/forum/toolkit.php
PHP | 9557 lines | 4487 code | 4340 blank | 730 comment | 973 complexity | b98b336b5cbd297f796aac673ee913d7 MD5 | raw file
Possible License(s): AGPL-1.0, BSD-3-Clause
Large files files are truncated, but you can click here to view the full file
- <?php
-
- // PHPBB Admin ToolKit, v2.1b - Starfoxtj (starfoxtj@yahoo.com)
- // Copyright 2007 - Starfoxtj
- // This script is NOT released under the GPL:
-
-
-
- /*****************************************************************************************************
-
-
- By using this script you agree to the following:
-
-
- 1. You may modify any portion of this script for personal/business use. This includes changing the
- look, style, messages, functions, behavior etc. Note that any modifications outside of the standard
- configuration options may negatively affect the security of this script if the modification is not
- written properly and securely.
- Note: If the script has been modified, I ask that you at least retain the toolkit name, and
- my name (Starfoxtj), as a link to: http://starfoxtj.no-ip.com/phpbb/uploadtoolkit on the header
- or footer of every page. You are not required to list this information, but by removing it you may
- be forfeiting your support for this product. (Similar to the phpbb copyright agreement)
- 2. Ownership of this script remains with Starfoxtj regardless of how this script was acquired.
- 3. You may NOT sell any portion of this script, even if it is contained within another package
- without prior consent from Starfoxtj.
- 4. You may NOT hold Starfoxtj liable for any direct or indirect consequences of using this script.
- Many hours have been spent ensuring that this script is as secure as possible. However nothing
- can be 100% guaranteed.
- If a security hole has been found, please contact me immediately at: starfoxtj@yahoo.com
-
-
- 5. You MAY distribute this script stand alone, or with another package without any prior permission
- at no charge. You may NOT however, distribute this script if any modifications have been made
- without the consent of Starfoxtj. Meaning, only the unmodified original may be freely distributed
- (at no charge).
-
- I personally recommended you only download this script from:
- http://starfoxtj.no-ip.com/phpbb/toolkit
-
- If the script was downloaded form another location, it IS possible that it may have been altered.
-
-
- ******************************************************************************************************/
-
-
- // You may set a password here if you would rather not use the toolkit_config.php
-
- $use_toolkit_config_file = 'yes'; // Change this to 'No' to set the password in the toolkit.php itself like in previous releases
- $use_hashed_in_file_passwords = 'no'; // Change this if you want to use hashed admin/mod passwords specified in the toolkit (the toolkit_config.php file will use hashed passwords regardless)
- $adminpassword = 'ENTER_ADMIN_PASSWORD_HERE'; // Note: I HIGHLY recommend using a password at least 16 characters long!
- $modpassword = 'ENTER_MOD_PASSWORD_HERE'; // Leave blank to disable mod login
-
-
- // Option 1: Allow Mods to Ban/UnBan Users?
- $modban = 'yes'; // 'yes' : 'no'
-
-
- // Option 2: Allow Mods to Change User Post Count?
- $modpost = 'no'; // 'yes' : 'no'
-
-
- // Option 3: Allow Mods to Change User Ranks?
- $modrank = 'yes'; // 'yes' : 'no'
-
-
- // Option 4: Allow Mods to Delete Users?
- $moddelete = 'no'; // 'yes' : 'no'
-
-
- // Option 5: Update check URLs
- // Note: To disable checking for updates for phpbb, set the phpbb URL to 'none'
- // Note: To disable checking for updates for this toolkit, set the toolkit URL to 'none'
- // The default phpbb url is: http://www.phpbb.com/updatecheck/20x.txt
- // The default toolkit url is: http://starfoxtj.no-ip.com/phpBB/toolkit/updatecheck/2.x.txt
- $update_url['phpbb'] = 'http://www.phpbb.com/updatecheck/20x.txt';
- $update_url['toolkit'] = 'http://starfoxtj.no-ip.com/phpBB/toolkit/updatecheck/2.x.txt';
-
-
-
-
-
- // Lets begin the coding!
- //
- // (CHANGE INFORMATION AFTER THIS LINE WITH CAUTION!)
- //
- //
- //
-
-
-
-
- session_start();
-
- $_SESSION['toolkitversion'] = '2.1b';
- $_SESSION['toolkit_title'] = '<b><a href="index.php"><font size="5" color="#000000">PHPBB Admin ToolKit '.$_SESSION['toolkitversion'].'</b></font></a><font size="5"> - <a href="http://starfoxtj.no-ip.com/phpbb/toolkit" target="_blank">Starfoxtj</a></font>';
- $_SESSION['toolkit_title_nversion'] = '<b><a href="index.php"><font size="5" color="#000000">PHPBB Admin ToolKit</b></font></a><font size="5"> - <a href="http://starfoxtj.no-ip.com/phpbb/toolkit" target="_blank">Starfoxtj</a></font>';
- $_SESSION['copyrightfooter'] = '<br /><center><hr width="90%"><font size="2">PHPBB Admin ToolKit '.$_SESSION['toolkitversion'].' Š 2007 - <a href="mailto:starfoxtj@yahoo.com">Starfoxtj</a></font></center>';
-
- $phpbb_root_path = './';
-
- // Set global information and start db access
-
- if( file_exists( 'config.php' ) )
-
- {
-
- include( 'config.php' );
-
- if( $dbms == 'mysql' || $dbms == 'mysql4' )
-
- {
-
- $db = @mysql_connect("$dbhost", "$dbuser", "$dbpasswd")
- or die( 'Could not connect to database: '.mysql_error() );
-
- @mysql_select_db($dbname)
- or die( 'Could not select database: '.mysql_error() );
-
- }
-
- else
-
- {
-
- die( 'This toolkit is only compatible with MySQL databases.' );
-
- }
- }
-
