[ Index ]

PHP Cross Reference of MyBB

title

Body

[close]

/admin/modules/user/ -> users.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  // Disallow direct access to this file for security reasons
  13  if(!defined("IN_MYBB"))
  14  {
  15      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  16  }
  17  
  18  // should also have a 'view coppa awaiting activation' view
  19  require_once  MYBB_ROOT."inc/functions_upload.php";
  20  
  21  
  22  $page->add_breadcrumb_item($lang->users, "index.php?module=user-users");
  23  
  24  if($mybb->input['action'] == "add" || $mybb->input['action'] == "merge" || $mybb->input['action'] == "search" || !$mybb->input['action'])
  25  {
  26      $sub_tabs['browse_users'] = array(
  27          'title' => $lang->browse_users,
  28          'link' => "index.php?module=user-users",
  29          'description' => $lang->browse_users_desc
  30      );
  31  
  32      $sub_tabs['find_users'] = array(
  33          'title' => $lang->find_users,
  34          'link' => "index.php?module=user-users&amp;action=search",
  35          'description' => $lang->find_users_desc
  36      );
  37  
  38      $sub_tabs['create_user'] = array(
  39          'title' => $lang->create_user,
  40          'link' => "index.php?module=user-users&amp;action=add",
  41          'description' => $lang->create_user_desc
  42      );
  43  
  44      $sub_tabs['merge_users'] = array(
  45          'title' => $lang->merge_users,
  46          'link' => "index.php?module=user-users&amp;action=merge",
  47          'description' => $lang->merge_users_desc
  48      );
  49  }
  50  
  51  $user_view_fields = array(
  52      "avatar" => array(
  53          "title" => $lang->avatar,
  54          "width" => "24",
  55          "align" => ""
  56      ),
  57  
  58      "username" => array(
  59          "title" => $lang->username,
  60          "width" => "",
  61          "align" => ""
  62      ),
  63  
  64      "email" => array(
  65          "title" => $lang->email,
  66          "width" => "",
  67          "align" => "center"
  68      ),
  69  
  70      "usergroup" => array(
  71          "title" => $lang->primary_group,
  72          "width" => "",
  73          "align" => "center"
  74      ),
  75  
  76      "additionalgroups" => array(
  77          "title" => $lang->additional_groups,
  78          "width" => "",
  79          "align" => "center"
  80      ),
  81  
  82      "regdate" => array(
  83          "title" => $lang->registered,
  84          "width" => "",
  85          "align" => "center"
  86      ),
  87  
  88      "lastactive" => array(
  89          "title" => $lang->last_active,
  90          "width" => "",
  91          "align" => "center"
  92      ),
  93  
  94      "postnum" => array(
  95          "title" => $lang->post_count,
  96          "width" => "",
  97          "align" => "center"
  98      ),
  99  
 100      "reputation" => array(
 101          "title" => $lang->reputation,
 102          "width" => "",
 103          "align" => "center"
 104      ),
 105  
 106      "warninglevel" => array(
 107          "title" => $lang->warning_level,
 108          "width" => "",
 109          "align" => "center"
 110      ),
 111  
 112      "regip" => array(
 113          "title" => $lang->registration_ip,
 114          "width" => "",
 115          "align" => "center"
 116      ),
 117  
 118      "lastip" => array(
 119          "title" => $lang->last_known_ip,
 120          "width" => "",
 121          "align" => "center"
 122      ),
 123  
 124      "controls" => array(
 125          "title" => $lang->controls,
 126          "width" => "",
 127          "align" => "center"
 128      )
 129  );
 130  
 131  $sort_options = array(
 132      "username" => $lang->username,
 133      "regdate" => $lang->registration_date,
 134      "lastactive" => $lang->last_active,
 135      "numposts" => $lang->post_count,
 136      "reputation" => $lang->reputation,
 137      "warninglevel" => $lang->warning_level
 138  );
 139  
 140  $plugins->run_hooks("admin_user_users_begin");
 141  
 142  // Initialise the views manager for user based views
 143  require MYBB_ADMIN_DIR."inc/functions_view_manager.php";
 144  if($mybb->input['action'] == "views")
 145  {
 146      view_manager("index.php?module=user-users", "user", $user_view_fields, $sort_options, "user_search_conditions");
 147  }
 148  
 149  if($mybb->input['action'] == "avatar_gallery")
 150  {
 151      $plugins->run_hooks("admin_user_users_avatar_gallery");
 152  
 153      $user = get_user($mybb->input['uid']);
 154      if(!$user['uid'])
 155      {
 156          exit;
 157      }
 158  
 159      // We've selected a new avatar for this user!
 160      if(isset($mybb->input['avatar']))
 161      {
 162          if(!verify_post_check($mybb->input['my_post_key']))
 163          {
 164              echo $lang->invalid_post_verify_key2;
 165              exit;
 166          }
 167  
 168          $mybb->input['avatar'] = str_replace(array("./", ".."), "", $mybb->input['avatar']);
 169  
 170          if(file_exists("../".$mybb->settings['avatardir']."/".$mybb->input['avatar']))
 171          {
 172              $dimensions = @getimagesize("../".$mybb->settings['avatardir']."/".$mybb->input['avatar']);
 173              $updated_avatar = array(
 174                  "avatar" => $db->escape_string($mybb->settings['avatardir']."/".$mybb->input['avatar'].'?dateline='.TIME_NOW),
 175                  "avatardimensions" => "{$dimensions[0]}|{$dimensions[1]}",
 176                  "avatartype" => "gallery"
 177              );
 178  
 179              $db->update_query("users", $updated_avatar, "uid='".$user['uid']."'");
 180  
 181              $plugins->run_hooks("admin_user_users_avatar_gallery_commit");
 182  
 183              // Log admin action
 184              log_admin_action($user['uid'], $user['username']);
 185          }
 186          remove_avatars($user['uid']);
 187          // Now a tad of javascript to submit the parent window form
 188          echo "<script type=\"text/javascript\">window.parent.submitUserForm();</script>";
 189          exit;
 190      }
 191  
 192      echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
 193      echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
 194      echo "<head profile=\"http://gmpg.org/xfn/1\">\n";
 195      echo "    <title>{$lang->avatar_gallery}</title>\n";
 196      echo "    <link rel=\"stylesheet\" href=\"styles/".$page->style."/main.css\" type=\"text/css\" />\n";
 197      echo "    <link rel=\"stylesheet\" href=\"styles/".$page->style."/avatar_gallery.css\" type=\"text/css\" />\n";
 198      echo "    <script type=\"text/javascript\" src=\"../jscripts/prototype.js\"></script>\n";
 199      echo "    <script type=\"text/javascript\" src=\"../jscripts/general.js\"></script>\n";
 200      echo "</head>\n";
 201      echo "<body id=\"avatar_gallery\">\n";
 202  
 203      // Sanitize incoming path if we have one
 204      $gallery = '';
 205      if(isset($mybb->input['gallery']))
 206      {
 207          $gallery = str_replace(array("..", "\x0"), "", $mybb->input['gallery']);
 208      }
 209  
 210      $breadcrumb = "<a href=\"index.php?module=user-users&amp;action=avatar_gallery&amp;uid={$user['uid']}\">Default Gallery</a>";
 211  
 212      $mybb->settings['avatardir'] = "../".$mybb->settings['avatardir'];
 213  
 214      if(!is_dir($mybb->settings['avatardir']) && is_dir(MYBB_ROOT."/images/avatars/"))
 215      {
 216          $mybb->settings['avatardir'] = "../images/avatars/";
 217      }
 218  
 219      // Within a gallery
 220      if(!empty($gallery))
 221      {
 222          $path = $gallery."/";
 223          $real_path = $mybb->settings['avatardir']."/".$path;
 224          if(is_dir($real_path))
 225          {
 226              // Build friendly gallery breadcrumb
 227              $gallery_path = explode("/", $gallery);
 228              foreach($gallery_path as $key => $url_bit)
 229              {
 230                  if($breadcrumb_url) $breadcrumb_url .= "/";
 231                  $breadcrumb_url .= $url_bit;
 232                  $gallery_name = str_replace(array("_", "%20"), " ", $url_bit);
 233                  $gallery_name = ucwords($gallery_name);
 234  
 235                  if($gallery_path[$key+1])
 236                  {
 237                      $breadcrumb .= " &raquo; <a href=\"index.php?module=user-users&amp;action=avatar_gallery&amp;uid={$user['uid']}&amp;gallery={$breadcrumb_url}\">{$gallery_name}</a>";
 238                  }
 239                  else
 240                  {
 241                      $breadcrumb .= " &raquo; {$gallery_name}";
 242                  }
 243              }
 244          }
 245          else
 246          {
 247              exit;
 248          }
 249      }
 250      else
 251      {
 252          $path = "";
 253          $real_path = $mybb->settings['avatardir'];
 254      }
 255  
 256      // Get a listing of avatars/directories within this gallery
 257      $sub_galleries = $avatars = array();
 258      $files = @scandir($real_path);
 259  
 260      if(is_array($files))
 261      {
 262          foreach($files as $file)
 263          {
 264              if($file == "." || $file == ".." || $file == ".svn")
 265              {
 266                  continue;
 267              }
 268  
 269              // Build friendly name
 270              $friendly_name = str_replace(array("_", "%20"), " ", $file);
 271              $friendly_name = ucwords($friendly_name);
 272              if(is_dir($real_path."/".$file))
 273              {
 274                  // Only add this gallery if there are avatars or galleries inside it (no empty directories!)
 275                  $has = 0;
 276                  $dh = @opendir($real_path."/".$file);
 277                  while(false !== ($sub_file = readdir($dh)))
 278                  {
 279                      if(preg_match("#\.(jpg|jpeg|gif|bmp|png)$#i", $sub_file) || is_dir($real_path."/".$file."/".$sub_file))
 280                      {
 281                          $has = 1;
 282                          break;
 283                      }
 284                  }
 285                  @closedir($dh);
 286                  if($has == 1)
 287                  {
 288                      $sub_galleries[] = array(
 289                          "path" => $path.$file,
 290                          "friendly_name" => $friendly_name
 291                      );
 292                  }
 293              }
 294              else if(preg_match("#\.(jpg|jpeg|gif|bmp|png)$#i", $file))
 295              {
 296                  $friendly_name = preg_replace("#\.(jpg|jpeg|gif|bmp|png)$#i", "", $friendly_name);
 297  
 298                  // Fetch dimensions
 299                  $dimensions = @getimagesize($real_path."/".$file);
 300  
 301                  $avatars[] = array(
 302                      "path" => $path.$file,
 303                      "friendly_name" => $friendly_name,
 304                      "width" => $dimensions[0],
 305                      "height" => $dimensions[1]
 306                  );
 307              }
 308          }
 309      }
 310  
 311      require_once  MYBB_ROOT."inc/functions_image.php";
 312  
 313      // Now we're done, we can simply show our gallery page
 314      echo "<div id=\"gallery_breadcrumb\">{$breadcrumb}</div>\n";
 315      echo "<div id=\"gallery\">\n";
 316      echo "<ul id=\"galleries\">\n";
 317      if(is_array($sub_galleries))
 318      {
 319          foreach($sub_galleries as $gallery)
 320          {
 321              if(!$gallery['thumb'])
 322              {
 323                  $gallery['thumb'] = "styles/{$page->style}/images/avatar_gallery.gif";
 324                  $gallery['thumb_width'] = 64;
 325                  $gallery['thumb_height'] = 64;
 326              }
 327              else
 328              {
 329                  $gallery['thumb'] = "{$mybb->settings['avatardir']}/{$gallery['thumb']}";
 330              }
 331              $scaled_dimensions = scale_image($gallery['thumb_width'], $gallery['thumb_height'], 80, 80);
 332              $top = ceil((80-$scaled_dimensions['height'])/2);
 333              $left = ceil((80-$scaled_dimensions['width'])/2);
 334              echo "<li><a href=\"index.php?module=user-users&amp;action=avatar_gallery&amp;uid={$user['uid']}&amp;gallery={$gallery['path']}\"><span class=\"image\"><img src=\"{$gallery['thumb']}\" alt=\"\" style=\"margin-top: {$top}px;\" height=\"{$scaled_dimensions['height']}\" width=\"{$scaled_dimensions['width']}\"></span><span class=\"title\">{$gallery['friendly_name']}</span></a></li>\n";
 335          }
 336      }
 337      echo "</ul>\n";
 338      // Build the list of any actual avatars we have
 339      echo "<ul id=\"avatars\">\n";
 340      if(is_array($avatars))
 341      {
 342          foreach($avatars as $avatar)
 343          {
 344              $scaled_dimensions = scale_image($avatar['width'], $avatar['height'], 80, 80);
 345              $top = ceil((80-$scaled_dimensions['height'])/2);
 346              $left = ceil((80-$scaled_dimensions['width'])/2);
 347              echo "<li><a href=\"index.php?module=user-users&amp;action=avatar_gallery&amp;uid={$user['uid']}&amp;avatar={$avatar['path']}&amp;my_post_key={$mybb->post_code}\"><span class=\"image\"><img src=\"{$mybb->settings['avatardir']}/{$avatar['path']}\" alt=\"\" style=\"margin-top: {$top}px;\" height=\"{$scaled_dimensions['height']}\" width=\"{$scaled_dimensions['width']}\" /></span><span class=\"title\">{$avatar['friendly_name']}</span></a></li>\n";
 348          }
 349      }
 350      echo "</ul>\n";
 351      echo "</div>";
 352      echo "</body>";
 353      echo "</html>";
 354      exit;
 355  }
 356  
 357  if($mybb->input['action'] == "activate_user")
 358  {
 359      $plugins->run_hooks("admin_user_users_coppa_activate");
 360  
 361      if(!verify_post_check($mybb->input['my_post_key']))
 362      {
 363          flash_message($lang->invalid_post_verify_key2, 'error');
 364          admin_redirect("index.php?module=user-users");
 365      }
 366  
 367      $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'");
 368      $user = $db->fetch_array($query);
 369  
 370      // Does the user not exist?
 371      if(!$user['uid'] || $user['usergroup'] != 5)
 372      {
 373          flash_message($lang->error_invalid_user, 'error');
 374          admin_redirect("index.php?module=user-users");
 375      }
 376  
 377      $updated_user['usergroup'] = $user['usergroup'];
 378  
 379      // Update
 380      if($user['coppauser'])
 381      {
 382          $updated_user = array(
 383              "coppauser" => 0
 384          );
 385      }
 386      else
 387      {
 388          $db->delete_query("awaitingactivation", "uid='{$user['uid']}'");
 389      }
 390  
 391      // Move out of awaiting activation if they're in it.
 392      if($user['usergroup'] == 5)
 393      {
 394          $updated_user['usergroup'] = 2;
 395      }
 396  
 397      $db->update_query("users", $updated_user, "uid='{$user['uid']}'");
 398  
 399      $plugins->run_hooks("admin_user_users_coppa_activate_commit");
 400  
 401      // Log admin action
 402      log_admin_action($user['uid'], $user['username']);
 403  
 404      if($mybb->input['from'] == "home")
 405      {
 406          if($user['coppauser'])
 407          {
 408              $message = $lang->success_coppa_activated;
 409          }
 410          else
 411          {
 412              $message = $lang->success_activated;
 413          }
 414  
 415          update_admin_session('flash_message2', array('message' => $message, 'type' => 'success'));
 416      }
 417      else
 418      {
 419          if($user['coppauser'])
 420          {
 421              flash_message($lang->success_coppa_activated, 'success');
 422          }
 423          else
 424          {
 425              flash_message($lang->success_activated, 'success');
 426          }
 427      }
 428  
 429      if($admin_session['data']['last_users_url'])
 430      {
 431          $url = $admin_session['data']['last_users_url'];
 432          update_admin_session('last_users_url', '');
 433  
 434          if($mybb->input['from'] == "home")
 435          {
 436              update_admin_session('from', 'home');
 437          }
 438      }
 439      else
 440      {
 441          $url = "index.php?module=user-users&action=edit&uid={$user['uid']}";
 442      }
 443  
 444      admin_redirect($url);
 445  }
 446  
 447  if($mybb->input['action'] == "add")
 448  {
 449      $plugins->run_hooks("admin_user_users_add");
 450  
 451      if($mybb->request_method == "post")
 452      {
 453          // Determine the usergroup stuff
 454          if(is_array($mybb->input['additionalgroups']))
 455          {
 456              foreach($mybb->input['additionalgroups'] as $key => $gid)
 457              {
 458                  if($gid == $mybb->input['usergroup'])
 459                  {
 460                      unset($mybb->input['additionalgroups'][$key]);
 461                  }
 462              }
 463              $additionalgroups = implode(",", $mybb->input['additionalgroups']);
 464          }
 465          else
 466          {
 467              $additionalgroups = '';
 468          }
 469  
 470          // Set up user handler.
 471          require_once  MYBB_ROOT."inc/datahandlers/user.php";
 472          $userhandler = new UserDataHandler('insert');
 473  
 474          // Set the data for the new user.
 475          $new_user = array(
 476              "uid" => $mybb->input['uid'],
 477              "username" => $mybb->input['username'],
 478              "password" => $mybb->input['password'],
 479              "password2" => $mybb->input['confirm_password'],
 480              "email" => $mybb->input['email'],
 481              "email2" => $mybb->input['email'],
 482              "usergroup" => $mybb->input['usergroup'],
 483              "additionalgroups" => $additionalgroups,
 484              "displaygroup" => $mybb->input['displaygroup'],
 485              "profile_fields" => $mybb->input['profile_fields'],
 486              "profile_fields_editable" => true,
 487          );
 488  
 489          // Set the data of the user in the datahandler.
 490          $userhandler->set_data($new_user);
 491          $errors = '';
 492  
 493          // Validate the user and get any errors that might have occurred.
 494          if(!$userhandler->validate_user())
 495          {
 496              $errors = $userhandler->get_friendly_errors();
 497          }
 498          else
 499          {
 500              $user_info = $userhandler->insert_user();
 501  
 502              $plugins->run_hooks("admin_user_users_add_commit");
 503  
 504              // Log admin action
 505              log_admin_action($user_info['uid'], $user_info['username']);
 506  
 507              flash_message($lang->success_user_created, 'success');
 508              admin_redirect("index.php?module=user-users&action=edit&uid={$user_info['uid']}");
 509          }
 510      }
 511  
 512      // Fetch custom profile fields - only need required profile fields here
 513      $query = $db->simple_select("profilefields", "*", "required=1", array('order_by' => 'disporder'));
 514      while($profile_field = $db->fetch_array($query))
 515      {
 516          $profile_fields['required'][] = $profile_field;
 517      }
 518  
 519      $page->add_breadcrumb_item($lang->create_user);
 520      $page->output_header($lang->create_user);
 521  
 522      $form = new Form("index.php?module=user-users&amp;action=add", "post");
 523  
 524      $page->output_nav_tabs($sub_tabs, 'create_user');
 525  
 526      // If we have any error messages, show them
 527      if($errors)
 528      {
 529          $page->output_inline_error($errors);
 530      }
 531      else
 532      {
 533          $mybb->input = array(
 534              "usergroup" => 2
 535          );
 536      }
 537  
 538      $form_container = new FormContainer($lang->required_profile_info);
 539      $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
 540      $form_container->output_row($lang->password." <em>*</em>", "", $form->generate_password_box('password', $mybb->input['password'], array('id' => 'password', 'autocomplete' => 'off')), 'password');
 541      $form_container->output_row($lang->confirm_password." <em>*</em>", "", $form->generate_password_box('confirm_password', $mybb->input['confirm_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');
 542      $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email');
 543  
 544      $display_group_options[0] = $lang->use_primary_user_group;
 545      $options = array();
 546      $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
 547      while($usergroup = $db->fetch_array($query))
 548      {
 549          $options[$usergroup['gid']] = $usergroup['title'];
 550          $display_group_options[$usergroup['gid']] = $usergroup['title'];
 551      }
 552  
 553      $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 554      $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
 555      $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
 556  
 557      // Output custom profile fields - required
 558      output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form);
 559  
 560      $form_container->end();
 561      $buttons[] = $form->generate_submit_button($lang->save_user);
 562      $form->output_submit_wrapper($buttons);
 563  
 564      $form->end();
 565      $page->output_footer();
 566  }
 567  
 568  if($mybb->input['action'] == "edit")
 569  {
 570      $plugins->run_hooks("admin_user_users_edit");
 571  
 572      $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'");
 573      $user = $db->fetch_array($query);
 574  
 575      // Does the user not exist?
