/forum/toolkit.php

Large files files are truncated, but you can click here to view the full file

<?php



// PHPBB Admin ToolKit, v2.1b - Starfoxtj (starfoxtj@yahoo.com)

// Copyright 2007 - Starfoxtj

// This script is NOT released under the GPL:







/*****************************************************************************************************





By using this script you agree to the following:





1. You may modify any portion of this script for personal/business use. This includes changing the

   look, style, messages, functions, behavior etc. Note that any modifications outside of the standard

   configuration options may negatively affect the security of this script if the modification is not

   written properly and securely.

   Note: If the script has been modified, I ask that you at least retain the toolkit name, and

   my name (Starfoxtj), as a link to: http://starfoxtj.no-ip.com/phpbb/uploadtoolkit on the header

   or footer of every page. You are not required to list this information, but by removing it you may

   be forfeiting your support for this product. (Similar to the phpbb copyright agreement)

2. Ownership of this script remains with Starfoxtj regardless of how this script was acquired.

3. You may NOT sell any portion of this script, even if it is contained within another package

   without prior consent from Starfoxtj.

4. You may NOT hold Starfoxtj liable for any direct or indirect consequences of using this script.

   Many hours have been spent ensuring that this script is as secure as possible. However nothing

   can be 100% guaranteed.

   If a security hole has been found, please contact me immediately at: starfoxtj@yahoo.com





5. You  MAY distribute this script stand alone, or with another package without any prior permission

   at no charge. You may NOT however, distribute this script if any modifications have been made

   without the consent of Starfoxtj. Meaning, only the unmodified original may be freely distributed

   (at no charge).



   I personally recommended you only download this script from:

	http://starfoxtj.no-ip.com/phpbb/toolkit



   If the script was downloaded form another location, it IS possible that it may have been altered.





******************************************************************************************************/





// You may set a password here if you would rather not use the toolkit_config.php



$use_toolkit_config_file = 'yes';			// Change this to 'No' to set the password in the toolkit.php itself like in previous releases

$use_hashed_in_file_passwords = 'no';			// Change this if you want to use hashed admin/mod passwords specified in the toolkit (the toolkit_config.php file will use hashed passwords regardless)

$adminpassword = 'ENTER_ADMIN_PASSWORD_HERE';		// Note: I HIGHLY recommend using a password at least 16 characters long!

$modpassword = 'ENTER_MOD_PASSWORD_HERE';		// Leave blank to disable mod login





// Option 1: Allow Mods to Ban/UnBan Users?

$modban = 'yes'; // 'yes' : 'no'





// Option 2: Allow Mods to Change User Post Count?

$modpost = 'no'; // 'yes' : 'no'





// Option 3: Allow Mods to Change User Ranks?

$modrank = 'yes'; // 'yes' : 'no'





// Option 4: Allow Mods to Delete Users?

$moddelete = 'no'; // 'yes' : 'no'





// Option 5: Update check URLs

// Note: To disable checking for updates for phpbb, set the phpbb URL to 'none'

// Note: To disable checking for updates for this toolkit, set the toolkit URL to 'none'

// The default phpbb url is: http://www.phpbb.com/updatecheck/20x.txt

// The default toolkit url is: http://starfoxtj.no-ip.com/phpBB/toolkit/updatecheck/2.x.txt

$update_url['phpbb'] = 'http://www.phpbb.com/updatecheck/20x.txt';

$update_url['toolkit'] = 'http://starfoxtj.no-ip.com/phpBB/toolkit/updatecheck/2.x.txt';











//  Lets begin the coding!

//

// (CHANGE INFORMATION AFTER THIS LINE WITH CAUTION!)

//

//

//









session_start();



$_SESSION['toolkitversion'] = '2.1b';

$_SESSION['toolkit_title'] = '<b><a href="index.php"><font size="5" color="#000000">PHPBB Admin ToolKit '.$_SESSION['toolkitversion'].'</b></font></a><font size="5"> - <a href="http://starfoxtj.no-ip.com/phpbb/toolkit" target="_blank">Starfoxtj</a></font>';

$_SESSION['toolkit_title_nversion'] = '<b><a href="index.php"><font size="5" color="#000000">PHPBB Admin ToolKit</b></font></a><font size="5"> - <a href="http://starfoxtj.no-ip.com/phpbb/toolkit" target="_blank">Starfoxtj</a></font>';

$_SESSION['copyrightfooter'] = '<br /><center><hr width="90%"><font size="2">PHPBB Admin ToolKit '.$_SESSION['toolkitversion'].' Š 2007 - <a href="mailto:starfoxtj@yahoo.com">Starfoxtj</a></font></center>';



$phpbb_root_path = './';



// Set global information and start db access



if( file_exists( 'config.php' ) )



   {



	include( 'config.php' );



	if( $dbms == 'mysql' || $dbms == 'mysql4' )

	

	   { 

	

		$db = @mysql_connect("$dbhost", "$dbuser", "$dbpasswd")

		or die( 'Could not connect to database: '.mysql_error() );

	

		@mysql_select_db($dbname)

		or die( 'Could not select database: '.mysql_error() );

	

	   }



	else



	   {



		die( 'This toolkit is only compatible with MySQL databases.' );



	   }

   }





// Define Some Variables



$index = $_SERVER['PHP_SELF'];

$domain = $_SERVER['SERVER_NAME'];

$full_domain = 'http://'.$domain;



if( file_exists( 'config.php' ) )



   {



	$phpbb_auth_access = $table_prefix."auth_access";

	$phpbb_config = $table_prefix."config";

	$phpbb_banlist = $table_prefix."banlist";

	$phpbb_users = $table_prefix."users";

	$phpbb_ranks = $table_prefix."ranks";

	$phpbb_vote_voters = $table_prefix."vote_voters";

	$phpbb_user_group = $table_prefix."user_group";

	$phpbb_groups = $table_prefix."groups";

	$phpbb_posts = $table_prefix."posts";

	$phpbb_posts_text = $table_prefix."posts_text";