-
- // Define Some Variables
-
- $index = $_SERVER['PHP_SELF'];
- $domain = $_SERVER['SERVER_NAME'];
- $full_domain = 'http://'.$domain;
-
- if( file_exists( 'config.php' ) )
-
- {
-
- $phpbb_auth_access = $table_prefix."auth_access";
- $phpbb_config = $table_prefix."config";
- $phpbb_banlist = $table_prefix."banlist";
- $phpbb_users = $table_prefix."users";
- $phpbb_ranks = $table_prefix."ranks";
- $phpbb_vote_voters = $table_prefix."vote_voters";
- $phpbb_user_group = $table_prefix."user_group";
- $phpbb_groups = $table_prefix."groups";
- $phpbb_posts = $table_prefix."posts";
- $phpbb_posts_text = $table_prefix."posts_text";
- $phpbb_topics = $table_prefix."topics";
- $phpbb_forums = $table_prefix."forums";
- $phpbb_themes = $table_prefix."themes";
- $phpbb_themes_name = $table_prefix."themes_name";
- $phpbb_sessions = $table_prefix."sessions";
- $phpbb_sessions_keys = $table_prefix."sessions_keys";
- $phpbb_topics_watch = $table_prefix."topics_watch";
- $phpbb_privmsgs = $table_prefix."privmsgs";
- $phpbb_privmsgs_text = $table_prefix."privmsgs_text";
-
- $phpbb_version_result = mysql_query("SELECT * FROM $phpbb_config WHERE config_name='version'")
- or die( 'MySQL Error: '.mysql_error() );
- $myrow_phpbb_version = mysql_fetch_array($phpbb_version_result);
- $phpbb_version = $myrow_phpbb_version['config_value'];
-
- }
-
- $script_folder = substr( $index, 1, -(strlen( end( explode( '/', $index ) ) ) + 1 ) );
-
-
- // Set the errors to only display one of each error
-
- if( isset( $_SESSION['errors']['index'] ) )
-
- {
-
- $_SESSION['errors']['index'] = array_unique( $_SESSION['errors']['index'] );
-
- }
-
- if( isset( $_SESSION['errors']['edituser'] ) )
-
- {
-
- $_SESSION['errors']['edituser'] = array_unique( $_SESSION['errors']['edituser'] );
-
- }
-
- if( isset( $_SESSION['errors']['config'] ) )
-
- {
-
- $_SESSION['errors']['config'] = array_unique( $_SESSION['errors']['config'] );
-
- }
-
-
-
- /////////////////////////////////////////
- //
- // Check and Create config.php
- //
-
- if( !file_exists( 'config.php' ) )
-
- { //-.2-a
-
-
- if( isset( $_POST['configphp_setup'] ) )
-
- { //-.1-a.1
-
-
- if( $_POST['dbhost'] == '' ||
- $_POST['dbuser'] == '' ||
- $_POST['dbpasswd'] == '' ||
- $_POST['dbname'] == '' )
-
- {
-
- $_SESSION['configphp_error'] = '<b>Error:</b> All fields must be filled in.';
- header( "Location: $index" );
- die();
-
- }
-
- @chmod( "../$script_folder", 0777 )
- or die( "Could not CHMOD $script_folder folder to create config.php!<br />
- You can either change the CHMOD settings manually to 777, or create the config.php file by copying the following information
- into notepad and specifying the database settings. Then save it as \"config.php\" and upload it to your $script_folder folder.<br /><br />
- Note: This assumes you are using MySQL4, if you are using MySQL3, replace \"mysql4\" with \"mysql\".<br /><br />
-
- <table border=\"0\" width=\"400\" cellpadding=\"5\"; style=\"border-top: black 1px solid; border-right: black 1px solid; border-left: black 1px solid; border-bottom: black 1px solid\" bgcolor=\"#f5f5f5\">
- <tr>
-
- <td>
- <b><?php<br /><br />
-
- // phpBB 2.x auto-generated config file<br />
- // Do not change anything in this file!<br /><br />
-
- \$dbms = 'mysql4';<br /><br />
-
- \$dbhost = '<font color=\"#ff0000\">Your Host</font>';<br />
- \$dbname = '<font color=\"#ff0000\">Your Database Name</font>';<br />
- \$dbuser = '<font color=\"#ff0000\">Your Username</font>';<br />
- \$dbpasswd = '<font color=\"#ff0000\">Your Password</font>';<br /><br />
-
- \$table_prefix = 'phpbb_';<br /><br />
-
- define('PHPBB_INSTALLED', true);<br /><br />
-
- ?></b>
-
- </td>
-
- </tr>
- </table>" );
-
-
- @touch( 'config.php' )
- or die( "Could not create config.php!<br />
- You can either change the CHMOD settings manually to 777, or create the config.php file by copying the following information
- into notepad and specifying the database settings. Then save it as \"config.php\" and upload it to your $script_folder folder.<br /><br />
- Note: This assumes you are using MySQL4, if you are using MySQL3, replace \"mysql4\" with \"mysql\".<br /><br />
-
- <table border=\"0\" width=\"400\" cellpadding=\"5\"; style=\"border-top: black 1px solid; border-right: black 1px solid; border-left: black 1px solid; border-bottom: black 1px solid\" bgcolor=\"#f5f5f5\">
- <tr>
-
- <td>
- <b><?php<br /><br />
-
- // phpBB 2.x auto-generated config file<br />
- // Do not change anything in this file!<br /><br />
-
- \$dbms = 'mysql4';<br /><br />
-
- \$dbhost = '<font color=\"#ff0000\">Your Host</font>';<br />
- \$dbname = '<font color=\"#ff0000\">Your Database Name</font>';<br />
- \$dbuser = '<font color=\"#ff0000\">Your Username</font>';<br />
- \$dbpasswd = '<font color=\"#ff0000\">Your Password</font>';<br /><br />
-
- \$table_prefix = 'phpbb_';<br /><br />
-
- define('PHPBB_INSTALLED', true);<br /><br />
-
- ?></b>
-
- </td>
-
- </tr>
- </table>" );
-
-
-
-
-
- $fp = fopen( 'config.php', "w" )
- or die ("The file config.php exists but could not be opened. Check the file permissions." );
-
- $dbms = $_POST['dbms'];
- $dbhost = $_POST['dbhost'];
- $dbuser = $_POST['dbuser'];
- $dbpasswd = $_POST['dbpasswd'];
- $dbname = $_POST['dbname'];
- $table_prefix = $_POST['table_prefix'];
-
- fwrite( $fp, "<?php
-
-
- // phpBB 2.x auto-generated config file
- // Do not change anything in this file!
