PageRenderTime 54ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/admin_users.php

https://bitbucket.org/gencer/fluxbb
PHP | 1095 lines | 876 code | 165 blank | 54 comment | 158 complexity | 16385838b1d2b973fe7a0ab5e8bf7022 MD5 | raw file
Possible License(s): GPL-2.0
  1. <?php
  2. /**
  3. * Copyright (C) 2008-2012 FluxBB
  4. * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  5. * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
  6. */
  7. // Tell header.php to use the admin template
  8. define('PUN_ADMIN_CONSOLE', 1);
  9. define('PUN_ROOT', dirname(__FILE__).'/');
  10. require PUN_ROOT.'include/common.php';
  11. require PUN_ROOT.'include/common_admin.php';
  12. if (!$pun_user['is_admmod'])
  13. message($lang_common['No permission'], false, '403 Forbidden');
  14. // Load the admin_users.php language file
  15. require PUN_ROOT.'lang/'.$admin_language.'/admin_users.php';
  16. // Show IP statistics for a certain user ID
  17. if (isset($_GET['ip_stats']))
  18. {
  19. $ip_stats = intval($_GET['ip_stats']);
  20. if ($ip_stats < 1)
  21. message($lang_common['Bad request'], false, '404 Not Found');
  22. // Fetch ip count
  23. $result = $db->query('SELECT poster_ip, MAX(posted) AS last_used FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
  24. $num_ips = $db->num_rows($result);
  25. // Determine the ip offset (based on $_GET['p'])
  26. $num_pages = ceil($num_ips / 50);
  27. $p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
  28. $start_from = 50 * ($p - 1);
  29. // Generate paging links
  30. $paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.paginate($num_pages, $p, 'admin_users.php?ip_stats='.$ip_stats );
  31. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Users'], $lang_admin_users['Results head']);
  32. define('PUN_ACTIVE_PAGE', 'admin');
  33. require PUN_ROOT.'header.php';
  34. ?>
  35. <div class="linkst">
  36. <div class="inbox crumbsplus">
  37. <ul class="crumbs">
  38. <li><a href="admin_index.php"><?php echo $lang_admin_common['Admin'].' '.$lang_admin_common['Index'] ?></a></li>
  39. <li><span>»&#160;</span><a href="admin_users.php"><?php echo $lang_admin_common['Users'] ?></a></li>
  40. <li><span>»&#160;</span><strong><?php echo $lang_admin_users['Results head'] ?></strong></li>
  41. </ul>
  42. <div class="pagepost">
  43. <p class="pagelink"><?php echo $paging_links ?></p>
  44. </div>
  45. <div class="clearer"></div>
  46. </div>
  47. </div>
  48. <div id="users1" class="blocktable">
  49. <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>
  50. <div class="box">
  51. <div class="inbox">
  52. <table>
  53. <thead>
  54. <tr>
  55. <th class="tcl" scope="col"><?php echo $lang_admin_users['Results IP address head'] ?></th>
  56. <th class="tc2" scope="col"><?php echo $lang_admin_users['Results last used head'] ?></th>
  57. <th class="tc3" scope="col"><?php echo $lang_admin_users['Results times found head'] ?></th>
  58. <th class="tcr" scope="col"><?php echo $lang_admin_users['Results action head'] ?></th>
  59. </tr>
  60. </thead>
  61. <tbody>
  62. <?php
  63. $result = $db->query('SELECT poster_ip, MAX(posted) AS last_used, COUNT(id) AS used_times FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip ORDER BY last_used DESC LIMIT '.$start_from.', 50') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
  64. if ($db->num_rows($result))
  65. {
  66. while ($cur_ip = $db->fetch_assoc($result))
  67. {
  68. ?>
  69. <tr>
  70. <td class="tcl"><a href="moderate.php?get_host=<?php echo pun_htmlspecialchars($cur_ip['poster_ip']) ?>"><?php echo pun_htmlspecialchars($cur_ip['poster_ip']) ?></a></td>
  71. <td class="tc2"><?php echo format_time($cur_ip['last_used']) ?></td>
  72. <td class="tc3"><?php echo $cur_ip['used_times'] ?></td>
  73. <td class="tcr"><a href="admin_users.php?show_users=<?php echo pun_htmlspecialchars($cur_ip['poster_ip']) ?>"><?php echo $lang_admin_users['Results find more link'] ?></a></td>
  74. </tr>
  75. <?php
  76. }
  77. }
  78. else
  79. echo "\t\t\t\t".'<tr><td class="tcl" colspan="4">'.$lang_admin_users['Results no posts found'].'</td></tr>'."\n";
  80. ?>
  81. </tbody>
  82. </table>
  83. </div>
  84. </div>
  85. </div>
  86. <div class="linksb">
  87. <div class="inbox crumbsplus">
  88. <div class="pagepost">
  89. <p class="pagelink"><?php echo $paging_links ?></p>
  90. </div>
  91. <ul class="crumbs">
  92. <li><a href="admin_index.php"><?php echo $lang_admin_common['Admin'].' '.$lang_admin_common['Index'] ?></a></li>
  93. <li><span>»&#160;</span><a href="admin_users.php"><?php echo $lang_admin_common['Users'] ?></a></li>
  94. <li><span>»&#160;</span><strong><?php echo $lang_admin_users['Results head'] ?></strong></li>
  95. </ul>
  96. <div class="clearer"></div>
  97. </div>
  98. </div>
  99. <?php
  100. require PUN_ROOT.'footer.php';
  101. }
  102. if (isset($_GET['show_users']))
  103. {
  104. $ip = pun_trim($_GET['show_users']);
  105. if (!@preg_match('%^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$%', $ip) && !@preg_match('%^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$%', $ip))
  106. message($lang_admin_users['Bad IP message']);
  107. // Fetch user count
  108. $result = $db->query('SELECT DISTINCT poster_id, poster FROM '.$db->prefix.'posts WHERE poster_ip=\''.$db->escape($ip).'\'') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
  109. $num_users = $db->num_rows($result);
  110. // Determine the user offset (based on $_GET['p'])
  111. $num_pages = ceil($num_users / 50);
  112. $p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
  113. $start_from = 50 * ($p - 1);
  114. // Generate paging links
  115. $paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.paginate($num_pages, $p, 'admin_users.php?show_users='.$ip);