	$phpbb_topics = $table_prefix."topics";

	$phpbb_forums = $table_prefix."forums";

	$phpbb_themes = $table_prefix."themes";

	$phpbb_themes_name = $table_prefix."themes_name";

	$phpbb_sessions = $table_prefix."sessions";

	$phpbb_sessions_keys = $table_prefix."sessions_keys";

	$phpbb_topics_watch = $table_prefix."topics_watch";

	$phpbb_privmsgs = $table_prefix."privmsgs";

	$phpbb_privmsgs_text = $table_prefix."privmsgs_text";



	$phpbb_version_result = mysql_query("SELECT * FROM $phpbb_config WHERE config_name='version'")

	or die( 'MySQL Error: '.mysql_error() );

	$myrow_phpbb_version = mysql_fetch_array($phpbb_version_result);

	$phpbb_version = $myrow_phpbb_version['config_value'];



   }



$script_folder = substr( $index, 1, -(strlen( end( explode( '/', $index ) ) ) + 1 ) );





// Set the errors to only display one of each error



if( isset( $_SESSION['errors']['index'] ) )



   {



	$_SESSION['errors']['index'] = array_unique( $_SESSION['errors']['index'] );



   }



if( isset( $_SESSION['errors']['edituser'] ) )



   {



	$_SESSION['errors']['edituser'] = array_unique( $_SESSION['errors']['edituser'] );



   }



if( isset( $_SESSION['errors']['config'] ) )



   {



	$_SESSION['errors']['config'] = array_unique( $_SESSION['errors']['config'] );



   }







/////////////////////////////////////////

//

//	Check and Create config.php

//



if( !file_exists( 'config.php' ) )



   { //-.2-a 





	if( isset( $_POST['configphp_setup'] ) )



	   { //-.1-a.1 





		if( $_POST['dbhost'] == '' ||

		$_POST['dbuser'] == '' ||

		$_POST['dbpasswd'] == '' || 

		$_POST['dbname'] == '' )



		   {



			$_SESSION['configphp_error'] = '<b>Error:</b> All fields must be filled in.';

			header( "Location: $index" );

			die();



		   }



		@chmod( "../$script_folder", 0777 )

		or die( "Could not CHMOD $script_folder folder to create config.php!<br />

		You can either change the CHMOD settings manually to 777, or create the config.php file by copying the following information

		into notepad and specifying the database settings. Then save it as \"config.php\" and upload it to your $script_folder folder.<br /><br />

		Note: This assumes you are using MySQL4, if you are using MySQL3, replace \"mysql4\" with \"mysql\".<br /><br />



		<table border=\"0\" width=\"400\" cellpadding=\"5\"; style=\"border-top: black 1px solid; border-right: black 1px solid; border-left: black 1px solid; border-bottom: black 1px solid\" bgcolor=\"#f5f5f5\">

		 <tr>

		

			<td>

				<b>&lt;?php<br /><br />

				

				// phpBB 2.x auto-generated config file<br />

				// Do not change anything in this file!<br /><br />

				

				\$dbms = 'mysql4';<br /><br />

				

				\$dbhost = '<font color=\"#ff0000\">Your Host</font>';<br />

				\$dbname = '<font color=\"#ff0000\">Your Database Name</font>';<br />

				\$dbuser = '<font color=\"#ff0000\">Your Username</font>';<br />

				\$dbpasswd = '<font color=\"#ff0000\">Your Password</font>';<br /><br />

				

				\$table_prefix = 'phpbb_';<br /><br />

				

				define('PHPBB_INSTALLED', true);<br /><br />

				

				?&gt;</b>

		

			</td>

		

		 </tr>

		</table>" );





		@touch( 'config.php' )

		or die( "Could not create config.php!<br />

		You can either change the CHMOD settings manually to 777, or create the config.php file by copying the following information

		into notepad and specifying the database settings. Then save it as \"config.php\" and upload it to your $script_folder folder.<br /><br />

		Note: This assumes you are using MySQL4, if you are using MySQL3, replace \"mysql4\" with \"mysql\".<br /><br />



		<table border=\"0\" width=\"400\" cellpadding=\"5\"; style=\"border-top: black 1px solid; border-right: black 1px solid; border-left: black 1px solid; border-bottom: black 1px solid\" bgcolor=\"#f5f5f5\">

		 <tr>

		

			<td>

				<b>&lt;?php<br /><br />

				

				// phpBB 2.x auto-generated config file<br />

				// Do not change anything in this file!<br /><br />

				

				\$dbms = 'mysql4';<br /><br />

				

				\$dbhost = '<font color=\"#ff0000\">Your Host</font>';<br />

				\$dbname = '<font color=\"#ff0000\">Your Database Name</font>';<br />

				\$dbuser = '<font color=\"#ff0000\">Your Username</font>';<br />

				\$dbpasswd = '<font color=\"#ff0000\">Your Password</font>';<br /><br />

				

				\$table_prefix = 'phpbb_';<br /><br />

				

				define('PHPBB_INSTALLED', true);<br /><br />

				

				?&gt;</b>

		

			</td>

		

		 </tr>

		</table>" );











		$fp = fopen( 'config.php', "w" )

		or die ("The file config.php exists but could not be opened. Check the file permissions." );



		$dbms = $_POST['dbms'];

		$dbhost = $_POST['dbhost'];

		$dbuser = $_POST['dbuser'];

		$dbpasswd = $_POST['dbpasswd'];

		$dbname = $_POST['dbname'];

		$table_prefix = $_POST['table_prefix'];



		fwrite( $fp, "<?php





// phpBB 2.x auto-generated config file

// Do not change anything in this file!