-
- \$dbms = '$dbms';
-
- \$dbhost = '$dbhost';
- \$dbname = '$dbname';
- \$dbuser = '$dbuser';
- \$dbpasswd = '$dbpasswd';
-
- \$table_prefix = '$table_prefix';
-
- define('PHPBB_INSTALLED', true);
-
- ?>" );
-
- fclose( $fp );
-
- chmod( "../$script_folder", 0755 );
-
- header( "Location: $index" );
- die();
-
-
-
- } //-.1-a.1
-
- else
-
- { //-.1-a.2
-
-
- session_destroy();
-
- ?>
-
- <html>
- <head>
- <title>PHPBB Admin ToolKit v<?php echo $_SESSION['toolkitversion']; ?></title>
-
- <SCRIPT LANGUAGE="JavaScript">
- function placeFocus() {
- if (document.forms.length > 0) {
- var field = document.forms[0];
- for (i = 1; i < field.length; i++) {
- if ((field.elements[i].name == "dbhost") || (field.elements[i].type == "textarea") || (field.elements[i].type.toString().charAt(0) == "s")) {
- document.forms[0].elements[i].focus();
- break;
- }
- }
- }
- }
- </script>
-
- </head>
-
- <body link="#0000ff" vlink="#0000ff" alink="#0000ff" OnLoad="placeFocus()">
-
- <center>
- <table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">
- <tr><td><div align="center"><?php echo $_SESSION['toolkit_title']; ?></div></td></tr>
- </table><br />
- </center>
-
- <center>
-
- <font size="4">PHPBB Admin ToolKit: Create Config.php file</font>
- <br /><br />
-
- Config.php file not found! You may create a new one by entering in the information below:<br /><br />
-
- <table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">
- <tr>
-
- <td>
-
- <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
-
- <table border="0" cellpadding="5" cellspacing="0">
-
- <tr>
-
- <td>
-
- Database Type:
-
- </td>
-
- <td>
-
- <select name="dbms">
- <option value="mysql">MySQL 3.x</option>
- <option value="mysql4" selected>MySQL 4.x</option>
- <option value="postgres">PostgreSQL 7.x</option>
- <option value="mssql">MS SQL Server 7/2000</option>
- <option value="msaccess">MS Access [ ODBC ]</option>
- <option value="mssql-odbc">MS SQL Server [ ODBC ]</option></select>
- </td>
-
- </tr>
-
- <tr>
-
- <td>
-
- Host:
-
- </td>
-
- <td>
-
- <input type="text" name="dbhost" lengh="20" size="20" maxlengh="255">
-
- </td>
-
- </tr>
-
- <tr>
-
- <td>
-
- Username:
-
- </td>
-
- <td>
-
- <input type="text" name="dbuser" lengh="20" size="20" maxlengh="255">
-
- </td>
-
- </tr>
-
- <tr>
-
- <td>
-
- Password:
-
- </td>
-
- <td>
-
- <input type="password" name="dbpasswd" lengh="20" size="20" maxlengh="255">
-
- </td>
-
- </tr>
-
- <tr>
-
- <td>
-
- Database:
-
- </td>
-
- <td>
-
- <input type="text" name="dbname" lengh="20" size="20" maxlengh="255">
-
- </td>
-
- </tr>
-
- <tr>
-
- <td>
-
- Table Prefix:
-
- </td>
-
- <td>
-
- <input type="text" name="table_prefix" value="phpbb_" lengh="20" size="20" maxlengh="255">
-
- </td>
-
- </tr>
-
- <tr>
-
- <td colspan="2" align="center">
-
- <input type="hidden" name="configphp_setup" value="1" />
-
- <br /><input TYPE="submit" VALUE="Create Config.php">
-
- </td>
-
- </tr>
-
- </table>
-
- </form>
-
- </td>
-
- </tr>
- </table>
- </center>
-
-
- <?php
-
- if( isset( $_SESSION['configphp_error'] ) )
-
- {
-
- ?>
-
- <center>
- <table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">
- <tr>
-
- <td>
-
- <br /><br /><?php echo $_SESSION['configphp_error']; ?>
-
- </td>
-
- </tr>
-
- </table>
-
-
- <?php
-
- }
-
- ?>
-
- </body>
- </html>
-
-
-
- <?php
-
-
- } //-.1-a.2
-
- die();
-
-
- } //-.2-a
-
-
-
- /////////////////////////////////////////
- //
- // Check and set fist time password
- //
-
- if( !file_exists( 'toolkit_config.php' ) && $use_toolkit_config_file == 'yes' )
-
- { //-.1-a
-
-
- if( isset( $_POST['toolkitconfig_setup'] ) )
-
- { //-.1-a.1
-
-
- if( !isset( $_POST['admin_password'] ) || !isset( $_POST['admin_password_confirm'] ) )
-
- {
-
- $_SESSION['toolkitconfig_error'] = '<b>Error:</b> Either the admin password was not specified, or the passwords did not match.';
- header( "Location: $index" );
- die();
-
- }
-
- elseif( $_POST['admin_password'] == '' || $_POST['admin_password_confirm'] == '' )
-
- {
-
- $_SESSION['toolkitconfig_error'] = '<b>Error:</b> Either the admin password was not specified, or the passwords did not match.';
- header( "Location: $index" );
- die();
-
- }
-
- elseif( $_POST['admin_password'] != $_POST['admin_password_confirm'] )
-
- {
-
- $_SESSION['toolkitconfig_error'] = '<b>Error:</b> The admin passwords do not match.';
- header( "Location: $index" );
- die();
-
- }
-
-
- if( $_POST['mod_password'] != $_POST['mod_password_confirm'] )
-
- {
-
- $_SESSION['toolkitconfig_error'] = '<b>Error:</b> The mod passwords do not match.';
- header( "Location: $index" );
- die();
-
- }
-
- @chmod( "../$script_folder", 0777 )
- or die( "Could not CHMOD $script_folder to 777 to create toolkit_config.php!<br />
- 1: Extract the toolkit.php file and open it with notepad.<br />
- 2: Find \"\$use_toolkit_config_file\" on line 40.<br />
- 3: Change the 'yes' to 'no'.<br />
- 4: Replace both the admin and mod passwords on lines 41 and 42<br />
- 5: Upload toolkit.php to your $script_folder folder." );
-
-
- @touch( 'toolkit_config.php' )
- or die( "Could not create toolkit_config.php, access denied!<br />
- Please install this script using method 2:<br /><br />
- 1: Extract the toolkit.php file and open it with notepad.<br />
- 2: Find \"\$use_toolkit_config_file\" on line 40.<br />
- 3: Change the 'yes' to 'no'.<br />
- 4: Replace both the admin and mod passwords on lines 41 and 42<br />
- 5: Upload toolkit.php to your $script_folder folder." );
-
-
-
-
- $fp = fopen( 'toolkit_config.php', "w" )
- or die ("The file toolkit_config.php exists but could not be opened. Check the file permissions." );
-
- $version = $_SESSION['toolkitversion'];
- $adminpassword = md5( md5( $_POST['admin_password'] ) );
- $modpassword = md5( md5( $_POST['mod_password'] ) );
-
- fwrite( $fp, "<?php
-
- ////////////////////////////////////////////////////////////
- //
- // PHPBB Admin ToolKit v$version auto-generated config file.
