| [ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'modcp.php'); 14 15 $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit"; 16 $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread"; 17 $templatelist .= ",modcp_banning_multipage,modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty"; 18 $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info"; 19 $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults"; 20 $templatelist .= ",codebuttons,smilieinsert,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result"; 21 $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info"; 22 $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread"; 23 $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,smilieinsert_getmore,modcp_announcements_forum_nomod,modcp_announcements_announcement,multipage_prevpage"; 24 $templatelist .= ",multipage_start,multipage_page_current,multipage_page,multipage_end,multipage_nextpage,multipage"; 25 26 require_once "./global.php"; 27 require_once MYBB_ROOT."inc/functions_user.php"; 28 require_once MYBB_ROOT."inc/functions_upload.php"; 29 require_once MYBB_ROOT."inc/functions_modcp.php"; 30 require_once MYBB_ROOT."inc/class_parser.php"; 31 32 $parser = new postParser; 33 34 // Set up the array of ban times. 35 $bantimes = fetch_ban_times(); 36 37 // Load global language phrases 38 $lang->load("modcp"); 39 40 if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) 41 { 42 error_no_permission(); 43 } 44 45 $errors = ''; 46 // SQL for fetching items only related to forums this user moderates 47 $moderated_forums = array(); 48 if($mybb->usergroup['issupermod'] != 1) 49 { 50 $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id='{$mybb->user['usergroup']}' AND isgroup = '1')"); 51 while($forum = $db->fetch_array($query)) 52 { 53 $flist .= ",'{$forum['fid']}'"; 54 55 $children = get_child_list($forum['fid']); 56 if(!empty($children)) 57 { 58 $flist .= ",'".implode("','", $children)."'"; 59 } 60 $moderated_forums[] = $forum['fid']; 61 } 62 if($flist) 63 { 64 $tflist = " AND t.fid IN (0{$flist})"; 65 $flist = " AND fid IN (0{$flist})"; 66 } 67 } 68 else 69 { 70 $flist = $tflist = ''; 71 } 72 73 // Retrieve a list of unviewable forums 74 $unviewableforums = get_unviewable_forums(); 75 76 if($unviewableforums && !is_super_admin($mybb->user['uid'])) 77 { 78 $flist .= " AND fid NOT IN ({$unviewableforums})"; 79 $tflist .= " AND t.fid NOT IN ({$unviewableforums})"; 80 81 $unviewableforums = str_replace("'", '', $unviewableforums); 82 $unviewableforums = explode(',', $unviewableforums); 83 } 84 else 85 { 86 $unviewableforums = array(); 87 } 88 89 // Fetch the Mod CP menu 90 eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";"); 91 92 $plugins->run_hooks("modcp_start"); 93 94 // Make navigation 95 add_breadcrumb($lang->nav_modcp, "modcp.php"); 96 97 if($mybb->input['action'] == "do_reports") 98 { 99 // Verify incoming POST request 100 verify_post_check($mybb->input['my_post_key']); 101 102 if(!is_array($mybb->input['reports'])) 103 { 104 error($lang->error_noselected_reports); 105 } 106 107 $sql = '1=1'; 108 if(!$mybb->input['allbox']) 109 { 110 $mybb->input['reports'] = array_map("intval", $mybb->input['reports']); 111 $rids = implode($mybb->input['reports'], "','"); 112 $rids = "'0','{$rids}'"; 113 114 $sql = "rid IN ({$rids})"; 115 } 116 117 $plugins->run_hooks("modcp_do_reports"); 118 119 $db->update_query("reportedposts", array('reportstatus' => 1), "{$sql}{$flist}"); 120 $cache->update_reportedposts(); 121 122 $page = intval($mybb->input['page']); 123 124 redirect("modcp.php?action=reports&page={$page}", $lang->redirect_reportsmarked); 125 } 126 127 if($mybb->input['action'] == "reports") 128 { 129 add_breadcrumb($lang->mcp_nav_reported_posts, "modcp.php?action=reports"); 130 131 if(!$mybb->settings['threadsperpage']) 132 { 133 $mybb->settings['threadsperpage'] = 20; 134 } 135 136 // Figure out if we need to display multiple pages. 137 $perpage = $mybb->settings['threadsperpage']; 138 if($mybb->input['page'] != "last") 139 { 140 $page = intval($mybb->input['page']); 141 } 142 143 $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "reportstatus ='0'"); 144 $report_count = $db->fetch_field($query, "count"); 145 146 $mybb->input['rid'] = intval($mybb->input['rid']); 147 148 if($mybb->input['rid']) 149 { 150 $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'"); 151 $result = $db->fetch_field($query, "count"); 152 if(($result % $perpage) == 0) 153 { 154 $page = $result / $perpage; 155 } 156 else 157 { 158 $page = intval($result / $perpage) + 1; 159 } 160 } 161 $postcount = intval($report_count); 162 $pages = $postcount / $perpage; 163 $pages = ceil($pages); 164 165 if($mybb->input['page'] == "last") 166 { 167 $page = $pages; 168 } 169 170 if($page > $pages || $page <= 0) 171 { 172 $page = 1; 173 } 174 175 if($page && $page > 0) 176 { 177 $start = ($page-1) * $perpage; 178 } 179 else 180 { 181 $start = 0; 182 $page = 1; 183 } 184 $upper = $start+$perpage; 185 186 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports"); 187 if($postcount > $perpage) 188 { 189 eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 190 } 191 192 $query = $db->simple_select("forums", "fid, name"); 193 while($forum = $db->fetch_array($query)) 194 { 195 $forums[$forum['fid']] = $forum['name']; 196 } 197 198 $plugins->run_hooks("modcp_reports_start"); 199 200 $reports = ''; 201 $query = $db->query(" 202 SELECT r.*, u.username, up.username AS postusername, up.uid AS postuid, t.subject AS threadsubject 203 FROM ".TABLE_PREFIX."reportedposts r 204 LEFT JOIN ".TABLE_PREFIX."posts p ON (r.pid=p.pid) 205 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid) 206 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid) 207 LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid) 208 WHERE r.reportstatus='0' 209 ORDER BY r.dateline DESC 210 LIMIT {$start}, {$perpage} 211 "); 212 213 if(!$db->num_rows($query)) 214 { 215 eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";"); 216 } 217 else 218 { 219 while($report = $db->fetch_array($query)) 220 { 221 $trow = alt_trow(); 222 if(is_moderator($report['fid'])) 223 { 224 $trow = 'trow_shaded'; 225 } 226 227 $report['postlink'] = get_post_link($report['pid'], $report['tid']); 228 $report['threadlink'] = get_thread_link($report['tid']); 229 $report['posterlink'] = get_profile_link($report['postuid']); 230 $report['reporterlink'] = get_profile_link($report['uid']); 231 $reportdate = my_date($mybb->settings['dateformat'], $report['dateline']); 232 $reporttime = my_date($mybb->settings['timeformat'], $report['dateline']); 233 $report['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject'])); 234 235 eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";"); 236 } 237 } 238 239 $plugins->run_hooks("modcp_reports_end"); 240 241 eval("\$reportedposts = \"".$templates->get("modcp_reports")."\";"); 242 output_page($reportedposts); 243 } 244 245 if($mybb->input['action'] == "allreports") 246 { 247 add_breadcrumb($lang->mcp_nav_all_reported_posts, "modcp.php?action=allreports"); 248 249 if(!$mybb->settings['threadsperpage']) 250 { 251 $mybb->settings['threadsperpage'] = 20; 252 } 253 254 // Figure out if we need to display multiple pages. 255 $perpage = $mybb->settings['threadsperpage']; 256 if($mybb->input['page'] != "last") 257 { 258 $page = intval($mybb->input['page']); 259 } 260 261 $query = $db->simple_select("reportedposts", "COUNT(rid) AS count"); 262 $warnings = $db->fetch_field($query, "count"); 263 264 if($mybb->input['rid']) 265 { 266 $mybb->input['rid'] = intval($mybb->input['rid']); 267 $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'"); 268 $result = $db->fetch_field($query, "count"); 269 if(($result % $perpage) == 0) 270 { 271 $page = $result / $perpage; 272 } 273 else 274 { 275 $page = intval($result / $perpage) + 1; 276 } 277 } 278 $postcount = intval($warnings); 279 $pages = $postcount / $perpage; 280 $pages = ceil($pages); 281 282 if($mybb->input['page'] == "last") 283 { 284 $page = $pages; 285 } 286 287 if($page > $pages || $page <= 0) 288 { 289 $page = 1; 290 } 291 292 if($page) 293 { 294 $start = ($page-1) * $perpage; 295 } 296 else 297 { 298 $start = 0; 299 $page = 1; 300 } 301 $upper = $start+$perpage; 302 303 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports"); 304 if($postcount > $perpage) 305 { 306 eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 307 } 308 309 $plugins->run_hooks("modcp_allreports_start"); 310 311 $query = $db->query(" 312 SELECT r.*, u.username, up.username AS postusername, up.uid AS postuid, t.subject AS threadsubject 313 FROM ".TABLE_PREFIX."reportedposts r 314 LEFT JOIN ".TABLE_PREFIX."posts p ON (r.pid=p.pid) 315 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid) 316 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid) 317 LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid) 318 ORDER BY r.dateline DESC 319 LIMIT {$start}, {$perpage} 320 "); 321 322 $allreports = ''; 323 if(!$db->num_rows($query)) 324 { 325 eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";"); 326 } 327 else 328 { 329 while($report = $db->fetch_array($query)) 330 { 331 $trow = alt_trow(); 332 333 $report['threadlink'] = get_thread_link($report['tid']); 334 335 $report['posterlink'] = get_profile_link($report['postuid']); 336 $report['postlink'] = get_post_link($report['pid'], $report['tid']); 337 $report['postusername'] = build_profile_link($report['postusername'], $report['postuid']); 338 $report['reporterlink'] = get_profile_link($report['uid']); 339 340 $reportdate = my_date($mybb->settings['dateformat'], $report['dateline']); 341 $reporttime = my_date($mybb->settings['timeformat'], $report['dateline']); 342 343 if($report['reportstatus'] == 0) 344 { 345 $trow = "trow_shaded"; 346 } 347 348 // No subject? Set it to N/A 349 if($report['threadsubject'] == '') 350 { 351 $report['threadsubject'] = $lang->na; 352 } 353 else 354 { 355 // Only parse bad words and sanitize subject if there is one... 356 $report['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject'])); 357 } 358 359 $report['threadsubject'] = "<a href=\"".get_thread_link($report['tid'])."\" target=\"_blank\">{$report['threadsubject']}</a>"; 360 361 eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";"); 362 } 363 } 364 365 $plugins->run_hooks("modcp_allreports_end"); 366 367 eval("\$allreportedposts = \"".$templates->get("modcp_reports_allreports")."\";"); 368 output_page($allreportedposts); 369 } 370 371 if($mybb->input['action'] == "modlogs") 372 { 373 add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs"); 374 375 $perpage = intval($mybb->input['perpage']); 376 if(!$perpage || $perpage <= 0) 377 { 378 $perpage = $mybb->settings['threadsperpage']; 379 } 380 381 $where = ''; 382 383 // Searching for entries by a particular user 384 if($mybb->input['uid']) 385 { 386 $where .= " AND l.uid='".intval($mybb->input['uid'])."'"; 387 } 388 389 // Searching for entries in a specific forum 390 if($mybb->input['fid']) 391 { 392 $where .= " AND t.fid='".intval($mybb->input['fid'])."'"; 393 } 394 395 // Order? 396 switch($mybb->input['sortby']) 397 { 398 case "username": 399 $sortby = "u.username"; 400 break; 401 case "forum": 402 $sortby = "f.name"; 403 break; 404 case "thread": 405 $sortby = "t.subject"; 406 break; 407 default: 408 $sortby = "l.dateline"; 409 } 410 $order = $mybb->input['order']; 411 if($order != "asc") 412 { 413 $order = "desc"; 414 } 415 416 $plugins->run_hooks("modcp_modlogs_start"); 417 418 $query = $db->query(" 419 SELECT COUNT(l.dateline) AS count 420 FROM ".TABLE_PREFIX."moderatorlog l 421 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 422 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 423 WHERE 1=1 {$where}{$tflist} 424 "); 425 $rescount = $db->fetch_field($query, "count"); 426 427 // Figure out if we need to display multiple pages. 428 if($mybb->input['page'] != "last") 429 { 430 $page = intval($mybb->input['page']); 431 } 432 433 $postcount = intval($rescount); 434 $pages = $postcount / $perpage; 435 $pages = ceil($pages); 436 437 if($mybb->input['page'] == "last") 438 { 439 $page = $pages; 440 } 441 442 if($page > $pages || $page <= 0) 443 { 444 $page = 1; 445 } 446 447 if($page) 448 { 449 $start = ($page-1) * $perpage; 450 } 451 else 452 { 453 $start = 0; 454 $page = 1; 455 } 456 457 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=modlogs&perpage=$perpage&uid={$mybb->input['uid']}&fid={$mybb->input['fid']}&sortby={$mybb->input['sortby']}&order={$mybb->input['order']}"); 458 if($postcount > $perpage) 459 { 460 eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";"); 461 } 462 $query = $db->query(" 463 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 464 FROM ".TABLE_PREFIX."moderatorlog l 465 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 466 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 467 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 468 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 469 WHERE 1=1 {$where}{$tflist} 470 ORDER BY {$sortby} {$order} 471 LIMIT {$start}, {$perpage} 472 "); 473 while($logitem = $db->fetch_array($query)) 474 { 475 $information = ''; 476 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 477 $log_date = my_date($mybb->settings['dateformat'], $logitem['dateline']); 478 $log_time = my_date($mybb->settings['timeformat'], $logitem['dateline']); 479 $trow = alt_trow(); 480 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 481 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 482 if($logitem['tsubject']) 483 { 484 $information = "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($logitem['tid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['tsubject'])."