  116. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Users'], $lang_admin_users['Results head']);
  117. define('PUN_ACTIVE_PAGE', 'admin');
  118. require PUN_ROOT.'header.php';
  119. ?>
  120. <div class="linkst">
  121. <div class="inbox crumbsplus">
  122. <ul class="crumbs">
  123. <li><a href="admin_index.php"><?php echo $lang_admin_common['Admin'].' '.$lang_admin_common['Index'] ?></a></li>
  124. <li><span>»&#160;</span><a href="admin_users.php"><?php echo $lang_admin_common['Users'] ?></a></li>
  125. <li><span>»&#160;</span><strong><?php echo $lang_admin_users['Results head'] ?></strong></li>
  126. </ul>
  127. <div class="pagepost">
  128. <p class="pagelink"><?php echo $paging_links ?></p>
  129. </div>
  130. <div class="clearer"></div>
  131. </div>
  132. </div>
  133. <div id="users2" class="blocktable">
  134. <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>
  135. <div class="box">
  136. <div class="inbox">
  137. <table>
  138. <thead>
  139. <tr>
  140. <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th>
  141. <th class="tc2" scope="col"><?php echo $lang_admin_users['Results e-mail head'] ?></th>
  142. <th class="tc3" scope="col"><?php echo $lang_admin_users['Results title head'] ?></th>
  143. <th class="tc4" scope="col"><?php echo $lang_admin_users['Results posts head'] ?></th>
  144. <th class="tc5" scope="col"><?php echo $lang_admin_users['Results admin note head'] ?></th>
  145. <th class="tcr" scope="col"><?php echo $lang_admin_users['Results actions head'] ?></th>
  146. </tr>
  147. </thead>
  148. <tbody>
  149. <?php
  150. $result = $db->query('SELECT DISTINCT poster_id, poster FROM '.$db->prefix.'posts WHERE poster_ip=\''.$db->escape($ip).'\' ORDER BY poster ASC LIMIT '.$start_from.', 50') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
  151. $num_posts = $db->num_rows($result);
  152. if ($num_posts)
  153. {
  154. $posters = $poster_ids = array();
  155. while ($cur_poster = $db->fetch_assoc($result))
  156. {
  157. $posters[] = $cur_poster;
  158. $poster_ids[] = $cur_poster['poster_id'];
  159. }
  160. $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND u.id IN('.implode(',', $poster_ids).')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  161. $user_data = array();
  162. while ($cur_user = $db->fetch_assoc($result))
  163. $user_data[$cur_user['id']] = $cur_user;
  164. // Loop through users and print out some info
  165. foreach ($posters as $cur_poster)
  166. {
  167. if (isset($user_data[$cur_poster['poster_id']]))
  168. {
  169. $user_title = get_title($user_data[$cur_poster['poster_id']]);
  170. $actions = '<a href="admin_users.php?ip_stats='.$user_data[$cur_poster['poster_id']]['id'].'">'.$lang_admin_users['Results view IP link'].'</a> | <a href="search.php?action=show_user_posts&amp;user_id='.$user_data[$cur_poster['poster_id']]['id'].'">'.$lang_admin_users['Results show posts link'].'</a>';
  171. ?>
  172. <tr>
  173. <td class="tcl"><?php echo '<a href="profile.php?id='.$user_data[$cur_poster['poster_id']]['id'].'">'.pun_htmlspecialchars($user_data[$cur_poster['poster_id']]['username']).'</a>' ?></td>
  174. <td class="tc2"><a href="mailto:<?php echo pun_htmlspecialchars($user_data[$cur_poster['poster_id']]['email']) ?>"><?php echo pun_htmlspecialchars($user_data[$cur_poster['poster_id']]['email']) ?></a></td>
  175. <td class="tc3"><?php echo $user_title ?></td>
  176. <td class="tc4"><?php echo forum_number_format($user_data[$cur_poster['poster_id']]['num_posts']) ?></td>
  177. <td class="tc5"><?php echo ($user_data[$cur_poster['poster_id']]['admin_note'] != '') ? pun_htmlspecialchars($user_data[$cur_poster['poster_id']]['admin_note']) : '&#160;' ?></td>
  178. <td class="tcr"><?php echo $actions ?></td>
  179. </tr>
  180. <?php
  181. }
  182. else
  183. {
  184. ?>
  185. <tr>
  186. <td class="tcl"><?php echo pun_htmlspecialchars($cur_poster['poster']) ?></td>
  187. <td class="tc2">&#160;</td>
  188. <td class="tc3"><?php echo $lang_admin_users['Results guest'] ?></td>
  189. <td class="tc4">&#160;</td>
  190. <td class="tc5">&#160;</td>
  191. <td class="tcr">&#160;</td>
  192. </tr>
  193. <?php
  194. }
  195. }
  196. }
  197. else
  198. echo "\t\t\t\t".'<tr><td class="tcl" colspan="6">'.$lang_admin_users['Results no IP found'].'</td></tr>'."\n";
  199. ?>
  200. </tbody>
  201. </table>
  202. </div>
  203. </div>
  204. </div>
  205. <div class="linksb">
  206. <div class="inbox crumbsplus">
  207. <div class="pagepost">
  208. <p class="pagelink"><?php echo $paging_links ?></p>
  209. </div>
  210. <ul class="crumbs">
  211. <li><a href="admin_index.php"><?php echo $lang_admin_common['Admin'].' '.$lang_admin_common['Index'] ?></a></li>
  212. <li><span>»&#160;</span><a href="admin_users.php"><?php echo $lang_admin_common['Users'] ?></a></li>
  213. <li><span>»&#160;</span><strong><?php echo $lang_admin_users['Results head'] ?></strong></li>
  214. </ul>
  215. <div class="clearer"></div>
  216. </div>
  217. </div>
  218. <?php
  219. require PUN_ROOT.'footer.php';
  220. }
  221. // Move multiple users to other user groups
  222. else if (isset($_POST['move_users']) || isset($_POST['move_users_comply']))
  223. {
  224. if ($pun_user['g_id'] > PUN_ADMIN)
  225. message($lang_common['No permission'], false, '403 Forbidden');
  226. confirm_referrer('admin_users.php');
  227. if (isset($_POST['users']))
  228. {
  229. $user_ids = is_array($_POST['users']) ? array_keys($_POST['users']) : explode(',', $_POST['users']);
  230. $user_ids = array_map('intval', $user_ids);
  231. // Delete invalid IDs
  232. $user_ids = array_diff($user_ids, array(0, 1));
  233. }
  234. else
  235. $user_ids = array();
  236. if (empty($user_ids))
  237. message($lang_admin_users['No users selected']);
  238. // Are we trying to batch move any admins?