- //
- // You may change the passwords in this file.
-
- // Note: The passwords in this file are hashed for security.
- // If you need to change your passwords, you can either use the MD5 Generator included
- // near the bottom of the toolkit index.
- // Or you can simply delete this toolkit_config.php file and run toolkit.php
- // to recreate this file with the new passwords.
- //
- // NOTE: For security, the passwords for this toolkit have been DOUBLE hashed!
- // Meaning, the password was hashed once using the md5() function, then the hash
- // was hashed again using the md5() function. The code equivalent is: \$pass = md5( md5( 'password' ) );
- // Because the password is double hashed, it should be almost completely uncrackable as
- // a brute force/dictionary attack would have to first crack a 32 character password, THEN
- // crack the result yielding the original password.
- // This way, even if someone got your toolkit.config.php file it would in theory
- // take the most powerful home computer over 10 years to break.
- //
-
-
-
- \$adminpassword = '$adminpassword';
- \$modpassword = '$modpassword';
-
- ?>" );
-
- fclose( $fp );
-
- chmod( "../$script_folder", 0755 );
-
- header( "Location: $index" );
- die();
-
-
-
- } //-.1-a.1
-
- else
-
- { //-.1-a.2
-
-
- session_destroy();
-
- ?>
-
- <html>
- <head>
- <title>PHPBB Admin ToolKit v<?php echo $_SESSION['toolkitversion']; ?></title>
-
- <SCRIPT LANGUAGE="JavaScript">
- function placeFocus() {
- if (document.forms.length > 0) {
- var field = document.forms[0];
- for (i = 0; i < field.length; i++) {
- if ((field.elements[i].name == "admin_password") || (field.elements[i].type == "textarea") || (field.elements[i].type.toString().charAt(0) == "s")) {
- document.forms[0].elements[i].focus();
- break;
- }
- }
- }
- }
- </script>
-
- </head>
-
- <body link="#0000ff" vlink="#0000ff" alink="#0000ff" OnLoad="placeFocus()">
-
- <center>
- <table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">
- <tr><td><div align="center"><?php echo $_SESSION['toolkit_title']; ?></div></td></tr>
- </table><br />
- </center>
-
- <center>
-
- <font size="4">PHPBB Admin ToolKit: First Time Setup</font><br />
-
- <table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">
- <tr>
-
- <td>
-
- <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
-
- <table border="0" cellpadding="5" cellspacing="0">
-
- <tr>
-
- <td>
-
- Specify Admin Password:
-
- </td>
-
- <td>
-
- <input type="password" name="admin_password" lengh="20" size="20" maxlengh="255">
-
- </td>
-
- </tr>
-
- <tr>
-
- <td>
-
- Confirm Admin Password:
-
- </td>
-
- <td>
-
- <input type="password" name="admin_password_confirm" lengh="20" size="20" maxlengh="255">
-
- </td>
-
- </tr>
-
- <tr>
-
- <td>
-
- <br />Specify ModPassword:
-
- </td>
-
- <td>
-
- <br /><input type="password" name="mod_password" lengh="20" size="20" maxlengh="255"> (Optional)
-
- </td>
-
- </tr>
-
- <tr>
-
- <td>
-
- Confirm Mod Password:
-
- </td>
-
- <td>
-
- <input type="password" name="mod_password_confirm" lengh="20" size="20" maxlengh="255"> (Optional)
-
- </td>
-
- </tr>
-
- <tr>
-
- <td colspan="2" align="center">
-
- <input type="hidden" name="toolkitconfig_setup" value=1 />
-
- <br /><input TYPE="submit" VALUE=" Enter ">
-
- </td>
-
- </tr>
-
- </table>
-
- </form>
-
- </td>
-
- </tr>
- </table>
- </center>
-
-
- <?php
-
- if( isset( $_SESSION['toolkitconfig_error'] ) )
-
- {
-
- ?>
-
- <center>
- <table border="0" bgcolor="#ffffff" cellspacing="1" cellpadding="3">
- <tr>
-
- <td>
-
- <br /><br /><?php echo $_SESSION['toolkitconfig_error']; ?>
-
- </td>
-
- </tr>
-
- </table>
-
-
- <?php
-
- }
-
- ?>
-
- </body>
- </html>
-
-
-
- <?php
-
-
- } //-.1-a.2
-
- die();
-
-
- } //-.1-a
-
- elseif( file_exists( 'toolkit_config.php' ) && $use_toolkit_config_file == 'yes' )
-
- {
-
- include( 'toolkit_config.php' );
-
-
- }
-
-
-
- if( !isset( $_SESSION['user_level'] ) )
-
- { //-.1
-
- $_SESSION['user_level'] = "null";
-
- } //-.1
-
-
- if( !isset( $_SESSION['AUTH'] ) )
-
- {
-
- $_SESSION['AUTH'] = array();
-
- }
-
-
- // Safe SQL data function
-
- function safe_sql( $data )
-
- {
-
- if ( get_magic_quotes_gpc() )
-
- {
-
- $data = stripslashes( $data );
-
- }
-
-
- if( phpversion() >= 4.3 )
-
- {
-
- $data = mysql_real_escape_string( $data );
-
- }
-
- else
-
- {
-
- $data = mysql_escape_string( $data );
-
- }
-
-
- $data = str_replace( '&', '&', $data );
- $data = str_replace( '<', '<', $data );
- $data = str_replace( '>', '>', $data );
-
- return $data;
-
- }
-
- function safe_html( $data )
-
- {
-
- $data = trim( $data );
-
- $data = str_replace( '&', '&', $data );
- $data = str_replace( '<', '<', $data );
- $data = str_replace( '>', '>', $data );
-
- return $data;
-
- }
-
- // Safe descriptions data function
-
- function safe_desc( $data )
-
- {
-
- $data = str_replace( '&', '&', $data );
- $data = str_replace( '<', '<', $data );
- $data = str_replace( '>', '>', $data );
-
- return $data;
-
- }
-
- // make_time function
-
- function make_time( $time )
-
- {
-
- // Set error value to false as no errors are generated yet
-
- $error = false;
-
- // Set vals to proper "type" (int)
-
- $mm = intval( $time['mm'] );
- $dd = intval( $time['dd'] );
- $yy = intval( $time['yy'] );