 576      if(!$user['uid'])
 577      {
 578          flash_message($lang->error_invalid_user, 'error');
 579          admin_redirect("index.php?module=user-users");
 580      }
 581  
 582      if($mybb->request_method == "post")
 583      {
 584          if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))
 585          {
 586              flash_message($lang->error_no_perms_super_admin, 'error');
 587              admin_redirect("index.php?module=user-users");
 588          }
 589  
 590          // Determine the usergroup stuff
 591          if(is_array($mybb->input['additionalgroups']))
 592          {
 593              foreach($mybb->input['additionalgroups'] as $key => $gid)
 594              {
 595                  if($gid == $mybb->input['usergroup'])
 596                  {
 597                      unset($mybb->input['additionalgroups'][$key]);
 598                  }
 599              }
 600              $additionalgroups = implode(",", $mybb->input['additionalgroups']);
 601          }
 602          else
 603          {
 604              $additionalgroups = '';
 605          }
 606  
 607          // Set up user handler.
 608          require_once  MYBB_ROOT."inc/datahandlers/user.php";
 609          $userhandler = new UserDataHandler('update');
 610  
 611          // Set the data for the new user.
 612          $updated_user = array(
 613              "uid" => $mybb->input['uid'],
 614              "username" => $mybb->input['username'],
 615              "email" => $mybb->input['email'],
 616              "email2" => $mybb->input['email'],
 617              "usergroup" => $mybb->input['usergroup'],
 618              "additionalgroups" => $additionalgroups,
 619              "displaygroup" => $mybb->input['displaygroup'],
 620              "postnum" => $mybb->input['postnum'],
 621              "usertitle" => $mybb->input['usertitle'],
 622              "timezone" => $mybb->input['timezone'],
 623              "language" => $mybb->input['language'],
 624              "profile_fields" => $mybb->input['profile_fields'],
 625              "profile_fields_editable" => true,
 626              "website" => $mybb->input['website'],
 627              "icq" => $mybb->input['icq'],
 628              "aim" => $mybb->input['aim'],
 629              "yahoo" => $mybb->input['yahoo'],
 630              "msn" => $mybb->input['msn'],
 631              "birthday" => array(
 632                  "day" => $mybb->input['bday1'],
 633                  "month" => $mybb->input['bday2'],
 634                  "year" => $mybb->input['bday3']
 635              ),
 636              "style" => $mybb->input['style'],
 637              "signature" => $mybb->input['signature'],
 638              "dateformat" => intval($mybb->input['dateformat']),
 639              "timeformat" => intval($mybb->input['timeformat']),
 640              "language" => $mybb->input['language'],
 641              "usernotes" => $mybb->input['usernotes']
 642          );
 643  
 644          if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
 645          {
 646              if($user['coppauser'] == 1)
 647              {
 648                  $updated_user['coppa_user'] = 0;
 649              }
 650          }
 651          if($mybb->input['new_password'])
 652          {
 653              $updated_user['password'] = $mybb->input['new_password'];
 654              $updated_user['password2'] = $mybb->input['confirm_new_password'];
 655          }
 656  
 657          $updated_user['options'] = array(
 658              "allownotices" => $mybb->input['allownotices'],
 659              "hideemail" => $mybb->input['hideemail'],
 660              "subscriptionmethod" => $mybb->input['subscriptionmethod'],
 661              "invisible" => $mybb->input['invisible'],
 662              "dstcorrection" => $mybb->input['dstcorrection'],
 663              "threadmode" => $mybb->input['threadmode'],
 664              "showsigs" => $mybb->input['showsigs'],
 665              "showavatars" => $mybb->input['showavatars'],
 666              "showquickreply" => $mybb->input['showquickreply'],
 667              "receivepms" => $mybb->input['receivepms'],
 668              "receivefrombuddy" => $mybb->input['receivefrombuddy'],
 669              "pmnotice" => $mybb->input['pmnotice'],
 670              "daysprune" => $mybb->input['daysprune'],
 671              "showcodebuttons" => intval($mybb->input['showcodebuttons']),
 672              "pmnotify" => $mybb->input['pmnotify'],
 673              "showredirect" => $mybb->input['showredirect']
 674          );
 675  
 676          if($mybb->settings['usertppoptions'])
 677          {
 678              $updated_user['options']['tpp'] = intval($mybb->input['tpp']);
 679          }
 680  
 681          if($mybb->settings['userpppoptions'])
 682          {
 683              $updated_user['options']['ppp'] = intval($mybb->input['ppp']);
 684          }
 685  
 686          // Set the data of the user in the datahandler.
 687          $userhandler->set_data($updated_user);
 688          $errors = '';
 689  
 690          // Validate the user and get any errors that might have occurred.
 691          if(!$userhandler->validate_user())
 692          {
 693              $errors = $userhandler->get_friendly_errors();
 694          }
 695          else
 696          {
 697              // Are we removing an avatar from this user?
 698              if($mybb->input['remove_avatar'])
 699              {
 700                  $extra_user_updates = array(
 701                      "avatar" => "",
 702                      "avatardimensions" => "",
 703                      "avatartype" => ""
 704                  );
 705                  remove_avatars($user['uid']);
 706              }
 707  
 708              // Are we uploading a new avatar?
 709              if($_FILES['avatar_upload']['name'])
 710              {
 711                  $avatar = upload_avatar($_FILES['avatar_upload'], $user['uid']);
 712                  if($avatar['error'])
 713                  {
 714                      $errors = array($avatar['error']);
 715                  }
 716                  else
 717                  {
 718                      if($avatar['width'] > 0 && $avatar['height'] > 0)
 719                      {
 720                          $avatar_dimensions = $avatar['width']."|".$avatar['height'];
 721                      }
 722                      $extra_user_updates = array(
 723                          "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
 724                          "avatardimensions" => $avatar_dimensions,
 725                          "avatartype" => "upload"
 726                      );
 727                  }
 728              }
 729              // Are we setting a new avatar from a URL?
 730              else if($mybb->input['avatar_url'] && $mybb->input['avatar_url'] != $user['avatar'])
 731              {
 732                  $mybb->input['avatar_url'] = preg_replace("#script:#i", "", $mybb->input['avatar_url']);
 733                  $mybb->input['avatar_url'] = htmlspecialchars_uni($mybb->input['avatar_url']);
 734                  $ext = get_extension($mybb->input['avatar_url']);
 735  
 736                  // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
 737                  $file = fetch_remote_file($mybb->input['avatar_url']);
 738                  if(!$file)
 739                  {
 740                      $avatar_error = $lang->error_invalidavatarurl;
 741                  }
 742                  else
 743                  {
 744                      $tmp_name = "../".$mybb->settings['avataruploadpath']."/remote_".md5(random_str());
 745                      $fp = @fopen($tmp_name, "wb");
 746                      if(!$fp)
 747                      {
 748                          $avatar_error = $lang->error_invalidavatarurl;
 749                      }
 750                      else
 751                      {
 752                          fwrite($fp, $file);
 753                          fclose($fp);
 754                          list($width, $height, $type) = @getimagesize($tmp_name);
 755                          @unlink($tmp_name);
 756                          echo $type;
 757                          if(!$type)
 758                          {
 759                              $avatar_error = $lang->error_invalidavatarurl;
 760                          }
 761                      }
 762                  }
 763  
 764                  if(empty($avatar_error))
 765                  {
 766                      if($width && $height && $mybb->settings['maxavatardims'] != "")
 767                      {
 768                          list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
 769                          if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
 770                          {
 771                              $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
 772                              $avatar_error = $lang->error_avatartoobig;
 773                          }
 774                      }
 775                  }
 776  
 777                  if(empty($avatar_error))
 778                  {
 779                      if($width > 0 && $height > 0)
 780                      {
 781                          $avatar_dimensions = intval($width)."|".intval($height);
 782                      }
 783                      $extra_user_updates = array(
 784                          "avatar" => $db->escape_string($mybb->input['avatar_url'].'?dateline='.TIME_NOW),
 785                          "avatardimensions" => $avatar_dimensions,
 786                          "avatartype" => "remote"
 787                      );
 788                      remove_avatars($user['uid']);
 789                  }
 790                  else
 791                  {
 792                      $errors = array($avatar_error);
 793                  }
 794              }
 795  
 796              // Moderator "Options" (suspend signature, suspend/moderate posting)
 797              $moderator_options = array(
 798                  1 => array(
 799                      "action" => "suspendsignature", // The moderator action we're performing
 800                      "period" => "action_period", // The time period we've selected from the dropdown box
 801                      "time" => "action_time", // The time we've entered
 802                      "update_field" => "suspendsignature", // The field in the database to update if true
 803                      "update_length" => "suspendsigtime" // The length of suspension field in the database
 804                  ),
 805                  2 => array(
 806                      "action" => "moderateposting",
 807                      "period" => "modpost_period",
 808                      "time" => "modpost_time",
 809                      "update_field" => "moderateposts",
 810                      "update_length" => "moderationtime"
 811                  ),
 812                  3 => array(
 813                      "action" => "suspendposting",
 814                      "period" => "suspost_period",
 815                      "time" => "suspost_time",
 816                      "update_field" => "suspendposting",
 817                      "update_length" => "suspensiontime"
 818                  )
 819              );
 820  
 821              require_once  MYBB_ROOT."inc/functions_warnings.php";
 822              foreach($moderator_options as $option)
 823              {
 824                  if(!$mybb->input[$option['action']])
 825                  {
 826                      if($user[$option['update_field']] == 1)
 827                      {
 828                          // We're revoking the suspension
 829                          $extra_user_updates[$option['update_field']] = 0;
 830                          $extra_user_updates[$option['update_length']] = 0;
 831                      }
 832  
 833                      // Skip this option if we haven't selected it
 834                      continue;
 835                  }
 836  
 837                  if($mybb->input[$option['action']])
 838                  {
 839                      if(intval($mybb->input[$option['time']]) == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
 840                      {
 841                          // User has selected a type of ban, but not entered a valid time frame
 842                          $string = $option['action']."_error";
 843                          $errors[] = $lang->$string;
 844                      }
 845  
 846                      if(!is_array($errors))
 847                      {
 848                          $suspend_length = fetch_time_length(intval($mybb->input[$option['time']]), $mybb->input[$option['period']]);
 849  
 850                          if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
 851                          {
 852                              // We already have a suspension, but entered a new time
 853                              if($suspend_length == "-1")
 854                              {
 855                                  // Permanent ban on action
 856                                  $extra_user_updates[$option['update_length']] = 0;
 857                              }
 858                              elseif($suspend_length && $suspend_length != "-1")
 859                              {
 860                                  // Temporary ban on action
 861                                  $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
 862                              }
 863                          }
 864                          elseif(!$user[$option['update_field']])
 865                          {
 866                              // New suspension for this user... bad user!
 867                              $extra_user_updates[$option['update_field']] = 1;
 868                              if($suspend_length == "-1")
 869                              {
 870                                  $extra_user_updates[$option['update_length']] = 0;
 871                              }
 872                              else
 873                              {
 874                                  $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
 875                              }
 876                          }
 877                      }
 878                  }
 879              }
 880  
 881              if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
 882              {
 883                  $errors[] = $lang->suspendmoderate_error;
 884              }
 885  
 886              if(!$errors)
 887              {
 888                  $user_info = $userhandler->update_user();
 889                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
 890  
 891                  // if we're updating the user's signature preferences, do so now
 892                  if($mybb->input['update_posts'] == 'enable' || $mybb->input['update_posts'] == 'disable')
 893                  {
 894                      $update_signature = array(
 895                          'includesig' => ($mybb->input['update_posts'] == 'enable' ? 1 : 0)
 896                      );
 897                      $db->update_query("posts", $update_signature, "uid='{$user['uid']}'");
 898                  }
 899  
 900                  $plugins->run_hooks("admin_user_users_edit_commit");
 901  
 902                  // Log admin action
 903                  log_admin_action($user['uid'], $mybb->input['username']);
 904  
 905                  flash_message($lang->success_user_updated, 'success');
 906                  admin_redirect("index.php?module=user-users");
 907              }
 908          }
 909      }
 910  
 911      if(!$errors)
 912      {
 913          $user['usertitle'] = htmlspecialchars_decode($user['usertitle']);
 914          $mybb->input = $user;
 915  
 916          $options = array(
 917              'bday1', 'bday2', 'bday3',
 918              'new_password', 'confirm_new_password',
 919              'action_time', 'action_period',
 920              'modpost_period', 'moderateposting', 'modpost_time', 'suspost_period', 'suspost_time'
 921          );
 922  
 923          foreach($options as $option)
 924          {
 925              if(!isset($mybb->input[$option]))
 926              {
 927                  $mybb->input[$option] = '';
 928              }
 929          }
 930  
 931          // We need to fetch this users profile field values
 932          $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
 933          $mybb->input['profile_fields'] = $db->fetch_array($query);
 934      }
 935  
 936      if($mybb->input['bday1'] || $mybb->input['bday2'] || $mybb->input['bday3'])
 937      {
 938          $mybb->input['bday'][0] = $mybb->input['bday1'];
 939          $mybb->input['bday'][1] = $mybb->input['bday2'];
 940          $mybb->input['bday'][2] = intval($mybb->input['bday3']);
 941      }
 942      else
 943      {
 944          $mybb->input['bday'] = array(0, 0, '');
 945  
 946          if($user['birthday'])
 947          {
 948              $mybb->input['bday'] = explode('-', $user['birthday']);
 949          }
 950      }
 951  
 952      // Fetch custom profile fields
 953      $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder'));
 954      while($profile_field = $db->fetch_array($query))
 955      {
 956          if($profile_field['required'] == 1)
 957          {
 958              $profile_fields['required'][] = $profile_field;
 959          }
 960          else
 961          {
 962              $profile_fields['optional'][] = $profile_field;
 963          }
 964      }
 965  
 966      $page->add_breadcrumb_item($lang->edit_user.": ".htmlspecialchars_uni($user['username']));
 967      $page->output_header($lang->edit_user);
 968  
 969      $sub_tabs['edit_user'] = array(
 970          'title' => $lang->edit_user,
 971          'description' => $lang->edit_user_desc
 972      );
 973  
 974      $form = new Form("index.php?module=user-users&amp;action=edit&amp;uid={$user['uid']}", "post", "", 1);
 975      echo "<script type=\"text/javascript\">\n function submitUserForm() { $('tab_overview').up('FORM').submit(); }</script>\n";
 976  
 977      $page->output_nav_tabs($sub_tabs, 'edit_user');
 978  
 979      // If we have any error messages, show them
 980      if($errors)
 981      {
 982          $page->output_inline_error($errors);
 983      }
 984  
 985      // Is this user a COPPA user? We show a warning & activate link
 986      if($user['coppauser'])
 987      {
 988          echo $lang->sprintf($lang->warning_coppa_user, $user['uid']);
 989      }
 990  
 991      $tabs = array(
 992          "overview" => $lang->overview,
 993          "profile" => $lang->profile,
 994          "settings" => $lang->account_settings,
 995          "signature" => $lang->signature,
 996          "avatar" => $lang->avatar,
 997          "modoptions" => $lang->mod_options
 998      );
 999      $page->output_tab_control($tabs);
1000  
1001      //
1002      // OVERVIEW
1003      //
1004      echo "<div id=\"tab_overview\">\n";
1005      $table = new Table;
1006      $table->construct_header($lang->avatar, array('class' => 'align_center'));
1007      $table->construct_header($lang->general_account_stats, array('colspan' => '2', 'class' => 'align_center'));
1008  
1009      // Avatar
1010      $avatar_dimensions = explode("|", $user['avatardimensions']);
1011      if($user['avatar'])
1012      {
1013          if($user['avatardimensions'])
1014          {
1015              require_once  MYBB_ROOT."inc/functions_image.php";
1016              list($width, $height) = explode("|", $user['avatardimensions']);
1017              $scaled_dimensions = scale_image($width, $height, 120, 120);
1018          }
1019          else
1020          {
1021              $scaled_dimensions = array(
1022                  "width" => 120,
1023                  "height" => 120
1024              );
1025          }
1026          if (!stristr($user['avatar'], 'http://'))
1027          {
1028              $user['avatar'] = "../{$user['avatar']}\n";
1029          }
1030      }
1031      else
1032      {
1033          $user['avatar'] = "styles/{$page->style}/images/default_avatar.gif";
1034          $scaled_dimensions = array(
1035              "width" => 120,
1036              "height" => 120
1037          );
1038      }
1039      $avatar_top = ceil((126-$scaled_dimensions['height'])/2);
1040      if($user['lastactive'])
1041      {
1042          $last_active = my_date($mybb->settings['dateformat'], $user['lastactive']).", ".my_date($mybb->settings['timeformat'], $user['lastactive']);
1043      }
1044      else
1045      {
1046          $last_active = $lang->never;
1047      }
1048      $reg_date = my_date($mybb->settings['dateformat'], $user['regdate']).", ".my_date($mybb->settings['timeformat'], $user['regdate']);
1049      if($user['dst'] == 1)
1050      {
1051          $timezone = $user['timezone']+1;
1052      }
1053      else
1054      {
1055          $timezone = $user['timezone'];
1056      }
1057      $local_time = gmdate($mybb->settings['dateformat'], TIME_NOW + ($timezone * 3600)).", ".gmdate($mybb->settings['timeformat'], TIME_NOW + ($timezone * 3600));
1058      $days_registered = (TIME_NOW - $user['regdate']) / (24*3600);
1059      $posts_per_day = 0;
1060      if($days_registered > 0)
1061      {
1062          $posts_per_day = round($user['postnum'] / $days_registered, 2);
1063          if($posts_per_day > $user['postnum'])
1064          {
1065              $posts_per_day = $user['postnum'];
1066          }
1067      }
1068      $stats = $cache->read("stats");
1069      $posts = $stats['numposts'];
1070      if($posts == 0)
1071      {
1072          $percent_posts = "0";
1073      }
1074      else
1075      {
1076          $percent_posts = round($user['postnum']*100/$posts, 2);
1077      }
1078  
1079      $user_permissions = user_permissions($user['uid']);
1080  
1081      // Fetch the reputation for this user
1082      if($user_permissions['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
1083      {
1084          $reputation = get_reputation($user['reputation']);
1085      }
1086      else
1087      {
1088          $reputation = "-";
1089      }
1090  
1091      if($mybb->settings['enablewarningsystem'] != 0 && $user_permissions['canreceivewarnings'] != 0)
1092      {
1093          $warning_level = round($user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
1094          if($warning_level > 100)
1095          {
1096              $warning_level = 100;
1097          }
1098          $warning_level = get_colored_warning_level($warning_level);
1099      }
1100  
1101      $age = $lang->na;
1102      if($user['birthday'])
1103      {
1104          $age = get_age($user['birthday']);
1105      }
1106  
1107      $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" style=\"margin-top: {$avatar_top}px\" width=\"{$scaled_dimensions['width']}\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('rowspan' => 6, 'width' => 1));