  239. $result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'users WHERE id IN ('.implode(',', $user_ids).') AND group_id='.PUN_ADMIN) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  240. if ($db->result($result) > 0)
  241. message($lang_admin_users['No move admins message']);
  242. // Fetch all user groups
  243. $all_groups = array();
  244. $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id NOT IN ('.PUN_GUEST.','.PUN_ADMIN.') ORDER BY g_title ASC') or error('Unable to fetch groups', __FILE__, __LINE__, $db->error());
  245. while ($row = $db->fetch_row($result))
  246. $all_groups[$row[0]] = $row[1];
  247. if (isset($_POST['move_users_comply']))
  248. {
  249. $new_group = isset($_POST['new_group']) && isset($all_groups[$_POST['new_group']]) ? $_POST['new_group'] : message($lang_admin_users['Invalid group message']);
  250. // Is the new group a moderator group?
  251. $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$new_group) or error('Unable to fetch group info', __FILE__, __LINE__, $db->error());
  252. $new_group_mod = $db->result($result);
  253. // Fetch user groups
  254. $user_groups = array();
  255. $result = $db->query('SELECT id, group_id FROM '.$db->prefix.'users WHERE id IN ('.implode(',', $user_ids).')') or error('Unable to fetch user groups', __FILE__, __LINE__, $db->error());
  256. while ($cur_user = $db->fetch_assoc($result))
  257. {
  258. if (!isset($user_groups[$cur_user['group_id']]))
  259. $user_groups[$cur_user['group_id']] = array();
  260. $user_groups[$cur_user['group_id']][] = $cur_user['id'];
  261. }
  262. // Are any users moderators?
  263. $group_ids = array_keys($user_groups);
  264. $result = $db->query('SELECT g_id, g_moderator FROM '.$db->prefix.'groups WHERE g_id IN ('.implode(',', $group_ids).')') or error('Unable to fetch group moderators', __FILE__, __LINE__, $db->error());
  265. while ($cur_group = $db->fetch_assoc($result))
  266. {
  267. if ($cur_group['g_moderator'] == '0')
  268. unset($user_groups[$cur_group['g_id']]);
  269. }
  270. if (!empty($user_groups) && $new_group != PUN_ADMIN && $new_group_mod != '1')
  271. {
  272. // Fetch forum list and clean up their moderator list
  273. $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
  274. while ($cur_forum = $db->fetch_assoc($result))
  275. {
  276. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  277. foreach ($user_groups as $group_users)
  278. $cur_moderators = array_diff($cur_moderators, $group_users);
  279. $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL';
  280. $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  281. }
  282. }
  283. // Change user group
  284. $db->query('UPDATE '.$db->prefix.'users SET group_id='.$new_group.' WHERE id IN ('.implode(',', $user_ids).')') or error('Unable to change user group', __FILE__, __LINE__, $db->error());
  285. redirect('admin_users.php', $lang_admin_users['Users move redirect']);
  286. }
  287. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Users'], $lang_admin_users['Move users']);
  288. define('PUN_ACTIVE_PAGE', 'admin');
  289. require PUN_ROOT.'header.php';
  290. generate_admin_menu('users');
  291. ?>
  292. <div class="blockform">
  293. <h2><span><?php echo $lang_admin_users['Move users'] ?></span></h2>
  294. <div class="box">
  295. <form name="confirm_move_users" method="post" action="admin_users.php">
  296. <input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
  297. <div class="inform">
  298. <fieldset>
  299. <legend><?php echo $lang_admin_users['Move users subhead'] ?></legend>
  300. <div class="infldset">
  301. <table class="aligntop">
  302. <tr>
  303. <th scope="row"><?php echo $lang_admin_users['New group label'] ?></th>
  304. <td>
  305. <select name="new_group" tabindex="1">
  306. <?php foreach ($all_groups as $gid => $group) : ?> <option value="<?php echo $gid ?>"><?php echo pun_htmlspecialchars($group) ?></option>
  307. <?php endforeach; ?>
  308. </select>
  309. <span><?php echo $lang_admin_users['New group help'] ?></span>
  310. </td>
  311. </tr>
  312. </table>
  313. </div>
  314. </fieldset>
  315. </div>
  316. <p class="submitend"><input type="submit" name="move_users_comply" value="<?php echo $lang_admin_common['Save'] ?>" tabindex="2" /></p>
  317. </form>
  318. </div>
  319. </div>
  320. <div class="clearer"></div>
  321. </div>
  322. <?php
  323. require PUN_ROOT.'footer.php';
  324. }
  325. // Delete multiple users
  326. else if (isset($_POST['delete_users']) || isset($_POST['delete_users_comply']))
  327. {
  328. if ($pun_user['g_id'] > PUN_ADMIN)
  329. message($lang_common['No permission'], false, '403 Forbidden');
  330. confirm_referrer('admin_users.php');
  331. if (isset($_POST['users']))
  332. {
  333. $user_ids = is_array($_POST['users']) ? array_keys($_POST['users']) : explode(',', $_POST['users']);
  334. $user_ids = array_map('intval', $user_ids);
  335. // Delete invalid IDs
  336. $user_ids = array_diff($user_ids, array(0, 1));
  337. }
  338. else
  339. $user_ids = array();
  340. if (empty($user_ids))
  341. message($lang_admin_users['No users selected']);
  342. // Are we trying to delete any admins?
  343. $result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'users WHERE id IN ('.implode(',', $user_ids).') AND group_id='.PUN_ADMIN) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  344. if ($db->result($result) > 0)
  345. message($lang_admin_users['No delete admins message']);
  346. if (isset($_POST['delete_users_comply']))
  347. {
  348. // Fetch user groups
  349. $user_groups = array();
  350. $result = $db->query('SELECT id, group_id FROM '.$db->prefix.'users WHERE id IN ('.implode(',', $user_ids).')') or error('Unable to fetch user groups', __FILE__, __LINE__, $db->error());
  351. while ($cur_user = $db->fetch_assoc($result))
  352. {
  353. if (!isset($user_groups[$cur_user['group_id']]))
  354. $user_groups[$cur_user['group_id']] = array();
  355. $user_groups[$cur_user['group_id']][] = $cur_user['id'];
  356. }
  357. // Are any users moderators?
