[ Index ]

PHP Cross Reference of MyBB 1.8.21

title

Body

[close]

/admin/modules/user/ -> users.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  require_once  MYBB_ROOT."inc/functions_upload.php";
  18  
  19  $page->add_breadcrumb_item($lang->users, "index.php?module=user-users");
  20  
  21  if($mybb->input['action'] == "add" || $mybb->input['action'] == "merge" || $mybb->input['action'] == "search" || !$mybb->input['action'])
  22  {
  23      $sub_tabs['browse_users'] = array(
  24          'title' => $lang->browse_users,
  25          'link' => "index.php?module=user-users",
  26          'description' => $lang->browse_users_desc
  27      );
  28  
  29      $sub_tabs['find_users'] = array(
  30          'title' => $lang->find_users,
  31          'link' => "index.php?module=user-users&amp;action=search",
  32          'description' => $lang->find_users_desc
  33      );
  34  
  35      $sub_tabs['create_user'] = array(
  36          'title' => $lang->create_user,
  37          'link' => "index.php?module=user-users&amp;action=add",
  38          'description' => $lang->create_user_desc
  39      );
  40  
  41      $sub_tabs['merge_users'] = array(
  42          'title' => $lang->merge_users,
  43          'link' => "index.php?module=user-users&amp;action=merge",
  44          'description' => $lang->merge_users_desc
  45      );
  46  }
  47  
  48  $user_view_fields = array(
  49      "avatar" => array(
  50          "title" => $lang->avatar,
  51          "width" => "24",
  52          "align" => ""
  53      ),
  54  
  55      "username" => array(
  56          "title" => $lang->username,
  57          "width" => "",
  58          "align" => ""
  59      ),
  60  
  61      "email" => array(
  62          "title" => $lang->email,
  63          "width" => "",
  64          "align" => "center"
  65      ),
  66  
  67      "usergroup" => array(
  68          "title" => $lang->primary_group,
  69          "width" => "",
  70          "align" => "center"
  71      ),
  72  
  73      "additionalgroups" => array(
  74          "title" => $lang->additional_groups,
  75          "width" => "",
  76          "align" => "center"
  77      ),
  78  
  79      "regdate" => array(
  80          "title" => $lang->registered,
  81          "width" => "",
  82          "align" => "center"
  83      ),
  84  
  85      "lastactive" => array(
  86          "title" => $lang->last_active,
  87          "width" => "",
  88          "align" => "center"
  89      ),
  90  
  91      "postnum" => array(
  92          "title" => $lang->post_count,
  93          "width" => "",
  94          "align" => "center"
  95      ),
  96  
  97      "threadnum" => array(
  98          "title" => $lang->thread_count,
  99          "width" => "",
 100          "align" => "center"
 101      ),
 102  
 103      "reputation" => array(
 104          "title" => $lang->reputation,
 105          "width" => "",
 106          "align" => "center"
 107      ),
 108  
 109      "warninglevel" => array(
 110          "title" => $lang->warning_level,
 111          "width" => "",
 112          "align" => "center"
 113      ),
 114  
 115      "regip" => array(
 116          "title" => $lang->registration_ip,
 117          "width" => "",
 118          "align" => "center"
 119      ),
 120  
 121      "lastip" => array(
 122          "title" => $lang->last_known_ip,
 123          "width" => "",
 124          "align" => "center"
 125      ),
 126  
 127      "controls" => array(
 128          "title" => $lang->controls,
 129          "width" => "",
 130          "align" => "center"
 131      )
 132  );
 133  
 134  $sort_options = array(
 135      "username" => $lang->username,
 136      "regdate" => $lang->registration_date,
 137      "lastactive" => $lang->last_active,
 138      "numposts" => $lang->post_count,
 139      "reputation" => $lang->reputation,
 140      "warninglevel" => $lang->warning_level
 141  );
 142  
 143  $plugins->run_hooks("admin_user_users_begin");
 144  
 145  // Initialise the views manager for user based views
 146  require MYBB_ADMIN_DIR."inc/functions_view_manager.php";
 147  if($mybb->input['action'] == "views")
 148  {
 149      view_manager("index.php?module=user-users", "user", $user_view_fields, $sort_options, "user_search_conditions");
 150  }
 151  
 152  if($mybb->input['action'] == 'iplookup')
 153  {
 154      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
 155      $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress']));
 156      $ipaddress_location = $lang->na;
 157      $ipaddress_host_name = $lang->na;
 158      $modcp_ipsearch_misc_info = '';
 159      if(!strstr($mybb->input['ipaddress'], "*"))
 160      {
 161          // Return GeoIP information if it is available to us
 162          if(function_exists('geoip_record_by_name'))
 163          {
 164              $ip_record = @geoip_record_by_name($mybb->input['ipaddress']);
 165              if($ip_record)
 166              {
 167                  $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name']));
 168                  if($ip_record['city'])
 169                  {
 170                      $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city']));
 171                  }
 172              }
 173          }
 174  
 175          $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress']));
 176  
 177          // gethostbyaddr returns the same ip on failure
 178          if($ipaddress_host_name == $mybb->input['ipaddress'])
 179          {
 180              $ipaddress_host_name = $lang->na;
 181          }
 182      }
 183  
 184      ?>
 185      <div class="modal">
 186          <div style="overflow-y: auto; max-height: 400px;">
 187  
 188              <?php
 189  
 190              $table = new Table();
 191  
 192              $table->construct_cell($lang->ipaddress_host_name.":");
 193              $table->construct_cell($ipaddress_host_name);
 194              $table->construct_row();
 195  
 196              $table->construct_cell($lang->ipaddress_location.":");
 197              $table->construct_cell($ipaddress_location);
 198              $table->construct_row();
 199  
 200              $table->output($lang->ipaddress_misc_info);
 201  
 202              ?>
 203          </div>
 204      </div>
 205  <?php
 206  }
 207  
 208  if($mybb->input['action'] == "activate_user")
 209  {
 210      if(!verify_post_check($mybb->input['my_post_key']))
 211      {
 212          flash_message($lang->invalid_post_verify_key2, 'error');
 213          admin_redirect("index.php?module=user-users");
 214      }
 215  
 216      $user = get_user($mybb->input['uid']);
 217  
 218      // Does the user not exist?
 219      if(!$user['uid'] || $user['usergroup'] != 5)
 220      {
 221          flash_message($lang->error_invalid_user, 'error');
 222          admin_redirect("index.php?module=user-users");
 223      }
 224  
 225      $plugins->run_hooks("admin_user_users_coppa_activate");
 226  
 227      $updated_user['usergroup'] = $user['usergroup'];
 228  
 229      // Update
 230      if($user['coppauser'])
 231      {
 232          $updated_user = array(
 233              "coppauser" => 0
 234          );
 235      }
 236      else
 237      {
 238          $db->delete_query("awaitingactivation", "uid='{$user['uid']}'");
 239      }
 240  
 241      // Move out of awaiting activation if they're in it.
 242      if($user['usergroup'] == 5)
 243      {
 244          $updated_user['usergroup'] = 2;
 245      }
 246  
 247      $plugins->run_hooks("admin_user_users_coppa_activate_commit");
 248  
 249      $db->update_query("users", $updated_user, "uid='{$user['uid']}'");
 250  
 251      $cache->update_awaitingactivation();
 252  
 253      $message = $lang->sprintf($lang->email_adminactivateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
 254      my_mail($user['email'], $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']), $message);
 255  
 256      // Log admin action
 257      log_admin_action($user['uid'], $user['username']);
 258  
 259      if($mybb->input['from'] == "home")
 260      {
 261          if($user['coppauser'])
 262          {
 263              $message = $lang->success_coppa_activated;
 264          }
 265          else
 266          {
 267              $message = $lang->success_activated;
 268          }
 269  
 270          update_admin_session('flash_message2', array('message' => $message, 'type' => 'success'));
 271      }
 272      else
 273      {
 274          if($user['coppauser'])
 275          {
 276              flash_message($lang->success_coppa_activated, 'success');
 277          }
 278          else
 279          {
 280              flash_message($lang->success_activated, 'success');
 281          }
 282      }
 283  
 284      if($admin_session['data']['last_users_url'])
 285      {
 286          $url = $admin_session['data']['last_users_url'];
 287          update_admin_session('last_users_url', '');
 288  
 289          if($mybb->input['from'] == "home")
 290          {
 291              update_admin_session('from', 'home');
 292          }
 293      }
 294      else
 295      {
 296          $url = "index.php?module=user-users&action=edit&uid={$user['uid']}";
 297      }
 298  
 299      $plugins->run_hooks("admin_user_users_coppa_end");
 300  
 301      admin_redirect($url);
 302  }
 303  
 304  if($mybb->input['action'] == "add")
 305  {
 306      $plugins->run_hooks("admin_user_users_add");
 307  
 308      if($mybb->request_method == "post")
 309      {
 310          // Determine the usergroup stuff
 311          if(is_array($mybb->input['additionalgroups']))
 312          {
 313              foreach($mybb->input['additionalgroups'] as $key => $gid)
 314              {
 315                  if($gid == $mybb->input['usergroup'])
 316                  {
 317                      unset($mybb->input['additionalgroups'][$key]);
 318                  }
 319              }
 320              $additionalgroups = implode(",", $mybb->input['additionalgroups']);
 321          }
 322          else
 323          {
 324              $additionalgroups = '';
 325          }
 326  
 327          // Set up user handler.
 328          require_once  MYBB_ROOT."inc/datahandlers/user.php";
 329          $userhandler = new UserDataHandler('insert');
 330  
 331          // Set the data for the new user.
 332          $new_user = array(
 333              "uid" => $mybb->input['uid'],
 334              "username" => $mybb->input['username'],
 335              "password" => $mybb->input['password'],
 336              "password2" => $mybb->input['confirm_password'],
 337              "email" => $mybb->input['email'],
 338              "email2" => $mybb->input['email'],
 339              "usergroup" => $mybb->input['usergroup'],
 340              "additionalgroups" => $additionalgroups,
 341              "displaygroup" => $mybb->input['displaygroup'],
 342              "profile_fields" => $mybb->input['profile_fields'],
 343              "profile_fields_editable" => true,
 344          );
 345  
 346          // Set the data of the user in the datahandler.
 347          $userhandler->set_data($new_user);
 348          $errors = '';
 349  
 350          // Validate the user and get any errors that might have occurred.
 351          if(!$userhandler->validate_user())
 352          {
 353              $errors = $userhandler->get_friendly_errors();
 354          }
 355          else
 356          {
 357              $user_info = $userhandler->insert_user();
 358  
 359              $plugins->run_hooks("admin_user_users_add_commit");
 360  
 361              // Log admin action
 362              log_admin_action($user_info['uid'], $user_info['username']);
 363  
 364              flash_message($lang->success_user_created, 'success');
 365              admin_redirect("index.php?module=user-users&action=edit&uid={$user_info['uid']}");
 366          }
 367      }
 368  
 369      // Fetch custom profile fields - only need required profile fields here
 370      $query = $db->simple_select("profilefields", "*", "required=1", array('order_by' => 'disporder'));
 371  
 372      $profile_fields = array();
 373      while($profile_field = $db->fetch_array($query))
 374      {
 375          $profile_fields['required'][] = $profile_field;
 376      }
 377  
 378      $page->add_breadcrumb_item($lang->create_user);
 379      $page->output_header($lang->create_user);
 380  
 381      $form = new Form("index.php?module=user-users&amp;action=add", "post");
 382  
 383      $page->output_nav_tabs($sub_tabs, 'create_user');
 384  
 385      // If we have any error messages, show them
 386      if($errors)
 387      {
 388          $page->output_inline_error($errors);
 389      }
 390      else
 391      {
 392          $mybb->input = array_merge($mybb->input, array('usergroup' => 2));
 393      }
 394  
 395      $form_container = new FormContainer($lang->required_profile_info);
 396      $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', htmlspecialchars_uni($mybb->get_input('username')), array('id' => 'username')), 'username');
 397      $form_container->output_row($lang->password." <em>*</em>", "", $form->generate_password_box('password', $mybb->input['password'], array('id' => 'password', 'autocomplete' => 'off')), 'password');
 398      $form_container->output_row($lang->confirm_password." <em>*</em>", "", $form->generate_password_box('confirm_password', $mybb->input['confirm_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');
 399      $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email');
 400  
 401      $display_group_options[0] = $lang->use_primary_user_group;
 402      $options = array();
 403      $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
 404      while($usergroup = $db->fetch_array($query))
 405      {
 406          $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 407          $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 408      }
 409  
 410      $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 411      $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
 412      $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
 413  
 414      // Output custom profile fields - required
 415      output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form);
 416  
 417      $form_container->end();
 418      $buttons[] = $form->generate_submit_button($lang->save_user);
 419      $form->output_submit_wrapper($buttons);
 420  
 421      $form->end();
 422      $page->output_footer();
 423  }
 424  
 425  if($mybb->input['action'] == "edit")
 426  {
 427      $user = get_user($mybb->input['uid']);
 428  
 429      // Does the user not exist?
 430      if(!$user['uid'])
 431      {
 432          flash_message($lang->error_invalid_user, 'error');
 433          admin_redirect("index.php?module=user-users");
 434      }
 435  
 436      $plugins->run_hooks("admin_user_users_edit");
 437  
 438      if($mybb->request_method == "post")
 439      {
 440          $plugins->run_hooks("admin_user_users_edit_start");
 441          if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))
 442          {
 443              flash_message($lang->error_no_perms_super_admin, 'error');
 444              admin_redirect("index.php?module=user-users");
 445          }
 446  
 447          // Determine the usergroup stuff
 448          if(is_array($mybb->input['additionalgroups']))
 449          {
 450              foreach($mybb->input['additionalgroups'] as $key => $gid)
 451              {
 452                  if($gid == $mybb->input['usergroup'])
 453                  {
 454                      unset($mybb->input['additionalgroups'][$key]);
 455                  }
 456              }
 457              $additionalgroups = implode(",", $mybb->input['additionalgroups']);
 458          }
 459          else
 460          {
 461              $additionalgroups = '';
 462          }
 463  
 464          $returndate = "";
 465          if(!empty($mybb->input['away_day']))
 466          {
 467              $awaydate = TIME_NOW;
 468              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
 469              if(!$mybb->input['away_month'])
 470              {
 471                  $mybb->input['away_month'] = my_date('n', $awaydate);
 472              }
 473              if(!$mybb->input['away_year'])
 474              {
 475                  $mybb->input['away_year'] = my_date('Y', $awaydate);
 476              }
 477  
 478              $return_month = (int)substr($mybb->input['away_month'], 0, 2);
 479              $return_day = (int)substr($mybb->input['away_day'], 0, 2);
 480              $return_year = min($mybb->get_input('away_year', MyBB::INPUT_INT), 9999);
 481  
 482              // Check if return date is after the away date.
 483              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
 484              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
 485              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
 486              {
 487                  $away_in_past = true;
 488              }
 489  
 490              $returndate = "{$return_day}-{$return_month}-{$return_year}";
 491          }
 492  
 493          // Set up user handler.
 494          require_once  MYBB_ROOT."inc/datahandlers/user.php";
 495          $userhandler = new UserDataHandler('update');
 496  
 497          // Set the data for the new user.
