accessible to decide if we can display appropriate links
  457. $zebra_enabled = $friends_enabled = $foes_enabled = $user_notes_enabled = $warn_user_enabled = false;
  458. // Only check if the user is logged in
  459. if ($user->data['is_registered'])
  460. {
  461. if (!class_exists('p_master'))
  462. {
  463. include($phpbb_root_path . 'includes/functions_module.' . $phpEx);
  464. }
  465. $module = new p_master();
  466. $module->list_modules('ucp');
  467. $module->list_modules('mcp');
  468. $user_notes_enabled = ($module->loaded('notes', 'user_notes')) ? true : false;
  469. $warn_user_enabled = ($module->loaded('warn', 'warn_user')) ? true : false;
  470. $zebra_enabled = ($module->loaded('zebra')) ? true : false;
  471. $friends_enabled = ($module->loaded('zebra', 'friends')) ? true : false;
  472. $foes_enabled = ($module->loaded('zebra', 'foes')) ? true : false;
  473. unset($module);
  474. }
  475. $template->assign_vars(show_profile($member, $user_notes_enabled, $warn_user_enabled));
  476. // Custom Profile Fields
  477. $profile_fields = array();
  478. if ($config['load_cpf_viewprofile'])
  479. {
  480. include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
  481. $cp = new custom_profile();
  482. $profile_fields = $cp->generate_profile_fields_template('grab', $user_id);
  483. $profile_fields = (isset($profile_fields[$user_id])) ? $cp->generate_profile_fields_template('show', false, $profile_fields[$user_id]) : array();
  484. }
  485. // If the user has m_approve permission or a_user permission, then list then display unapproved posts
  486. if ($auth->acl_getf_global('m_approve') || $auth->acl_get('a_user'))
  487. {
  488. $sql = 'SELECT COUNT(post_id) as posts_in_queue
  489. FROM ' . POSTS_TABLE . '
  490. WHERE poster_id = ' . $user_id . '
  491. AND post_approved = 0';
  492. $result = $db->sql_query($sql);
  493. $member['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
  494. $db->sql_freeresult($result);
  495. }
  496. else
  497. {
  498. $member['posts_in_queue'] = 0;
  499. }
  500. $template->assign_vars(array(
  501. 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $member['posts_in_queue']),
  502. 'POSTS_DAY' => sprintf($user->lang['POST_DAY'], $posts_per_day),
  503. 'POSTS_PCT' => sprintf($user->lang['POST_PCT'], $percentage),
  504. 'OCCUPATION' => (!empty($member['user_occ'])) ? censor_text($member['user_occ']) : '',
  505. 'INTERESTS' => (!empty($member['user_interests'])) ? censor_text($member['user_interests']) : '',
  506. 'SIGNATURE' => $member['user_sig'],
  507. 'POSTS_IN_QUEUE'=> $member['posts_in_queue'],
  508. 'AVATAR_IMG' => $poster_avatar,
  509. 'PM_IMG' => $user->img('icon_contact_pm', $user->lang['SEND_PRIVATE_MESSAGE']),
  510. 'EMAIL_IMG' => $user->img('icon_contact_email', $user->lang['EMAIL']),
  511. 'WWW_IMG' => $user->img('icon_contact_www', $user->lang['WWW']),
  512. 'ICQ_IMG' => $user->img('icon_contact_icq', $user->lang['ICQ']),
  513. 'AIM_IMG' => $user->img('icon_contact_aim', $user->lang['AIM']),
  514. 'MSN_IMG' => $user->img('icon_contact_msnm', $user->lang['MSNM']),
  515. 'YIM_IMG' => $user->img('icon_contact_yahoo', $user->lang['YIM']),
  516. 'JABBER_IMG' => $user->img('icon_contact_jabber', $user->lang['JABBER']),
  517. 'SEARCH_IMG' => $user->img('icon_user_search', $user->lang['SEARCH']),
  518. 'S_PROFILE_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group'),
  519. 'S_GROUP_OPTIONS' => $group_options,
  520. 'S_CUSTOM_FIELDS' => (isset($profile_fields['row']) && sizeof($profile_fields['row'])) ? true : false,
  521. 'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=users&amp;mode=overview&amp;u=' . $user_id, true, $user->session_id) : '',
  522. 'U_USER_BAN' => ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&amp;mode=user&amp;u=' . $user_id, true, $user->session_id) : '',
  523. 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
  524. 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&amp;u={$user_id}&amp;hash=" . generate_link_hash('switchperm')) : '',
  525. 'S_USER_NOTES' => ($user_notes_enabled) ? true : false,
  526. 'S_WARN_USER' => ($warn_user_enabled) ? true : false,
  527. 'S_ZEBRA' => ($user->data['user_id'] != $user_id && $user->data['is_registered'] && $zebra_enabled) ? true : false,
  528. 'U_ADD_FRIEND' => (!$friend && !$foe && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&amp;add=' . urlencode(htmlspecialchars_decode($member['username']))) : '',
  529. 'U_ADD_FOE' => (!$friend && !$foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&amp;mode=foes&amp;add=' . urlencode(htmlspecialchars_decode($member['username']))) : '',
  530. 'U_REMOVE_FRIEND' => ($friend && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&amp;remove=1&amp;usernames[]=' . $user_id) : '',
  531. 'U_REMOVE_FOE' => ($foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&amp;remove=1&amp;mode=foes&amp;usernames[]=' . $user_id) : '',
  532. ));
  533. if (!empty($profile_fields['row']))
  534. {
  535. $template->assign_vars($profile_fields['row']);
  536. }
  537. if (!empty($profile_fields['blockrow']))
  538. {
  539. foreach ($profile_fields['blockrow'] as $field_data)
  540. {
  541. $template->assign_block_vars('custom_fields', $field_data);
  542. }
  543. }
  544. // Inactive reason/account?