  358. $group_ids = array_keys($user_groups);
  359. $result = $db->query('SELECT g_id, g_moderator FROM '.$db->prefix.'groups WHERE g_id IN ('.implode(',', $group_ids).')') or error('Unable to fetch group moderators', __FILE__, __LINE__, $db->error());
  360. while ($cur_group = $db->fetch_assoc($result))
  361. {
  362. if ($cur_group['g_moderator'] == '0')
  363. unset($user_groups[$cur_group['g_id']]);
  364. }
  365. // Fetch forum list and clean up their moderator list
  366. $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
  367. while ($cur_forum = $db->fetch_assoc($result))
  368. {
  369. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  370. foreach ($user_groups as $group_users)
  371. $cur_moderators = array_diff($cur_moderators, $group_users);
  372. $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL';
  373. $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  374. }
  375. // Delete any subscriptions
  376. $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE user_id IN ('.implode(',', $user_ids).')') or error('Unable to delete topic subscriptions', __FILE__, __LINE__, $db->error());
  377. $db->query('DELETE FROM '.$db->prefix.'forum_subscriptions WHERE user_id IN ('.implode(',', $user_ids).')') or error('Unable to delete forum subscriptions', __FILE__, __LINE__, $db->error());
  378. // Remove them from the online list (if they happen to be logged in)
  379. $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id IN ('.implode(',', $user_ids).')') or error('Unable to remove users from online list', __FILE__, __LINE__, $db->error());
  380. // Should we delete all posts made by these users?
  381. if (isset($_POST['delete_posts']))
  382. {
  383. require PUN_ROOT.'include/search_idx.php';
  384. @set_time_limit(0);
  385. // Find all posts made by this user
  386. $result = $db->query('SELECT p.id, p.topic_id, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id WHERE p.poster_id IN ('.implode(',', $user_ids).')') or error('Unable to fetch posts', __FILE__, __LINE__, $db->error());
  387. if ($db->num_rows($result))
  388. {
  389. while ($cur_post = $db->fetch_assoc($result))
  390. {
  391. // Determine whether this post is the "topic post" or not
  392. $result2 = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['topic_id'].' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
  393. if ($db->result($result2) == $cur_post['id'])
  394. delete_topic($cur_post['topic_id']);
  395. else
  396. delete_post($cur_post['id'], $cur_post['topic_id']);
  397. update_forum($cur_post['forum_id']);
  398. }
  399. }
  400. }
  401. else
  402. // Set all their posts to guest
  403. $db->query('UPDATE '.$db->prefix.'posts SET poster_id=1 WHERE poster_id IN ('.implode(',', $user_ids).')') or error('Unable to update posts', __FILE__, __LINE__, $db->error());
  404. // Delete the users
  405. $db->query('DELETE FROM '.$db->prefix.'users WHERE id IN ('.implode(',', $user_ids).')') or error('Unable to delete users', __FILE__, __LINE__, $db->error());
  406. // Delete user avatars
  407. foreach ($user_ids as $user_id)
  408. delete_avatar($user_id);
  409. // Regenerate the users info cache
  410. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  411. require PUN_ROOT.'include/cache.php';
  412. generate_users_info_cache();
  413. redirect('admin_users.php', $lang_admin_users['Users delete redirect']);
  414. }
  415. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Users'], $lang_admin_users['Delete users']);
  416. define('PUN_ACTIVE_PAGE', 'admin');
  417. require PUN_ROOT.'header.php';
  418. generate_admin_menu('users');
  419. ?>
  420. <div class="blockform">
  421. <h2><span><?php echo $lang_admin_users['Delete users'] ?></span></h2>
  422. <div class="box">
  423. <form name="confirm_del_users" method="post" action="admin_users.php">
  424. <input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
  425. <div class="inform">
  426. <fieldset>
  427. <legend><?php echo $lang_admin_users['Confirm delete legend'] ?></legend>
  428. <div class="infldset">
  429. <p><?php echo $lang_admin_users['Confirm delete info'] ?></p>
  430. <div class="rbox">
  431. <label><input type="checkbox" name="delete_posts" value="1" checked="checked" /><?php echo $lang_admin_users['Delete posts'] ?><br /></label>
  432. </div>
  433. <p class="warntext"><strong><?php echo $lang_admin_users['Delete warning'] ?></strong></p>
  434. </div>
  435. </fieldset>
  436. </div>
  437. <p class="buttons"><input type="submit" name="delete_users_comply" value="<?php echo $lang_admin_users['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_admin_common['Go back'] ?></a></p>
  438. </form>
  439. </div>
  440. </div>
  441. <div class="clearer"></div>
  442. </div>
  443. <?php
  444. require PUN_ROOT.'footer.php';
  445. }
  446. // Ban multiple users
  447. else if (isset($_POST['ban_users']) || isset($_POST['ban_users_comply']))
  448. {
  449. if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0'))
  450. message($lang_common['No permission'], false, '403 Forbidden');
  451. confirm_referrer('admin_users.php');
  452. if (isset($_POST['users']))
  453. {
  454. $user_ids = is_array($_POST['users']) ? array_keys($_POST['users']) : explode(',', $_POST['users']);
  455. $user_ids = array_map('intval', $user_ids);
  456. // Delete invalid IDs
  457. $user_ids = array_diff($user_ids, array(0, 1));
  458. }
  459. else
  460. $user_ids = array();
  461. if (empty($user_ids))
  462. message($lang_admin_users['No users selected']);
  463. // Are we trying to ban any admins?