 498          $updated_user = array(
 499              "uid" => $mybb->input['uid'],
 500              "username" => $mybb->input['username'],
 501              "email" => $mybb->input['email'],
 502              "email2" => $mybb->input['email'],
 503              "usergroup" => $mybb->input['usergroup'],
 504              "additionalgroups" => $additionalgroups,
 505              "displaygroup" => $mybb->input['displaygroup'],
 506              "postnum" => $mybb->input['postnum'],
 507              "threadnum" => $mybb->input['threadnum'],
 508              "usertitle" => $mybb->input['usertitle'],
 509              "timezone" => $mybb->input['timezone'],
 510              "language" => $mybb->input['language'],
 511              "profile_fields" => $mybb->input['profile_fields'],
 512              "profile_fields_editable" => true,
 513              "website" => $mybb->input['website'],
 514              "icq" => $mybb->input['icq'],
 515              "yahoo" => $mybb->input['yahoo'],
 516              "skype" => $mybb->input['skype'],
 517              "google" => $mybb->input['google'],
 518              "birthday" => array(
 519                  "day" => $mybb->input['bday1'],
 520                  "month" => $mybb->input['bday2'],
 521                  "year" => $mybb->input['bday3']
 522              ),
 523              "style" => $mybb->input['style'],
 524              "signature" => $mybb->input['signature'],
 525              "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT),
 526              "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT),
 527              "usernotes" => $mybb->input['usernotes'],
 528              "away" => array(
 529                  "away" => $mybb->input['away'],
 530                  "date" => TIME_NOW,
 531                  "returndate" => $returndate,
 532                  "awayreason" => $mybb->input['awayreason']
 533              )
 534          );
 535  
 536          if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
 537          {
 538              if($user['coppauser'] == 1)
 539              {
 540                  $updated_user['coppa_user'] = 0;
 541              }
 542          }
 543          if($mybb->input['new_password'])
 544          {
 545              $updated_user['password'] = $mybb->input['new_password'];
 546              $updated_user['password2'] = $mybb->input['confirm_new_password'];
 547          }
 548  
 549          $updated_user['options'] = array(
 550              "allownotices" => $mybb->input['allownotices'],
 551              "hideemail" => $mybb->input['hideemail'],
 552              "subscriptionmethod" => $mybb->input['subscriptionmethod'],
 553              "invisible" => $mybb->input['invisible'],
 554              "dstcorrection" => $mybb->input['dstcorrection'],
 555              "threadmode" => $mybb->input['threadmode'],
 556              "classicpostbit" => $mybb->input['classicpostbit'],
 557              "showimages" => $mybb->input['showimages'],
 558              "showvideos" => $mybb->input['showvideos'],
 559              "showsigs" => $mybb->input['showsigs'],
 560              "showavatars" => $mybb->input['showavatars'],
 561              "showquickreply" => $mybb->input['showquickreply'],
 562              "receivepms" => $mybb->input['receivepms'],
 563              "receivefrombuddy" => $mybb->input['receivefrombuddy'],
 564              "pmnotice" => $mybb->input['pmnotice'],
 565              "daysprune" => $mybb->input['daysprune'],
 566              "showcodebuttons" => $mybb->input['showcodebuttons'],
 567              "sourceeditor" => $mybb->input['sourceeditor'],
 568              "pmnotify" => $mybb->input['pmnotify'],
 569              "buddyrequestspm" => $mybb->input['buddyrequestspm'],
 570              "buddyrequestsauto" => $mybb->input['buddyrequestsauto'],
 571              "showredirect" => $mybb->input['showredirect']
 572          );
 573  
 574          if($mybb->settings['usertppoptions'])
 575          {
 576              $updated_user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT);
 577          }
 578  
 579          if($mybb->settings['userpppoptions'])
 580          {
 581              $updated_user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT);
 582          }
 583  
 584          // Set the data of the user in the datahandler.
 585          $userhandler->set_data($updated_user);
 586          $errors = '';
 587  
 588          // Validate the user and get any errors that might have occurred.
 589          if(!$userhandler->validate_user())
 590          {
 591              $errors = $userhandler->get_friendly_errors();
 592          }
 593          else
 594          {
 595              // Are we removing an avatar from this user?
 596              if($mybb->input['remove_avatar'])
 597              {
 598                  $extra_user_updates = array(
 599                      "avatar" => "",
 600                      "avatardimensions" => "",
 601                      "avatartype" => ""
 602                  );
 603                  remove_avatars($user['uid']);
 604              }
 605  
 606              // Are we uploading a new avatar?
 607              if($_FILES['avatar_upload']['name'])
 608              {
 609                  $avatar = upload_avatar($_FILES['avatar_upload'], $user['uid']);
 610                  if($avatar['error'])
 611                  {
 612                      $errors = array($avatar['error']);
 613                  }
 614                  else
 615                  {
 616                      if($avatar['width'] > 0 && $avatar['height'] > 0)
 617                      {
 618                          $avatar_dimensions = $avatar['width']."|".$avatar['height'];
 619                      }
 620                      $extra_user_updates = array(
 621                          "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
 622                          "avatardimensions" => $avatar_dimensions,
 623                          "avatartype" => "upload"
 624                      );
 625                  }
 626              }
 627              // Are we setting a new avatar from a URL?
 628              else if($mybb->input['avatar_url'] && $mybb->input['avatar_url'] != $user['avatar'])
 629              {
 630                  if(!$mybb->settings['allowremoteavatars'])
 631                  {
 632                      $errors = array($lang->error_remote_avatar_not_allowed);
 633                  }
 634                  else
 635                  {
 636                      if(filter_var($mybb->input['avatar_url'], FILTER_VALIDATE_EMAIL) !== false)
 637                      {
 638                          // Gravatar
 639                          $email = md5(strtolower(trim($mybb->input['avatar_url'])));
 640  
 641                          $s = '';
 642                          if(!$mybb->settings['maxavatardims'])
 643                          {
 644                              $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits
 645                          }
 646  
 647                          // Because Gravatars are square, hijack the width
 648                          list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
 649  
 650                          $s = "?s={$maxwidth}";
 651                          $maxheight = (int)$maxwidth;
 652  
 653                          $extra_user_updates = array(
 654                              "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}",
 655                              "avatardimensions" => "{$maxheight}|{$maxheight}",
 656                              "avatartype" => "gravatar"
 657                          );
 658                      }
 659                      else
 660                      {
 661                          $mybb->input['avatar_url'] = preg_replace("#script:#i", "", $mybb->input['avatar_url']);
 662                          $ext = get_extension($mybb->input['avatar_url']);
 663  
 664                          // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
 665                          $file = fetch_remote_file($mybb->input['avatar_url']);
 666                          if(!$file)
 667                          {
 668                              $avatar_error = $lang->error_invalidavatarurl;
 669                          }
 670                          else
 671                          {
 672                              $tmp_name = "../".$mybb->settings['avataruploadpath']."/remote_".md5(random_str());
 673                              $fp = @fopen($tmp_name, "wb");
 674                              if(!$fp)
 675                              {
 676                                  $avatar_error = $lang->error_invalidavatarurl;
 677                              }
 678                              else
 679                              {
 680                                  fwrite($fp, $file);
 681                                  fclose($fp);
 682                                  list($width, $height, $type) = @getimagesize($tmp_name);
 683                                  @unlink($tmp_name);
 684                                  echo $type;
 685                                  if(!$type)
 686                                  {
 687                                      $avatar_error = $lang->error_invalidavatarurl;
 688                                  }
 689                              }
 690                          }
 691  
 692                          if(empty($avatar_error))
 693                          {
 694                              if($width && $height && $mybb->settings['maxavatardims'] != "")
 695                              {
 696                                  list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
 697                                  if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
 698                                  {
 699                                      $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
 700                                      $avatar_error = $lang->error_avatartoobig;
 701                                  }
 702                              }
 703                          }
 704  
 705                          if(empty($avatar_error))
 706                          {
 707                              if($width > 0 && $height > 0)
 708                              {
 709                                  $avatar_dimensions = (int)$width."|".(int)$height;
 710                              }
 711                              $extra_user_updates = array(
 712                                  "avatar" => $db->escape_string($mybb->input['avatar_url'].'?dateline='.TIME_NOW),
 713                                  "avatardimensions" => $avatar_dimensions,
 714                                  "avatartype" => "remote"
 715                              );
 716                              remove_avatars($user['uid']);
 717                          }
 718                          else
 719                          {
 720                              $errors = array($avatar_error);
 721                          }
 722                      }
 723                  }
 724              }
 725  
 726              // Moderator "Options" (suspend signature, suspend/moderate posting)
 727              $moderator_options = array(
 728                  1 => array(
 729                      "action" => "suspendsignature", // The moderator action we're performing
 730                      "period" => "action_period", // The time period we've selected from the dropdown box
 731                      "time" => "action_time", // The time we've entered
 732                      "update_field" => "suspendsignature", // The field in the database to update if true
 733                      "update_length" => "suspendsigtime" // The length of suspension field in the database
 734                  ),
 735                  2 => array(
 736                      "action" => "moderateposting",
 737                      "period" => "modpost_period",
 738                      "time" => "modpost_time",
 739                      "update_field" => "moderateposts",
 740                      "update_length" => "moderationtime"
 741                  ),
 742                  3 => array(
 743                      "action" => "suspendposting",
 744                      "period" => "suspost_period",
 745                      "time" => "suspost_time",
 746                      "update_field" => "suspendposting",
 747                      "update_length" => "suspensiontime"
 748                  )
 749              );
 750  
 751              require_once  MYBB_ROOT."inc/functions_warnings.php";
 752              foreach($moderator_options as $option)
 753              {
 754                  if(!$mybb->input[$option['action']])
 755                  {
 756                      if($user[$option['update_field']] == 1)
 757                      {
 758                          // We're revoking the suspension
 759                          $extra_user_updates[$option['update_field']] = 0;
 760                          $extra_user_updates[$option['update_length']] = 0;
 761                      }
 762  
 763                      // Skip this option if we haven't selected it
 764                      continue;
 765                  }
 766  
 767                  if($mybb->input[$option['action']])
 768                  {
 769                      if((int)$mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
 770                      {
 771                          // User has selected a type of ban, but not entered a valid time frame
 772                          $string = $option['action']."_error";
 773                          $errors[] = $lang->$string;
 774                      }
 775  
 776                      if(!is_array($errors))
 777                      {
 778                          $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
 779  
 780                          if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
 781                          {
 782                              // We already have a suspension, but entered a new time
 783                              if($suspend_length == "-1")
 784                              {
 785                                  // Permanent ban on action
 786                                  $extra_user_updates[$option['update_length']] = 0;
 787                              }
 788                              elseif($suspend_length && $suspend_length != "-1")
 789                              {
 790                                  // Temporary ban on action
 791                                  $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
 792                              }
 793                          }
 794                          elseif(!$user[$option['update_field']])
 795                          {
 796                              // New suspension for this user... bad user!
 797                              $extra_user_updates[$option['update_field']] = 1;
 798                              if($suspend_length == "-1")
 799                              {
 800                                  $extra_user_updates[$option['update_length']] = 0;
 801                              }
 802                              else
 803                              {
 804                                  $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
 805                              }
 806                          }
 807                      }
 808                  }
 809              }
 810  
 811              if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
 812              {
 813                  $errors[] = $lang->suspendmoderate_error;
 814              }
 815  
 816              if(isset($away_in_past))
 817              {
 818                  $errors[] = $lang->error_acp_return_date_past;
 819              }
 820  
 821              if(!$errors)
 822              {
 823                  $user_info = $userhandler->update_user();
 824  
 825                  $plugins->run_hooks("admin_user_users_edit_commit_start");
 826  
 827                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
 828  
 829                  // if we're updating the user's signature preferences, do so now
 830                  if($mybb->input['update_posts'] == 'enable' || $mybb->input['update_posts'] == 'disable')
 831                  {
 832                      $update_signature = array(
 833                          'includesig' => ($mybb->input['update_posts'] == 'enable' ? 1 : 0)
 834                      );
 835                      $db->update_query("posts", $update_signature, "uid='{$user['uid']}'");
 836                  }
 837  
 838                  $plugins->run_hooks("admin_user_users_edit_commit");
 839  
 840                  if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
 841                  {
 842                      $cache->update_awaitingactivation();
 843                  }
 844  
 845                  // Log admin action
 846                  log_admin_action($user['uid'], $mybb->input['username']);
 847  
 848                  flash_message($lang->success_user_updated, 'success');
 849                  admin_redirect("index.php?module=user-users");
 850              }
 851              $plugins->run_hooks("admin_user_users_edit_end");
 852          }
 853      }
 854  
 855      if(!$errors)
 856      {
 857          $user['usertitle'] = htmlspecialchars_decode($user['usertitle']);
 858          $mybb->input = array_merge($mybb->input, $user);
 859  
 860          $options = array(
 861              'bday1', 'bday2', 'bday3',
 862              'new_password', 'confirm_new_password',
 863              'action_time', 'action_period',