  545. if ($member['user_type'] == USER_INACTIVE)
  546. {
  547. $user->add_lang('acp/common');
  548. $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
  549. switch ($member['user_inactive_reason'])
  550. {
  551. case INACTIVE_REGISTER:
  552. $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
  553. break;
  554. case INACTIVE_PROFILE:
  555. $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];
  556. break;
  557. case INACTIVE_MANUAL:
  558. $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];
  559. break;
  560. case INACTIVE_REMIND:
  561. $inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];
  562. break;
  563. }
  564. $template->assign_vars(array(
  565. 'S_USER_INACTIVE' => true,
  566. 'USER_INACTIVE_REASON' => $inactive_reason)
  567. );
  568. }
  569. // Now generate page title
  570. $page_title = sprintf($user->lang['VIEWING_PROFILE'], $member['username']);
  571. $template_html = 'memberlist_view.html';
  572. break;
  573. case 'email':
  574. // Send an email
  575. $page_title = $user->lang['SEND_EMAIL'];
  576. $template_html = 'memberlist_email.html';
  577. add_form_key('memberlist_email');
  578. if (!$config['email_enable'])
  579. {
  580. trigger_error('EMAIL_DISABLED');
  581. }
  582. if (!$auth->acl_get('u_sendemail'))
  583. {
  584. trigger_error('NO_EMAIL');
  585. }
  586. // Are we trying to abuse the facility?
  587. if (time() - $user->data['user_emailtime'] < $config['flood_interval'])
  588. {
  589. trigger_error('FLOOD_EMAIL_LIMIT');
  590. }
  591. // Determine action...
  592. $user_id = request_var('u', 0);
  593. $topic_id = request_var('t', 0);
  594. // Send email to user...
  595. if ($user_id)
  596. {
  597. if ($user_id == ANONYMOUS || !$config['board_email_form'])
  598. {
  599. trigger_error('NO_EMAIL');
  600. }
  601. // Get the appropriate username, etc.
  602. $sql = 'SELECT username, user_email, user_allow_viewemail, user_lang, user_jabber, user_notify_type
  603. FROM ' . USERS_TABLE . "
  604. WHERE user_id = $user_id
  605. AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';
  606. $result = $db->sql_query($sql);
  607. $row = $db->sql_fetchrow($result);
  608. $db->sql_freeresult($result);
  609. if (!$row)
  610. {
  611. trigger_error('NO_USER');
  612. }
  613. // Can we send email to this user?
  614. if (!$row['user_allow_viewemail'] && !$auth->acl_get('a_user'))
  615. {
  616. trigger_error('NO_EMAIL');
  617. }
  618. }
  619. else if ($topic_id)
  620. {
  621. // Send topic heads-up to email address
  622. $sql = 'SELECT forum_id, topic_title
  623. FROM ' . TOPICS_TABLE . "
  624. WHERE topic_id = $topic_id";
  625. $result = $db->sql_query($sql);
  626. $row = $db->sql_fetchrow($result);
  627. $db->sql_freeresult($result);
  628. if (!$row)
  629. {
  630. trigger_error('NO_TOPIC');
  631. }
  632. if ($row['forum_id'])
  633. {
  634. if (!$auth->acl_get('f_read', $row['forum_id']))
  635. {
  636. trigger_error('SORRY_AUTH_READ');
  637. }
  638. if (!$auth->acl_get('f_email', $row['forum_id']))
  639. {
  640. trigger_error('NO_EMAIL');
  641. }
  642. }
  643. else
  644. {
  645. // If global announcement, we need to check if the user is able to at least read and email in one forum...