1108      $table->construct_cell("<strong>{$lang->email_address}:</strong> <a href=\"mailto:".htmlspecialchars_uni($user['email'])."\">".htmlspecialchars_uni($user['email'])."</a>");
1109      $table->construct_cell("<strong>{$lang->last_active}:</strong> {$last_active}");
1110      $table->construct_row();
1111      $table->construct_cell("<strong>{$lang->registration_date}:</strong> {$reg_date}");
1112      $table->construct_cell("<strong>{$lang->local_time}:</strong> {$local_time}");
1113      $table->construct_row();
1114      $table->construct_cell("<strong>{$lang->posts}:</strong> {$user['postnum']}");
1115      $table->construct_cell("<strong>{$lang->age}:</strong> {$age}");
1116      $table->construct_row();
1117      $table->construct_cell("<strong>{$lang->posts_per_day}:</strong> {$posts_per_day}");
1118      $table->construct_cell("<strong>{$lang->reputation}:</strong> {$reputation}");
1119      $table->construct_row();
1120      $table->construct_cell("<strong>{$lang->percent_of_total_posts}:</strong> {$percent_posts}");
1121      $table->construct_cell("<strong>{$lang->warning_level}:</strong> {$warning_level}");
1122      $table->construct_row();
1123      $table->construct_cell("<strong>{$lang->registration_ip}:</strong> {$user['regip']}");
1124      $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> {$user['lastip']}");
1125      $table->construct_row();
1126  
1127      $table->output("{$lang->user_overview}: {$user['username']}");
1128      echo "</div>\n";
1129  
1130      //
1131      // PROFILE
1132      //
1133      echo "<div id=\"tab_profile\">\n";
1134  
1135      $form_container = new FormContainer($lang->required_profile_info.": {$user['username']}");
1136      $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
1137      $form_container->output_row($lang->new_password, $lang->new_password_desc, $form->generate_password_box('new_password', $mybb->input['new_password'], array('id' => 'new_password', 'autocomplete' => 'off')), 'new_password');
1138      $form_container->output_row($lang->confirm_new_password, $lang->new_password_desc, $form->generate_password_box('confirm_new_password', $mybb->input['confirm_new_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');
1139      $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email');
1140  
1141      $display_group_options[0] = $lang->use_primary_user_group;
1142      $options = array();
1143      $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
1144      while($usergroup = $db->fetch_array($query))
1145      {
1146          $options[$usergroup['gid']] = $usergroup['title'];
1147          $display_group_options[$usergroup['gid']] = $usergroup['title'];
1148      }
1149  
1150      if(!is_array($mybb->input['additionalgroups']))
1151      {
1152          $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
1153      }
1154  
1155      $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
1156      $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
1157      $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
1158      $form_container->output_row($lang->post_count." <em>*</em>", "", $form->generate_text_box('postnum', $mybb->input['postnum'], array('id' => 'postnum')), 'postnum');
1159  
1160      // Output custom profile fields - required
1161      if(!isset($profile_fields['required']))
1162      {
1163          $profile_fields['required'] = array();
1164      }
1165      output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form);
1166  
1167      $form_container->end();
1168  
1169      $form_container = new FormContainer($lang->optional_profile_info.": {$user['username']}");
1170      $form_container->output_row($lang->custom_user_title, $lang->custom_user_title_desc, $form->generate_text_box('usertitle', $mybb->input['usertitle'], array('id' => 'usertitle')), 'usertitle');
1171      $form_container->output_row($lang->website, "", $form->generate_text_box('website', $mybb->input['website'], array('id' => 'website')), 'website');
1172      $form_container->output_row($lang->icq_number, "", $form->generate_text_box('icq', $mybb->input['icq'], array('id' => 'icq')), 'icq');
1173      $form_container->output_row($lang->aim_handle, "", $form->generate_text_box('aim', $mybb->input['aim'], array('id' => 'aim')), 'aim');
1174      $form_container->output_row($lang->yahoo_messanger_handle, "", $form->generate_text_box('yahoo', $mybb->input['yahoo'], array('id' => 'yahoo')), 'yahoo');
1175      $form_container->output_row($lang->msn_messanger_handle, "", $form->generate_text_box('msn', $mybb->input['msn'], array('id' => 'msn')), 'msn');
1176  
1177      // Birthday
1178      $birthday_days = array(0 => '');
1179      for($i = 1; $i <= 31; $i++)
1180      {
1181          $birthday_days[$i] = $i;
1182      }
1183  
1184      $birthday_months = array(
1185          0 => '',
1186          1 => $lang->january,
1187          2 => $lang->february,
1188          3 => $lang->march,
1189          4 => $lang->april,
1190          5 => $lang->may,
1191          6 => $lang->june,
1192          7 => $lang->july,
1193          8 => $lang->august,
1194          9 => $lang->september,
1195          10 => $lang->october,
1196          11 => $lang->november,
1197          12 => $lang->december
1198      );
1199  
1200      $birthday_row = $form->generate_select_box('bday1', $birthday_days, $mybb->input['bday'][0], array('id' => 'bday_day'));
1201      $birthday_row .= ' '.$form->generate_select_box('bday2', $birthday_months, $mybb->input['bday'][1], array('id' => 'bday_month'));
1202      $birthday_row .= ' '.$form->generate_text_box('bday3', $mybb->input['bday'][2], array('id' => 'bday_year', 'style' => 'width: 3em;'));
1203  
1204      $form_container->output_row($lang->birthday, "", $birthday_row, 'birthday');
1205  
1206      // Output custom profile fields - optional
1207      output_custom_profile_fields($profile_fields['optional'], $mybb->input['profile_fields'], $form_container, $form);
1208  
1209      $form_container->end();
1210      echo "</div>\n";
1211  
1212      //
1213      // ACCOUNT SETTINGS
1214      //
1215  
1216      // Plugin hook note - we should add hooks in above each output_row for the below so users can add their own options to each group :>
1217  
1218      echo "<div id=\"tab_settings\">\n";
1219      $form_container = new FormContainer($lang->account_settings.": {$user['username']}");
1220      $login_options = array(
1221          $form->generate_check_box("invisible", 1, $lang->hide_from_whos_online, array("checked" => $mybb->input['invisible'])),
1222      );
1223      $form_container->output_row($lang->login_cookies_privacy, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $login_options)."</div>");
1224  
1225      if($mybb->input['pmnotice'] > 1)
1226      {
1227          $mybb->input['pmnotice'] = 1;
1228      }
1229  
1230      $messaging_options = array(
1231          $form->generate_check_box("allownotices", 1, $lang->recieve_admin_emails, array("checked" => $mybb->input['allownotices'])),
1232          $form->generate_check_box("hideemail", 1, $lang->hide_email_from_others, array("checked" => $mybb->input['hideemail'])),
1233          $form->generate_check_box("receivepms", 1, $lang->recieve_pms_from_others, array("checked" => $mybb->input['receivepms'])),
1234          $form->generate_check_box("receivefrombuddy", 1, $lang->recieve_pms_from_buddy, array("checked" => $mybb->input['receivefrombuddy'])),
1235          $form->generate_check_box("pmnotice", 1, $lang->alert_new_pms, array("checked" => $mybb->input['pmnotice'])),
1236          $form->generate_check_box("pmnotify", 1, $lang->email_notify_new_pms, array("checked" => $mybb->input['pmnotify'])),
1237          "<label for=\"subscriptionmethod\">{$lang->default_thread_subscription_mode}:</label><br />".$form->generate_select_box("subscriptionmethod", array($lang->do_not_subscribe, $lang->no_email_notification, $lang->instant_email_notification), $mybb->input['subscriptionmethod'], array('id' => 'subscriptionmethod'))
1238      );
1239      $form_container->output_row($lang->messaging_and_notification, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $messaging_options)."</div>");
1240  
1241      $date_format_options = array($lang->use_default);
1242      foreach($date_formats as $key => $format)
1243      {
1244          $date_format_options[$key] = my_date($format, TIME_NOW, "", 0);
1245      }
1246  
1247      $time_format_options = array($lang->use_default);
1248      foreach($time_formats as $key => $format)
1249      {
1250          $time_format_options[$key] = my_date($format, TIME_NOW, "", 0);
1251      }
1252  
1253      $date_options = array(
1254          "<label for=\"dateformat\">{$lang->date_format}:</label><br />".$form->generate_select_box("dateformat", $date_format_options, $mybb->input['dateformat'], array('id' => 'dateformat')),
1255          "<label for=\"dateformat\">{$lang->time_format}:</label><br />".$form->generate_select_box("timeformat", $time_format_options, $mybb->input['timeformat'], array('id' => 'timeformat')),
1256          "<label for=\"timezone\">{$lang->time_zone}:</label><br />".build_timezone_select("timezone", $mybb->input['timezone']),
1257          "<label for=\"dstcorrection\">{$lang->daylight_savings_time_correction}:</label><br />".$form->generate_select_box("dstcorrection", array(2 => $lang->automatically_detect, 1 => $lang->always_use_dst_correction, 0 => $lang->never_use_dst_correction), $mybb->input['dstcorrection'], array('id' => 'dstcorrection'))
1258      );
1259      $form_container->output_row($lang->date_and_time_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $date_options)."</div>");
1260  
1261  
1262      $tpp_options = array($lang->use_default);
1263      if($mybb->settings['usertppoptions'])
1264      {
1265          $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
1266          if(is_array($explodedtpp))
1267          {
1268              foreach($explodedtpp as $tpp)
1269              {
1270                  if($tpp <= 0) continue;
1271                  $tpp_options[$tpp] = $tpp;
1272              }
1273          }
1274      }
1275  
1276      $thread_age_options = array(
1277          0 => $lang->use_default,
1278          1 => $lang->show_threads_last_day,
1279          5 => $lang->show_threads_last_5_days,
1280          10 => $lang->show_threads_last_10_days,
1281          20 => $lang->show_threads_last_20_days,
1282          50 => $lang->show_threads_last_50_days,
1283          75 => $lang->show_threads_last_75_days,
1284          100 => $lang->show_threads_last_100_days,
1285          365 => $lang->show_threads_last_year,
1286          9999 => $lang->show_all_threads
1287      );
1288  
1289      $forum_options = array(
1290          "<label for=\"tpp\">{$lang->threads_per_page}:</label><br />".$form->generate_select_box("tpp", $tpp_options, $mybb->input['tpp'], array('id' => 'tpp')),
1291          "<label for=\"daysprune\">{$lang->default_thread_age_view}:</label><br />".$form->generate_select_box("daysprune", $thread_age_options, $mybb->input['daysprune'], array('id' => 'daysprune'))
1292      );
1293      $form_container->output_row($lang->forum_display_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $forum_options)."</div>");
1294  
1295      $ppp_options = array($lang->use_default);
1296      if($mybb->settings['userpppoptions'])
1297      {
1298          $explodedppp = explode(",", $mybb->settings['userpppoptions']);
1299          if(is_array($explodedppp))
1300          {
1301              foreach($explodedppp as $ppp)
1302              {
1303                  if($ppp <= 0) continue;
1304                  $ppp_options[$ppp] = $ppp;
1305              }
1306          }
1307      }
1308  
1309      $thread_options = array(
1310          $form->generate_check_box("showsigs", 1, $lang->display_users_sigs, array("checked" => $mybb->input['showsigs'])),
1311          $form->generate_check_box("showavatars", 1, $lang->display_users_avatars, array("checked" => $mybb->input['showavatars'])),
1312          $form->generate_check_box("showquickreply", 1, $lang->show_quick_reply, array("checked" => $mybb->input['showquickreply'])),
1313          "<label for=\"ppp\">{$lang->posts_per_page}:</label><br />".$form->generate_select_box("ppp", $ppp_options, $mybb->input['ppp'], array('id' => 'ppp')),
1314          "<label for=\"threadmode\">{$lang->default_thread_view_mode}:</label><br />".$form->generate_select_box("threadmode", array("" => $lang->use_default, "linear" => $lang->linear_mode, "threaded" => $lang->threaded_mode), $mybb->input['threadmode'], array('id' => 'threadmode'))
1315      );
1316      $form_container->output_row($lang->thread_view_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $thread_options)."</div>");
1317  
1318      $languages = array_merge(array('' => $lang->use_default), $lang->get_languages());
1319  
1320      $other_options = array(
1321          $form->generate_check_box("showredirect", 1, $lang->show_redirect, array("checked" => $mybb->input['showredirect'])),
1322          $form->generate_check_box("showcodebuttons", "1", $lang->show_code_buttons, array("checked" => $mybb->input['showcodebuttons'])),
1323          "<label for=\"style\">{$lang->theme}:</label><br />".build_theme_select("style", $mybb->input['style'], 0, "", true),
1324          "<label for=\"language\">{$lang->board_language}:</label><br />".$form->generate_select_box("language", $languages, $mybb->input['language'], array('id' => 'language'))
1325      );
1326      $form_container->output_row($lang->other_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $other_options)."</div>");
1327  
1328      $form_container->end();
1329      echo "</div>\n";
1330  
1331      //
1332      // SIGNATURE EDITOR
1333      //
1334      $signature_editor = $form->generate_text_area("signature", $mybb->input['signature'], array('id' => 'signature', 'rows' => 15, 'cols' => '70', 'style' => 'width: 95%'));
1335      $sig_smilies = $lang->off;
1336      if($mybb->settings['sigsmilies'] == 1)
1337      {
1338          $sig_smilies = $lang->on;
1339      }
1340      $sig_mycode = $lang->off;
1341      if($mybb->settings['sigmycode'] == 1)
1342      {
1343          $sig_mycode = $lang->on;
1344          $signature_editor .= build_mycode_inserter("signature");
1345      }
1346      $sig_html = $lang->off;
1347      if($mybb->settings['sightml'] == 1)
1348      {
1349          $sig_html = $lang->on;
1350      }
1351      $sig_imgcode = $lang->off;
1352      if($mybb->settings['sigimgcode'] == 1)
1353      {
1354          $sig_imgcode = $lang->on;
1355      }
1356      echo "<div id=\"tab_signature\">\n";
1357      $form_container = new FormContainer("{$lang->signature}: {$user['username']}");
1358      $form_container->output_row($lang->signature, $lang->sprintf($lang->signature_desc, $sig_mycode, $sig_smilies, $sig_imgcode, $sig_html), $signature_editor, 'signature');
1359  
1360      $periods = array(
1361          "hours" => $lang->expire_hours,
1362          "days" => $lang->expire_days,
1363          "weeks" => $lang->expire_weeks,
1364          "months" => $lang->expire_months,
1365          "never" => $lang->expire_permanent
1366      );
1367  
1368      // Are we already suspending the signature?
1369      if($mybb->input['suspendsignature'])
1370      {
1371          $sig_checked = 1;
1372  
1373          // Display how much time is left on the ban for the user to extend it
1374          if($user['suspendsigtime'] == "0")
1375          {
1376              // Permanent
1377              $lang->suspend_expire_info = $lang->suspend_sig_perm;
1378          }
1379          else
1380          {
1381              // There's a limit to the suspension!
1382              $expired = my_date($mybb->settings['dateformat'], $user['suspendsigtime'])." @ ".my_date($mybb->settings['timeformat'], $user['suspendsigtime']);
1383              $lang->suspend_expire_info = $lang->sprintf($lang->suspend_expire_info, $expired);
1384          }
1385          $user_suspend_info = '
1386                  <tr>
1387                      <td colspan="2">'.$lang->suspend_expire_info.'<br />'.$lang->suspend_sig_extend.'</td>
1388                  </tr>';
1389      }
1390      else
1391      {
1392          $sig_checked = 0;
1393          $user_suspend_info = '';
1394      }
1395  
1396      $actions = '
1397      <script type="text/javascript">
1398      <!--
1399          var sig_checked = "'.$sig_checked.'";
1400  
1401  		function toggleAction()
1402          {
1403              if($("suspend_action").visible() == true)
1404              {
1405                  $("suspend_action").hide();
1406              }
1407              else
1408              {
1409                  $("suspend_action").show();
1410              }
1411          }
1412      // -->
1413      </script>
1414  
1415      <dl style="margin-top: 0; margin-bottom: 0; width: 100%;">
1416          <dt>'.$form->generate_check_box("suspendsignature", 1, $lang->suspend_sig_box, array('checked' => $sig_checked, 'onclick' => 'toggleAction();')).'</dt>
1417          <dd style="margin-top: 4px;" id="suspend_action" class="actions">
1418              <table cellpadding="4">'.$user_suspend_info.'
1419                  <tr>
1420                      <td width="30%"><small>'.$lang->expire_length.'</small></td>
1421                      <td>'.$form->generate_text_box('action_time', $mybb->input['action_time'], array('style' => 'width: 2em;')).' '.$form->generate_select_box('action_period', $periods, $mybb->input['action_period']).'</td>
1422                  </tr>
1423              </table>
1424          </dd>
1425      </dl>
1426  
1427      <script type="text/javascript">
1428      <!--
1429          if(sig_checked == 0)
1430          {
1431              $("suspend_action").hide();
1432          }
1433      // -->
1434      </script>';
1435  
1436      $form_container->output_row($lang->suspend_sig, $lang->suspend_sig_info, $actions);
1437  
1438      $signature_options = array(
1439          $form->generate_radio_button("update_posts", "enable", $lang->enable_sig_in_all_posts, array("checked" => 0)),
1440          $form->generate_radio_button("update_posts", "disable", $lang->disable_sig_in_all_posts, array("checked" => 0)),
1441          $form->generate_radio_button("update_posts", "no", $lang->do_nothing, array("checked" => 1))
1442      );
1443  
1444      $form_container->output_row($lang->signature_preferences, "", implode("<br />", $signature_options));
1445  
1446      $form_container->end();
1447      echo "</div>\n";
1448  
1449      //
1450      // AVATAR MANAGER
1451      //
1452      echo "<div id=\"tab_avatar\">\n";
1453      $table = new Table;
1454      $table->construct_header($lang->current_avatar, array('colspan' => 2));
1455  
1456      $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" width=\"{$scaled_dimensions['width']}\" style=\"margin-top: {$avatar_top}px\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('width' => 1));
1457  
1458      $avatar_url = '';
1459      if($user['avatartype'] == "upload" || stristr($user['avatar'], $mybb->settings['avataruploadpath']))
1460      {
1461          $current_avatar_msg = "<br /><strong>{$lang->user_current_using_uploaded_avatar}</strong>";
1462      }
1463      else if($user['avatartype'] == "gallery" || stristr($user['avatar'], $mybb->settings['avatardir']))
1464      {
1465          $current_avatar_msg = "<br /><strong>{$lang->user_current_using_gallery_avatar}</strong>";
1466      }
1467      elseif($user['avatartype'] == "remote" || my_strpos(my_strtolower($user['avatar']), "http://") !== false)
1468      {
1469          $current_avatar_msg = "<br /><strong>{$lang->user_current_using_remote_avatar}</strong>";
1470          $avatar_url = $user['avatar'];
1471      }
1472  
1473      if($errors)
1474      {
1475          $avatar_url = $mybb->input['avatar_url'];
1476      }
1477  
1478      if($mybb->settings['maxavatardims'] != "")
1479      {
1480          list($max_width, $max_height) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
1481          $max_size = "<br />{$lang->max_dimensions_are} {$max_width}x{$max_height}";
1482      }
1483  
1484      if($mybb->settings['avatarsize'])
1485      {
1486          $maximum_size = get_friendly_size($mybb->settings['avatarsize']*1024);
1487          $max_size .= "<br />{$lang->avatar_max_size} {$maximum_size}";
1488      }
1489  
1490      if($user['avatar'])
1491      {
1492          $remove_avatar = "<br /><br />".$form->generate_check_box("remove_avatar", 1, "<strong>{$lang->remove_avatar}</strong>");
1493      }
1494  
1495      $table->construct_cell($lang->avatar_desc."{$remove_avatar}<br /><small>{$max_size}</small>");
1496      $table->construct_row();
1497  
1498      $table->output($lang->avatar.": {$user['username']}");
1499  
1500      // Custom avatar
1501      if($mybb->settings['avatarresizing'] == "auto")
1502      {
1503          $auto_resize = $lang->avatar_auto_resize;
1504      }
1505      else if($mybb->settings['avatarresizing'] == "user")
1506      {
1507          $auto_resize = "<input type=\"checkbox\" name=\"auto_resize\" value=\"1\" checked=\"checked\" id=\"auto_resize\" /> <label for=\"auto_resize\">{$lang->attempt_to_auto_resize}</label></span>";
1508      }
1509      $form_container = new FormContainer($lang->specify_custom_avatar);
1510      $form_container->output_row($lang->upload_avatar, $auto_resize, $form->generate_file_upload_box('avatar_upload', array('id' => 'avatar_upload')), 'avatar_upload');
1511      $form_container->output_row($lang->or_specify_avatar_url, "", $form->generate_text_box('avatar_url', $avatar_url, array('id' => 'avatar_url')), 'avatar_url');
1512      $form_container->end();
1513  
1514      // Select an image from the gallery
1515      echo "<div class=\"border_wrapper\">";
1516      echo "<div class=\"title\">.. {$lang->or_select_avatar_gallery}</div>";
1517      echo "<iframe src=\"index.php?module=user-users&amp;action=avatar_gallery&amp;uid={$user['uid']}\" width=\"100%\" height=\"350\" frameborder=\"0\"></iframe>";
1518      echo "</div>";
1519      echo "</div>";
1520  
1521      //
1522      // MODERATOR OPTIONS
1523      //
1524      $periods = array(
1525          "hours" => $lang->expire_hours,
1526          "days" => $lang->expire_days,
1527          "weeks" => $lang->expire_weeks,
1528          "months" => $lang->expire_months,
1529          "never" => $lang->expire_permanent
1530      );
1531  
1532      echo "<div id=\"tab_modoptions\">\n";
1533      $form_container = new FormContainer($lang->mod_options.": {$user['username']}");
1534      $form_container->output_row($lang->user_notes, '', $form->generate_text_area('usernotes', $mybb->input['usernotes'], array('id' => 'usernotes')), 'usernotes');
1535  
1536      // Mod posts
1537      // Generate check box
1538      $modpost_options = $form->generate_select_box('modpost_period', $periods, $mybb->input['modpost_period'], array('id' => 'modpost_period'));
1539  
1540      // Do we have any existing suspensions here?