  464. $result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'users WHERE id IN ('.implode(',', $user_ids).') AND group_id='.PUN_ADMIN) or error('Unable to fetch group info', __FILE__, __LINE__, $db->error());
  465. if ($db->result($result) > 0)
  466. message($lang_admin_users['No ban admins message']);
  467. // Also, we cannot ban moderators
  468. $result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id WHERE g.g_moderator=1 AND u.id IN ('.implode(',', $user_ids).')') or error('Unable to fetch moderator group info', __FILE__, __LINE__, $db->error());
  469. if ($db->result($result) > 0)
  470. message($lang_admin_users['No ban mods message']);
  471. if (isset($_POST['ban_users_comply']))
  472. {
  473. $ban_message = pun_trim($_POST['ban_message']);
  474. $ban_expire = pun_trim($_POST['ban_expire']);
  475. $ban_the_ip = isset($_POST['ban_the_ip']) ? intval($_POST['ban_the_ip']) : 0;
  476. if ($ban_expire != '' && $ban_expire != 'Never')
  477. {
  478. $ban_expire = strtotime($ban_expire.' GMT');
  479. if ($ban_expire == -1 || !$ban_expire)
  480. message($lang_admin_users['Invalid date message'].' '.$lang_admin_users['Invalid date reasons']);
  481. $diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600;
  482. $ban_expire -= $diff;
  483. if ($ban_expire <= time())
  484. message($lang_admin_users['Invalid date message'].' '.$lang_admin_users['Invalid date reasons']);
  485. }
  486. else
  487. $ban_expire = 'NULL';
  488. $ban_message = ($ban_message != '') ? '\''.$db->escape($ban_message).'\'' : 'NULL';
  489. // Fetch user information
  490. $user_info = array();
  491. $result = $db->query('SELECT id, username, email, registration_ip FROM '.$db->prefix.'users WHERE id IN ('.implode(',', $user_ids).')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  492. while ($cur_user = $db->fetch_assoc($result))
  493. $user_info[$cur_user['id']] = array('username' => $cur_user['username'], 'email' => $cur_user['email'], 'ip' => $cur_user['registration_ip']);
  494. // Overwrite the registration IP with one from the last post (if it exists)
  495. if ($ban_the_ip != 0)
  496. {
  497. $result = $db->query('SELECT p.poster_id, p.poster_ip FROM '.$db->prefix.'posts AS p INNER JOIN (SELECT MAX(id) AS id FROM '.$db->prefix.'posts WHERE poster_id IN ('.implode(',', $user_ids).') GROUP BY poster_id) AS i ON p.id=i.id') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
  498. while ($cur_address = $db->fetch_assoc($result))
  499. $user_info[$cur_address['poster_id']]['ip'] = $cur_address['poster_ip'];
  500. }
  501. // And insert the bans!
  502. foreach ($user_ids as $user_id)
  503. {
  504. $ban_username = '\''.$db->escape($user_info[$user_id]['username']).'\'';
  505. $ban_email = '\''.$db->escape($user_info[$user_id]['email']).'\'';
  506. $ban_ip = ($ban_the_ip != 0) ? '\''.$db->escape($user_info[$user_id]['ip']).'\'' : 'NULL';
  507. $db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire, ban_creator) VALUES('.$ban_username.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.', '.$pun_user['id'].')') or error('Unable to add ban', __FILE__, __LINE__, $db->error());
  508. }
  509. // Regenerate the bans cache
  510. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  511. require PUN_ROOT.'include/cache.php';
  512. generate_bans_cache();
  513. redirect('admin_users.php', $lang_admin_users['Users banned redirect']);
  514. }
  515. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Bans']);
  516. $focus_element = array('bans2', 'ban_message');
  517. define('PUN_ACTIVE_PAGE', 'admin');
  518. require PUN_ROOT.'header.php';
  519. generate_admin_menu('users');
  520. ?>
  521. <div class="blockform">
  522. <h2><span><?php echo $lang_admin_users['Ban users'] ?></span></h2>
  523. <div class="box">
  524. <form id="bans2" name="confirm_ban_users" method="post" action="admin_users.php">
  525. <input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
  526. <div class="inform">
  527. <fieldset>
  528. <legend><?php echo $lang_admin_users['Message expiry subhead'] ?></legend>
  529. <div class="infldset">
  530. <table class="aligntop">
  531. <tr>
  532. <th scope="row"><?php echo $lang_admin_users['Ban message label'] ?></th>
  533. <td>
  534. <input type="text" name="ban_message" size="50" maxlength="255" tabindex="1" />
  535. <span><?php echo $lang_admin_users['Ban message help'] ?></span>
  536. </td>
  537. </tr>
  538. <tr>
  539. <th scope="row"><?php echo $lang_admin_users['Expire date label'] ?></th>
  540. <td>
  541. <input type="text" name="ban_expire" size="17" maxlength="10" tabindex="2" />
  542. <span><?php echo $lang_admin_users['Expire date help'] ?></span>
  543. </td>
  544. </tr>
  545. <tr>
  546. <th scope="row"><?php echo $lang_admin_users['Ban IP label'] ?></th>
  547. <td>
  548. <label class="conl"><input type="radio" name="ban_the_ip" tabindex="3" value="1" checked="checked" />&#160;<strong><?php echo $lang_admin_common['Yes'] ?></strong></label>
  549. <label class="conl"><input type="radio" name="ban_the_ip" tabindex="4" value="0" checked="checked" />&#160;<strong><?php echo $lang_admin_common['No'] ?></strong></label>
  550. <span class="clearb"><?php echo $lang_admin_users['Ban IP help'] ?></span>
  551. </td>
  552. </tr>
  553. </table>
  554. </div>
  555. </fieldset>
  556. </div>
  557. <p class="submitend"><input type="submit" name="ban_users_comply" value="<?php echo $lang_admin_common['Save'] ?>" tabindex="3" /></p>
  558. </form>
  559. </div>
  560. </div>
  561. <div class="clearer"></div>
  562. </div>
  563. <?php
  564. require PUN_ROOT.'footer.php';
  565. }
  566. else if (isset($_GET['find_user']))
  567. {
  568. $form = isset($_GET['form']) ? $_GET['form'] : array();
  569. // trim() all elements in $form
  570. $form = array_map('pun_trim', $form);
  571. $conditions = $query_str = array();
  572. $posts_greater = isset($_GET['posts_greater']) ? pun_trim($_GET['posts_greater']) : '';
  573. $posts_less = isset($_GET['posts_less']) ? pun_trim($_GET['posts_less']) : '';
  574. $last_post_after = isset($_GET['last_post_after']) ? pun_trim($_GET['last_post_after']) : '';