  646. if (!$auth->acl_getf_global('f_read'))
  647. {
  648. trigger_error('SORRY_AUTH_READ');
  649. }
  650. if (!$auth->acl_getf_global('f_email'))
  651. {
  652. trigger_error('NO_EMAIL');
  653. }
  654. }
  655. }
  656. else
  657. {
  658. trigger_error('NO_EMAIL');
  659. }
  660. $error = array();
  661. $name = utf8_normalize_nfc(request_var('name', '', true));
  662. $email = request_var('email', '');
  663. $email_lang = request_var('lang', $config['default_lang']);
  664. $subject = utf8_normalize_nfc(request_var('subject', '', true));
  665. $message = utf8_normalize_nfc(request_var('message', '', true));
  666. $cc = (isset($_POST['cc_email'])) ? true : false;
  667. $submit = (isset($_POST['submit'])) ? true : false;
  668. if ($submit)
  669. {
  670. if (!check_form_key('memberlist_email'))
  671. {
  672. $error[] = 'FORM_INVALID';
  673. }
  674. if ($user_id)
  675. {
  676. if (!$subject)
  677. {
  678. $error[] = $user->lang['EMPTY_SUBJECT_EMAIL'];
  679. }
  680. if (!$message)
  681. {
  682. $error[] = $user->lang['EMPTY_MESSAGE_EMAIL'];
  683. }
  684. $name = $row['username'];
  685. $email_lang = $row['user_lang'];
  686. $email = $row['user_email'];
  687. }
  688. else
  689. {
  690. if (!$email || !preg_match('/^' . get_preg_expression('email') . '$/i', $email))
  691. {
  692. $error[] = $user->lang['EMPTY_ADDRESS_EMAIL'];
  693. }
  694. if (!$name)
  695. {
  696. $error[] = $user->lang['EMPTY_NAME_EMAIL'];
  697. }
  698. }
  699. if (!sizeof($error))
  700. {
  701. $sql = 'UPDATE ' . USERS_TABLE . '
  702. SET user_emailtime = ' . time() . '
  703. WHERE user_id = ' . $user->data['user_id'];
  704. $result = $db->sql_query($sql);
  705. include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
  706. $messenger = new messenger(false);
  707. $email_tpl = ($user_id) ? 'profile_send_email' : 'email_notify';
  708. $mail_to_users = array();
  709. $mail_to_users[] = array(
  710. 'email_lang' => $email_lang,
  711. 'email' => $email,
  712. 'name' => $name,
  713. 'username' => ($user_id) ? $row['username'] : '',
  714. 'to_name' => $name,
  715. 'user_jabber' => ($user_id) ? $row['user_jabber'] : '',
  716. 'user_notify_type' => ($user_id) ? $row['user_notify_type'] : NOTIFY_EMAIL,
  717. 'topic_title' => (!$user_id) ? $row['topic_title'] : '',
  718. 'forum_id' => (!$user_id) ? $row['forum_id'] : 0,
  719. );
  720. // Ok, now the same email if CC specified, but without exposing the users email address
  721. if ($cc)
  722. {
  723. $mail_to_users[] = array(
  724. 'email_lang' => $user->data['user_lang'],
  725. 'email' => $user->data['user_email'],
  726. 'name' => $user->data['username'],
  727. 'username' => $user->data['username'],
  728. 'to_name' => $name,
  729. 'user_jabber' => $user->data['user_jabber'],
  730. 'user_notify_type' => ($user_id) ? $user->data['user_notify_type'] : NOTIFY_EMAIL,
  731. 'topic_title' => (!$user_id) ? $row['topic_title'] : '',
  732. 'forum_id' => (!$user_id) ? $row['forum_id'] : 0,
  733. );
  734. }
  735. foreach ($mail_to_users as $row)
  736. {
  737. $messenger->template($email_tpl, $row['email_lang']);
  738. $messenger->replyto($user->data['user_email']);
  739. $messenger->to($row['email'], $row['name']);
  740. if ($user_id)
  741. {
  742. $messenger->subject(htmlspecialchars_decode($subject));
  743. $messenger->im($row['user_jabber'], $row['username']);
  744. $notify_type = $row['user_notify_type'];
  745. }
  746. else
  747. {
  748. $notify_type = NOTIFY_EMAIL;
  749. }
  750. $messenger->anti_abuse_headers($config, $user);
  751. $messenger->assign_vars(array(
  752. 'BOARD_CONTACT' => $config['board_contact'],
  753. 'TO_USERNAME' => htmlspecialchars_decode($row['to_name']),
  754. 'FROM_USERNAME' => htmlspecialchars_decode($user->data['username']),
  755. 'MESSAGE' => htmlspecialchars_decode($message))
  756. );
  757. if ($topic_id)
  758. {
  759. $messenger->assign_vars(array(
  760. 'TOPIC_NAME' => htmlspecialchars_decode($row['topic_title']),
  761. 'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=" . $row['forum_id'] . "&t=$topic_id")
  762. );
  763. }
  764. $messenger->send($notify_type);
  765. }
  766. meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
  767. $message = ($user_id) ? sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>') : sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$row['forum_id']}&amp;t=$topic_id") . '">', '</a>');