-
- $time_hh = intval( $time['time_hh'] );
- $time_mm = intval( $time['time_mm'] );
- $time_ss = intval( $time['time_ss'] );
-
-
- // Pad vals with leading zeros if single digets
-
- $mm = sprintf( "%02d", $mm );
- $dd = sprintf( "%02d", $dd );
- $yy = sprintf( "%02d", $yy );
-
- $time_hh = sprintf( "%02d", $time_hh );
- $time_mm = sprintf( "%02d", $time_mm );
- $time_ss = sprintf( "%02d", $time_ss );
-
- $time_ap = $time['time_ap'];
-
-
-
- // First check if specified date is a correct one
-
- if( !checkdate( $mm, $dd, $yy ) )
-
- {
-
- $_SESSION['errors']['make_time'][] = 'You have entered an invalid date combination.';
- $error = true;
- return false;
-
- }
-
-
-
- // Check if year is after 1970 (because thats when the timestamp starts)
-
- if( $yy < 1970 )
-
- {
-
- $_SESSION['errors']['make_time'][] = 'Due to the Unix timestamp restriction, the year must not be before 1970.';
- $error = true;
- return false;
-
- }
-
-
-
- // Now perform various checks on the time info
-
- if(
-
- (
- $time_hh > 12 ||
- $time_hh < 1 ||
- $time_mm > 60 ||
- $time_ss < 0 ||
- $time_ss > 60 ||
- $time_mm < 0
- )
-
- ||
-
- (
-
- $time_ap != 'pm' &&
- $time_ap != 'am'
-
- ) )
-
- {
-
- $_SESSION['errors']['make_time'][] = 'You have entered an invalid time.';
- $error = true;
- return false;
-
- }
-
-
- // Generate timestamp
-
- if( $time_ap == 'pm' )
-
- {
-
- $time_hh += 12;
-
- }
-
- if( $error == false )
-
- {
- $time = mktime( $time_hh, $time_mm, $time_ss, $mm, $dd, $yy );
- return $time;
-
- }
-
- }
-
-
- // Delete user core function
- // Only the actual sql queries are here, the checks and options are in the delete_user() function
-
- function delete_user_core( $user_id, $clear_posts = false, $retain_pms = false )
-
- {
-
- // Set global variables
-
- global $index;
- global $phpbb_version;
-
- global $phpbb_banlist;
- global $phpbb_user_group;
- global $phpbb_users;
- global $phpbb_groups;
- global $phpbb_posts;
- global $phpbb_posts_text;
- global $phpbb_topics;
- global $phpbb_vote_voters;
- global $phpbb_auth_access;
- global $phpbb_sessions;
- global $phpbb_sessions_keys;
- global $phpbb_privmsgs;
- global $phpbb_privmsgs_text;
- global $phpbb_topics_watch;
-
-
-
- // First things first, sanitize the $user_id
-
- $user_id = safe_sql( $user_id);
-
-
- //
- // Obtain username and level based on user_id
- //
-
- $sql = "SELECT * FROM $phpbb_users WHERE user_id=$user_id LIMIT 1";
-
- $result = mysql_query($sql);
- $myrow = mysql_fetch_array($result);
-
- $username = safe_sql( $myrow['username'] );
- $user_level = safe_sql( $myrow['user_level'] );
-
-
- // Obtain first admin account to set as group mod if deleted user is a group mod (step 5)
-
- $sql = "SELECT * FROM $phpbb_users WHERE user_level=1 ORDER BY user_id ASC LIMIT 1";
-
- $result = mysql_query($sql);
- $myrow = mysql_fetch_array($result);
-
- $admin_id= safe_sql( $myrow['user_id'] );
-
- // Debug info:
- // echo '<pre>';
- // echo gettype( $myrow );
- // die( $admin_id );
-
-
-
- // This actually starts the delete process
-
- // **************************************************************
- //
- // First sql query is to collect group information about the user
- //
- // **************************************************************
-
- $sql = "SELECT g.group_id FROM $phpbb_user_group ug, $phpbb_groups g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND g.group_single_user = 1";
-
- $result = mysql_query($sql);
- $row = mysql_fetch_array($result);
- unset( $row[0] ); // Read note directly below about this line:
-
-
- // PHPBB's $row = $db->sql_fetchrow($result); line returns an array containg the user id:
- // Array
- // (
- // [group_id] => 123
- // )
-
- // The mqsql fetch array used in this scrip: $myrow = mysql_fetch_array($result);
- // Returns the following:
- // Array
- // (
- // [0] => 123
- // [group_id] => 123
- // )
-
- // Therefore I unset the $row[0] element
-
-
- // Debugging info:
- // echo '<pre>';
- // print_r( $row );
- // echo"\n\n$username";
- // die();
-
-
- // ***************************************************************************
- //
- // Second sql query sets the poster id to the anonymous account for all posts
- // First query in this section is for the $clear_posts variable
- //
- // ***************************************************************************
-
-
- //
- // This check fixes the:
- // Error deleting user's group from groups table:
- // Line: 1477
- // File: /toolkit.php
- // Query: DELETE FROM `phpbb_groups` WHERE `group_id`=
- // MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
- //
- // Error message that was appearing in v2.1a because the returned value of $row was not correct
-
-
- // Debug for numeric check
- /* echo '<pre>';
- var_dump( $row );
-
- $i = is_numeric( '2 3' );
- var_dump( $i );
- die(); */
-
- if( !is_numeric( $row['group_id'] ) )
-
- {
-
- echo '<font size="4"><b>An incorrect value has been returned for group_id in the \'phpbb_groups\' table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF'].'<br /><b>User ID: </b>'.$user_id.'<br /><b>Username: </b>'.$username.'<br /><b>Details:</b> This value should be a purely numeric integer. The value returned by the database is:<br /><pre>';
- var_dump( $row );