1541      $existing_info = '';
1542      if($user['moderateposts'] || ($mybb->input['moderateposting'] && !empty($errors)))
1543      {
1544          $mybb->input['moderateposting'] = 1;
1545          if($user['moderationtime'] != 0)
1546          {
1547              $expired = my_date($mybb->settings['dateformat'], $user['moderationtime']).", ".my_date($mybb->settings['timeformat'], $user['moderationtime']);
1548              $existing_info = $lang->sprintf($lang->moderate_length, $expired);
1549          }
1550          else
1551          {
1552              $existing_info = $lang->moderated_perm;
1553          }
1554      }
1555  
1556      $modpost_div = '<div id="modpost">'.$existing_info.''.$lang->moderate_for.' '.$form->generate_text_box("modpost_time", $mybb->input['modpost_time'], array('style' => 'width: 2em;')).' '.$modpost_options.'</div>';
1557      $lang->moderate_posts_info = $lang->sprintf($lang->moderate_posts_info, $user['username']);
1558      $form_container->output_row($form->generate_check_box("moderateposting", 1, $lang->moderate_posts, array("id" => "moderateposting", "onclick" => "toggleBox('modpost');", "checked" => $mybb->input['moderateposting'])), $lang->moderate_posts_info, $modpost_div);
1559  
1560      // Suspend posts
1561      // Generate check box
1562      $suspost_options = $form->generate_select_box('suspost_period', $periods, $mybb->input['suspost_period'], array('id' => 'suspost_period'));
1563  
1564      // Do we have any existing suspensions here?
1565      if($user['suspendposting'] || ($mybb->input['suspendposting'] && !empty($errors)))
1566      {
1567          $mybb->input['suspendposting'] = 1;
1568  
1569          if($user['suspensiontime'] == 0 || $mybb->input['suspost_period'] == "never")
1570          {
1571              $existing_info = $lang->suspended_perm;
1572          }
1573          else
1574          {
1575              $suspost_date = my_date($mybb->settings['dateformat'], $user['suspensiontime'])." ".my_date($mybb->settings['timeformat'], $user['suspensiontime']);
1576              $existing_info = $lang->sprintf($lang->suspend_length, $suspost_date);
1577          }
1578      }
1579  
1580      $suspost_div = '<div id="suspost">'.$existing_info.''.$lang->suspend_for.' '.$form->generate_text_box("suspost_time", $mybb->input['suspost_time'], array('style' => 'width: 2em;')).' '.$suspost_options.'</div>';
1581      $lang->suspend_posts_info = $lang->sprintf($lang->suspend_posts_info, $user['username']);
1582      $form_container->output_row($form->generate_check_box("suspendposting", 1, $lang->suspend_posts, array("id" => "suspendposting", "onclick" => "toggleBox('suspost');", "checked" => $mybb->input['suspendposting'])), $lang->suspend_posts_info, $suspost_div);
1583  
1584  
1585      $form_container->end();
1586      echo "</div>\n";
1587  
1588      $buttons[] = $form->generate_submit_button($lang->save_user);
1589      $form->output_submit_wrapper($buttons);
1590  
1591      $form->end();
1592  
1593  echo '<script type="text/javascript">
1594  <!--
1595  
1596  function toggleBox(action)
1597  {
1598      if(action == "modpost")
1599      {
1600          $("suspendposting").checked = false;
1601          $("suspost").hide();
1602  
1603          if($("moderateposting").checked == true)
1604          {
1605              $("modpost").show();
1606          }
1607          else if($("moderateposting").checked == false)
1608          {
1609              $("modpost").hide();
1610          }
1611      }
1612      else if(action == "suspost")
1613      {
1614          $("moderateposting").checked = false;
1615          $("modpost").hide();
1616  
1617          if($("suspendposting").checked == true)
1618          {
1619              $("suspost").show();
1620          }
1621          else if($("suspendposting").checked == false)
1622          {
1623              $("suspost").hide();
1624          }
1625      }
1626  }
1627  
1628  if($("moderateposting").checked == false)
1629  {
1630      $("modpost").hide();
1631  }
1632  else
1633  {
1634      $("modpost").show();
1635  }
1636  
1637  if($("suspendposting").checked == false)
1638  {
1639      $("suspost").hide();
1640  }
1641  else
1642  {
1643      $("suspost").show();
1644  }
1645  
1646  // -->
1647  </script>';
1648  
1649      $page->output_footer();
1650  }
1651  
1652  if($mybb->input['action'] == "delete")
1653  {
1654      $plugins->run_hooks("admin_user_users_delete");
1655  
1656      $query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'");
1657      $user = $db->fetch_array($query);
1658  
1659      // Does the user not exist?
1660      if(!$user['uid'])
1661      {
1662          flash_message($lang->error_invalid_user, 'error');
1663          admin_redirect("index.php?module=user-users");
1664      }
1665  
1666      if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))
1667      {
1668          flash_message($lang->error_no_perms_super_admin, 'error');
1669          admin_redirect("index.php?module=user-users");
1670      }
1671  
1672      // User clicked no
1673      if($mybb->input['no'])
1674      {
1675          admin_redirect("index.php?module=user-users");
1676      }
1677  
1678      if($mybb->request_method == "post")
1679      {
1680          // Delete the user
1681          $db->delete_query("userfields", "ufid='{$user['uid']}'");
1682          $db->delete_query("privatemessages", "uid='{$user['uid']}'");
1683          $db->delete_query("events", "uid='{$user['uid']}'");
1684          $db->delete_query("forumsubscriptions", "uid='{$user['uid']}'");
1685          $db->delete_query("threadsubscriptions", "uid='{$user['uid']}'");
1686          $db->delete_query("sessions", "uid='{$user['uid']}'");
1687          $db->delete_query("banned", "uid='{$user['uid']}'");
1688          $db->delete_query("threadratings", "uid='{$user['uid']}'");
1689          $db->delete_query("users", "uid='{$user['uid']}'");
1690          $db->delete_query("joinrequests", "uid='{$user['uid']}'");
1691          $db->delete_query("warnings", "uid='{$user['uid']}'");
1692          $db->delete_query("reputation", "uid='{$user['uid']}' OR adduid='{$user['uid']}'");
1693          $db->delete_query("awaitingactivation", "uid='{$user['uid']}'");
1694          $db->delete_query("posts", "uid = '{$user['uid']}' AND visible = '-2'");
1695          $db->delete_query("threads", "uid = '{$user['uid']}' AND visible = '-2'");
1696  
1697          // Update forum stats
1698          update_stats(array('numusers' => '-1'));
1699  
1700          // Update forums & threads if user is the lastposter
1701          $db->update_query("posts", array('uid' => 0), "uid='{$user['uid']}'");
1702          $db->update_query("forums", array("lastposteruid" => 0), "lastposteruid = '{$user['uid']}'");
1703          $db->update_query("threads", array("lastposteruid" => 0), "lastposteruid = '{$user['uid']}'");
1704  
1705          // Did this user have an uploaded avatar?
1706          if($user['avatartype'] == "upload")
1707          {
1708              // Removes the ./ at the beginning the timestamp on the end...
1709              @unlink("../".substr($user['avatar'], 2, -20));
1710          }
1711  
1712          // Was this user a moderator?
1713          if(is_moderator($user['uid']))
1714          {
1715              $db->delete_query("moderators", "id='{$user['uid']}' AND isgroup = '0'");
1716              $cache->update_moderators();
1717          }
1718  
1719          $plugins->run_hooks("admin_user_users_delete_commit");
1720  
1721          // Log admin action
1722          log_admin_action($user['uid'], $user['username']);
1723  
1724          flash_message($lang->success_user_deleted, 'success');
1725          admin_redirect("index.php?module=user-users");
1726      }
1727      else
1728      {
1729          $page->output_confirm_action("index.php?module=user-users&action=delete&uid={$user['uid']}", $lang->user_deletion_confirmation);
1730      }
1731  }
1732  
1733  if($mybb->input['action'] == "referrers")
1734  {
1735      $plugins->run_hooks("admin_user_users_referrers");
1736  
1737      $page->add_breadcrumb_item($lang->show_referrers);
1738      $page->output_header($lang->show_referrers);
1739  
1740      $sub_tabs['referrers'] = array(
1741          'title' => $lang->show_referrers,
1742          'link' => "index.php?module=user-users&amp;action=referrers&amp;uid={$mybb->input['uid']}",
1743          'description' => $lang->show_referrers_desc
1744      );
1745  
1746      $page->output_nav_tabs($sub_tabs, 'referrers');
1747  
1748      // Fetch default admin view
1749      $default_view = fetch_default_view("user");
1750      if(!$default_view)
1751      {
1752          $default_view = "0";
1753      }
1754      $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
1755      $admin_view = $db->fetch_array($query);
1756  
1757      if($mybb->input['type'])
1758      {
1759          $admin_view['view_type'] = $mybb->input['type'];
1760      }
1761  
1762      $admin_view['conditions'] = unserialize($admin_view['conditions']);
1763      $admin_view['conditions']['referrer'] = $mybb->input['uid'];
1764  
1765      $view = build_users_view($admin_view);
1766  
1767      // No referred users
1768      if(!$view)
1769      {
1770          $table = new Table;
1771          $table->construct_cell($lang->error_no_referred_users);
1772          $table->construct_row();
1773          $table->output($lang->show_referrers);
1774      }
1775      else
1776      {
1777          echo $view;
1778      }
1779  
1780      $page->output_footer();
1781  }
1782  
1783  if($mybb->input['action'] == "ipaddresses")
1784  {
1785      $plugins->run_hooks("admin_user_users_ipaddresses");
1786  
1787      $page->add_breadcrumb_item($lang->ip_addresses);
1788      $page->output_header($lang->ip_addresses);
1789  
1790      $sub_tabs['ipaddresses'] = array(
1791          'title' => $lang->show_ip_addresses,
1792          'link' => "index.php?module=user-users&amp;action=ipaddresses&amp;uid={$mybb->input['uid']}",
1793          'description' => $lang->show_ip_addresses_desc
1794      );
1795  
1796      $page->output_nav_tabs($sub_tabs, 'ipaddresses');
1797  
1798      $query = $db->simple_select("users", "uid, regip, username, lastip", "uid='{$mybb->input['uid']}'", array('limit' => 1));
1799      $user = $db->fetch_array($query);
1800  
1801      // Log admin action
1802      log_admin_action($user['uid'], $user['username']);
1803  
1804      $table = new Table;
1805  
1806      $table->construct_header($lang->ip_address);
1807      $table->construct_header($lang->controls, array('width' => 200, 'class' => "align_center"));
1808  
1809      if(empty($user['lastip']))
1810      {
1811          $user['lastip'] = $lang->unknown;
1812          $controls = '';
1813      }
1814      else
1815      {
1816          $popup = new PopupMenu("user_last", $lang->options);
1817          $popup->add_item($lang->show_users_regged_with_ip,
1818  "index.php?module=user-users&amp;action=search&amp;results=1&amp;conditions=".urlencode(serialize(array("regip" => $user['lastip']))));
1819          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(serialize(array("postip" => $user['lastip']))));
1820          $popup->add_item($lang->info_on_ip, "{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$user['lastip']}", "MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$user['lastip']}', 'iplookup', 500, 250); return false;");
1821          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$user['lastip']}");
1822          $controls = $popup->fetch();
1823      }
1824      $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> {$user['lastip']}");
1825      $table->construct_cell($controls, array('class' => "align_center"));
1826      $table->construct_row();
1827  
1828      if(empty($user['regip']))
1829      {
1830          $user['regip'] = $lang->unknown;
1831          $controls = '';
1832      }
1833      else
1834      {
1835          $popup = new PopupMenu("user_reg", $lang->options);
1836          $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(serialize(array("regip" => $user['regip']))));
1837          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(serialize(array("postip" => $user['regip']))));
1838          $popup->add_item($lang->info_on_ip, "{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$user['regip']}", "MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$user['regip']}', 'iplookup', 500, 250); return false;");
1839          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$user['regip']}");
1840          $controls = $popup->fetch();
1841      }
1842      $table->construct_cell("<strong>{$lang->registration_ip}:</strong> {$user['regip']}");
1843      $table->construct_cell($controls, array('class' => "align_center"));
1844      $table->construct_row();
1845  
1846      $counter = 0;
1847  
1848      $query = $db->simple_select("posts", "DISTINCT ipaddress", "uid='{$mybb->input['uid']}'");
1849      while($ip = $db->fetch_array($query))
1850      {
1851          ++$counter;
1852          $popup = new PopupMenu("id_{$counter}", $lang->options);
1853          $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(serialize(array("regip" => $ip['ipaddress']))));
1854          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(serialize(array("postip" => $ip['ipaddress']))));
1855          $popup->add_item($lang->info_on_ip, "{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$ip['ipaddress']}", "MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress={$ip['ipaddress']}', 'iplookup', 500, 250); return false;");
1856          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$ip['ipaddress']}");
1857          $controls = $popup->fetch();
1858  
1859          $table->construct_cell($ip['ipaddress']);
1860          $table->construct_cell($controls, array('class' => "align_center"));
1861          $table->construct_row();
1862      }
1863  
1864      $table->output($lang->ip_address_for." {$user['username']}");
1865  
1866      $page->output_footer();
1867  }
1868  
1869  if($mybb->input['action'] == "merge")
1870  {
1871      $plugins->run_hooks("admin_user_users_merge");
1872  
1873      if($mybb->request_method == "post")
1874      {
1875          $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['source_username']))."'");
1876          $source_user = $db->fetch_array($query);
1877          if(!$source_user['uid'])
1878          {
1879              $errors[] = $lang->error_invalid_user_source;
1880          }
1881  
1882          $query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['destination_username']))."'");
1883          $destination_user = $db->fetch_array($query);
1884          if(!$destination_user['uid'])
1885          {
1886              $errors[] = $lang->error_invalid_user_destination;
1887          }
1888  
1889          // If we're not a super admin and we're merging a source super admin or a destination super admin then dissallow this action
1890          if(!is_super_admin($mybb->user['uid']) && (is_super_admin($source_user['uid']) || is_super_admin($destination_user['uid'])))
1891          {
1892              flash_message($lang->error_no_perms_super_admin, 'error');
1893              admin_redirect("index.php?module=user-users");
1894          }
1895  
1896          if($source_user['uid'] == $destination_user['uid'])
1897          {
1898              $errors[] = $lang->error_cannot_merge_same_account;
1899          }
1900  
1901          if(empty($errors))
1902          {
1903              // Begin to merge the accounts
1904              $uid_update = array(
1905                  "uid" => $destination_user['uid']
1906              );
1907              $query = $db->simple_select("adminoptions", "uid", "uid='{$destination_user['uid']}'");
1908              $existing_admin_options = $db->fetch_field($query, "uid");
1909  
1910              // Only carry over admin options/permissions if we don't already have them
1911              if(!$existing_admin_options)
1912              {
1913                  $db->update_query("adminoptions", $uid_update, "uid='{$source_user['uid']}'");
1914              }
1915  
1916              $db->update_query("adminlog", $uid_update, "uid='{$source_user['uid']}'");
1917              $db->update_query("announcements", $uid_update, "uid='{$source_user['uid']}'");
1918              $db->update_query("events", $uid_update, "uid='{$source_user['uid']}'");
1919              $db->update_query("threadsubscriptions", $uid_update, "uid='{$source_user['uid']}'");
1920              $db->update_query("forumsubscriptions", $uid_update, "uid='{$source_user['uid']}'");
1921              $db->update_query("joinrequests", $uid_update, "uid='{$source_user['uid']}'");
1922              $db->update_query("moderatorlog", $uid_update, "uid='{$source_user['uid']}'");
1923              $db->update_query("pollvotes", $uid_update, "uid='{$source_user['uid']}'");
1924              $db->update_query("posts", $uid_update, "uid='{$source_user['uid']}'");
1925              $db->update_query("privatemessages", $uid_update, "uid='{$source_user['uid']}'");
1926              $db->update_query("reportedposts", $uid_update, "uid='{$source_user['uid']}'");
1927              $db->update_query("threadratings", $uid_update, "uid='{$source_user['uid']}'");
1928              $db->update_query("threads", $uid_update, "uid='{$source_user['uid']}'");
1929              $db->update_query("warnings", $uid_update, "uid='{$source_user['uid']}'");
1930              $db->update_query("warnings", array("revokedby" => $destination_user['uid']), "revokedby='{$source_user['uid']}'");
1931              $db->update_query("warnings", array("issuedby" => $destination_user['uid']), "issuedby='{$source_user['uid']}'");
1932              $db->delete_query("sessions", "uid='{$source_user['uid']}'");
1933  
1934              // Is the source user a moderator?
1935              if($groupscache[$source_user['usergroup']]['canmodcp'])
1936              {
1937                  $db->delete_query("moderators", "id='{$source_user['uid']}' AND isgroup = '0'");
1938  
1939                  // Update the moderator cache...
1940                  $cache->update_moderators();
1941              }
1942  
1943              // Banning
1944              $db->update_query("banned", array('admin' => $destination_user['uid']), "admin = '{$source_user['uid']}'");
1945  
1946              // Merging Reputation
1947              // First, let's change all the details over to our new user...
1948              $rep_update = array(
1949                  "adduid" => $destination_user['uid'],
1950                  "uid" => $destination_user['uid']
1951              );
1952              $db->update_query("reputation", $rep_update, "adduid = '".$source_user['uid']."' OR uid = '".$source_user['uid']."'");
1953  
1954              // Now that all the repuation is merged, figure out what to do with this user's comments...
1955              $options = array(
1956                  "order_by" => "uid",
1957                  "order_dir" => "ASC"
1958              );
1959  
1960              $to_remove = array();
1961              $query = $db->simple_select("reputation", "*", "adduid = '".$destination_user['uid']."'");
1962              while($rep = $db->fetch_array($query))
1963              {
1964                  if($rep['pid'] == 0 && $mybb->settings['multirep'] == 0 && $last_result['uid'] == $rep['uid'])
1965                  {
1966                      // Multiple reputation is disallowed, and this isn't a post, so let's remove this comment
1967                      $to_remove[] = $rep['rid'];
1968                  }
1969  
1970                  // Remove comments or posts liked by "me"
1971                  if($last_result['uid'] == $destination_user['uid'] || $rep['uid'] == $destination_user['uid'])
1972                  {
1973                      if(!in_array($rep['rid'], $to_remove))
1974                      {
1975                          $to_remove[] = $rep['rid'];
1976                          continue;
1977                      }
1978                  }
1979  
1980                  $last_result = array(
1981                      "rid" => $rep['rid'],
1982                      "uid" => $rep['uid']
1983                  );
1984              }
1985  
1986              // Remove any reputations we've selected to remove...
1987              if(!empty($to_remove))
1988              {
1989                  $imp = implode(",", $to_remove);
1990                  $db->delete_query("reputation", "rid IN (".$imp.")");
1991              }
1992  
1993              // Calculate the new reputation for this user...