  768. trigger_error($user->lang['EMAIL_SENT'] . '<br /><br />' . $message);
  769. }
  770. }
  771. if ($user_id)
  772. {
  773. $template->assign_vars(array(
  774. 'S_SEND_USER' => true,
  775. 'USERNAME' => $row['username'],
  776. 'L_EMAIL_BODY_EXPLAIN' => $user->lang['EMAIL_BODY_EXPLAIN'],
  777. 'S_POST_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=email&amp;u=' . $user_id))
  778. );
  779. }
  780. else
  781. {
  782. $template->assign_vars(array(
  783. 'EMAIL' => $email,
  784. 'NAME' => $name,
  785. 'S_LANG_OPTIONS' => language_select($email_lang),
  786. 'L_EMAIL_BODY_EXPLAIN' => $user->lang['EMAIL_TOPIC_EXPLAIN'],
  787. 'S_POST_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=email&amp;t=' . $topic_id))
  788. );
  789. }
  790. $template->assign_vars(array(
  791. 'ERROR_MESSAGE' => (sizeof($error)) ? implode('<br />', $error) : '',
  792. 'SUBJECT' => $subject,
  793. 'MESSAGE' => $message,
  794. )
  795. );
  796. break;
  797. case 'group':
  798. default:
  799. // The basic memberlist
  800. $page_title = $user->lang['MEMBERLIST'];
  801. $template_html = 'memberlist_body.html';
  802. // Sorting
  803. $sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_LOCATION'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT'], 'f' => $user->lang['WEBSITE'], 'g' => $user->lang['ICQ'], 'h' => $user->lang['AIM'], 'i' => $user->lang['MSNM'], 'j' => $user->lang['YIM'], 'k' => $user->lang['JABBER']);
  804. $sort_key_sql = array('a' => 'u.username_clean', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_jabber');
  805. if ($auth->acl_get('a_user'))
  806. {
  807. $sort_key_text['e'] = $user->lang['SORT_EMAIL'];
  808. $sort_key_sql['e'] = 'u.user_email';
  809. }
  810. if ($auth->acl_get('u_viewonline'))
  811. {
  812. $sort_key_text['l'] = $user->lang['SORT_LAST_ACTIVE'];
  813. $sort_key_sql['l'] = 'u.user_lastvisit';
  814. }
  815. $sort_key_text['m'] = $user->lang['SORT_RANK'];
  816. $sort_key_sql['m'] = 'u.user_rank';
  817. $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
  818. $s_sort_key = '';
  819. foreach ($sort_key_text as $key => $value)
  820. {
  821. $selected = ($sort_key == $key) ? ' selected="selected"' : '';
  822. $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
  823. }
  824. $s_sort_dir = '';
  825. foreach ($sort_dir_text as $key => $value)
  826. {
  827. $selected = ($sort_dir == $key) ? ' selected="selected"' : '';
  828. $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
  829. }
  830. // Additional sorting options for user search ... if search is enabled, if not
  831. // then only admins can make use of this (for ACP functionality)
  832. $sql_select = $sql_where_data = $sql_from = $sql_where = $order_by = '';
  833. $form = request_var('form', '');
  834. $field = request_var('field', '');
  835. $select_single = request_var('select_single', false);
  836. // Search URL parameters, if any of these are in the URL we do a search
  837. $search_params = array('username', 'email', 'icq', 'aim', 'yahoo', 'msn', 'jabber', 'search_group_id', 'joined_select', 'active_select', 'count_select', 'joined', 'active', 'count', 'ip');
  838. // We validate form and field here, only id/class allowed
  839. $form = (!preg_match('/^[a-z0-9_-]+$/i', $form)) ? '' : $form;
  840. $field = (!preg_match('/^[a-z0-9_-]+$/i', $field)) ? '' : $field;
  841. if (($mode == 'searchuser' || sizeof(array_intersect(array_keys($_GET), $search_params)) > 0) && ($config['load_search'] || $auth->acl_get('a_')))
  842. {
  843. $username = request_var('username', '', true);
  844. $email = strtolower(request_var('email', ''));
  845. $icq = request_var('icq', '');
  846. $aim = request_var('aim', '');
  847. $yahoo = request_var('yahoo', '');
  848. $msn = request_var('msn', '');
  849. $jabber = request_var('jabber', '');
  850. $search_group_id = request_var('search_group_id', 0);
  851. // when using these, make sure that we actually have values defined in $find_key_match
  852. $joined_select = request_var('joined_select', 'lt');
  853. $active_select = request_var('active_select', 'lt');
  854. $count_select = request_var('count_select', 'eq');
  855. $joined = explode('-', request_var('joined', ''));
  856. $active = explode('-', request_var('active', ''));
  857. $count = (request_var('count', '') !== '') ? request_var('count', 0) : '';
  858. $ipdomain = request_var('ip', '');