  575. $last_post_before = isset($_GET['last_post_before']) ? pun_trim($_GET['last_post_before']) : '';
  576. $last_visit_after = isset($_GET['last_visit_after']) ? pun_trim($_GET['last_visit_after']) : '';
  577. $last_visit_before = isset($_GET['last_visit_before']) ? pun_trim($_GET['last_visit_before']) : '';
  578. $registered_after = isset($_GET['registered_after']) ? pun_trim($_GET['registered_after']) : '';
  579. $registered_before = isset($_GET['registered_before']) ? pun_trim($_GET['registered_before']) : '';
  580. $order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'email', 'num_posts', 'last_post', 'last_visit', 'registered')) ? $_GET['order_by'] : 'username';
  581. $direction = isset($_GET['direction']) && $_GET['direction'] == 'DESC' ? 'DESC' : 'ASC';
  582. $user_group = isset($_GET['user_group']) ? intval($_GET['user_group']) : -1;
  583. $query_str[] = 'order_by='.$order_by;
  584. $query_str[] = 'direction='.$direction;
  585. $query_str[] = 'user_group='.$user_group;
  586. if (preg_match('%[^0-9]%', $posts_greater.$posts_less))
  587. message($lang_admin_users['Non numeric message']);
  588. // Try to convert date/time to timestamps
  589. if ($last_post_after != '')
  590. {
  591. $query_str[] = 'last_post_after='.$last_post_after;
  592. $last_post_after = strtotime($last_post_after);
  593. if ($last_post_after === false || $last_post_after == -1)
  594. message($lang_admin_users['Invalid date time message']);
  595. $conditions[] = 'u.last_post>'.$last_post_after;
  596. }
  597. if ($last_post_before != '')
  598. {
  599. $query_str[] = 'last_post_before='.$last_post_before;
  600. $last_post_before = strtotime($last_post_before);
  601. if ($last_post_before === false || $last_post_before == -1)
  602. message($lang_admin_users['Invalid date time message']);
  603. $conditions[] = 'u.last_post<'.$last_post_before;
  604. }
  605. if ($last_visit_after != '')
  606. {
  607. $query_str[] = 'last_visit_after='.$last_visit_after;
  608. $last_visit_after = strtotime($last_visit_after);
  609. if ($last_visit_after === false || $last_visit_after == -1)
  610. message($lang_admin_users['Invalid date time message']);
  611. $conditions[] = 'u.last_visit>'.$last_visit_after;
  612. }
  613. if ($last_visit_before != '')
  614. {
  615. $query_str[] = 'last_visit_before='.$last_visit_before;
  616. $last_visit_before = strtotime($last_visit_before);
  617. if ($last_visit_before === false || $last_visit_before == -1)
  618. message($lang_admin_users['Invalid date time message']);
  619. $conditions[] = 'u.last_visit<'.$last_visit_before;
  620. }
  621. if ($registered_after != '')
  622. {
  623. $query_str[] = 'registered_after='.$registered_after;
  624. $registered_after = strtotime($registered_after);
  625. if ($registered_after === false || $registered_after == -1)
  626. message($lang_admin_users['Invalid date time message']);
  627. $conditions[] = 'u.registered>'.$registered_after;
  628. }
  629. if ($registered_before != '')
  630. {
  631. $query_str[] = 'registered_before='.$registered_before;
  632. $registered_before = strtotime($registered_before);
  633. if ($registered_before === false || $registered_before == -1)
  634. message($lang_admin_users['Invalid date time message']);
  635. $conditions[] = 'u.registered<'.$registered_before;
  636. }
  637. $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE';
  638. foreach ($form as $key => $input)
  639. {
  640. if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'url', 'jabber', 'icq', 'msn', 'aim', 'yahoo', 'location', 'signature', 'admin_note')))
  641. {
  642. $conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\'';
  643. $query_str[] = 'form%5B'.$key.'%5D='.urlencode($input);
  644. }
  645. }
  646. if ($posts_greater != '')
  647. {
  648. $query_str[] = 'posts_greater='.$posts_greater;
  649. $conditions[] = 'u.num_posts>'.$posts_greater;
  650. }
  651. if ($posts_less != '')
  652. {
  653. $query_str[] = 'posts_less='.$posts_less;
  654. $conditions[] = 'u.num_posts<'.$posts_less;
  655. }
  656. if ($user_group > -1)
  657. $conditions[] = 'u.group_id='.$user_group;
  658. // Fetch user count
  659. $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($conditions) ? ' AND '.implode(' AND ', $conditions) : '')) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  660. $num_users = $db->result($result);
  661. // Determine the user offset (based on $_GET['p'])
  662. $num_pages = ceil($num_users / 50);
  663. $p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
  664. $start_from = 50 * ($p - 1);
  665. // Generate paging links
  666. $paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.paginate($num_pages, $p, 'admin_users.php?find_user=&amp;'.implode('&amp;', $query_str));
  667. // Some helper variables for permissions
  668. $can_delete = $can_move = $pun_user['g_id'] == PUN_ADMIN;
  669. $can_ban = $pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '1');
  670. $can_action = ($can_delete || $can_ban || $can_move) && $num_users > 0;
  671. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Users'], $lang_admin_users['Results head']);
  672. $page_head = array('js' => '<script type="text/javascript" src="common.js"></script>');
  673. define('PUN_ACTIVE_PAGE', 'admin');
  674. require PUN_ROOT.'header.php';
  675. ?>
  676. <div class="linkst">
  677. <div class="inbox crumbsplus">
  678. <ul class="crumbs">
  679. <li><a href="admin_index.php"><?php echo $lang_admin_common['Admin'].' '.$lang_admin_common['Index'] ?></a></li>
  680. <li><span>»&#160;</span><a href="admin_users.php"><?php echo $lang_admin_common['Users'] ?></a></li>
  681. <li><span>»&#160;</span><strong><?php echo $lang_admin_users['Results head'] ?></strong></li>
  682. </ul>
  683. <div class="pagepost">
  684. <p class="pagelink"><?php echo $paging_links ?></p>
  685. </div>
  686. <div class="clearer"></div>
  687. </div>
  688. </div>
  689. <form id="search-users-form" action="admin_users.php" method="post">
  690. <div id="users2" class="blocktable">
  691. <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>
  692. <div class="box">
  693. <div class="inbox">
  694. <table>
  695. <thead>
  696. <tr>