\$dbms = '$dbms';



\$dbhost = '$dbhost';

\$dbname = '$dbname';

\$dbuser = '$dbuser';

\$dbpasswd = '$dbpasswd';



\$table_prefix = '$table_prefix';



define('PHPBB_INSTALLED', true);



?>" );



		fclose( $fp );



		chmod( "../$script_folder", 0755 );



		header( "Location: $index" );

		die();







	   } //-.1-a.1 



	else



	   { //-.1-a.2 



	

		session_destroy();

	

		?>

	

		<html>

		<head>

		<title>PHPBB Admin ToolKit v<?php echo $_SESSION['toolkitversion']; ?></title>

	

		<SCRIPT LANGUAGE="JavaScript">

		function placeFocus() {

		if (document.forms.length > 0) {

		var field = document.forms[0];

		for (i = 1; i < field.length; i++) {

		if ((field.elements[i].name == "dbhost") || (field.elements[i].type == "textarea") || (field.elements[i].type.toString().charAt(0) == "s")) {

		document.forms[0].elements[i].focus();

		break;

			 }

		      }

		   }

		}

		</script>

		

		</head>

	

		<body link="#0000ff" vlink="#0000ff" alink="#0000ff" OnLoad="placeFocus()">

	

		<center>

		<table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">

		<tr><td><div align="center"><?php echo $_SESSION['toolkit_title']; ?></div></td></tr>

		</table><br />

		</center>

	

		<center>

	

		<font size="4">PHPBB Admin ToolKit: Create Config.php file</font>

		<br /><br />



		Config.php file not found! You may create a new one by entering in the information below:<br /><br />



		<table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">

		 <tr>

	

			<td>

	

			<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">

		

			<table border="0" cellpadding="5" cellspacing="0">



			 <tr>

		

				<td>

		

				Database Type:

		

				</td>

		

				<td>

		

				<select name="dbms">

				<option value="mysql">MySQL 3.x</option>

				<option value="mysql4" selected>MySQL 4.x</option>

				<option value="postgres">PostgreSQL 7.x</option>

				<option value="mssql">MS SQL Server 7/2000</option>

				<option value="msaccess">MS Access [ ODBC ]</option>

				<option value="mssql-odbc">MS SQL Server [ ODBC ]</option></select>		

				</td>

		

			 </tr>

		

			 <tr>

		

				<td>

		

				Host:

		

				</td>

		

				<td>

		

				<input type="text" name="dbhost" lengh="20" size="20" maxlengh="255">

		

				</td>

		

			 </tr>



			 <tr>

		

				<td>

		

				Username:

		

				</td>

		

				<td>

		

				<input type="text" name="dbuser" lengh="20" size="20" maxlengh="255">

		

				</td>

		

			 </tr>

		

			 <tr>

		

				<td>

		

				Password:

		

				</td>

		

				<td>

		

				<input type="password" name="dbpasswd" lengh="20" size="20" maxlengh="255">

		

				</td>

		

			 </tr>



			 <tr>

		

				<td>

		

				Database:

		

				</td>

		

				<td>

		

				<input type="text" name="dbname" lengh="20" size="20" maxlengh="255">

		

				</td>

		

			 </tr>



			 <tr>

		

				<td>

		

				Table Prefix:

		

				</td>

		

				<td>

		

				<input type="text" name="table_prefix" value="phpbb_" lengh="20" size="20" maxlengh="255">

		

				</td>

		

			 </tr>

	

			 <tr>

		

				<td colspan="2" align="center">



				<input type="hidden" name="configphp_setup" value="1" />

		

				<br /><input TYPE="submit" VALUE="Create Config.php">

		

				</td>

		

			 </tr>

		

			</table>

		

			</form>

	

			</td>

	

		 </tr>

		</table>

		</center>

	

	

		<?php

	

		if( isset( $_SESSION['configphp_error'] ) )

	

		   {

	

			?>

	

				<center>

			<table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">

			 <tr>

	

				<td>

	

			<br /><br /><?php echo $_SESSION['configphp_error']; ?>

	

				</td>

	

			 </tr>

	

			</table>

	

	

			<?php		

	

		   }

	

		?>

	

		</body>

		</html>

	

	

	

		<?php





	   } //-.1-a.2 



	die();





   } //-.2-a 







/////////////////////////////////////////

//

//	Check and set fist time password

//



if( !file_exists( 'toolkit_config.php' ) && $use_toolkit_config_file == 'yes' )



   { //-.1-a 





	if( isset( $_POST['toolkitconfig_setup'] ) )



	   { //-.1-a.1 





		if( !isset( $_POST['admin_password'] ) || !isset( $_POST['admin_password_confirm'] ) )



		   {



			$_SESSION['toolkitconfig_error'] = '<b>Error:</b> Either the admin password was not specified, or the passwords did not match.';

			header( "Location: $index" );

			die();



		   }



		elseif( $_POST['admin_password']  == '' || $_POST['admin_password_confirm'] == '' )



		   {



			$_SESSION['toolkitconfig_error'] = '<b>Error:</b> Either the admin password was not specified, or the passwords did not match.';

			header( "Location: $index" );

			die();



		   }



		elseif( $_POST['admin_password']  != $_POST['admin_password_confirm'] )



		   {



			$_SESSION['toolkitconfig_error'] = '<b>Error:</b> The admin passwords do not match.';

			header( "Location: $index" );

			die();



		   }





		if( $_POST['mod_password'] != $_POST['mod_password_confirm'] )



		   {



			$_SESSION['toolkitconfig_error'] = '<b>Error:</b> The mod passwords do not match.';

			header( "Location: $index" );

			die();



		   }



		@chmod( "../$script_folder", 0777 )

		or die( "Could not CHMOD $script_folder to 777 to create toolkit_config.php!<br />

		1: Extract the toolkit.php file and open it with notepad.<br />

		2: Find \"\$use_toolkit_config_file\" on line 40.<br />

		3: Change the 'yes' to 'no'.<br />

		4: Replace both the admin and mod passwords on lines 41 and 42<br />

		5: Upload toolkit.php to your $script_folder folder." );





		@touch( 'toolkit_config.php' )

		or die( "Could not create toolkit_config.php, access denied!<br />

		Please install this script using method 2:<br /><br />

		1: Extract the toolkit.php file and open it with notepad.<br />

		2: Find \"\$use_toolkit_config_file\" on line 40.<br />

		3: Change the 'yes' to 'no'.<br />

		4: Replace both the admin and mod passwords on lines 41 and 42<br />

		5: Upload toolkit.php to your $script_folder folder." );









		$fp = fopen( 'toolkit_config.php', "w" )

		or die ("The file toolkit_config.php exists but could not be opened. Check the file permissions." );



		$version = $_SESSION['toolkitversion'];

		$adminpassword = md5( md5( $_POST['admin_password'] ) );

		$modpassword = md5( md5( $_POST['mod_password'] ) );



		fwrite( $fp, "<?php



////////////////////////////////////////////////////////////

//

// PHPBB Admin ToolKit v$version auto-generated config file.