</a><br />"; 485 } 486 if($logitem['fname']) 487 { 488 $information .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($logitem['fid'])."\" target=\"_blank\">{$logitem['fname']}</a><br />"; 489 } 490 if($logitem['psubject']) 491 { 492 $information .= "<strong>{$lang->post}</strong> <a href=\"".get_post_link($logitem['pid'])."#pid{$logitem['pid']}\">".htmlspecialchars_uni($logitem['psubject'])."</a>"; 493 } 494 495 // Edited a user? 496 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 497 { 498 $data = unserialize($logitem['data']); 499 if($data['uid']) 500 { 501 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 502 } 503 } 504 505 eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";"); 506 } 507 508 if(!$results) 509 { 510 eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";"); 511 } 512 513 $plugins->run_hooks("modcp_modlogs_filter"); 514 515 // Fetch filter options 516 $sortbysel[$mybb->input['sortby']] = "selected=\"selected\""; 517 $ordersel[$mybb->input['order']] = "selected=\"selected\""; 518 $query = $db->query(" 519 SELECT DISTINCT l.uid, u.username 520 FROM ".TABLE_PREFIX."moderatorlog l 521 LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid) 522 ORDER BY u.username ASC 523 "); 524 while($user = $db->fetch_array($query)) 525 { 526 // Deleted Users 527 if(!$user['username']) 528 { 529 $user['username'] = $lang->na_deleted; 530 } 531 532 $selected = ''; 533 if($mybb->input['uid'] == $user['uid']) 534 { 535 $selected = " selected=\"selected\""; 536 } 537 $user_options .= "<option value=\"{$user['uid']}\"{$selected}>".htmlspecialchars_uni($user['username'])."</option>\n"; 538 } 539 540 $forum_select = build_forum_jump("", $mybb->input['fid'], 1, '', 0, true, '', "fid"); 541 542 eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";"); 543 output_page($modlogs); 544 } 545 546 if($mybb->input['action'] == "do_delete_announcement") 547 { 548 verify_post_check($mybb->input['my_post_key']); 549 550 $aid = intval($mybb->input['aid']); 551 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 552 $announcement = $db->fetch_array($query); 553 554 if(!$announcement['aid']) 555 { 556 error($lang->error_invalid_announcement); 557 } 558 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 559 { 560 error_no_permission(); 561 } 562 563 $plugins->run_hooks("modcp_do_delete_announcement"); 564 565 $db->delete_query("announcements", "aid='{$aid}'"); 566 $cache->update_forumsdisplay(); 567 568 redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement); 569 } 570 571 if($mybb->input['action'] == "delete_announcement") 572 { 573 $aid = intval($mybb->input['aid']); 574 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 575 576 $announcement = $db->fetch_array($query); 577 $announcement['subject'] = htmlspecialchars_uni($announcement['subject']); 578 579 if(!$announcement['aid']) 580 { 581 error($lang->error_invalid_announcement); 582 } 583 584 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 585 { 586 error_no_permission(); 587 } 588 589 $plugins->run_hooks("modcp_delete_announcement"); 590 591 eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";"); 592 output_page($announcements); 593 } 594 595 if($mybb->input['action'] == "do_new_announcement") 596 { 597 verify_post_check($mybb->input['my_post_key']); 598 599 $announcement_fid = intval($mybb->input['fid']); 600 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid)) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 601 { 602 error_no_permission(); 603 } 604 605 if(!trim($mybb->input['title'])) 606 { 607 $errors[] = $lang->error_missing_title; 608 } 609 610 if(!trim($mybb->input['message'])) 611 { 612 $errors[] = $lang->error_missing_message; 613 } 614 615 if(!trim($mybb->input['fid'])) 616 { 617 $errors[] = $lang->error_missing_forum; 618 } 619 620 $startdate = @explode(" ", $mybb->input['starttime_time']); 621 $startdate = @explode(":", $startdate[0]); 622 $enddate = @explode(" ", $mybb->input['endtime_time']); 623 $enddate = @explode(":", $enddate[0]); 624 625 if(stristr($mybb->input['starttime_time'], "pm")) 626 { 627 $startdate[0] = 12+$startdate[0]; 628 if($startdate[0] >= 24) 629 { 630 $startdate[0] = "00"; 631 } 632 } 633 634 if(stristr($mybb->input['endtime_time'], "pm")) 635 { 636 $enddate[0] = 12+$enddate[0]; 637 if($enddate[0] >= 24) 638 { 639 $enddate[0] = "00"; 640 } 641 } 642 643 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 644 if(!in_array($mybb->input['starttime_month'], $months)) 645 { 646 $mybb->input['starttime_month'] = 1; 647 } 648 649 $startdate = gmmktime(intval($startdate[0]), intval($startdate[1]), 0, (int)$mybb->input['starttime_month'], intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year'])); 650 if(!checkdate(intval($mybb->input['starttime_month']), intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year'])) || $startdate < 0 || $startdate == false) 651 { 652 $errors[] = $lang->error_invalid_start_date; 653 } 654 655 if($mybb->input['endtime_type'] == "2") 656 { 657 $enddate = '0'; 658 } 659 else 660 { 661 if(!in_array($mybb->input['endtime_month'], $months)) 662 { 663 $mybb->input['endtime_month'] = 1; 664 } 665 $enddate = gmmktime(intval($enddate[0]), intval($enddate[1]), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year'])); 666 if(!checkdate(intval($mybb->input['endtime_month']), intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year'])) || $enddate < 0 || $enddate == false) 667 { 668 $errors[] = $lang->error_invalid_end_date; 669 } 670 if($enddate <= $startdate) 671 { 672 $errors[] = $lang->error_end_before_start; 673 } 674 } 675 676 $plugins->run_hooks("modcp_do_new_announcement_start"); 677 678 if(!$errors) 679 { 680 $mybb->input['title'] = utf8_handle_4byte_string($mybb->input['title']); 681 $mybb->input['message'] = utf8_handle_4byte_string($mybb->input['message']); 682 $insert_announcement = array( 683 'fid' => $announcement_fid, 684 'uid' => $mybb->user['uid'], 685 'subject' => $db->escape_string($mybb->input['title']), 686 'message' => $db->escape_string($mybb->input['message']), 687 'startdate' => $startdate, 688 'enddate' => $enddate, 689 'allowhtml' => $db->escape_string($mybb->input['allowhtml']), 690 'allowmycode' => $db->escape_string($mybb->input['allowmycode']), 691 'allowsmilies' => $db->escape_string($mybb->input['allowsmilies']), 692 ); 693 694 $aid = $db->insert_query("announcements", $insert_announcement); 695 696 $plugins->run_hooks("modcp_do_new_announcement_end"); 697 698 $cache->update_forumsdisplay(); 699 redirect("modcp.php?action=announcements", $lang->redirect_add_announcement); 700 } 701 else 702 { 703 $mybb->input['action'] = 'new_announcement'; 704 } 705 } 706 707 if($mybb->input['action'] == "new_announcement") 708 { 709 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 710 add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements"); 711 712 $announcement_fid = intval($mybb->input['fid']); 713 714 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid)) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 715 { 716 error_no_permission(); 717 } 718 719 // Deal with inline errors 720 if(is_array($errors)) 721 { 722 $errors = inline_error($errors); 723 724 // Set $announcement to input stuff 725 $announcement['subject'] = $mybb->input['title']; 726 $announcement['message'] = $mybb->input['message']; 727 $announcement['allowhtml'] = $mybb->input['allowhtml']; 728 $announcement['allowmycode'] = $mybb->input['allowmycode']; 729 $announcement['allowsmilies'] = $mybb->input['allowsmilies']; 730 731 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 732 if(!in_array($mybb->input['starttime_month'], $months)) 733 { 734 $mybb->input['starttime_month'] = 1; 735 } 736 737 if(!in_array($mybb->input['endtime_month'], $months)) 738 { 739 $mybb->input['endtime_month'] = 1; 740 } 741 742 $startmonth = $mybb->input['starttime_month']; 743 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 744 $startday = intval($mybb->input['starttime_day']); 745 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 746 $endmonth = $mybb->input['endtime_month']; 747 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 748 $endday = intval($mybb->input['endtime_day']); 749 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 750 } 751 else 752 { 753 // Note: dates are in GMT timezone 754 $starttime_time = gmdate("g:i a", TIME_NOW); 755 $endtime_time = gmdate("g:i a", TIME_NOW); 756 $startday = $endday = gmdate("j", TIME_NOW); 757 $startmonth = $endmonth = gmdate("m", TIME_NOW); 758 $startdateyear = gmdate("Y", TIME_NOW); 759 760 $enddateyear = $startdateyear+1; 761 } 762 763 // Generate form elements 764 for($i = 1; $i <= 31; ++$i) 765 { 766 if($startday == $i) 767 { 768 $startdateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 769 } 770 else 771 { 772 $startdateday .= "<option value=\"$i\">$i</option>\n"; 773 } 774 775 if($endday == $i) 776 { 777 $enddateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 778 } 779 else 780 { 781 $enddateday .= "<option value=\"$i\">$i</option>\n"; 782 } 783 } 784 785 $startmonthsel = $endmonthsel = array(); 786 $startmonthsel[$startmonth] = "selected=\"selected\""; 787 $endmonthsel[$endmonth] = "selected=\"selected\""; 788 789 $startdatemonth .= "<option value=\"01\" {$startmonthsel['01']}>{$lang->january}</option>\n"; 790 $enddatemonth .= "<option value=\"01\" {$endmonthsel['01']}>{$lang->january}</option>\n"; 791 $startdatemonth .= "<option value=\"02\" {$startmonthsel['02']}>{$lang->february}</option>\n"; 792 $enddatemonth .= "<option value=\"02\" {$endmonthsel['02']}>{$lang->february}</option>\n"; 793 $startdatemonth .= "<option value=\"03\" {$startmonthsel['03']}>{$lang->march}</option>\n"; 794 $enddatemonth .= "<option value=\"03\" {$endmonthsel['03']}>{$lang->march}</option>\n"; 795 $startdatemonth .= "<option value=\"04\" {$startmonthsel['04']}>{$lang->april}</option>\n"; 796 $enddatemonth .= "<option value=\"04\" {$endmonthsel['04']}>{$lang->april}</option>\n"; 797 $startdatemonth .= "<option value=\"05\" {$startmonthsel['05']}>{$lang->may}</option>\n"; 798 $enddatemonth .= "<option value=\"05\" {$endmonthsel['05']}>{$lang->may}</option>\n"; 799 $startdatemonth .= "<option value=\"06\" {$startmonthsel['06']}>{$lang->june}</option>\n"; 800 $enddatemonth .= "<option value=\"06\" {$endmonthsel['06']}>{$lang->june}</option>\n"; 801 $startdatemonth .= "<option value=\"07\" {$startmonthsel['07']}>{$lang->july}</option>\n"; 802 $enddatemonth .= "<option value=\"07\" {$endmonthsel['07']}>{$lang->july}</option>\n"; 803 $startdatemonth .= "<option value=\"08\" {$startmonthsel['08']}>{$lang->august}</option>\n"; 804 $enddatemonth .= "<option value=\"08\" {$endmonthsel['08']}>{$lang->august}</option>\n"; 805 $startdatemonth .= "<option value=\"09\" {$startmonthsel['09']}>{$lang->september}</option>\n"; 806 $enddatemonth .= "<option value=\"09\" {$endmonthsel['09']}>{$lang->september}</option>\n"; 807 $startdatemonth .= "<option value=\"10\" {$startmonthsel['10']}>{$lang->october}</option>\n"; 808 $enddatemonth .= "<option value=\"10\" {$endmonthsel['10']}>{$lang->october}</option>\n"; 809 $startdatemonth .= "<option value=\"11\" {$startmonthsel['11']}>{$lang->november}</option>\n"; 810 $enddatemonth .= "<option value=\"11\" {$endmonthsel['11']}>{$lang->november}</option>\n"; 811 $startdatemonth .= "<option value=\"12\" {$startmonthsel['12']}>{$lang->december}</option>\n"; 812 $enddatemonth .= "<option value=\"12\" {$endmonthsel['12']}>{$lang->december}</option>\n"; 813 814 $title = htmlspecialchars_uni($announcement['subject']); 815 $message = htmlspecialchars_uni($announcement['message']); 816 817 $html_sel = $mycode_sel = $smilies_sel = array(); 818 if($mybb->input['allowhtml'] || !isset($mybb->input['allowhtml'])) 819 { 820 $html_sel['yes'] = ' checked="checked"'; 821 } 822 else 823 { 824 $html_sel['no'] = ' checked="checked"'; 825 } 826 827 if($mybb->input['allowmycode'] || !isset($mybb->input['allowmycode'])) 828 { 829 $mycode_sel['yes'] = ' checked="checked"'; 830 } 831 else 832 { 833 $mycode_sel['no'] = ' checked="checked"'; 834 } 835 836 if($mybb->input['allowsmilies'] || !isset($mybb->input['allowsmilies'])) 837 { 838 $smilies_sel['yes'] = ' checked="checked"'; 839 } 840 else 841 { 842 $smilies_sel['no'] = ' checked="checked"'; 843 } 844 845 if($mybb->input['endtime_type'] == 2 || !isset($mybb->input['endtime_type'])) 846 { 847 $end_type_sel['infinite'] = ' checked="checked"'; 848 } 849 else 850 { 851 $end_type_sel['finite'] = ' checked="checked"'; 852 } 853 854 // MyCode editor 855 $codebuttons = build_mycode_inserter(); 856 $smilieinserter = build_clickable_smilies(); 857 858 $plugins->run_hooks("modcp_new_announcement"); 859 860 eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";"); 861 output_page($announcements); 862 } 863 864 if($mybb->input['action'] == "do_edit_announcement") 865 { 866 verify_post_check($mybb->input['my_post_key']); 867 868 // Get the announcement 869 $aid = intval($mybb->input['aid']); 870 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 871 $announcement = $db->fetch_array($query); 872 873 // Check that it exists 874 if(!