- echo '</pre><br />Please contact Starfoxtj at <a href="http://starfoxtj.no-ip.com">http://starfoxtj.no-ip.com</a> and report this error.';
- echo '<br /><br /><b>Note: </b> The script has halted before any changes to the database were made for this specific user.<br />All other users that were deleted before <b>'.$username.'</b> were properly removed.';
- echo '<br /><br /><b>Full envoirment details:</b><br /><pre>';
- var_dump( get_defined_vars() );
- die();
-
- }
-
-
- // If clear posts is set to true, replace all posts made by user to "DELETED"
-
- if( $clear_posts == true )
-
- {
-
- $sql = "SELECT `post_id` FROM `$phpbb_posts` WHERE `poster_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error selecting selecting posts to clear:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // Assings the results of the above query into an array
-
- while($myrow = mysql_fetch_array($result))
-
- {
-
- $marked_posts[] = $myrow['post_id'];
-
- }
-
-
- // Makes mark an empty array if the user has no PMs
-
- if( !isset( $marked_posts ) )
-
- {
-
- $marked_posts = array();
-
- }
-
-
- // First check to see if user has any posts, if not skip replacing the posts
-
- if( isset( $marked_posts ) && count( $marked_posts ) )
-
- {
-
- $marked_posts = implode( ',', $marked_posts );
-
- $sql = "UPDATE `$phpbb_posts_text` SET `post_text`='DELETED' WHERE `post_id` IN ( $marked_posts )";
-
- // echo '<pre>';
- // echo $sql;
- // echo '<br />';
- // print_r( $marked_posts );
- // die();
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting posts to DELETED:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
- }
-
-
-
- // Sets the poster id to the anonymous account for all posts and replaces the username with DELETED
-
- $sql = "UPDATE `$phpbb_posts` SET `poster_id`=-1, `post_username`='DELETED' WHERE `poster_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting poster id to anonymous for deleted user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
- }
-
- else
-
- {
-
-
- // Sets the poster id to the anonymous account for all posts, but retains the original username
-
- $sql = "UPDATE `$phpbb_posts` SET `poster_id`=-1, `post_username`='".str_replace( "\\'", "''", addslashes( $username ) )."' WHERE `poster_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting poster id to anonymous for deleted user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
- }
-
-
- // ***************************************************************************
- //
- // Third sql query sets the topic id to the anonymous account for all topics
- //
- // ***************************************************************************
-
- // If clear posts is set to true, replace all topics made by user to "DELETED"
-
- if( $clear_posts == true )
-
- {
-
- $sql = "UPDATE `$phpbb_topics` SET `topic_title`='DELETED' WHERE `topic_poster`=$user_id";
-
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting topics to DELETED:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // Sets the topic id to the anonymous account for all topics and replaces the username with DELETED
-
- $sql = "UPDATE `$phpbb_topics` SET `topic_poster`=-1 WHERE `topic_poster`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting topic id poster to anonymous for deleted user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
- }
-
- else
-
- {
-
-
- // Sets the poster id to the anonymous account for all posts, but retains the original username
-
- $sql = "UPDATE `$phpbb_topics` SET `topic_poster`=-1 WHERE `topic_poster`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting topic id poster to anonymous for deleted user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
- }
-
-
- // ***************************************************************************
- //
- // Fourth sql query sets the voter id to anonymous
- //
- // ***************************************************************************
-
- $sql = "UPDATE `$phpbb_vote_voters` SET `vote_user_id`=-1 WHERE `vote_user_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting voter ID to anonymous:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // ***************************************************************************
- //
- // Fifth sql query collects the phpbb_groups info and assigns it to the
- // $group_mods array where the user is a moderator
- //
- // ***************************************************************************
-
- $sql = "SELECT `group_id` FROM `$phpbb_groups` WHERE `group_moderator`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error selecting groups where user is a moderator:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // Assings the results of the above query into an array
-
- while($myrow = mysql_fetch_array($result))
-
- {
-
- $group_mod[] = $myrow['group_id'];
-
- }
-
- // Debugging info:
- // echo '<pre>';
- // print_r( $group_mod );
- // die();
-
-
- // If the user is a moderator for any groups, this query assigns the
- // new mod status to the oldest admin account
-
- if( isset( $group_mod ) && count( $group_mod ) )
-
- {
-
- //
- // Make SURE to insert a query here to check for the first admin account to associate as the new group moderator
- // after the deleted user is deleted!