//

// You may change the passwords in this file.



// Note: The passwords in this file are hashed for security.

// If you need to change your passwords, you can either use the MD5 Generator included

// near the bottom of the toolkit index.

// Or you can simply delete this toolkit_config.php file and run toolkit.php

// to recreate this file with the new passwords.

//

// NOTE: For security, the passwords for this toolkit have been DOUBLE hashed!

// Meaning, the password was hashed once using the md5() function, then the hash

// was hashed again using the md5() function. The code equivalent is: \$pass = md5( md5( 'password' ) );

// Because the password is double hashed, it should be almost completely uncrackable as

// a brute force/dictionary attack would have to first crack a 32 character password, THEN

// crack the result yielding the original password.

// This way, even if someone got your toolkit.config.php file it would in theory

// take the most powerful home computer over 10 years to break.

//







\$adminpassword = '$adminpassword';

\$modpassword = '$modpassword';



?>" );



		fclose( $fp );



		chmod( "../$script_folder", 0755 );



		header( "Location: $index" );

		die();







	   } //-.1-a.1 



	else



	   { //-.1-a.2 



	

		session_destroy();

	

		?>

	

		<html>

		<head>

		<title>PHPBB Admin ToolKit v<?php echo $_SESSION['toolkitversion']; ?></title>

	

		<SCRIPT LANGUAGE="JavaScript">

		function placeFocus() {

		if (document.forms.length > 0) {

		var field = document.forms[0];

		for (i = 0; i < field.length; i++) {

		if ((field.elements[i].name == "admin_password") || (field.elements[i].type == "textarea") || (field.elements[i].type.toString().charAt(0) == "s")) {

		document.forms[0].elements[i].focus();

		break;

			 }

		      }

		   }

		}

		</script>

		

		</head>

	

		<body link="#0000ff" vlink="#0000ff" alink="#0000ff" OnLoad="placeFocus()">

	

		<center>

		<table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">

		<tr><td><div align="center"><?php echo $_SESSION['toolkit_title']; ?></div></td></tr>

		</table><br />

		</center>

	

		<center>

	

		<font size="4">PHPBB Admin ToolKit: First Time Setup</font><br />

		

		<table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">

		 <tr>

	

			<td>

	

			<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">

		

			<table border="0" cellpadding="5" cellspacing="0">

		

			 <tr>

		

				<td>

		

				Specify Admin Password:

		

				</td>

		

				<td>

		

				<input type="password" name="admin_password" lengh="20" size="20" maxlengh="255">

		

				</td>

		

			 </tr>

		

			 <tr>

		

				<td>

		

				Confirm Admin Password:

		

				</td>

		

				<td>

		

				<input type="password" name="admin_password_confirm" lengh="20" size="20" maxlengh="255">

		

				</td>

		

			 </tr>

	

			 <tr>

		

				<td>

		

				<br />Specify ModPassword:

		

				</td>

		

				<td>

		

				<br /><input type="password" name="mod_password" lengh="20" size="20" maxlengh="255"> (Optional)

		

				</td>

		

			 </tr>

		

			 <tr>

		

				<td>

		

				Confirm Mod Password:

		

				</td>

		

				<td>

		

				<input type="password" name="mod_password_confirm" lengh="20" size="20" maxlengh="255"> (Optional)

		

				</td>

		

			 </tr>

		

			 <tr>

		

				<td colspan="2" align="center">



				<input type="hidden" name="toolkitconfig_setup" value=1 />

		

				<br /><input TYPE="submit" VALUE="   Enter   ">

		

				</td>

		

			 </tr>

		

			</table>

		

			</form>

	

			</td>

	

		 </tr>

		</table>

		</center>

	

	

		<?php

	

		if( isset( $_SESSION['toolkitconfig_error'] ) )

	

		   {

	

			?>

	

				<center>

			<table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">

			 <tr>

	

				<td>

	

			<br /><br /><?php echo $_SESSION['toolkitconfig_error']; ?>

	

				</td>

	

			 </tr>

	

			</table>

	

	

			<?php		

	

		   }

	

		?>

	

		</body>

		</html>

	

	

	

		<?php





	   } //-.1-a.2 



	die();





   } //-.1-a 



elseif( file_exists( 'toolkit_config.php' ) && $use_toolkit_config_file == 'yes' )



   {



	include( 'toolkit_config.php' );





   }







if( !isset( $_SESSION['user_level'] ) )



   { //-.1



	$_SESSION['user_level'] = "null";



   } //-.1





if( !isset( $_SESSION['AUTH'] ) )



   {



	$_SESSION['AUTH'] = array();



   }





// Safe SQL data function



function safe_sql( $data )



   {



	if ( get_magic_quotes_gpc() )

	

	   {

	

		$data = stripslashes( $data );

	

	   }





	if( phpversion() >= 4.3 )



	   {



		$data = mysql_real_escape_string( $data );



	   }



	else



	   {



		$data = mysql_escape_string( $data );



	   }



	

	$data = str_replace( '&', '&amp;', $data );

	$data = str_replace( '<', '&lt;', $data );

	$data = str_replace( '>', '&gt;', $data );

	

	return $data;



   }



function safe_html( $data )



   {



	$data = trim( $data );

	

	$data = str_replace( '&', '&amp;', $data );

	$data = str_replace( '<', '&lt;', $data );

	$data = str_replace( '>', '&gt;', $data );