  859. $find_key_match = array('lt' => '<', 'gt' => '>', 'eq' => '=');
  860. $find_count = array('lt' => $user->lang['LESS_THAN'], 'eq' => $user->lang['EQUAL_TO'], 'gt' => $user->lang['MORE_THAN']);
  861. $s_find_count = '';
  862. foreach ($find_count as $key => $value)
  863. {
  864. $selected = ($count_select == $key) ? ' selected="selected"' : '';
  865. $s_find_count .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
  866. }
  867. $find_time = array('lt' => $user->lang['BEFORE'], 'gt' => $user->lang['AFTER']);
  868. $s_find_join_time = '';
  869. foreach ($find_time as $key => $value)
  870. {
  871. $selected = ($joined_select == $key) ? ' selected="selected"' : '';
  872. $s_find_join_time .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
  873. }
  874. $s_find_active_time = '';
  875. foreach ($find_time as $key => $value)
  876. {
  877. $selected = ($active_select == $key) ? ' selected="selected"' : '';
  878. $s_find_active_time .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
  879. }
  880. $sql_where .= ($username) ? ' AND u.username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($username))) : '';
  881. $sql_where .= ($auth->acl_get('a_user') && $email) ? ' AND u.user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
  882. $sql_where .= ($icq) ? ' AND u.user_icq ' . $db->sql_like_expression(str_replace('*', $db->any_char, $icq)) . ' ' : '';
  883. $sql_where .= ($aim) ? ' AND u.user_aim ' . $db->sql_like_expression(str_replace('*', $db->any_char, $aim)) . ' ' : '';
  884. $sql_where .= ($yahoo) ? ' AND u.user_yim ' . $db->sql_like_expression(str_replace('*', $db->any_char, $yahoo)) . ' ' : '';
  885. $sql_where .= ($msn) ? ' AND u.user_msnm ' . $db->sql_like_expression(str_replace('*', $db->any_char, $msn)) . ' ' : '';
  886. $sql_where .= ($jabber) ? ' AND u.user_jabber ' . $db->sql_like_expression(str_replace('*', $db->any_char, $jabber)) . ' ' : '';
  887. $sql_where .= (is_numeric($count) && isset($find_key_match[$count_select])) ? ' AND u.user_posts ' . $find_key_match[$count_select] . ' ' . (int) $count . ' ' : '';
  888. if (isset($find_key_match[$joined_select]) && sizeof($joined) == 3)
  889. {
  890. // Before PHP 5.1 an error value -1 can be returned instead of false.
  891. // Theoretically gmmktime() can also legitimately return -1 as an actual timestamp.
  892. // But since we do not pass the $second parameter to gmmktime(),
  893. // an actual unix timestamp -1 cannot be returned in this case.
  894. // Thus we can check whether it is -1 and treat -1 as an error.
  895. $joined_time = gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]);
  896. if ($joined_time !== false && $joined_time !== -1)
  897. {
  898. $sql_where .= " AND u.user_regdate " . $find_key_match[$joined_select] . ' ' . $joined_time;
  899. }
  900. }
  901. if (isset($find_key_match[$active_select]) && sizeof($active) == 3 && $auth->acl_get('u_viewonline'))
  902. {
  903. $active_time = gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]);
  904. if ($active_time !== false && $active_time !== -1)
  905. {
  906. $sql_where .= " AND u.user_lastvisit " . $find_key_match[$active_select] . ' ' . $active_time;
  907. }
  908. }
  909. $sql_where .= ($search_group_id) ? " AND u.user_id = ug.user_id AND ug.group_id = $search_group_id AND ug.user_pending = 0 " : '';
  910. if ($search_group_id)
  911. {
  912. $sql_from = ', ' . USER_GROUP_TABLE . ' ug ';
  913. }
  914. if ($ipdomain && $auth->acl_getf_global('m_info'))
  915. {
  916. if (strspn($ipdomain, 'abcdefghijklmnopqrstuvwxyz'))
  917. {
  918. $hostnames = gethostbynamel($ipdomain);
  919. if ($hostnames !== false)
  920. {
  921. $ips = "'" . implode('\', \'', array_map(array($db, 'sql_escape'), preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "\\1", gethostbynamel($ipdomain)))) . "'";
  922. }
  923. else
  924. {
  925. $ips = false;
  926. }
  927. }
  928. else
  929. {
  930. $ips = "'" . str_replace('*', '%', $db->sql_escape($ipdomain)) . "'";
  931. }
  932. if ($ips === false)
  933. {
  934. // A minor fudge but it does the job :D
  935. $sql_where .= " AND u.user_id = 0";
  936. }
  937. else
  938. {
  939. $ip_forums = array_keys($auth->acl_getf('m_info', true));
  940. $sql = 'SELECT DISTINCT poster_id
  941. FROM ' . POSTS_TABLE . '
  942. WHERE poster_ip ' . ((strpos($ips, '%') !== false) ? 'LIKE' : 'IN') . " ($ips)