  697. <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th>
  698. <th class="tc2" scope="col"><?php echo $lang_admin_users['Results e-mail head'] ?></th>
  699. <th class="tc3" scope="col"><?php echo $lang_admin_users['Results title head'] ?></th>
  700. <th class="tc4" scope="col"><?php echo $lang_admin_users['Results posts head'] ?></th>
  701. <th class="tc5" scope="col"><?php echo $lang_admin_users['Results admin note head'] ?></th>
  702. <th class="tcr" scope="col"><?php echo $lang_admin_users['Results actions head'] ?></th>
  703. <?php if ($can_action): ?> <th class="tcmod" scope="col"><?php echo $lang_admin_users['Select'] ?></th>
  704. <?php endif; ?>
  705. </tr>
  706. </thead>
  707. <tbody>
  708. <?php
  709. $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($conditions) ? ' AND '.implode(' AND ', $conditions) : '').' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction).' LIMIT '.$start_from.', 50') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  710. if ($db->num_rows($result))
  711. {
  712. while ($user_data = $db->fetch_assoc($result))
  713. {
  714. $user_title = get_title($user_data);
  715. // This script is a special case in that we want to display "Not verified" for non-verified users
  716. if (($user_data['g_id'] == '' || $user_data['g_id'] == PUN_UNVERIFIED) && $user_title != $lang_common['Banned'])
  717. $user_title = '<span class="warntext">'.$lang_admin_users['Not verified'].'</span>';
  718. $actions = '<a href="admin_users.php?ip_stats='.$user_data['id'].'">'.$lang_admin_users['Results view IP link'].'</a> | <a href="search.php?action=show_user_posts&amp;user_id='.$user_data['id'].'">'.$lang_admin_users['Results show posts link'].'</a>';
  719. ?>
  720. <tr>
  721. <td class="tcl"><?php echo '<a href="profile.php?id='.$user_data['id'].'">'.pun_htmlspecialchars($user_data['username']).'</a>' ?></td>
  722. <td class="tc2"><a href="mailto:<?php echo pun_htmlspecialchars($user_data['email']) ?>"><?php echo pun_htmlspecialchars($user_data['email']) ?></a></td>
  723. <td class="tc3"><?php echo $user_title ?></td>
  724. <td class="tc4"><?php echo forum_number_format($user_data['num_posts']) ?></td>
  725. <td class="tc5"><?php echo ($user_data['admin_note'] != '') ? pun_htmlspecialchars($user_data['admin_note']) : '&#160;' ?></td>
  726. <td class="tcr"><?php echo $actions ?></td>
  727. <?php if ($can_action): ?> <td class="tcmod"><input type="checkbox" name="users[<?php echo $user_data['id'] ?>]" value="1" /></td>
  728. <?php endif; ?>
  729. </tr>
  730. <?php
  731. }
  732. }
  733. else
  734. echo "\t\t\t\t".'<tr><td class="tcl" colspan="6">'.$lang_admin_users['No match'].'</td></tr>'."\n";
  735. ?>
  736. </tbody>
  737. </table>
  738. </div>
  739. </div>
  740. </div>
  741. <div class="linksb">
  742. <div class="inbox crumbsplus">
  743. <div class="pagepost">
  744. <p class="pagelink"><?php echo $paging_links ?></p>
  745. <?php if ($can_action): ?> <p class="conr modbuttons"><a href="#" onclick="return select_checkboxes('search-users-form', this, '<?php echo $lang_admin_users['Unselect all'] ?>')"><?php echo $lang_admin_users['Select all'] ?></a> <?php if ($can_ban) : ?><input type="submit" name="ban_users" value="<?php echo $lang_admin_users['Ban'] ?>" /><?php endif; if ($can_delete) : ?><input type="submit" name="delete_users" value="<?php echo $lang_admin_users['Delete'] ?>" /><?php endif; if ($can_move) : ?><input type="submit" name="move_users" value="<?php echo $lang_admin_users['Change group'] ?>" /><?php endif; ?></p>
  746. <?php endif; ?>
  747. </div>
  748. <ul class="crumbs">
  749. <li><a href="admin_index.php"><?php echo $lang_admin_common['Admin'].' '.$lang_admin_common['Index'] ?></a></li>
  750. <li><span>»&#160;</span><a href="admin_users.php"><?php echo $lang_admin_common['Users'] ?></a></li>
  751. <li><span>»&#160;</span><strong><?php echo $lang_admin_users['Results head'] ?></strong></li>
  752. </ul>
  753. <div class="clearer"></div>
  754. </div>
  755. </div>
  756. </form>
  757. <?php
  758. require PUN_ROOT.'footer.php';
  759. }
  760. else
  761. {
  762. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Users']);
  763. $focus_element = array('find_user', 'form[username]');
  764. define('PUN_ACTIVE_PAGE', 'admin');
  765. require PUN_ROOT.'header.php';
  766. generate_admin_menu('users');
  767. ?>
  768. <div class="blockform">
  769. <h2><span><?php echo $lang_admin_users['User search head'] ?></span></h2>
  770. <div class="box">
  771. <form id="find_user" method="get" action="admin_users.php">
  772. <p class="submittop"><input type="submit" name="find_user" value="<?php echo $lang_admin_users['Submit search'] ?>" tabindex="1" /></p>
  773. <div class="inform">
  774. <fieldset>
  775. <legend><?php echo $lang_admin_users['User search subhead'] ?></legend>
  776. <div class="infldset">
  777. <p><?php echo $lang_admin_users['User search info'] ?></p>
  778. <table class="aligntop">
  779. <tr>
  780. <th scope="row"><?php echo $lang_admin_users['Username label'] ?></th>
  781. <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="2" /></td>
  782. </tr>
  783. <tr>
  784. <th scope="row"><?php echo $lang_admin_users['E-mail address label'] ?></th>
  785. <td><input type="text" name="form[email]" size="30" maxlength="80" tabindex="3" /></td>
  786. </tr>
  787. <tr>
  788. <th scope="row"><?php echo $lang_admin_users['Title label'] ?></th>
  789. <td><input type="text" name="form[title]" size="30" maxlength="50" tabindex="4" /></td>
  790. </tr>
  791. <tr>
  792. <th scope="row"><?php echo $lang_admin_users['Real name label'] ?></th>
  793. <td><input type="text" name="form[realname]" size="30" maxlength="40" tabindex="5" /></td>
  794. </tr>
  795. <tr>
  796. <th scope="row"><?php echo $lang_admin_users['Website label'] ?></th>
  797. <td><input type="text" name="form[url]" size="35" maxlength="100" tabindex="6" /></td>
  798. </tr>
  799. <tr>
  800. <th scope="row"><?php echo $lang_admin_users['Jabber label'] ?></th>
  801. <td><input type="text" name="form[jabber]" size="30" maxlength="75" tabindex="7" /></td>
  802. </tr>
  803. <tr>
  804. <th scope="row"><?php echo $lang_admin_users['ICQ label'] ?></th>