	

	return $data;



   }



// Safe descriptions data function



function safe_desc( $data )



   {

	

	$data = str_replace( '&', '&amp;', $data );

	$data = str_replace( '<', '&lt;', $data );

	$data = str_replace( '>', '&gt;', $data );

	

	return $data;



   }



// make_time function



function make_time( $time )



   {



	// Set error value to false as no errors are generated yet



	$error = false;



	// Set vals to proper "type" (int)



	$mm = intval( $time['mm'] );

	$dd = intval( $time['dd'] );

	$yy = intval( $time['yy'] );



	$time_hh = intval( $time['time_hh'] );

	$time_mm = intval( $time['time_mm'] );

	$time_ss = intval( $time['time_ss'] );





	// Pad vals with leading zeros if single digets



	$mm = sprintf( "%02d", $mm );

	$dd = sprintf( "%02d", $dd );

	$yy = sprintf( "%02d", $yy );



	$time_hh = sprintf( "%02d", $time_hh );

	$time_mm = sprintf( "%02d", $time_mm );

	$time_ss = sprintf( "%02d", $time_ss );



	$time_ap = $time['time_ap'];







	// First check if specified date is a correct one



	if( !checkdate( $mm, $dd, $yy ) )



	   {



		$_SESSION['errors']['make_time'][] = 'You have entered an invalid date combination.';

		$error = true;

		return false;



	   }







	// Check if year is after 1970 (because thats when the timestamp starts)



	if( $yy < 1970 )



	   {



		$_SESSION['errors']['make_time'][] = 'Due to the Unix timestamp restriction, the year must not be before 1970.';

		$error = true;

		return false;



	   }







	// Now perform various checks on the time info



	if(



		(

		$time_hh > 12 ||

		$time_hh < 1  ||

		$time_mm > 60 ||

		$time_ss < 0  ||

		$time_ss > 60 ||

		$time_mm < 0

		)



		||



		(



		$time_ap != 'pm' &&

		$time_ap != 'am'



		) )



	   {



		$_SESSION['errors']['make_time'][] = 'You have entered an invalid time.';

		$error = true;

		return false;



	   }





	// Generate timestamp



	if( $time_ap == 'pm' )



	   {



		$time_hh += 12;



	   }



	if( $error == false )



	   {

		$time = mktime( $time_hh, $time_mm, $time_ss, $mm, $dd, $yy );

		return $time;



	   }



}





// Delete user core function

// Only the actual sql queries are here, the checks and options are in the delete_user() function



function delete_user_core( $user_id, $clear_posts = false, $retain_pms = false )



   {



	// Set global variables



	global $index;

	global $phpbb_version;



	global $phpbb_banlist;

	global $phpbb_user_group;

	global $phpbb_users;

	global $phpbb_groups;

	global $phpbb_posts;

	global $phpbb_posts_text;

	global $phpbb_topics;

	global $phpbb_vote_voters;

	global $phpbb_auth_access;

	global $phpbb_sessions;

	global $phpbb_sessions_keys;

	global $phpbb_privmsgs;

	global $phpbb_privmsgs_text;

	global $phpbb_topics_watch;







	// First things first, sanitize the $user_id



	$user_id = safe_sql( $user_id);





	//		

	// Obtain username and level based on user_id

	//



	$sql = "SELECT * FROM $phpbb_users WHERE user_id=$user_id LIMIT 1";



	$result = mysql_query($sql);

	$myrow = mysql_fetch_array($result);



	$username = safe_sql( $myrow['username'] );

	$user_level = safe_sql( $myrow['user_level'] );





	// Obtain first admin account to set as group mod if deleted user is a group mod (step 5)



	$sql = "SELECT * FROM $phpbb_users WHERE user_level=1 ORDER BY user_id ASC LIMIT 1";



	$result = mysql_query($sql);

	$myrow = mysql_fetch_array($result);



	$admin_id= safe_sql( $myrow['user_id'] );



	// Debug info:

	// echo '<pre>';

	// echo gettype( $myrow );

	// die( $admin_id );







	// This actually starts the delete process



	// **************************************************************

	//

	// First sql query is to collect group information about the user

	//

	// **************************************************************



	$sql = "SELECT g.group_id FROM $phpbb_user_group ug, $phpbb_groups g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND g.group_single_user = 1";



	$result = mysql_query($sql);

	$row = mysql_fetch_array($result);

	unset( $row[0] ); // Read note directly below about this line:





	// PHPBB's $row = $db->sql_fetchrow($result); line returns an array containg the user id:

	// Array

	// (

    	// 	[group_id] => 123

	// )



	// The mqsql fetch array used in this scrip: $myrow = mysql_fetch_array($result);

	// Returns the following:

	// Array

	// (

    	//	[0] => 123

    	//	[group_id] => 123

	// )



	// Therefore I unset the $row[0] element





	// Debugging info:

	// echo '<pre>';

	// print_r( $row );

	// echo"\n\n$username";

	// die();





	// ***************************************************************************

	//

	// Second sql query sets the poster id to the anonymous account for all posts

	// First query in this section is for the $clear_posts variable

	//

	// ***************************************************************************





	//

	// This check fixes the:

	//	Error deleting user's group from groups table:

	//	Line: 1477

	//	File: /toolkit.php

	//	Query: DELETE FROM `phpbb_groups` WHERE `group_id`=

	//	MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 

	//

	// Error message that was appearing in v2.1a because the returned value of $row was not correct





	// Debug for numeric check

	/* echo '<pre>';

	var_dump( $row );



	$i = is_numeric( '2 3' );

	var_dump( $i );

	die(); */



	if( !is_numeric( $row['group_id'] ) )