  943. AND forum_id IN (0, " . implode(', ', $ip_forums) . ')';
  944. $result = $db->sql_query($sql);
  945. if ($row = $db->sql_fetchrow($result))
  946. {
  947. $ip_sql = array();
  948. do
  949. {
  950. $ip_sql[] = $row['poster_id'];
  951. }
  952. while ($row = $db->sql_fetchrow($result));
  953. $sql_where .= ' AND ' . $db->sql_in_set('u.user_id', $ip_sql);
  954. }
  955. else
  956. {
  957. // A minor fudge but it does the job :D
  958. $sql_where .= " AND u.user_id = 0";
  959. }
  960. unset($ip_forums);
  961. $db->sql_freeresult($result);
  962. }
  963. }
  964. }
  965. $first_char = request_var('first_char', '');
  966. if ($first_char == 'other')
  967. {
  968. for ($i = 97; $i < 123; $i++)
  969. {
  970. $sql_where .= ' AND u.username_clean NOT ' . $db->sql_like_expression(chr($i) . $db->any_char);
  971. }
  972. }
  973. else if ($first_char)
  974. {
  975. $sql_where .= ' AND u.username_clean ' . $db->sql_like_expression(substr($first_char, 0, 1) . $db->any_char);
  976. }
  977. // Are we looking at a usergroup? If so, fetch additional info
  978. // and further restrict the user info query
  979. if ($mode == 'group')
  980. {
  981. // We JOIN here to save a query for determining membership for hidden groups. ;)
  982. $sql = 'SELECT g.*, ug.user_id
  983. FROM ' . GROUPS_TABLE . ' g
  984. LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON (ug.user_pending = 0 AND ug.user_id = ' . $user->data['user_id'] . " AND ug.group_id = $group_id)
  985. WHERE g.group_id = $group_id";
  986. $result = $db->sql_query($sql);
  987. $group_row = $db->sql_fetchrow($result);
  988. $db->sql_freeresult($result);
  989. if (!$group_row)
  990. {
  991. trigger_error('NO_GROUP');
  992. }
  993. switch ($group_row['group_type'])
  994. {
  995. case GROUP_OPEN:
  996. $group_row['l_group_type'] = 'OPEN';
  997. break;
  998. case GROUP_CLOSED:
  999. $group_row['l_group_type'] = 'CLOSED';
  1000. break;
  1001. case GROUP_HIDDEN:
  1002. $group_row['l_group_type'] = 'HIDDEN';
  1003. // Check for membership or special permissions
  1004. if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') && $group_row['user_id'] != $user->data['user_id'])
  1005. {
  1006. trigger_error('NO_GROUP');
  1007. }
  1008. break;
  1009. case GROUP_SPECIAL:
  1010. $group_row['l_group_type'] = 'SPECIAL';
  1011. break;
  1012. case GROUP_FREE:
  1013. $group_row['l_group_type'] = 'FREE';
  1014. break;
  1015. }
  1016. // Misusing the avatar function for displaying group avatars...
  1017. $avatar_img = get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR');
  1018. // ... same for group rank
  1019. $rank_title = $rank_img = $rank_img_src = '';
  1020. if ($group_row['group_rank'])
  1021. {
  1022. get_user_rank($group_row['group_rank'], false, $rank_title, $rank_img, $rank_img_src);
  1023. if ($rank_img)
  1024. {
  1025. $rank_img .= '<br />';
  1026. }
  1027. }
  1028. $template->assign_vars(array(
  1029. 'GROUP_DESC' => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']),
  1030. 'GROUP_NAME' => ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'],
  1031. 'GROUP_COLOR' => $group_row['group_colour'],
  1032. 'GROUP_TYPE' => $user->lang['GROUP_IS_' . $group_row['l_group_type']],
  1033. 'GROUP_RANK' => $rank_title,
  1034. 'AVATAR_IMG' => $avatar_img,
  1035. 'RANK_IMG' => $rank_img,
  1036. 'RANK_IMG_SRC' => $rank_img_src,
  1037. 'U_PM' => ($auth->acl_get('u_sendpm') && $auth->acl_get('u_masspm_group') && $group_row['group_receive_pm'] && $config['allow_privmsg'] && $config['allow_mass_pm']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;g=' . $group_id) : '',)
  1038. );
  1039. $sql_select = ', ug.group_leader';
  1040. $sql_from = ', ' . USER_GROUP_TABLE . ' ug ';
  1041. $order_by = 'ug.group_leader DESC, ';
  1042. $sql_where .= " AND ug.user_pending = 0 AND u.user_id = ug.user_id AND ug.group_id = $group_id";
  1043. $sql_where_data = " AND u.user_id = ug.user_id AND ug.group_id = $group_id";
  1044. }
  1045. // Sorting and order
  1046. if (!isset($sort_key_sql[$sort_key]))
  1047. {
  1048. $sort_key = $default_key;
  1049. }
  1050. $order_by .= $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
  1051. // Unfortunately we must do this here for sorting by rank, else the sort order is applied wrongly
  1052. if ($sort_key == 'm')
  1053. {
  1054. $order_by .= ', u.user_posts DESC';
  1055. }
  1056. // Count the users ...