- // Done
-
- // $admin_id = 3; //This is a temp static admin id that will be dymamic in the final release
-
- $update_mod_id = implode( ',', $group_mod );
- $sql = "UPDATE `$phpbb_groups` SET `group_moderator`=$admin_id WHERE `group_moderator` IN ( $update_mod_id )";
-
- // Debugging info:
- // echo '<pre>';
- // echo $sql;
- // die();
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting new group moderator to oldest admin:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
- }
-
-
- // ***************************************************************************
- //
- // Sixth sql query deletes the user from the phpbb_users table
- //
- // ***************************************************************************
-
- $sql = "DELETE FROM `$phpbb_users` WHERE `user_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error deleting user from users table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // ***************************************************************************
- //
- // Seventh sql query deletes the user from the phpbb_user_group table
- //
- // ***************************************************************************
-
- $sql = "DELETE FROM `$phpbb_user_group` WHERE `user_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error deleting user from user_group table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // ***************************************************************************
- //
- // Eighth sql query moved to the top to check and exit if error
- //
- // ***************************************************************************
-
- $sql = "DELETE FROM `$phpbb_groups` WHERE `group_id`=".$row['group_id'];
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error deleting user\'s group from groups table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // ***************************************************************************
- //
- // Ninth sql query deletes the user from the phpbb_auth_access table
- //
- // ***************************************************************************
-
- $sql = "DELETE FROM `$phpbb_auth_access` WHERE `group_id`=".$row['group_id'];
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error deleting user from auth_access table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // ***************************************************************************
- //
- // Tenth sql query deletes the user from the phpbb topics watch table
- //
- // ***************************************************************************
-
- $sql = "DELETE FROM `$phpbb_topics_watch` WHERE `user_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error deleting user from topics_watch table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // ***************************************************************************
- //
- // Eleventh sql query deletes the user from the banlist table
- //
- // ***************************************************************************
-
- $sql = "DELETE FROM `$phpbb_banlist` WHERE `ban_userid`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error deleting user from the banlist table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // ***************************************************************************
- //
- // Twelfth sql query deletes the user from the sessions table
- //
- // ***************************************************************************
-
- // This delete section was added in .19, so a check is done before using it incase
- // the admin is running an older version of phpbb
-
- if( $phpbb_version >= 0.19 )
-
- {
-
- $sql = "DELETE FROM `$phpbb_sessions` WHERE `session_user_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error deleting user from the sessions table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
- }
-
-
- // ***************************************************************************
- //
- // Twelfth sql query deletes the user from the sessions_keys table
- //
- // ***************************************************************************
-
- // This delete section was added in .19, so a check is done before using it incase
- // the admin is running an older version of phpbb
-
- if( $phpbb_version >= '.0.19' )
-
- {
-
- // First check if the sesssions keys table exists
- // (Since alot of .19 boards dont have it due to incomplete updates
-
- $sql_key_check ="SHOW TABLES LIKE '$phpbb_sessions_keys'";
-
- if( !$result_key_check = mysql_query( $sql_key_check ) )
-
- {
-
- die( '<font size="4"><b>Error selecting session keys table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // This section actually checks if the table exists, if not it skips
- // deleting the user from this table
-
- if( mysql_fetch_array($result_key_check) )
-
- {
-
-
- $sql = "DELETE FROM `$phpbb_sessions_keys` WHERE `user_id`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error deleting user from the sessions_keys table:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
- }
-
- }
-
-
- // ***************************************************************************
- //
- // The final sql query collets the to/from PMs with the user's id & deletes them
- //
- // ***************************************************************************
-
- // If retain_pms is set to true, change PM author to anonymous instead of deleting them
-
- if( $retain_pms == true )
-
- {
-
- // This query sets the from_user_id to the anonymous account so the PMs dont have to be deleted
-
- $sql = "UPDATE `$phpbb_privmsgs` SET `privmsgs_from_userid`=-1 WHERE `privmsgs_from_userid`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting from PM from_user_id to anonymous:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // This query sets the to_user_id to the anonymous account so the PMs dont have to be deleted
-
- $sql = "UPDATE `$phpbb_privmsgs` SET `privmsgs_to_userid`=-1 WHERE `privmsgs_to_userid`=$user_id";
-
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error setting from PM to_user_id to anonymous:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
- }
-
- else
-
- {
-
- $sql = "SELECT `privmsgs_id` FROM `$phpbb_privmsgs` WHERE `privmsgs_from_userid`=$user_id OR `privmsgs_to_userid`=$user_id";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( '<font size="4"><b>Error selecting PMs for the user:</b></font><br /><b>Line:</b> '.__LINE__.'<br /><b>File:</b> '.$_SERVER['PHP_SELF']."<br /><b>Query:</b> $sql<br /><b>MySQL Error:</b> ".mysql_error() );
-
- }
-
-
- // Debugging info:
- // echo "<br />$sql<br />";
-
-
- // This section marks and assigns the resulting PMs into the $marked array
-
- while($myrow = mysql_fetch_array($result))
-
- {
-
- $marked[] = $myrow['privmsgs_id'];
-
- }
-
-
- // Makes mark an empty array if the user has no PMs
-
- if( !isset( $marked ) )
-
- {
-
- $marked = array();
-
- }
-
- // This section actually goes through the list and deletes the PMs
-
-
- // Debugging info:
- // echo '<pre>';
- // print_r( $marked );
-
- if( count( $marked ) )
-
- {
-
- $delete_id = implode( ',', $marked );
-
- // Debugging info:
- // echo "<br />$delete_id";
-
- $sql = "DELETE FROM `$phpbb_privmsgs_text` WHERE `privmsgs_text_id` IN ( $delete_id )";
-
- // Debugging info:
- // echo "<br />$sql";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( 'Error deleting user PMs:<br />Line: '.__LINE__.'<br />File: '.$_SERVER['PHP_SELF']."<br />Query: $sql<br />MySQL Error: ".msql_error() );
-
- }
-
-
- $sql = "DELETE FROM `$phpbb_privmsgs` WHERE `privmsgs_id` IN ( $delete_id )";
-
- // Debugging info:
- // echo "<br />$sql";
-
- if( !$result = mysql_query( $sql ) )
-
- {
-
- die( 'Error deleting user Pms:<br />Line: '.__LINE__.'<br />File: '.$_SERVER['PHP_SELF']."<br />Query: $sql" );
-
- }
-
- }
-
- }
-
- // And thats it! The user should now be fully and properly deleted!