$announcement['aid']) 875 { 876 error($lang->error_invalid_announcement); 877 } 878 879 // Mod has permissions to edit this announcement 880 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 881 { 882 error_no_permission(); 883 } 884 885 // Basic error checking 886 if(!trim($mybb->input['title'])) 887 { 888 $errors[] = $lang->error_missing_title; 889 } 890 891 if(!trim($mybb->input['message'])) 892 { 893 $errors[] = $lang->error_missing_message; 894 } 895 896 if(!trim($mybb->input['fid'])) 897 { 898 $errors[] = $lang->error_missing_forum; 899 } 900 901 $startdate = @explode(" ", $mybb->input['starttime_time']); 902 $startdate = @explode(":", $startdate[0]); 903 $enddate = @explode(" ", $mybb->input['endtime_time']); 904 $enddate = @explode(":", $enddate[0]); 905 906 if(stristr($mybb->input['starttime_time'], "pm")) 907 { 908 $startdate[0] = 12+$startdate[0]; 909 if($startdate[0] >= 24) 910 { 911 $startdate[0] = "00"; 912 } 913 } 914 915 if(stristr($mybb->input['endtime_time'], "pm")) 916 { 917 $enddate[0] = 12+$enddate[0]; 918 if($enddate[0] >= 24) 919 { 920 $enddate[0] = "00"; 921 } 922 } 923 924 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 925 if(!in_array($mybb->input['starttime_month'], $months)) 926 { 927 $mybb->input['starttime_month'] = 1; 928 } 929 930 $startdate = gmmktime(intval($startdate[0]), intval($startdate[1]), 0, (int)$mybb->input['starttime_month'], intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year'])); 931 if(!checkdate(intval($mybb->input['starttime_month']), intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year'])) || $startdate < 0 || $startdate == false) 932 { 933 $errors[] = $lang->error_invalid_start_date; 934 } 935 936 if($mybb->input['endtime_type'] == "2") 937 { 938 $enddate = '0'; 939 } 940 else 941 { 942 if(!in_array($mybb->input['endtime_month'], $months)) 943 { 944 $mybb->input['endtime_month'] = 1; 945 } 946 $enddate = gmmktime(intval($enddate[0]), intval($enddate[1]), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year'])); 947 if(!checkdate(intval($mybb->input['endtime_month']), intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year'])) || $enddate < 0 || $enddate == false) 948 { 949 $errors[] = $lang->error_invalid_end_date; 950 } 951 elseif($enddate <= $startdate) 952 { 953 $errors[] = $lang->error_end_before_start; 954 } 955 } 956 957 $plugins->run_hooks("modcp_do_edit_announcement_start"); 958 959 // Proceed to update if no errors 960 if(!$errors) 961 { 962 $mybb->input['title'] = utf8_handle_4byte_string($mybb->input['title']); 963 $mybb->input['message'] = utf8_handle_4byte_string($mybb->input['message']); 964 $update_announcement = array( 965 'uid' => $mybb->user['uid'], 966 'subject' => $db->escape_string($mybb->input['title']), 967 'message' => $db->escape_string($mybb->input['message']), 968 'startdate' => $startdate, 969 'enddate' => $enddate, 970 'allowhtml' => $db->escape_string($mybb->input['allowhtml']), 971 'allowmycode' => $db->escape_string($mybb->input['allowmycode']), 972 'allowsmilies' => $db->escape_string($mybb->input['allowsmilies']), 973 ); 974 975 $db->update_query("announcements", $update_announcement, "aid='{$aid}'"); 976 977 $plugins->run_hooks("modcp_do_edit_announcement_end"); 978 979 $cache->update_forumsdisplay(); 980 redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement); 981 } 982 else 983 { 984 $mybb->input['action'] = 'edit_announcement'; 985 } 986 } 987 988 if($mybb->input['action'] == "edit_announcement") 989 { 990 $announcement_fid = intval($mybb->input['fid']); 991 $aid = intval($mybb->input['aid']); 992 993 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 994 add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&aid={$aid}"); 995 996 // Get announcement 997 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 998 $announcement = $db->fetch_array($query); 999 1000 if(!$announcement['fid']) 1001 { 1002 error($lang->error_invalid_announcement); 1003 } 1004 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1005 { 1006 error_no_permission(); 1007 } 1008 1009 if(!$announcement['startdate']) 1010 { 1011 // No start date? Make it now. 1012 $announcement['startdate'] = TIME_NOW; 1013 } 1014 1015 $makeshift_end = false; 1016 if(!$announcement['enddate']) 1017 { 1018 $makeshift_end = true; 1019 $makeshift_time = TIME_NOW; 1020 if($announcement['startdate']) 1021 { 1022 $makeshift_time = $announcement['startdate']; 1023 } 1024 1025 // No end date? Make it a year from now. 1026 $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366); 1027 } 1028 1029 // Deal with inline errors 1030 if(is_array($errors)) 1031 { 1032 $errors = inline_error($errors); 1033 1034 // Set $announcement to input stuff 1035 $announcement['subject'] = $mybb->input['title']; 1036 $announcement['message'] = $mybb->input['message']; 1037 $announcement['allowhtml'] = $mybb->input['allowhtml']; 1038 $announcement['allowmycode'] = $mybb->input['allowmycode']; 1039 $announcement['allowsmilies'] = $mybb->input['allowsmilies']; 1040 1041 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1042 if(!in_array($mybb->input['starttime_month'], $months)) 1043 { 1044 $mybb->input['starttime_month'] = 1; 1045 } 1046 1047 if(!in_array($mybb->input['endtime_month'], $months)) 1048 { 1049 $mybb->input['endtime_month'] = 1; 1050 } 1051 1052 $startmonth = $mybb->input['starttime_month']; 1053 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1054 $startday = intval($mybb->input['starttime_day']); 1055 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1056 $endmonth = $mybb->input['endtime_month']; 1057 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1058 $endday = intval($mybb->input['endtime_day']); 1059 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1060 1061 $errored = true; 1062 } 1063 else 1064 { 1065 // Note: dates are in GMT timezone 1066 $starttime_time = gmdate('g:i a', $announcement['startdate']); 1067 $endtime_time = gmdate('g:i a', $announcement['enddate']); 1068 1069 $startday = gmdate('j', $announcement['startdate']); 1070 $endday = gmdate('j', $announcement['enddate']); 1071 1072 $startmonth = gmdate('m', $announcement['startdate']); 1073 $endmonth = gmdate('m', $announcement['enddate']); 1074 1075 $startdateyear = gmdate('Y', $announcement['startdate']); 1076 $enddateyear = gmdate('Y', $announcement['enddate']); 1077 1078 $errored = false; 1079 } 1080 1081 // Generate form elements 1082 for($i = 1; $i <= 31; ++$i) 1083 { 1084 if($startday == $i) 1085 { 1086 $startdateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 1087 } 1088 else 1089 { 1090 $startdateday .= "<option value=\"$i\">$i</option>\n"; 1091 } 1092 1093 if($endday == $i) 1094 { 1095 $enddateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 1096 } 1097 else 1098 { 1099 $enddateday .= "<option value=\"$i\">$i</option>\n"; 1100 } 1101 } 1102 1103 $startmonthsel = $endmonthsel = array(); 1104 $startmonthsel[$startmonth] = "selected=\"selected\""; 1105 $endmonthsel[$endmonth] = "selected=\"selected\""; 1106 1107 $startdatemonth .= "<option value=\"01\" {$startmonthsel['01']}>{$lang->january}</option>\n"; 1108 $enddatemonth .= "<option value=\"01\" {$endmonthsel['01']}>{$lang->january}</option>\n"; 1109 $startdatemonth .= "<option value=\"02\" {$startmonthsel['02']}>{$lang->february}</option>\n"; 1110 $enddatemonth .= "<option value=\"02\" {$endmonthsel['02']}>{$lang->february}</option>\n"; 1111 $startdatemonth .= "<option value=\"03\" {$startmonthsel['03']}>{$lang->march}</option>\n"; 1112 $enddatemonth .= "<option value=\"03\" {$endmonthsel['03']}>{$lang->march}</option>\n"; 1113 $startdatemonth .= "<option value=\"04\" {$startmonthsel['04']}>{$lang->april}</option>\n"; 1114 $enddatemonth .= "<option value=\"04\" {$endmonthsel['04']}>{$lang->april}</option>\n"; 1115 $startdatemonth .= "<option value=\"05\" {$startmonthsel['05']}>{$lang->may}</option>\n"; 1116 $enddatemonth .= "<option value=\"05\" {$endmonthsel['05']}>{$lang->may}</option>\n"; 1117 $startdatemonth .= "<option value=\"06\" {$startmonthsel['06']}>{$lang->june}</option>\n"; 1118 $enddatemonth .= "<option value=\"06\" {$endmonthsel['06']}>{$lang->june}</option>\n"; 1119 $startdatemonth .= "<option value=\"07\" {$startmonthsel['07']}>{$lang->july}</option>\n"; 1120 $enddatemonth .= "<option value=\"07\" {$endmonthsel['07']}>{$lang->july}</option>\n"; 1121 $startdatemonth .= "<option value=\"08\" {$startmonthsel['08']}>{$lang->august}</option>\n"; 1122 $enddatemonth .= "<option value=\"08\" {$endmonthsel['08']}>{$lang->august}</option>\n"; 1123 $startdatemonth .= "<option value=\"09\" {$startmonthsel['09']}>{$lang->september}</option>\n"; 1124 $enddatemonth .= "<option value=\"09\" {$endmonthsel['09']}>{$lang->september}</option>\n"; 1125 $startdatemonth .= "<option value=\"10\" {$startmonthsel['10']}>{$lang->october}</option>\n"; 1126 $enddatemonth .= "<option value=\"10\" {$endmonthsel['10']}>{$lang->october}</option>\n"; 1127 $startdatemonth .= "<option value=\"11\" {$startmonthsel['11']}>{$lang->november}</option>\n"; 1128 $enddatemonth .= "<option value=\"11\" {$endmonthsel['11']}>{$lang->november}</option>\n"; 1129 $startdatemonth .= "<option value=\"12\" {$startmonthsel['12']}>{$lang->december}</option>\n"; 1130 $enddatemonth .= "<option value=\"12\" {$endmonthsel['12']}>{$lang->december}</option>\n"; 1131 1132 $title = htmlspecialchars_uni($announcement['subject']); 1133 $message = htmlspecialchars_uni($announcement['message']); 1134 1135 $html_sel = $mycode_sel = $smilies_sel = array(); 1136 if($announcement['allowhtml']) 1137 { 1138 $html_sel['yes'] = ' checked="checked"'; 1139 } 1140 else 1141 { 1142 $html_sel['no'] = ' checked="checked"'; 1143 } 1144 1145 if($announcement['allowmycode']) 1146 { 1147 $mycode_sel['yes'] = ' checked="checked"'; 1148 } 1149 else 1150 { 1151 $mycode_sel['no'] = ' checked="checked"'; 1152 } 1153 1154 if($announcement['allowsmilies']) 1155 { 1156 $smilies_sel['yes'] = ' checked="checked"'; 1157 } 1158 else 1159 { 1160 $smilies_sel['no'] = ' checked="checked"'; 1161 } 1162 1163 if(($errored && $mybb->input['endtime_type'] == 2) || (!$errored && intval($announcement['enddate']) == 0) || $makeshift_end == true) 1164 { 1165 $end_type_sel['infinite'] = ' checked="checked"'; 1166 } 1167 else 1168 { 1169 $end_type_sel['finite'] = ' checked="checked"'; 1170 } 1171 1172 // MyCode editor 1173 $codebuttons = build_mycode_inserter(); 1174 $smilieinserter = build_clickable_smilies(); 1175 1176 $plugins->run_hooks("modcp_edit_announcement"); 1177 1178 eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";"); 1179 output_page($announcements); 1180 } 1181 1182 if($mybb->input['action'] == "announcements") 1183 { 1184 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1185 1186 // Fetch announcements into their proper arrays 1187 $query = $db->simple_select("announcements", "aid, fid, subject, enddate"); 1188 while($announcement = $db->fetch_array($query)) 1189 { 1190 if($announcement['fid'] == -1) 1191 { 1192 $global_announcements[$announcement['aid']] = $announcement; 1193 continue; 1194 } 1195 $announcements[$announcement['fid']][$announcement['aid']] = $announcement; 1196 } 1197 1198 if($mybb->usergroup['issupermod'] == 1) 1199 { 1200 if($global_announcements && $mybb->usergroup['issupermod'] == 1) 1201 { 1202 // Get the global announcements 1203 foreach($global_announcements as $aid => $announcement) 1204 { 1205 $trow = alt_trow(); 1206 if($announcement['startdate'] > TIME_NOW || ($announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0)) 1207 { 1208 $icon = "<img src=\"{$theme['imgdir']}/minioff.gif\" alt=\"({$lang->expired})\" title=\"{$lang->expired_announcement}\" style=\"vertical-align: middle;\" /> "; 1209 } 1210 else 1211 { 1212 $icon = "<img src=\"{$theme['imgdir']}/minion.gif\" alt=\"({$lang->active})\" title=\"{$lang->active_announcement}\" style=\"vertical-align: middle;\" /> "; 1213 } 1214 1215 $subject = htmlspecialchars_uni($announcement['subject']); 1216 1217 eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";"); 1218 } 1219 } 1220 else 1221 { 1222 // No global announcements 1223 eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";"); 1224 } 1225 eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";"); 1226 } 1227 else 1228 { 1229 // Moderator is not super, so don't show global annnouncemnets 1230 $announcements_global = ''; 1231 } 1232 1233 fetch_forum_announcements(); 1234 1235 if(!$announcements_forum) 1236 { 1237 eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";"); 1238 } 1239 1240 $plugins->run_hooks("modcp_announcements"); 1241 1242 eval("\$announcements = \"".$templates->get("modcp_announcements")."