  1057. if ($sql_where)
  1058. {
  1059. $sql = 'SELECT COUNT(u.user_id) AS total_users
  1060. FROM ' . USERS_TABLE . " u$sql_from
  1061. WHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")
  1062. $sql_where";
  1063. $result = $db->sql_query($sql);
  1064. $total_users = (int) $db->sql_fetchfield('total_users');
  1065. $db->sql_freeresult($result);
  1066. }
  1067. else
  1068. {
  1069. $total_users = $config['num_users'];
  1070. }
  1071. // Build a relevant pagination_url
  1072. $params = $sort_params = array();
  1073. // We do not use request_var() here directly to save some calls (not all variables are set)
  1074. $check_params = array(
  1075. 'g' => array('g', 0),
  1076. 'sk' => array('sk', $default_key),
  1077. 'sd' => array('sd', 'a'),
  1078. 'form' => array('form', ''),
  1079. 'field' => array('field', ''),
  1080. 'select_single' => array('select_single', $select_single),
  1081. 'username' => array('username', '', true),
  1082. 'email' => array('email', ''),
  1083. 'icq' => array('icq', ''),
  1084. 'aim' => array('aim', ''),
  1085. 'yahoo' => array('yahoo', ''),
  1086. 'msn' => array('msn', ''),
  1087. 'jabber' => array('jabber', ''),
  1088. 'search_group_id' => array('search_group_id', 0),
  1089. 'joined_select' => array('joined_select', 'lt'),
  1090. 'active_select' => array('active_select', 'lt'),
  1091. 'count_select' => array('count_select', 'eq'),
  1092. 'joined' => array('joined', ''),
  1093. 'active' => array('active', ''),
  1094. 'count' => (request_var('count', '') !== '') ? array('count', 0) : array('count', ''),
  1095. 'ip' => array('ip', ''),
  1096. 'first_char' => array('first_char', ''),
  1097. );
  1098. $u_first_char_params = array();
  1099. foreach ($check_params as $key => $call)
  1100. {
  1101. if (!isset($_REQUEST[$key]))
  1102. {
  1103. continue;
  1104. }
  1105. $param = call_user_func_array('request_var', $call);
  1106. $param = urlencode($key) . '=' . ((is_string($param)) ? urlencode($param) : $param);
  1107. $params[] = $param;
  1108. if ($key != 'first_char')
  1109. {
  1110. $u_first_char_params[] = $param;
  1111. }
  1112. if ($key != 'sk' && $key != 'sd')
  1113. {
  1114. $sort_params[] = $param;
  1115. }
  1116. }
  1117. $u_hide_find_member = append_sid("{$phpbb_root_path}memberlist.$phpEx", "start=$start" . (!empty($params) ? '&amp;' . implode('&amp;', $params) : ''));
  1118. if ($mode)
  1119. {
  1120. $params[] = "mode=$mode";
  1121. $u_first_char_params[] = "mode=$mode";
  1122. }
  1123. $sort_params[] = "mode=$mode";
  1124. $pagination_url = append_sid("{$phpbb_root_path}memberlist.$phpEx", implode('&amp;', $params));
  1125. $sort_url = append_sid("{$phpbb_root_path}memberlist.$phpEx", implode('&amp;', $sort_params));
  1126. unset($search_params, $sort_params);
  1127. $u_first_char_params = implode('&amp;', $u_first_char_params);
  1128. $u_first_char_params .= ($u_first_char_params) ? '&amp;' : '';
  1129. $first_characters = array();
  1130. $first_characters[''] = $user->lang['ALL'];
  1131. for ($i = 97; $i < 123; $i++)
  1132. {
  1133. $first_characters[chr($i)] = chr($i - 32);
  1134. }
  1135. $first_characters['other'] = $user->lang['OTHER'];
  1136. foreach ($first_characters as $char => $desc)
  1137. {
  1138. $template->assign_block_vars('first_char', array(
  1139. 'DESC' => $desc,
  1140. 'VALUE' => $char,
  1141. 'S_SELECTED' => ($first_char == $char) ? true : false,
  1142. 'U_SORT' => append_sid("{$phpbb_root_path}memberlist.$phpEx", $u_first_char_params . 'first_char=' . $char) . '#memberlist',
  1143. ));
  1144. }
  1145. // Some search user specific data
  1146. if ($mode == 'searchuser' && ($config['load_search'] || $auth->acl_get('a_')))
  1147. {
  1148. $group_selected = request_var('search_group_id', 0);
  1149. $s_group_select = '<option value="0"' . ((!$group_selected) ? ' selected="selected"' : '') . '>&nbsp;</option>';
  1150. $group_ids = array();
  1151. /**
  1152. * @todo add this to a separate function (function is responsible for returning the groups the user is able to see based on the users group membership)
  1153. */
  1154. if ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel'))