-
- }
-
-
- // Delete User function
-
- function delete_user( $user_id, $clear_posts = false, $retain_pms = false, $from = 'index' )
-
- {
-
- // Debugging info:
- // var_dump( $user_id );
- // var_dump( $clear_posts );
- // var_dump( $retain_pms );
- // var_dump( $from );
-
-
- // Set global variables
-
- global $index;
- global $phpbb_version;
-
- global $phpbb_banlist;
- global $phpbb_user_group;
- global $phpbb_users;
- global $phpbb_groups;
- global $phpbb_posts;
- global $phpbb_posts_text;
- global $phpbb_topics;
- global $phpbb_vote_voters;
- global $phpbb_auth_access;
- global $phpbb_sessions;
- global $phpbb_sessions_keys;
- global $phpbb_privmsgs;
- global $phpbb_privmsgs_text;
- global $phpbb_topics_watch;
-
-
- // Set redirect URL
-
- if( $from == 'edit' )
-
- {
-
- $from ="$index?user_id=$user_id";
-
- }
-
- else
-
- {
-
- $from = $index;
-
- }
-
-
- // First, check if we are dealing with a single user, or an array of users
-
- if( is_array( $user_id ) )
-
- {
-
- // Create user counter variable
-
- $user_counter = 0;
-
-
- // Loop through the array and perform security checks
- // on each element before actually deleting anything
-
- foreach( $user_id as $id )
-
- { //user_id foreach
-
- // First things first, sanitize the $user_id
-
- $user_id = safe_sql( $id );
-
-
- //
- // Obtain username and level based on user_id
- //
-
- $sql = "SELECT * FROM $phpbb_users WHERE user_id=$id LIMIT 1";
-
- $result = mysql_query($sql);
- $myrow = mysql_fetch_array($result);
-
- $username = safe_sql( $myrow['username'] );
- $user_level = safe_sql( $myrow['user_level'] );
-
-
- // Obtain first admin account to set as group mod if deleted user is a group mod (step 5)
-
- $sql = "SELECT * FROM $phpbb_users WHERE user_level=1 ORDER BY user_id ASC LIMIT 1";
-
- $result = mysql_query($sql);
- $myrow = mysql_fetch_array($result);
-
- $admin_id= safe_sql( $myrow['user_id'] );
-
- // Debug info:
- // echo '<pre>';
- // echo gettype( $myrow );
- // die( $admin_id );
-
-
- // Check if admin account exists before deleting, if not return with error
-
- if( !is_array( $myrow ) )
-
- {
-
- $_SESSION['errors']['edituser'][] = 'Due to the phpbb table requirements, at least one admin must exist in the database before a user can be deleted.<br />Either promote a current user to an admin, or register a new one give it admin status.';
- header( "Location: $from" );
- die();
-
- }
-
-
- // Check if attempting to delete the anonymous account
-
- if( $id == -1 )
-
- {
-
- $_SESSION['errors']['edituser'][] = 'The anonymous account is required for phpbb to function correctly and cannot be deleted.';
- continue;
-
- }
-
-
- // Check if attempting to delete an admin account
-
- if( $user_level == 1 )
-
- {
-
- // Check to see if delete admin error has occured to prevent duplicate additions of the admin notification
- // This way it will only list the delete error reason, then list only the admin account names on additional admin delete calls
-
- if( !isset( $admin_delete_error ) )
-
- {
-
- $_SESSION['errors']['edituser'][] = "You cannot delete administrator accounts, they must first be demoted to a user.";
- $admin_delete_error = true;
-
- }
-
- $_SESSION['errors']['edituser'][] = "<b>$username</b> is an administrator and therefore has been skipped.";
- continue;
-
- }
-
-
- // This line calls the delete user core function which actually deletes the user
-
- delete_user_core( $id, $clear_posts, $retain_pms );
-
- $user_counter++;
-
-
- } //user_id foreach
-
-
- $_SESSION['errors']['edituser'][] = "$user_counter user(s) deleted successfully.";
-
- }
-
- else
-
- {
-
- // First things first, sanitize the $user_id
-
- $user_id = safe_sql( $user_id );
-
-
- //
- // Obtain username and level based on user_id
- //
-
- $sql = "SELECT * FROM $phpbb_users WHERE user_id=$user_id LIMIT 1";
-
- $result = mysql_query($sql);
- $myrow = mysql_fetch_array($result);
-
- $username = safe_sql( $myrow['username'] );
- $user_level = safe_sql( $myrow['user_level'] );
-
-
- // Obtain first admin account to set as group mod if deleted user is a group mod (step 5)
-
- $sql = "SELECT * FROM $phpbb_users WHERE user_level=1 ORDER BY user_id ASC LIMIT 1";
-
- $result = mysql_query($sql);
- $myrow = mysql_fetch_array($result);
-
- $admin_id= safe_sql( $myrow['user_id'] );
-
- // Debug info:
- // echo '<pre>';
- // echo gettype( $myrow );
- // die( $admin_id );
-
-
- // Check if admin account exists before deleting, if not return with error
-
- if( !is_array( $myrow ) )
-
- {
-
- $_SESSION['errors']['edituser'][] = 'Due to the phpbb table requirements, at least one admin must exist in the databas…
Large files files are truncated, but you can click here to view the full file