	   {



		echo '<font size="4"><b>An incorrect value has been returned for group_id in the \'phpbb_groups\' table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF'].'<br /><b>User ID: </b>'.$user_id.'<br /><b>Username: </b>'.$username.'<br /><b>Details:</b> This value should be a purely numeric integer. The value returned by the database is:<br /><pre>';

		var_dump( $row );

		echo '</pre><br />Please contact Starfoxtj at <a href="http://starfoxtj.no-ip.com">http://starfoxtj.no-ip.com</a> and report this error.';

		echo '<br /><br /><b>Note: </b> The script has halted before any changes to the database were made for this specific user.<br />All other users that were deleted before <b>'.$username.'</b> were properly removed.';

		echo '<br /><br /><b>Full envoirment details:</b><br /><pre>';

		var_dump( get_defined_vars() );

		die();



	   }





	// If clear posts is set to true, replace all posts made by user to "DELETED"



	if( $clear_posts == true )



	   {



		$sql = "SELECT `post_id` FROM `$phpbb_posts` WHERE `poster_id`=$user_id";

	

		if( !$result = mysql_query( $sql ) )

	

		   {

	

				die( '<font size="4"><b>Error selecting selecting posts to clear:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }

	

	

		// Assings the results of the above query into an array

	

		while($myrow = mysql_fetch_array($result))

	

		   {

	

			$marked_posts[] = $myrow['post_id'];

	

		   }





		// Makes mark an empty array if the user has no PMs

	

		if( !isset( $marked_posts ) )

	

		   {

	

			$marked_posts = array();

	

		   }





		// First check to see if user has any posts, if not skip replacing the posts



 		if( isset( $marked_posts ) && count( $marked_posts ) )



		   {

			

			$marked_posts = implode( ',', $marked_posts );

	

			$sql = "UPDATE `$phpbb_posts_text` SET `post_text`='DELETED' WHERE `post_id` IN ( $marked_posts )";



			// echo '<pre>';

			// echo $sql;

			// echo '<br />';

			// print_r( $marked_posts );

			// die();

	

			if( !$result = mysql_query( $sql ) )

		

			   {

		

					die( '<font size="4"><b>Error setting posts to DELETED:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

		

			   }



		   }







		// Sets the poster id to the anonymous account for all posts and replaces the username with DELETED

	

		$sql = "UPDATE `$phpbb_posts` SET `poster_id`=-1, `post_username`='DELETED' WHERE `poster_id`=$user_id";

	

		if( !$result = mysql_query( $sql ) )

	

		   {

	

				die( '<font size="4"><b>Error setting poster id to anonymous for deleted user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }

	   }



	else



	   {





		// Sets the poster id to the anonymous account for all posts, but retains the original username

	

		$sql = "UPDATE `$phpbb_posts` SET `poster_id`=-1, `post_username`='".str_replace( "\\'", "''", addslashes( $username ) )."' WHERE `poster_id`=$user_id";

	

		if( !$result = mysql_query( $sql ) )

	

		   {

	

				die( '<font size="4"><b>Error setting poster id to anonymous for deleted user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }



	   }





	// ***************************************************************************

	//

	// Third sql query sets the topic id to the anonymous account for all topics

	//

	// ***************************************************************************



	// If clear posts is set to true, replace all topics made by user to "DELETED"



	if( $clear_posts == true )



	   {



		$sql = "UPDATE `$phpbb_topics` SET `topic_title`='DELETED' WHERE `topic_poster`=$user_id";





		if( !$result = mysql_query( $sql ) )

	

		   {

	

				die( '<font size="4"><b>Error setting topics to DELETED:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }





		// Sets the topic id to the anonymous account for all topics and replaces the username with DELETED



		$sql = "UPDATE `$phpbb_topics` SET `topic_poster`=-1 WHERE `topic_poster`=$user_id";

	

		if( !$result = mysql_query( $sql ) )

	

		   {

	

				die( '<font size="4"><b>Error setting topic id poster to anonymous for deleted user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }

	   }



	else



	   {



	

		// Sets the poster id to the anonymous account for all posts, but retains the original username

	

		$sql = "UPDATE `$phpbb_topics` SET `topic_poster`=-1 WHERE `topic_poster`=$user_id";

	

		if( !$result = mysql_query( $sql ) )

	

		   {

	

				die( '<font size="4"><b>Error setting topic id poster to anonymous for deleted user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }



	   }





	// ***************************************************************************

	//

	// Fourth sql query sets the voter id to anonymous

	//

	// ***************************************************************************



	$sql = "UPDATE `$phpbb_vote_voters` SET `vote_user_id`=-1 WHERE `vote_user_id`=$user_id";



	if( !$result = mysql_query( $sql ) )



	   {



			die( '<font size="4"><b>Error setting voter ID to anonymous:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



	   }





	// ***************************************************************************

	//

	// Fifth sql query collects the phpbb_groups info and assigns it to the 

	// $group_mods array where the user is a moderator

	//

	// ***************************************************************************



	$sql = "SELECT `group_id` FROM `$phpbb_groups` WHERE `group_moderator`=$user_id";



	if( !$result = mysql_query( $sql ) )



	   {



			die( '<font size="4"><b>Error selecting groups where user is a moderator:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



	   }





	// Assings the results of the above query into an array



	while($myrow = mysql_fetch_array($result))



	   {



		$group_mod[] = $myrow['group_id'];



	   }



	// Debugging info:

	// echo '<pre>';

	// print_r( $group_mod );

	// die();





	// If the user is a moderator for any groups, this query assigns the

	// new mod status to the oldest admin account



	if( isset( $group_mod ) && count( $group_mod ) )



	   {



		//

		// Make SURE to insert a query here to check for the first admin account to associate as the new group moderator

		// after the deleted user is deleted!