\";"); 1243 output_page($announcements); 1244 } 1245 1246 if($mybb->input['action'] == "do_modqueue") 1247 { 1248 require_once MYBB_ROOT."inc/class_moderation.php"; 1249 $moderation = new Moderation; 1250 1251 // Verify incoming POST request 1252 verify_post_check($mybb->input['my_post_key']); 1253 1254 $plugins->run_hooks("modcp_do_modqueue_start"); 1255 1256 if(is_array($mybb->input['threads'])) 1257 { 1258 // Fetch threads 1259 $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", array_map("intval", array_keys($mybb->input['threads'])))."){$flist}"); 1260 while($thread = $db->fetch_array($query)) 1261 { 1262 $action = $mybb->input['threads'][$thread['tid']]; 1263 if($action == "approve") 1264 { 1265 $threads_to_approve[] = $thread['tid']; 1266 } 1267 else if($action == "delete") 1268 { 1269 $threads_to_delete[] = $thread['tid']; 1270 } 1271 } 1272 if(!empty($threads_to_approve)) 1273 { 1274 $moderation->approve_threads($threads_to_approve); 1275 log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads); 1276 } 1277 if(!empty($threads_to_delete)) 1278 { 1279 foreach($threads_to_delete as $tid) 1280 { 1281 $moderation->delete_thread($tid); 1282 } 1283 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads); 1284 } 1285 1286 $plugins->run_hooks("modcp_do_modqueue_end"); 1287 1288 redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated); 1289 } 1290 else if(is_array($mybb->input['posts'])) 1291 { 1292 // Fetch posts 1293 $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", array_map("intval", array_keys($mybb->input['posts'])))."){$flist}"); 1294 while($post = $db->fetch_array($query)) 1295 { 1296 $action = $mybb->input['posts'][$post['pid']]; 1297 if($action == "approve") 1298 { 1299 $posts_to_approve[] = $post['pid']; 1300 } 1301 else if($action == "delete") 1302 { 1303 $moderation->delete_post($post['pid']); 1304 } 1305 } 1306 if(is_array($posts_to_approve)) 1307 { 1308 $moderation->approve_posts($posts_to_approve); 1309 } 1310 log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts); 1311 1312 $plugins->run_hooks("modcp_do_modqueue_end"); 1313 1314 redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated); 1315 } 1316 else if(is_array($mybb->input['attachments'])) 1317 { 1318 $query = $db->query(" 1319 SELECT a.pid, a.aid 1320 FROM ".TABLE_PREFIX."attachments a 1321 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 1322 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1323 WHERE aid IN (".implode(",", array_map("intval", array_keys($mybb->input['attachments'])))."){$tflist} 1324 "); 1325 while($attachment = $db->fetch_array($query)) 1326 { 1327 $action = $mybb->input['attachments'][$attachment['aid']]; 1328 if($action == "approve") 1329 { 1330 $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'"); 1331 } 1332 else if($action == "delete") 1333 { 1334 remove_attachment($attachment['pid'], '', $attachment['aid']); 1335 } 1336 } 1337 1338 $plugins->run_hooks("modcp_do_modqueue_end"); 1339 1340 redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated); 1341 } 1342 } 1343 1344 if($mybb->input['action'] == "modqueue") 1345 { 1346 if($mybb->input['type'] == "threads" || !$mybb->input['type']) 1347 { 1348 $forum_cache = $cache->read("forums"); 1349 1350 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible=0 {$flist}"); 1351 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 1352 1353 // Figure out if we need to display multiple pages. 1354 if($mybb->input['page'] != "last") 1355 { 1356 $page = intval($mybb->input['page']); 1357 } 1358 1359 $perpage = $mybb->settings['threadsperpage']; 1360 $pages = $unapproved_threads / $perpage; 1361 $pages = ceil($pages); 1362 1363 if($mybb->input['page'] == "last") 1364 { 1365 $page = $pages; 1366 } 1367 1368 if($page > $pages || $page <= 0) 1369 { 1370 $page = 1; 1371 } 1372 1373 if($page) 1374 { 1375 $start = ($page-1) * $perpage; 1376 } 1377 else 1378 { 1379 $start = 0; 1380 $page = 1; 1381 } 1382 1383 $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads"); 1384 1385 $query = $db->query(" 1386 SELECT t.tid, t.dateline, t.fid, t.subject, p.message AS postmessage, u.username AS username, t.uid 1387 FROM ".TABLE_PREFIX."threads t 1388 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost) 1389 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid) 1390 WHERE t.visible='0' {$tflist} 1391 ORDER BY t.lastpost DESC 1392 LIMIT {$start}, {$perpage} 1393 "); 1394 while($thread = $db->fetch_array($query)) 1395 { 1396 $altbg = alt_trow(); 1397 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 1398 $thread['threadlink'] = get_thread_link($thread['tid']); 1399 $thread['forumlink'] = get_forum_link($thread['fid']); 1400 $forum_name = $forum_cache[$thread['fid']]['name']; 1401 $threaddate = my_date($mybb->settings['dateformat'], $thread['dateline']); 1402 $threadtime = my_date($mybb->settings['timeformat'], $thread['dateline']); 1403 $profile_link = build_profile_link($thread['username'], $thread['uid']); 1404 $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage'])); 1405 $forum = "<strong>{$lang->meta_forum} <a href=\"{$thread['forumlink']}\">{$forum_name}</a></strong>"; 1406 eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";"); 1407 } 1408 1409 if(!$threads && $mybb->input['type'] == "threads") 1410 { 1411 eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";"); 1412 } 1413 1414 if($threads) 1415 { 1416 add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&type=threads"); 1417 1418 $plugins->run_hooks("modcp_modqueue_threads_end"); 1419 1420 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 1421 eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";"); 1422 output_page($threadqueue); 1423 } 1424 $type = 'threads'; 1425 } 1426 1427 if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue)) 1428 { 1429 $forum_cache = $cache->read("forums"); 1430 1431 $query = $db->query(" 1432 SELECT COUNT(pid) AS unapprovedposts 1433 FROM ".TABLE_PREFIX."posts p 1434 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1435 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 1436 "); 1437 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 1438 1439 // Figure out if we need to display multiple pages. 1440 if($mybb->input['page'] != "last") 1441 { 1442 $page = intval($mybb->input['page']); 1443 } 1444 1445 $perpage = $mybb->settings['postsperpage']; 1446 $pages = $unapproved_posts / $perpage; 1447 $pages = ceil($pages); 1448 1449 if($mybb->input['page'] == "last") 1450 { 1451 $page = $pages; 1452 } 1453 1454 if($page > $pages || $page <= 0) 1455 { 1456 $page = 1; 1457 } 1458 1459 if($page) 1460 { 1461 $start = ($page-1) * $perpage; 1462 } 1463 else 1464 { 1465 $start = 0; 1466 $page = 1; 1467 } 1468 1469 $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&type=posts"); 1470 1471 $query = $db->query(" 1472 SELECT p.pid, p.subject, p.message, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline 1473 FROM ".TABLE_PREFIX."posts p 1474 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1475 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 1476 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 1477 ORDER BY p.dateline DESC 1478 LIMIT {$start}, {$perpage} 1479 "); 1480 while($post = $db->fetch_array($query)) 1481 { 1482 $altbg = alt_trow(); 1483 $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject'])); 1484 $post['threadlink'] = get_thread_link($post['tid']); 1485 $post['forumlink'] = get_forum_link($post['fid']); 1486 $post['postlink'] = get_post_link($post['pid'], $post['tid']); 1487 $forum_name = $forum_cache[$post['fid']]['name']; 1488 $postdate = my_date($mybb->settings['dateformat'], $post['dateline']); 1489 $posttime = my_date($mybb->settings['timeformat'], $post['dateline']); 1490 $profile_link = build_profile_link($post['username'], $post['uid']); 1491 $thread = "<strong>{$lang->meta_thread} <a href=\"{$post['threadlink']}\">{$post['threadsubject']}</a></strong>"; 1492 $forum = "<strong>{$lang->meta_forum} <a href=\"{$post['forumlink']}\">{$forum_name}</a></strong><br />"; 1493 $post['message'] = nl2br(htmlspecialchars_uni($post['message'])); 1494 eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";"); 1495 } 1496 1497 if(!$posts && $mybb->input['type'] == "posts") 1498 { 1499 eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";"); 1500 } 1501 1502 if($posts) 1503 { 1504 add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&type=posts"); 1505 1506 $plugins->run_hooks("modcp_modqueue_posts_end"); 1507 1508 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 1509 eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";"); 1510 output_page($postqueue); 1511 } 1512 } 1513 1514 if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue)) 1515 { 1516 $query = $db->query(" 1517 SELECT COUNT(aid) AS unapprovedattachments 1518 FROM ".TABLE_PREFIX."attachments a 1519 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 1520 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1521 WHERE a.visible='0' {$tflist} 1522 "); 1523 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 1524 1525 // Figure out if we need to display multiple pages. 1526 if($mybb->input['page'] != "last") 1527 { 1528 $page = intval($mybb->input['page']); 1529 } 1530 1531 $perpage = $mybb->settings['postsperpage']; 1532 $pages = $unapproved_attachments / $perpage; 1533 $pages = ceil($pages); 1534 1535 if($mybb->input['page'] == "last") 1536 { 1537 $page = $pages; 1538 } 1539 1540 if($page > $pages || $page <= 0) 1541 { 1542 $page = 1; 1543 } 1544 1545 if($page) 1546 { 1547 $start = ($page-1) * $perpage; 1548 } 1549 else 1550 { 1551 $start = 0; 1552 $page = 1; 1553 } 1554 1555 $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&type=attachments"); 1556 1557 $query = $db->query(" 1558 SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject 1559 FROM ".TABLE_PREFIX."attachments a 1560 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 1561 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 1562 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 1563 WHERE a.visible='0' 1564 ORDER BY a.dateuploaded DESC 1565 LIMIT {$start}, {$perpage} 1566 "); 1567 while($attachment = $db->fetch_array($query)) 1568 { 1569 $altbg = alt_trow(); 1570 1571 if(!$attachment['dateuploaded']) 1572 { 1573 $attachment['dateuploaded'] = $attachment['dateline']; 1574 } 1575 1576 $attachdate = my_date($mybb->settings['dateformat'], $attachment['dateuploaded']); 1577 $attachtime = my_date($mybb->settings['timeformat'], $attachment['dateuploaded']); 1578 1579 $attachment['postsubject'] = htmlspecialchars_uni($attachment['postsubject']); 1580 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 1581 $attachment['threadsubject'] = htmlspecialchars_uni($attachment['threadsubject']); 1582 $attachment['filesize'] = get_friendly_size($attachment['filesize']); 1583 1584 $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}"; 1585 $thread_link = get_thread_link($attachment['tid']); 1586 $profile_link = build_profile_link($attachment['username'], $attachment['uid']); 1587 1588 eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";"); 1589 } 1590 1591 if(!$attachments && $mybb->input['type'] == "attachments") 1592 { 1593 eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";"); 1594 } 1595 1596 if($attachments) 1597 { 1598 add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&type=attachments"); 1599 1600 $plugins->run_hooks("modcp_modqueue_attachments_end"); 1601 1602 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 1603 eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";"); 1604 output_page($attachmentqueue); 1605 } 1606 } 1607 1608 // Still nothing? All queues are empty! :-D 1609 if(!$threadqueue && !$postqueue && !$attachmentqueue) 1610 { 1611 add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue"); 1612 1613 $plugins->run_hooks("modcp_modqueue_end"); 1614 1615 eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";"); 1616 output_page($queue); 1617 } 1618 } 1619 1620 if($mybb->input['action'] == "do_editprofile") 1621 { 1622 // Verify incoming POST request 1623 verify_post_check($mybb->input['my_post_key']); 1624 1625 $user = get_user($mybb->input['uid']); 1626 if(!$user['uid']) 1627 { 1628 error($lang->invalid_user); 1629 } 1630 1631 // Check if the current user has permission to edit this user 1632 if(!modcp_can_manage_user($user['uid'])) 1633 { 1634 error_no_permission(); 1635 } 1636 1637 $plugins->run_hooks("modcp_do_editprofile_start"); 1638 1639 // Set up user handler. 1640 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1641 $userhandler = new UserDataHandler('update'); 1642 1643 // Set the data for the new user. 1644 $updated_user = array( 1645 "uid" => $mybb->input['uid'], 1646 "profile_fields" => $mybb->input['profile_fields'], 1647 "profile_fields_editable" => true, 1648 "website" => $mybb->input['website'], 1649 "icq" => $mybb->input['icq'], 1650 "aim" => $mybb->input['aim'], 1651 "yahoo" => $mybb->input['yahoo'], 1652 "msn" => $mybb->input['msn'], 1653 "signature" => $mybb->input['signature'], 1654 "usernotes" => $mybb->input['usernotes'] 1655 ); 1656 1657 $updated_user['birthday'] = array( 1658 "day" => $mybb->input['birthday_day'], 1659 "month" => $mybb->input['birthday_month'], 1660 "year" => $mybb->input['birthday_year'] 1661 ); 1662 1663 if($mybb->input['usertitle'] != '') 1664 { 1665 $updated_user['usertitle'] = $mybb->input['usertitle']; 1666 } 1667 else if($mybb->input['reverttitle']) 1668 { 1669 $updated_user['usertitle'] = ''; 1670 } 1671 1672 if($mybb->input['remove_avatar']) 1673 { 1674 $updated_user['avatarurl'] = ''; 1675 } 1676 1677 // Set the data of the user in the datahandler. 1678 $userhandler->set_data($updated_user); 1679 $errors = ''; 1680 1681 // Validate the user and get any errors that might have occurred. 1682 if(!$userhandler->validate_user()) 1683 { 1684 $errors = $userhandler->get_friendly_errors(); 1685 $mybb->input['action'] = "editprofile"; 1686 } 1687 else 1688 { 1689 // Are we removing an avatar from this user? 1690 if($mybb->input['remove_avatar']) 1691 { 1692 $extra_user_updates = array( 1693 "avatar" => "", 1694 "avatardimensions" => "", 1695 "avatartype" => "" 1696 ); 1697 remove_avatars($user['uid']); 1698 } 1699 1700 // Moderator "Options" (suspend signature, suspend/moderate posting) 1701 $moderator_options = array( 1702 1 => array( 1703 "action" => "suspendsignature", // The moderator action we're performing 1704 "period" => "action_period", // The time period we've selected from the dropdown box 1705 "time" => "action_time", // The time we've entered 1706 "update_field" => "suspendsignature", // The field in the database to update if true 1707 "update_length" => "suspendsigtime" // The length of suspension field in the database 1708 ), 1709 2 => array( 1710 "action" => "moderateposting", 1711 "period" => "modpost_period", 1712 "time" => "modpost_time", 1713 "update_field" => "moderateposts", 1714 "update_length" => "moderationtime" 1715 ), 1716 3 => array( 1717 "action" => "suspendposting", 1718 "period" => "suspost_period", 1719 "time" => "suspost_time", 1720 "update_field" => "suspendposting", 1721 "update_length" => "suspensiontime" 1722 ) 1723 ); 1724 1725 require_once MYBB_ROOT."inc/functions_warnings.php"; 1726 foreach($moderator_options as $option) 1727 { 1728 $mybb->input[$option['time']] = intval($mybb->input[$option['time']]); 1729 if(!