 864              'modpost_period', 'moderateposting', 'modpost_time', 'suspost_period', 'suspost_time'
 865          );
 866  
 867          foreach($options as $option)
 868          {
 869              if(!isset($input_user[$option]))
 870              {
 871                  $mybb->input[$option] = '';
 872              }
 873          }
 874  
 875          // We need to fetch this users profile field values
 876          $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
 877          $mybb->input['profile_fields'] = $db->fetch_array($query);
 878      }
 879  
 880      if($mybb->input['bday1'] || $mybb->input['bday2'] || $mybb->input['bday3'])
 881      {
 882          $mybb->input['bday'][0] = $mybb->input['bday1'];
 883          $mybb->input['bday'][1] = $mybb->input['bday2'];
 884          $mybb->input['bday'][2] = $mybb->get_input('bday3', MyBB::INPUT_INT);
 885      }
 886      else
 887      {
 888          $mybb->input['bday'] = array(0, 0, '');
 889  
 890          if($user['birthday'])
 891          {
 892              $mybb->input['bday'] = explode('-', $user['birthday']);
 893          }
 894      }
 895  
 896      if($mybb->input['away_day'] || $mybb->input['away_month'] || $mybb->input['away_year'])
 897      {
 898          $mybb->input['away_year'] = $mybb->get_input('away_year', MyBB::INPUT_INT);
 899      }
 900      else
 901      {
 902          $mybb->input['away_day'] = 0;
 903          $mybb->input['away_month'] = 0;
 904          $mybb->input['away_year'] = '';
 905  
 906          if($user['returndate'])
 907          {
 908              list($mybb->input['away_day'], $mybb->input['away_month'], $mybb->input['away_year']) = explode('-', $user['returndate']);
 909          }
 910      }
 911  
 912      // Fetch custom profile fields
 913      $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder'));
 914  
 915      $profile_fields = array();
 916      while($profile_field = $db->fetch_array($query))
 917      {
 918          if($profile_field['required'] == 1)
 919          {
 920              $profile_fields['required'][] = $profile_field;
 921          }
 922          else
 923          {
 924              $profile_fields['optional'][] = $profile_field;
 925          }
 926      }
 927  
 928      $page->add_breadcrumb_item($lang->edit_user.": ".htmlspecialchars_uni($user['username']));
 929  
 930      $page->extra_header .= <<<EOF
 931  
 932      <link rel="stylesheet" href="../jscripts/sceditor/themes/mybb.css" type="text/css" media="all" />
 933      <script type="text/javascript" src="../jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1805"></script>
 934      <script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1821"></script>
 935      <script type="text/javascript" src="../jscripts/sceditor/plugins/undo.js?ver=1805"></script>
 936  EOF;
 937      $page->output_header($lang->edit_user);
 938  
 939      $sub_tabs['edit_user'] = array(
 940          'title' => $lang->edit_user,
 941          'description' => $lang->edit_user_desc
 942      );
 943  
 944      $form = new Form("index.php?module=user-users&amp;action=edit&amp;uid={$user['uid']}", "post", "", 1);
 945  
 946      $page->output_nav_tabs($sub_tabs, 'edit_user');
 947  
 948      // If we have any error messages, show them
 949      if($errors)
 950      {
 951          $page->output_inline_error($errors);
 952      }
 953  
 954      // Is this user a COPPA user? We show a warning & activate link
 955      if($user['coppauser'])
 956      {
 957          echo $lang->sprintf($lang->warning_coppa_user, $user['uid'], $mybb->post_code);
 958      }
 959  
 960      $tabs = array(
 961          "overview" => $lang->overview,
 962          "profile" => $lang->profile,
 963          "settings" => $lang->account_settings,
 964          "signature" => $lang->signature,
 965          "avatar" => $lang->avatar,
 966          "modoptions" => $lang->mod_options
 967      );
 968      $tabs = $plugins->run_hooks("admin_user_users_edit_graph_tabs", $tabs);
 969      $page->output_tab_control($tabs);
 970  
 971      //
 972      // OVERVIEW
 973      //
 974      echo "<div id=\"tab_overview\">\n";
 975      $table = new Table;
 976      $table->construct_header($lang->avatar, array('class' => 'align_center'));
 977      $table->construct_header($lang->general_account_stats, array('colspan' => '2', 'class' => 'align_center'));
 978  
 979      // Avatar
 980      $avatar_dimensions = preg_split('/[|x]/', $user['avatardimensions']);
 981      if($user['avatardimensions'])
 982      {
 983          require_once  MYBB_ROOT."inc/functions_image.php";
 984          list($width, $height) = preg_split('/[|x]/', $user['avatardimensions']);
 985          $scaled_dimensions = scale_image($width, $height, 120, 120);
 986      }
 987      else
 988      {
 989          $scaled_dimensions = array(
 990              "width" => 120,
 991              "height" => 120
 992          );
 993      }
 994      if($user['avatar'] && (my_strpos($user['avatar'], '://') === false || $mybb->settings['allowremoteavatars']))
 995      {
 996          if(!my_validate_url($user['avatar']))
 997          {
 998              $avatar = format_avatar($user['avatar'], $user['avatardimensions']);
 999              $user['avatar'] = $avatar['image'];
1000          }
1001      }
1002      else
1003      {
1004          if(my_validate_url($mybb->settings['useravatar']))
1005          {
1006              $user['avatar'] = str_replace('{theme}', 'images', $mybb->settings['useravatar']);
1007          }
1008          else
1009          {
1010              $user['avatar'] = "../".str_replace('{theme}', 'images', $mybb->settings['useravatar']);
1011          }
1012      }
1013      $avatar_top = ceil((126-$scaled_dimensions['height'])/2);
1014      if($user['lastactive'])
1015      {
1016          $last_active = my_date('relative', $user['lastactive']);
1017      }
1018      else
1019      {
1020          $last_active = $lang->never;
1021      }
1022      $reg_date = my_date('relative', $user['regdate']);
1023      if($user['dst'] == 1)
1024      {
1025          $timezone = (float)$user['timezone']+1;
1026      }
1027      else
1028      {
1029          $timezone = (float)$user['timezone'];
1030      }
1031      $local_date = gmdate($mybb->settings['dateformat'], TIME_NOW + ($timezone * 3600));
1032      $local_time = gmdate($mybb->settings['timeformat'], TIME_NOW + ($timezone * 3600));
1033  
1034      $localtime = $lang->sprintf($lang->local_time_format, $local_date, $local_time);
1035      $days_registered = (TIME_NOW - $user['regdate']) / (24*3600);
1036      $posts_per_day = 0;
1037      if($days_registered > 0)
1038      {
1039          $posts_per_day = round($user['postnum'] / $days_registered, 2);
1040          if($posts_per_day > $user['postnum'])
1041          {
1042              $posts_per_day = $user['postnum'];
1043          }
1044      }
1045      $posts_per_day = my_number_format($posts_per_day);
1046  
1047      $stats = $cache->read("stats");
1048      $posts = $stats['numposts'];
1049      if($posts == 0)
1050      {
1051          $percent_posts = "0";
1052      }
1053      else
1054      {
1055          $percent_posts = round($user['postnum']*100/$posts, 2);
1056      }
1057  
1058      $user_permissions = user_permissions($user['uid']);
1059  
1060      // Fetch the reputation for this user
1061      if($user_permissions['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
1062      {
1063          $reputation = get_reputation($user['reputation']);
1064      }
1065      else
1066      {
1067          $reputation = "-";
1068      }
1069  
1070      if($mybb->settings['enablewarningsystem'] != 0 && $user_permissions['canreceivewarnings'] != 0)
1071      {
1072          if($mybb->settings['maxwarningpoints'] < 1)
1073          {
1074              $mybb->settings['maxwarningpoints'] = 10;
1075          }
1076  
1077          $warning_level = round($user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
1078          if($warning_level > 100)
1079          {
1080              $warning_level = 100;
1081          }
1082          $warning_level = get_colored_warning_level($warning_level);
1083      }
1084  
1085      $age = $lang->na;
1086      if($user['birthday'])
1087      {
1088          $age = get_age($user['birthday']);
1089      }
1090  
1091      $postnum = my_number_format($user['postnum']);
1092  
1093      $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" style=\"margin-top: {$avatar_top}px\" width=\"{$scaled_dimensions['width']}\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('rowspan' => 6, 'width' => 1));
1094      $table->construct_cell("<strong>{$lang->email_address}:</strong> <a href=\"mailto:".htmlspecialchars_uni($user['email'])."\">".htmlspecialchars_uni($user['email'])."</a>");
1095      $table->construct_cell("<strong>{$lang->last_active}:</strong> {$last_active}");
1096      $table->construct_row();
1097      $table->construct_cell("<strong>{$lang->registration_date}:</strong> {$reg_date}");
1098      $table->construct_cell("<strong>{$lang->local_time}:</strong> {$localtime}");
1099      $table->construct_row();
1100      $table->construct_cell("<strong>{$lang->posts}:</strong> {$postnum}");
1101      $table->construct_cell("<strong>{$lang->age}:</strong> {$age}");
1102      $table->construct_row();
1103      $table->construct_cell("<strong>{$lang->posts_per_day}:</strong> {$posts_per_day}");
1104      $table->construct_cell("<strong>{$lang->reputation}:</strong> {$reputation}");
1105      $table->construct_row();
1106      $table->construct_cell("<strong>{$lang->percent_of_total_posts}:</strong> {$percent_posts}");
1107      $table->construct_cell("<strong>{$lang->warning_level}:</strong> {$warning_level}");
1108      $table->construct_row();
1109      $table->construct_cell("<strong>{$lang->registration_ip}:</strong> ".my_inet_ntop($db->unescape_binary($user['regip'])));
1110      $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> ".my_inet_ntop($db->unescape_binary($user['lastip'])));
1111      $table->construct_row();
1112  
1113      $username = htmlspecialchars_uni($user['username']);
1114      $table->output("{$lang->user_overview}: {$username}");
1115      $plugins->run_hooks("admin_user_users_edit_overview");
1116      echo "</div>\n";
1117  
1118      //
1119      // PROFILE
1120      //
1121      echo "<div id=\"tab_profile\">\n";
1122  
1123      $form_container = new FormContainer($lang->required_profile_info.": ".htmlspecialchars_uni($user['username']));
1124      $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
1125      $form_container->output_row($lang->new_password, $lang->new_password_desc, $form->generate_password_box('new_password', $mybb->input['new_password'], array('id' => 'new_password', 'autocomplete' => 'off')), 'new_password');
1126      $form_container->output_row($lang->confirm_new_password, $lang->new_password_desc, $form->generate_password_box('confirm_new_password', $mybb->input['confirm_new_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');
1127      $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email');
1128  
1129      $display_group_options[0] = $lang->use_primary_user_group;
1130      $options = array();
1131      $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
1132      while($usergroup = $db->fetch_array($query))
1133      {
1134          $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
1135          $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
1136      }
1137  
1138      if(!is_array($mybb->input['additionalgroups']))
1139      {
1140          $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
1141      }
1142  
1143      $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
1144      $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
1145      $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
1146      $form_container->output_row($lang->post_count." <em>*</em>", "", $form->generate_numeric_field('postnum', $mybb->input['postnum'], array('id' => 'postnum', 'min' => 0)), 'postnum');
1147      $form_container->output_row($lang->thread_count." <em>*</em>", "", $form->generate_numeric_field('threadnum', $mybb->input['threadnum'], array('id' => 'threadnum', 'min' => 0)), 'threadnum');
1148  
1149      // Output custom profile fields - required
1150      if(!isset($profile_fields['required']))
1151      {
1152          $profile_fields['required'] = array();
1153      }
1154      output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form);
1155  
1156      $form_container->end();
1157  
1158      $form_container = new FormContainer($lang->optional_profile_info.': '.htmlspecialchars_uni($user['username']));
1159      $form_container->output_row($lang->custom_user_title, $lang->custom_user_title_desc, $form->generate_text_box('usertitle', $mybb->input['usertitle'], array('id' => 'usertitle')), 'usertitle');
1160      $form_container->output_row($lang->website, "", $form->generate_text_box('website', $mybb->input['website'], array('id' => 'website')), 'website');
1161      $form_container->output_row($lang->icq_number, "", $form->generate_numeric_field('icq', $mybb->input['icq'], array('id' => 'icq', 'min' => 0)), 'icq');
1162      $form_container->output_row($lang->yahoo_messanger_handle, "", $form->generate_text_box('yahoo', $mybb->input['yahoo'], array('id' => 'yahoo')), 'yahoo');
1163      $form_container->output_row($lang->skype_handle, "", $form->generate_text_box('skype', $mybb->input['skype'], array('id' => 'skype')), 'skype');
1164      $form_container->output_row($lang->google_handle, "", $form->generate_text_box('google', $mybb->input['google'], array('id' => 'google')), 'google');
1165  
1166      // Birthday
1167      $birthday_days = array(0 => '');
1168      for($i = 1; $i <= 31; $i++)
1169      {
1170          $birthday_days[$i] = $i;
1171      }
1172  
1173      $birthday_months = array(
1174          0 => '',
1175          1 => $lang->january,
1176          2 => $lang->february,
1177          3 => $lang->march,
1178          4 => $lang->april,
1179          5 => $lang->may,
1180          6 => $lang->june,
1181          7 => $lang->july,
1182          8 => $lang->august,
1183          9 => $lang->september,
1184          10 => $lang->october,
1185          11 => $lang->november,
1186          12 => $lang->december
1187      );
1188  
1189      $birthday_row = $form->generate_select_box('bday1', $birthday_days, $mybb->input['bday'][0], array('id' => 'bday_day'));
1190      $birthday_row .= ' '.$form->generate_select_box('bday2', $birthday_months, $mybb->input['bday'][1], array('id' => 'bday_month'));
1191      $birthday_row .= ' '.$form->generate_numeric_field('bday3', $mybb->input['bday'][2], array('id' => 'bday_year', 'style' => 'width: 4em;', 'min' => 0));
1192  
1193      $form_container->output_row($lang->birthday, "", $birthday_row, 'birthday');
1194  
1195      // Output custom profile fields - optional
1196      output_custom_profile_fields($profile_fields['optional'], $mybb->input['profile_fields'], $form_container, $form);
1197  
1198      $form_container->end();
1199  
1200  
1201      if($mybb->settings['allowaway'] != 0)
1202      {
1203          $form_container = new FormContainer($lang->away_information.': '.htmlspecialchars_uni($user['username']));
1204          $awaycheck = array(false, true);
1205          if($mybb->input['away'] == 1)
1206          {
1207              $awaycheck = array(true, false);
1208          }
1209          $form_container->output_row($lang->away_status, $lang->away_status_desc, $form->generate_radio_button('away', 1, $lang->im_away, array('id' => 'away', "checked" => $awaycheck[0]))." ".$form->generate_radio_button('away', 0, $lang->im_here, array('id' => 'away2', "checked" => $awaycheck[1])), 'away');
1210          $form_container->output_row($lang->away_reason, $lang->away_reason_desc, $form->generate_text_box('awayreason', $mybb->input['awayreason'], array('id' => 'awayreason')), 'awayreason');
1211  
1212          //Return date (we can use the arrays from birthday)
1213          $return_row = $form->generate_select_box('away_day', $birthday_days, $mybb->input['away_day'], array('id' => 'away_day'));
1214          $return_row .= ' '.$form->generate_select_box('away_month', $birthday_months, $mybb->input['away_month'], array('id' => 'away_month'));
1215          $return_row .= ' '.$form->generate_numeric_field('away_year', $mybb->input['away_year'], array('id' => 'away_year', 'style' => 'width: 4em;', 'min' => 0));
1216  
1217          $form_container->output_row($lang->return_date, $lang->return_date_desc, $return_row, 'away_date');
1218  
1219          $form_container->end();
1220      }
1221  
1222      $plugins->run_hooks("admin_user_users_edit_profile");
1223      echo "</div>\n";
1224  
1225      //
1226      // ACCOUNT SETTINGS
1227      //
1228  
1229      echo "<div id=\"tab_settings\">\n";
1230      $form_container = new FormContainer($lang->account_settings.': '.htmlspecialchars_uni($user['username']));
1231      $login_options = array(
1232          $form->generate_check_box("invisible", 1, $lang->hide_from_whos_online, array("checked" => $mybb->input['invisible'])),
1233      );
1234      $form_container->output_row($lang->login_cookies_privacy, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $login_options)."</div>");
1235  
1236      if($mybb->input['pmnotice'] > 1)
1237      {
1238          $mybb->input['pmnotice'] = 1;
1239      }
1240  
1241      $messaging_options = array(
1242          $form->generate_check_box("allownotices", 1, $lang->recieve_admin_emails, array("checked" => $mybb->input['allownotices'])),
1243          $form->generate_check_box("hideemail", 1, $lang->hide_email_from_others, array("checked" => $mybb->input['hideemail'])),
1244          $form->generate_check_box("receivepms", 1, $lang->recieve_pms_from_others, array("checked" => $mybb->input['receivepms'])),