		// Done



		// $admin_id = 3; //This is a temp static admin id that will be dymamic in the final release



		$update_mod_id = implode( ',', $group_mod );

		$sql = "UPDATE `$phpbb_groups` SET `group_moderator`=$admin_id WHERE `group_moderator` IN ( $update_mod_id )";



		// Debugging info:

		// echo '<pre>';

		// echo $sql;

		// die();



		if( !$result = mysql_query( $sql ) )



		   {



			die( '<font size="4"><b>Error setting new group moderator to oldest admin:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



		   }



	   }





	// ***************************************************************************

	//

	// Sixth sql query deletes the user from the phpbb_users table

	//

	// ***************************************************************************



	$sql = "DELETE FROM `$phpbb_users` WHERE `user_id`=$user_id";



	if( !$result = mysql_query( $sql ) )



	   {



		die( '<font size="4"><b>Error deleting user from users table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



	   }





	// ***************************************************************************

	//

	// Seventh sql query deletes the user from the phpbb_user_group table

	//

	// ***************************************************************************



	$sql = "DELETE FROM `$phpbb_user_group` WHERE `user_id`=$user_id";



	if( !$result = mysql_query( $sql ) )



	   {



		die( '<font size="4"><b>Error deleting user from user_group table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



	   }





	// ***************************************************************************

	//

	// Eighth sql query moved to the top to check and exit if error

	//

	// ***************************************************************************



	 $sql = "DELETE FROM `$phpbb_groups` WHERE `group_id`=".$row['group_id'];



	if( !$result = mysql_query( $sql ) )



	   {



		die( '<font size="4"><b>Error deleting user\'s group from groups table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



	   }





	// ***************************************************************************

	//

	// Ninth sql query deletes the user from the phpbb_auth_access table

	//

	// ***************************************************************************



	$sql = "DELETE FROM  `$phpbb_auth_access` WHERE `group_id`=".$row['group_id'];



	if( !$result = mysql_query( $sql ) )



	   {



		die( '<font size="4"><b>Error deleting user from auth_access table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



	   }





	// ***************************************************************************

	//

	// Tenth sql query deletes the user from the phpbb topics watch table

	//

	// ***************************************************************************



	$sql = "DELETE FROM `$phpbb_topics_watch` WHERE `user_id`=$user_id";



	if( !$result = mysql_query( $sql ) )



	   {



		die( '<font size="4"><b>Error deleting user from topics_watch table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



	   }





	// ***************************************************************************

	//

	// Eleventh sql query deletes the user from the banlist table

	//

	// ***************************************************************************



	$sql = "DELETE FROM `$phpbb_banlist` WHERE `ban_userid`=$user_id";



	if( !$result = mysql_query( $sql ) )



	   {



		die( '<font size="4"><b>Error deleting user from the banlist table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );



	   }





	// ***************************************************************************

	//

	// Twelfth sql query deletes the user from the sessions table

	//

	// ***************************************************************************



	// This delete section was added in .19, so a check is done before using it incase

	// the admin is running an older version of phpbb



	if( $phpbb_version >= 0.19 )



	   {



		$sql = "DELETE FROM `$phpbb_sessions` WHERE `session_user_id`=$user_id";

	

		if( !$result = mysql_query( $sql ) )

	

		   {

	

			die( '<font size="4"><b>Error deleting user from the sessions table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }



	   }





	// ***************************************************************************

	//

	// Twelfth sql query deletes the user from the sessions_keys table

	//

	// ***************************************************************************



	// This delete section was added in .19, so a check is done before using it incase

	// the admin is running an older version of phpbb



	if( $phpbb_version >= '.0.19' )



	   {



		// First check if the sesssions keys table exists

		// (Since alot of .19 boards dont have it due to incomplete updates



		$sql_key_check ="SHOW TABLES LIKE '$phpbb_sessions_keys'";



		if( !$result_key_check = mysql_query( $sql_key_check ) )

	

		   {

	

				die( '<font size="4"><b>Error selecting session keys table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }





		// This section actually checks if the table exists, if not it skips

		// deleting the user from this table



		if( mysql_fetch_array($result_key_check) )

		

		   {

		



			$sql = "DELETE FROM `$phpbb_sessions_keys` WHERE `user_id`=$user_id";

		

			if( !$result = mysql_query( $sql ) )

		

			   {

		

				die( '<font size="4"><b>Error deleting user from the sessions_keys table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

		

			   }



		   }



	   }





	// ***************************************************************************

	//

	// The final sql query collets the to/from PMs with the user's id & deletes them

	//

	// ***************************************************************************



	// If retain_pms is set to true, change PM author to anonymous instead of deleting them



	if( $retain_pms == true )



	   {



		// This query sets the from_user_id to the anonymous account so the PMs dont have to be deleted



		$sql = "UPDATE `$phpbb_privmsgs` SET `privmsgs_from_userid`=-1 WHERE `privmsgs_from_userid`=$user_id";



		if( !$result = mysql_query( $sql ) )

	

		   {

	

			die( '<font size="4"><b>Error setting from PM from_user_id to anonymous:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }





		// This query sets the to_user_id to the anonymous account so the PMs dont have to be deleted



		$sql = "UPDATE `$phpbb_privmsgs` SET `privmsgs_to_userid`=-1 WHERE `privmsgs_to_userid`=$user_id";



	

		if( !$result = mysql_query( $sql ) )

	

		   {

	

			die( '<font size="4"><b>Error setting from PM to_user_id to anonymous:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }



	   }



	else



	   {

	

		$sql = "SELECT `privmsgs_id` FROM `$phpbb_privmsgs` WHERE `privmsgs_from_userid`=$user_id OR `privmsgs_to_userid`=$user_id";

	

		if( !$result = mysql_query( $sql ) )

	

		   {

	

			die( '<font size="4"><b>Error selecting PMs for the user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );

	

		   }

	

	

			// Debugging info:

			// echo "<br />$sql<br />";

	

	

		// This section marks and assigns the resulting PMs into the $marked array

	

		while($myrow = mysql_fetch_array($result))

	

		   {

	

			$marked[] = $myrow['privmsgs_id'];

	

		   }

	

	

		// Makes mark an empty array if the user has no PMs

	

		if( !isset( $marked ) )

	

		   {

	

			$marked = array();

	

		   }

	

		// This section actually goes through the list and deletes the PMs

	

	

		// Debugging info:

		// echo '<pre>';

		// print_r( $marked );

	

		if( count( $marked ) )

	

		   {

	

			$delete_id = implode( ',', $marked );

	

			// Debugging info:

			// echo "<br />$delete_id";