$mybb->input[$option['action']]) 1730 { 1731 if($user[$option['update_field']] == 1) 1732 { 1733 // We're revoking the suspension 1734 $extra_user_updates[$option['update_field']] = 0; 1735 $extra_user_updates[$option['update_length']] = 0; 1736 } 1737 1738 // Skip this option if we haven't selected it 1739 continue; 1740 } 1741 1742 if($mybb->input[$option['action']]) 1743 { 1744 if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1) 1745 { 1746 // User has selected a type of ban, but not entered a valid time frame 1747 $string = $option['action']."_error"; 1748 $errors[] = $lang->$string; 1749 } 1750 1751 if(!is_array($errors)) 1752 { 1753 $suspend_length = fetch_time_length(intval($mybb->input[$option['time']]), $mybb->input[$option['period']]); 1754 1755 if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never")) 1756 { 1757 // We already have a suspension, but entered a new time 1758 if($suspend_length == "-1") 1759 { 1760 // Permanent ban on action 1761 $extra_user_updates[$option['update_length']] = 0; 1762 } 1763 elseif($suspend_length && $suspend_length != "-1") 1764 { 1765 // Temporary ban on action 1766 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 1767 } 1768 } 1769 elseif(!$user[$option['update_field']]) 1770 { 1771 // New suspension for this user... bad user! 1772 $extra_user_updates[$option['update_field']] = 1; 1773 if($suspend_length == "-1") 1774 { 1775 $extra_user_updates[$option['update_length']] = 0; 1776 } 1777 else 1778 { 1779 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 1780 } 1781 } 1782 } 1783 } 1784 } 1785 1786 // Those with javascript turned off will be able to select both - cheeky! 1787 // Check to make sure we're not moderating AND suspending posting 1788 if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting']) 1789 { 1790 $errors[] = $lang->suspendmoderate_error; 1791 } 1792 1793 if(is_array($errors)) 1794 { 1795 $mybb->input['action'] = "editprofile"; 1796 } 1797 else 1798 { 1799 $plugins->run_hooks("modcp_do_editprofile_update"); 1800 1801 // Continue with the update if there is no errors 1802 $user_info = $userhandler->update_user(); 1803 $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'"); 1804 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user); 1805 1806 $plugins->run_hooks("modcp_do_editprofile_end"); 1807 1808 redirect("modcp.php?action=finduser", $lang->redirect_user_updated); 1809 } 1810 } 1811 } 1812 1813 if($mybb->input['action'] == "editprofile") 1814 { 1815 add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile"); 1816 1817 $user = get_user($mybb->input['uid']); 1818 if(!$user['uid']) 1819 { 1820 error($lang->invalid_user); 1821 } 1822 1823 // Check if the current user has permission to edit this user 1824 if(!modcp_can_manage_user($user['uid'])) 1825 { 1826 error_no_permission(); 1827 } 1828 1829 if($user['website'] == "" || $user['website'] == "http://") 1830 { 1831 $user['website'] = "http://"; 1832 } 1833 1834 if($user['icq'] != "0") 1835 { 1836 $user['icq'] = intval($user['icq']); 1837 } 1838 if($user['icq'] == 0) 1839 { 1840 $user['icq'] = ""; 1841 } 1842 1843 if(!$errors) 1844 { 1845 $mybb->input = array_merge($user, $mybb->input); 1846 list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = explode("-", $user['birthday']); 1847 } 1848 else 1849 { 1850 $errors = inline_error($errors); 1851 } 1852 1853 // Sanitize all input 1854 foreach(array('usertitle', 'website', 'icq', 'aim', 'yahoo', 'msn', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field) 1855 { 1856 $mybb->input[$field] = htmlspecialchars_uni($mybb->input[$field]); 1857 } 1858 1859 // Custom user title, check to see if we have a default group title 1860 if(!$user['displaygroup']) 1861 { 1862 $user['displaygroup'] = $user['usergroup']; 1863 } 1864 1865 $displaygroupfields = array('usertitle'); 1866 $display_group = usergroup_displaygroup($user['displaygroup']); 1867 1868 if(!empty($display_group['usertitle'])) 1869 { 1870 $defaulttitle = $display_group['usertitle']; 1871 } 1872 else 1873 { 1874 // Go for post count title if a group default isn't set 1875 $usertitles = $cache->read('usertitles'); 1876 1877 foreach($usertitles as $title) 1878 { 1879 if($title['posts'] <= $mybb->user['postnum']) 1880 { 1881 $defaulttitle = $title['title']; 1882 } 1883 } 1884 } 1885 1886 if(empty($user['usertitle'])) 1887 { 1888 $lang->current_custom_usertitle = ''; 1889 } 1890 1891 $bdaysel = ''; 1892 for($i = 1; $i <= 31; ++$i) 1893 { 1894 if($mybb->input['birthday_day'] == $i) 1895 { 1896 $bdaydaysel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n"; 1897 } 1898 else 1899 { 1900 $bdaydaysel .= "<option value=\"$i\">$i</option>\n"; 1901 } 1902 } 1903 $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"'; 1904 1905 $plugins->run_hooks("modcp_editprofile_start"); 1906 1907 // Fetch profile fields 1908 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 1909 $user_fields = $db->fetch_array($query); 1910 1911 $requiredfields = ''; 1912 $customfields = ''; 1913 $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder')); 1914 while($profilefield = $db->fetch_array($query)) 1915 { 1916 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 1917 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 1918 $thing = explode("\n", $profilefield['type'], "2"); 1919 $type = $thing[0]; 1920 $options = $thing[1]; 1921 $field = "fid{$profilefield['fid']}"; 1922 $select = ''; 1923 if($errors) 1924 { 1925 $userfield = $mybb->input['profile_fields'][$field]; 1926 } 1927 else 1928 { 1929 $userfield = $user_fields[$field]; 1930 } 1931 if($type == "multiselect") 1932 { 1933 if($errors) 1934 { 1935 $useropts = $userfield; 1936 } 1937 else 1938 { 1939 $useropts = explode("\n", $userfield); 1940 } 1941 if(is_array($useropts)) 1942 { 1943 foreach($useropts as $key => $val) 1944 { 1945 $seloptions[$val] = $val; 1946 } 1947 } 1948 $expoptions = explode("\n", $options); 1949 if(is_array($expoptions)) 1950 { 1951 foreach($expoptions as $key => $val) 1952 { 1953 $val = trim($val); 1954 $val = str_replace("\n", "\\n", $val); 1955 1956 $sel = ""; 1957 if($val == $seloptions[$val]) 1958 { 1959 $sel = " selected=\"selected\""; 1960 } 1961 $select .= "<option value=\"$val\"$sel>$val</option>\n"; 1962 } 1963 if(!$profilefield['length']) 1964 { 1965 $profilefield['length'] = 3; 1966 } 1967 $code = "<select name=\"profile_fields[$field][]\" size=\"{$profilefield['length']}\" multiple=\"multiple\">$select</select>"; 1968 } 1969 } 1970 elseif($type == "select") 1971 { 1972 $expoptions = explode("\n", $options); 1973 if(is_array($expoptions)) 1974 { 1975 foreach($expoptions as $key => $val) 1976 { 1977 $val = trim($val); 1978 $val = str_replace("\n", "\\n", $val); 1979 $sel = ""; 1980 if($val == $userfield) 1981 { 1982 $sel = " selected=\"selected\""; 1983 } 1984 $select .= "<option value=\"$val\"$sel>$val</option>"; 1985 } 1986 if(!$profilefield['length']) 1987 { 1988 $profilefield['length'] = 1; 1989 } 1990 $code = "<select name=\"profile_fields[$field]\" size=\"{$profilefield['length']}\">$select</select>"; 1991 } 1992 } 1993 elseif($type == "radio") 1994 { 1995 $expoptions = explode("\n", $options); 1996 if(is_array($expoptions)) 1997 { 1998 foreach($expoptions as $key => $val) 1999 { 2000 $checked = ""; 2001 if($val == $userfield) 2002 { 2003 $checked = " checked=\"checked\""; 2004 } 2005 $code .= "<input type=\"radio\" class=\"radio\" name=\"profile_fields[$field]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />"; 2006 } 2007 } 2008 } 2009 elseif($type == "checkbox") 2010 { 2011 if($errors) 2012 { 2013 $useropts = $userfield; 2014 } 2015 else 2016 { 2017 $useropts = explode("\n", $userfield); 2018 } 2019 if(is_array($useropts)) 2020 { 2021 foreach($useropts as $key => $val) 2022 { 2023 $seloptions[$val] = $val; 2024 } 2025 } 2026 $expoptions = explode("\n", $options); 2027 if(is_array($expoptions)) 2028 { 2029 foreach($expoptions as $key => $val) 2030 { 2031 $checked = ""; 2032 if($val == $seloptions[$val]) 2033 { 2034 $checked = " checked=\"checked\""; 2035 } 2036 $code .= "<input type=\"checkbox\" class=\"checkbox\" name=\"profile_fields[$field][]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />"; 2037 } 2038 } 2039 } 2040 elseif($type == "textarea") 2041 { 2042 $value = htmlspecialchars_uni($userfield); 2043 $code = "<textarea name=\"profile_fields[$field]\" rows=\"6\" cols=\"30\" style=\"width: 95%\">$value</textarea>"; 2044 } 2045 else 2046 { 2047 $value = htmlspecialchars_uni($userfield); 2048 $maxlength = ""; 2049 if($profilefield['maxlength'] > 0) 2050 { 2051 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 2052 } 2053 $code = "<input type=\"text\" name=\"profile_fields[$field]\" class=\"textbox\" size=\"{$profilefield['length']}\"{$maxlength} value=\"$value\" />"; 2054 } 2055 if($profilefield['required'] == 1) 2056 { 2057 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 2058 } 2059 else 2060 { 2061 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 2062 } 2063 $altbg = alt_trow(); 2064 $code = ""; 2065 $select = ""; 2066 $val = ""; 2067 $options = ""; 2068 $expoptions = ""; 2069 $useropts = ""; 2070 $seloptions = ""; 2071 } 2072 if($customfields) 2073 { 2074 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 2075 } 2076 2077 $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']); 2078 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 2079 2080 $codebuttons = build_mycode_inserter("signature"); 2081 2082 // Do we mark the suspend signature box? 2083 if($user['suspendsignature'] || ($mybb->input['suspendsignature'] && !empty($errors))) 2084 { 2085 $checked = 1; 2086 $checked_item = "checked=\"checked\""; 2087 } 2088 else 2089 { 2090 $checked = 0; 2091 } 2092 2093 // Do we mark the moderate posts box? 2094 if($user['moderateposts'] || ($mybb->input['moderateposting'] && !empty($errors))) 2095 { 2096 $modpost_check = 1; 2097 $modpost_checked = "checked=\"checked\""; 2098 } 2099 else 2100 { 2101 $modpost_check = 0; 2102 } 2103 2104 // Do we mark the suspend posts box? 2105 if($user['suspendposting'] || ($mybb->input['suspendposting'] && !empty($errors))) 2106 { 2107 $suspost_check = 1; 2108 $suspost_checked = "checked=\"checked\""; 2109 } 2110 else 2111 { 2112 $suspost_check = 0; 2113 } 2114 2115 $moderator_options = array( 2116 1 => array( 2117 "action" => "suspendsignature", // The input action for this option 2118 "option" => "suspendsignature", // The field in the database that this option relates to 2119 "time" => "action_time", // The time we've entered 2120 "length" => "suspendsigtime", // The length of suspension field in the database 2121 "select_option" => "action" // The name of the select box of this option 2122 ), 2123 2 => array( 2124 "action" => "moderateposting", 2125 "option" => "moderateposts", 2126 "time" => "modpost_time", 2127 "length" => "moderationtime", 2128 "select_option" => "modpost" 2129 ), 2130 3 => array( 2131 "action" => "suspendposting", 2132 "option" => "suspendposting", 2133 "time" => "suspost_time", 2134 "length" => "suspensiontime", 2135 "select_option" => "suspost" 2136 ) 2137 ); 2138 2139 $periods = array( 2140 "hours" => $lang->expire_hours, 2141 "days" => $lang->expire_days, 2142 "weeks" => $lang->expire_weeks, 2143 "months" => $lang->expire_months, 2144 "never" => $lang->expire_permanent 2145 ); 2146 2147 foreach($moderator_options as $option) 2148 { 2149 $mybb->input[$option['time']] = intval($mybb->input[$option['time']]); 2150 // Display the suspension info, if this user has this option suspended 2151 if($user[$option['option']]) 2152 { 2153 if($user[$option['length']] == 0) 2154 { 2155 // User has a permanent ban 2156 $string = $option['option']."_perm"; 2157 $suspension_info = $lang->$string; 2158 } 2159 else 2160 { 2161 // User has a temporary (or limited) ban 2162 $string = $option['option']."_for"; 2163 $for_date = my_date($mybb->settings['dateformat'], $user[$option['length']]); 2164 $for_time = my_date($mybb->settings['timeformat'], $user[$option['length']]); 2165 $suspension_info = $lang->sprintf($lang->$string, $for_date, $for_time); 2166 } 2167 2168 switch($option['option']) 2169 { 2170 case "suspendsignature": 2171 eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 2172 break; 2173 case "moderateposts": 2174 eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 2175 break; 2176 case "suspendposting": 2177 eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 2178 break; 2179 } 2180 } 2181 2182 // Generate the boxes for this option 2183 $selection_options = ''; 2184 foreach($periods as $key => $value) 2185 { 2186 $string = $option['select_option']."_period"; 2187 if($mybb->input[$string] == $key) 2188 { 2189 $selected = "selected=\"selected\""; 2190 } 2191 else 2192 { 2193 $selected = ''; 2194 } 2195 2196 eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";"); 2197 } 2198 2199 $select_name = $option['select_option']."