1994              $query = $db->simple_select("reputation", "SUM(reputation) as total_rep", "uid='{$destination_user['uid']}'");
1995              $total_reputation = $db->fetch_field($query, "total_rep");
1996  
1997              $db->update_query("users", array('reputation' => intval($total_reputation)), "uid='{$destination_user['uid']}'");
1998  
1999              // Calculate warning points
2000              $query = $db->query("
2001                  SELECT SUM(points) as warn_lev
2002                  FROM ".TABLE_PREFIX."warnings
2003                  WHERE uid='{$source_user['uid']}' AND expired='0'
2004              ");
2005              $original_warn_level = $db->fetch_field($query, "warn_lev");
2006  
2007              $query = $db->query("
2008                  SELECT SUM(points) as warn_lev
2009                  FROM ".TABLE_PREFIX."warnings
2010                  WHERE uid='{$destination_user['uid']}' AND expired='0'
2011              ");
2012              $new_warn_level = $db->fetch_field($query, "warn_lev");
2013              $db->update_query("users", array("warningpoints" => intval($original_warn_level + $new_warn_level)), "uid='{$destination_user['uid']}'");
2014  
2015              // Additional updates for non-uid fields
2016              $last_poster = array(
2017                  "lastposteruid" => $destination_user['uid'],
2018                  "lastposter" => $db->escape_string($destination_user['username'])
2019              );
2020              $db->update_query("forums", $last_poster, "lastposteruid='{$source_user['uid']}'");
2021              $db->update_query("threads", $last_poster, "lastposteruid='{$source_user['uid']}'");
2022              $edit_uid = array(
2023                  "edituid" => $destination_user['uid']
2024              );
2025              $db->update_query("posts", $edit_uid, "edituid='{$source_user['uid']}'");
2026  
2027              $from_uid = array(
2028                  "fromid" => $destination_user['uid']
2029              );
2030              $db->update_query("privatemessages", $from_uid, "fromid='{$source_user['uid']}'");
2031              $to_uid = array(
2032                  "toid" => $destination_user['uid']
2033              );
2034              $db->update_query("privatemessages", $to_uid, "toid='{$source_user['uid']}'");
2035  
2036              // Delete the old user
2037              $db->delete_query("users", "uid='{$source_user['uid']}'");
2038              $db->delete_query("banned", "uid='{$source_user['uid']}'");
2039  
2040              // Did the old user have an uploaded avatar?
2041              if($source_user['avatartype'] == "upload")
2042              {
2043                  // Removes the ./ at the beginning the timestamp on the end...
2044                  @unlink("../".substr($source_user['avatar'], 2, -20));
2045              }
2046  
2047              // Get a list of forums where post count doesn't apply
2048              $fids = array();
2049              $query = $db->simple_select("forums", "fid", "usepostcounts=0");
2050              while($fid = $db->fetch_field($query, "fid"))
2051              {
2052                  $fids[] = $fid;
2053              }
2054  
2055              $fids_not_in = '';
2056              if(!empty($fids))
2057              {
2058                  $fids_not_in = "AND fid NOT IN(".implode(',', $fids).")";
2059              }
2060  
2061              // Update user post count
2062              $query = $db->simple_select("posts", "COUNT(*) AS postnum", "uid='".$destination_user['uid']."' {$fids_not_in}");
2063              $num = $db->fetch_array($query);
2064              $updated_count = array(
2065                  "postnum" => $num['postnum']
2066              );
2067              $db->update_query("users", $updated_count, "uid='{$destination_user['uid']}'");
2068  
2069              // Use the earliest registration date
2070              if($destination_user['regdate'] > $source_user['regdate'])
2071              {
2072                  $db->update_query("users", array('regdate' => $source_user['regdate']), "uid='{$destination_user['uid']}'");
2073              }
2074  
2075              update_stats(array('numusers' => '-1'));
2076  
2077              $plugins->run_hooks("admin_user_users_merge_commit");
2078  
2079              // Log admin action
2080              log_admin_action($source_user['uid'], $source_user['username'], $destination_user['uid'], $destination_user['username']);
2081  
2082              // Redirect!
2083              flash_message("<strong>{$source_user['username']}</strong> {$lang->success_merged} {$destination_user['username']}", "success");
2084              admin_redirect("index.php?module=user-users");
2085              exit;
2086          }
2087      }
2088  
2089      $page->add_breadcrumb_item($lang->merge_users);
2090      $page->output_header($lang->merge_users);
2091  
2092      $page->output_nav_tabs($sub_tabs, 'merge_users');
2093  
2094      // If we have any error messages, show them
2095      if($errors)
2096      {
2097          $page->output_inline_error($errors);
2098      }
2099  
2100      $form = new Form("index.php?module=user-users&amp;action=merge", "post");
2101  
2102      $form_container = new FormContainer($lang->merge_users);
2103      $form_container->output_row($lang->source_account." <em>*</em>", $lang->source_account_desc, $form->generate_text_box('source_username', $mybb->input['source_username'], array('id' => 'source_username')), 'source_username');
2104      $form_container->output_row($lang->destination_account." <em>*</em>", $lang->destination_account_desc, $form->generate_text_box('destination_username', $mybb->input['destination_username'], array('id' => 'destination_username')), 'destination_username');
2105      $form_container->end();
2106  
2107      // Autocompletion for usernames
2108      echo '
2109      <script type="text/javascript" src="../jscripts/autocomplete.js?ver=140"></script>
2110      <script type="text/javascript">
2111      <!--
2112          new autoComplete("source_username", "../xmlhttp.php?action=get_users", {valueSpan: "username"});
2113          new autoComplete("destination_username", "../xmlhttp.php?action=get_users", {valueSpan: "username"});
2114      // -->
2115      </script>';
2116  
2117      $buttons[] = $form->generate_submit_button($lang->merge_user_accounts);
2118      $form->output_submit_wrapper($buttons);
2119      $form->end();
2120  
2121      $page->output_footer();
2122  }
2123  
2124  if($mybb->input['action'] == "search")
2125  {
2126      $plugins->run_hooks("admin_user_users_search");
2127  
2128      if($mybb->request_method == "post" || $mybb->input['results'] == 1)
2129      {
2130          // Build view options from incoming search options
2131          if($mybb->input['vid'])
2132          {
2133              $query = $db->simple_select("adminviews", "*", "vid='".intval($mybb->input['vid'])."'");
2134              $admin_view = $db->fetch_array($query);
2135              // View does not exist or this view is private and does not belong to the current user
2136              if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
2137              {
2138                  unset($admin_view);
2139              }
2140          }
2141  
2142          if($mybb->input['search_id'] && $admin_session['data']['user_views'][$mybb->input['search_id']])
2143          {
2144              $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
2145              unset($admin_view['extra_sql']);
2146          }
2147          else
2148          {
2149              // Don't have a view? Fetch the default
2150              if(!$admin_view['vid'])
2151              {
2152                  $default_view = fetch_default_view("user");
2153                  if(!$default_view)
2154                  {
2155                      $default_view = "0";
2156                  }
2157                  $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
2158                  $admin_view = $db->fetch_array($query);
2159              }
2160          }
2161  
2162          // Override specific parts of the view
2163          unset($admin_view['vid']);
2164  
2165          if($mybb->input['type'])
2166          {
2167              $admin_view['view_type'] = $mybb->input['type'];
2168          }
2169  
2170          if($mybb->input['conditions'])
2171          {
2172              $admin_view['conditions'] = $mybb->input['conditions'];
2173          }
2174  
2175          if($mybb->input['sortby'])
2176          {
2177              $admin_view['sortby'] = $mybb->input['sortby'];
2178          }
2179  
2180          if(intval($mybb->input['perpage']))
2181          {
2182              $admin_view['perpage'] = $mybb->input['perpage'];
2183          }
2184  
2185          if($mybb->input['order'])
2186          {
2187              $admin_view['sortorder'] = $mybb->input['order'];
2188          }
2189  
2190          if($mybb->input['displayas'])
2191          {
2192              $admin_view['view_type'] = $mybb->input['displayas'];
2193          }
2194  
2195          if($mybb->input['profile_fields'])
2196          {
2197              $admin_view['custom_profile_fields'] = $mybb->input['profile_fields'];
2198          }
2199  
2200          $results = build_users_view($admin_view);
2201  
2202          if($results)
2203          {
2204              $page->output_header($lang->find_users);
2205              echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>";
2206              $page->output_nav_tabs($sub_tabs, 'find_users');
2207              echo $results;
2208              $page->output_footer();
2209          }
2210          else
2211          {
2212              if($mybb->input['from'] == "home")
2213              {
2214                  flash_message($lang->error_no_users_found, 'error');
2215                  admin_redirect("index.php");
2216                  exit;
2217              }
2218              else
2219              {
2220                  $errors[] = $lang->error_no_users_found;
2221              }
2222          }
2223      }
2224  
2225      $page->add_breadcrumb_item($lang->find_users);
2226      $page->output_header($lang->find_users);
2227  
2228      $page->output_nav_tabs($sub_tabs, 'find_users');
2229  
2230      // If we have any error messages, show them
2231      if($errors)
2232      {
2233          $page->output_inline_error($errors);
2234      }
2235  
2236      if(!$mybb->input['displayas'])
2237      {
2238          $mybb->input['displayas'] = "card";
2239      }
2240  
2241      $form = new Form("index.php?module=user-users&amp;action=search", "post");
2242  
2243      user_search_conditions($mybb->input, $form);
2244  
2245      $form_container = new FormContainer($lang->display_options);
2246      $sort_directions = array(
2247          "asc" => $lang->ascending,
2248          "desc" => $lang->descending
2249      );
2250      $form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby'))." {$lang->in} ".$form->generate_select_box('order', $sort_directions, $mybb->input['order'], array('id' => 'order')), 'sortby');
2251      $form_container->output_row($lang->results_per_page, "", $form->generate_text_box('perpage', $mybb->input['perpage'], array('id' => 'perpage')), 'perpage');
2252      $form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('displayas', 'table', $lang->table, array('checked' => ($mybb->input['displayas'] != "card" ? true : false)))."<br />".$form->generate_radio_button('displayas', 'card', $lang->business_card, array('checked' => ($mybb->input['displayas'] == "card" ? true : false))));
2253      $form_container->end();
2254  
2255      $buttons[] = $form->generate_submit_button($lang->find_users);
2256      $form->output_submit_wrapper($buttons);
2257      $form->end();
2258  
2259      $page->output_footer();
2260  }
2261  
2262  if($mybb->input['action'] == "inline_edit")
2263  {
2264      $plugins->run_hooks("admin_user_users_inline");
2265  
2266      if($mybb->input['vid'] || $mybb->cookies['acp_view'])
2267      {
2268          // We have a custom view
2269          if(!$mybb->cookies['acp_view'])
2270          {
2271              // Set a cookie
2272              my_setcookie("acp_view", $mybb->input['vid'], 60);
2273          }
2274          elseif($mybb->cookies['acp_view'])
2275          {
2276              // We already have a cookie, so let's use it...
2277              $mybb->input['vid'] = $mybb->cookies['acp_view'];
2278          }
2279  
2280          $vid_url = "&amp;vid=".$mybb->input['vid'];
2281      }
2282  
2283      // First, collect the user IDs that we're performing the moderation on
2284      $ids = explode("|", $mybb->cookies['inlinemod_useracp']);
2285      foreach($ids as $id)
2286      {
2287          if($id != '')
2288          {
2289              $selected[] = intval($id);
2290          }
2291      }
2292  
2293      // If there isn't anything to select, then output an error
2294      if(!is_array($selected))
2295      {
2296          if($mybb->input['inline_action'] != "multilift" && $mybb->request_method != "post")
2297          {
2298              $errors[] = $lang->error_inline_no_users_selected;
2299          }
2300      }
2301  
2302      if($errors)
2303      {
2304          // Don't show views, but show the user list if there's errors
2305          $inline = true;
2306          $mybb->input['action'] = '';
2307      }
2308      else
2309      {
2310          // Let's continue!
2311          // Verify incoming POST request
2312          if(!verify_post_check($mybb->input['my_post_key']))
2313          {
2314              flash_message($lang->invalid_post_verify_key2, 'error');
2315              admin_redirect("index.php?module=user-user");
2316          }
2317          $sub_tabs['manage_users'] = array(
2318              "title" => $lang->manage_users,
2319              "link" => "./",
2320              "description" => $lang->manage_users_desc
2321          );
2322          $page->add_breadcrumb_item($lang->manage_users);
2323  
2324          if(!is_array($selected))
2325          {
2326              // Not selected any users, show error
2327              flash_message($lang->error_inline_no_users_selected, 'error');
2328              admin_redirect("index.php?module=user-users".$vid_url);
2329          }
2330  
2331          switch($mybb->input['inline_action'])
2332          {
2333              case 'multiactivate':
2334                  // Run through the activating users, so that users already registered (but have been selected) aren't affected
2335                  if(is_array($selected))
2336                  {
2337                      $sql_array = implode(",", $selected);
2338                      $query = $db->simple_select("users", "uid", "usergroup = '5' AND uid IN (".$sql_array.")");
2339                      while($user = $db->fetch_array($query))
2340                      {
2341                          $to_update[] = $user['uid'];
2342                      }
2343                  }
2344  
2345                  if(is_array($to_update))
2346                  {
2347                      $sql_array = implode(",", $to_update);
2348                      $db->write_query("UPDATE ".TABLE_PREFIX."users SET usergroup = '2' WHERE uid IN (".$sql_array.")");
2349  
2350                      // Action complete, grab stats and show success message - redirect user
2351                      $to_update_count = count($to_update);
2352                      $lang->inline_activated = $lang->sprintf($lang->inline_activated, my_number_format($to_update_count));
2353  
2354                      if($to_update_count != count($selected))
2355                      {
2356                          // The update count is different to how many we selected!
2357                          $not_updated_count = count($selected) - $to_update_count;
2358                          $lang->inline_activated_more = $lang->sprintf($lang->inline_activated_more, my_number_format($not_updated_count));
2359                          $lang->inline_activated = $lang->inline_activated."<br />".$lang->inline_activated_more; // Add these stats to the message
2360                      }
2361  
2362                      $mybb->input['action'] = "inline_activated"; // Force a change to the action so we can add it to the adminlog
2363                      log_admin_action($to_update_count); // Add to adminlog
2364                      my_unsetcookie("inlinemod_useracp"); // Unset the cookie, so that the users aren't still selected when we're redirected
2365  
2366                      flash_message($lang->inline_activated, 'success');
2367                      admin_redirect("index.php?module=user-users".$vid_url);
2368                  }
2369                  else
2370                  {
2371                      // Nothing was updated, show an error
2372                      flash_message($lang->inline_activated_failed, 'error');
2373                      admin_redirect("index.php?module=user-users".$vid_url);
2374                  }
2375                  break;
2376              case 'multilift':
2377                  // Get the users that are banned, and check that they have been selected
2378                  if($mybb->input['no'])
2379                  {
2380                      admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No'
2381                  }
2382  
2383                  if($mybb->request_method == "post")
2384                  {
2385                      $sql_array = implode(",", $selected);
2386                      $query = $db->simple_select("banned", "*", "uid IN (".$sql_array.")");
2387                      $to_be_unbanned = $db->num_rows($query);
2388                      while($ban = $db->fetch_array($query))
2389                      {
2390                          $updated_group = array(
2391                              "usergroup" => $ban['oldgroup'],
2392                              "additionalgroups" => $ban['oldadditionalgroups'],
2393                              "displaygroup" => $ban['olddisplaygroup']
2394                          );
2395                          $db->update_query("users", $updated_group, "uid = '".$ban['uid']."'");
2396                          $db->delete_query("banned", "uid = '".$ban['uid']."'");
2397                      }
2398  
2399                      $cache->update_banned();
2400                      $cache->update_moderators();
2401  
2402                      $mybb->input['action'] = "inline_lift";
2403                      log_admin_action($to_be_unbanned);
2404                      my_unsetcookie("inlinemod_useracp");
2405  
2406                      $lang->success_ban_lifted = $lang->sprintf($lang->success_ban_lifted, my_number_format($to_be_unbanned));
2407                      flash_message($lang->success_ban_lifted, 'success');
2408                      admin_redirect("index.php?module=user-users".$vid_url);
2409                  }
2410                  else
2411                  {
2412                      $page->output_confirm_action("index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multilift", $lang->confirm_multilift);
2413                  }
2414  
2415                  break;
2416              case 'multiban':
2417                  if($mybb->input['processed'] == 1)
2418                  {
2419                      // We've posted ban information!
2420                      // Build an array of users to ban, =D
2421                      $sql_array = implode(",", $selected);
2422                      // Build a cache array for this users that have been banned already
2423                      $query = $db->simple_select("banned", "uid", "uid IN (".$sql_array.")");
2424                      while($user = $db->fetch_array($query))
2425                      {
2426                          $bannedcache[] = "u_".$user['uid'];
2427                      }
2428  
2429                      // Collect the users
2430                      $query = $db->simple_select("users", "uid, username, usergroup, additionalgroups, displaygroup", "uid IN (".$sql_array.")");
2431  
2432                      if($mybb->input['bantime'] == '---')
2433                      {
2434                          $lifted = 0;
2435                      }
2436                      else
2437                      {
2438                          $lifted = ban_date2timestamp($mybb->input['bantime']);
2439                      }
2440  
2441                      $banned_count = 0;
2442                      while($user = $db->fetch_array($query))
2443                      {
2444                          if($user['uid'] == $mybb->user['uid'] || is_super_admin($user['uid']))
2445                          {
2446                              // We remove ourselves and Super Admins from the mix
2447                              continue;
2448                          }
2449  
2450                          if(is_array($bannedcache) && in_array("u_".$user['uid'], $bannedcache))
2451                          {
2452                              // User already has a ban, update it!
2453                              $update_array = array(
2454                                  "admin" => intval($mybb->user['uid']),
2455                                  "dateline" => TIME_NOW,
2456                                  "bantime" => $db->escape_string($mybb->input['bantime']),
2457                                  "lifted" => $db->escape_string($lifted),
2458                                  "reason" => $db->escape_string($mybb->input['reason'])
2459                              );
2460                              $db->update_query("banned", $update_array, "uid = '".$user['uid']."'");
2461                          }
2462                          else
2463                          {
2464                              // Not currently banned - insert the ban
2465                              $insert_array = array(
2466                                  'uid' => $user['uid'],
2467                                  'gid' => intval($mybb->input['usergroup']),
2468                                  'oldgroup' => $user['usergroup'],
2469                                  'oldadditionalgroups' => $user['additionalgroups'],
2470                                  'olddisplaygroup' => $user['displaygroup'],
2471                                  'admin' => intval($mybb->user['uid']),
2472                                  'dateline' => TIME_NOW,
2473                                  'bantime' => $db->escape_string($mybb->input['bantime']),
2474                                  'lifted' => $db->escape_string($lifted),
2475                                  'reason' => $db->escape_string($mybb->input['reason'])
2476                              );
2477                              $db->insert_query('banned', $insert_array);
2478                          }
2479  
2480                          // Moved the user to the 'Banned' Group
2481                          $update_array = array(
2482                              'usergroup' => 7,
2483                              'displaygroup' => 0,
2484                              'additionalgroups' => '',
2485                          );
2486                          $db->update_query('users', $update_array, "uid = '{$user['uid']}'");
2487  
2488                          $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'");
2489                          $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'");
2490  
2491                          $cache->update_banned();
2492                          ++$banned_count;
2493                      }
2494                      $mybb->input['action'] = "inline_banned";
2495                      log_admin_action($banned_count, $lifted);
2496                      my_unsetcookie("inlinemod_useracp"); // Remove the cookie of selected users as we've finished with them
2497  
2498                      $lang->users_banned = $lang->sprintf($lang->users_banned, $banned_count);
2499                      flash_message($lang->users_banned, 'success');
2500                      admin_redirect("index.php?module=user-users".$vid_url);
2501                  }
2502  
2503                  $page->output_header($lang->manage_users);
2504                  $page->output_nav_tabs($sub_tabs, 'manage_users');
2505  
2506                  // Provide the user with a warning of what they're about to do
2507                  $table = new Table;
2508                  $lang->mass_ban_info = $lang->sprintf($lang->mass_ban_info, count($selected));
2509                  $table->construct_cell($lang->mass_ban_info);
2510                  $table->construct_row();
2511                  $table->output($lang->important);
2512  
2513                  // If there's any errors, display inline
2514                  if($errors)
2515                  {
2516                      $page->output_inline_error($errors);
2517                  }
2518  
2519                  $form = new Form("index.php?module=user-users", "post");
2520                  echo $form->generate_hidden_field('action', 'inline_edit');
2521                  echo $form->generate_hidden_field('inline_action', 'multiban');
2522                  echo $form->generate_hidden_field('processed', '1');
2523  
2524                  $form_container = new FormContainer('<div class="float_right"><a href="index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multilift&amp;my_post_key='.$mybb->post_code.'">'.$lang->lift_bans.'</a></div>'.$lang->mass_ban);
2525                  $form_container->output_row($lang->ban_reason, "", $form->generate_text_box('reason', $mybb->input['reason'], array('id' => 'reason')), 'reason');
2526                  $ban_times = fetch_ban_times();
2527                  foreach($ban_times as $time => $period)
2528                  {
2529                      if($time != '---')
2530                      {
2531                          $friendly_time = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time));
2532                          $period = "{$period} ({$friendly_time})";
2533                      }
2534                      $length_list[$time] = $period;
2535                  }
2536                  $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
2537                  $form_container->end();
2538  
2539                  $buttons[] = $form->generate_submit_button($lang->ban_users);
2540                  $form->output_submit_wrapper($buttons);
2541                  $form->end();
2542                  $page->output_footer();
2543                  break;
2544              case 'multidelete':
2545                  if($mybb->input['no'])
2546                  {
2547                      admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No
2548                  }
2549                  else
2550                  {
2551                      if($mybb->input['processed'] == 1)
2552                      {
2553                          // Admin wants these users, gone!