1245          $form->generate_check_box("receivefrombuddy", 1, $lang->recieve_pms_from_buddy, array("checked" => $mybb->input['receivefrombuddy'])),
1246          $form->generate_check_box("pmnotice", 1, $lang->alert_new_pms, array("checked" => $mybb->input['pmnotice'])),
1247          $form->generate_check_box("pmnotify", 1, $lang->email_notify_new_pms, array("checked" => $mybb->input['pmnotify'])),
1248          $form->generate_check_box("buddyrequestspm", 1, $lang->buddy_requests_pm, array("checked" => $mybb->input['buddyrequestspm'])),
1249          $form->generate_check_box("buddyrequestsauto", 1, $lang->buddy_requests_auto, array("checked" => $mybb->input['buddyrequestsauto'])),
1250          "<label for=\"subscriptionmethod\">{$lang->default_thread_subscription_mode}:</label><br />".$form->generate_select_box("subscriptionmethod", array($lang->do_not_subscribe, $lang->no_notification, $lang->instant_email_notification, $lang->instant_pm_notification), $mybb->input['subscriptionmethod'], array('id' => 'subscriptionmethod'))
1251      );
1252  
1253      // Allow plugins to add messaging options
1254      $messaging_options = $plugins->run_hooks('admin_user_users_edit_messaging_options', $messaging_options);
1255  
1256      // Output messaging options
1257      $form_container->output_row($lang->messaging_and_notification, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $messaging_options)."</div>");
1258  
1259      $date_format_options = array($lang->use_default);
1260      foreach($date_formats as $key => $format)
1261      {
1262          $date_format_options[$key] = my_date($format, TIME_NOW, "", 0);
1263      }
1264  
1265      $time_format_options = array($lang->use_default);
1266      foreach($time_formats as $key => $format)
1267      {
1268          $time_format_options[$key] = my_date($format, TIME_NOW, "", 0);
1269      }
1270  
1271      $date_options = array(
1272          "<label for=\"dateformat\">{$lang->date_format}:</label><br />".$form->generate_select_box("dateformat", $date_format_options, $mybb->input['dateformat'], array('id' => 'dateformat')),
1273          "<label for=\"dateformat\">{$lang->time_format}:</label><br />".$form->generate_select_box("timeformat", $time_format_options, $mybb->input['timeformat'], array('id' => 'timeformat')),
1274          "<label for=\"timezone\">{$lang->time_zone}:</label><br />".build_timezone_select("timezone", $mybb->input['timezone']),
1275          "<label for=\"dstcorrection\">{$lang->daylight_savings_time_correction}:</label><br />".$form->generate_select_box("dstcorrection", array(2 => $lang->automatically_detect, 1 => $lang->always_use_dst_correction, 0 => $lang->never_use_dst_correction), $mybb->input['dstcorrection'], array('id' => 'dstcorrection'))
1276      );
1277  
1278      // Allow plugins to add date options
1279      $date_options = $plugins->run_hooks('admin_user_users_edit_date_options', $date_options);
1280  
1281      // Output date options
1282      $form_container->output_row($lang->date_and_time_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $date_options)."</div>");
1283  
1284  
1285      $tpp_options = array($lang->use_default);
1286      if($mybb->settings['usertppoptions'])
1287      {
1288          $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
1289          if(is_array($explodedtpp))
1290          {
1291              foreach($explodedtpp as $tpp)
1292              {
1293                  if($tpp <= 0) continue;
1294                  $tpp_options[$tpp] = $tpp;
1295              }
1296          }
1297      }
1298  
1299      $thread_age_options = array(
1300          0 => $lang->use_default,
1301          1 => $lang->show_threads_last_day,
1302          5 => $lang->show_threads_last_5_days,
1303          10 => $lang->show_threads_last_10_days,
1304          20 => $lang->show_threads_last_20_days,
1305          50 => $lang->show_threads_last_50_days,
1306          75 => $lang->show_threads_last_75_days,
1307          100 => $lang->show_threads_last_100_days,
1308          365 => $lang->show_threads_last_year,
1309          9999 => $lang->show_all_threads
1310      );
1311  
1312      $forum_options = array(
1313          "<label for=\"tpp\">{$lang->threads_per_page}:</label><br />".$form->generate_select_box("tpp", $tpp_options, $mybb->input['tpp'], array('id' => 'tpp')),
1314          "<label for=\"daysprune\">{$lang->default_thread_age_view}:</label><br />".$form->generate_select_box("daysprune", $thread_age_options, $mybb->input['daysprune'], array('id' => 'daysprune'))
1315      );
1316  
1317      // Allow plugins to add forum options
1318      $forum_options = $plugins->run_hooks('admin_user_users_edit_forum_options', $forum_options);
1319  
1320      // Output forum options
1321      $form_container->output_row($lang->forum_display_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $forum_options)."</div>");
1322  
1323      $ppp_options = array($lang->use_default);
1324      if($mybb->settings['userpppoptions'])
1325      {
1326          $explodedppp = explode(",", $mybb->settings['userpppoptions']);
1327          if(is_array($explodedppp))
1328          {
1329              foreach($explodedppp as $ppp)
1330              {
1331                  if($ppp <= 0) continue;
1332                  $ppp_options[$ppp] = $ppp;
1333              }
1334          }
1335      }
1336  
1337      $thread_options = array(
1338          $form->generate_check_box("classicpostbit", 1, $lang->show_classic_postbit, array("checked" => $mybb->input['classicpostbit'])),
1339          $form->generate_check_box("showimages", 1, $lang->display_images, array("checked" => $mybb->input['showimages'])),
1340          $form->generate_check_box("showvideos", 1, $lang->display_videos, array("checked" => $mybb->input['showvideos'])),
1341          $form->generate_check_box("showsigs", 1, $lang->display_users_sigs, array("checked" => $mybb->input['showsigs'])),
1342          $form->generate_check_box("showavatars", 1, $lang->display_users_avatars, array("checked" => $mybb->input['showavatars'])),
1343          $form->generate_check_box("showquickreply", 1, $lang->show_quick_reply, array("checked" => $mybb->input['showquickreply'])),
1344          "<label for=\"ppp\">{$lang->posts_per_page}:</label><br />".$form->generate_select_box("ppp", $ppp_options, $mybb->input['ppp'], array('id' => 'ppp')),
1345          "<label for=\"threadmode\">{$lang->default_thread_view_mode}:</label><br />".$form->generate_select_box("threadmode", array("" => $lang->use_default, "linear" => $lang->linear_mode, "threaded" => $lang->threaded_mode), $mybb->input['threadmode'], array('id' => 'threadmode'))
1346      );
1347  
1348      // Allow plugins to add thread options
1349      $thread_options = $plugins->run_hooks('admin_user_users_edit_thread_options', $thread_options);
1350  
1351      // Output thread options
1352      $form_container->output_row($lang->thread_view_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $thread_options)."</div>");
1353  
1354      $languages = array_merge(array('' => $lang->use_default), $lang->get_languages());
1355  
1356      $other_options = array(
1357          $form->generate_check_box("showredirect", 1, $lang->show_redirect, array("checked" => $mybb->input['showredirect'])),
1358          $form->generate_check_box("showcodebuttons", "1", $lang->show_code_buttons, array("checked" => $mybb->input['showcodebuttons'])),
1359          $form->generate_check_box("sourceeditor", "1", $lang->source_editor, array("checked" => $mybb->input['sourceeditor'])),
1360          "<label for=\"style\">{$lang->theme}:</label><br />".build_theme_select("style", $mybb->input['style'], 0, "", true, false, true),
1361          "<label for=\"language\">{$lang->board_language}:</label><br />".$form->generate_select_box("language", $languages, $mybb->input['language'], array('id' => 'language'))
1362      );
1363  
1364      // Allow plugins to add other options
1365      $other_options = $plugins->run_hooks('admin_user_users_edit_other_options', $other_options);
1366  
1367      // Output other options
1368      $form_container->output_row($lang->other_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $other_options)."</div>");
1369  
1370      $form_container->end();
1371      $plugins->run_hooks("admin_user_users_edit_settings");
1372      echo "</div>\n";
1373  
1374      //
1375      // SIGNATURE EDITOR
1376      //
1377      $signature_editor = $form->generate_text_area("signature", $mybb->input['signature'], array('id' => 'signature', 'rows' => 15, 'cols' => '70', 'style' => 'height: 250px; width: 95%'));
1378      $sig_smilies = $lang->off;
1379      if($mybb->settings['sigsmilies'] == 1)
1380      {
1381          $sig_smilies = $lang->on;
1382      }
1383      $sig_mycode = $lang->off;
1384      if($mybb->settings['sigmycode'] == 1)
1385      {
1386          $sig_mycode = $lang->on;
1387          $signature_editor .= build_mycode_inserter("signature");
1388      }
1389      $sig_html = $lang->off;
1390      if($mybb->settings['sightml'] == 1)
1391      {
1392          $sig_html = $lang->on;
1393      }
1394      $sig_imgcode = $lang->off;
1395      if($mybb->settings['sigimgcode'] == 1)
1396      {
1397          $sig_imgcode = $lang->on;
1398      }
1399      echo "<div id=\"tab_signature\">\n";
1400      $form_container = new FormContainer($lang->signature.': '.htmlspecialchars_uni($user['username']));
1401      $form_container->output_row($lang->signature, $lang->sprintf($lang->signature_desc, $sig_mycode, $sig_smilies, $sig_imgcode, $sig_html), $signature_editor, 'signature');
1402  
1403      $periods = array(
1404          "hours" => $lang->expire_hours,
1405          "days" => $lang->expire_days,
1406          "weeks" => $lang->expire_weeks,
1407          "months" => $lang->expire_months,
1408          "never" => $lang->expire_permanent
1409      );
1410  
1411      // Are we already suspending the signature?
1412      if($mybb->input['suspendsignature'])
1413      {
1414          $sig_checked = 1;
1415  
1416          // Display how much time is left on the ban for the user to extend it
1417          if($user['suspendsigtime'] == "0")
1418          {
1419              // Permanent
1420              $lang->suspend_expire_info = $lang->suspend_sig_perm;
1421          }
1422          else
1423          {
1424              // There's a limit to the suspension!
1425              $remaining = $user['suspendsigtime']-TIME_NOW;
1426              $expired = nice_time($remaining, array('seconds' => false));
1427  
1428              $color = 'inherit';
1429              if($remaining < 3600)
1430              {
1431                  $color = 'red';
1432              }
1433              elseif($remaining < 86400)
1434              {
1435                  $color = 'maroon';
1436              }
1437              elseif($remaining < 604800)
1438              {
1439                  $color = 'green';
1440              }
1441  
1442              $lang->suspend_expire_info = $lang->sprintf($lang->suspend_expire_info, $expired, $color);
1443          }
1444          $user_suspend_info = '
1445                  <tr>
1446                      <td colspan="2">'.$lang->suspend_expire_info.'<br />'.$lang->suspend_sig_extend.'</td>
1447                  </tr>';
1448      }
1449      else
1450      {
1451          $sig_checked = 0;
1452          $user_suspend_info = '';
1453      }
1454  
1455      $actions = '
1456      <script type="text/javascript">
1457      <!--
1458          var sig_checked = "'.$sig_checked.'";
1459  
1460  		function toggleAction()
1461          {
1462              if($("#suspend_action").is(\':visible\'))
1463              {
1464                  $("#suspend_action").hide();
1465              }
1466              else
1467              {
1468                  $("#suspend_action").show();
1469              }
1470          }
1471      // -->
1472      </script>
1473  
1474      <dl style="margin-top: 0; margin-bottom: 0; width: 100%;">
1475          <dt>'.$form->generate_check_box("suspendsignature", 1, $lang->suspend_sig_box, array('checked' => $sig_checked, 'onclick' => 'toggleAction();')).'</dt>
1476          <dd style="margin-top: 4px;" id="suspend_action" class="actions">
1477              <table cellpadding="4">'.$user_suspend_info.'
1478                  <tr>
1479                      <td width="30%"><small>'.$lang->expire_length.'</small></td>
1480                      <td>'.$form->generate_numeric_field('action_time', $mybb->input['action_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$form->generate_select_box('action_period', $periods, $mybb->input['action_period']).'</td>
1481                  </tr>
1482              </table>
1483          </dd>
1484      </dl>
1485  
1486      <script type="text/javascript">
1487      <!--
1488          if(sig_checked == 0)
1489          {
1490              $("#suspend_action").hide();
1491          }
1492      // -->
1493      </script>';
1494  
1495      $form_container->output_row($lang->suspend_sig, $lang->suspend_sig_info, $actions);
1496  
1497      $signature_options = array(
1498          $form->generate_radio_button("update_posts", "enable", $lang->enable_sig_in_all_posts, array("checked" => 0)),
1499          $form->generate_radio_button("update_posts", "disable", $lang->disable_sig_in_all_posts, array("checked" => 0)),
1500          $form->generate_radio_button("update_posts", "no", $lang->do_nothing, array("checked" => 1))
1501      );
1502  
1503      $form_container->output_row($lang->signature_preferences, "", implode("<br />", $signature_options));
1504  
1505      $form_container->end();
1506      $plugins->run_hooks("admin_user_users_edit_signatur");
1507      echo "</div>\n";
1508  
1509      //
1510      // AVATAR MANAGER
1511      //
1512      echo "<div id=\"tab_avatar\">\n";
1513      $table = new Table;
1514      $table->construct_header($lang->current_avatar, array('colspan' => 2));
1515  
1516      $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" width=\"{$scaled_dimensions['width']}\" style=\"margin-top: {$avatar_top}px\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('width' => 1));
1517  
1518      $avatar_url = '';
1519      if($user['avatartype'] == "upload" || stristr($user['avatar'], $mybb->settings['avataruploadpath']))
1520      {
1521          $current_avatar_msg = "<br /><strong>{$lang->user_current_using_uploaded_avatar}</strong>";
1522      }
1523      elseif($user['avatartype'] == "remote" || my_validate_url($user['avatar']))
1524      {
1525          $current_avatar_msg = "<br /><strong>{$lang->user_current_using_remote_avatar}</strong>";
1526          $avatar_url = $user['avatar'];
1527      }
1528  
1529      if($errors)
1530      {
1531          $avatar_url = htmlspecialchars_uni($mybb->input['avatar_url']);
1532      }
1533  
1534      if($mybb->settings['maxavatardims'] != "")
1535      {
1536          list($max_width, $max_height) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
1537          $max_size = "<br />{$lang->max_dimensions_are} {$max_width}x{$max_height}";
1538      }
1539  
1540      if($mybb->settings['avatarsize'])
1541      {
1542          $maximum_size = get_friendly_size($mybb->settings['avatarsize']*1024);
1543          $max_size .= "<br />{$lang->avatar_max_size} {$maximum_size}";
1544      }
1545  
1546      if($user['avatar'])
1547      {
1548          $remove_avatar = "<br /><br />".$form->generate_check_box("remove_avatar", 1, "<strong>{$lang->remove_avatar}</strong>");
1549      }
1550  
1551      $table->construct_cell($lang->avatar_desc."{$remove_avatar}<br /><small>{$max_size}</small>");
1552      $table->construct_row();
1553  
1554      $table->output($lang->avatar.': '.htmlspecialchars_uni($user['username']));
1555  
1556      // Custom avatar
1557      if($mybb->settings['avatarresizing'] == "auto")
1558      {
1559          $auto_resize = $lang->avatar_auto_resize;
1560      }
1561      else if($mybb->settings['avatarresizing'] == "user")
1562      {
1563          $auto_resize = "<input type=\"checkbox\" name=\"auto_resize\" value=\"1\" checked=\"checked\" id=\"auto_resize\" /> <label for=\"auto_resize\">{$lang->attempt_to_auto_resize}</label></span>";
1564      }
1565      $form_container = new FormContainer($lang->specify_custom_avatar);
1566      $form_container->output_row($lang->upload_avatar, $auto_resize, $form->generate_file_upload_box('avatar_upload', array('id' => 'avatar_upload')), 'avatar_upload');
1567      if($mybb->settings['allowremoteavatars'])
1568      {
1569          $form_container->output_row($lang->or_specify_avatar_url, "", $form->generate_text_box('avatar_url', $avatar_url, array('id' => 'avatar_url')), 'avatar_url');
1570      }
1571      $form_container->end();
1572      $plugins->run_hooks("admin_user_users_edit_avatar");
1573      echo "</div>\n";
1574  
1575      //
1576      // MODERATOR OPTIONS
1577      //
1578      $periods = array(
1579          "hours" => $lang->expire_hours,
1580          "days" => $lang->expire_days,
1581          "weeks" => $lang->expire_weeks,
1582          "months" => $lang->expire_months,
1583          "never" => $lang->expire_permanent
1584      );
1585  
1586      echo "<div id=\"tab_modoptions\">\n";
1587      $form_container = new FormContainer($lang->mod_options.': '.htmlspecialchars_uni($user['username']));
1588      $form_container->output_row($lang->user_notes, '', $form->generate_text_area('usernotes', $mybb->input['usernotes'], array('id' => 'usernotes')), 'usernotes');
1589  
1590      // Mod posts
1591      // Generate check box
1592      $modpost_options = $form->generate_select_box('modpost_period', $periods, $mybb->input['modpost_period'], array('id' => 'modpost_period'));
1593  
1594      // Do we have any existing suspensions here?