_period"; 2200 switch($option['option']) 2201 { 2202 case "suspendsignature": 2203 eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";"); 2204 break; 2205 case "moderateposts": 2206 eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 2207 break; 2208 case "suspendposting": 2209 eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 2210 break; 2211 } 2212 } 2213 2214 eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";"); 2215 2216 $plugins->run_hooks("modcp_editprofile_end"); 2217 2218 eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";"); 2219 output_page($edituser); 2220 } 2221 2222 if($mybb->input['action'] == "finduser") 2223 { 2224 add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser"); 2225 2226 $perpage = intval($mybb->input['perpage']); 2227 if(!$perpage || $perpage <= 0) 2228 { 2229 $perpage = $mybb->settings['threadsperpage']; 2230 } 2231 $where = ''; 2232 2233 if($mybb->input['username']) 2234 { 2235 $where = " AND LOWER(username) LIKE '%".my_strtolower($db->escape_string_like($mybb->input['username']))."%'"; 2236 } 2237 2238 // Sort order & direction 2239 switch($mybb->input['sortby']) 2240 { 2241 case "lastvisit": 2242 $sortby = "lastvisit"; 2243 break; 2244 case "postnum": 2245 $sortby = "postnum"; 2246 break; 2247 case "username": 2248 $sortby = "username"; 2249 break; 2250 default: 2251 $sortby = "regdate"; 2252 } 2253 $order = $mybb->input['order']; 2254 if($order != "asc") 2255 { 2256 $order = "desc"; 2257 } 2258 2259 $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}"); 2260 $user_count = $db->fetch_field($query, "count"); 2261 2262 // Figure out if we need to display multiple pages. 2263 if($mybb->input['page'] != "last") 2264 { 2265 $page = intval($mybb->input['page']); 2266 } 2267 2268 $pages = $user_count / $perpage; 2269 $pages = ceil($pages); 2270 2271 if($mybb->input['page'] == "last") 2272 { 2273 $page = $pages; 2274 } 2275 2276 if($page > $pages || $page <= 0) 2277 { 2278 $page = 1; 2279 } 2280 if($page) 2281 { 2282 $start = ($page-1) * $perpage; 2283 } 2284 else 2285 { 2286 $start = 0; 2287 $page = 1; 2288 } 2289 2290 $page_url = 'modcp.php?action=finduser'; 2291 foreach(array('username', 'sortby', 'order') as $field) 2292 { 2293 if($mybb->input[$field]) 2294 { 2295 $page_url .= "&{$field}=".htmlspecialchars_uni($mybb->input[$field]); 2296 $mybb->input[$field] = htmlspecialchars_uni($mybb->input[$field]); 2297 } 2298 } 2299 2300 $multipage = multipage($user_count, $perpage, $page, $page_url); 2301 2302 $usergroups_cache = $cache->read("usergroups"); 2303 2304 $plugins->run_hooks("modcp_finduser_start"); 2305 2306 // Fetch out results 2307 $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start)); 2308 while($user = $db->fetch_array($query)) 2309 { 2310 $alt_row = alt_trow(); 2311 $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 2312 $user['postnum'] = my_number_format($user['postnum']); 2313 $regdate = my_date($mybb->settings['dateformat'], $user['regdate']); 2314 $regtime = my_date($mybb->settings['timeformat'], $user['regdate']); 2315 $lastdate = my_date($mybb->settings['dateformat'], $user['lastvisit']); 2316 $lasttime = my_date($mybb->settings['timeformat'], $user['lastvisit']); 2317 $usergroup = $usergroups_cache[$user['usergroup']]['title']; 2318 eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";"); 2319 } 2320 2321 // No results? 2322 if(!$users) 2323 { 2324 eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";"); 2325 } 2326 2327 $plugins->run_hooks("modcp_finduser_end"); 2328 2329 eval("\$finduser = \"".$templates->get("modcp_finduser")."\";"); 2330 output_page($finduser); 2331 } 2332 2333 if($mybb->input['action'] == "warninglogs") 2334 { 2335 add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs"); 2336 2337 // Filter options 2338 $where_sql = ''; 2339 if($mybb->input['filter']['username']) 2340 { 2341 $search['username'] = $db->escape_string($mybb->input['filter']['username']); 2342 $query = $db->simple_select("users", "uid", "username='{$search['username']}'"); 2343 $mybb->input['filter']['uid'] = $db->fetch_field($query, "uid"); 2344 $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']); 2345 } 2346 if($mybb->input['filter']['uid']) 2347 { 2348 $search['uid'] = intval($mybb->input['filter']['uid']); 2349 $where_sql .= " AND w.uid='{$search['uid']}'"; 2350 if(!isset($mybb->input['search']['username'])) 2351 { 2352 $user = get_user($mybb->input['search']['uid']); 2353 $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']); 2354 } 2355 } 2356 if($mybb->input['filter']['mod_username']) 2357 { 2358 $search['mod_username'] = $db->escape_string($mybb->input['filter']['mod_username']); 2359 $query = $db->simple_select("users", "uid", "username='{$search['mod_username']}'"); 2360 $mybb->input['filter']['mod_uid'] = $db->fetch_field($query, "uid"); 2361 $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']); 2362 } 2363 if($mybb->input['filter']['mod_uid']) 2364 { 2365 $search['mod_uid'] = intval($mybb->input['filter']['mod_uid']); 2366 $where_sql .= " AND w.issuedby='{$search['mod_uid']}'"; 2367 if(!isset($mybb->input['search']['mod_username'])) 2368 { 2369 $mod_user = get_user($mybb->input['search']['uid']); 2370 $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']); 2371 } 2372 } 2373 if($mybb->input['filter']['reason']) 2374 { 2375 $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']); 2376 $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')"; 2377 $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']); 2378 } 2379 $sortbysel = array(); 2380 switch($mybb->input['filter']['sortby']) 2381 { 2382 case "username": 2383 $sortby = "u.username"; 2384 $sortbysel['username'] = ' selected="selected"'; 2385 break; 2386 case "expires": 2387 $sortby = "w.expires"; 2388 $sortbysel['expires'] = ' selected="selected"'; 2389 break; 2390 case "issuedby": 2391 $sortby = "i.username"; 2392 $sortbysel['issuedby'] = ' selected="selected"'; 2393 break; 2394 default: // "dateline" 2395 $sortby = "w.dateline"; 2396 $sortbysel['dateline'] = ' selected="selected"'; 2397 } 2398 $order = $mybb->input['filter']['order']; 2399 $ordersel = array(); 2400 if($order != "asc") 2401 { 2402 $order = "desc"; 2403 $ordersel['desc'] = ' selected="selected"'; 2404 } 2405 else 2406 { 2407 $ordersel['asc'] = ' selected="selected"'; 2408 } 2409 2410 $plugins->run_hooks("modcp_warninglogs_start"); 2411 2412 // Pagination stuff 2413 $sql = " 2414 SELECT COUNT(wid) as count 2415 FROM 2416 ".TABLE_PREFIX."warnings w 2417 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 2418 WHERE 1=1 2419 {$where_sql} 2420 "; 2421 $query = $db->query($sql); 2422 $total_warnings = $db->fetch_field($query, 'count'); 2423 $page = 1; 2424 if(isset($mybb->input['page']) && intval($mybb->input['page']) > 0) 2425 { 2426 $page = intval($mybb->input['page']); 2427 } 2428 $per_page = 20; 2429 if(isset($mybb->input['filter']['per_page']) && intval($mybb->input['filter']['per_page']) > 0) 2430 { 2431 $per_page = intval($mybb->input['filter']['per_page']); 2432 } 2433 $start = ($page-1) * $per_page; 2434 // Build the base URL for pagination links 2435 $url = 'modcp.php?action=warninglogs'; 2436 if(is_array($mybb->input['filter']) && count($mybb->input['filter'])) 2437 { 2438 foreach($mybb->input['filter'] as $field => $value) 2439 { 2440 $value = urlencode($value); 2441 $url .= "&filter[{$field}]={$value}"; 2442 } 2443 } 2444 $multipage = multipage($total_warnings, $per_page, $page, $url); 2445 2446 // The actual query 2447 $sql = " 2448 SELECT 2449 w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby, 2450 t.title, 2451 u.uid, u.username, u.usergroup, u.displaygroup, 2452 i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup 2453 FROM ".TABLE_PREFIX."warnings w 2454 LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid) 2455 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 2456 LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby) 2457 WHERE 1=1 2458 {$where_sql} 2459 ORDER BY {$sortby} {$order} 2460 LIMIT {$start}, {$per_page} 2461 "; 2462 $query = $db->query($sql); 2463 2464 2465 $warning_list = ''; 2466 while($row = $db->fetch_array($query)) 2467 { 2468 $trow = alt_trow(); 2469 $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']); 2470 $username_link = build_profile_link($username, $row['uid']); 2471 $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']); 2472 $mod_username_link = build_profile_link($mod_username, $row['mod_uid']); 2473 $issued_date = my_date($mybb->settings['dateformat'], $row['dateline']).' '.my_date($mybb->settings['timeformat'], $row['dateline']); 2474 $revoked_text = ''; 2475 if($row['daterevoked'] > 0) 2476 { 2477 $revoked_date = my_date($mybb->settings['dateformat'], $row['daterevoked']).' '.my_date($mybb->settings['timeformat'], $row['daterevoked']); 2478 eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";"); 2479 } 2480 if($row['expires'] > 0) 2481 { 2482 $expire_date = my_date($mybb->settings['dateformat'], $row['expires']).' '.my_date($mybb->settings['timeformat'], $row['expires']); 2483 } 2484 else 2485 { 2486 $expire_date = $lang->never; 2487 } 2488 $title = $row['title']; 2489 if(empty($row['title'])) 2490 { 2491 $title = $row['custom_title']; 2492 } 2493 $title = htmlspecialchars_uni($title); 2494 if($row['points'] >= 0) 2495 { 2496 $points = '+'.$row['points']; 2497 } 2498 2499 eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";"); 2500 } 2501 2502 if(!$warning_list) 2503 { 2504 eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";"); 2505 } 2506 2507 $plugins->run_hooks("modcp_warninglogs_end"); 2508 2509 eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";"); 2510 output_page($warninglogs); 2511 } 2512 2513 if($mybb->input['action'] == "ipsearch") 2514 { 2515 add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch"); 2516 2517 if($mybb->input['ipaddress']) 2518 { 2519 if(!is_array($groupscache)) 2520 { 2521 $groupscache = $cache->read("usergroups"); 2522 } 2523 2524 $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']); 2525 2526 // Searching post IP addresses 2527 if($mybb->input['search_posts']) 2528 { 2529 // IPv6 IP 2530 if(strpos($mybb->input['ipaddress'], ":") !== false) 2531 { 2532 $post_ip_sql = "ipaddress LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."'"; 2533 } 2534 else 2535 { 2536 $ip_range = fetch_longipv4_range($mybb->input['ipaddress']); 2537 2538 if($ip_range) 2539 { 2540 if(!is_array($ip_range)) 2541 { 2542 $post_ip_sql = "longipaddress='{$ip_range}'"; 2543 } 2544 else 2545 { 2546 $post_ip_sql = "longipaddress > '{$ip_range[0]}' AND longipaddress < '{$ip_range[1]}'"; 2547 } 2548 } 2549 } 2550 2551 $plugins->run_hooks("modcp_ipsearch_posts_start"); 2552 2553 if($post_ip_sql) 2554 { 2555 $query = $db->query(" 2556 SELECT COUNT(pid) AS count 2557 FROM ".TABLE_PREFIX."posts 2558 WHERE {$post_ip_sql} 2559 "); 2560 2561 $post_results = $db->fetch_field($query, "count"); 2562 } 2563 } 2564 2565 // Searching user IP addresses 2566 if($mybb->input['search_users']) 2567 { 2568 // IPv6 IP 2569 if(strpos($mybb->input['ipaddress'], ":") !== false) 2570 { 2571 $user_ip_sql = "regip LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."' OR lastip LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."'"; 2572 } 2573 else 2574 { 2575 $ip_range = fetch_longipv4_range($mybb->input['ipaddress']); 2576 2577 if($ip_range) 2578 { 2579 if(!is_array($ip_range)) 2580 { 2581 $user_ip_sql = "longregip='{$ip_range}' OR longlastip='{$ip_range}'"; 2582 } 2583 else 2584 { 2585 $user_ip_sql = "(longregip > '{$ip_range[0]}' AND longregip < '{$ip_range[1]}') OR (longlastip > '{$ip_range[0]}' AND longlastip < '{$ip_range[1]}')"; 2586 } 2587 } 2588 } 2589 2590 $plugins->run_hooks("modcp_ipsearch_users_start"); 2591 2592 if($user_ip_sql) 2593 { 2594 $query = $db->query(" 2595 SELECT COUNT(uid) AS count 2596 FROM ".TABLE_PREFIX."users 2597 WHERE {$user_ip_sql} 2598 "); 2599 2600 $user_results = $db->fetch_field($query, "count"); 2601 } 2602 } 2603 2604 $total_results = $post_results+$user_results; 2605 2606 if(!$total_results) 2607 { 2608 $total_results = 1; 2609 } 2610 2611 // Now we have the result counts, paginate 2612 $perpage = intval($mybb->input['perpage']); 2613 if(!$perpage || $perpage <= 0) 2614 { 2615 $perpage = $mybb->settings['threadsperpage']; 2616 } 2617 2618 // Figure out if we need to display multiple pages. 2619 if($mybb->input['page'] != "last") 2620 { 2621 $page = intval($mybb->input['page']); 2622 } 2623 2624 $pages = $total_results / $perpage; 2625 $pages = ceil($pages); 2626 2627 if($mybb->input['page'] == "last") 2628 { 2629 $page = $pages; 2630 } 2631 2632 if($page > $pages || $page <= 0) 2633 { 2634 $page = 1; 2635 } 2636 2637 if($page) 2638 { 2639 $start = ($page-1) * $perpage; 2640 } 2641 else 2642 { 2643 $start = 0; 2644 $page = 1; 2645 } 2646 2647 $page_url = "modcp.php?action=ipsearch&perpage={$perpage}"; 2648 foreach(array('ipaddress', 'search_users', 'search_posts') as $input) 2649 { 2650 if(!$mybb->input[$input]) continue; 2651 $page_url .= "&{$input}=".htmlspecialchars_uni($mybb->input[$input]); 2652 } 2653 $multipage = multipage($total_results, $perpage, $page, $page_url); 2654 2655 $post_limit = $perpage; 2656 if($mybb->input['search_users'] && $user_results && $start <= $user_results) 2657 { 2658 $query = $db->query(" 2659 SELECT username, uid, regip, lastip 2660 FROM ".TABLE_PREFIX."users 2661 WHERE {$user_ip_sql} 2662 ORDER BY regdate DESC 2663 LIMIT {$start}, {$perpage} 2664 "); 2665 while($ipaddress = $db->fetch_array($query)) 2666 { 2667 $result = false; 2668 $profile_link = build_profile_link($ipaddress['username'], $ipaddress['uid']); 2669 $trow = alt_trow(); 2670 $regexp_ip = str_replace("\*", "(.