  805. <td><input type="text" name="form[icq]" size="12" maxlength="12" tabindex="8" /></td>
  806. </tr>
  807. <tr>
  808. <th scope="row"><?php echo $lang_admin_users['MSN label'] ?></th>
  809. <td><input type="text" name="form[msn]" size="30" maxlength="50" tabindex="9" /></td>
  810. </tr>
  811. <tr>
  812. <th scope="row"><?php echo $lang_admin_users['AOL label'] ?></th>
  813. <td><input type="text" name="form[aim]" size="20" maxlength="20" tabindex="10" /></td>
  814. </tr>
  815. <tr>
  816. <th scope="row"><?php echo $lang_admin_users['Yahoo label'] ?></th>
  817. <td><input type="text" name="form[yahoo]" size="20" maxlength="20" tabindex="11" /></td>
  818. </tr>
  819. <tr>
  820. <th scope="row"><?php echo $lang_admin_users['Location label'] ?></th>
  821. <td><input type="text" name="form[location]" size="30" maxlength="30" tabindex="12" /></td>
  822. </tr>
  823. <tr>
  824. <th scope="row"><?php echo $lang_admin_users['Signature label'] ?></th>
  825. <td><input type="text" name="form[signature]" size="35" maxlength="512" tabindex="13" /></td>
  826. </tr>
  827. <tr>
  828. <th scope="row"><?php echo $lang_admin_users['Admin note label'] ?></th>
  829. <td><input type="text" name="form[admin_note]" size="30" maxlength="30" tabindex="14" /></td>
  830. </tr>
  831. <tr>
  832. <th scope="row"><?php echo $lang_admin_users['Posts more than label'] ?></th>
  833. <td><input type="text" name="posts_greater" size="5" maxlength="8" tabindex="15" /></td>
  834. </tr>
  835. <tr>
  836. <th scope="row"><?php echo $lang_admin_users['Posts less than label'] ?></th>
  837. <td><input type="text" name="posts_less" size="5" maxlength="8" tabindex="16" /></td>
  838. </tr>
  839. <tr>
  840. <th scope="row"><?php echo $lang_admin_users['Last post after label'] ?></th>
  841. <td><input type="text" name="last_post_after" size="24" maxlength="19" tabindex="17" />
  842. <span><?php echo $lang_admin_users['Date help'] ?></span></td>
  843. </tr>
  844. <tr>
  845. <th scope="row"><?php echo $lang_admin_users['Last post before label'] ?></th>
  846. <td><input type="text" name="last_post_before" size="24" maxlength="19" tabindex="18" />
  847. <span><?php echo $lang_admin_users['Date help'] ?></span></td>
  848. </tr>
  849. <tr>
  850. <th scope="row"><?php echo $lang_admin_users['Last visit after label'] ?></th>
  851. <td><input type="text" name="last_visit_after" size="24" maxlength="19" tabindex="17" />
  852. <span><?php echo $lang_admin_users['Date help'] ?></span></td>
  853. </tr>
  854. <tr>
  855. <th scope="row"><?php echo $lang_admin_users['Last visit before label'] ?></th>
  856. <td><input type="text" name="last_visit_before" size="24" maxlength="19" tabindex="18" />
  857. <span><?php echo $lang_admin_users['Date help'] ?></span></td>
  858. </tr>
  859. <tr>
  860. <th scope="row"><?php echo $lang_admin_users['Registered after label'] ?></th>
  861. <td><input type="text" name="registered_after" size="24" maxlength="19" tabindex="19" />
  862. <span><?php echo $lang_admin_users['Date help'] ?></span></td>
  863. </tr>
  864. <tr>
  865. <th scope="row"><?php echo $lang_admin_users['Registered before label'] ?></th>
  866. <td><input type="text" name="registered_before" size="24" maxlength="19" tabindex="20" />
  867. <span><?php echo $lang_admin_users['Date help'] ?></span></td>
  868. </tr>
  869. <tr>
  870. <th scope="row"><?php echo $lang_admin_users['Order by label'] ?></th>
  871. <td>
  872. <select name="order_by" tabindex="21">
  873. <option value="username" selected="selected"><?php echo $lang_admin_users['Order by username'] ?></option>
  874. <option value="email"><?php echo $lang_admin_users['Order by e-mail'] ?></option>
  875. <option value="num_posts"><?php echo $lang_admin_users['Order by posts'] ?></option>
  876. <option value="last_post"><?php echo $lang_admin_users['Order by last post'] ?></option>
  877. <option value="last_visit"><?php echo $lang_admin_users['Order by last visit'] ?></option>
  878. <option value="registered"><?php echo $lang_admin_users['Order by registered'] ?></option>
  879. </select>&#160;&#160;&#160;<select name="direction" tabindex="22">
  880. <option value="ASC" selected="selected"><?php echo $lang_admin_users['Ascending'] ?></option>
  881. <option value="DESC"><?php echo $lang_admin_users['Descending'] ?></option>
  882. </select>
  883. </td>
  884. </tr>
  885. <tr>
  886. <th scope="row"><?php echo $lang_admin_users['User group label'] ?></th>
  887. <td>
  888. <select name="user_group" tabindex="23">
  889. <option value="-1" selected="selected"><?php echo $lang_admin_users['All groups'] ?></option>
  890. <option value="0"><?php echo $lang_admin_users['Unverified users'] ?></option>
  891. <?php
  892. $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
  893. while ($cur_group = $db->fetch_assoc($result))
  894. echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
  895. ?>
  896. </select>
  897. </td>
  898. </tr>
  899. </table>
  900. </div>
  901. </fieldset>
  902. </div>
  903. <p class="submitend"><input type="submit" name="find_user" value="<?php echo $lang_admin_users['Submit search'] ?>" tabindex="25" /></p>
  904. </form>
  905. </div>
  906. <h2 class="block2"><span><?php echo $lang_admin_users['IP search head'] ?></span></h2>
  907. <div class="box">
  908. <form method="get" action="admin_users.php">
  909. <div class="inform">
  910. <fieldset>
  911. <legend><?php echo $lang_admin_users['IP search subhead'] ?></legend>
  912. <div class="infldset">
  913. <table class="aligntop">
  914. <tr>
  915. <th scope="row"><?php echo $lang_admin_users['IP address label'] ?><div><input type="submit" value="<?php echo $lang_admin_users['Find IP address'] ?>" tabindex="26" /></div></th>
  916. <td><input type="text" name="show_users" size="18" maxlength="15" tabindex="24" />
  917. <span><?php echo $lang_admin_users['IP address help'] ?></span></td>
  918. </tr>
  919. </table>
  920. </div>
  921. </fieldset>
  922. </div>
  923. </form>
  924. </div>
  925. </div>
  926. <div class="clearer"></div>
  927. </div>
  928. <?php
  929. require PUN_ROOT.'footer.php';
  930. }