2554                          $sql_array = implode(",", $selected);
2555                          $query = $db->simple_select("users", "uid", "uid IN (".$sql_array.")");
2556                          $to_be_deleted = $db->num_rows($query);
2557                          while($user = $db->fetch_array($query))
2558                          {
2559                              if($user['uid'] == $mybb->user['uid'] || is_super_admin($user['uid']))
2560                              {
2561                                  // Remove me and super admins
2562                                  continue;
2563                              }
2564                              else
2565                              {
2566                                  // Run delete queries
2567                                  $db->update_query("posts", array('uid' => 0), "uid='{$user['uid']}'");
2568                                  $db->delete_query("userfields", "ufid='{$user['uid']}'");
2569                                  $db->delete_query("privatemessages", "uid='{$user['uid']}'");
2570                                  $db->delete_query("events", "uid='{$user['uid']}'");
2571                                  $db->delete_query("moderators", "id='{$user['uid']}' AND isgroup = '0'");
2572                                  $db->delete_query("forumsubscriptions", "uid='{$user['uid']}'");
2573                                  $db->delete_query("threadsubscriptions", "uid='{$user['uid']}'");
2574                                  $db->delete_query("sessions", "uid='{$user['uid']}'");
2575                                  $db->delete_query("banned", "uid='{$user['uid']}'");
2576                                  $db->delete_query("threadratings", "uid='{$user['uid']}'");
2577                                  $db->delete_query("users", "uid='{$user['uid']}'");
2578                                  $db->delete_query("joinrequests", "uid='{$user['uid']}'");
2579                                  $db->delete_query("warnings", "uid='{$user['uid']}'");
2580                              }
2581                          }
2582                          // Update forum stats, remove the cookie and redirect the user
2583                          update_stats(array('numusers' => '-'.$to_be_deleted.''));
2584                          my_unsetcookie("inlinemod_useracp");
2585                          $mybb->input['action'] = "inline_delete";
2586                          log_admin_action($to_be_deleted);
2587  
2588                          $lang->users_deleted = $lang->sprintf($lang->users_deleted, $to_be_deleted);
2589                          flash_message($lang->users_deleted, 'success');
2590                          admin_redirect("index.php?module=user-users".$vid_url);
2591                      }
2592  
2593                      $to_be_deleted = count($selected);
2594                      $lang->confirm_multidelete = $lang->sprintf($lang->confirm_multidelete, my_number_format($to_be_deleted));
2595                      $page->output_confirm_action("index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multidelete&amp;my_post_key={$mybb->post_code}&amp;processed=1", $lang->confirm_multidelete);
2596                  }
2597                  break;
2598              case 'multiprune':
2599                  if($mybb->input['processed'] == 1)
2600                  {
2601                      if(($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year']) && $mybb->input['set'])
2602                      {
2603                          $errors[] = $lang->multi_selected_dates;
2604                      }
2605  
2606                      $day = intval($mybb->input['day']);
2607                      $month = intval($mybb->input['month']);
2608                      $year = intval($mybb->input['year']);
2609  
2610                      // Selected a date - check if the date the user entered is valid
2611                      if($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year'])
2612                      {
2613                          // Is the date sort of valid?
2614                          if($day < 1 || $day > 31 || $month < 1 || $month > 12 || ($month == 2 && $day > 29))
2615                          {
2616                              $errors[] = $lang->incorrect_date;
2617                          }
2618  
2619                          // Check the month
2620                          $months = get_bdays($year);
2621                          if($day > $months[$month]-1)
2622                          {
2623                              $errors[] = $lang->incorrect_date;
2624                          }
2625  
2626                          // Check the year
2627                          if($year != 0 && ($year < (date("Y")-100)) || $year > date("Y"))
2628                          {
2629                              $errors[] = $lang->incorrect_date;
2630                          }
2631  
2632                          if(!$errors)
2633                          {
2634                              // No errors, so let's continue and set the date to delete from
2635                              $date = mktime(date('H'), date('i'), date('s'), $month, $day, $year); // Generate a unix time stamp
2636                          }
2637                      }
2638                      elseif($mybb->input['set'] > 0)
2639                      {
2640                          // Set options
2641                          // For this purpose, 1 month = 31 days
2642                          $base_time = 24 * 60 * 60;
2643  
2644                          switch($mybb->input['set'])
2645                          {
2646                              case '1':
2647                                  $threshold = $base_time * 31; // 1 month = 31 days, in the standard terms
2648                                  break;
2649                              case '2':
2650                                  $threshold = $base_time * 93; // 3 months = 31 days * 3
2651                                  break;
2652                              case '3':
2653                                  $threshold = $base_time * 183; // 6 months = 365 days / 2
2654                                  break;
2655                              case '4':
2656                                  $threshold = $base_time * 365; // 1 year = 365 days
2657                                  break;
2658                              case '5':
2659                                  $threshold = $base_time * 548; // 18 months = 365 + 183
2660                                  break;
2661                              case '6':
2662                                  $threshold = $base_time * 730; // 2 years = 365 * 2
2663                                  break;
2664                          }
2665  
2666                          if(!$threshold)
2667                          {
2668                              // An option was entered that isn't in the dropdown box
2669                              $errors[] = $lang->no_set_option;
2670                          }
2671                          else
2672                          {
2673                              $date = TIME_NOW - $threshold;
2674                          }
2675                      }
2676                      else
2677                      {
2678                          $errors[] = $lang->no_prune_option;
2679                      }
2680  
2681                      if(!$errors)
2682                      {
2683                          $sql_array = implode(",", $selected);
2684                          $prune_array = array();
2685                          $query = $db->simple_select("users", "uid", "uid IN (".$sql_array.")");
2686                          while($user = $db->fetch_array($query))
2687                          {
2688                              // Protect Super Admins
2689                              if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid']))
2690                              {
2691                                  continue;
2692                              }
2693  
2694                              $return_array = delete_user_posts($user['uid'], $date); // Delete user posts, and grab a list of threads to delete
2695                              if($return_array && is_array($return_array))
2696                              {
2697                                  $prune_array = array_merge_recursive($prune_array, $return_array);
2698                              }
2699                          }
2700  
2701                          // No posts were found for the user, return error
2702                          if(!is_array($prune_array) || count($prune_array) == 0)
2703                          {
2704                              flash_message($lang->prune_fail, 'error');
2705                              admin_redirect("index.php?module=user-users".$vid_url);
2706                          }
2707  
2708                          // Require the rebuild functions
2709                          require_once  MYBB_ROOT.'/inc/functions.php';
2710                          require_once  MYBB_ROOT.'/inc/functions_rebuild.php';
2711  
2712                          // We've finished deleting user's posts, so let's delete the threads
2713                          if(is_array($prune_array['to_delete']) && count($prune_array['to_delete']) > 0)
2714                          {
2715                              foreach($prune_array['to_delete'] as $tid)
2716                              {
2717                                  $db->delete_query("threads", "tid='$tid'");
2718                                  $db->delete_query("threads", "closed='moved|$tid'");
2719                                  $db->delete_query("threadsubscriptions", "tid='$tid'");
2720                                  $db->delete_query("polls", "tid='$tid'");
2721                                  $db->delete_query("threadsread", "tid='$tid'");
2722                                  $db->delete_query("threadratings", "tid='$tid'");
2723                              }
2724                          }
2725  
2726                          // After deleting threads, rebuild the thread counters for the affected threads
2727                          if(is_array($prune_array['thread_update']) && count($prune_array['thread_update']) > 0)
2728                          {
2729                              $sql_array = implode(",", $prune_array['thread_update']);
2730                              $query = $db->simple_select("threads", "tid", "tid IN (".$sql_array.")", array('order_by' => 'tid', 'order_dir' => 'asc'));
2731                              while($thread = $db->fetch_array($query))
2732                              {
2733                                  rebuild_thread_counters($thread['tid']);
2734                              }
2735                          }
2736  
2737                          // After updating thread counters, update the affected forum counters
2738                          if(is_array($prune_array['forum_update']) && count($prune_array['forum_update']) > 0)
2739                          {
2740                              $sql_array = implode(",", $prune_array['forum_update']);
2741                              $query = $db->simple_select("forums", "fid", "fid IN (".$sql_array.")", array('order_by' => 'fid', 'order_dir' => 'asc'));
2742                              while($forum = $db->fetch_array($query))
2743                              {
2744                                  // Because we have a recursive array merge, check to see if there isn't a duplicated forum to update
2745                                  if($looped_forum == $forum['fid'])
2746                                  {
2747                                      continue;
2748                                  }
2749                                  $looped_forum = $forum['fid'];
2750                                  rebuild_forum_counters($forum['fid']);
2751                              }
2752                          }
2753  
2754                          //log_admin_action();
2755                          my_unsetcookie("inlinemod_useracp"); // We've got our users, remove the cookie
2756                          flash_message($lang->prune_complete, 'success');
2757                          admin_redirect("index.php?module=user-users".$vid_url);
2758                      }
2759                  }
2760  
2761                  $page->output_header($lang->manage_users);
2762                  $page->output_nav_tabs($sub_tabs, 'manage_users');
2763  
2764                  // Display a table warning
2765                  $table = new Table;
2766                  $lang->mass_prune_info = $lang->sprintf($lang->mass_prune_info, count($selected));
2767                  $table->construct_cell($lang->mass_prune_info);
2768                  $table->construct_row();
2769                  $table->output($lang->important);
2770  
2771                  if($errors)
2772                  {
2773                      $page->output_inline_error($errors);
2774                  }
2775  
2776                  // Display the prune options
2777                  $form = new Form("index.php?module=user-users", "post");
2778                  echo $form->generate_hidden_field('action', 'inline_edit');
2779                  echo $form->generate_hidden_field('inline_action', 'multiprune');
2780                  echo $form->generate_hidden_field('processed', '1');
2781  
2782                  $form_container = new FormContainer($lang->mass_prune_posts);
2783  
2784                  // Generate a list of days (1 - 31)
2785                  $day_options = array();
2786                  $day_options[] = "&nbsp;";
2787                  for($i = 1; $i <= 31; ++$i)
2788                  {
2789                      $day_options[] = $i;
2790                  }
2791  
2792                  // Generate a list of months (1 - 12)
2793                  $month_options = array();
2794                  $month_options[] = "&nbsp;";
2795                  for($i = 1; $i <= 12; ++$i)
2796                  {
2797                      $string = "month_{$i}";
2798                      $month_options[] = $lang->$string;
2799                  }
2800                  $date_box = $form->generate_select_box('day', $day_options, $mybb->input['day']);
2801                  $month_box = $form->generate_select_box('month', $month_options, $mybb->input['month']);
2802                  $year_box = $form->generate_text_box('year', $mybb->input['year'], array('id' => 'year', 'style' => 'width: 50px;'));
2803  
2804                  $prune_select = $date_box.$month_box.$year_box;
2805                  $form_container->output_row($lang->manual_date, "", $prune_select, 'date');
2806  
2807                  // Generate the set date box
2808                  $set_options = array();
2809                  $set_options[] = $lang->set_an_option;
2810                  for($i = 1; $i <= 6; ++$i)
2811                  {
2812                      $string = "option_{$i}";
2813                      $set_options[] = $lang->$string;
2814                  }
2815  
2816                  $form_container->output_row($lang->relative_date, "", $lang->delete_posts." ".$form->generate_select_box('set', $set_options, $mybb->input['set']), 'set');
2817                  $form_container->end();
2818  
2819                  $buttons[] = $form->generate_submit_button($lang->prune_posts);
2820                  $form->output_submit_wrapper($buttons);
2821                  $form->end();
2822                  $page->output_footer();
2823                  break;
2824              case 'multiusergroup':
2825                  if($mybb->input['processed'] == 1)
2826                  {
2827                      // Determine additional usergroups
2828                      if(is_array($mybb->input['additionalgroups']))
2829                      {
2830                          foreach($mybb->input['additionalgroups'] as $key => $gid)
2831                          {
2832                              if($gid == $mybb->input['usergroup'])
2833                              {
2834                                  unset($mybb->input['additionalgroups'][$key]);
2835                              }
2836                          }
2837                          $additionalgroups = implode(",", array_map('intval', $mybb->input['additionalgroups']));
2838                      }
2839                      else
2840                      {
2841                          $additionalgroups = '';
2842                      }
2843  
2844                      // Create an update array
2845                      $update_array = array(
2846                          "usergroup" => intval($mybb->input['usergroup']),
2847                          "additionalgroups" => $additionalgroups,
2848                          "displaygroup" => intval($mybb->input['displaygroup'])
2849                      );
2850  
2851                      // Do the usergroup update for all those selected
2852                      // If the a selected user is a super admin, don't update that user
2853                      foreach($selected as $user)
2854                      {
2855                          if(!is_super_admin($user))
2856                          {
2857                              $users_to_update[] = $user;
2858                          }
2859                      }
2860  
2861                      $to_update_count = count($users_to_update);
2862                      if($to_update_count > 0 && is_array($users_to_update))
2863                      {
2864                          // Update the users in the database
2865                          $sql = implode(",", $users_to_update);
2866                          $db->update_query("users", $update_array, "uid IN (".$sql.")");
2867  
2868                          // Redirect the admin...
2869                          $mybb->input['action'] = "inline_usergroup";
2870                          log_admin_action($to_update_count);
2871                          my_unsetcookie("inlinemod_useracp");
2872                          flash_message($lang->success_mass_usergroups, 'success');
2873                          admin_redirect("index.php?module=user-users".$vid_url);
2874                      }
2875                      else
2876                      {
2877                          // They tried to edit super admins! Uh-oh!
2878                          $errors[] = $lang->no_usergroup_changed;
2879                      }
2880                  }
2881  
2882                  $page->output_header($lang->manage_users);
2883                  $page->output_nav_tabs($sub_tabs, 'manage_users');
2884  
2885                  // Display a table warning
2886                  $table = new Table;
2887                  $lang->usergroup_info = $lang->sprintf($lang->usergroup_info, count($selected));
2888                  $table->construct_cell($lang->usergroup_info);
2889                  $table->construct_row();
2890                  $table->output($lang->important);
2891  
2892                  if($errors)
2893                  {
2894                      $page->output_inline_error($errors);
2895                  }
2896  
2897                  // Display the usergroup options
2898                  $form = new Form("index.php?module=user-users", "post");
2899                  echo $form->generate_hidden_field('action', 'inline_edit');
2900                  echo $form->generate_hidden_field('inline_action', 'multiusergroup');
2901                  echo $form->generate_hidden_field('processed', '1');
2902  
2903                  $form_container = new FormContainer($lang->mass_usergroups);
2904  
2905                  // Usergroups
2906                  $display_group_options[0] = $lang->use_primary_user_group;
2907                  $options = array();
2908                  $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
2909                  while($usergroup = $db->fetch_array($query))
2910                  {
2911                      $options[$usergroup['gid']] = $usergroup['title'];
2912                      $display_group_options[$usergroup['gid']] = $usergroup['title'];
2913                  }
2914  
2915                  if(!is_array($mybb->input['additionalgroups']))
2916                  {
2917                      $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
2918                  }
2919  
2920                  $form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
2921                  $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
2922                  $form_container->output_row($lang->display_user_group, "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
2923  
2924                  $form_container->end();
2925  
2926                  $buttons[] = $form->generate_submit_button($lang->alter_usergroups);
2927                  $form->output_submit_wrapper($buttons);
2928                  $form->end();
2929                  $page->output_footer();
2930                  break;
2931          }
2932      }
2933  }
2934  
2935  if(!$mybb->input['action'])
2936  {
2937      $plugins->run_hooks("admin_user_users_start");
2938  
2939      $page->output_header($lang->browse_users);
2940      echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>";
2941  
2942      $page->output_nav_tabs($sub_tabs, 'browse_users');
2943  
2944      if(isset($mybb->input['search_id']) && $admin_session['data']['user_views'][$mybb->input['search_id']])
2945      {
2946          $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
2947          unset($admin_view['extra_sql']);
2948      }
2949      else
2950      {
2951          // Showing a specific view
2952          if(isset($mybb->input['vid']))
2953          {
2954              $query = $db->simple_select("adminviews", "*", "vid='".intval($mybb->input['vid'])."'");
2955              $admin_view = $db->fetch_array($query);
2956              // View does not exist or this view is private and does not belong to the current user
2957              if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
2958              {
2959                  unset($admin_view);
2960              }
2961          }
2962  
2963          // Don't have a view? Fetch the default
2964          if(!isset($admin_view))
2965          {
2966              $default_view = fetch_default_view("user");
2967              if(!$default_view)
2968              {
2969                  $default_view = "0";
2970              }
2971              $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
2972              $admin_view = $db->fetch_array($query);
2973          }
2974      }
2975  
2976      // Fetch a list of all of the views for this user
2977      $popup = new PopupMenu("views", $lang->views);
2978  
2979      $query = $db->simple_select("adminviews", "*", "type='user' AND (visibility=2 OR uid={$mybb->user['uid']})", array("order_by" => "title"));
2980      while($view = $db->fetch_array($query))
2981      {
2982          $popup->add_item(htmlspecialchars_uni($view['title']), "index.php?module=user-users&amp;vid={$view['vid']}");
2983      }
2984      $popup->add_item("<em>{$lang->manage_views}</em>", "index.php?module=user-users&amp;action=views");
2985      $admin_view['popup'] = $popup->fetch();
2986  
2987      if(isset($mybb->input['type']))
2988      {
2989          $admin_view['view_type'] = $mybb->input['type'];
2990      }
2991  
2992      $results = build_users_view($admin_view);
2993  
2994      if(!$results)
2995      {
2996          // If we came from the home page and clicked on the "Activate Users" link, send them back to here
2997          if($admin_session['data']['from'] == "home")
2998          {
2999              flash_message($admin_session['data']['flash_message2']['message'], $admin_session['data']['flash_message2']['type']);
3000              update_admin_session('flash_message2', '');
3001              update_admin_session('from', '');
3002              admin_redirect("index.php");
3003              exit;
3004          }
3005          else
3006          {
3007              $errors[] = $lang->error_no_users_found;
3008          }
3009      }
3010  
3011      // If we have any error messages, show them
3012      if($errors)
3013      {
3014          if($inline != true)
3015          {
3016              echo "<div style=\"display: inline; float: right;\">{$admin_view['popup']}</div><br />\n";
3017          }
3018          $page->output_inline_error($errors);
3019      }
3020  
3021      echo $results;
3022  
3023      $page->output_footer();
3024  }
3025  
3026  function build_users_view($view)
3027  {
3028      global $mybb, $db, $cache, $lang, $user_view_fields, $page;
3029  
3030      $view_title = '';
3031      if($view['title'])
3032      {
3033          $title_string = "view_title_{$view['vid']}";
3034  
3035          if($lang->$title_string)
3036          {
3037              $view['title'] = $lang->$title_string;
3038          }
3039  
3040          $view_title .= " (".htmlspecialchars_uni($view['title']).")";
3041      }
3042  
3043      // Build the URL to this view
3044      if(!isset($view['url']))
3045      {
3046          $view['url'] = "index.php?module=user-users";
3047      }
3048      if(!is_array($view['conditions']))
3049      {
3050          $view['conditions'] = unserialize($view['conditions']);
3051      }
3052      if(!is_array($view['fields']))
3053      {
3054          $view['fields'] = unserialize($view['fields']);
3055      }
3056      if(!is_array($view['custom_profile_fields']))
3057      {
3058          $view['custom_profile_fields'] = unserialize($view['custom_profile_fields']);
3059      }
3060      if(isset($mybb->input['username']))
3061      {
3062          $view['conditions']['username'] = $mybb->input['username'];
3063      }
3064      if($view['vid'])
3065      {
3066          $view['url'] .= "&amp;vid={$view['vid']}";
3067      }
3068      else
3069      {
3070          // If this is a custom view we need to save everything ready to pass it on from page to page
3071          global $admin_session;
3072          if(!$mybb->input['search_id'])
3073          {
3074              $search_id = md5(random_str());
3075              $admin_session['data']['user_views'][$search_id] = $view;
3076              update_admin_session('user_views', $admin_session['data']['user_views']);
3077              $mybb->input['search_id'] = $search_id;
3078          }
3079          $view['url'] .= "&amp;search_id=".htmlspecialchars_uni($mybb->input['search_id']);
3080      }
3081  
3082      if(isset($mybb->input['username']))
3083      {
3084          $view['url'] .= "&amp;username=".urlencode(htmlspecialchars_uni($mybb->input['username']));
3085      }
3086  
3087      if(!isset($admin_session['data']['last_users_view']) || $admin_session['data']['last_users_view'] != str_replace("&amp;", "&", $view['url']))
3088      {
3089          update_admin_session('last_users_url', str_replace("&amp;", "&", $view['url']));
3090      }
3091  
3092      if(isset($view['conditions']['referrer'])){
3093          $view['url'] .= "&amp;action=referrers&amp;uid=".htmlspecialchars_uni($view['conditions']['referrer']);
3094      }
3095  
3096      // Do we not have any views?