*)", preg_quote($mybb->input['ipaddress'], "#")); 2671 // Reg IP matches 2672 if(preg_match("#{$regexp_ip}#i", $ipaddress['regip'])) 2673 { 2674 $ip = $ipaddress['regip']; 2675 $subject = "<strong>{$lang->ipresult_regip}</strong> {$profile_link}"; 2676 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 2677 $result = true; 2678 } 2679 // Last known IP matches 2680 if(preg_match("#{$regexp_ip}#i", $ipaddress['lastip'])) 2681 { 2682 $ip = $ipaddress['lastip']; 2683 $subject = "<strong>{$lang->ipresult_lastip}</strong> {$profile_link}"; 2684 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 2685 $result = true; 2686 } 2687 2688 if($result) 2689 { 2690 --$post_limit; 2691 } 2692 } 2693 } 2694 $post_start = 0; 2695 if($total_results > $user_results && $post_limit) 2696 { 2697 $post_start = $start-$user_results; 2698 if($post_start < 0) 2699 { 2700 $post_start = 0; 2701 } 2702 } 2703 if($mybb->input['search_posts'] && $post_results && (!$mybb->input['search_users'] || ($mybb->input['search_users'] && $post_limit > 0))) 2704 { 2705 $ipaddresses = $tids = $uids = array(); 2706 $query = $db->query(" 2707 SELECT username AS postusername, uid, subject, pid, tid, ipaddress 2708 FROM ".TABLE_PREFIX."posts 2709 WHERE {$post_ip_sql} 2710 ORDER BY dateline DESC 2711 LIMIT {$post_start}, {$post_limit} 2712 "); 2713 while($ipaddress = $db->fetch_array($query)) 2714 { 2715 $tids[$ipaddress['tid']] = $ipaddress['pid']; 2716 $uids[$ipaddress['uid']] = $ipaddress['pid']; 2717 $ipaddresses[$ipaddress['pid']] = $ipaddress; 2718 } 2719 2720 if(!empty($ipaddresses)) 2721 { 2722 $query = $db->simple_select("threads", "subject, tid", "tid IN(".implode(',', array_keys($tids)).")"); 2723 while($thread = $db->fetch_array($query)) 2724 { 2725 $ipaddresses[$tids[$thread['tid']]]['threadsubject'] = $thread['subject']; 2726 } 2727 unset($tids); 2728 2729 $query = $db->simple_select("users", "username, uid", "uid IN(".implode(',', array_keys($uids)).")"); 2730 while($user = $db->fetch_array($query)) 2731 { 2732 $ipaddresses[$uids[$user['uid']]]['username'] = $user['username']; 2733 } 2734 unset($uids); 2735 2736 foreach($ipaddresses as $ipaddress) 2737 { 2738 $ip = $ipaddress['ipaddress']; 2739 if(!$ipaddress['username']) $ipaddress['username'] = $ipaddress['postusername']; // Guest username support 2740 $trow = alt_trow(); 2741 if(!$ipaddress['subject']) 2742 { 2743 $ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}"; 2744 } 2745 $subject = "<strong>{$lang->ipresult_post}</strong> <a href=\"".get_post_link($ipaddress['pid'], $ipaddress['tid'])."\">".htmlspecialchars_uni($ipaddress['subject'])."</a> {$lang->by} ".build_profile_link($ipaddress['username'], $ipaddress['uid']); 2746 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 2747 } 2748 } 2749 } 2750 2751 if(!$results) 2752 { 2753 eval("\$results = \"".$templates->get("modcp_ipsearch_noresults")."\";"); 2754 } 2755 2756 if($ipaddressvalue) 2757 { 2758 $lang->ipsearch_results = $lang->sprintf($lang->ipsearch_results, $ipaddressvalue); 2759 } 2760 else 2761 { 2762 $lang->ipsearch_results = $lang->ipsearch; 2763 } 2764 2765 if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], ":")) 2766 { 2767 $misc_info_link = "<div class=\"float_right\">(<a href=\"modcp.php?action=iplookup&ipaddress=".htmlspecialchars_uni($mybb->input['ipaddress'])."\" onclick=\"MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress=".urlencode($mybb->input['ipaddress'])."', 'iplookup', 500, 250); return false;\">{$lang->info_on_ip}</a>)</div>"; 2768 } 2769 2770 eval("\$ipsearch_results = \"".$templates->get("modcp_ipsearch_results")."\";"); 2771 } 2772 2773 // Fetch filter options 2774 if(!$mybb->input['ipaddress']) 2775 { 2776 $mybb->input['search_posts'] = 1; 2777 $mybb->input['search_users'] = 1; 2778 } 2779 if($mybb->input['search_posts']) 2780 { 2781 $postsearchselect = "checked=\"checked\""; 2782 } 2783 if($mybb->input['search_users']) 2784 { 2785 $usersearchselect = "checked=\"checked\""; 2786 } 2787 2788 $plugins->run_hooks("modcp_ipsearch_end"); 2789 2790 eval("\$ipsearch = \"".$templates->get("modcp_ipsearch")."\";"); 2791 output_page($ipsearch); 2792 } 2793 2794 if($mybb->input['action'] == "iplookup") 2795 { 2796 $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress'])); 2797 $ipaddress_location = $lang->na; 2798 $ipaddress_host_name = $lang->na; 2799 $modcp_ipsearch_misc_info = ''; 2800 if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], ":")) 2801 { 2802 // Return GeoIP information if it is available to us 2803 if(function_exists('geoip_record_by_name')) 2804 { 2805 $ip_record = @geoip_record_by_name($mybb->input['ipaddress']); 2806 if($ip_record) 2807 { 2808 $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name'])); 2809 if($ip_record['city']) 2810 { 2811 $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city'])); 2812 } 2813 } 2814 } 2815 2816 $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress'])); 2817 2818 // gethostbyaddr returns the same ip on failure 2819 if($ipaddress_host_name == $mybb->input['ipaddress']) 2820 { 2821 $ipaddress_host_name = $lang->na; 2822 } 2823 } 2824 2825 $plugins->run_hooks("modcp_iplookup_end"); 2826 2827 eval("\$iplookup = \"".$templates->get('modcp_ipsearch_misc_info')."\";"); 2828 output_page($iplookup); 2829 } 2830 2831 if($mybb->input['action'] == "banning") 2832 { 2833 add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning"); 2834 2835 if(!$mybb->settings['threadsperpage']) 2836 { 2837 $mybb->settings['threadsperpage'] = 20; 2838 } 2839 2840 // Figure out if we need to display multiple pages. 2841 $perpage = $mybb->settings['threadsperpage']; 2842 if($mybb->input['page'] != "last") 2843 { 2844 $page = intval($mybb->input['page']); 2845 } 2846 2847 $query = $db->simple_select("banned", "COUNT(uid) AS count"); 2848 $banned_count = $db->fetch_field($query, "count"); 2849 2850 $postcount = intval($banned_count); 2851 $pages = $postcount / $perpage; 2852 $pages = ceil($pages); 2853 2854 if($mybb->input['page'] == "last") 2855 { 2856 $page = $pages; 2857 } 2858 2859 if($page > $pages || $page <= 0) 2860 { 2861 $page = 1; 2862 } 2863 2864 if($page) 2865 { 2866 $start = ($page-1) * $perpage; 2867 } 2868 else 2869 { 2870 $start = 0; 2871 $page = 1; 2872 } 2873 $upper = $start+$perpage; 2874 2875 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=banning"); 2876 if($postcount > $perpage) 2877 { 2878 eval("\$allbannedpages = \"".$templates->get("modcp_banning_multipage")."\";"); 2879 } 2880 2881 $plugins->run_hooks("modcp_banning_start"); 2882 2883 $query = $db->query(" 2884 SELECT b.*, a.username AS adminuser, u.username 2885 FROM ".TABLE_PREFIX."banned b 2886 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 2887 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 2888 ORDER BY lifted ASC 2889 LIMIT {$start}, {$perpage} 2890 "); 2891 2892 // Get the banned users 2893 while($banned = $db->fetch_array($query)) 2894 { 2895 $profile_link = build_profile_link($banned['username'], $banned['uid']); 2896 2897 // Only show the edit & lift links if current user created ban, or is super mod/admin 2898 $edit_link = ''; 2899 if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) 2900 { 2901 $edit_link = "<br /><span class=\"smalltext\"><a href=\"modcp.php?action=banuser&uid={$banned['uid']}\">{$lang->edit_ban}</a> | <a href=\"modcp.php?action=liftban&uid={$banned['uid']}&my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></span>"; 2902 } 2903 2904 $admin_profile = build_profile_link($banned['adminuser'], $banned['admin']); 2905 2906 $trow = alt_trow(); 2907 2908 if($banned['reason']) 2909 { 2910 $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason'])); 2911 } 2912 else 2913 { 2914 $banned['reason'] = $lang->na; 2915 } 2916 2917 if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---') 2918 { 2919 $banlength = $lang->permanent; 2920 $timeremaining = $lang->na; 2921 } 2922 else 2923 { 2924 $banlength = $bantimes[$banned['bantime']]; 2925 $remaining = $banned['lifted']-TIME_NOW; 2926 2927 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 2928 2929 if($remaining < 3600) 2930 { 2931 $timeremaining = "<span style=\"color: red;\">({$timeremaining} {$lang->ban_remaining})</span>"; 2932 } 2933 else if($remaining < 86400) 2934 { 2935 $timeremaining = "<span style=\"color: maroon;\">({$timeremaining} {$lang->ban_remaining})</span>"; 2936 } 2937 else if($remaining < 604800) 2938 { 2939 $timeremaining = "<span style=\"color: green;\">({$timeremaining} {$lang->ban_remaining})</span>"; 2940 } 2941 else 2942 { 2943 $timeremaining = "({$timeremaining} {$lang->ban_remaining})"; 2944 } 2945 } 2946 2947 eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";"); 2948 } 2949 2950 if(!$bannedusers) 2951 { 2952 eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";"); 2953 } 2954 2955 $plugins->run_hooks("modcp_banning"); 2956 2957 eval("\$bannedpage = \"".$templates->get("modcp_banning")."\";"); 2958 output_page($bannedpage); 2959 } 2960 2961 if($mybb->input['action'] == "liftban") 2962 { 2963 // Verify incoming POST request 2964 verify_post_check($mybb->input['my_post_key']); 2965 2966 $query = $db->simple_select("banned", "*", "uid='".intval($mybb->input['uid'])."'"); 2967 $ban = $db->fetch_array($query); 2968 2969 if(!$ban['uid']) 2970 { 2971 error($lang->error_invalidban); 2972 } 2973 2974 // Permission to edit this ban? 2975 if($mybb->user['uid'] != $ban['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 2976 { 2977 error_no_permission(); 2978 } 2979 2980 $plugins->run_hooks("modcp_liftban_start"); 2981 2982 $query = $db->simple_select("users", "username", "uid = '{$ban['uid']}'"); 2983 $username = $db->fetch_field($query, "username"); 2984 2985 $updated_group = array( 2986 'usergroup' => $ban['oldgroup'], 2987 'additionalgroups' => $ban['oldadditionalgroups'], 2988 'displaygroup' => $ban['olddisplaygroup'] 2989 ); 2990 $db->update_query("users", $updated_group, "uid='{$ban['uid']}'"); 2991 $db->delete_query("banned", "uid='{$ban['uid']}'"); 2992 2993 $cache->update_banned(); 2994 $cache->update_moderators(); 2995 log_moderator_action(array("uid" => $ban['uid'], "username" => $username), $lang->lifted_ban); 2996 2997 $plugins->run_hooks("modcp_liftban_end"); 2998 2999 redirect("modcp.php?action=banning", $lang->redirect_banlifted); 3000 } 3001 3002 if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post") 3003 { 3004 // Verify incoming POST request 3005 verify_post_check($mybb->input['my_post_key']); 3006 3007 // Editing an existing ban 3008 if($mybb->input['uid']) 3009 { 3010 // Get the users info from their uid 3011 $query = $db->query(" 3012 SELECT b.*, u.uid, u.usergroup, u.additionalgroups, u.displaygroup 3013 FROM ".TABLE_PREFIX."banned b 3014 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 3015 WHERE b.uid='{$mybb->input['uid']}' 3016 "); 3017 $user = $db->fetch_array($query); 3018 if(!$user['uid']) 3019 { 3020 error($lang->error_invalidban); 3021 } 3022 3023 // Permission to edit this ban? 3024 if($mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 3025 { 3026 error_no_permission(); 3027 } 3028 } 3029 // Creating a new ban 3030 else 3031 { 3032 // Get the users info from their Username 3033 $query = $db->simple_select("users", "uid, username, usergroup, additionalgroups, displaygroup", "username = '".$db->escape_string($mybb->input['username'])."'", array('limit' => 1)); 3034 $user = $db->fetch_array($query); 3035 if(!$user['uid']) 3036 { 3037 $errors[] = $lang->invalid_username; 3038 } 3039 } 3040 3041 if($user['uid'] == $mybb->user['uid']) 3042 { 3043 $errors[] = $lang->error_cannotbanself; 3044 } 3045 3046 // Have permissions to ban this user? 3047 if(!modcp_can_manage_user($user['uid'])) 3048 { 3049 $errors[] = $lang->error_cannotbanuser; 3050 } 3051 3052 // Check for an incoming reason 3053 if(!$mybb->input['banreason']) 3054 { 3055 $errors[] = $lang->error_nobanreason; 3056 } 3057 3058 // Check banned group 3059 $query = $db->simple_select("usergroups", "gid", "isbannedgroup=1 AND gid='".intval($mybb->input['usergroup'])."'"); 3060 if(!$db->fetch_field($query, "gid")) 3061 { 3062 $errors[] = $lang->error_nobangroup; 3063 } 3064 3065 // If this is a new ban, we check the user isn't already part of a banned group 3066 if(!$mybb->input['uid'] && $user['uid']) 3067 { 3068 $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'"); 3069 if($db->fetch_field($query, "uid")) 3070 { 3071 $errors[] = $lang->error_useralreadybanned; 3072 } 3073 } 3074 3075 $plugins->run_hooks("modcp_do_banuser_start"); 3076 3077 // Still no errors? Ban the user 3078 if(!