1595      $existing_info = '';
1596      if($user['moderateposts'] || ($mybb->input['moderateposting'] && !empty($errors)))
1597      {
1598          $mybb->input['moderateposting'] = 1;
1599          if($user['moderationtime'] != 0)
1600          {
1601              $remaining = $user['moderationtime']-TIME_NOW;
1602              $expired = nice_time($remaining, array('seconds' => false));
1603  
1604              $color = 'inherit';
1605              if($remaining < 3600)
1606              {
1607                  $color = 'red';
1608              }
1609              elseif($remaining < 86400)
1610              {
1611                  $color = 'maroon';
1612              }
1613              elseif($remaining < 604800)
1614              {
1615                  $color = 'green';
1616              }
1617  
1618              $existing_info = $lang->sprintf($lang->moderate_length, $expired, $color);
1619          }
1620          else
1621          {
1622              $existing_info = $lang->moderated_perm;
1623          }
1624      }
1625  
1626      $modpost_div = '<div id="modpost">'.$existing_info.''.$lang->moderate_for.' '.$form->generate_numeric_field("modpost_time", $mybb->input['modpost_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$modpost_options.'</div>';
1627      $lang->moderate_posts_info = $lang->sprintf($lang->moderate_posts_info, htmlspecialchars_uni($user['username']));
1628      $form_container->output_row($form->generate_check_box("moderateposting", 1, $lang->moderate_posts, array("id" => "moderateposting", "onclick" => "toggleBox('modpost');", "checked" => $mybb->input['moderateposting'])), $lang->moderate_posts_info, $modpost_div);
1629  
1630      // Suspend posts
1631      // Generate check box
1632      $suspost_options = $form->generate_select_box('suspost_period', $periods, $mybb->input['suspost_period'], array('id' => 'suspost_period'));
1633  
1634      // Do we have any existing suspensions here?
1635      if($user['suspendposting'] || ($mybb->input['suspendposting'] && !empty($errors)))
1636      {
1637          $mybb->input['suspendposting'] = 1;
1638  
1639          if($user['suspensiontime'] == 0 || $mybb->input['suspost_period'] == "never")
1640          {
1641              $existing_info = $lang->suspended_perm;
1642          }
1643          else
1644          {
1645              $remaining = $user['suspensiontime']-TIME_NOW;
1646              $suspost_date = nice_time($remaining, array('seconds' => false));
1647  
1648              $color = 'inherit';
1649              if($remaining < 3600)
1650              {
1651                  $color = 'red';
1652              }
1653              elseif($remaining < 86400)
1654              {
1655                  $color = 'maroon';
1656              }
1657              elseif($remaining < 604800)
1658              {
1659                  $color = 'green';
1660              }
1661  
1662              $existing_info = $lang->sprintf($lang->suspend_length, $suspost_date, $color);
1663          }
1664      }
1665  
1666      $suspost_div = '<div id="suspost">'.$existing_info.''.$lang->suspend_for.' '.$form->generate_numeric_field("suspost_time", $mybb->input['suspost_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$suspost_options.'</div>';
1667      $lang->suspend_posts_info = $lang->sprintf($lang->suspend_posts_info, htmlspecialchars_uni($user['username']));
1668      $form_container->output_row($form->generate_check_box("suspendposting", 1, $lang->suspend_posts, array("id" => "suspendposting", "onclick" => "toggleBox('suspost');", "checked" => $mybb->input['suspendposting'])), $lang->suspend_posts_info, $suspost_div);
1669  
1670  
1671      $form_container->end();
1672      $plugins->run_hooks("admin_user_users_edit_moderator_options");
1673      echo "</div>\n";
1674  
1675      $plugins->run_hooks("admin_user_users_edit_graph");
1676  
1677      $buttons[] = $form->generate_submit_button($lang->save_user);
1678      $form->output_submit_wrapper($buttons);
1679  
1680      $form->end();
1681  
1682      echo '<script type="text/javascript">
1683  <!--
1684  
1685  function toggleBox(action)
1686  {
1687      if(action == "modpost")
1688      {
1689          $("#suspendposting").attr("checked", false);
1690          $("#suspost").hide();
1691  
1692          if($("#moderateposting").is(":checked") == true)
1693          {
1694              $("#modpost").show();
1695          }
1696          else if($("#moderateposting").is(":checked") == false)
1697          {
1698              $("#modpost").hide();
1699          }
1700      }
1701      else if(action == "suspost")
1702      {
1703          $("#moderateposting").attr("checked", false);
1704          $("#modpost").hide();
1705  
1706          if($("#suspendposting").is(":checked") == true)
1707          {
1708              $("#suspost").show();
1709          }
1710          else if($("#suspendposting").is(":checked") == false)
1711          {
1712              $("#suspost").hide();
1713          }
1714      }
1715  }
1716  
1717  if($("#moderateposting").is(":checked") == false)
1718  {
1719      $("#modpost").hide();
1720  }
1721  else
1722  {
1723      $("#modpost").show();
1724  }
1725  
1726  if($("#suspendposting").is(":checked") == false)
1727  {
1728      $("#suspost").hide();
1729  }
1730  else
1731  {
1732      $("#suspost").show();
1733  }
1734  
1735  // -->
1736  </script>';
1737  
1738      $page->output_footer();
1739  }
1740  
1741  if($mybb->input['action'] == "delete")
1742  {
1743      $user = get_user($mybb->input['uid']);
1744  
1745      // Does the user not exist?
1746      if(!$user['uid'])
1747      {
1748          flash_message($lang->error_invalid_user, 'error');
1749          admin_redirect("index.php?module=user-users");
1750      }
1751  
1752      if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))
1753      {
1754          flash_message($lang->error_no_perms_super_admin, 'error');
1755          admin_redirect("index.php?module=user-users");
1756      }
1757  
1758      // User clicked no
1759      if($mybb->input['no'])
1760      {
1761          admin_redirect("index.php?module=user-users");
1762      }
1763  
1764      $plugins->run_hooks("admin_user_users_delete");
1765  
1766      if($mybb->request_method == "post")
1767      {
1768          $plugins->run_hooks("admin_user_users_delete_commit");
1769  
1770          // Set up user handler.
1771          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1772          $userhandler = new UserDataHandler('delete');
1773  
1774          // Delete the user
1775          if(!$userhandler->delete_user($user['uid']))
1776          {
1777              flash_message($lang->error_cannot_delete_user, 'error');
1778              admin_redirect("index.php?module=user-users");
1779          }
1780  
1781          $cache->update_awaitingactivation();
1782  
1783          $plugins->run_hooks("admin_user_users_delete_commit_end");
1784  
1785          log_admin_action($user['uid'], $user['username']);
1786  
1787          flash_message($lang->success_user_deleted, 'success');
1788          admin_redirect("index.php?module=user-users");
1789      }
1790      else
1791      {
1792          $page->output_confirm_action("index.php?module=user-users&action=delete&uid={$user['uid']}", $lang->user_deletion_confirmation);
1793      }
1794  }
1795  
1796  if($mybb->input['action'] == "referrers")
1797  {
1798      $page->add_breadcrumb_item($lang->show_referrers);
1799      $page->output_header($lang->show_referrers);
1800  
1801      $sub_tabs['referrers'] = array(
1802          'title' => $lang->show_referrers,
1803          'link' => "index.php?module=user-users&amp;action=referrers&amp;uid={$mybb->input['uid']}",
1804          'description' => $lang->show_referrers_desc
1805      );
1806  
1807      $plugins->run_hooks("admin_user_users_referrers");
1808  
1809      $page->output_nav_tabs($sub_tabs, 'referrers');
1810  
1811      // Fetch default admin view
1812      $default_view = fetch_default_view("user");
1813      if(!$default_view)
1814      {
1815          $default_view = "0";
1816      }
1817      $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
1818      $admin_view = $db->fetch_array($query);
1819  
1820      if($mybb->input['type'])
1821      {
1822          $admin_view['view_type'] = $mybb->input['type'];
1823      }
1824  
1825      $admin_view['conditions'] = my_unserialize($admin_view['conditions']);
1826      $admin_view['conditions']['referrer'] = $mybb->input['uid'];
1827  
1828      $view = build_users_view($admin_view);
1829  
1830      // No referred users
1831      if(!$view)
1832      {
1833          $table = new Table;
1834          $table->construct_cell($lang->error_no_referred_users);
1835          $table->construct_row();
1836          $table->output($lang->show_referrers);
1837      }
1838      else
1839      {
1840          echo $view;
1841      }
1842  
1843      $page->output_footer();
1844  }
1845  
1846  if($mybb->input['action'] == "ipaddresses")
1847  {
1848      $page->add_breadcrumb_item($lang->ip_addresses);
1849      $page->output_header($lang->ip_addresses);
1850  
1851      $sub_tabs['ipaddresses'] = array(
1852          'title' => $lang->show_ip_addresses,
1853          'link' => "index.php?module=user-users&amp;action=ipaddresses&amp;uid={$mybb->input['uid']}",
1854          'description' => $lang->show_ip_addresses_desc
1855      );
1856  
1857      $plugins->run_hooks("admin_user_users_ipaddresses");
1858  
1859      $page->output_nav_tabs($sub_tabs, 'ipaddresses');
1860  
1861      $query = $db->simple_select("users", "uid, regip, username, lastip", "uid='{$mybb->input['uid']}'", array('limit' => 1));
1862      $user = $db->fetch_array($query);
1863  
1864      // Log admin action
1865      log_admin_action($user['uid'], $user['username']);
1866  
1867      $table = new Table;
1868  
1869      $table->construct_header($lang->ip_address);
1870      $table->construct_header($lang->controls, array('width' => 200, 'class' => "align_center"));
1871  
1872      if(empty($user['lastip']))
1873      {
1874          $user['lastip'] = $lang->unknown;
1875          $controls = '';
1876      }
1877      else
1878      {
1879          $user['lastip'] = my_inet_ntop($db->unescape_binary($user['lastip']));
1880          $popup = new PopupMenu("user_last", $lang->options);
1881          $popup->add_item($lang->show_users_regged_with_ip,
1882              "index.php?module=user-users&amp;action=search&amp;results=1&amp;conditions=".urlencode(my_serialize(array("regip" => $user['lastip']))));
1883          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $user['lastip']))));
1884          $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$user['lastip']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$user['lastip']}', null, true); return false;");
1885          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$user['lastip']}");
1886          $controls = $popup->fetch();
1887      }
1888      $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> ".$user['lastip']);
1889      $table->construct_cell($controls, array('class' => "align_center"));
1890      $table->construct_row();
1891  
1892      if(empty($user['regip']))
1893      {
1894          $user['regip'] = $lang->unknown;
1895          $controls = '';
1896      }
1897      else
1898      {
1899          $user['regip'] = my_inet_ntop($db->unescape_binary($user['regip']));
1900          $popup = new PopupMenu("user_reg", $lang->options);
1901          $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("regip" => $user['regip']))));
1902          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $user['regip']))));
1903          $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$user['regip']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$user['regip']}', null, true); return false;");
1904          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$user['regip']}");
1905          $controls = $popup->fetch();
1906      }
1907      $table->construct_cell("<strong>{$lang->registration_ip}:</strong> ".$user['regip']);
1908      $table->construct_cell($controls, array('class' => "align_center"));
1909      $table->construct_row();
1910  
1911      $counter = 0;
1912  
1913      $query = $db->simple_select("posts", "DISTINCT ipaddress", "uid='{$mybb->input['uid']}'");
1914      while($ip = $db->fetch_array($query))
1915      {
1916          ++$counter;
1917          $ip['ipaddress'] = my_inet_ntop($db->unescape_binary($ip['ipaddress']));
1918          $popup = new PopupMenu("id_{$counter}", $lang->options);
1919          $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("regip" => $ip['ipaddress']))));
1920          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $ip['ipaddress']))));
1921          $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$ip['ipaddress']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$ip['ipaddress']}', null, true); return false;");
1922          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$ip['ipaddress']}");
1923          $controls = $popup->fetch();
1924  
1925          $table->construct_cell($ip['ipaddress']);
1926          $table->construct_cell($controls, array('class' => "align_center"));
1927          $table->construct_row();
1928      }
1929  
1930      $table->output($lang->ip_address_for.' '.htmlspecialchars_uni($user['username']));
1931  
1932      $page->output_footer();
1933  }
1934  
1935  if($mybb->input['action'] == "merge")
1936  {
1937      $plugins->run_hooks("admin_user_users_merge");
1938  
1939      if($mybb->request_method == "post")
1940      {
1941          foreach(array('source', 'destination') as $target)
1942          {
1943              ${$target.'_user'} = get_user_by_username($mybb->input[$target.'_username'], array('fields' => '*'));
1944              if(!${$target.'_user'}['uid'])
1945              {
1946                  $errors[] = $lang->{'error_invalid_user_'.$target};
1947              }
1948          }
1949  
1950          // If we're not a super admin and we're merging a source super admin or a destination super admin then dissallow this action
1951          if(!is_super_admin($mybb->user['uid']) && (is_super_admin($source_user['uid']) || is_super_admin($destination_user['uid'])))
1952          {
1953              flash_message($lang->error_no_perms_super_admin, 'error');
1954              admin_redirect("index.php?module=user-users");
1955          }
1956  
1957          if($source_user['uid'] == $destination_user['uid'] && !empty($source_user['uid']))
1958          {
1959              $errors[] = $lang->error_cannot_merge_same_account;
1960          }
1961  
1962          if(empty($errors))
1963          {
1964              // Begin to merge the accounts
1965              $uid_update = array(
1966                  "uid" => $destination_user['uid']
1967              );
1968              $query = $db->simple_select("adminoptions", "uid", "uid='{$destination_user['uid']}'");
1969              $existing_admin_options = $db->fetch_field($query, "uid");
1970  
1971              // Only carry over admin options/permissions if we don't already have them
1972              if(!$existing_admin_options)
1973              {
1974                  $db->update_query("adminoptions", $uid_update, "uid='{$source_user['uid']}'");
1975              }
1976  
1977              $db->update_query("adminlog", $uid_update, "uid='{$source_user['uid']}'");
1978              $db->update_query("announcements", $uid_update, "uid='{$source_user['uid']}'");
1979              $db->update_query("events", $uid_update, "uid='{$source_user['uid']}'");
1980              $db->update_query("threadsubscriptions", $uid_update, "uid='{$source_user['uid']}'");
1981              $db->update_query("forumsubscriptions", $uid_update, "uid='{$source_user['uid']}'");
1982              $db->update_query("joinrequests", $uid_update, "uid='{$source_user['uid']}'");
1983              $db->update_query("moderatorlog", $uid_update, "uid='{$source_user['uid']}'");
1984              $db->update_query("pollvotes", $uid_update, "uid='{$source_user['uid']}'");
1985              $db->update_query("posts", $uid_update, "uid='{$source_user['uid']}'");
1986              $db->update_query("privatemessages", $uid_update, "uid='{$source_user['uid']}'");
1987              $db->update_query("reportedcontent", $uid_update, "uid='{$source_user['uid']}'");
1988              $db->update_query("threads", $uid_update, "uid='{$source_user['uid']}'");
1989              $db->update_query("warnings", $uid_update, "uid='{$source_user['uid']}'");
1990              $db->update_query("warnings", array("revokedby" => $destination_user['uid']), "revokedby='{$source_user['uid']}'");
1991              $db->update_query("warnings", array("issuedby" => $destination_user['uid']), "issuedby='{$source_user['uid']}'");
1992  
1993              // Thread ratings
1994              merge_thread_ratings($source_user['uid'], $destination_user['uid']);
1995  
1996              // Banning
1997              $db->update_query("banned", array('admin' => $destination_user['uid']), "admin = '{$source_user['uid']}'");
1998  
1999              // Carry over referrals
2000              $db->update_query("users", array("referrer" => ((int)$source_user['referrer'] + (int)$destination_user['referrer'])), "uid='{$destination_user['uid']}'");
2001              $db->update_query("users", array("referrals" => ((int)$source_user['referrals'] + (int)$destination_user['referrals'])), "uid='{$destination_user['uid']}'");
2002  
2003              // Merging Reputation
2004              // First, let's change all the details over to our new user...