3097      if(empty($view))
3098      {
3099          return false;
3100      }
3101  
3102      $table = new Table;
3103  
3104      // Build header for table based view
3105      if($view['view_type'] != "card")
3106      {
3107          foreach($view['fields'] as $field)
3108          {
3109              if(!$user_view_fields[$field])
3110              {
3111                  continue;
3112              }
3113              $view_field = $user_view_fields[$field];
3114              $field_options = array();
3115              if($view_field['width'])
3116              {
3117                  $field_options['width'] = $view_field['width'];
3118              }
3119              if($view_field['align'])
3120              {
3121                  $field_options['class'] = "align_".$view_field['align'];
3122              }
3123              $table->construct_header($view_field['title'], $field_options);
3124          }
3125          $table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />"); // Create a header for the "select" boxes
3126      }
3127  
3128      $search_sql = '1=1';
3129  
3130      // Build the search SQL for users
3131  
3132      // List of valid LIKE search fields
3133      $user_like_fields = array("username", "email", "website", "icq", "aim", "yahoo", "msn", "signature", "usertitle");
3134      foreach($user_like_fields as $search_field)
3135      {
3136          if(!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field.'_blank'])
3137          {
3138              $search_sql .= " AND u.{$search_field} LIKE '%".$db->escape_string_like($view['conditions'][$search_field])."%'";
3139          }
3140          else if(!empty($view['conditions'][$search_field.'_blank']))
3141          {
3142              $search_sql .= " AND u.{$search_field} != ''";
3143          }
3144      }
3145  
3146      // EXACT matching fields
3147      $user_exact_fields = array("referrer");
3148      foreach($user_exact_fields as $search_field)
3149      {
3150          if(!empty($view['conditions'][$search_field]))
3151          {
3152              $search_sql .= " AND u.{$search_field}='".$db->escape_string($view['conditions'][$search_field])."'";
3153          }
3154      }
3155  
3156      // LESS THAN or GREATER THAN
3157      $direction_fields = array("postnum");
3158      foreach($direction_fields as $search_field)
3159      {
3160          $direction_field = $search_field."_dir";
3161          if(!empty($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field])
3162          {
3163              switch($view['conditions'][$direction_field])
3164              {
3165                  case "greater_than":
3166                      $direction = ">";
3167                      break;
3168                  case "less_than":
3169                      $direction = "<";
3170                      break;
3171                  default:
3172                      $direction = "=";
3173              }
3174              $search_sql .= " AND u.{$search_field}{$direction}'".$db->escape_string($view['conditions'][$search_field])."'";
3175          }
3176      }
3177  
3178      // Registration searching
3179      $reg_fields = array("regdate");
3180      foreach($reg_fields as $search_field)
3181      {
3182          if(!empty($view['conditions'][$search_field]) && intval($view['conditions'][$search_field]))
3183          {
3184              $threshold = TIME_NOW - (intval($view['conditions'][$search_field]) * 24 * 60 * 60);
3185  
3186              $search_sql .= " AND u.{$search_field} >= '{$threshold}'";
3187          }
3188      }
3189  
3190      // IP searching
3191      $ip_fields = array("regip", "lastip");
3192      foreach($ip_fields as $search_field)
3193      {
3194          if(!empty($view['conditions'][$search_field]))
3195          {
3196              // IPv6 IP
3197              if(strpos($view['conditions'][$search_field], ":") !== false)
3198              {
3199                  $view['conditions'][$search_field] = str_replace("*", "%", $view['conditions'][$search_field]);
3200                  $ip_sql = "{$search_field} LIKE '".$db->escape_string($view['conditions'][$search_field])."'";
3201              }
3202              else
3203              {
3204                  $ip_range = fetch_longipv4_range($view['conditions'][$search_field]);
3205                  if(!is_array($ip_range))
3206                  {
3207                      $ip_sql = "long{$search_field}='{$ip_range}'";
3208                  }
3209                  else
3210                  {
3211                      $ip_sql = "long{$search_field} > '{$ip_range[0]}' AND long{$search_field} < '{$ip_range[1]}'";
3212                  }
3213              }
3214              $search_sql .= " AND {$ip_sql}";
3215          }
3216      }
3217  
3218      // Post IP searching
3219      if(!empty($view['conditions']['postip']))
3220      {
3221          // IPv6 IP
3222          if(strpos($view['conditions']['postip'], ":") !== false)
3223          {
3224              $view['conditions']['postip'] = str_replace("*", "%", $view['conditions']['postip']);
3225              $ip_sql = "ipaddress LIKE '".$db->escape_string($view['conditions']['postip'])."'";
3226          }
3227          else
3228          {
3229              $ip_range = fetch_longipv4_range($view['conditions']['postip']);
3230              if(!is_array($ip_range))
3231              {
3232                  $ip_sql = "longipaddress='{$ip_range}'";
3233              }
3234              else
3235              {
3236                  $ip_sql = "longipaddress > '{$ip_range[0]}' AND longipaddress < '{$ip_range[1]}'";
3237              }
3238          }
3239          $ip_uids = array(0);
3240          $query = $db->simple_select("posts", "uid", $ip_sql);
3241          while($uid = $db->fetch_field($query, "uid"))
3242          {
3243              $ip_uids[] = $uid;
3244          }
3245          $search_sql .= " AND u.uid IN(".implode(',', $ip_uids).")";
3246          unset($ip_uids);
3247      }
3248  
3249      // Custom Profile Field searching
3250      if($view['custom_profile_fields'])
3251      {
3252          $userfield_sql = '1=1';
3253          foreach($view['custom_profile_fields'] as $column => $input)
3254          {
3255              if(is_array($input))
3256              {
3257                  foreach($input as $value => $text)
3258                  {
3259                      if($value == $column)
3260                      {
3261                          $value = $text;
3262                      }
3263  
3264                      if($value == $lang->na)
3265                      {
3266                          continue;
3267                      }
3268  
3269                      if(strpos($column, '_blank') !== false)
3270                      {
3271                          $column = str_replace('_blank', '', $column);
3272                          $userfield_sql .= ' AND '.$db->escape_string($column)." != ''";
3273                      }
3274                      else
3275                      {
3276                          $userfield_sql .= ' AND '.$db->escape_string($column)."='".$db->escape_string($value)."'";
3277                      }
3278                  }
3279              }
3280              else if(!empty($input))
3281              {
3282                  if($input == $lang->na)
3283                  {
3284                      continue;
3285                  }
3286  
3287                  if(strpos($column, '_blank') !== false)
3288                  {
3289                      $column = str_replace('_blank', '', $column);
3290                      $userfield_sql .= ' AND '.$db->escape_string($column)." != ''";
3291                  }
3292                  else
3293                  {
3294                      $userfield_sql .= ' AND '.$db->escape_string($column)." LIKE '%".$db->escape_string($input)."%'";
3295                  }
3296              }
3297          }
3298  
3299          if($userfield_sql != '1=1')
3300          {
3301              $userfield_uids = array(0);
3302              $query = $db->simple_select("userfields", "ufid", $userfield_sql);
3303              while($userfield = $db->fetch_array($query))
3304              {
3305                  $userfield_uids[] = $userfield['ufid'];
3306              }
3307              $search_sql .= " AND u.uid IN(".implode(',', $userfield_uids).")";
3308              unset($userfield_uids);
3309          }
3310      }
3311  
3312      // Usergroup based searching
3313      if(isset($view['conditions']['usergroup']))
3314      {
3315          if(!is_array($view['conditions']['usergroup']))
3316          {
3317              $view['conditions']['usergroup'] = array($view['conditions']['usergroup']);
3318          }
3319  
3320          foreach($view['conditions']['usergroup'] as $usergroup)
3321          {
3322              $usergroup = intval($usergroup);
3323  
3324              if(!$usergroup)
3325              {
3326                  continue;
3327              }
3328  
3329              switch($db->type)
3330              {
3331                  case "pgsql":
3332                  case "sqlite":
3333                      $additional_sql .= " OR ','||additionalgroups||',' LIKE '%,{$usergroup},%'";
3334                      break;
3335                  default:
3336                      $additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'";
3337              }
3338          }
3339  
3340          $search_sql .= " AND (u.usergroup IN (".implode(",", array_map('intval', $view['conditions']['usergroup'])).") {$additional_sql})";
3341      }
3342  
3343      // COPPA users only?
3344      if(isset($view['conditions']['coppa']))
3345      {
3346          $search_sql .= " AND u.coppauser=1 AND u.usergroup=5";
3347      }
3348  
3349      // Extra SQL?
3350      if(isset($view['extra_sql']))
3351      {
3352          $search_sql .= $view['extra_sql'];
3353      }
3354  
3355      // Lets fetch out how many results we have
3356      $query = $db->query("
3357          SELECT COUNT(u.uid) AS num_results
3358          FROM ".TABLE_PREFIX."users u
3359          WHERE {$search_sql}
3360      ");
3361      $num_results = $db->fetch_field($query, "num_results");
3362  
3363      // No matching results then return false
3364      if(!$num_results)
3365      {
3366          return false;
3367      }
3368      // Generate the list of results
3369      else
3370      {
3371          if(!$view['perpage'])
3372          {
3373              $view['perpage'] = 20;
3374          }
3375          $view['perpage'] = intval($view['perpage']);
3376  
3377          // Establish which page we're viewing and the starting index for querying
3378          // Establish which page we're viewing and the starting index for querying
3379          if(!isset($mybb->input['page']))
3380          {
3381              $mybb->input['page'] = 1;
3382          }
3383          else
3384          {
3385              $mybb->input['page'] = intval($mybb->input['page']);
3386          }
3387  
3388          if($mybb->input['page'])
3389          {
3390              $start = ($mybb->input['page'] - 1) * $view['perpage'];
3391          }
3392          else
3393          {
3394              $start = 0;
3395              $mybb->input['page'] = 1;
3396          }
3397  
3398          $from_bit = "";
3399          if(isset($mybb->input['from']) && $mybb->input['from'] == "home")
3400          {
3401              $from_bit = "&amp;from=home";
3402          }
3403  
3404          switch($view['sortby'])
3405          {
3406              case "regdate":
3407              case "lastactive":
3408              case "postnum":
3409              case "reputation":
3410                  $view['sortby'] = $db->escape_string($view['sortby']);
3411                  break;
3412              case "numposts":
3413                  $view['sortby'] = "postnum";
3414                  break;
3415              case "warninglevel":
3416                  $view['sortby'] = "warningpoints";
3417                  break;
3418              default:
3419                  $view['sortby'] = "username";
3420          }
3421  
3422          if($view['sortorder'] != "desc")
3423          {
3424              $view['sortorder'] = "asc";
3425          }
3426  
3427          $usergroups = $cache->read("usergroups");
3428  
3429          // Fetch matching users
3430          $query = $db->query("
3431              SELECT u.*
3432              FROM ".TABLE_PREFIX."users u
3433              WHERE {$search_sql}
3434              ORDER BY {$view['sortby']} {$view['sortorder']}
3435              LIMIT {$start}, {$view['perpage']}
3436          ");
3437          $users = '';
3438          while($user = $db->fetch_array($query))
3439          {
3440              $comma = $groups_list = '';
3441              $user['view']['username'] = "<a href=\"index.php?module=user-users&amp;action=edit&amp;uid={$user['uid']}\">".format_name($user['username'], $user['usergroup'], $user['displaygroup'])."</a>";
3442              $user['view']['usergroup'] = $usergroups[$user['usergroup']]['title'];
3443              if($user['additionalgroups'])
3444              {
3445                  $additional_groups = explode(",", $user['additionalgroups']);
3446  
3447                  foreach($additional_groups as $group)
3448                  {
3449                      $groups_list .= "{$comma}{$usergroups[$group]['title']}";
3450                      $comma = $lang->comma;
3451                  }
3452              }
3453              if(!$groups_list)
3454              {
3455                  $groups_list = $lang->none;
3456              }
3457              $user['view']['additionalgroups'] = "<small>{$groups_list}</small>";
3458              $user['view']['email'] = "<a href=\"mailto:".htmlspecialchars_uni($user['email'])."\">".htmlspecialchars_uni($user['email'])."</a>";
3459              $user['view']['regdate'] = my_date($mybb->settings['dateformat'], $user['regdate']).", ".my_date($mybb->settings['timeformat'], $user['regdate']);
3460              $user['view']['lastactive'] = my_date($mybb->settings['dateformat'], $user['lastactive']).", ".my_date($mybb->settings['timeformat'], $user['lastactive']);
3461  
3462              // Build popup menu
3463              $popup = new PopupMenu("user_{$user['uid']}", $lang->options);
3464              $popup->add_item($lang->edit_profile_and_settings, "index.php?module=user-users&amp;action=edit&amp;uid={$user['uid']}");
3465              $popup->add_item($lang->ban_user, "index.php?module=user-banning&amp;uid={$user['uid']}#username");
3466  
3467              if($user['usergroup'] == 5)
3468              {
3469                  if($user['coppauser'])
3470                  {
3471                      $popup->add_item($lang->approve_coppa_user, "index.php?module=user-users&amp;action=activate_user&amp;uid={$user['uid']}&amp;my_post_key={$mybb->post_code}{$from_bit}");
3472                  }
3473                  else
3474                  {
3475                      $popup->add_item($lang->approve_user, "index.php?module=user-users&amp;action=activate_user&amp;uid={$user['uid']}&amp;my_post_key={$mybb->post_code}{$from_bit}");
3476                  }
3477              }
3478  
3479              $popup->add_item($lang->delete_user, "index.php?module=user-users&amp;action=delete&amp;uid={$user['uid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->user_deletion_confirmation}')");
3480              $popup->add_item($lang->show_referred_users, "index.php?module=user-users&amp;action=referrers&amp;uid={$user['uid']}");
3481              $popup->add_item($lang->show_ip_addresses, "index.php?module=user-users&amp;action=ipaddresses&amp;uid={$user['uid']}");
3482              $popup->add_item($lang->show_attachments, "index.php?module=forum-attachments&amp;results=1&amp;username=".urlencode(htmlspecialchars_uni($user['username'])));
3483              $user['view']['controls'] = $popup->fetch();
3484  
3485              // Fetch the reputation for this user
3486              if($usergroups[$user['usergroup']]['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
3487              {
3488                  $user['view']['reputation'] = get_reputation($user['reputation']);
3489              }
3490              else
3491              {
3492                  $reputation = "-";
3493              }
3494  
3495              if($mybb->settings['enablewarningsystem'] != 0 && $usergroups[$user['usergroup']]['canreceivewarnings'] != 0)
3496              {
3497                  $warning_level = round($user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
3498                  if($warning_level > 100)
3499                  {
3500                      $warning_level = 100;
3501                  }
3502                  $user['view']['warninglevel'] = get_colored_warning_level($warning_level);
3503              }
3504  
3505              if($user['avatar'] && !stristr($user['avatar'], 'http://'))
3506              {
3507                  $user['avatar'] = "../{$user['avatar']}";
3508              }
3509              if($view['view_type'] == "card")
3510              {
3511                  $scaled_avatar = fetch_scaled_avatar($user, 80, 80);
3512              }
3513              else
3514              {
3515                  $scaled_avatar = fetch_scaled_avatar($user, 34, 34);
3516              }
3517              if(!$user['avatar'])
3518              {
3519                  $user['avatar'] = "styles/{$page->style}/images/default_avatar.gif";
3520              }
3521              $user['view']['avatar'] = "<img src=\"".htmlspecialchars_uni($user['avatar'])."\" alt=\"\" width=\"{$scaled_avatar['width']}\" height=\"{$scaled_avatar['height']}\" />";
3522  
3523              if($view['view_type'] == "card")
3524              {
3525                  $users .= build_user_view_card($user, $view, $i);
3526              }
3527              else
3528              {
3529                  build_user_view_table($user, $view, $table);
3530              }
3531          }
3532  
3533          // If card view, we need to output the results
3534          if($view['view_type'] == "card")
3535          {
3536              $table->construct_cell($users);
3537              $table->construct_row();
3538          }
3539      }
3540  
3541      if(!isset($view['table_id']))
3542      {
3543          $view['table_id'] = "users_list";
3544      }
3545  
3546      $switch_view = "<div class=\"float_right\">";
3547      $switch_url = $view['url'];
3548      if($mybb->input['page'] > 0)
3549      {
3550          $switch_url .= "&amp;page=".intval($mybb->input['page']);
3551      }
3552      if($view['view_type'] != "card")
3553      {
3554          $switch_view .= "<strong>{$lang->table_view}</strong> | <a href=\"{$switch_url}&amp;type=card\" style=\"font-weight: normal;\">{$lang->card_view}</a>";
3555      }
3556      else
3557      {
3558          $switch_view .= "<a href=\"{$switch_url}&amp;type=table\" style=\"font-weight: normal;\">{$lang->table_view}</a> | <strong>{$lang->card_view}</strong>";
3559      }
3560      $switch_view .= "</div>";
3561  
3562      // Do we need to construct the pagination?
3563      if($num_results > $view['perpage'])
3564      {
3565          $pagination = draw_admin_pagination($mybb->input['page'], $view['perpage'], $num_results, $view['url']."&amp;type={$view['view_type']}");
3566          $search_class = "float_right";
3567          $search_style = "";
3568      }
3569      else
3570      {
3571          $search_class = '';
3572          $search_style = "text-align: right;";
3573      }
3574  
3575      $search_action = $view['url'];
3576      // stop &username= in the query string
3577      if($view_upos = strpos($search_action, '&amp;username='))
3578      {
3579          $search_action = substr($search_action, 0, $view_upos);
3580      }
3581      $search_action = str_replace("&amp;", "&", $search_action);
3582      $search = new Form(htmlspecialchars_uni($search_action), 'post', 'search_form', 0, '', true);
3583      $built_view = $search->construct_return;
3584      $built_view .= "<div class=\"{$search_class}\" style=\"padding-bottom: 3px; margin-top: -9px; {$search_style}\">";
3585      $built_view .= $search->generate_hidden_field('action', 'search')."\n";
3586      if(isset($view['conditions']['username']))
3587      {
3588          $default_class = '';
3589          $value = $view['conditions']['username'];
3590      }
3591      else
3592      {
3593          $default_class = "search_default";
3594          $value = $lang->search_for_user;
3595      }
3596      $built_view .= $search->generate_text_box('username', $value, array('id' => 'search_keywords', 'class' => "{$default_class} field150 field_small"))."\n";
3597      $built_view .= "<input type=\"submit\" class=\"search_button\" value=\"{$lang->search}\" />\n";
3598      if($view['popup'])
3599      {
3600          $built_view .= " <div style=\"display: inline\">{$view['popup']}</div>\n";
3601      }
3602      $built_view .= "<script type='text/javascript'>
3603          var form = document.getElementById('search_form');
3604          form.onsubmit = function() {
3605              var search = document.getElementById('search_keywords');
3606              if(search.value == '' || search.value == '".addcslashes($lang->search_for_user, "'")."')