  1155. {
  1156. $sql = 'SELECT group_id, group_name, group_type
  1157. FROM ' . GROUPS_TABLE;
  1158. if (!$config['coppa_enable'])
  1159. {
  1160. $sql .= " WHERE group_name <> 'REGISTERED_COPPA'";
  1161. }
  1162. $sql .= ' ORDER BY group_name ASC';
  1163. }
  1164. else
  1165. {
  1166. $sql = 'SELECT g.group_id, g.group_name, g.group_type
  1167. FROM ' . GROUPS_TABLE . ' g
  1168. LEFT JOIN ' . USER_GROUP_TABLE . ' ug
  1169. ON (
  1170. g.group_id = ug.group_id
  1171. AND ug.user_id = ' . $user->data['user_id'] . '
  1172. AND ug.user_pending = 0
  1173. )
  1174. WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')';
  1175. if (!$config['coppa_enable'])
  1176. {
  1177. $sql .= " AND g.group_name <> 'REGISTERED_COPPA'";
  1178. }
  1179. $sql .= ' ORDER BY g.group_name ASC';
  1180. }
  1181. $result = $db->sql_query($sql);
  1182. while ($row = $db->sql_fetchrow($result))
  1183. {
  1184. $group_ids[] = $row['group_id'];
  1185. $s_group_select .= '<option value="' . $row['group_id'] . '"' . (($group_selected == $row['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
  1186. }
  1187. $db->sql_freeresult($result);
  1188. if ($group_selected !== 0 && !in_array($group_selected, $group_ids))
  1189. {
  1190. trigger_error('NO_GROUP');
  1191. }
  1192. $template->assign_vars(array(
  1193. 'USERNAME' => $username,
  1194. 'EMAIL' => $email,
  1195. 'ICQ' => $icq,
  1196. 'AIM' => $aim,
  1197. 'YAHOO' => $yahoo,
  1198. 'MSNM' => $msn,
  1199. 'JABBER' => $jabber,
  1200. 'JOINED' => implode('-', $joined),
  1201. 'ACTIVE' => implode('-', $active),
  1202. 'COUNT' => $count,
  1203. 'IP' => $ipdomain,
  1204. 'S_IP_SEARCH_ALLOWED' => ($auth->acl_getf_global('m_info')) ? true : false,
  1205. 'S_EMAIL_SEARCH_ALLOWED'=> ($auth->acl_get('a_user')) ? true : false,
  1206. 'S_IN_SEARCH_POPUP' => ($form && $field) ? true : false,
  1207. 'S_SEARCH_USER' => true,
  1208. 'S_FORM_NAME' => $form,
  1209. 'S_FIELD_NAME' => $field,
  1210. 'S_SELECT_SINGLE' => $select_single,
  1211. 'S_COUNT_OPTIONS' => $s_find_count,
  1212. 'S_SORT_OPTIONS' => $s_sort_key,
  1213. 'S_JOINED_TIME_OPTIONS' => $s_find_join_time,
  1214. 'S_ACTIVE_TIME_OPTIONS' => $s_find_active_time,
  1215. 'S_GROUP_SELECT' => $s_group_select,
  1216. 'S_USER_SEARCH_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&amp;form=$form&amp;field=$field"))
  1217. );
  1218. }
  1219. // Get us some users :D
  1220. $sql = "SELECT u.user_id
  1221. FROM " . USERS_TABLE . " u
  1222. $sql_from
  1223. WHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")
  1224. $sql_where
  1225. ORDER BY $order_by";
  1226. $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
  1227. $user_list = array();
  1228. while ($row = $db->sql_fetchrow($result))
  1229. {
  1230. $user_list[] = (int) $row['user_id'];
  1231. }
  1232. $db->sql_freeresult($result);
  1233. $leaders_set = false;
  1234. // So, did we get any users?
  1235. if (sizeof($user_list))
  1236. {
  1237. // Session time?! Session time...
  1238. $sql = 'SELECT session_user_id, MAX(session_time) AS session_time
  1239. FROM ' . SESSIONS_TABLE . '
  1240. WHERE session_time >= ' . (time() - $config['session_length']) . '
  1241. AND ' . $db->sql_in_set('session_user_id', $user_list) . '
  1242. GROUP BY session_user_id';
  1243. $result = $db->sql_query($sql);
  1244. $session_times = array();
  1245. while ($row = $db->sql_fetchrow($result))
  1246. {
  1247. $session_times[$row['session_user_id']] = $row['session_time'];
  1248. }
  1249. $db->sql_freeresult($result);
  1250. // Do the SQL thang
  1251. if ($mode == 'group')
  1252. {
  1253. $sql = "SELECT u.*
  1254. $sql_select
  1255. FROM " . USERS_TABLE . " u
  1256. $sql_from
  1257. WHERE " . $db->sql_in_set('u.user_id', $user_list) . "
  1258. $sql_where_data";
  1259. }
  1260. else
  1261. {
  1262. $sql = 'SELECT *
  1263. FROM ' . USERS_TABLE . '
  1264. WHERE ' . $db->sql_in_set('user_id', $user_list);
  1265. }
  1266. $result = $db->sql_query($sql);
  1267. $id_cache = array();
  1268. while ($row = $d

Large files files are truncated, but you can click here to view the full file