2005              $db->update_query("reputation", array("adduid" => $destination_user['uid']), "adduid = '".$source_user['uid']."'");
2006              $db->update_query("reputation", array("uid" => $destination_user['uid']), "uid = '".$source_user['uid']."'");
2007  
2008              // Now that all the repuation is merged, figure out what to do with this user's comments...
2009              $options = array(
2010                  "order_by" => "uid",
2011                  "order_dir" => "ASC"
2012              );
2013  
2014              $to_remove = array();
2015              $query = $db->simple_select("reputation", "*", "adduid = '".$destination_user['uid']."'");
2016              while($rep = $db->fetch_array($query))
2017              {
2018                  if($rep['pid'] == 0 && $mybb->settings['multirep'] == 0 && $last_result['uid'] == $rep['uid'])
2019                  {
2020                      // Multiple reputation is disallowed, and this isn't a post, so let's remove this comment
2021                      $to_remove[] = $rep['rid'];
2022                  }
2023  
2024                  // Remove comments or posts liked by "me"
2025                  if($last_result['uid'] == $destination_user['uid'] || $rep['uid'] == $destination_user['uid'])
2026                  {
2027                      if(!in_array($rep['rid'], $to_remove))
2028                      {
2029                          $to_remove[] = $rep['rid'];
2030                          continue;
2031                      }
2032                  }
2033  
2034                  $last_result = array(
2035                      "rid" => $rep['rid'],
2036                      "uid" => $rep['uid']
2037                  );
2038              }
2039  
2040              // Remove any reputations we've selected to remove...
2041              if(!empty($to_remove))
2042              {
2043                  $imp = implode(",", $to_remove);
2044                  $db->delete_query("reputation", "rid IN (".$imp.")");
2045              }
2046  
2047              // Calculate the new reputation for this user...
2048              $query = $db->simple_select("reputation", "SUM(reputation) as total_rep", "uid='{$destination_user['uid']}'");
2049              $total_reputation = $db->fetch_field($query, "total_rep");
2050  
2051              $db->update_query("users", array('reputation' => (int)$total_reputation), "uid='{$destination_user['uid']}'");
2052  
2053              // Calculate warning points
2054              $query = $db->query("
2055                  SELECT SUM(points) as warn_lev
2056                  FROM ".TABLE_PREFIX."warnings
2057                  WHERE uid='{$source_user['uid']}' AND expired='0'
2058              ");
2059              $original_warn_level = $db->fetch_field($query, "warn_lev");
2060  
2061              $query = $db->query("
2062                  SELECT SUM(points) as warn_lev
2063                  FROM ".TABLE_PREFIX."warnings
2064                  WHERE uid='{$destination_user['uid']}' AND expired='0'
2065              ");
2066              $new_warn_level = $db->fetch_field($query, "warn_lev");
2067              $db->update_query("users", array("warningpoints" => (int)$original_warn_level + $new_warn_level), "uid='{$destination_user['uid']}'");
2068  
2069              // Additional updates for non-uid fields
2070              $last_poster = array(
2071                  "lastposteruid" => $destination_user['uid'],
2072                  "lastposter" => $db->escape_string($destination_user['username'])
2073              );
2074              $db->update_query("forums", $last_poster, "lastposteruid='{$source_user['uid']}'");
2075              $db->update_query("threads", $last_poster, "lastposteruid='{$source_user['uid']}'");
2076              $edit_uid = array(
2077                  "edituid" => $destination_user['uid']
2078              );
2079              $db->update_query("posts", $edit_uid, "edituid='{$source_user['uid']}'");
2080  
2081              $from_uid = array(
2082                  "fromid" => $destination_user['uid']
2083              );
2084              $db->update_query("privatemessages", $from_uid, "fromid='{$source_user['uid']}'");
2085              $to_uid = array(
2086                  "toid" => $destination_user['uid']
2087              );
2088              $db->update_query("privatemessages", $to_uid, "toid='{$source_user['uid']}'");
2089  
2090              // Buddy/ignore lists
2091              $destination_buddies = explode(',', $destination_user['buddylist']);
2092              $source_buddies = explode(',', $source_user['buddylist']);
2093              $buddies = array_unique(array_merge($source_buddies, $destination_buddies));
2094              // Make sure the new buddy list doesn't contain either users
2095              $buddies_array = array_diff($buddies, array($destination_user['uid'], $source_user['uid']));
2096  
2097              $destination_ignored = explode(',', $destination_user['ignorelist']);
2098              $source_ignored = explode(',', $destination_user['ignorelist']);
2099              $ignored = array_unique(array_merge($source_ignored, $destination_ignored));
2100              // ... and the same for the new ignore list
2101              $ignored_array = array_diff($ignored, array($destination_user['uid'], $source_user['uid']));
2102  
2103              // Remove any ignored users from the buddy list
2104              $buddies = array_diff($buddies_array, $ignored_array);
2105              // implode the arrays so we get a nice neat list for each
2106              $buddies = trim(implode(',', $buddies), ',');
2107              $ignored = trim(implode(',', $ignored_array), ',');
2108  
2109              $lists = array(
2110                  "buddylist" => $buddies,
2111                  "ignorelist" => $ignored
2112              );
2113              $db->update_query("users", $lists, "uid='{$destination_user['uid']}'");
2114  
2115              // Get a list of forums where post count doesn't apply
2116              $fids = array();
2117              $query = $db->simple_select("forums", "fid", "usepostcounts=0");
2118              while($fid = $db->fetch_field($query, "fid"))
2119              {
2120                  $fids[] = $fid;
2121              }
2122  
2123              $fids_not_in = '';
2124              if(!empty($fids))
2125              {
2126                  $fids_not_in = "AND fid NOT IN(".implode(',', $fids).")";
2127              }
2128  
2129              // Update user post count
2130              $query = $db->simple_select("posts", "COUNT(*) AS postnum", "uid='".$destination_user['uid']."' {$fids_not_in}");
2131              $num = $db->fetch_array($query);
2132              $updated_count = array(
2133                  "postnum" => $num['postnum']
2134              );
2135              $db->update_query("users", $updated_count, "uid='{$destination_user['uid']}'");
2136  
2137              // Update user thread count
2138              $query = $db->simple_select("threads", "COUNT(*) AS threadnum", "uid='".$destination_user['uid']."' {$fids_not_in}");
2139              $num = $db->fetch_array($query);
2140              $updated_count = array(
2141                  "threadnum" => $num['threadnum']
2142              );
2143              $db->update_query("users", $updated_count, "uid='{$destination_user['uid']}'");
2144  
2145              // Use the earliest registration date
2146              if($destination_user['regdate'] > $source_user['regdate'])
2147              {
2148                  $db->update_query("users", array('regdate' => $source_user['regdate']), "uid='{$destination_user['uid']}'");
2149              }
2150  
2151              $plugins->run_hooks("admin_user_users_merge_commit");
2152  
2153              // Set up user handler.
2154              require_once  MYBB_ROOT.'inc/datahandlers/user.php';
2155              $userhandler = new UserDataHandler('delete');
2156  
2157              // Delete the old user
2158              $userhandler->delete_user($source_user['uid']);
2159  
2160              $cache->update_awaitingactivation();
2161  
2162              // Log admin action
2163              log_admin_action($source_user['uid'], $source_user['username'], $destination_user['uid'], $destination_user['username']);
2164  
2165              // Redirect!
2166              $username = htmlspecialchars_uni($source_user['username']);
2167              $destination_username = htmlspecialchars_uni($destination_user['username']);
2168              flash_message("<strong>{$username}</strong> {$lang->success_merged} {$destination_username}", "success");
2169              admin_redirect("index.php?module=user-users");
2170              exit;
2171          }
2172      }
2173  
2174      $page->add_breadcrumb_item($lang->merge_users);
2175      $page->output_header($lang->merge_users);
2176  
2177      $page->output_nav_tabs($sub_tabs, 'merge_users');
2178  
2179      // If we have any error messages, show them
2180      if($errors)
2181      {
2182          $page->output_inline_error($errors);
2183      }
2184  
2185      $form = new Form("index.php?module=user-users&amp;action=merge", "post");
2186  
2187      $form_container = new FormContainer($lang->merge_users);
2188      $form_container->output_row($lang->source_account." <em>*</em>", $lang->source_account_desc, $form->generate_text_box('source_username', $mybb->input['source_username'], array('id' => 'source_username')), 'source_username');
2189      $form_container->output_row($lang->destination_account." <em>*</em>", $lang->destination_account_desc, $form->generate_text_box('destination_username', $mybb->input['destination_username'], array('id' => 'destination_username')), 'destination_username');
2190      $form_container->end();
2191  
2192      // Autocompletion for usernames
2193      echo '
2194      <link rel="stylesheet" href="../jscripts/select2/select2.css">
2195      <script type="text/javascript" src="../jscripts/select2/select2.min.js?ver=1804"></script>
2196      <script type="text/javascript">
2197      <!--
2198      $("#source_username").select2({
2199          placeholder: "'.$lang->search_for_a_user.'",
2200          minimumInputLength: 2,
2201          multiple: false,
2202          ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
2203              url: "../xmlhttp.php?action=get_users",
2204              dataType: \'json\',
2205              data: function (term, page) {
2206                  return {
2207                      query: term // search term
2208                  };
2209              },
2210              results: function (data, page) { // parse the results into the format expected by Select2.
2211                  // since we are using custom formatting functions we do not need to alter remote JSON data
2212                  return {results: data};
2213              }
2214          },
2215          initSelection: function(element, callback) {
2216              var query = $(element).val();
2217              if (query !== "") {
2218                  $.ajax("../xmlhttp.php?action=get_users&getone=1", {
2219                      data: {
2220                          query: query
2221                      },
2222                      dataType: "json"
2223                  }).done(function(data) { callback(data); });
2224              }
2225          }
2226      });
2227      $("#destination_username").select2({
2228          placeholder: "'.$lang->search_for_a_user.'",
2229          minimumInputLength: 2,
2230          multiple: false,
2231          ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
2232              url: "../xmlhttp.php?action=get_users",
2233              dataType: \'json\',
2234              data: function (term, page) {
2235                  return {
2236                      query: term // search term
2237                  };
2238              },
2239              results: function (data, page) { // parse the results into the format expected by Select2.
2240                  // since we are using custom formatting functions we do not need to alter remote JSON data
2241                  return {results: data};
2242              }
2243          },
2244          initSelection: function(element, callback) {
2245              var query = $(element).val();
2246              if (query !== "") {
2247                  $.ajax("../xmlhttp.php?action=get_users&getone=1", {
2248                      data: {
2249                          query: query
2250                      },
2251                      dataType: "json"
2252                  }).done(function(data) { callback(data); });
2253              }
2254          }
2255      });
2256      // -->
2257      </script>';
2258  
2259      $buttons[] = $form->generate_submit_button($lang->merge_user_accounts);
2260      $form->output_submit_wrapper($buttons);
2261      $form->end();
2262  
2263      $page->output_footer();
2264  }
2265  
2266  if($mybb->input['action'] == "search")
2267  {
2268      $plugins->run_hooks("admin_user_users_search");
2269  
2270      if($mybb->request_method == "post" || $mybb->input['results'] == 1)
2271      {
2272          // Build view options from incoming search options
2273          if($mybb->input['vid'])
2274          {
2275              $query = $db->simple_select("adminviews", "*", "vid='".$mybb->get_input('vid', MyBB::INPUT_INT)."'");
2276              $admin_view = $db->fetch_array($query);
2277              // View does not exist or this view is private and does not belong to the current user
2278              if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
2279              {
2280                  unset($admin_view);
2281              }
2282          }
2283  
2284          if($mybb->input['search_id'] && $admin_session['data']['user_views'][$mybb->input['search_id']])
2285          {
2286              $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
2287              unset($admin_view['extra_sql']);
2288          }
2289          else
2290          {
2291              // Don't have a view? Fetch the default
2292              if(!$admin_view['vid'])
2293              {
2294                  $default_view = fetch_default_view("user");
2295                  if(!$default_view)
2296                  {
2297                      $default_view = "0";
2298                  }
2299                  $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
2300                  $admin_view = $db->fetch_array($query);
2301              }
2302          }
2303  
2304          // Override specific parts of the view
2305          unset($admin_view['vid']);
2306  
2307          if($mybb->input['type'])
2308          {
2309              $admin_view['view_type'] = $mybb->input['type'];
2310          }
2311  
2312          if($mybb->input['conditions'])
2313          {
2314              $admin_view['conditions'] = $mybb->input['conditions'];
2315          }
2316  
2317          if($mybb->input['sortby'])
2318          {
2319              $admin_view['sortby'] = $mybb->input['sortby'];
2320          }
2321  
2322          if($mybb->get_input('perpage', MyBB::INPUT_INT))
2323          {
2324              $admin_view['perpage'] = $mybb->input['perpage'];
2325          }
2326  
2327          if($mybb->input['order'])
2328          {
2329              $admin_view['sortorder'] = $mybb->input['order'];
2330          }
2331  
2332          if($mybb->input['displayas'])
2333          {
2334              $admin_view['view_type'] = $mybb->input['displayas'];
2335          }
2336  
2337          if($mybb->input['profile_fields'])
2338          {
2339              $admin_view['custom_profile_fields'] = $mybb->input['profile_fields'];
2340          }
2341  
2342          $plugins->run_hooks("admin_user_users_search_commit");
2343  
2344          $results = build_users_view($admin_view);
2345  
2346          if($results)
2347          {
2348              $page->output_header($lang->find_users);
2349              echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>";
2350              $page->output_nav_tabs($sub_tabs, 'find_users');
2351              echo $results;
2352              $page->output_footer();
2353          }
2354          else
2355          {
2356              if($mybb->input['from'] == "home")
2357              {
2358                  flash_message($lang->error_no_users_found, 'error');
2359                  admin_redirect("index.php");
2360                  exit;
2361              }
2362              else
2363              {
2364                  $errors[] = $lang->error_no_users_found;
2365              }
2366          }
2367      }
2368  
2369      $page->add_breadcrumb_item($lang->find_users);
2370      $page->output_header($lang->find_users);
2371  
2372      $page->output_nav_tabs($sub_tabs, 'find_users');
2373  
2374      // If we have any error messages, show them
2375      if($errors)
2376      {
2377          $page->output_inline_error($errors);
2378      }
2379  
2380      if(!$mybb->input['displayas'])
2381      {
2382          $mybb->input['displayas'] = "card";
2383      }
2384  
2385      $form = new Form("index.php?module=user-users&amp;action=search", "post");
2386  
2387      user_search_conditions($mybb->input, $form);
2388  
2389      $form_container = new FormContainer($lang->display_options);
2390      $sort_directions = array(
2391          "asc" => $lang->ascending,
2392          "desc" => $lang->descending
2393      );
2394      $form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby'))." {$lang->in} ".$form->generate_select_box('order', $sort_directions, $mybb->input['order'], array('id' => 'order')), 'sortby');
2395      $form_container->output_row($lang->results_per_page, "", $form->generate_numeric_field('perpage', $mybb->input['perpage'], array('id' => 'perpage', 'min' => 1)), 'perpage');
2396      $form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('displayas', 'table', $lang->table, array('checked' => ($mybb->input['displayas'] != "card" ? true : false)))."<br />".$form->generate_radio_button('displayas', 'card', $lang->business_card, array('checked' => ($mybb->input['displayas'] == "card" ? true : false))));
2397      $form_container->end();
2398  
2399      $buttons[] = $form->generate_submit_button($lang->find_users);
2400      $form->output_submit_wrapper($buttons);
2401      $form->end();
2402  
2403      $page->output_footer();
2404  }
2405  
2406  if($mybb->input['action'] == "inline_edit")
2407  {
2408      $plugins->run_hooks("admin_user_users_inline");
2409  
2410      if($mybb->input['vid'] || $mybb->cookies['acp_view'])
2411      {
2412          // We have a custom view
2413          if(!$mybb->cookies['acp_view'])
2414          {
2415              // Set a cookie
2416              my_setcookie("acp_view", $mybb->input['vid'], 60);
2417          }
2418          elseif($mybb->cookies['acp_view'])
2419          {
2420              // We already have a cookie, so let's use it...