3607              {
3608                  search.focus();
3609                  return false;
3610              }
3611          }
3612  
3613          var search = document.getElementById('search_keywords');
3614          search.onfocus = function()
3615          {
3616              if(this.value == '".addcslashes($lang->search_for_user, "'")."')
3617              {
3618                  $(this).removeClassName('search_default');
3619                  this.value = '';
3620              }
3621          }
3622          search.onblur = function()
3623          {
3624              if(this.value == '')
3625              {
3626                  $(this).addClassName('search_default');
3627                  this.value = '".addcslashes($lang->search_for_user, "'")."';
3628              }
3629          }
3630          // fix the styling used if we have a different default value
3631          if(search.value != '".addcslashes($lang->search_for_user, "'")."')
3632          {
3633              $(search).removeClassName('search_default');
3634          }
3635          </script>\n";
3636      $built_view .= "</div>\n";
3637  
3638      // Autocompletion for usernames
3639      $built_view .= '
3640      <script type="text/javascript" src="../jscripts/autocomplete.js?ver=140"></script>
3641      <script type="text/javascript">
3642      <!--
3643          new autoComplete("search_keywords", "../xmlhttp.php?action=get_users", {valueSpan: "username"});
3644      // -->
3645      </script>';
3646  
3647      $built_view .= $search->end();
3648  
3649      if(isset($pagination))
3650      {
3651          $built_view .= $pagination;
3652      }
3653      if($view['view_type'] != "card")
3654      {
3655          $checkbox = '';
3656      }
3657      else
3658      {
3659          $checkbox = "<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this)\" /> ";
3660      }
3661      $built_view .= $table->construct_html("{$switch_view}<div>{$checkbox}{$lang->users}{$view_title}</div>", 1, "", $view['table_id']);
3662      if(isset($pagination))
3663      {
3664          $built_view .= $pagination;
3665      }
3666  
3667      $built_view .= '
3668  <script type="text/javascript" src="'.$mybb->settings['bburl'].'/jscripts/inline_moderation.js?ver=1400"></script>
3669  <form action="index.php?module=user-users" method="post">
3670  <input type="hidden" name="my_post_key" value="'.$mybb->post_code.'" />
3671  <input type="hidden" name="action" value="inline_edit" />
3672  <div class="float_right"><span class="smalltext"><strong>'.$lang->inline_edit.'</strong></span>
3673  <select name="inline_action" class="inline_select">
3674      <option value="multiactivate">'.$lang->inline_activate.'</option>
3675      <option value="multiban">'.$lang->inline_ban.'</option>
3676      <option value="multiusergroup">'.$lang->inline_usergroup.'</option>
3677      <option value="multidelete">'.$lang->inline_delete.'</option>
3678      <option value="multiprune">'.$lang->inline_prune.'</option>
3679  </select>
3680  <input type="submit" class="button" name="go" value="'.$lang->go.' (0)" id="inline_go" />&nbsp;
3681  <input type="button" onclick="javascript:inlineModeration.clearChecked();" value="'.$lang->clear.'" class="button" />
3682  </div>
3683  </form>
3684  <br style="clear: both;" />
3685  <script type="text/javascript">
3686  <!--
3687      var go_text = "'.$lang->go.'";
3688      var all_text = "1";
3689      var inlineType = "user";
3690      var inlineId = "acp";
3691  // -->
3692  </script>';
3693  
3694      return $built_view;
3695  }
3696  
3697  function build_user_view_card($user, $view, &$i)
3698  {
3699      global $user_view_fields;
3700  
3701      ++$i;
3702      if($i == 3)
3703      {
3704          $i = 1;
3705      }
3706  
3707      // Loop through fields user wants to show
3708      foreach($view['fields'] as $field)
3709      {
3710          if(!$user_view_fields[$field])
3711          {
3712              continue;
3713          }
3714  
3715          $view_field = $user_view_fields[$field];
3716  
3717          // Special conditions for avatar
3718          if($field == "avatar")
3719          {
3720              $avatar = $user['view']['avatar'];
3721          }
3722          else if($field == "controls")
3723          {
3724              $controls = $user['view']['controls'];
3725          }
3726          // Otherwise, just user data
3727          else if($field != "username")
3728          {
3729              if(isset($user['view'][$field]))
3730              {
3731                  $value = $user['view'][$field];
3732              }
3733              else
3734              {
3735                  $value = $user[$field];
3736              }
3737  
3738              if($field == "postnum")
3739              {
3740                  $value = my_number_format($value);
3741              }
3742  
3743              $user_details[] = "<strong>{$view_field['title']}:</strong> {$value}";
3744          }
3745  
3746      }
3747      // Floated to the left or right?
3748      if($i == 1)
3749      {
3750          $float = "left";
3751      }
3752      else
3753      {
3754          $float = "right";
3755      }
3756  
3757      // And build the final card
3758      $card = "<fieldset id=\"uid_{$user['uid']}\" style=\"width: 47%; float: {$float};\">\n";
3759      $card .= "<legend><input type=\"checkbox\" class=\"checkbox\" name=\"inlinemod_{$user['uid']}\" id=\"inlinemod_{$user['uid']}\" value=\"1\" onclick=\"$('uid_{$user['uid']}').toggleClassName('inline_selected');\" /> {$user['view']['username']}</legend>\n";
3760      if($avatar)
3761      {
3762          $card .= "<div class=\"user_avatar\">{$avatar}</div>\n";
3763      }
3764      if($user_details)
3765      {
3766          $card .= "<div class=\"user_details\">".implode("<br />", $user_details)."</div>\n";
3767      }
3768      if($controls)
3769      {
3770          $card .= "<div class=\"float_right\" style=\"padding: 4px;\">{$controls}</div>\n";
3771      }
3772      $card .= "</fieldset>";
3773      return $card;
3774  
3775  }
3776  
3777  function build_user_view_table($user, $view, &$table)
3778  {
3779      global $user_view_fields;
3780  
3781      foreach($view['fields'] as $field)
3782      {
3783          if(!$user_view_fields[$field])
3784          {
3785              continue;
3786          }
3787          $view_field = $user_view_fields[$field];
3788          $field_options = array();
3789          if($view_field['align'])
3790          {
3791              $field_options['class'] = "align_".$view_field['align'];
3792          }
3793          if($user['view'][$field])
3794          {
3795              $value = $user['view'][$field];
3796          }
3797          else
3798          {
3799              $value = $user[$field];
3800          }
3801          $table->construct_cell($value, $field_options);
3802      }
3803  
3804      $table->construct_cell("<input type=\"checkbox\" class=\"checkbox\" name=\"inlinemod_{$user['uid']}\" id=\"inlinemod_{$user['uid']}\" value=\"1\" onclick=\"$('uid_{$user['uid']}').toggleClassName('inline_selected');\" />");
3805  
3806      $table->construct_row();
3807  }
3808  
3809  function fetch_scaled_avatar($user, $max_width=80, $max_height=80)
3810  {
3811      $scaled_dimensions = array(
3812          "width" => $max_width,
3813          "height" => $max_height,
3814      );
3815  
3816      if($user['avatar'])
3817      {
3818          if($user['avatardimensions'])
3819          {
3820              require_once  MYBB_ROOT."inc/functions_image.php";
3821              list($width, $height) = explode("|", $user['avatardimensions']);
3822              $scaled_dimensions = scale_image($width, $height, $max_width, $max_height);
3823          }
3824      }
3825  
3826      return array("width" => $scaled_dimensions['width'], "height" => $scaled_dimensions['height']);
3827  }
3828  
3829  function output_custom_profile_fields($fields, $values, &$form_container, &$form, $search=false)
3830  {
3831      global $lang;
3832  
3833      if(!is_array($fields))
3834      {
3835          return;
3836      }
3837      foreach($fields as $profile_field)
3838      {
3839          $profile_field['type'] = htmlspecialchars_uni($profile_field['type']);
3840          list($type, $options) = explode("\n", $profile_field['type'], 2);
3841          $type = trim($type);
3842          $field_name = "fid{$profile_field['fid']}";
3843  
3844          switch($type)
3845          {
3846              case "multiselect":
3847                  if(!is_array($values[$field_name]))
3848                  {
3849                      $user_options = explode("\n", $values[$field_name]);
3850                  }
3851                  else
3852                  {
3853                      $user_options = $values[$field_name];
3854                  }
3855  
3856                  foreach($user_options as $val)
3857                  {
3858                      $selected_options[$val] = $val;
3859                  }
3860  
3861                  $select_options = explode("\n", $options);
3862                  $options = array();
3863                  if($search == true)
3864                  {
3865                      $select_options[''] = $lang->na;
3866                  }
3867  
3868                  foreach($select_options as $val)
3869                  {
3870                      $val = trim($val);
3871                      $options[$val] = $val;
3872                  }
3873                  if(!$profile_field['length'])
3874                  {
3875                      $profile_field['length'] = 3;
3876                  }
3877                  $code = $form->generate_select_box("profile_fields[{$field_name}][]", $options, $selected_options, array('id' => "profile_field_{$field_name}", 'multiple' => true, 'size' => $profile_field['length']));
3878                  break;
3879              case "select":
3880                  $select_options = array();
3881                  if($search == true)
3882                  {
3883                      $select_options[''] = $lang->na;
3884                  }
3885                  $select_options += explode("\n", $options);
3886                  $options = array();
3887                  foreach($select_options as $val)
3888                  {
3889                      $val = trim($val);
3890                      $options[$val] = $val;
3891                  }
3892                  if(!$profile_field['length'])
3893                  {
3894                      $profile_field['length'] = 1;
3895                  }
3896                  if($search == true)
3897                  {
3898                      $code = $form->generate_select_box("profile_fields[{$field_name}][{$field_name}]", $options, $values[$field_name], array('id' => "profile_field_{$field_name}", 'size' => $profile_field['length']));
3899                  }
3900                  else
3901                  {
3902                      $code = $form->generate_select_box("profile_fields[{$field_name}]", $options, $values[$field_name], array('id' => "profile_field_{$field_name}", 'size' => $profile_field['length']));
3903                  }
3904                  break;
3905              case "radio":
3906                  $radio_options = array();
3907                  if($search == true)
3908                  {
3909                      $radio_options[''] = $lang->na;
3910                  }
3911                  $radio_options += explode("\n", $options);
3912                  foreach($radio_options as $val)
3913                  {
3914                      $val = trim($val);
3915                      $code .= $form->generate_radio_button("profile_fields[{$field_name}]", $val, $val, array('id' => "profile_field_{$field_name}", 'checked' => ($val == $values[$field_name] ? true : false)))."<br />";
3916                  }
3917                  break;
3918              case "checkbox":
3919                  if(!is_array($values[$field_name]))
3920                  {
3921                      $user_options = explode("\n", $values[$field_name]);
3922                  }
3923                  else
3924                  {
3925                      $user_options = $values[$field_name];
3926                  }
3927                  foreach($user_options as $val)
3928                  {
3929                      $selected_options[$val] = $val;
3930                  }
3931                  $select_options = array();
3932                  if($search == true)
3933                  {
3934                      $select_options[''] = $lang->na;
3935                  }
3936                  $select_options += explode("\n", $options);
3937                  foreach($select_options as $val)
3938                  {
3939                      $val = trim($val);
3940                      $code .= $form->generate_check_box("profile_fields[{$field_name}][]", $val, $val, array('id' => "profile_field_{$field_name}", 'checked' => ($val == $selected_options[$val] ? true : false)))."<br />";
3941                  }
3942                  break;
3943              case "textarea":
3944                  $extra = '';
3945                  if(isset($mybb->input['action']) && $mybb->input['action'] == "search")
3946                  {
3947                      $extra = " {$lang->or} ".$form->generate_check_box("profile_fields[{$field_name}_blank]", 1, $lang->is_not_blank, array('id' => "{$field_name}_blank", 'checked' => $values[$field_name.'_blank']));
3948                  }
3949  
3950                  $code = $form->generate_text_area("profile_fields[{$field_name}]", $values[$field_name], array('id' => "profile_field_{$field_name}", 'rows' => 6, 'cols' => 50)).$extra;
3951                  break;
3952              default:
3953                  $extra = '';
3954                  if(isset($mybb->input['action']) && $mybb->input['action'] == "search")
3955                  {
3956                      $extra = " {$lang->or} ".$form->generate_check_box("profile_fields[{$field_name}_blank]", 1, $lang->is_not_blank, array('id' => "{$field_name}_blank", 'checked' => $values[$field_name.'_blank']));
3957                  }
3958  
3959                  $code = $form->generate_text_box("profile_fields[{$field_name}]", $values[$field_name], array('id' => "profile_field_{$field_name}", 'maxlength' => $profile_field['maxlength'], 'length' => $profile_field['length'])).$extra;
3960                  break;
3961          }
3962  
3963          $form_container->output_row($profile_field['name'], $profile_field['description'], $code, "", array('id' => "profile_field_{$field_name}"));
3964          $code = $user_options = $selected_options = $radio_options = $val = $options = '';
3965      }
3966  }
3967  
3968  function user_search_conditions($input=array(), &$form)
3969  {
3970      global $mybb, $db, $lang;
3971  
3972      if(!$input)
3973      {
3974          $input = $mybb->input;
3975      }
3976  
3977      if(!is_array($input['conditions']))
3978      {
3979          $input['conditions'] = unserialize($input['conditions']);
3980      }
3981  
3982      if(!is_array($input['profile_fields']))
3983      {
3984          $input['profile_fields'] = unserialize($input['profile_fields']);
3985      }
3986  
3987      if(!is_array($input['fields']))
3988      {
3989          $input['fields'] = unserialize($input['fields']);
3990      }
3991  
3992      $form_container = new FormContainer($lang->find_users_where);
3993      $form_container->output_row($lang->username_contains, "", $form->generate_text_box('conditions[username]', $input['conditions']['username'], array('id' => 'username')), 'username');
3994      $form_container->output_row($lang->email_address_contains, "", $form->generate_text_box('conditions[email]', $input['conditions']['email'], array('id' => 'email')), 'email');
3995  
3996      $options = array();
3997      $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
3998      while($usergroup = $db->fetch_array($query))
3999      {
4000          $options[$usergroup['gid']] = $usergroup['title'];
4001      }
4002  
4003      $form_container->output_row($lang->is_member_of_groups, $lang->additional_user_groups_desc, $form->generate_select_box('conditions[usergroup][]', $options, $input['conditions']['usergroup'], array('id' => 'usergroups', 'multiple' => true, 'size' => 5)), 'usergroups');
4004  
4005      $form_container->output_row($lang->website_contains, "", $form->generate_text_box('conditions[website]', $input['conditions']['website'], array('id' => 'website'))." {$lang->or} ".$form->generate_check_box('conditions[website_blank]', 1, $lang->is_not_blank, array('id' => 'website_blank', 'checked' => $input['conditions']['website_blank'])), 'website');
4006      $form_container->output_row($lang->icq_number_contains, "", $form->generate_text_box('conditions[icq]', $input['conditions']['icq'], array('id' => 'icq'))." {$lang->or} ".$form->generate_check_box('conditions[icq_blank]', 1, $lang->is_not_blank, array('id' => 'icq_blank', 'checked' => $input['conditions']['icq_blank'])), 'icq');
4007      $form_container->output_row($lang->aim_handle_contains, "", $form->generate_text_box('conditions[aim]', $input['conditions']['aim'], array('id' => 'aim'))." {$lang->or} ".$form->generate_check_box('conditions[aim_blank]', 1, $lang->is_not_blank, array('id' => 'aim_blank', 'checked' => $input['conditions']['aim_blank'])), 'aim');
4008      $form_container->output_row($lang->yahoo_contains, "", $form->generate_text_box('conditions[yahoo]', $input['conditions']['yahoo'], array('id' => 'yahoo'))." {$lang->or} ".$form->generate_check_box('conditions[yahoo_blank]', 1, $lang->is_not_blank, array('id' => 'yahoo_blank', 'checked' => $input['conditions']['yahoo_blank'])), 'yahoo');
4009      $form_container->output_row($lang->msn_contains, "", $form->generate_text_box('conditions[msn]', $input['conditions']['msn'], array('id' => 'msn'))." {$lang->or} ".$form->generate_check_box('conditions[msn_blank]', 1, $lang->is_not_blank, array('id' => 'msn_blank', 'checked' => $input['conditions']['msn_blank'])), 'msn');
4010      $form_container->output_row($lang->signature_contains, "", $form->generate_text_box('conditions[signature]', $input['conditions']['signature'], array('id' => 'signature'))." {$lang->or} ".$form->generate_check_box('conditions[signature_blank]', 1, $lang->is_not_blank, array('id' => 'signature_blank', 'checked' => $input['conditions']['signature_blank'])), 'signature');
4011      $form_container->output_row($lang->user_title_contains, "", $form->generate_text_box('conditions[usertitle]', $input['conditions']['usertitle'], array('id' => 'usertitle'))." {$lang->or} ".$form->generate_check_box('conditions[usertitle_blank]', 1, $lang->is_not_blank, array('id' => 'usertitle_blank', 'checked' => $input['conditions']['usertitle_blank'])), 'usertitle');
4012      $greater_options = array(
4013          "greater_than" => $lang->greater_than,
4014          "is_exactly" => $lang->is_exactly,
4015          "less_than" => $lang->less_than
4016      );
4017      $form_container->output_row($lang->post_count_is, "", $form->generate_select_box('conditions[postnum_dir]', $greater_options, $input['conditions']['postnum_dir'], array('id' => 'numposts_dir'))." ".$form->generate_text_box('conditions[postnum]', $input['conditions']['postnum'], array('id' => 'numposts')), 'numposts');
4018  
4019      $form_container->output_row($lang->reg_in_x_days, '', $form->generate_text_box('conditions[regdate]', $input['conditions']['regdate'], array('id' => 'regdate')).' '.$lang->days, 'regdate');
4020      $form_container->output_row($lang->reg_ip_matches, $lang->wildcard, $form->generate_text_box('conditions[regip]', $input['conditions']['regip'], array('id' => 'regip')), 'regip');
4021      $form_container->output_row($lang->last_known_ip, $lang->wildcard, $form->generate_text_box('conditions[lastip]', $input['conditions']['lastip'], array('id' => 'lastip')), 'lastip');
4022      $form_container->output_row($lang->posted_with_ip, $lang->wildcard, $form->generate_text_box('conditions[postip]', $input['conditions']['postip'], array('id' => 'postip')), 'postip');
4023  
4024      $form_container->end();
4025  
4026      // Custom profile fields go here
4027      $form_container = new FormContainer($lang->custom_profile_fields_match);
4028  
4029      // Fetch custom profile fields
4030      $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder'));
4031      while($profile_field = $db->fetch_array($query))
4032      {
4033          if($profile_field['required'] == 1)
4034          {
4035              $profile_fields['required'][] = $profile_field;
4036          }
4037          else
4038          {
4039              $profile_fields['optional'][] = $profile_field;
4040          }
4041      }
4042  
4043      output_custom_profile_fields($profile_fields['required'], $input['profile_fields'], $form_container, $form, true);
4044      output_custom_profile_fields($profile_fields['optional'], $input['profile_fields'], $form_container, $form, true);
4045  
4046      $form_container->end();
4047  
4048      // Autocompletion for usernames
4049      echo '
4050      <script type="text/javascript" src="../jscripts/autocomplete.js?ver=140"></script>
4051      <script type="text/javascript">
4052      <!--
4053          new autoComplete("username", "../xmlhttp.php?action=get_users", {valueSpan: "username"});
4054      // -->
4055      </script>';
4056  }
4057  
4058  ?>


Generated: Tue Oct 8 19:19:50 2013 Cross-referenced by PHPXref 0.7.1