	

			$sql = "DELETE FROM `$phpbb_privmsgs_text` WHERE `privmsgs_text_id` IN ( $delete_id )";

	

			// Debugging info:

			// echo "<br />$sql";

	

			if( !$result = mysql_query( $sql ) )

	

			   {

	

				die( 'Error deleting user PMs:<br />Line: '.__LINE__.'<br />File: '.$_SERVER['PHP_SELF']."<br />Query: $sql<br />MySQL Error: ".msql_error() );

	

			   }

	

	

			$sql = "DELETE FROM `$phpbb_privmsgs` WHERE `privmsgs_id` IN ( $delete_id )";

	

			// Debugging info:

			// echo "<br />$sql";

	

			if( !$result = mysql_query( $sql ) )

	

			   {

	

				die( 'Error deleting user Pms:<br />Line: '.__LINE__.'<br />File: '.$_SERVER['PHP_SELF']."<br />Query: $sql" );

	

			   }



		   }



	   }



	// And thats it! The user should now be fully and properly deleted!



   }





// Delete User function



function delete_user( $user_id, $clear_posts = false, $retain_pms = false, $from = 'index' )



   {



	// Debugging info:

	// var_dump( $user_id );

	// var_dump( $clear_posts );

	// var_dump( $retain_pms );

	// var_dump( $from );





	// Set global variables



	global $index;

	global $phpbb_version;



	global $phpbb_banlist;

	global $phpbb_user_group;

	global $phpbb_users;

	global $phpbb_groups;

	global $phpbb_posts;

	global $phpbb_posts_text;

	global $phpbb_topics;

	global $phpbb_vote_voters;

	global $phpbb_auth_access;

	global $phpbb_sessions;

	global $phpbb_sessions_keys;

	global $phpbb_privmsgs;

	global $phpbb_privmsgs_text;

	global $phpbb_topics_watch;





	// Set redirect URL



	if( $from == 'edit' )



	   {



		$from ="$index?user_id=$user_id";



	   }



	else



	   {



		$from = $index;



	   }





	// First, check if we are dealing with a single user, or an array of users



	if( is_array( $user_id ) )



	   {



		// Create user counter variable



		$user_counter = 0;





		// Loop through the array and perform security checks

		// on each element before actually deleting anything



		foreach( $user_id as $id )



		   { //user_id foreach 



			// First things first, sanitize the $user_id

		

			$user_id = safe_sql( $id );





			//		

			// Obtain username and level based on user_id

			//

		

			$sql = "SELECT * FROM $phpbb_users WHERE user_id=$id LIMIT 1";

		

			$result = mysql_query($sql);

			$myrow = mysql_fetch_array($result);

		

			$username = safe_sql( $myrow['username'] );

			$user_level = safe_sql( $myrow['user_level'] );

		

		

			// Obtain first admin account to set as group mod if deleted user is a group mod (step 5)

		

			$sql = "SELECT * FROM $phpbb_users WHERE user_level=1 ORDER BY user_id ASC LIMIT 1";

		

			$result = mysql_query($sql);

			$myrow = mysql_fetch_array($result);

		

			$admin_id= safe_sql( $myrow['user_id'] );

		

			// Debug info:

			// echo '<pre>';

			// echo gettype( $myrow );

			// die( $admin_id );

		

		

			// Check if admin account exists before deleting, if not return with error

		

			if( !is_array( $myrow ) )

		

			   {

		

				$_SESSION['errors']['edituser'][] = 'Due to the phpbb table requirements, at least one admin must exist in the database before a user can be deleted.<br />Either promote a current user to an admin, or register a new one give it admin status.';

				header( "Location: $from" );

				die();

		

			   }



	

			// Check if attempting to delete the anonymous account

		

			if( $id == -1 )

		

			   {



				$_SESSION['errors']['edituser'][] = 'The anonymous account is required for phpbb to function correctly and cannot be deleted.';

				continue;

		

			   }

		

		

			// Check if attempting to delete an admin account

		

			if( $user_level == 1 )

		

			   {



				// Check to see if delete admin error has occured to prevent duplicate additions of the admin notification

				// This way it will only list the delete error reason, then list only the admin account names on additional admin delete calls



				if( !isset( $admin_delete_error ) )



				   {



					$_SESSION['errors']['edituser'][] = "You cannot delete administrator accounts, they must first be demoted to a user.";

					$admin_delete_error = true;



				   }



				$_SESSION['errors']['edituser'][] = "<b>$username</b> is an administrator and therefore has been skipped.";

				continue;

		

			   }





			// This line calls the delete user core function which actually deletes the user



			delete_user_core( $id, $clear_posts, $retain_pms );



			$user_counter++;





		   } //user_id foreach 





		$_SESSION['errors']['edituser'][] = "$user_counter user(s) deleted successfully.";



	   }



	else



	   {



		// First things first, sanitize the $user_id

	

		$user_id = safe_sql( $user_id );





		//		

		// Obtain username and level based on user_id

		//

	

		$sql = "SELECT * FROM $phpbb_users WHERE user_id=$user_id LIMIT 1";

	

		$result = mysql_query($sql);

		$myrow = mysql_fetch_array($result);

	

		$username = safe_sql( $myrow['username'] );

		$user_level = safe_sql( $myrow['user_level'] );

	

	

		// Obtain first admin account to set as group mod if deleted user is a group mod (step 5)

	

		$sql = "SELECT * FROM $phpbb_users WHERE user_level=1 ORDER BY user_id ASC LIMIT 1";

	

		$result = mysql_query($sql);

		$myrow = mysql_fetch_array($result);

	

		$admin_id= safe_sql( $myrow['user_id'] );

	

		// Debug info:

		// echo '<pre>';

		// echo gettype( $myrow );

		// die( $admin_id );

	

	

		// Check if admin account exists before deleting, if not return with error

	

		if( !is_array( $myrow ) )

	

		   {

	

			$_SESSION['errors']['edituser'][] = 'Due to the phpbb table requirements, at least one admin must exist in the databas…