2421              $mybb->input['vid'] = $mybb->cookies['acp_view'];
2422          }
2423  
2424          $vid_url = "&amp;vid=".$mybb->input['vid'];
2425      }
2426  
2427      // First, collect the user IDs that we're performing the moderation on
2428      $ids = explode("|", $mybb->cookies['inlinemod_useracp']);
2429      foreach($ids as $id)
2430      {
2431          if($id != '')
2432          {
2433              $selected[] = (int)$id;
2434          }
2435      }
2436  
2437      // Verify incoming POST request
2438      if(!verify_post_check($mybb->input['my_post_key']))
2439      {
2440          flash_message($lang->invalid_post_verify_key2, 'error');
2441          admin_redirect("index.php?module=user-user");
2442      }
2443      $sub_tabs['manage_users'] = array(
2444          "title" => $lang->manage_users,
2445          "link" => "./",
2446          "description" => $lang->manage_users_desc
2447      );
2448      $page->add_breadcrumb_item($lang->manage_users);
2449  
2450      if(!is_array($selected))
2451      {
2452          // Not selected any users, show error
2453          flash_message($lang->error_inline_no_users_selected, 'error');
2454          admin_redirect("index.php?module=user-users".$vid_url);
2455      }
2456  
2457      switch($mybb->input['inline_action'])
2458      {
2459          case 'multiactivate':
2460              // Run through the activating users, so that users already registered (but have been selected) aren't affected
2461              if(is_array($selected))
2462              {
2463                  $sql_array = implode(",", $selected);
2464                  $query = $db->simple_select("users", "uid, username, email", "usergroup = '5' AND uid IN (".$sql_array.")");
2465                  $user_mail_data = array();
2466                  while($user = $db->fetch_array($query))
2467                  {
2468                      $to_update[] = $user['uid'];
2469                      $user_mail_data[] = array('username' => $user['username'], 'email' => $user['email']);
2470                  }
2471              }
2472  
2473              if(is_array($to_update))
2474              {
2475                  $sql_array = implode(",", $to_update);
2476                  $db->write_query("UPDATE ".TABLE_PREFIX."users SET usergroup = '2' WHERE uid IN (".$sql_array.")");
2477  
2478                  $cache->update_awaitingactivation();
2479  
2480                  // send activation mail
2481                  foreach($user_mail_data as $mail_data)
2482                  {
2483                      $message = $lang->sprintf($lang->email_adminactivateaccount, $mail_data['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
2484                      my_mail($mail_data['email'], $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']), $message);
2485                  }
2486  
2487                  // Action complete, grab stats and show success message - redirect user
2488                  $to_update_count = count($to_update);
2489                  $lang->inline_activated = $lang->sprintf($lang->inline_activated, my_number_format($to_update_count));
2490  
2491                  if(is_array($selected) && $to_update_count != count($selected))
2492                  {
2493                      // The update count is different to how many we selected!
2494                      $not_updated_count = count($selected) - $to_update_count;
2495                      $lang->inline_activated_more = $lang->sprintf($lang->inline_activated_more, my_number_format($not_updated_count));
2496                      $lang->inline_activated = $lang->inline_activated."<br />".$lang->inline_activated_more; // Add these stats to the message
2497                  }
2498  
2499                  $mybb->input['action'] = "inline_activated"; // Force a change to the action so we can add it to the adminlog
2500                  log_admin_action($to_update_count); // Add to adminlog
2501                  my_unsetcookie("inlinemod_useracp"); // Unset the cookie, so that the users aren't still selected when we're redirected
2502  
2503                  flash_message($lang->inline_activated, 'success');
2504                  admin_redirect("index.php?module=user-users".$vid_url);
2505              }
2506              else
2507              {
2508                  // Nothing was updated, show an error
2509                  flash_message($lang->inline_activated_failed, 'error');
2510                  admin_redirect("index.php?module=user-users".$vid_url);
2511              }
2512              break;
2513          case 'multilift':
2514              // Get the users that are banned, and check that they have been selected
2515              if($mybb->input['no'])
2516              {
2517                  admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No'
2518              }
2519  
2520              if($mybb->request_method == "post")
2521              {
2522                  $sql_array = implode(",", $selected);
2523                  $query = $db->simple_select("banned", "*", "uid IN (".$sql_array.")");
2524                  $to_be_unbanned = $db->num_rows($query);
2525                  while($ban = $db->fetch_array($query))
2526                  {
2527                      $updated_group = array(
2528                          "usergroup" => $ban['oldgroup'],
2529                          "additionalgroups" => $ban['oldadditionalgroups'],
2530                          "displaygroup" => $ban['olddisplaygroup']
2531                      );
2532                      $db->update_query("users", $updated_group, "uid = '".$ban['uid']."'");
2533                      $db->delete_query("banned", "uid = '".$ban['uid']."'");
2534                  }
2535  
2536                  $cache->update_banned();
2537                  $cache->update_moderators();
2538  
2539                  $mybb->input['action'] = "inline_lift";
2540                  log_admin_action($to_be_unbanned);
2541                  my_unsetcookie("inlinemod_useracp");
2542  
2543                  $lang->success_ban_lifted = $lang->sprintf($lang->success_ban_lifted, my_number_format($to_be_unbanned));
2544                  flash_message($lang->success_ban_lifted, 'success');
2545                  admin_redirect("index.php?module=user-users".$vid_url);
2546              }
2547              else
2548              {
2549                  $page->output_confirm_action("index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multilift", $lang->confirm_multilift);
2550              }
2551  
2552              break;
2553          case 'multiban':
2554              if($mybb->input['processed'] == 1)
2555              {
2556                  // We've posted ban information!
2557                  // Build an array of users to ban, =D
2558                  $sql_array = implode(",", $selected);
2559                  // Build a cache array for this users that have been banned already
2560                  $query = $db->simple_select("banned", "uid", "uid IN (".$sql_array.")");
2561                  while($user = $db->fetch_array($query))
2562                  {
2563                      $bannedcache[] = "u_".$user['uid'];
2564                  }
2565  
2566                  // Collect the users
2567                  $query = $db->simple_select("users", "uid, username, usergroup, additionalgroups, displaygroup", "uid IN (".$sql_array.")");
2568  
2569                  if($mybb->input['bantime'] == '---')
2570                  {
2571                      $lifted = 0;
2572                  }
2573                  else
2574                  {
2575                      $lifted = ban_date2timestamp($mybb->input['bantime']);
2576                  }
2577  
2578                  $reason = my_substr($mybb->input['reason'], 0, 255);
2579  
2580                  $banned_count = 0;
2581                  while($user = $db->fetch_array($query))
2582                  {
2583                      if($user['uid'] == $mybb->user['uid'] || is_super_admin($user['uid']))
2584                      {
2585                          // We remove ourselves and Super Admins from the mix
2586                          continue;
2587                      }
2588  
2589                      if(is_array($bannedcache) && in_array("u_".$user['uid'], $bannedcache))
2590                      {
2591                          // User already has a ban, update it!
2592                          $update_array = array(
2593                              "admin" => (int)$mybb->user['uid'],
2594                              "dateline" => TIME_NOW,
2595                              "bantime" => $db->escape_string($mybb->input['bantime']),
2596                              "lifted" => $db->escape_string($lifted),
2597                              "reason" => $db->escape_string($reason)
2598                          );
2599                          $db->update_query("banned", $update_array, "uid = '".$user['uid']."'");
2600                      }
2601                      else
2602                      {
2603                          // Not currently banned - insert the ban
2604                          $insert_array = array(
2605                              'uid' => $user['uid'],
2606                              'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
2607                              'oldgroup' => $user['usergroup'],
2608                              'oldadditionalgroups' => $user['additionalgroups'],
2609                              'olddisplaygroup' => $user['displaygroup'],
2610                              'admin' => (int)$mybb->user['uid'],
2611                              'dateline' => TIME_NOW,
2612                              'bantime' => $db->escape_string($mybb->input['bantime']),
2613                              'lifted' => $db->escape_string($lifted),
2614                              'reason' => $db->escape_string($reason)
2615                          );
2616                          $db->insert_query('banned', $insert_array);
2617                      }
2618  
2619                      // Moved the user to the 'Banned' Group
2620                      $update_array = array(
2621                          'usergroup' => 7,
2622                          'displaygroup' => 0,
2623                          'additionalgroups' => '',
2624                      );
2625                      $db->update_query('users', $update_array, "uid = '{$user['uid']}'");
2626  
2627                      $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'");
2628                      $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'");
2629  
2630                      $cache->update_banned();
2631                      ++$banned_count;
2632                  }
2633                  $mybb->input['action'] = "inline_banned";
2634                  log_admin_action($banned_count, $lifted);
2635                  my_unsetcookie("inlinemod_useracp"); // Remove the cookie of selected users as we've finished with them
2636  
2637                  $lang->users_banned = $lang->sprintf($lang->users_banned, $banned_count);
2638                  flash_message($lang->users_banned, 'success');
2639                  admin_redirect("index.php?module=user-users".$vid_url);
2640              }
2641  
2642              $page->output_header($lang->manage_users);
2643              $page->output_nav_tabs($sub_tabs, 'manage_users');
2644  
2645              // Provide the user with a warning of what they're about to do
2646              $table = new Table;
2647              $lang->mass_ban_info = $lang->sprintf($lang->mass_ban_info, count($selected));
2648              $table->construct_cell($lang->mass_ban_info);
2649              $table->construct_row();
2650              $table->output($lang->important);
2651  
2652              // If there's any errors, display inline
2653              if($errors)
2654              {
2655                  $page->output_inline_error($errors);
2656              }
2657  
2658              $form = new Form("index.php?module=user-users", "post");
2659              echo $form->generate_hidden_field('action', 'inline_edit');
2660              echo $form->generate_hidden_field('inline_action', 'multiban');
2661              echo $form->generate_hidden_field('processed', '1');
2662  
2663              $form_container = new FormContainer('<div class="float_right"><a href="index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multilift&amp;my_post_key='.$mybb->post_code.'">'.$lang->lift_bans.'</a></div>'.$lang->mass_ban);
2664              $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
2665              $ban_times = fetch_ban_times();
2666              foreach($ban_times as $time => $period)
2667              {
2668                  if($time != '---')
2669                  {
2670                      $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
2671                      $period = "{$period} ({$friendly_time})";
2672                  }
2673                  $length_list[$time] = $period;
2674              }
2675              $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
2676              $form_container->end();
2677  
2678              $buttons[] = $form->generate_submit_button($lang->ban_users);
2679              $form->output_submit_wrapper($buttons);
2680              $form->end();
2681              $page->output_footer();
2682              break;
2683          case 'multidelete':
2684              if($mybb->input['no'])
2685              {
2686                  admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No
2687              }
2688              else
2689              {
2690                  if($mybb->input['processed'] == 1)
2691                  {
2692                      // Set up user handler.
2693                      require_once  MYBB_ROOT.'inc/datahandlers/user.php';
2694                      $userhandler = new UserDataHandler('delete');
2695  
2696                      // Delete users
2697                      $deleted = $userhandler->delete_user($selected);
2698                      $to_be_deleted = $deleted['deleted_users']; // Get the correct number of deleted users
2699  
2700                      // Update forum stats, remove the cookie and redirect the user
2701                      my_unsetcookie("inlinemod_useracp");
2702                      $mybb->input['action'] = "inline_delete";
2703                      log_admin_action($to_be_deleted);
2704  
2705                      $lang->users_deleted = $lang->sprintf($lang->users_deleted, $to_be_deleted);
2706  
2707                      $cache->update_awaitingactivation();
2708  
2709                      flash_message($lang->users_deleted, 'success');
2710                      admin_redirect("index.php?module=user-users".$vid_url);
2711                  }
2712  
2713                  $to_be_deleted = count($selected);
2714                  $lang->confirm_multidelete = $lang->sprintf($lang->confirm_multidelete, my_number_format($to_be_deleted));
2715                  $page->output_confirm_action("index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multidelete&amp;my_post_key={$mybb->post_code}&amp;processed=1", $lang->confirm_multidelete);
2716              }
2717              break;
2718          case 'multiprune':
2719              if($mybb->input['processed'] == 1)
2720              {
2721                  if(($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year']) && $mybb->input['set'])
2722                  {
2723                      $errors[] = $lang->multi_selected_dates;
2724                  }
2725  
2726                  $day = $mybb->get_input('day', MyBB::INPUT_INT);
2727                  $month = $mybb->get_input('month', MyBB::INPUT_INT);
2728                  $year = $mybb->get_input('year', MyBB::INPUT_INT);
2729  
2730                  // Selected a date - check if the date the user entered is valid
2731                  if($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year'])
2732                  {
2733                      // Is the date sort of valid?
2734                      if($day < 1 || $day > 31 || $month < 1 || $month > 12 || ($month == 2 && $day > 29))
2735                      {
2736                          $errors[] = $lang->incorrect_date;
2737                      }
2738  
2739                      // Check the month
2740                      $months = get_bdays($year);
2741                      if($day > $months[$month-1])
2742                      {
2743                          $errors[] = $lang->incorrect_date;
2744                      }
2745  
2746                      // Check the year
2747                      if($year != 0 && ($year < (date("Y")-100)) || $year > date("Y"))
2748                      {
2749                          $errors[] = $lang->incorrect_date;
2750                      }
2751  
2752                      if(!$errors)
2753                      {
2754                          // No errors, so let's continue and set the date to delete from
2755                          $date = mktime(date('H'), date('i'), date('s'), $month, $day, $year); // Generate a unix time stamp
2756                      }
2757                  }
2758                  elseif($mybb->input['set'] > 0)
2759                  {
2760                      // Set options
2761                      // For this purpose, 1 month = 31 days
2762                      $base_time = 24 * 60 * 60;
2763  
2764                      switch($mybb->input['set'])
2765                      {
2766                          case '1':
2767                              $threshold = $base_time * 31; // 1 month = 31 days, in the standard terms
2768                              break;
2769                          case '2':
2770                              $threshold = $base_time * 93; // 3 months = 31 days * 3
2771                              break;
2772                          case '3':
2773                              $threshold = $base_time * 183; // 6 months = 365 days / 2
2774                              break;
2775                          case '4':
2776                              $threshold = $base_time * 365; // 1 year = 365 days
2777                              break;
2778                          case '5':
2779                              $threshold = $base_time * 548; // 18 months = 365 + 183
2780                              break;
2781                          case '6':
2782                              $threshold = $base_time * 730; // 2 years = 365 * 2
2783                              break;
2784                      }
2785  
2786                      if(!$threshold)
2787                      {
2788                          // An option was entered that isn't in the dropdown box
2789                          $errors[] = $lang->no_set_option;
2790                      }
2791                      else
2792                      {
2793                          $date = TIME_NOW - $threshold;
2794                      }
2795                  }
2796                  else
2797                  {
2798                      $errors[] = $lang->no_prune_option;
2799                  }
2800  
2801                  if(!$errors)
2802                  {
2803                      $sql_array = implode(",", $selected);
2804                      $prune_array = array();
2805                      $query = $db->simple_select("users", "uid", "uid IN (".$sql_array.")");
2806                      while($user = $db->fetch_array($query))
2807                      {
2808                          // Protect Super Admins
2809                          if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid']))
2810                          {
2811                              continue;
2812                          }
2813  
2814                          $return_array = delete_user_posts($user['uid'], $date); // Delete user posts, and grab a list of threads to delete
2815                          if($return_array && is_array($return_array))
2816                          {
2817                              $prune_array = array_merge_recursive($prune_array, $return_array);
2818                          }
2819                      }
2820  
2821                      // No posts were found for the user, return error
2822                      if(!is_array($prune_array) || count($prune_array) == 0)
2823                      {
2824                          flash_message($lang->prune_fail, 'error');
2825                          admin_redirect("index.php?module=user-users".$vid_url);
2826                      }
2827  
2828                      // Require the rebuild functions
2829                      require_once  MYBB_ROOT.'/inc/functions.php';
2830                      require_once  MYBB_ROOT.'/inc/functions_rebuild.php';
2831  
2832                      // We've finished deleting user's posts, so let's delete the threads
2833                      if(is_array($prune_array['to_delete']) && count($prune_array['to_delete']) > 0)
2834                      {
2835                          foreach($prune_array['to_delete'] as $tid)
2836                          {
2837                              $db->delete_query("threads", "tid='$tid'");
2838                              $db->delete_query("threads", "closed='moved|$tid'");
2839                              $db->delete_query("threadsubscriptions", "tid='$tid'");
2840                              $db->delete_query("polls", "tid='$tid'");
2841                              $db->delete_query("threadsread", "tid='$tid'");
2842                              $db->delete_query("threadratings", "tid='$tid'");
2843                          }
2844                      }
2845  
2846                      // After deleting threads, rebuild the thread counters for the affected threads
2847                      if(is_array($prune_array['thread_update']) && count($prune_array['thread_update']) > 0)
2848                      {
2849                          $sql_array = implode(",", $prune_array['thread_update']);
2850                          $query = $db->simple_select("threads", "tid", "tid IN (".$sql_array.")", array('order_by' => 'tid', 'order_dir' => 'asc'));
2851                          while($thread = $db->fetch_array($query))
2852                          {
2853                              rebuild_thread_counters($thread['tid']);
2854                          }
2855                      }
2856  
2857                      // After updating thread counters, update the affected forum counters
2858                      if(is_array($prune_array['forum_update']) && count($prune_array['forum_update']) > 0)
2859                      {
2860                          $sql_array = implode(",", $prune_array['forum_update']);
2861                          $query = $db->simple_select("forums", "fid", "fid IN (".$sql_array.")", array('order_by' => 'fid', 'order_dir' => 'asc'));
2862                          while($forum = $db->fetch_array($query))
2863                          {
2864                              // Because we have a recursive array merge, check to see if there isn't a duplicated forum to update
2865                              if($looped_forum == $forum['fid'])
2866                              {
2867                                  continue;
2868                              }
2869                              $looped_forum = $forum['fid'];
2870                              rebuild_forum_counters($forum['fid']);
2871                          }
2872                      }
2873  
2874                      //log_admin_action();
2875                      my_unsetcookie("inlinemod_useracp"); // We've got our users, remove the cookie
2876                      flash_message($lang->prune_complete, 'success');
2877                      admin_redirect("index.php?module=user-users".$vid_url);
2878                  }
2879              }
2880  
2881              $page->output_header($lang->manage_users);
2882              $page->output_nav_tabs($sub_tabs, 'manage_users');
2883  
2884              // Display a table warning
2885              $table = new Table;
2886              $lang->mass_prune_info = $lang->sprintf($lang->mass_prune_info, count($selected));
2887              $table->construct_cell($lang->mass_prune_info);
2888              $table->construct_row();
2889              $table->output($lang->important);
2890  
2891              if($errors)
2892              {
2893                  $page->output_inline_error($errors);
2894              }
2895  
2896              // Display the prune options
2897              $form = new Form("index.php?module=user-users", "post");
2898              echo $form->generate_hidden_field('action', 'inline_edit');
2899              echo $form->generate_hidden_field('inline_action', 'multiprune');
2900              echo $form->generate_hidden_field('processed', '1');
2901  
2902              $form_container = new FormContainer($lang->mass_prune_posts);
2903  
2904              // Generate a list of days (1 - 31)
2905              $day_options = array();
2906              $day_options[] = "&nbsp;";
2907              for($i = 1; $i <= 31; ++$i)
2908              {
2909                  $day_options[] = $i;
2910              }
2911  
2912              // Generate a list of months (1 - 12)
2913              $month_options = array();
2914              $month_options[] = "&nbsp;";
2915              for($i = 1; $i <= 12; ++$i)
2916              {
2917                  $string = "month_{$i}";
2918                  $month_options[] = $lang->$string;
2919              }
2920              $date_box = $form->generate_select_box('day', $day_options, $mybb->input['day']);
2921              $month_box = $form->generate_select_box('month', $month_options, $mybb->input['month']);
2922              $year_box = $form->generate_numeric_field('year', $mybb->input['year'], array('id' => 'year', 'style' => 'width: 50px;', 'min' => 0));
2923  
2924              $prune_select = $date_box.$month_box.$year_box;
2925              $form_container->output_row($lang->manual_date, "", $prune_select, 'date');
2926  
2927              // Generate the set date box
2928              $set_options = array();
2929              $set_options[] = $lang->set_an_option;
2930              for($i = 1; $i <= 6; ++$i)
2931              {
2932                  $string = "option_{$i}";
2933                  $set_options[] = $lang->$string;
2934              }
2935  
2936              $form_container->output_row($lang->relative_date, "", $lang->delete_posts." ".$form->generate_select_box('set', $set_options, $mybb->input['set']), 'set');
2937              $form_container->end();
2938  
2939              $buttons[] = $form->generate_submit_button($lang->prune_posts);
2940              $form->output_submit_wrapper($buttons);
2941              $form->end();
2942              $page->output_footer();
2943              break;
2944          case 'multiusergroup':
2945              if($mybb->input['processed'] == 1)
2946              {
2947                  // Determine additional usergroups
2948                  if(is_array($mybb->input['additionalgroups']))
2949                  {
2950                      foreach($mybb->input['additionalgroups'] as $key => $gid)
2951                      {
2952                          if($gid == $mybb->input['usergroup'])
2953                          {
2954                              unset($mybb->input['additionalgroups'][$key]);
2955                          }
2956                      }
2957  
2958                      $additionalgroups = implode(",", array_map('intval', $mybb->input['additionalgroups']));
2959                  }
2960                  else
2961                  {
2962                      $additionalgroups = '';
2963                  }
2964  
2965                  // Create an update array
2966                  $update_array = array(
2967                      "usergroup" => $mybb->get_input('usergroup', MyBB::INPUT_INT),
2968                      "additionalgroups" => $additionalgroups,
2969                      "displaygroup" => $mybb->get_input('displaygroup', MyBB::INPUT_INT)
2970                  );
2971  
2972                  // Do the usergroup update for all those selected
2973                  // If the a selected user is a super admin, don't update that user
2974                  $users_to_update = array();
2975                  foreach($selected as $user)
2976                  {
2977                      if(!is_super_admin($user))
2978                      {
2979                          $users_to_update[] = $user;
2980                      }
2981                  }
2982  
2983                  $to_update_count = count($users_to_update);
2984                  if($to_update_count > 0)
2985                  {
2986                      // Update the users in the database
2987                      $sql = implode(",", $users_to_update);
2988                      $db->update_query("users", $update_array, "uid IN (".$sql.")");
2989  
2990                      // Redirect the admin...
2991                      $mybb->input['action'] = "inline_usergroup";
2992                      log_admin_action($to_update_count);
2993                      my_unsetcookie("inlinemod_useracp");
2994                      flash_message($lang->success_mass_usergroups, 'success');
2995                      admin_redirect("index.php?module=user-users".$vid_url);
2996                  }
2997                  else
2998                  {
2999                      // They tried to edit super admins! Uh-oh!
3000                      $errors[] = $lang->no_usergroup_changed;
3001                  }
3002              }
3003  
3004              $page->output_header($lang->manage_users);
3005              $page->output_nav_tabs($sub_tabs, 'manage_users');
3006  
3007              // Display a table warning
3008              $table = new Table;
3009              $lang->usergroup_info = $lang->sprintf($lang->usergroup_info, count($selected));
3010              $table->construct_cell($lang->usergroup_info);
3011              $table->construct_row();
3012              $table->output($lang->important);
3013  
3014              if($errors)
3015              {
3016                  $page->output_inline_error($errors);
3017              }
3018  
3019              // Display the usergroup options
3020              $form = new Form("index.php?module=user-users", "post");
3021              echo $form->generate_hidden_field('action', 'inline_edit');
3022              echo $form->generate_hidden_field('inline_action', 'multiusergroup');
3023              echo $form->generate_hidden_field('processed', '1');
3024  
3025              $form_container = new FormContainer($lang->mass_usergroups);
3026  
3027              // Usergroups
3028              $display_group_options[0] = $lang->use_primary_user_group;
3029              $options = array();
3030              $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
3031              while($usergroup = $db->fetch_array($query))
3032              {
3033                  $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
3034                  $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
3035              }
3036  
3037              if(!is_array($mybb->input['additionalgroups']))
3038              {
3039                  $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
3040              }
3041  
3042              $form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
3043              $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
3044              $form_container->output_row($lang->display_user_group, "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
3045  
3046              $form_container->end();
3047  
3048              $buttons[] = $form->generate_submit_button($lang->alter_usergroups);
3049              $form->output_submit_wrapper($buttons);
3050              $form->end();
3051              $page->output_footer();
3052              break;
3053      }
3054  }
3055  
3056  if(!$mybb->input['action'])
3057  {
3058      $plugins->run_hooks("admin_user_users_start");
3059  
3060      $page->output_header($lang->browse_users);
3061      echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>";
3062  
3063      $page->output_nav_tabs($sub_tabs, 'browse_users');
3064  
3065      if(isset($mybb->input['search_id']) && $admin_session['data']['user_views'][$mybb->input['search_id']])
3066      {
3067          $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
3068          unset($admin_view['extra_sql']);
3069      }
3070      else
3071      {
3072          // Showing a specific view
3073          if(isset($mybb->input['vid']))
3074          {
3075              $query = $db->simple_select("adminviews", "*", "vid='".$mybb->get_input('vid', MyBB::INPUT_INT)."'");
3076              $admin_view = $db->fetch_array($query);
3077              // View does not exist or this view is private and does not belong to the current user
3078              if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
3079              {
3080                  unset($admin_view);
3081              }
3082          }
3083  
3084          // Don't have a view? Fetch the default
3085          if(!isset($admin_view))
3086          {
3087              $default_view = fetch_default_view("user");
3088              if(!$default_view)
3089              {
3090                  $default_view = "0";
3091              }
3092              $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
3093              $admin_view = $db->fetch_array($query);
3094          }
3095      }
3096  
3097      // Fetch a list of all of the views for this user
3098      $popup = new PopupMenu("views", $lang->views);
3099  
3100      $query = $db->simple_select("adminviews", "*", "type='user' AND (visibility=2 OR uid={$mybb->user['uid']})", array("order_by" => "title"));
3101      while($view = $db->fetch_array($query))
3102      {
3103          $popup->add_item(htmlspecialchars_uni($view['title']), "index.php?module=user-users&amp;vid={$view['vid']}");
3104      }
3105      $popup->add_item("<em>{$lang->manage_views}</em>", "index.php?module=user-users&amp;action=views");
3106      $admin_view['popup'] = $popup->fetch();
3107  
3108      if(isset($mybb->input['type']))
3109      {
3110          $admin_view['view_type'] = $mybb->input['type'];
3111      }
3112  
3113      $results = build_users_view($admin_view);
3114  
3115      if(!$results)
3116      {
3117          // If we came from the home page and clicked on the "Activate Users" link, send them back to here
3118          if($admin_session['data']['from'] == "home")
3119          {
3120              flash_message($admin_session['data']['flash_message2']['message'], $admin_session['data']['flash_message2']['type']);
3121              update_admin_session('flash_message2', '');
3122              update_admin_session('from', '');
3123              admin_redirect("index.php");
3124              exit;
3125          }
3126          else
3127          {
3128              $errors[] = $lang->error_no_users_found;
3129          }
3130      }
3131  
3132      // If we have any error messages, show them
3133      if($errors)
3134      {
3135          if($inline != true)
3136          {
3137              echo "<div style=\"display: inline; float: right;\">{$admin_view['popup']}</div><br />\n";
3138          }
3139          $page->output_inline_error($errors);
3140      }
3141  
3142      echo $results;
3143  
3144      $page->output_footer();
3145  }
3146  
3147  /**
3148   * @param array $view
3149   *
3150   * @return string
3151   */
3152  function build_users_view($view)
3153  {
3154      global $mybb, $db, $cache, $lang, $user_view_fields, $page;
3155  
3156      if($view['view_type'] != 'card')
3157      {
3158          $view['view_type'] = 'table';
3159      }
3160  
3161      $view_title = '';
3162      if($view['title'])
3163      {
3164          $title_string = "view_title_{$view['vid']}";
3165  
3166          if($lang->$title_string)
3167          {
3168              $view['title'] = $lang->$title_string;
3169          }
3170  
3171          $view_title .= " (".htmlspecialchars_uni($view['title']).")";
3172      }
3173  
3174      // Build the URL to this view
3175      if(!isset($view['url']))
3176      {
3177          $view['url'] = "index.php?module=user-users";
3178      }
3179      if(!is_array($view['conditions']))
3180      {
3181          $view['conditions'] = my_unserialize($view['conditions']);
3182      }
3183      if(!is_array($view['fields']))
3184      {
3185          $view['fields'] = my_unserialize($view['fields']);
3186      }
3187      if(!is_array($view['custom_profile_fields']))
3188      {
3189          $view['custom_profile_fields'] = my_unserialize($view['custom_profile_fields']);
3190      }
3191      if(