$errors) 3079 { 3080 // Ban the user 3081 if($mybb->input['liftafter'] == '---') 3082 { 3083 $lifted = 0; 3084 } 3085 else 3086 { 3087 $lifted = ban_date2timestamp($mybb->input['liftafter'], $user['dateline']); 3088 } 3089 3090 if($mybb->input['uid']) 3091 { 3092 $username_select = $db->simple_select('users', 'username', "uid='" . (int)$mybb->input['uid'] . "'"); 3093 $user['username'] = $db->fetch_field($username_select, 'username'); 3094 $update_array = array( 3095 'gid' => intval($mybb->input['usergroup']), 3096 'admin' => intval($mybb->user['uid']), 3097 'dateline' => TIME_NOW, 3098 'bantime' => $db->escape_string($mybb->input['liftafter']), 3099 'lifted' => $db->escape_string($lifted), 3100 'reason' => $db->escape_string($mybb->input['banreason']) 3101 ); 3102 3103 $db->update_query('banned', $update_array, "uid='{$user['uid']}'"); 3104 } 3105 else 3106 { 3107 $insert_array = array( 3108 'uid' => $user['uid'], 3109 'gid' => intval($mybb->input['usergroup']), 3110 'oldgroup' => $user['usergroup'], 3111 'oldadditionalgroups' => $user['additionalgroups'], 3112 'olddisplaygroup' => $user['displaygroup'], 3113 'admin' => intval($mybb->user['uid']), 3114 'dateline' => TIME_NOW, 3115 'bantime' => $db->escape_string($mybb->input['liftafter']), 3116 'lifted' => $db->escape_string($lifted), 3117 'reason' => $db->escape_string($mybb->input['banreason']) 3118 ); 3119 3120 $db->insert_query('banned', $insert_array); 3121 } 3122 3123 // Move the user to the banned group 3124 $update_array = array( 3125 'usergroup' => intval($mybb->input['usergroup']), 3126 'displaygroup' => 0, 3127 'additionalgroups' => '', 3128 ); 3129 $db->update_query('users', $update_array, "uid = {$user['uid']}"); 3130 3131 $cache->update_banned(); 3132 3133 // Log edit or add ban 3134 if($mybb->input['uid']) 3135 { 3136 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user_ban); 3137 } 3138 else 3139 { 3140 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user); 3141 } 3142 3143 $plugins->run_hooks("modcp_do_banuser_end"); 3144 3145 if($mybb->input['uid']) 3146 { 3147 redirect("modcp.php?action=banning", $lang->redirect_banuser_updated); 3148 } 3149 else 3150 { 3151 redirect("modcp.php?action=banning", $lang->redirect_banuser); 3152 } 3153 } 3154 // Otherwise has errors, throw back to ban page 3155 else 3156 { 3157 $mybb->input['action'] = "banuser"; 3158 } 3159 } 3160 3161 if($mybb->input['action'] == "banuser") 3162 { 3163 add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning"); 3164 3165 if($mybb->input['uid']) 3166 { 3167 add_breadcrumb($lang->mcp_nav_ban_user); 3168 } 3169 else 3170 { 3171 add_breadcrumb($lang->mcp_nav_editing_ban); 3172 } 3173 3174 $plugins->run_hooks("modcp_banuser_start"); 3175 3176 // If incoming user ID, we are editing a ban 3177 if($mybb->input['uid']) 3178 { 3179 $query = $db->query(" 3180 SELECT b.*, u.username, u.uid 3181 FROM ".TABLE_PREFIX."banned b 3182 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 3183 WHERE b.uid='{$mybb->input['uid']}' 3184 "); 3185 $banned = $db->fetch_array($query); 3186 if($banned['username']) 3187 { 3188 $username = htmlspecialchars_uni($banned['username']); 3189 $banreason = htmlspecialchars_uni($banned['reason']); 3190 $uid = $mybb->input['uid']; 3191 $user = get_user($banned['uid']); 3192 $lang->ban_user = $lang->edit_ban; // Swap over lang variables 3193 eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";"); 3194 } 3195 } 3196 3197 // New ban! 3198 if(!$banuser_username) 3199 { 3200 if($mybb->input['uid']) 3201 { 3202 $user = get_user($mybb->input['uid']); 3203 $username = $user['username']; 3204 } 3205 else 3206 { 3207 $username = htmlspecialchars_uni($mybb->input['username']); 3208 } 3209 eval("\$banuser_username = \"".$templates->get("modcp_banuser_addusername")."\";"); 3210 } 3211 3212 // Coming back to this page from an error? 3213 if($errors) 3214 { 3215 $errors = inline_error($errors); 3216 $banned = array( 3217 "bantime" => $mybb->input['liftafter'], 3218 "reason" => $mybb->input['reason'], 3219 "gid" => $mybb->input['gid'] 3220 ); 3221 $banreason = htmlspecialchars_uni($mybb->input['banreason']); 3222 } 3223 3224 // Generate the banned times dropdown 3225 foreach($bantimes as $time => $title) 3226 { 3227 $liftlist .= "<option value=\"{$time}\""; 3228 if($banned['bantime'] == $time) 3229 { 3230 $liftlist .= " selected=\"selected\""; 3231 } 3232 $thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $banned['dateline'])); 3233 if($time == '---') 3234 { 3235 $liftlist .= ">{$title}</option>\n"; 3236 } 3237 else 3238 { 3239 $liftlist .= ">{$title} ({$thatime})</option>\n"; 3240 } 3241 } 3242 3243 $bangroups = ''; 3244 $query = $db->simple_select("usergroups", "gid, title", "isbannedgroup=1"); 3245 while($item = $db->fetch_array($query)) 3246 { 3247 $selected = ""; 3248 if($banned['gid'] == $item['gid']) 3249 { 3250 $selected = " selected=\"selected\""; 3251 } 3252 $bangroups .= "<option value=\"{$item['gid']}\"{$selected}>".htmlspecialchars_uni($item['title'])."</option>\n"; 3253 } 3254 3255 $lift_link = "<div class=\"float_right\"><a href=\"modcp.php?action=liftban&uid={$user['uid']}&my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></div>"; 3256 3257 $plugins->run_hooks("modcp_banuser_end"); 3258 3259 eval("\$banuser = \"".$templates->get("modcp_banuser")."\";"); 3260 output_page($banuser); 3261 } 3262 3263 if($mybb->input['action'] == "do_modnotes") 3264 { 3265 // Verify incoming POST request 3266 verify_post_check($mybb->input['my_post_key']); 3267 3268 $plugins->run_hooks("modcp_do_modnotes_start"); 3269 3270 // Update Moderator Notes cache 3271 $update_cache = array( 3272 "modmessage" => $mybb->input['modnotes'] 3273 ); 3274 $cache->update("modnotes", $update_cache); 3275 3276 $plugins->run_hooks("modcp_do_modnotes_end"); 3277 3278 redirect("modcp.php", $lang->redirect_modnotes); 3279 } 3280 3281 if(!$mybb->input['action']) 3282 { 3283 $query = $db->query(" 3284 SELECT COUNT(aid) AS unapprovedattachments 3285 FROM ".TABLE_PREFIX."attachments a 3286 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 3287 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3288 WHERE a.visible='0' {$tflist} 3289 "); 3290 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 3291 3292 if($unapproved_attachments > 0) 3293 { 3294 $query = $db->query(" 3295 SELECT t.tid, p.pid, p.uid, t.username, a.filename, a.dateuploaded 3296 FROM ".TABLE_PREFIX."attachments a 3297 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 3298 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3299 WHERE a.visible='0' {$tflist} 3300 ORDER BY a.dateuploaded DESC 3301 LIMIT 1 3302 "); 3303 $attachment = $db->fetch_array($query); 3304 $attachment['date'] = my_date($mybb->settings['dateformat'], $attachment['dateuploaded']); 3305 $attachment['time'] = my_date($mybb->settings['timeformat'], $attachment['dateuploaded']); 3306 $attachment['profilelink'] = build_profile_link($attachment['username'], $attachment['uid']); 3307 $attachment['link'] = get_post_link($attachment['pid'], $attachment['tid']); 3308 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 3309 3310 eval("\$latest_attachment = \"".$templates->get("modcp_lastattachment")."\";"); 3311 } 3312 else 3313 { 3314 $latest_attachment = "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>"; 3315 } 3316 3317 $query = $db->query(" 3318 SELECT COUNT(pid) AS unapprovedposts 3319 FROM ".TABLE_PREFIX."posts p 3320 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3321 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 3322 "); 3323 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 3324 3325 if($unapproved_posts > 0) 3326 { 3327 $query = $db->query(" 3328 SELECT p.pid, p.tid, p.subject, p.uid, p.username, p.dateline 3329 FROM ".TABLE_PREFIX."posts p 3330 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3331 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 3332 ORDER BY p.dateline DESC 3333 LIMIT 1 3334 "); 3335 $post = $db->fetch_array($query); 3336 $post['date'] = my_date($mybb->settings['dateformat'], $post['dateline']); 3337 $post['time'] = my_date($mybb->settings['timeformat'], $post['dateline']); 3338 $post['profilelink'] = build_profile_link($post['username'], $post['uid']); 3339 $post['link'] = get_post_link($post['pid'], $post['tid']); 3340 $post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']); 3341 if(my_strlen($post['subject']) > 25) 3342 { 3343 $post['subject'] = my_substr($post['subject'], 0, 25)."..."; 3344 } 3345 $post['subject'] = htmlspecialchars_uni($post['subject']); 3346 $post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']); 3347 3348 eval("\$latest_post = \"".$templates->get("modcp_lastpost")."\";"); 3349 } 3350 else 3351 { 3352 $latest_post = "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>"; 3353 } 3354 3355 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible=0 {$flist}"); 3356 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 3357 3358 if($unapproved_threads > 0) 3359 { 3360 $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible=0 {$flist}", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => 1)); 3361 $thread = $db->fetch_array($query); 3362 $thread['date'] = my_date($mybb->settings['dateformat'], $thread['dateline']); 3363 $thread['time'] = my_date($mybb->settings['timeformat'], $thread['dateline']); 3364 $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']); 3365 $thread['link'] = get_thread_link($thread['tid']); 3366 $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']); 3367 if(my_strlen($thread['subject']) > 25) 3368 { 3369 $post['subject'] = my_substr($thread['subject'], 0, 25)."..."; 3370 } 3371 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 3372 $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']); 3373 3374 eval("\$latest_thread = \"".$templates->get("modcp_lastthread")."\";"); 3375 } 3376 else 3377 { 3378 $latest_thread = "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>"; 3379 } 3380 3381 $where = ''; 3382 if($tflist) 3383 { 3384 $where = "WHERE (t.fid <> 0 {$tflist}) OR (!l.fid)"; 3385 } 3386 3387 $query = $db->query(" 3388 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 3389 FROM ".TABLE_PREFIX."moderatorlog l 3390 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 3391 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 3392 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 3393 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 3394 {$where} 3395 ORDER BY l.dateline DESC 3396 LIMIT 5 3397 "); 3398 3399 while($logitem = $db->fetch_array($query)) 3400 { 3401 $information = ''; 3402 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 3403 $log_date = my_date($mybb->settings['dateformat'], $logitem['dateline']); 3404 $log_time = my_date($mybb->settings['timeformat'], $logitem['dateline']); 3405 $trow = alt_trow(); 3406 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 3407 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 3408 if($logitem['tsubject']) 3409 { 3410 $information = "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($logitem['tid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['tsubject'])."</a><br />"; 3411 } 3412 if($logitem['fname']) 3413 { 3414 $information .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($logitem['fid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['fname'])."</a><br />"; 3415 } 3416 if($logitem['psubject']) 3417 { 3418 $information .= "<strong>{$lang->post}</strong> <a href=\"".get_post_link($logitem['pid'])."#pid{$logitem['pid']}\">".htmlspecialchars_uni($logitem['psubject'])."</a>"; 3419 } 3420 3421 // Edited a user? 3422 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 3423 { 3424 $data = unserialize($logitem['data']); 3425 if($data['uid']) 3426 { 3427 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 3428 } 3429 } 3430 3431 eval("\$modlogresults .= \"".$templates->get("modcp_modlogs_result")."\";"); 3432 } 3433 3434 if(!$modlogresults) 3435 { 3436 eval("\$modlogresults = \"".$templates->get("modcp_modlogs_noresults")."\";"); 3437 } 3438 3439 $query = $db->query(" 3440 SELECT b.*, a.username AS adminuser, u.username, (b.lifted-".TIME_NOW.") AS remaining 3441 FROM ".TABLE_PREFIX."banned b 3442 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 3443 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 3444 WHERE b.bantime != '---' AND b.bantime != 'perm' 3445 ORDER BY remaining ASC 3446 LIMIT 5 3447 "); 3448 3449 // Get the banned users 3450 while($banned = $db->fetch_array($query)) 3451 { 3452 $profile_link = build_profile_link($banned['username'], $banned['uid']); 3453 3454 // Only show the edit & lift links if current user created ban, or is super mod/admin 3455 $edit_link = ''; 3456 if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) 3457 { 3458 $edit_link = "<br /><span class=\"smalltext\"><a href=\"modcp.php?action=banuser&uid={$banned['uid']}\">{$lang->edit_ban}</a> | <a href=\"modcp.php?action=liftban&uid={$banned['uid']}&my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></span>"; 3459 } 3460 3461 $admin_profile = build_profile_link($banned['adminuser'], $banned['admin']); 3462 3463 $trow = alt_trow(); 3464 3465 if($banned['reason']) 3466 { 3467 $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason'])); 3468 } 3469 else 3470 { 3471 $banned['reason'] = $lang->na; 3472 } 3473 3474 if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---') 3475 { 3476 $banlength = $lang->permanent; 3477 $timeremaining = $lang->na; 3478 } 3479 else 3480 { 3481 $banlength = $bantimes[$banned['bantime']]; 3482 $remaining = $banned['remaining']; 3483 3484 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 3485 3486 if($remaining <= 0) 3487 { 3488 $timeremaining = "<span style=\"color: red;\">({$lang->ban_ending_imminently})</span>"; 3489 } 3490 else if($remaining < 3600) 3491 { 3492 $timeremaining = "<span style=\"color: red;\">({$timeremaining} {$lang->ban_remaining})</span>"; 3493 } 3494 else if($remaining < 86400) 3495 { 3496 $timeremaining = "<span style=\"color: maroon;\">({$timeremaining} {$lang->ban_remaining})</span>"; 3497 } 3498 else if($remaining < 604800) 3499 { 3500 $timeremaining = "<span style=\"color: green;\">({$timeremaining} {$lang->ban_remaining})</span>"; 3501 } 3502 else 3503 { 3504 $timeremaining = "({$timeremaining} {$lang->ban_remaining})"; 3505 } 3506 } 3507 3508 eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";"); 3509 } 3510 3511 if(!$bannedusers) 3512 { 3513 eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";"); 3514 } 3515 3516 $modnotes = $cache->read("modnotes"); 3517 $modnotes = htmlspecialchars_uni($modnotes['modmessage']); 3518 3519 $plugins->run_hooks("modcp_end"); 3520 3521 eval("\$modcp = \"".$templates->get("modcp")."\";"); 3522 output_page($modcp); 3523 } 3524 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |