[ Index ]

PHP Cross Reference of MyBB 1.8.22

title

Body

[close]

/admin/modules/user/ -> users.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  require_once  MYBB_ROOT."inc/functions_upload.php";
  18  
  19  $page->add_breadcrumb_item($lang->users, "index.php?module=user-users");
  20  
  21  if($mybb->input['action'] == "add" || $mybb->input['action'] == "merge" || $mybb->input['action'] == "search" || !$mybb->input['action'])
  22  {
  23      $sub_tabs['browse_users'] = array(
  24          'title' => $lang->browse_users,
  25          'link' => "index.php?module=user-users",
  26          'description' => $lang->browse_users_desc
  27      );
  28  
  29      $sub_tabs['find_users'] = array(
  30          'title' => $lang->find_users,
  31          'link' => "index.php?module=user-users&amp;action=search",
  32          'description' => $lang->find_users_desc
  33      );
  34  
  35      $sub_tabs['create_user'] = array(
  36          'title' => $lang->create_user,
  37          'link' => "index.php?module=user-users&amp;action=add",
  38          'description' => $lang->create_user_desc
  39      );
  40  
  41      $sub_tabs['merge_users'] = array(
  42          'title' => $lang->merge_users,
  43          'link' => "index.php?module=user-users&amp;action=merge",
  44          'description' => $lang->merge_users_desc
  45      );
  46  }
  47  
  48  $user_view_fields = array(
  49      "avatar" => array(
  50          "title" => $lang->avatar,
  51          "width" => "24",
  52          "align" => ""
  53      ),
  54  
  55      "username" => array(
  56          "title" => $lang->username,
  57          "width" => "",
  58          "align" => ""
  59      ),
  60  
  61      "email" => array(
  62          "title" => $lang->email,
  63          "width" => "",
  64          "align" => "center"
  65      ),
  66  
  67      "usergroup" => array(
  68          "title" => $lang->primary_group,
  69          "width" => "",
  70          "align" => "center"
  71      ),
  72  
  73      "additionalgroups" => array(
  74          "title" => $lang->additional_groups,
  75          "width" => "",
  76          "align" => "center"
  77      ),
  78  
  79      "regdate" => array(
  80          "title" => $lang->registered,
  81          "width" => "",
  82          "align" => "center"
  83      ),
  84  
  85      "lastactive" => array(
  86          "title" => $lang->last_active,
  87          "width" => "",
  88          "align" => "center"
  89      ),
  90  
  91      "postnum" => array(
  92          "title" => $lang->post_count,
  93          "width" => "",
  94          "align" => "center"
  95      ),
  96  
  97      "threadnum" => array(
  98          "title" => $lang->thread_count,
  99          "width" => "",
 100          "align" => "center"
 101      ),
 102  
 103      "reputation" => array(
 104          "title" => $lang->reputation,
 105          "width" => "",
 106          "align" => "center"
 107      ),
 108  
 109      "warninglevel" => array(
 110          "title" => $lang->warning_level,
 111          "width" => "",
 112          "align" => "center"
 113      ),
 114  
 115      "regip" => array(
 116          "title" => $lang->registration_ip,
 117          "width" => "",
 118          "align" => "center"
 119      ),
 120  
 121      "lastip" => array(
 122          "title" => $lang->last_known_ip,
 123          "width" => "",
 124          "align" => "center"
 125      ),
 126  
 127      "controls" => array(
 128          "title" => $lang->controls,
 129          "width" => "",
 130          "align" => "center"
 131      )
 132  );
 133  
 134  $sort_options = array(
 135      "username" => $lang->username,
 136      "regdate" => $lang->registration_date,
 137      "lastactive" => $lang->last_active,
 138      "numposts" => $lang->post_count,
 139      "reputation" => $lang->reputation,
 140      "warninglevel" => $lang->warning_level
 141  );
 142  
 143  $plugins->run_hooks("admin_user_users_begin");
 144  
 145  // Initialise the views manager for user based views
 146  require MYBB_ADMIN_DIR."inc/functions_view_manager.php";
 147  if($mybb->input['action'] == "views")
 148  {
 149      view_manager("index.php?module=user-users", "user", $user_view_fields, $sort_options, "user_search_conditions");
 150  }
 151  
 152  if($mybb->input['action'] == 'iplookup')
 153  {
 154      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
 155      $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress']));
 156      $ipaddress_location = $lang->na;
 157      $ipaddress_host_name = $lang->na;
 158      $modcp_ipsearch_misc_info = '';
 159      if(!strstr($mybb->input['ipaddress'], "*"))
 160      {
 161          // Return GeoIP information if it is available to us
 162          if(function_exists('geoip_record_by_name'))
 163          {
 164              $ip_record = @geoip_record_by_name($mybb->input['ipaddress']);
 165              if($ip_record)
 166              {
 167                  $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name']));
 168                  if($ip_record['city'])
 169                  {
 170                      $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city']));
 171                  }
 172              }
 173          }
 174  
 175          $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress']));
 176  
 177          // gethostbyaddr returns the same ip on failure
 178          if($ipaddress_host_name == $mybb->input['ipaddress'])
 179          {
 180              $ipaddress_host_name = $lang->na;
 181          }
 182      }
 183  
 184      ?>
 185      <div class="modal">
 186          <div style="overflow-y: auto; max-height: 400px;">
 187  
 188              <?php
 189  
 190              $table = new Table();
 191  
 192              $table->construct_cell($lang->ipaddress_host_name.":");
 193              $table->construct_cell($ipaddress_host_name);
 194              $table->construct_row();
 195  
 196              $table->construct_cell($lang->ipaddress_location.":");
 197              $table->construct_cell($ipaddress_location);
 198              $table->construct_row();
 199  
 200              $table->output($lang->ipaddress_misc_info);
 201  
 202              ?>
 203          </div>
 204      </div>
 205  <?php
 206  }
 207  
 208  if($mybb->input['action'] == "activate_user")
 209  {
 210      if(!verify_post_check($mybb->input['my_post_key']))
 211      {
 212          flash_message($lang->invalid_post_verify_key2, 'error');
 213          admin_redirect("index.php?module=user-users");
 214      }
 215  
 216      $user = get_user($mybb->input['uid']);
 217  
 218      // Does the user not exist?
 219      if(!$user['uid'] || $user['usergroup'] != 5)
 220      {
 221          flash_message($lang->error_invalid_user, 'error');
 222          admin_redirect("index.php?module=user-users");
 223      }
 224  
 225      $plugins->run_hooks("admin_user_users_coppa_activate");
 226  
 227      $updated_user['usergroup'] = $user['usergroup'];
 228  
 229      // Update
 230      if($user['coppauser'])
 231      {
 232          $updated_user = array(
 233              "coppauser" => 0
 234          );
 235      }
 236      else
 237      {
 238          $db->delete_query("awaitingactivation", "uid='{$user['uid']}'");
 239      }
 240  
 241      // Move out of awaiting activation if they're in it.
 242      if($user['usergroup'] == 5)
 243      {
 244          $updated_user['usergroup'] = 2;
 245      }
 246  
 247      $plugins->run_hooks("admin_user_users_coppa_activate_commit");
 248  
 249      $db->update_query("users", $updated_user, "uid='{$user['uid']}'");
 250  
 251      $cache->update_awaitingactivation();
 252  
 253      $message = $lang->sprintf($lang->email_adminactivateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
 254      my_mail($user['email'], $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']), $message);
 255  
 256      // Log admin action
 257      log_admin_action($user['uid'], $user['username']);
 258  
 259      if($mybb->input['from'] == "home")
 260      {
 261          if($user['coppauser'])
 262          {
 263              $message = $lang->success_coppa_activated;
 264          }
 265          else
 266          {
 267              $message = $lang->success_activated;
 268          }
 269  
 270          update_admin_session('flash_message2', array('message' => $message, 'type' => 'success'));
 271      }
 272      else
 273      {
 274          if($user['coppauser'])
 275          {
 276              flash_message($lang->success_coppa_activated, 'success');
 277          }
 278          else
 279          {
 280              flash_message($lang->success_activated, 'success');
 281          }
 282      }
 283  
 284      if($admin_session['data']['last_users_url'])
 285      {
 286          $url = $admin_session['data']['last_users_url'];
 287          update_admin_session('last_users_url', '');
 288  
 289          if($mybb->input['from'] == "home")
 290          {
 291              update_admin_session('from', 'home');
 292          }
 293      }
 294      else
 295      {
 296          $url = "index.php?module=user-users&action=edit&uid={$user['uid']}";
 297      }
 298  
 299      $plugins->run_hooks("admin_user_users_coppa_end");
 300  
 301      admin_redirect($url);
 302  }
 303  
 304  if($mybb->input['action'] == "add")
 305  {
 306      $plugins->run_hooks("admin_user_users_add");
 307  
 308      if($mybb->request_method == "post")
 309      {
 310          // Determine the usergroup stuff
 311          if(is_array($mybb->input['additionalgroups']))
 312          {
 313              foreach($mybb->input['additionalgroups'] as $key => $gid)
 314              {
 315                  if($gid == $mybb->input['usergroup'])
 316                  {
 317                      unset($mybb->input['additionalgroups'][$key]);
 318                  }
 319              }
 320              $additionalgroups = implode(",", $mybb->input['additionalgroups']);
 321          }
 322          else
 323          {
 324              $additionalgroups = '';
 325          }
 326  
 327          // Set up user handler.
 328          require_once  MYBB_ROOT."inc/datahandlers/user.php";
 329          $userhandler = new UserDataHandler('insert');
 330  
 331          // Set the data for the new user.
 332          $new_user = array(
 333              "uid" => $mybb->input['uid'],
 334              "username" => $mybb->input['username'],
 335              "password" => $mybb->input['password'],
 336              "password2" => $mybb->input['confirm_password'],
 337              "email" => $mybb->input['email'],
 338              "email2" => $mybb->input['email'],
 339              "usergroup" => $mybb->input['usergroup'],
 340              "additionalgroups" => $additionalgroups,
 341              "displaygroup" => $mybb->input['displaygroup'],
 342              "profile_fields" => $mybb->input['profile_fields'],
 343              "profile_fields_editable" => true,
 344          );
 345  
 346          // Set the data of the user in the datahandler.
 347          $userhandler->set_data($new_user);
 348          $errors = '';
 349  
 350          // Validate the user and get any errors that might have occurred.
 351          if(!$userhandler->validate_user())
 352          {
 353              $errors = $userhandler->get_friendly_errors();
 354          }
 355          else
 356          {
 357              $user_info = $userhandler->insert_user();
 358  
 359              $plugins->run_hooks("admin_user_users_add_commit");
 360  
 361              // Log admin action
 362              log_admin_action($user_info['uid'], $user_info['username']);
 363  
 364              flash_message($lang->success_user_created, 'success');
 365              admin_redirect("index.php?module=user-users&action=edit&uid={$user_info['uid']}");
 366          }
 367      }
 368  
 369      // Fetch custom profile fields - only need required profile fields here
 370      $query = $db->simple_select("profilefields", "*", "required=1", array('order_by' => 'disporder'));
 371  
 372      $profile_fields = array();
 373      while($profile_field = $db->fetch_array($query))
 374      {
 375          $profile_fields['required'][] = $profile_field;
 376      }
 377  
 378      $page->add_breadcrumb_item($lang->create_user);
 379      $page->output_header($lang->create_user);
 380  
 381      $form = new Form("index.php?module=user-users&amp;action=add", "post");
 382  
 383      $page->output_nav_tabs($sub_tabs, 'create_user');
 384  
 385      // If we have any error messages, show them
 386      if($errors)
 387      {
 388          $page->output_inline_error($errors);
 389      }
 390      else
 391      {
 392          $mybb->input = array_merge($mybb->input, array('usergroup' => 2));
 393      }
 394  
 395      $form_container = new FormContainer($lang->required_profile_info);
 396      $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', htmlspecialchars_uni($mybb->get_input('username')), array('id' => 'username')), 'username');
 397      $form_container->output_row($lang->password." <em>*</em>", "", $form->generate_password_box('password', $mybb->input['password'], array('id' => 'password', 'autocomplete' => 'off')), 'password');
 398      $form_container->output_row($lang->confirm_password." <em>*</em>", "", $form->generate_password_box('confirm_password', $mybb->input['confirm_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');
 399      $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email');
 400  
 401      $display_group_options[0] = $lang->use_primary_user_group;
 402      $options = array();
 403      $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
 404      while($usergroup = $db->fetch_array($query))
 405      {
 406          $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 407          $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 408      }
 409  
 410      $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 411      $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
 412      $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
 413  
 414      // Output custom profile fields - required
 415      output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form);
 416  
 417      $form_container->end();
 418      $buttons[] = $form->generate_submit_button($lang->save_user);
 419      $form->output_submit_wrapper($buttons);
 420  
 421      $form->end();
 422      $page->output_footer();
 423  }
 424  
 425  if($mybb->input['action'] == "edit")
 426  {
 427      $user = get_user($mybb->input['uid']);
 428  
 429      // Does the user not exist?
 430      if(!$user['uid'])
 431      {
 432          flash_message($lang->error_invalid_user, 'error');
 433          admin_redirect("index.php?module=user-users");
 434      }
 435  
 436      $plugins->run_hooks("admin_user_users_edit");
 437  
 438      if($mybb->request_method == "post")
 439      {
 440          $plugins->run_hooks("admin_user_users_edit_start");
 441          if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))
 442          {
 443              flash_message($lang->error_no_perms_super_admin, 'error');
 444              admin_redirect("index.php?module=user-users");
 445          }
 446  
 447          // Determine the usergroup stuff
 448          if(is_array($mybb->input['additionalgroups']))
 449          {
 450              foreach($mybb->input['additionalgroups'] as $key => $gid)
 451              {
 452                  if($gid == $mybb->input['usergroup'])
 453                  {
 454                      unset($mybb->input['additionalgroups'][$key]);
 455                  }
 456              }
 457              $additionalgroups = implode(",", $mybb->input['additionalgroups']);
 458          }
 459          else
 460          {
 461              $additionalgroups = '';
 462          }
 463  
 464          $returndate = "";
 465          if(!empty($mybb->input['away_day']))
 466          {
 467              $awaydate = TIME_NOW;
 468              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
 469              if(!$mybb->input['away_month'])
 470              {
 471                  $mybb->input['away_month'] = my_date('n', $awaydate);
 472              }
 473              if(!$mybb->input['away_year'])
 474              {
 475                  $mybb->input['away_year'] = my_date('Y', $awaydate);
 476              }
 477  
 478              $return_month = (int)substr($mybb->input['away_month'], 0, 2);
 479              $return_day = (int)substr($mybb->input['away_day'], 0, 2);
 480              $return_year = min($mybb->get_input('away_year', MyBB::INPUT_INT), 9999);
 481  
 482              // Check if return date is after the away date.
 483              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
 484              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
 485              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
 486              {
 487                  $away_in_past = true;
 488              }
 489  
 490              $returndate = "{$return_day}-{$return_month}-{$return_year}";
 491          }
 492  
 493          // Set up user handler.
 494          require_once  MYBB_ROOT."inc/datahandlers/user.php";
 495          $userhandler = new UserDataHandler('update');
 496  
 497          // Set the data for the new user.
 498          $updated_user = array(
 499              "uid" => $mybb->input['uid'],
 500              "username" => $mybb->input['username'],
 501              "email" => $mybb->input['email'],
 502              "email2" => $mybb->input['email'],
 503              "usergroup" => $mybb->input['usergroup'],
 504              "additionalgroups" => $additionalgroups,
 505              "displaygroup" => $mybb->input['displaygroup'],
 506              "postnum" => $mybb->input['postnum'],
 507              "threadnum" => $mybb->input['threadnum'],
 508              "usertitle" => $mybb->input['usertitle'],
 509              "timezone" => $mybb->input['timezone'],
 510              "language" => $mybb->input['language'],
 511              "profile_fields" => $mybb->input['profile_fields'],
 512              "profile_fields_editable" => true,
 513              "website" => $mybb->input['website'],
 514              "icq" => $mybb->input['icq'],
 515              "skype" => $mybb->input['skype'],
 516              "google" => $mybb->input['google'],
 517              "birthday" => array(
 518                  "day" => $mybb->input['bday1'],
 519                  "month" => $mybb->input['bday2'],
 520                  "year" => $mybb->input['bday3']
 521              ),
 522              "style" => $mybb->input['style'],
 523              "signature" => $mybb->input['signature'],
 524              "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT),
 525              "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT),
 526              "usernotes" => $mybb->input['usernotes'],
 527              "away" => array(
 528                  "away" => $mybb->input['away'],
 529                  "date" => TIME_NOW,
 530                  "returndate" => $returndate,
 531                  "awayreason" => $mybb->input['awayreason']
 532              )
 533          );
 534  
 535          if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
 536          {
 537              if($user['coppauser'] == 1)
 538              {
 539                  $updated_user['coppa_user'] = 0;
 540              }
 541          }
 542          if($mybb->input['new_password'])
 543          {
 544              $updated_user['password'] = $mybb->input['new_password'];
 545              $updated_user['password2'] = $mybb->input['confirm_new_password'];
 546          }
 547  
 548          $updated_user['options'] = array(
 549              "allownotices" => $mybb->input['allownotices'],
 550              "hideemail" => $mybb->input['hideemail'],
 551              "subscriptionmethod" => $mybb->input['subscriptionmethod'],
 552              "invisible" => $mybb->input['invisible'],
 553              "dstcorrection" => $mybb->input['dstcorrection'],
 554              "threadmode" => $mybb->input['threadmode'],
 555              "classicpostbit" => $mybb->input['classicpostbit'],
 556              "showimages" => $mybb->input['showimages'],
 557              "showvideos" => $mybb->input['showvideos'],
 558              "showsigs" => $mybb->input['showsigs'],
 559              "showavatars" => $mybb->input['showavatars'],
 560              "showquickreply" => $mybb->input['showquickreply'],
 561              "receivepms" => $mybb->input['receivepms'],
 562              "receivefrombuddy" => $mybb->input['receivefrombuddy'],
 563              "pmnotice" => $mybb->input['pmnotice'],
 564              "daysprune" => $mybb->input['daysprune'],
 565              "showcodebuttons" => $mybb->input['showcodebuttons'],
 566              "sourceeditor" => $mybb->input['sourceeditor'],
 567              "pmnotify" => $mybb->input['pmnotify'],
 568              "buddyrequestspm" => $mybb->input['buddyrequestspm'],
 569              "buddyrequestsauto" => $mybb->input['buddyrequestsauto'],
 570              "showredirect" => $mybb->input['showredirect']
 571          );
 572  
 573          if($mybb->settings['usertppoptions'])
 574          {
 575              $updated_user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT);
 576          }
 577  
 578          if($mybb->settings['userpppoptions'])
 579          {
 580              $updated_user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT);
 581          }
 582  
 583          // Set the data of the user in the datahandler.
 584          $userhandler->set_data($updated_user);
 585          $errors = '';
 586  
 587          // Validate the user and get any errors that might have occurred.
 588          if(!$userhandler->validate_user())
 589          {
 590              $errors = $userhandler->get_friendly_errors();
 591          }
 592          else
 593          {
 594              // Are we removing an avatar from this user?
 595              if($mybb->input['remove_avatar'])
 596              {
 597                  $extra_user_updates = array(
 598                      "avatar" => "",
 599                      "avatardimensions" => "",
 600                      "avatartype" => ""
 601                  );
 602                  remove_avatars($user['uid']);
 603              }
 604  
 605              // Are we uploading a new avatar?
 606              if($_FILES['avatar_upload']['name'])
 607              {
 608                  $avatar = upload_avatar($_FILES['avatar_upload'], $user['uid']);
 609                  if($avatar['error'])
 610                  {
 611                      $errors = array($avatar['error']);
 612                  }
 613                  else
 614                  {
 615                      if($avatar['width'] > 0 && $avatar['height'] > 0)
 616                      {
 617                          $avatar_dimensions = $avatar['width']."|".$avatar['height'];
 618                      }
 619                      $extra_user_updates = array(
 620                          "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
 621                          "avatardimensions" => $avatar_dimensions,
 622                          "avatartype" => "upload"
 623                      );
 624                  }
 625              }
 626              // Are we setting a new avatar from a URL?
 627              else if($mybb->input['avatar_url'] && $mybb->input['avatar_url'] != $user['avatar'])
 628              {
 629                  if(!$mybb->settings['allowremoteavatars'])
 630                  {
 631                      $errors = array($lang->error_remote_avatar_not_allowed);
 632                  }
 633                  else
 634                  {
 635                      if(filter_var($mybb->input['avatar_url'], FILTER_VALIDATE_EMAIL) !== false)
 636                      {
 637                          // Gravatar
 638                          $email = md5(strtolower(trim($mybb->input['avatar_url'])));
 639  
 640                          $s = '';
 641                          if(!$mybb->settings['maxavatardims'])
 642                          {
 643                              $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits
 644                          }
 645  
 646                          // Because Gravatars are square, hijack the width
 647                          list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
 648  
 649                          $s = "?s={$maxwidth}";
 650                          $maxheight = (int)$maxwidth;
 651  
 652                          $extra_user_updates = array(
 653                              "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}",
 654                              "avatardimensions" => "{$maxheight}|{$maxheight}",
 655                              "avatartype" => "gravatar"
 656                          );
 657                      }
 658                      else
 659                      {
 660                          $mybb->input['avatar_url'] = preg_replace("#script:#i", "", $mybb->input['avatar_url']);
 661                          $ext = get_extension($mybb->input['avatar_url']);
 662  
 663                          // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
 664                          $file = fetch_remote_file($mybb->input['avatar_url']);
 665                          if(!$file)
 666                          {
 667                              $avatar_error = $lang->error_invalidavatarurl;
 668                          }
 669                          else
 670                          {
 671                              $tmp_name = "../".$mybb->settings['avataruploadpath']."/remote_".md5(random_str());
 672                              $fp = @fopen($tmp_name, "wb");
 673                              if(!$fp)
 674                              {
 675                                  $avatar_error = $lang->error_invalidavatarurl;
 676                              }
 677                              else
 678                              {
 679                                  fwrite($fp, $file);
 680                                  fclose($fp);
 681                                  list($width, $height, $type) = @getimagesize($tmp_name);
 682                                  @unlink($tmp_name);
 683                                  echo $type;
 684                                  if(!$type)
 685                                  {
 686                                      $avatar_error = $lang->error_invalidavatarurl;
 687                                  }
 688                              }
 689                          }
 690  
 691                          if(empty($avatar_error))
 692                          {
 693                              if($width && $height && $mybb->settings['maxavatardims'] != "")
 694                              {
 695                                  list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
 696                                  if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
 697                                  {
 698                                      $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
 699                                      $avatar_error = $lang->error_avatartoobig;
 700                                  }
 701                              }
 702                          }
 703  
 704                          if(empty($avatar_error))
 705                          {
 706                              if($width > 0 && $height > 0)
 707                              {
 708                                  $avatar_dimensions = (int)$width."|".(int)$height;
 709                              }
 710                              $extra_user_updates = array(
 711                                  "avatar" => $db->escape_string($mybb->input['avatar_url'].'?dateline='.TIME_NOW),
 712                                  "avatardimensions" => $avatar_dimensions,
 713                                  "avatartype" => "remote"
 714                              );
 715                              remove_avatars($user['uid']);
 716                          }
 717                          else
 718                          {
 719                              $errors = array($avatar_error);
 720                          }
 721                      }
 722                  }
 723              }
 724  
 725              // Moderator "Options" (suspend signature, suspend/moderate posting)
 726              $moderator_options = array(
 727                  1 => array(
 728                      "action" => "suspendsignature", // The moderator action we're performing
 729                      "period" => "action_period", // The time period we've selected from the dropdown box
 730                      "time" => "action_time", // The time we've entered
 731                      "update_field" => "suspendsignature", // The field in the database to update if true
 732                      "update_length" => "suspendsigtime" // The length of suspension field in the database
 733                  ),
 734                  2 => array(
 735                      "action" => "moderateposting",
 736                      "period" => "modpost_period",
 737                      "time" => "modpost_time",
 738                      "update_field" => "moderateposts",
 739                      "update_length" => "moderationtime"
 740                  ),
 741                  3 => array(
 742                      "action" => "suspendposting",
 743                      "period" => "suspost_period",
 744                      "time" => "suspost_time",
 745                      "update_field" => "suspendposting",
 746                      "update_length" => "suspensiontime"
 747                  )
 748              );
 749  
 750              require_once  MYBB_ROOT."inc/functions_warnings.php";
 751              foreach($moderator_options as $option)
 752              {
 753                  if(!$mybb->input[$option['action']])
 754                  {
 755                      if($user[$option['update_field']] == 1)
 756                      {
 757                          // We're revoking the suspension
 758                          $extra_user_updates[$option['update_field']] = 0;
 759                          $extra_user_updates[$option['update_length']] = 0;
 760                      }
 761  
 762                      // Skip this option if we haven't selected it
 763                      continue;
 764                  }
 765  
 766                  if($mybb->input[$option['action']])
 767                  {
 768                      if((int)$mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
 769                      {
 770                          // User has selected a type of ban, but not entered a valid time frame
 771                          $string = $option['action']."_error";
 772                          $errors[] = $lang->$string;
 773                      }
 774  
 775                      if(!is_array($errors))
 776                      {
 777                          $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
 778  
 779                          if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
 780                          {
 781                              // We already have a suspension, but entered a new time
 782                              if($suspend_length == "-1")
 783                              {
 784                                  // Permanent ban on action
 785                                  $extra_user_updates[$option['update_length']] = 0;
 786                              }
 787                              elseif($suspend_length && $suspend_length != "-1")
 788                              {
 789                                  // Temporary ban on action
 790                                  $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
 791                              }
 792                          }
 793                          elseif(!$user[$option['update_field']])
 794                          {
 795                              // New suspension for this user... bad user!
 796                              $extra_user_updates[$option['update_field']] = 1;
 797                              if($suspend_length == "-1")
 798                              {
 799                                  $extra_user_updates[$option['update_length']] = 0;
 800                              }
 801                              else
 802                              {
 803                                  $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
 804                              }
 805                          }
 806                      }
 807                  }
 808              }
 809  
 810              if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
 811              {
 812                  $errors[] = $lang->suspendmoderate_error;
 813              }
 814  
 815              if(isset($away_in_past))
 816              {
 817                  $errors[] = $lang->error_acp_return_date_past;
 818              }
 819  
 820              if(!$errors)
 821              {
 822                  $user_info = $userhandler->update_user();
 823  
 824                  $plugins->run_hooks("admin_user_users_edit_commit_start");
 825  
 826                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
 827  
 828                  // if we're updating the user's signature preferences, do so now
 829                  if($mybb->input['update_posts'] == 'enable' || $mybb->input['update_posts'] == 'disable')
 830                  {
 831                      $update_signature = array(
 832                          'includesig' => ($mybb->input['update_posts'] == 'enable' ? 1 : 0)
 833                      );
 834                      $db->update_query("posts", $update_signature, "uid='{$user['uid']}'");
 835                  }
 836  
 837                  $plugins->run_hooks("admin_user_users_edit_commit");
 838  
 839                  if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
 840                  {
 841                      $cache->update_awaitingactivation();
 842                  }
 843  
 844                  // Log admin action
 845                  log_admin_action($user['uid'], $mybb->input['username']);
 846  
 847                  flash_message($lang->success_user_updated, 'success');
 848                  admin_redirect("index.php?module=user-users");
 849              }
 850              $plugins->run_hooks("admin_user_users_edit_end");
 851          }
 852      }
 853  
 854      if(!$errors)
 855      {
 856          $user['usertitle'] = htmlspecialchars_decode($user['usertitle']);
 857          $mybb->input = array_merge($mybb->input, $user);
 858  
 859          $options = array(
 860              'bday1', 'bday2', 'bday3',
 861              'new_password', 'confirm_new_password',
 862              'action_time', 'action_period',
 863              'modpost_period', 'moderateposting', 'modpost_time', 'suspost_period', 'suspost_time'
 864          );
 865  
 866          foreach($options as $option)
 867          {
 868              if(!isset($input_user[$option]))
 869              {
 870                  $mybb->input[$option] = '';
 871              }
 872          }
 873  
 874          // We need to fetch this users profile field values
 875          $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
 876          $mybb->input['profile_fields'] = $db->fetch_array($query);
 877      }
 878  
 879      if($mybb->input['bday1'] || $mybb->input['bday2'] || $mybb->input['bday3'])
 880      {
 881          $mybb->input['bday'][0] = $mybb->input['bday1'];
 882          $mybb->input['bday'][1] = $mybb->input['bday2'];
 883          $mybb->input['bday'][2] = $mybb->get_input('bday3', MyBB::INPUT_INT);
 884      }
 885      else
 886      {
 887          $mybb->input['bday'] = array(0, 0, '');
 888  
 889          if($user['birthday'])
 890          {
 891              $mybb->input['bday'] = explode('-', $user['birthday']);
 892          }
 893      }
 894  
 895      if($mybb->input['away_day'] || $mybb->input['away_month'] || $mybb->input['away_year'])
 896      {
 897          $mybb->input['away_year'] = $mybb->get_input('away_year', MyBB::INPUT_INT);
 898      }
 899      else
 900      {
 901          $mybb->input['away_day'] = 0;
 902          $mybb->input['away_month'] = 0;
 903          $mybb->input['away_year'] = '';
 904  
 905          if($user['returndate'])
 906          {
 907              list($mybb->input['away_day'], $mybb->input['away_month'], $mybb->input['away_year']) = explode('-', $user['returndate']);
 908          }
 909      }
 910  
 911      // Fetch custom profile fields
 912      $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder'));
 913  
 914      $profile_fields = array();
 915      while($profile_field = $db->fetch_array($query))
 916      {
 917          if($profile_field['required'] == 1)
 918          {
 919              $profile_fields['required'][] = $profile_field;
 920          }
 921          else
 922          {
 923              $profile_fields['optional'][] = $profile_field;
 924          }
 925      }
 926  
 927      $page->add_breadcrumb_item($lang->edit_user.": ".htmlspecialchars_uni($user['username']));
 928  
 929      $page->extra_header .= <<<EOF
 930  
 931      <link rel="stylesheet" href="../jscripts/sceditor/themes/mybb.css" type="text/css" media="all" />
 932      <script type="text/javascript" src="../jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1822"></script>
 933      <script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1822"></script>
 934      <script type="text/javascript" src="../jscripts/sceditor/plugins/undo.js?ver=1805"></script>
 935  EOF;
 936      $page->output_header($lang->edit_user);
 937  
 938      $sub_tabs['edit_user'] = array(
 939          'title' => $lang->edit_user,
 940          'description' => $lang->edit_user_desc
 941      );
 942  
 943      $form = new Form("index.php?module=user-users&amp;action=edit&amp;uid={$user['uid']}", "post", "", 1);
 944  
 945      $page->output_nav_tabs($sub_tabs, 'edit_user');
 946  
 947      // If we have any error messages, show them
 948      if($errors)
 949      {
 950          $page->output_inline_error($errors);
 951      }
 952  
 953      // Is this user a COPPA user? We show a warning & activate link
 954      if($user['coppauser'])
 955      {
 956          echo $lang->sprintf($lang->warning_coppa_user, $user['uid'], $mybb->post_code);
 957      }
 958  
 959      $tabs = array(
 960          "overview" => $lang->overview,
 961          "profile" => $lang->profile,
 962          "settings" => $lang->account_settings,
 963          "signature" => $lang->signature,
 964          "avatar" => $lang->avatar,
 965          "modoptions" => $lang->mod_options
 966      );
 967      $tabs = $plugins->run_hooks("admin_user_users_edit_graph_tabs", $tabs);
 968      $page->output_tab_control($tabs);
 969  
 970      //
 971      // OVERVIEW
 972      //
 973      echo "<div id=\"tab_overview\">\n";
 974      $table = new Table;
 975      $table->construct_header($lang->avatar, array('class' => 'align_center'));
 976      $table->construct_header($lang->general_account_stats, array('colspan' => '2', 'class' => 'align_center'));
 977  
 978      // Avatar
 979      $avatar_dimensions = preg_split('/[|x]/', $user['avatardimensions']);
 980      if($user['avatardimensions'])
 981      {
 982          require_once  MYBB_ROOT."inc/functions_image.php";
 983          list($width, $height) = preg_split('/[|x]/', $user['avatardimensions']);
 984          $scaled_dimensions = scale_image($width, $height, 120, 120);
 985      }
 986      else
 987      {
 988          $scaled_dimensions = array(
 989              "width" => 120,
 990              "height" => 120
 991          );
 992      }
 993      if($user['avatar'] && (my_strpos($user['avatar'], '://') === false || $mybb->settings['allowremoteavatars']))
 994      {
 995          if(!my_validate_url($user['avatar']))
 996          {
 997              $avatar = format_avatar($user['avatar'], $user['avatardimensions']);
 998              $user['avatar'] = $avatar['image'];
 999          }
1000      }
1001      else
1002      {
1003          if(my_validate_url($mybb->settings['useravatar']))
1004          {
1005              $user['avatar'] = str_replace('{theme}', 'images', $mybb->settings['useravatar']);
1006          }
1007          else
1008          {
1009              $user['avatar'] = "../".str_replace('{theme}', 'images', $mybb->settings['useravatar']);
1010          }
1011      }
1012      $avatar_top = ceil((126-$scaled_dimensions['height'])/2);
1013      $last_seen = max(array($user['lastactive'], $user['lastvisit']));
1014      if(!empty($last_seen))
1015      {
1016          $last_active = my_date('relative', $last_seen);
1017      }
1018      else
1019      {
1020          $last_active = $lang->never;
1021      }
1022      $reg_date = my_date('relative', $user['regdate']);
1023      if($user['dst'] == 1)
1024      {
1025          $timezone = (float)$user['timezone']+1;
1026      }
1027      else
1028      {
1029          $timezone = (float)$user['timezone'];
1030      }
1031      $local_date = gmdate($mybb->settings['dateformat'], TIME_NOW + ($timezone * 3600));
1032      $local_time = gmdate($mybb->settings['timeformat'], TIME_NOW + ($timezone * 3600));
1033  
1034      $localtime = $lang->sprintf($lang->local_time_format, $local_date, $local_time);
1035      $days_registered = (TIME_NOW - $user['regdate']) / (24*3600);
1036      $posts_per_day = 0;
1037      if($days_registered > 0)
1038      {
1039          $posts_per_day = round($user['postnum'] / $days_registered, 2);
1040          if($posts_per_day > $user['postnum'])
1041          {
1042              $posts_per_day = $user['postnum'];
1043          }
1044      }
1045      $posts_per_day = my_number_format($posts_per_day);
1046  
1047      $stats = $cache->read("stats");
1048      $posts = $stats['numposts'];
1049      if($posts == 0)
1050      {
1051          $percent_posts = "0";
1052      }
1053      else
1054      {
1055          $percent_posts = round($user['postnum']*100/$posts, 2);
1056      }
1057  
1058      $user_permissions = user_permissions($user['uid']);
1059  
1060      // Fetch the reputation for this user
1061      if($user_permissions['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
1062      {
1063          $reputation = get_reputation($user['reputation']);
1064      }
1065      else
1066      {
1067          $reputation = "-";
1068      }
1069  
1070      if($mybb->settings['enablewarningsystem'] != 0 && $user_permissions['canreceivewarnings'] != 0)
1071      {
1072          if($mybb->settings['maxwarningpoints'] < 1)
1073          {
1074              $mybb->settings['maxwarningpoints'] = 10;
1075          }
1076  
1077          $warning_level = round($user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
1078          if($warning_level > 100)
1079          {
1080              $warning_level = 100;
1081          }
1082          $warning_level = get_colored_warning_level($warning_level);
1083      }
1084  
1085      $age = $lang->na;
1086      if($user['birthday'])
1087      {
1088          $age = get_age($user['birthday']);
1089      }
1090  
1091      $postnum = my_number_format($user['postnum']);
1092  
1093      $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" style=\"margin-top: {$avatar_top}px\" width=\"{$scaled_dimensions['width']}\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('rowspan' => 6, 'width' => 1));
1094      $table->construct_cell("<strong>{$lang->email_address}:</strong> <a href=\"mailto:".htmlspecialchars_uni($user['email'])."\">".htmlspecialchars_uni($user['email'])."</a>");
1095      $table->construct_cell("<strong>{$lang->last_active}:</strong> {$last_active}");
1096      $table->construct_row();
1097      $table->construct_cell("<strong>{$lang->registration_date}:</strong> {$reg_date}");
1098      $table->construct_cell("<strong>{$lang->local_time}:</strong> {$localtime}");
1099      $table->construct_row();
1100      $table->construct_cell("<strong>{$lang->posts}:</strong> {$postnum}");
1101      $table->construct_cell("<strong>{$lang->age}:</strong> {$age}");
1102      $table->construct_row();
1103      $table->construct_cell("<strong>{$lang->posts_per_day}:</strong> {$posts_per_day}");
1104      $table->construct_cell("<strong>{$lang->reputation}:</strong> {$reputation}");
1105      $table->construct_row();
1106      $table->construct_cell("<strong>{$lang->percent_of_total_posts}:</strong> {$percent_posts}");
1107      $table->construct_cell("<strong>{$lang->warning_level}:</strong> {$warning_level}");
1108      $table->construct_row();
1109      $table->construct_cell("<strong>{$lang->registration_ip}:</strong> ".my_inet_ntop($db->unescape_binary($user['regip'])));
1110      $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> ".my_inet_ntop($db->unescape_binary($user['lastip'])));
1111      $table->construct_row();
1112  
1113      $username = htmlspecialchars_uni($user['username']);
1114      $table->output("{$lang->user_overview}: {$username}");
1115      $plugins->run_hooks("admin_user_users_edit_overview");
1116      echo "</div>\n";
1117  
1118      //
1119      // PROFILE
1120      //
1121      echo "<div id=\"tab_profile\">\n";
1122  
1123      $form_container = new FormContainer($lang->required_profile_info.": ".htmlspecialchars_uni($user['username']));
1124      $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
1125      $form_container->output_row($lang->new_password, $lang->new_password_desc, $form->generate_password_box('new_password', $mybb->input['new_password'], array('id' => 'new_password', 'autocomplete' => 'off')), 'new_password');
1126      $form_container->output_row($lang->confirm_new_password, $lang->new_password_desc, $form->generate_password_box('confirm_new_password', $mybb->input['confirm_new_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');
1127      $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email');
1128  
1129      $display_group_options[0] = $lang->use_primary_user_group;
1130      $options = array();
1131      $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
1132      while($usergroup = $db->fetch_array($query))
1133      {
1134          $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
1135          $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
1136      }
1137  
1138      if(!is_array($mybb->input['additionalgroups']))
1139      {
1140          $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
1141      }
1142  
1143      $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
1144      $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
1145      $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
1146      $form_container->output_row($lang->post_count." <em>*</em>", "", $form->generate_numeric_field('postnum', $mybb->input['postnum'], array('id' => 'postnum', 'min' => 0)), 'postnum');
1147      $form_container->output_row($lang->thread_count." <em>*</em>", "", $form->generate_numeric_field('threadnum', $mybb->input['threadnum'], array('id' => 'threadnum', 'min' => 0)), 'threadnum');
1148  
1149      // Output custom profile fields - required
1150      if(!isset($profile_fields['required']))
1151      {
1152          $profile_fields['required'] = array();
1153      }
1154      output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form);
1155  
1156      $form_container->end();
1157  
1158      $form_container = new FormContainer($lang->optional_profile_info.': '.htmlspecialchars_uni($user['username']));
1159      $form_container->output_row($lang->custom_user_title, $lang->custom_user_title_desc, $form->generate_text_box('usertitle', $mybb->input['usertitle'], array('id' => 'usertitle')), 'usertitle');
1160      $form_container->output_row($lang->website, "", $form->generate_text_box('website', $mybb->input['website'], array('id' => 'website')), 'website');
1161      $form_container->output_row($lang->icq_number, "", $form->generate_numeric_field('icq', $mybb->input['icq'], array('id' => 'icq', 'min' => 0)), 'icq');
1162      $form_container->output_row($lang->skype_handle, "", $form->generate_text_box('skype', $mybb->input['skype'], array('id' => 'skype')), 'skype');
1163      $form_container->output_row($lang->google_handle, "", $form->generate_text_box('google', $mybb->input['google'], array('id' => 'google')), 'google');
1164  
1165      // Birthday
1166      $birthday_days = array(0 => '');
1167      for($i = 1; $i <= 31; $i++)
1168      {
1169          $birthday_days[$i] = $i;
1170      }
1171  
1172      $birthday_months = array(
1173          0 => '',
1174          1 => $lang->january,
1175          2 => $lang->february,
1176          3 => $lang->march,
1177          4 => $lang->april,
1178          5 => $lang->may,
1179          6 => $lang->june,
1180          7 => $lang->july,
1181          8 => $lang->august,
1182          9 => $lang->september,
1183          10 => $lang->october,
1184          11 => $lang->november,
1185          12 => $lang->december
1186      );
1187  
1188      $birthday_row = $form->generate_select_box('bday1', $birthday_days, $mybb->input['bday'][0], array('id' => 'bday_day'));
1189      $birthday_row .= ' '.$form->generate_select_box('bday2', $birthday_months, $mybb->input['bday'][1], array('id' => 'bday_month'));
1190      $birthday_row .= ' '.$form->generate_numeric_field('bday3', $mybb->input['bday'][2], array('id' => 'bday_year', 'style' => 'width: 4em;', 'min' => 0));
1191  
1192      $form_container->output_row($lang->birthday, "", $birthday_row, 'birthday');
1193  
1194      // Output custom profile fields - optional
1195      output_custom_profile_fields($profile_fields['optional'], $mybb->input['profile_fields'], $form_container, $form);
1196  
1197      $form_container->end();
1198  
1199  
1200      if($mybb->settings['allowaway'] != 0)
1201      {
1202          $form_container = new FormContainer($lang->away_information.': '.htmlspecialchars_uni($user['username']));
1203          $awaycheck = array(false, true);
1204          if($mybb->input['away'] == 1)
1205          {
1206              $awaycheck = array(true, false);
1207          }
1208          $form_container->output_row($lang->away_status, $lang->away_status_desc, $form->generate_radio_button('away', 1, $lang->im_away, array('id' => 'away', "checked" => $awaycheck[0]))." ".$form->generate_radio_button('away', 0, $lang->im_here, array('id' => 'away2', "checked" => $awaycheck[1])), 'away');
1209          $form_container->output_row($lang->away_reason, $lang->away_reason_desc, $form->generate_text_box('awayreason', $mybb->input['awayreason'], array('id' => 'awayreason')), 'awayreason');
1210  
1211          //Return date (we can use the arrays from birthday)
1212          $return_row = $form->generate_select_box('away_day', $birthday_days, $mybb->input['away_day'], array('id' => 'away_day'));
1213          $return_row .= ' '.$form->generate_select_box('away_month', $birthday_months, $mybb->input['away_month'], array('id' => 'away_month'));
1214          $return_row .= ' '.$form->generate_numeric_field('away_year', $mybb->input['away_year'], array('id' => 'away_year', 'style' => 'width: 4em;', 'min' => 0));
1215  
1216          $form_container->output_row($lang->return_date, $lang->return_date_desc, $return_row, 'away_date');
1217  
1218          $form_container->end();
1219      }
1220  
1221      $plugins->run_hooks("admin_user_users_edit_profile");
1222      echo "</div>\n";
1223  
1224      //
1225      // ACCOUNT SETTINGS
1226      //
1227  
1228      echo "<div id=\"tab_settings\">\n";
1229      $form_container = new FormContainer($lang->account_settings.': '.htmlspecialchars_uni($user['username']));
1230      $login_options = array(
1231          $form->generate_check_box("invisible", 1, $lang->hide_from_whos_online, array("checked" => $mybb->input['invisible'])),
1232      );
1233      $form_container->output_row($lang->login_cookies_privacy, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $login_options)."</div>");
1234  
1235      if($mybb->input['pmnotice'] > 1)
1236      {
1237          $mybb->input['pmnotice'] = 1;
1238      }
1239  
1240      $messaging_options = array(
1241          $form->generate_check_box("allownotices", 1, $lang->recieve_admin_emails, array("checked" => $mybb->input['allownotices'])),
1242          $form->generate_check_box("hideemail", 1, $lang->hide_email_from_others, array("checked" => $mybb->input['hideemail'])),
1243          $form->generate_check_box("receivepms", 1, $lang->recieve_pms_from_others, array("checked" => $mybb->input['receivepms'])),
1244          $form->generate_check_box("receivefrombuddy", 1, $lang->recieve_pms_from_buddy, array("checked" => $mybb->input['receivefrombuddy'])),
1245          $form->generate_check_box("pmnotice", 1, $lang->alert_new_pms, array("checked" => $mybb->input['pmnotice'])),
1246          $form->generate_check_box("pmnotify", 1, $lang->email_notify_new_pms, array("checked" => $mybb->input['pmnotify'])),
1247          $form->generate_check_box("buddyrequestspm", 1, $lang->buddy_requests_pm, array("checked" => $mybb->input['buddyrequestspm'])),
1248          $form->generate_check_box("buddyrequestsauto", 1, $lang->buddy_requests_auto, array("checked" => $mybb->input['buddyrequestsauto'])),
1249          "<label for=\"subscriptionmethod\">{$lang->default_thread_subscription_mode}:</label><br />".$form->generate_select_box("subscriptionmethod", array($lang->do_not_subscribe, $lang->no_notification, $lang->instant_email_notification, $lang->instant_pm_notification), $mybb->input['subscriptionmethod'], array('id' => 'subscriptionmethod'))
1250      );
1251  
1252      // Allow plugins to add messaging options
1253      $messaging_options = $plugins->run_hooks('admin_user_users_edit_messaging_options', $messaging_options);
1254  
1255      // Output messaging options
1256      $form_container->output_row($lang->messaging_and_notification, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $messaging_options)."</div>");
1257  
1258      $date_format_options = array($lang->use_default);
1259      foreach($date_formats as $key => $format)
1260      {
1261          $date_format_options[$key] = my_date($format, TIME_NOW, "", 0);
1262      }
1263  
1264      $time_format_options = array($lang->use_default);
1265      foreach($time_formats as $key => $format)
1266      {
1267          $time_format_options[$key] = my_date($format, TIME_NOW, "", 0);
1268      }
1269  
1270      $date_options = array(
1271          "<label for=\"dateformat\">{$lang->date_format}:</label><br />".$form->generate_select_box("dateformat", $date_format_options, $mybb->input['dateformat'], array('id' => 'dateformat')),
1272          "<label for=\"dateformat\">{$lang->time_format}:</label><br />".$form->generate_select_box("timeformat", $time_format_options, $mybb->input['timeformat'], array('id' => 'timeformat')),
1273          "<label for=\"timezone\">{$lang->time_zone}:</label><br />".build_timezone_select("timezone", $mybb->input['timezone']),
1274          "<label for=\"dstcorrection\">{$lang->daylight_savings_time_correction}:</label><br />".$form->generate_select_box("dstcorrection", array(2 => $lang->automatically_detect, 1 => $lang->always_use_dst_correction, 0 => $lang->never_use_dst_correction), $mybb->input['dstcorrection'], array('id' => 'dstcorrection'))
1275      );
1276  
1277      // Allow plugins to add date options
1278      $date_options = $plugins->run_hooks('admin_user_users_edit_date_options', $date_options);
1279  
1280      // Output date options
1281      $form_container->output_row($lang->date_and_time_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $date_options)."</div>");
1282  
1283  
1284      $tpp_options = array($lang->use_default);
1285      if($mybb->settings['usertppoptions'])
1286      {
1287          $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
1288          if(is_array($explodedtpp))
1289          {
1290              foreach($explodedtpp as $tpp)
1291              {
1292                  if($tpp <= 0) continue;
1293                  $tpp_options[$tpp] = $tpp;
1294              }
1295          }
1296      }
1297  
1298      $thread_age_options = array(
1299          0 => $lang->use_default,
1300          1 => $lang->show_threads_last_day,
1301          5 => $lang->show_threads_last_5_days,
1302          10 => $lang->show_threads_last_10_days,
1303          20 => $lang->show_threads_last_20_days,
1304          50 => $lang->show_threads_last_50_days,
1305          75 => $lang->show_threads_last_75_days,
1306          100 => $lang->show_threads_last_100_days,
1307          365 => $lang->show_threads_last_year,
1308          9999 => $lang->show_all_threads
1309      );
1310  
1311      $forum_options = array(
1312          "<label for=\"tpp\">{$lang->threads_per_page}:</label><br />".$form->generate_select_box("tpp", $tpp_options, $mybb->input['tpp'], array('id' => 'tpp')),
1313          "<label for=\"daysprune\">{$lang->default_thread_age_view}:</label><br />".$form->generate_select_box("daysprune", $thread_age_options, $mybb->input['daysprune'], array('id' => 'daysprune'))
1314      );
1315  
1316      // Allow plugins to add forum options
1317      $forum_options = $plugins->run_hooks('admin_user_users_edit_forum_options', $forum_options);
1318  
1319      // Output forum options
1320      $form_container->output_row($lang->forum_display_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $forum_options)."</div>");
1321  
1322      $ppp_options = array($lang->use_default);
1323      if($mybb->settings['userpppoptions'])
1324      {
1325          $explodedppp = explode(",", $mybb->settings['userpppoptions']);
1326          if(is_array($explodedppp))
1327          {
1328              foreach($explodedppp as $ppp)
1329              {
1330                  if($ppp <= 0) continue;
1331                  $ppp_options[$ppp] = $ppp;
1332              }
1333          }
1334      }
1335  
1336      $thread_options = array(
1337          $form->generate_check_box("classicpostbit", 1, $lang->show_classic_postbit, array("checked" => $mybb->input['classicpostbit'])),
1338          $form->generate_check_box("showimages", 1, $lang->display_images, array("checked" => $mybb->input['showimages'])),
1339          $form->generate_check_box("showvideos", 1, $lang->display_videos, array("checked" => $mybb->input['showvideos'])),
1340          $form->generate_check_box("showsigs", 1, $lang->display_users_sigs, array("checked" => $mybb->input['showsigs'])),
1341          $form->generate_check_box("showavatars", 1, $lang->display_users_avatars, array("checked" => $mybb->input['showavatars'])),
1342          $form->generate_check_box("showquickreply", 1, $lang->show_quick_reply, array("checked" => $mybb->input['showquickreply'])),
1343          "<label for=\"ppp\">{$lang->posts_per_page}:</label><br />".$form->generate_select_box("ppp", $ppp_options, $mybb->input['ppp'], array('id' => 'ppp')),
1344          "<label for=\"threadmode\">{$lang->default_thread_view_mode}:</label><br />".$form->generate_select_box("threadmode", array("" => $lang->use_default, "linear" => $lang->linear_mode, "threaded" => $lang->threaded_mode), $mybb->input['threadmode'], array('id' => 'threadmode'))
1345      );
1346  
1347      // Allow plugins to add thread options
1348      $thread_options = $plugins->run_hooks('admin_user_users_edit_thread_options', $thread_options);
1349  
1350      // Output thread options
1351      $form_container->output_row($lang->thread_view_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $thread_options)."</div>");
1352  
1353      $languages = array_merge(array('' => $lang->use_default), $lang->get_languages());
1354  
1355      $other_options = array(
1356          $form->generate_check_box("showredirect", 1, $lang->show_redirect, array("checked" => $mybb->input['showredirect'])),
1357          $form->generate_check_box("showcodebuttons", "1", $lang->show_code_buttons, array("checked" => $mybb->input['showcodebuttons'])),
1358          $form->generate_check_box("sourceeditor", "1", $lang->source_editor, array("checked" => $mybb->input['sourceeditor'])),
1359          "<label for=\"style\">{$lang->theme}:</label><br />".build_theme_select("style", $mybb->input['style'], 0, "", true, false, true),
1360          "<label for=\"language\">{$lang->board_language}:</label><br />".$form->generate_select_box("language", $languages, $mybb->input['language'], array('id' => 'language'))
1361      );
1362  
1363      // Allow plugins to add other options
1364      $other_options = $plugins->run_hooks('admin_user_users_edit_other_options', $other_options);
1365  
1366      // Output other options
1367      $form_container->output_row($lang->other_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $other_options)."</div>");
1368  
1369      $form_container->end();
1370      $plugins->run_hooks("admin_user_users_edit_settings");
1371      echo "</div>\n";
1372  
1373      //
1374      // SIGNATURE EDITOR
1375      //
1376      $signature_editor = $form->generate_text_area("signature", $mybb->input['signature'], array('id' => 'signature', 'rows' => 15, 'cols' => '70', 'style' => 'height: 250px; width: 95%'));
1377      $sig_smilies = $lang->off;
1378      if($mybb->settings['sigsmilies'] == 1)
1379      {
1380          $sig_smilies = $lang->on;
1381      }
1382      $sig_mycode = $lang->off;
1383      if($mybb->settings['sigmycode'] == 1)
1384      {
1385          $sig_mycode = $lang->on;
1386          $signature_editor .= build_mycode_inserter("signature");
1387      }
1388      $sig_html = $lang->off;
1389      if($mybb->settings['sightml'] == 1)
1390      {
1391          $sig_html = $lang->on;
1392      }
1393      $sig_imgcode = $lang->off;
1394      if($mybb->settings['sigimgcode'] == 1)
1395      {
1396          $sig_imgcode = $lang->on;
1397      }
1398      echo "<div id=\"tab_signature\">\n";
1399      $form_container = new FormContainer($lang->signature.': '.htmlspecialchars_uni($user['username']));
1400      $form_container->output_row($lang->signature, $lang->sprintf($lang->signature_desc, $sig_mycode, $sig_smilies, $sig_imgcode, $sig_html), $signature_editor, 'signature');
1401  
1402      $periods = array(
1403          "hours" => $lang->expire_hours,
1404          "days" => $lang->expire_days,
1405          "weeks" => $lang->expire_weeks,
1406          "months" => $lang->expire_months,
1407          "never" => $lang->expire_permanent
1408      );
1409  
1410      // Are we already suspending the signature?
1411      if($mybb->input['suspendsignature'])
1412      {
1413          $sig_checked = 1;
1414  
1415          // Display how much time is left on the ban for the user to extend it
1416          if($user['suspendsigtime'] == "0")
1417          {
1418              // Permanent
1419              $lang->suspend_expire_info = $lang->suspend_sig_perm;
1420          }
1421          else
1422          {
1423              // There's a limit to the suspension!
1424              $remaining = $user['suspendsigtime']-TIME_NOW;
1425              $expired = nice_time($remaining, array('seconds' => false));
1426  
1427              $color = 'inherit';
1428              if($remaining < 3600)
1429              {
1430                  $color = 'red';
1431              }
1432              elseif($remaining < 86400)
1433              {
1434                  $color = 'maroon';
1435              }
1436              elseif($remaining < 604800)
1437              {
1438                  $color = 'green';
1439              }
1440  
1441              $lang->suspend_expire_info = $lang->sprintf($lang->suspend_expire_info, $expired, $color);
1442          }
1443          $user_suspend_info = '
1444                  <tr>
1445                      <td colspan="2">'.$lang->suspend_expire_info.'<br />'.$lang->suspend_sig_extend.'</td>
1446                  </tr>';
1447      }
1448      else
1449      {
1450          $sig_checked = 0;
1451          $user_suspend_info = '';
1452      }
1453  
1454      $actions = '
1455      <script type="text/javascript">
1456      <!--
1457          var sig_checked = "'.$sig_checked.'";
1458  
1459  		function toggleAction()
1460          {
1461              if($("#suspend_action").is(\':visible\'))
1462              {
1463                  $("#suspend_action").hide();
1464              }
1465              else
1466              {
1467                  $("#suspend_action").show();
1468              }
1469          }
1470      // -->
1471      </script>
1472  
1473      <dl style="margin-top: 0; margin-bottom: 0; width: 100%;">
1474          <dt>'.$form->generate_check_box("suspendsignature", 1, $lang->suspend_sig_box, array('checked' => $sig_checked, 'onclick' => 'toggleAction();')).'</dt>
1475          <dd style="margin-top: 4px;" id="suspend_action" class="actions">
1476              <table cellpadding="4">'.$user_suspend_info.'
1477                  <tr>
1478                      <td width="30%"><small>'.$lang->expire_length.'</small></td>
1479                      <td>'.$form->generate_numeric_field('action_time', $mybb->input['action_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$form->generate_select_box('action_period', $periods, $mybb->input['action_period']).'</td>
1480                  </tr>
1481              </table>
1482          </dd>
1483      </dl>
1484  
1485      <script type="text/javascript">
1486      <!--
1487          if(sig_checked == 0)
1488          {
1489              $("#suspend_action").hide();
1490          }
1491      // -->
1492      </script>';
1493  
1494      $form_container->output_row($lang->suspend_sig, $lang->suspend_sig_info, $actions);
1495  
1496      $signature_options = array(
1497          $form->generate_radio_button("update_posts", "enable", $lang->enable_sig_in_all_posts, array("checked" => 0)),
1498          $form->generate_radio_button("update_posts", "disable", $lang->disable_sig_in_all_posts, array("checked" => 0)),
1499          $form->generate_radio_button("update_posts", "no", $lang->do_nothing, array("checked" => 1))
1500      );
1501  
1502      $form_container->output_row($lang->signature_preferences, "", implode("<br />", $signature_options));
1503  
1504      $form_container->end();
1505      $plugins->run_hooks("admin_user_users_edit_signatur");
1506      echo "</div>\n";
1507  
1508      //
1509      // AVATAR MANAGER
1510      //
1511      echo "<div id=\"tab_avatar\">\n";
1512      $table = new Table;
1513      $table->construct_header($lang->current_avatar, array('colspan' => 2));
1514  
1515      $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" width=\"{$scaled_dimensions['width']}\" style=\"margin-top: {$avatar_top}px\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('width' => 1));
1516  
1517      $avatar_url = '';
1518      if($user['avatartype'] == "upload" || stristr($user['avatar'], $mybb->settings['avataruploadpath']))
1519      {
1520          $current_avatar_msg = "<br /><strong>{$lang->user_current_using_uploaded_avatar}</strong>";
1521      }
1522      elseif($user['avatartype'] == "remote" || my_validate_url($user['avatar']))
1523      {
1524          $current_avatar_msg = "<br /><strong>{$lang->user_current_using_remote_avatar}</strong>";
1525          $avatar_url = $user['avatar'];
1526      }
1527  
1528      if($errors)
1529      {
1530          $avatar_url = htmlspecialchars_uni($mybb->input['avatar_url']);
1531      }
1532  
1533      if($mybb->settings['maxavatardims'] != "")
1534      {
1535          list($max_width, $max_height) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
1536          $max_size = "<br />{$lang->max_dimensions_are} {$max_width}x{$max_height}";
1537      }
1538  
1539      if($mybb->settings['avatarsize'])
1540      {
1541          $maximum_size = get_friendly_size($mybb->settings['avatarsize']*1024);
1542          $max_size .= "<br />{$lang->avatar_max_size} {$maximum_size}";
1543      }
1544  
1545      if($user['avatar'])
1546      {
1547          $remove_avatar = "<br /><br />".$form->generate_check_box("remove_avatar", 1, "<strong>{$lang->remove_avatar}</strong>");
1548      }
1549  
1550      $table->construct_cell($lang->avatar_desc."{$remove_avatar}<br /><small>{$max_size}</small>");
1551      $table->construct_row();
1552  
1553      $table->output($lang->avatar.': '.htmlspecialchars_uni($user['username']));
1554  
1555      // Custom avatar
1556      if($mybb->settings['avatarresizing'] == "auto")
1557      {
1558          $auto_resize = $lang->avatar_auto_resize;
1559      }
1560      else if($mybb->settings['avatarresizing'] == "user")
1561      {
1562          $auto_resize = "<input type=\"checkbox\" name=\"auto_resize\" value=\"1\" checked=\"checked\" id=\"auto_resize\" /> <label for=\"auto_resize\">{$lang->attempt_to_auto_resize}</label></span>";
1563      }
1564      $form_container = new FormContainer($lang->specify_custom_avatar);
1565      $form_container->output_row($lang->upload_avatar, $auto_resize, $form->generate_file_upload_box('avatar_upload', array('id' => 'avatar_upload')), 'avatar_upload');
1566      if($mybb->settings['allowremoteavatars'])
1567      {
1568          $form_container->output_row($lang->or_specify_avatar_url, "", $form->generate_text_box('avatar_url', $avatar_url, array('id' => 'avatar_url')), 'avatar_url');
1569      }
1570      $form_container->end();
1571      $plugins->run_hooks("admin_user_users_edit_avatar");
1572      echo "</div>\n";
1573  
1574      //
1575      // MODERATOR OPTIONS
1576      //
1577      $periods = array(
1578          "hours" => $lang->expire_hours,
1579          "days" => $lang->expire_days,
1580          "weeks" => $lang->expire_weeks,
1581          "months" => $lang->expire_months,
1582          "never" => $lang->expire_permanent
1583      );
1584  
1585      echo "<div id=\"tab_modoptions\">\n";
1586      $form_container = new FormContainer($lang->mod_options.': '.htmlspecialchars_uni($user['username']));
1587      $form_container->output_row($lang->user_notes, '', $form->generate_text_area('usernotes', $mybb->input['usernotes'], array('id' => 'usernotes')), 'usernotes');
1588  
1589      // Mod posts
1590      // Generate check box
1591      $modpost_options = $form->generate_select_box('modpost_period', $periods, $mybb->input['modpost_period'], array('id' => 'modpost_period'));
1592  
1593      // Do we have any existing suspensions here?
1594      $existing_info = '';
1595      if($user['moderateposts'] || ($mybb->input['moderateposting'] && !empty($errors)))
1596      {
1597          $mybb->input['moderateposting'] = 1;
1598          if($user['moderationtime'] != 0)
1599          {
1600              $remaining = $user['moderationtime']-TIME_NOW;
1601              $expired = nice_time($remaining, array('seconds' => false));
1602  
1603              $color = 'inherit';
1604              if($remaining < 3600)
1605              {
1606                  $color = 'red';
1607              }
1608              elseif($remaining < 86400)
1609              {
1610                  $color = 'maroon';
1611              }
1612              elseif($remaining < 604800)
1613              {
1614                  $color = 'green';
1615              }
1616  
1617              $existing_info = $lang->sprintf($lang->moderate_length, $expired, $color);
1618          }
1619          else
1620          {
1621              $existing_info = $lang->moderated_perm;
1622          }
1623      }
1624  
1625      $modpost_div = '<div id="modpost">'.$existing_info.''.$lang->moderate_for.' '.$form->generate_numeric_field("modpost_time", $mybb->input['modpost_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$modpost_options.'</div>';
1626      $lang->moderate_posts_info = $lang->sprintf($lang->moderate_posts_info, htmlspecialchars_uni($user['username']));
1627      $form_container->output_row($form->generate_check_box("moderateposting", 1, $lang->moderate_posts, array("id" => "moderateposting", "onclick" => "toggleBox('modpost');", "checked" => $mybb->input['moderateposting'])), $lang->moderate_posts_info, $modpost_div);
1628  
1629      // Suspend posts
1630      // Generate check box
1631      $suspost_options = $form->generate_select_box('suspost_period', $periods, $mybb->input['suspost_period'], array('id' => 'suspost_period'));
1632  
1633      // Do we have any existing suspensions here?
1634      if($user['suspendposting'] || ($mybb->input['suspendposting'] && !empty($errors)))
1635      {
1636          $mybb->input['suspendposting'] = 1;
1637  
1638          if($user['suspensiontime'] == 0 || $mybb->input['suspost_period'] == "never")
1639          {
1640              $existing_info = $lang->suspended_perm;
1641          }
1642          else
1643          {
1644              $remaining = $user['suspensiontime']-TIME_NOW;
1645              $suspost_date = nice_time($remaining, array('seconds' => false));
1646  
1647              $color = 'inherit';
1648              if($remaining < 3600)
1649              {
1650                  $color = 'red';
1651              }
1652              elseif($remaining < 86400)
1653              {
1654                  $color = 'maroon';
1655              }
1656              elseif($remaining < 604800)
1657              {
1658                  $color = 'green';
1659              }
1660  
1661              $existing_info = $lang->sprintf($lang->suspend_length, $suspost_date, $color);
1662          }
1663      }
1664  
1665      $suspost_div = '<div id="suspost">'.$existing_info.''.$lang->suspend_for.' '.$form->generate_numeric_field("suspost_time", $mybb->input['suspost_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$suspost_options.'</div>';
1666      $lang->suspend_posts_info = $lang->sprintf($lang->suspend_posts_info, htmlspecialchars_uni($user['username']));
1667      $form_container->output_row($form->generate_check_box("suspendposting", 1, $lang->suspend_posts, array("id" => "suspendposting", "onclick" => "toggleBox('suspost');", "checked" => $mybb->input['suspendposting'])), $lang->suspend_posts_info, $suspost_div);
1668  
1669  
1670      $form_container->end();
1671      $plugins->run_hooks("admin_user_users_edit_moderator_options");
1672      echo "</div>\n";
1673  
1674      $plugins->run_hooks("admin_user_users_edit_graph");
1675  
1676      $buttons[] = $form->generate_submit_button($lang->save_user);
1677      $form->output_submit_wrapper($buttons);
1678  
1679      $form->end();
1680  
1681      echo '<script type="text/javascript">
1682  <!--
1683  
1684  function toggleBox(action)
1685  {
1686      if(action == "modpost")
1687      {
1688          $("#suspendposting").attr("checked", false);
1689          $("#suspost").hide();
1690  
1691          if($("#moderateposting").is(":checked") == true)
1692          {
1693              $("#modpost").show();
1694          }
1695          else if($("#moderateposting").is(":checked") == false)
1696          {
1697              $("#modpost").hide();
1698          }
1699      }
1700      else if(action == "suspost")
1701      {
1702          $("#moderateposting").attr("checked", false);
1703          $("#modpost").hide();
1704  
1705          if($("#suspendposting").is(":checked") == true)
1706          {
1707              $("#suspost").show();
1708          }
1709          else if($("#suspendposting").is(":checked") == false)
1710          {
1711              $("#suspost").hide();
1712          }
1713      }
1714  }
1715  
1716  if($("#moderateposting").is(":checked") == false)
1717  {
1718      $("#modpost").hide();
1719  }
1720  else
1721  {
1722      $("#modpost").show();
1723  }
1724  
1725  if($("#suspendposting").is(":checked") == false)
1726  {
1727      $("#suspost").hide();
1728  }
1729  else
1730  {
1731      $("#suspost").show();
1732  }
1733  
1734  // -->
1735  </script>';
1736  
1737      $page->output_footer();
1738  }
1739  
1740  if($mybb->input['action'] == "delete")
1741  {
1742      $user = get_user($mybb->input['uid']);
1743  
1744      // Does the user not exist?
1745      if(!$user['uid'])
1746      {
1747          flash_message($lang->error_invalid_user, 'error');
1748          admin_redirect("index.php?module=user-users");
1749      }
1750  
1751      if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))
1752      {
1753          flash_message($lang->error_no_perms_super_admin, 'error');
1754          admin_redirect("index.php?module=user-users");
1755      }
1756  
1757      // User clicked no
1758      if($mybb->input['no'])
1759      {
1760          admin_redirect("index.php?module=user-users");
1761      }
1762  
1763      $plugins->run_hooks("admin_user_users_delete");
1764  
1765      if($mybb->request_method == "post")
1766      {
1767          $plugins->run_hooks("admin_user_users_delete_commit");
1768  
1769          // Set up user handler.
1770          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1771          $userhandler = new UserDataHandler('delete');
1772  
1773          // Delete the user
1774          if(!$userhandler->delete_user($user['uid']))
1775          {
1776              flash_message($lang->error_cannot_delete_user, 'error');
1777              admin_redirect("index.php?module=user-users");
1778          }
1779  
1780          $cache->update_awaitingactivation();
1781  
1782          $plugins->run_hooks("admin_user_users_delete_commit_end");
1783  
1784          log_admin_action($user['uid'], $user['username']);
1785  
1786          flash_message($lang->success_user_deleted, 'success');
1787          admin_redirect("index.php?module=user-users");
1788      }
1789      else
1790      {
1791          $page->output_confirm_action("index.php?module=user-users&action=delete&uid={$user['uid']}", $lang->user_deletion_confirmation);
1792      }
1793  }
1794  
1795  if($mybb->input['action'] == "referrers")
1796  {
1797      $page->add_breadcrumb_item($lang->show_referrers);
1798      $page->output_header($lang->show_referrers);
1799  
1800      $sub_tabs['referrers'] = array(
1801          'title' => $lang->show_referrers,
1802          'link' => "index.php?module=user-users&amp;action=referrers&amp;uid={$mybb->input['uid']}",
1803          'description' => $lang->show_referrers_desc
1804      );
1805  
1806      $plugins->run_hooks("admin_user_users_referrers");
1807  
1808      $page->output_nav_tabs($sub_tabs, 'referrers');
1809  
1810      // Fetch default admin view
1811      $default_view = fetch_default_view("user");
1812      if(!$default_view)
1813      {
1814          $default_view = "0";
1815      }
1816      $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
1817      $admin_view = $db->fetch_array($query);
1818  
1819      if($mybb->input['type'])
1820      {
1821          $admin_view['view_type'] = $mybb->input['type'];
1822      }
1823  
1824      $admin_view['conditions'] = my_unserialize($admin_view['conditions']);
1825      $admin_view['conditions']['referrer'] = $mybb->input['uid'];
1826  
1827      $view = build_users_view($admin_view);
1828  
1829      // No referred users
1830      if(!$view)
1831      {
1832          $table = new Table;
1833          $table->construct_cell($lang->error_no_referred_users);
1834          $table->construct_row();
1835          $table->output($lang->show_referrers);
1836      }
1837      else
1838      {
1839          echo $view;
1840      }
1841  
1842      $page->output_footer();
1843  }
1844  
1845  if($mybb->input['action'] == "ipaddresses")
1846  {
1847      $page->add_breadcrumb_item($lang->ip_addresses);
1848      $page->output_header($lang->ip_addresses);
1849  
1850      $sub_tabs['ipaddresses'] = array(
1851          'title' => $lang->show_ip_addresses,
1852          'link' => "index.php?module=user-users&amp;action=ipaddresses&amp;uid={$mybb->input['uid']}",
1853          'description' => $lang->show_ip_addresses_desc
1854      );
1855  
1856      $plugins->run_hooks("admin_user_users_ipaddresses");
1857  
1858      $page->output_nav_tabs($sub_tabs, 'ipaddresses');
1859  
1860      $query = $db->simple_select("users", "uid, regip, username, lastip", "uid='{$mybb->input['uid']}'", array('limit' => 1));
1861      $user = $db->fetch_array($query);
1862  
1863      // Log admin action
1864      log_admin_action($user['uid'], $user['username']);
1865  
1866      $table = new Table;
1867  
1868      $table->construct_header($lang->ip_address);
1869      $table->construct_header($lang->controls, array('width' => 200, 'class' => "align_center"));
1870  
1871      if(empty($user['lastip']))
1872      {
1873          $user['lastip'] = $lang->unknown;
1874          $controls = '';
1875      }
1876      else
1877      {
1878          $user['lastip'] = my_inet_ntop($db->unescape_binary($user['lastip']));
1879          $popup = new PopupMenu("user_last", $lang->options);
1880          $popup->add_item($lang->show_users_regged_with_ip,
1881              "index.php?module=user-users&amp;action=search&amp;results=1&amp;conditions=".urlencode(my_serialize(array("regip" => $user['lastip']))));
1882          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $user['lastip']))));
1883          $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$user['lastip']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$user['lastip']}', null, true); return false;");
1884          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$user['lastip']}");
1885          $controls = $popup->fetch();
1886      }
1887      $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> ".$user['lastip']);
1888      $table->construct_cell($controls, array('class' => "align_center"));
1889      $table->construct_row();
1890  
1891      if(empty($user['regip']))
1892      {
1893          $user['regip'] = $lang->unknown;
1894          $controls = '';
1895      }
1896      else
1897      {
1898          $user['regip'] = my_inet_ntop($db->unescape_binary($user['regip']));
1899          $popup = new PopupMenu("user_reg", $lang->options);
1900          $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("regip" => $user['regip']))));
1901          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $user['regip']))));
1902          $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$user['regip']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$user['regip']}', null, true); return false;");
1903          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$user['regip']}");
1904          $controls = $popup->fetch();
1905      }
1906      $table->construct_cell("<strong>{$lang->registration_ip}:</strong> ".$user['regip']);
1907      $table->construct_cell($controls, array('class' => "align_center"));
1908      $table->construct_row();
1909  
1910      $counter = 0;
1911  
1912      $query = $db->simple_select("posts", "DISTINCT ipaddress", "uid='{$mybb->input['uid']}'");
1913      while($ip = $db->fetch_array($query))
1914      {
1915          ++$counter;
1916          $ip['ipaddress'] = my_inet_ntop($db->unescape_binary($ip['ipaddress']));
1917          $popup = new PopupMenu("id_{$counter}", $lang->options);
1918          $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("regip" => $ip['ipaddress']))));
1919          $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $ip['ipaddress']))));
1920          $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$ip['ipaddress']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$ip['ipaddress']}', null, true); return false;");
1921          $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$ip['ipaddress']}");
1922          $controls = $popup->fetch();
1923  
1924          $table->construct_cell($ip['ipaddress']);
1925          $table->construct_cell($controls, array('class' => "align_center"));
1926          $table->construct_row();
1927      }
1928  
1929      $table->output($lang->ip_address_for.' '.htmlspecialchars_uni($user['username']));
1930  
1931      $page->output_footer();
1932  }
1933  
1934  if($mybb->input['action'] == "merge")
1935  {
1936      $plugins->run_hooks("admin_user_users_merge");
1937  
1938      if($mybb->request_method == "post")
1939      {
1940          foreach(array('source', 'destination') as $target)
1941          {
1942              ${$target.'_user'} = get_user_by_username($mybb->input[$target.'_username'], array('fields' => '*'));
1943              if(!${$target.'_user'}['uid'])
1944              {
1945                  $errors[] = $lang->{'error_invalid_user_'.$target};
1946              }
1947          }
1948  
1949          // If we're not a super admin and we're merging a source super admin or a destination super admin then dissallow this action
1950          if(!is_super_admin($mybb->user['uid']) && (is_super_admin($source_user['uid']) || is_super_admin($destination_user['uid'])))
1951          {
1952              flash_message($lang->error_no_perms_super_admin, 'error');
1953              admin_redirect("index.php?module=user-users");
1954          }
1955  
1956          if($source_user['uid'] == $destination_user['uid'] && !empty($source_user['uid']))
1957          {
1958              $errors[] = $lang->error_cannot_merge_same_account;
1959          }
1960  
1961          if(empty($errors))
1962          {
1963              // Begin to merge the accounts
1964              $uid_update = array(
1965                  "uid" => $destination_user['uid']
1966              );
1967              $query = $db->simple_select("adminoptions", "uid", "uid='{$destination_user['uid']}'");
1968              $existing_admin_options = $db->fetch_field($query, "uid");
1969  
1970              // Only carry over admin options/permissions if we don't already have them
1971              if(!$existing_admin_options)
1972              {
1973                  $db->update_query("adminoptions", $uid_update, "uid='{$source_user['uid']}'");
1974              }
1975  
1976              $db->update_query("adminlog", $uid_update, "uid='{$source_user['uid']}'");
1977              $db->update_query("announcements", $uid_update, "uid='{$source_user['uid']}'");
1978              $db->update_query("events", $uid_update, "uid='{$source_user['uid']}'");
1979              $db->update_query("threadsubscriptions", $uid_update, "uid='{$source_user['uid']}'");
1980              $db->update_query("forumsubscriptions", $uid_update, "uid='{$source_user['uid']}'");
1981              $db->update_query("joinrequests", $uid_update, "uid='{$source_user['uid']}'");
1982              $db->update_query("moderatorlog", $uid_update, "uid='{$source_user['uid']}'");
1983              $db->update_query("pollvotes", $uid_update, "uid='{$source_user['uid']}'");
1984              $db->update_query("posts", $uid_update, "uid='{$source_user['uid']}'");
1985              $db->update_query("privatemessages", $uid_update, "uid='{$source_user['uid']}'");
1986              $db->update_query("reportedcontent", $uid_update, "uid='{$source_user['uid']}'");
1987              $db->update_query("threads", $uid_update, "uid='{$source_user['uid']}'");
1988              $db->update_query("warnings", $uid_update, "uid='{$source_user['uid']}'");
1989              $db->update_query("warnings", array("revokedby" => $destination_user['uid']), "revokedby='{$source_user['uid']}'");
1990              $db->update_query("warnings", array("issuedby" => $destination_user['uid']), "issuedby='{$source_user['uid']}'");
1991  
1992              // Thread ratings
1993              merge_thread_ratings($source_user['uid'], $destination_user['uid']);
1994  
1995              // Banning
1996              $db->update_query("banned", array('admin' => $destination_user['uid']), "admin = '{$source_user['uid']}'");
1997  
1998              // Carry over referrals
1999              $db->update_query("users", array("referrer" => ((int)$source_user['referrer'] + (int)$destination_user['referrer'])), "uid='{$destination_user['uid']}'");
2000              $db->update_query("users", array("referrals" => ((int)$source_user['referrals'] + (int)$destination_user['referrals'])), "uid='{$destination_user['uid']}'");
2001  
2002              // Merging Reputation
2003              // First, let's change all the details over to our new user...
2004              $db->update_query("reputation", array("adduid" => $destination_user['uid']), "adduid = '".$source_user['uid']."'");
2005              $db->update_query("reputation", array("uid" => $destination_user['uid']), "uid = '".$source_user['uid']."'");
2006  
2007              // Now that all the repuation is merged, figure out what to do with this user's comments...
2008              $options = array(
2009                  "order_by" => "uid",
2010                  "order_dir" => "ASC"
2011              );
2012  
2013              $to_remove = array();
2014              $query = $db->simple_select("reputation", "*", "adduid = '".$destination_user['uid']."'");
2015              while($rep = $db->fetch_array($query))
2016              {
2017                  if($rep['pid'] == 0 && $mybb->settings['multirep'] == 0 && $last_result['uid'] == $rep['uid'])
2018                  {
2019                      // Multiple reputation is disallowed, and this isn't a post, so let's remove this comment
2020                      $to_remove[] = $rep['rid'];
2021                  }
2022  
2023                  // Remove comments or posts liked by "me"
2024                  if($last_result['uid'] == $destination_user['uid'] || $rep['uid'] == $destination_user['uid'])
2025                  {
2026                      if(!in_array($rep['rid'], $to_remove))
2027                      {
2028                          $to_remove[] = $rep['rid'];
2029                          continue;
2030                      }
2031                  }
2032  
2033                  $last_result = array(
2034                      "rid" => $rep['rid'],
2035                      "uid" => $rep['uid']
2036                  );
2037              }
2038  
2039              // Remove any reputations we've selected to remove...
2040              if(!empty($to_remove))
2041              {
2042                  $imp = implode(",", $to_remove);
2043                  $db->delete_query("reputation", "rid IN (".$imp.")");
2044              }
2045  
2046              // Calculate the new reputation for this user...
2047              $query = $db->simple_select("reputation", "SUM(reputation) as total_rep", "uid='{$destination_user['uid']}'");
2048              $total_reputation = $db->fetch_field($query, "total_rep");
2049  
2050              $db->update_query("users", array('reputation' => (int)$total_reputation), "uid='{$destination_user['uid']}'");
2051  
2052              // Calculate warning points
2053              $query = $db->query("
2054                  SELECT SUM(points) as warn_lev
2055                  FROM ".TABLE_PREFIX."warnings
2056                  WHERE uid='{$source_user['uid']}' AND expired='0'
2057              ");
2058              $original_warn_level = $db->fetch_field($query, "warn_lev");
2059  
2060              $query = $db->query("
2061                  SELECT SUM(points) as warn_lev
2062                  FROM ".TABLE_PREFIX."warnings
2063                  WHERE uid='{$destination_user['uid']}' AND expired='0'
2064              ");
2065              $new_warn_level = $db->fetch_field($query, "warn_lev");
2066              $db->update_query("users", array("warningpoints" => (int)$original_warn_level + $new_warn_level), "uid='{$destination_user['uid']}'");
2067  
2068              // Additional updates for non-uid fields
2069              $last_poster = array(
2070                  "lastposteruid" => $destination_user['uid'],
2071                  "lastposter" => $db->escape_string($destination_user['username'])
2072              );
2073              $db->update_query("forums", $last_poster, "lastposteruid='{$source_user['uid']}'");
2074              $db->update_query("threads", $last_poster, "lastposteruid='{$source_user['uid']}'");
2075              $edit_uid = array(
2076                  "edituid" => $destination_user['uid']
2077              );
2078              $db->update_query("posts", $edit_uid, "edituid='{$source_user['uid']}'");
2079  
2080              $from_uid = array(
2081                  "fromid" => $destination_user['uid']
2082              );
2083              $db->update_query("privatemessages", $from_uid, "fromid='{$source_user['uid']}'");
2084              $to_uid = array(
2085                  "toid" => $destination_user['uid']
2086              );
2087              $db->update_query("privatemessages", $to_uid, "toid='{$source_user['uid']}'");
2088  
2089              // Buddy/ignore lists
2090              $destination_buddies = explode(',', $destination_user['buddylist']);
2091              $source_buddies = explode(',', $source_user['buddylist']);
2092              $buddies = array_unique(array_merge($source_buddies, $destination_buddies));
2093              // Make sure the new buddy list doesn't contain either users
2094              $buddies_array = array_diff($buddies, array($destination_user['uid'], $source_user['uid']));
2095  
2096              $destination_ignored = explode(',', $destination_user['ignorelist']);
2097              $source_ignored = explode(',', $destination_user['ignorelist']);
2098              $ignored = array_unique(array_merge($source_ignored, $destination_ignored));
2099              // ... and the same for the new ignore list
2100              $ignored_array = array_diff($ignored, array($destination_user['uid'], $source_user['uid']));
2101  
2102              // Remove any ignored users from the buddy list
2103              $buddies = array_diff($buddies_array, $ignored_array);
2104              // implode the arrays so we get a nice neat list for each
2105              $buddies = trim(implode(',', $buddies), ',');
2106              $ignored = trim(implode(',', $ignored_array), ',');
2107  
2108              $lists = array(
2109                  "buddylist" => $buddies,
2110                  "ignorelist" => $ignored
2111              );
2112              $db->update_query("users", $lists, "uid='{$destination_user['uid']}'");
2113  
2114              // Get a list of forums where post count doesn't apply
2115              $fids = array();
2116              $query = $db->simple_select("forums", "fid", "usepostcounts=0");
2117              while($fid = $db->fetch_field($query, "fid"))
2118              {
2119                  $fids[] = $fid;
2120              }
2121  
2122              $fids_not_in = '';
2123              if(!empty($fids))
2124              {
2125                  $fids_not_in = "AND fid NOT IN(".implode(',', $fids).")";
2126              }
2127  
2128              // Update user post count
2129              $query = $db->simple_select("posts", "COUNT(*) AS postnum", "uid='".$destination_user['uid']."' {$fids_not_in}");
2130              $num = $db->fetch_array($query);
2131              $updated_count = array(
2132                  "postnum" => $num['postnum']
2133              );
2134              $db->update_query("users", $updated_count, "uid='{$destination_user['uid']}'");
2135  
2136              // Update user thread count
2137              $query = $db->simple_select("threads", "COUNT(*) AS threadnum", "uid='".$destination_user['uid']."' {$fids_not_in}");
2138              $num = $db->fetch_array($query);
2139              $updated_count = array(
2140                  "threadnum" => $num['threadnum']
2141              );
2142              $db->update_query("users", $updated_count, "uid='{$destination_user['uid']}'");
2143  
2144              // Use the earliest registration date
2145              if($destination_user['regdate'] > $source_user['regdate'])
2146              {
2147                  $db->update_query("users", array('regdate' => $source_user['regdate']), "uid='{$destination_user['uid']}'");
2148              }
2149  
2150              $plugins->run_hooks("admin_user_users_merge_commit");
2151  
2152              // Set up user handler.
2153              require_once  MYBB_ROOT.'inc/datahandlers/user.php';
2154              $userhandler = new UserDataHandler('delete');
2155  
2156              // Delete the old user
2157              $userhandler->delete_user($source_user['uid']);
2158  
2159              $cache->update_awaitingactivation();
2160  
2161              // Log admin action
2162              log_admin_action($source_user['uid'], $source_user['username'], $destination_user['uid'], $destination_user['username']);
2163  
2164              // Redirect!
2165              $username = htmlspecialchars_uni($source_user['username']);
2166              $destination_username = htmlspecialchars_uni($destination_user['username']);
2167              flash_message("<strong>{$username}</strong> {$lang->success_merged} {$destination_username}", "success");
2168              admin_redirect("index.php?module=user-users");
2169              exit;
2170          }
2171      }
2172  
2173      $page->add_breadcrumb_item($lang->merge_users);
2174      $page->output_header($lang->merge_users);
2175  
2176      $page->output_nav_tabs($sub_tabs, 'merge_users');
2177  
2178      // If we have any error messages, show them
2179      if($errors)
2180      {
2181          $page->output_inline_error($errors);
2182      }
2183  
2184      $form = new Form("index.php?module=user-users&amp;action=merge", "post");
2185  
2186      $form_container = new FormContainer($lang->merge_users);
2187      $form_container->output_row($lang->source_account." <em>*</em>", $lang->source_account_desc, $form->generate_text_box('source_username', $mybb->input['source_username'], array('id' => 'source_username')), 'source_username');
2188      $form_container->output_row($lang->destination_account." <em>*</em>", $lang->destination_account_desc, $form->generate_text_box('destination_username', $mybb->input['destination_username'], array('id' => 'destination_username')), 'destination_username');
2189      $form_container->end();
2190  
2191      // Autocompletion for usernames
2192      echo '
2193      <link rel="stylesheet" href="../jscripts/select2/select2.css">
2194      <script type="text/javascript" src="../jscripts/select2/select2.min.js?ver=1804"></script>
2195      <script type="text/javascript">
2196      <!--
2197      $("#source_username").select2({
2198          placeholder: "'.$lang->search_for_a_user.'",
2199          minimumInputLength: 2,
2200          multiple: false,
2201          ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
2202              url: "../xmlhttp.php?action=get_users",
2203              dataType: \'json\',
2204              data: function (term, page) {
2205                  return {
2206                      query: term // search term
2207                  };
2208              },
2209              results: function (data, page) { // parse the results into the format expected by Select2.
2210                  // since we are using custom formatting functions we do not need to alter remote JSON data
2211                  return {results: data};
2212              }
2213          },
2214          initSelection: function(element, callback) {
2215              var query = $(element).val();
2216              if (query !== "") {
2217                  $.ajax("../xmlhttp.php?action=get_users&getone=1", {
2218                      data: {
2219                          query: query
2220                      },
2221                      dataType: "json"
2222                  }).done(function(data) { callback(data); });
2223              }
2224          }
2225      });
2226      $("#destination_username").select2({
2227          placeholder: "'.$lang->search_for_a_user.'",
2228          minimumInputLength: 2,
2229          multiple: false,
2230          ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
2231              url: "../xmlhttp.php?action=get_users",
2232              dataType: \'json\',
2233              data: function (term, page) {
2234                  return {
2235                      query: term // search term
2236                  };
2237              },
2238              results: function (data, page) { // parse the results into the format expected by Select2.
2239                  // since we are using custom formatting functions we do not need to alter remote JSON data
2240                  return {results: data};
2241              }
2242          },
2243          initSelection: function(element, callback) {
2244              var query = $(element).val();
2245              if (query !== "") {
2246                  $.ajax("../xmlhttp.php?action=get_users&getone=1", {
2247                      data: {
2248                          query: query
2249                      },
2250                      dataType: "json"
2251                  }).done(function(data) { callback(data); });
2252              }
2253          }
2254      });
2255      // -->
2256      </script>';
2257  
2258      $buttons[] = $form->generate_submit_button($lang->merge_user_accounts);
2259      $form->output_submit_wrapper($buttons);
2260      $form->end();
2261  
2262      $page->output_footer();
2263  }
2264  
2265  if($mybb->input['action'] == "search")
2266  {
2267      $plugins->run_hooks("admin_user_users_search");
2268  
2269      if($mybb->request_method == "post" || $mybb->input['results'] == 1)
2270      {
2271          // Build view options from incoming search options
2272          if($mybb->input['vid'])
2273          {
2274              $query = $db->simple_select("adminviews", "*", "vid='".$mybb->get_input('vid', MyBB::INPUT_INT)."'");
2275              $admin_view = $db->fetch_array($query);
2276              // View does not exist or this view is private and does not belong to the current user
2277              if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
2278              {
2279                  unset($admin_view);
2280              }
2281          }
2282  
2283          if($mybb->input['search_id'] && $admin_session['data']['user_views'][$mybb->input['search_id']])
2284          {
2285              $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
2286              unset($admin_view['extra_sql']);
2287          }
2288          else
2289          {
2290              // Don't have a view? Fetch the default
2291              if(!$admin_view['vid'])
2292              {
2293                  $default_view = fetch_default_view("user");
2294                  if(!$default_view)
2295                  {
2296                      $default_view = "0";
2297                  }
2298                  $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
2299                  $admin_view = $db->fetch_array($query);
2300              }
2301          }
2302  
2303          // Override specific parts of the view
2304          unset($admin_view['vid']);
2305  
2306          if($mybb->input['type'])
2307          {
2308              $admin_view['view_type'] = $mybb->input['type'];
2309          }
2310  
2311          if($mybb->input['conditions'])
2312          {
2313              $admin_view['conditions'] = $mybb->input['conditions'];
2314          }
2315  
2316          if($mybb->input['sortby'])
2317          {
2318              $admin_view['sortby'] = $mybb->input['sortby'];
2319          }
2320  
2321          if($mybb->get_input('perpage', MyBB::INPUT_INT))
2322          {
2323              $admin_view['perpage'] = $mybb->input['perpage'];
2324          }
2325  
2326          if($mybb->input['order'])
2327          {
2328              $admin_view['sortorder'] = $mybb->input['order'];
2329          }
2330  
2331          if($mybb->input['displayas'])
2332          {
2333              $admin_view['view_type'] = $mybb->input['displayas'];
2334          }
2335  
2336          if($mybb->input['profile_fields'])
2337          {
2338              $admin_view['custom_profile_fields'] = $mybb->input['profile_fields'];
2339          }
2340  
2341          $plugins->run_hooks("admin_user_users_search_commit");
2342  
2343          $results = build_users_view($admin_view);
2344  
2345          if($results)
2346          {
2347              $page->output_header($lang->find_users);
2348              echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>";
2349              $page->output_nav_tabs($sub_tabs, 'find_users');
2350              echo $results;
2351              $page->output_footer();
2352          }
2353          else
2354          {
2355              if($mybb->input['from'] == "home")
2356              {
2357                  flash_message($lang->error_no_users_found, 'error');
2358                  admin_redirect("index.php");
2359                  exit;
2360              }
2361              else
2362              {
2363                  $errors[] = $lang->error_no_users_found;
2364              }
2365          }
2366      }
2367  
2368      $page->add_breadcrumb_item($lang->find_users);
2369      $page->output_header($lang->find_users);
2370  
2371      $page->output_nav_tabs($sub_tabs, 'find_users');
2372  
2373      // If we have any error messages, show them
2374      if($errors)
2375      {
2376          $page->output_inline_error($errors);
2377      }
2378  
2379      if(!$mybb->input['displayas'])
2380      {
2381          $mybb->input['displayas'] = "card";
2382      }
2383  
2384      $form = new Form("index.php?module=user-users&amp;action=search", "post");
2385  
2386      user_search_conditions($mybb->input, $form);
2387  
2388      $form_container = new FormContainer($lang->display_options);
2389      $sort_directions = array(
2390          "asc" => $lang->ascending,
2391          "desc" => $lang->descending
2392      );
2393      $form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby'))." {$lang->in} ".$form->generate_select_box('order', $sort_directions, $mybb->input['order'], array('id' => 'order')), 'sortby');
2394      $form_container->output_row($lang->results_per_page, "", $form->generate_numeric_field('perpage', $mybb->input['perpage'], array('id' => 'perpage', 'min' => 1)), 'perpage');
2395      $form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('displayas', 'table', $lang->table, array('checked' => ($mybb->input['displayas'] != "card" ? true : false)))."<br />".$form->generate_radio_button('displayas', 'card', $lang->business_card, array('checked' => ($mybb->input['displayas'] == "card" ? true : false))));
2396      $form_container->end();
2397  
2398      $buttons[] = $form->generate_submit_button($lang->find_users);
2399      $form->output_submit_wrapper($buttons);
2400      $form->end();
2401  
2402      $page->output_footer();
2403  }
2404  
2405  if($mybb->input['action'] == "inline_edit")
2406  {
2407      $plugins->run_hooks("admin_user_users_inline");
2408  
2409      if($mybb->input['vid'] || $mybb->cookies['acp_view'])
2410      {
2411          // We have a custom view
2412          if(!$mybb->cookies['acp_view'])
2413          {
2414              // Set a cookie
2415              my_setcookie("acp_view", $mybb->input['vid'], 60);
2416          }
2417          elseif($mybb->cookies['acp_view'])
2418          {
2419              // We already have a cookie, so let's use it...
2420              $mybb->input['vid'] = $mybb->cookies['acp_view'];
2421          }
2422  
2423          $vid_url = "&amp;vid=".$mybb->input['vid'];
2424      }
2425  
2426      // First, collect the user IDs that we're performing the moderation on
2427      $ids = explode("|", $mybb->cookies['inlinemod_useracp']);
2428      foreach($ids as $id)
2429      {
2430          if($id != '')
2431          {
2432              $selected[] = (int)$id;
2433          }
2434      }
2435  
2436      // Verify incoming POST request
2437      if(!verify_post_check($mybb->input['my_post_key']))
2438      {
2439          flash_message($lang->invalid_post_verify_key2, 'error');
2440          admin_redirect("index.php?module=user-user");
2441      }
2442      $sub_tabs['manage_users'] = array(
2443          "title" => $lang->manage_users,
2444          "link" => "./",
2445          "description" => $lang->manage_users_desc
2446      );
2447      $page->add_breadcrumb_item($lang->manage_users);
2448  
2449      if(!is_array($selected))
2450      {
2451          // Not selected any users, show error
2452          flash_message($lang->error_inline_no_users_selected, 'error');
2453          admin_redirect("index.php?module=user-users".$vid_url);
2454      }
2455  
2456      switch($mybb->input['inline_action'])
2457      {
2458          case 'multiactivate':
2459              // Run through the activating users, so that users already registered (but have been selected) aren't affected
2460              if(is_array($selected))
2461              {
2462                  $sql_array = implode(",", $selected);
2463                  $query = $db->simple_select("users", "uid, username, email", "usergroup = '5' AND uid IN (".$sql_array.")");
2464                  $user_mail_data = array();
2465                  while($user = $db->fetch_array($query))
2466                  {
2467                      $to_update[] = $user['uid'];
2468                      $user_mail_data[] = array('username' => $user['username'], 'email' => $user['email']);
2469                  }
2470              }
2471  
2472              if(is_array($to_update))
2473              {
2474                  $sql_array = implode(",", $to_update);
2475                  $db->write_query("UPDATE ".TABLE_PREFIX."users SET usergroup = '2' WHERE uid IN (".$sql_array.")");
2476  
2477                  $cache->update_awaitingactivation();
2478  
2479                  // send activation mail
2480                  foreach($user_mail_data as $mail_data)
2481                  {
2482                      $message = $lang->sprintf($lang->email_adminactivateaccount, $mail_data['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
2483                      my_mail($mail_data['email'], $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']), $message);
2484                  }
2485  
2486                  // Action complete, grab stats and show success message - redirect user
2487                  $to_update_count = count($to_update);
2488                  $lang->inline_activated = $lang->sprintf($lang->inline_activated, my_number_format($to_update_count));
2489  
2490                  if(is_array($selected) && $to_update_count != count($selected))
2491                  {
2492                      // The update count is different to how many we selected!
2493                      $not_updated_count = count($selected) - $to_update_count;
2494                      $lang->inline_activated_more = $lang->sprintf($lang->inline_activated_more, my_number_format($not_updated_count));
2495                      $lang->inline_activated = $lang->inline_activated."<br />".$lang->inline_activated_more; // Add these stats to the message
2496                  }
2497  
2498                  $mybb->input['action'] = "inline_activated"; // Force a change to the action so we can add it to the adminlog
2499                  log_admin_action($to_update_count); // Add to adminlog
2500                  my_unsetcookie("inlinemod_useracp"); // Unset the cookie, so that the users aren't still selected when we're redirected
2501  
2502                  flash_message($lang->inline_activated, 'success');
2503                  admin_redirect("index.php?module=user-users".$vid_url);
2504              }
2505              else
2506              {
2507                  // Nothing was updated, show an error
2508                  flash_message($lang->inline_activated_failed, 'error');
2509                  admin_redirect("index.php?module=user-users".$vid_url);
2510              }
2511              break;
2512          case 'multilift':
2513              // Get the users that are banned, and check that they have been selected
2514              if($mybb->input['no'])
2515              {
2516                  admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No'
2517              }
2518  
2519              if($mybb->request_method == "post")
2520              {
2521                  $sql_array = implode(",", $selected);
2522                  $query = $db->simple_select("banned", "*", "uid IN (".$sql_array.")");
2523                  $to_be_unbanned = $db->num_rows($query);
2524                  while($ban = $db->fetch_array($query))
2525                  {
2526                      $updated_group = array(
2527                          "usergroup" => $ban['oldgroup'],
2528                          "additionalgroups" => $ban['oldadditionalgroups'],
2529                          "displaygroup" => $ban['olddisplaygroup']
2530                      );
2531                      $db->update_query("users", $updated_group, "uid = '".$ban['uid']."'");
2532                      $db->delete_query("banned", "uid = '".$ban['uid']."'");
2533                  }
2534  
2535                  $cache->update_banned();
2536                  $cache->update_moderators();
2537  
2538                  $mybb->input['action'] = "inline_lift";
2539                  log_admin_action($to_be_unbanned);
2540                  my_unsetcookie("inlinemod_useracp");
2541  
2542                  $lang->success_ban_lifted = $lang->sprintf($lang->success_ban_lifted, my_number_format($to_be_unbanned));
2543                  flash_message($lang->success_ban_lifted, 'success');
2544                  admin_redirect("index.php?module=user-users".$vid_url);
2545              }
2546              else
2547              {
2548                  $page->output_confirm_action("index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multilift", $lang->confirm_multilift);
2549              }
2550  
2551              break;
2552          case 'multiban':
2553              if($mybb->input['processed'] == 1)
2554              {
2555                  // We've posted ban information!
2556                  // Build an array of users to ban, =D
2557                  $sql_array = implode(",", $selected);
2558                  // Build a cache array for this users that have been banned already
2559                  $query = $db->simple_select("banned", "uid", "uid IN (".$sql_array.")");
2560                  while($user = $db->fetch_array($query))
2561                  {
2562                      $bannedcache[] = "u_".$user['uid'];
2563                  }
2564  
2565                  // Collect the users
2566                  $query = $db->simple_select("users", "uid, username, usergroup, additionalgroups, displaygroup", "uid IN (".$sql_array.")");
2567  
2568                  if($mybb->input['bantime'] == '---')
2569                  {
2570                      $lifted = 0;
2571                  }
2572                  else
2573                  {
2574                      $lifted = ban_date2timestamp($mybb->input['bantime']);
2575                  }
2576  
2577                  $reason = my_substr($mybb->input['reason'], 0, 255);
2578  
2579                  $banned_count = 0;
2580                  while($user = $db->fetch_array($query))
2581                  {
2582                      if($user['uid'] == $mybb->user['uid'] || is_super_admin($user['uid']))
2583                      {
2584                          // We remove ourselves and Super Admins from the mix
2585                          continue;
2586                      }
2587  
2588                      if(is_array($bannedcache) && in_array("u_".$user['uid'], $bannedcache))
2589                      {
2590                          // User already has a ban, update it!
2591                          $update_array = array(
2592                              "admin" => (int)$mybb->user['uid'],
2593                              "dateline" => TIME_NOW,
2594                              "bantime" => $db->escape_string($mybb->input['bantime']),
2595                              "lifted" => $db->escape_string($lifted),
2596                              "reason" => $db->escape_string($reason)
2597                          );
2598                          $db->update_query("banned", $update_array, "uid = '".$user['uid']."'");
2599                      }
2600                      else
2601                      {
2602                          // Not currently banned - insert the ban
2603                          $insert_array = array(
2604                              'uid' => $user['uid'],
2605                              'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
2606                              'oldgroup' => $user['usergroup'],
2607                              'oldadditionalgroups' => $user['additionalgroups'],
2608                              'olddisplaygroup' => $user['displaygroup'],
2609                              'admin' => (int)$mybb->user['uid'],
2610                              'dateline' => TIME_NOW,
2611                              'bantime' => $db->escape_string($mybb->input['bantime']),
2612                              'lifted' => $db->escape_string($lifted),
2613                              'reason' => $db->escape_string($reason)
2614                          );
2615                          $db->insert_query('banned', $insert_array);
2616                      }
2617  
2618                      // Moved the user to the 'Banned' Group
2619                      $update_array = array(
2620                          'usergroup' => 7,
2621                          'displaygroup' => 0,
2622                          'additionalgroups' => '',
2623                      );
2624                      $db->update_query('users', $update_array, "uid = '{$user['uid']}'");
2625  
2626                      $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'");
2627                      $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'");
2628  
2629                      $cache->update_banned();
2630                      ++$banned_count;
2631                  }
2632                  $mybb->input['action'] = "inline_banned";
2633                  log_admin_action($banned_count, $lifted);
2634                  my_unsetcookie("inlinemod_useracp"); // Remove the cookie of selected users as we've finished with them
2635  
2636                  $lang->users_banned = $lang->sprintf($lang->users_banned, $banned_count);
2637                  flash_message($lang->users_banned, 'success');
2638                  admin_redirect("index.php?module=user-users".$vid_url);
2639              }
2640  
2641              $page->output_header($lang->manage_users);
2642              $page->output_nav_tabs($sub_tabs, 'manage_users');
2643  
2644              // Provide the user with a warning of what they're about to do
2645              $table = new Table;
2646              $lang->mass_ban_info = $lang->sprintf($lang->mass_ban_info, count($selected));
2647              $table->construct_cell($lang->mass_ban_info);
2648              $table->construct_row();
2649              $table->output($lang->important);
2650  
2651              // If there's any errors, display inline
2652              if($errors)
2653              {
2654                  $page->output_inline_error($errors);
2655              }
2656  
2657              $form = new Form("index.php?module=user-users", "post");
2658              echo $form->generate_hidden_field('action', 'inline_edit');
2659              echo $form->generate_hidden_field('inline_action', 'multiban');
2660              echo $form->generate_hidden_field('processed', '1');
2661  
2662              $form_container = new FormContainer('<div class="float_right"><a href="index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multilift&amp;my_post_key='.$mybb->post_code.'">'.$lang->lift_bans.'</a></div>'.$lang->mass_ban);
2663              $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
2664              $ban_times = fetch_ban_times();
2665              foreach($ban_times as $time => $period)
2666              {
2667                  if($time != '---')
2668                  {
2669                      $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
2670                      $period = "{$period} ({$friendly_time})";
2671                  }
2672                  $length_list[$time] = $period;
2673              }
2674              $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
2675              $form_container->end();
2676  
2677              $buttons[] = $form->generate_submit_button($lang->ban_users);
2678              $form->output_submit_wrapper($buttons);
2679              $form->end();
2680              $page->output_footer();
2681              break;
2682          case 'multidelete':
2683              if($mybb->input['no'])
2684              {
2685                  admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No
2686              }
2687              else
2688              {
2689                  if($mybb->input['processed'] == 1)
2690                  {
2691                      // Set up user handler.
2692                      require_once  MYBB_ROOT.'inc/datahandlers/user.php';
2693                      $userhandler = new UserDataHandler('delete');
2694  
2695                      // Delete users
2696                      $deleted = $userhandler->delete_user($selected);
2697                      $to_be_deleted = $deleted['deleted_users']; // Get the correct number of deleted users
2698  
2699                      // Update forum stats, remove the cookie and redirect the user
2700                      my_unsetcookie("inlinemod_useracp");
2701                      $mybb->input['action'] = "inline_delete";
2702                      log_admin_action($to_be_deleted);
2703  
2704                      $lang->users_deleted = $lang->sprintf($lang->users_deleted, $to_be_deleted);
2705  
2706                      $cache->update_awaitingactivation();
2707  
2708                      flash_message($lang->users_deleted, 'success');
2709                      admin_redirect("index.php?module=user-users".$vid_url);
2710                  }
2711  
2712                  $to_be_deleted = count($selected);
2713                  $lang->confirm_multidelete = $lang->sprintf($lang->confirm_multidelete, my_number_format($to_be_deleted));
2714                  $page->output_confirm_action("index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multidelete&amp;my_post_key={$mybb->post_code}&amp;processed=1", $lang->confirm_multidelete);
2715              }
2716              break;
2717          case 'multiprune':
2718              if($mybb->input['processed'] == 1)
2719              {
2720                  if(($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year']) && $mybb->input['set'])
2721                  {
2722                      $errors[] = $lang->multi_selected_dates;
2723                  }
2724  
2725                  $day = $mybb->get_input('day', MyBB::INPUT_INT);
2726                  $month = $mybb->get_input('month', MyBB::INPUT_INT);
2727                  $year = $mybb->get_input('year', MyBB::INPUT_INT);
2728  
2729                  // Selected a date - check if the date the user entered is valid
2730                  if($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year'])
2731                  {
2732                      // Is the date sort of valid?
2733                      if($day < 1 || $day > 31 || $month < 1 || $month > 12 || ($month == 2 && $day > 29))
2734                      {
2735                          $errors[] = $lang->incorrect_date;
2736                      }
2737  
2738                      // Check the month
2739                      $months = get_bdays($year);
2740                      if($day > $months[$month-1])
2741                      {
2742                          $errors[] = $lang->incorrect_date;
2743                      }
2744  
2745                      // Check the year
2746                      if($year != 0 && ($year < (date("Y")-100)) || $year > date("Y"))
2747                      {
2748                          $errors[] = $lang->incorrect_date;
2749                      }
2750  
2751                      if(!$errors)
2752                      {
2753                          // No errors, so let's continue and set the date to delete from
2754                          $date = mktime(date('H'), date('i'), date('s'), $month, $day, $year); // Generate a unix time stamp
2755                      }
2756                  }
2757                  elseif($mybb->input['set'] > 0)
2758                  {
2759                      // Set options
2760                      // For this purpose, 1 month = 31 days
2761                      $base_time = 24 * 60 * 60;
2762  
2763                      switch($mybb->input['set'])
2764                      {
2765                          case '1':
2766                              $threshold = $base_time * 31; // 1 month = 31 days, in the standard terms
2767                              break;
2768                          case '2':
2769                              $threshold = $base_time * 93; // 3 months = 31 days * 3
2770                              break;
2771                          case '3':
2772                              $threshold = $base_time * 183; // 6 months = 365 days / 2
2773                              break;
2774                          case '4':
2775                              $threshold = $base_time * 365; // 1 year = 365 days
2776                              break;
2777                          case '5':
2778                              $threshold = $base_time * 548; // 18 months = 365 + 183
2779                              break;
2780                          case '6':
2781                              $threshold = $base_time * 730; // 2 years = 365 * 2
2782                              break;
2783                      }
2784  
2785                      if(!$threshold)
2786                      {
2787                          // An option was entered that isn't in the dropdown box
2788                          $errors[] = $lang->no_set_option;
2789                      }
2790                      else
2791                      {
2792                          $date = TIME_NOW - $threshold;
2793                      }
2794                  }
2795                  else
2796                  {
2797                      $errors[] = $lang->no_prune_option;
2798                  }
2799  
2800                  if(!$errors)
2801                  {
2802                      $sql_array = implode(",", $selected);
2803                      $prune_array = array();
2804                      $query = $db->simple_select("users", "uid", "uid IN (".$sql_array.")");
2805                      while($user = $db->fetch_array($query))
2806                      {
2807                          // Protect Super Admins
2808                          if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid']))
2809                          {
2810                              continue;
2811                          }
2812  
2813                          $return_array = delete_user_posts($user['uid'], $date); // Delete user posts, and grab a list of threads to delete
2814                          if($return_array && is_array($return_array))
2815                          {
2816                              $prune_array = array_merge_recursive($prune_array, $return_array);
2817                          }
2818                      }
2819  
2820                      // No posts were found for the user, return error
2821                      if(!is_array($prune_array) || count($prune_array) == 0)
2822                      {
2823                          flash_message($lang->prune_fail, 'error');
2824                          admin_redirect("index.php?module=user-users".$vid_url);
2825                      }
2826  
2827                      // Require the rebuild functions
2828                      require_once  MYBB_ROOT.'/inc/functions.php';
2829                      require_once  MYBB_ROOT.'/inc/functions_rebuild.php';
2830  
2831                      // We've finished deleting user's posts, so let's delete the threads
2832                      if(is_array($prune_array['to_delete']) && count($prune_array['to_delete']) > 0)
2833                      {
2834                          foreach($prune_array['to_delete'] as $tid)
2835                          {
2836                              $db->delete_query("threads", "tid='$tid'");
2837                              $db->delete_query("threads", "closed='moved|$tid'");
2838                              $db->delete_query("threadsubscriptions", "tid='$tid'");
2839                              $db->delete_query("polls", "tid='$tid'");
2840                              $db->delete_query("threadsread", "tid='$tid'");
2841                              $db->delete_query("threadratings", "tid='$tid'");
2842                          }
2843                      }
2844  
2845                      // After deleting threads, rebuild the thread counters for the affected threads
2846                      if(is_array($prune_array['thread_update']) && count($prune_array['thread_update']) > 0)
2847                      {
2848                          $sql_array = implode(",", $prune_array['thread_update']);
2849                          $query = $db->simple_select("threads", "tid", "tid IN (".$sql_array.")", array('order_by' => 'tid', 'order_dir' => 'asc'));
2850                          while($thread = $db->fetch_array($query))
2851                          {
2852                              rebuild_thread_counters($thread['tid']);
2853                          }
2854                      }
2855  
2856                      // After updating thread counters, update the affected forum counters
2857                      if(is_array($prune_array['forum_update']) && count($prune_array['forum_update']) > 0)
2858                      {
2859                          $sql_array = implode(",", $prune_array['forum_update']);
2860                          $query = $db->simple_select("forums", "fid", "fid IN (".$sql_array.")", array('order_by' => 'fid', 'order_dir' => 'asc'));
2861                          while($forum = $db->fetch_array($query))
2862                          {
2863                              // Because we have a recursive array merge, check to see if there isn't a duplicated forum to update
2864                              if($looped_forum == $forum['fid'])
2865                              {
2866                                  continue;
2867                              }
2868                              $looped_forum = $forum['fid'];
2869                              rebuild_forum_counters($forum['fid']);
2870                          }
2871                      }
2872  
2873                      //log_admin_action();
2874                      my_unsetcookie("inlinemod_useracp"); // We've got our users, remove the cookie
2875                      flash_message($lang->prune_complete, 'success');
2876                      admin_redirect("index.php?module=user-users".$vid_url);
2877                  }
2878              }
2879  
2880              $page->output_header($lang->manage_users);
2881              $page->output_nav_tabs($sub_tabs, 'manage_users');
2882  
2883              // Display a table warning
2884              $table = new Table;
2885              $lang->mass_prune_info = $lang->sprintf($lang->mass_prune_info, count($selected));
2886              $table->construct_cell($lang->mass_prune_info);
2887              $table->construct_row();
2888              $table->output($lang->important);
2889  
2890              if($errors)
2891              {
2892                  $page->output_inline_error($errors);
2893              }
2894  
2895              // Display the prune options
2896              $form = new Form("index.php?module=user-users", "post");
2897              echo $form->generate_hidden_field('action', 'inline_edit');
2898              echo $form->generate_hidden_field('inline_action', 'multiprune');
2899              echo $form->generate_hidden_field('processed', '1');
2900  
2901              $form_container = new FormContainer($lang->mass_prune_posts);
2902  
2903              // Generate a list of days (1 - 31)
2904              $day_options = array();
2905              $day_options[] = "&nbsp;";
2906              for($i = 1; $i <= 31; ++$i)
2907              {
2908                  $day_options[] = $i;
2909              }
2910  
2911              // Generate a list of months (1 - 12)
2912              $month_options = array();
2913              $month_options[] = "&nbsp;";
2914              for($i = 1; $i <= 12; ++$i)
2915              {
2916                  $string = "month_{$i}";
2917                  $month_options[] = $lang->$string;
2918              }
2919              $date_box = $form->generate_select_box('day', $day_options, $mybb->input['day']);
2920              $month_box = $form->generate_select_box('month', $month_options, $mybb->input['month']);
2921              $year_box = $form->generate_numeric_field('year', $mybb->input['year'], array('id' => 'year', 'style' => 'width: 50px;', 'min' => 0));
2922  
2923              $prune_select = $date_box.$month_box.$year_box;
2924              $form_container->output_row($lang->manual_date, "", $prune_select, 'date');
2925  
2926              // Generate the set date box
2927              $set_options = array();
2928              $set_options[] = $lang->set_an_option;
2929              for($i = 1; $i <= 6; ++$i)
2930              {
2931                  $string = "option_{$i}";
2932                  $set_options[] = $lang->$string;
2933              }
2934  
2935              $form_container->output_row($lang->relative_date, "", $lang->delete_posts." ".$form->generate_select_box('set', $set_options, $mybb->input['set']), 'set');
2936              $form_container->end();
2937  
2938              $buttons[] = $form->generate_submit_button($lang->prune_posts);
2939              $form->output_submit_wrapper($buttons);
2940              $form->end();
2941              $page->output_footer();
2942              break;
2943          case 'multiusergroup':
2944              if($mybb->input['processed'] == 1)
2945              {
2946                  // Determine additional usergroups
2947                  if(is_array($mybb->input['additionalgroups']))
2948                  {
2949                      foreach($mybb->input['additionalgroups'] as $key => $gid)
2950                      {
2951                          if($gid == $mybb->input['usergroup'])
2952                          {
2953                              unset($mybb->input['additionalgroups'][$key]);
2954                          }
2955                      }
2956  
2957                      $additionalgroups = implode(",", array_map('intval', $mybb->input['additionalgroups']));
2958                  }
2959                  else
2960                  {
2961                      $additionalgroups = '';
2962                  }
2963  
2964                  // Create an update array
2965                  $update_array = array(
2966                      "usergroup" => $mybb->get_input('usergroup', MyBB::INPUT_INT),
2967                      "additionalgroups" => $additionalgroups,
2968                      "displaygroup" => $mybb->get_input('displaygroup', MyBB::INPUT_INT)
2969                  );
2970  
2971                  // Do the usergroup update for all those selected
2972                  // If the a selected user is a super admin, don't update that user
2973                  $users_to_update = array();
2974                  foreach($selected as $user)
2975                  {
2976                      if(!is_super_admin($user))
2977                      {
2978                          $users_to_update[] = $user;
2979                      }
2980                  }
2981  
2982                  $to_update_count = count($users_to_update);
2983                  if($to_update_count > 0)
2984                  {
2985                      // Update the users in the database
2986                      $sql = implode(",", $users_to_update);
2987                      $db->update_query("users", $update_array, "uid IN (".$sql.")");
2988  
2989                      // Redirect the admin...
2990                      $mybb->input['action'] = "inline_usergroup";
2991                      log_admin_action($to_update_count);
2992                      my_unsetcookie("inlinemod_useracp");
2993                      flash_message($lang->success_mass_usergroups, 'success');
2994                      admin_redirect("index.php?module=user-users".$vid_url);
2995                  }
2996                  else
2997                  {
2998                      // They tried to edit super admins! Uh-oh!
2999                      $errors[] = $lang->no_usergroup_changed;
3000                  }
3001              }
3002  
3003              $page->output_header($lang->manage_users);
3004              $page->output_nav_tabs($sub_tabs, 'manage_users');
3005  
3006              // Display a table warning
3007              $table = new Table;
3008              $lang->usergroup_info = $lang->sprintf($lang->usergroup_info, count($selected));
3009              $table->construct_cell($lang->usergroup_info);
3010              $table->construct_row();
3011              $table->output($lang->important);
3012  
3013              if($errors)
3014              {
3015                  $page->output_inline_error($errors);
3016              }
3017  
3018              // Display the usergroup options
3019              $form = new Form("index.php?module=user-users", "post");
3020              echo $form->generate_hidden_field('action', 'inline_edit');
3021              echo $form->generate_hidden_field('inline_action', 'multiusergroup');
3022              echo $form->generate_hidden_field('processed', '1');
3023  
3024              $form_container = new FormContainer($lang->mass_usergroups);
3025  
3026              // Usergroups
3027              $display_group_options[0] = $lang->use_primary_user_group;
3028              $options = array();
3029              $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
3030              while($usergroup = $db->fetch_array($query))
3031              {
3032                  $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
3033                  $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
3034              }
3035  
3036              if(!is_array($mybb->input['additionalgroups']))
3037              {
3038                  $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
3039              }
3040  
3041              $form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
3042              $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
3043              $form_container->output_row($lang->display_user_group, "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
3044  
3045              $form_container->end();
3046  
3047              $buttons[] = $form->generate_submit_button($lang->alter_usergroups);
3048              $form->output_submit_wrapper($buttons);
3049              $form->end();
3050              $page->output_footer();
3051              break;
3052      }
3053  }
3054  
3055  if(!$mybb->input['action'])
3056  {
3057      $plugins->run_hooks("admin_user_users_start");
3058  
3059      $page->output_header($lang->browse_users);
3060      echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>";
3061  
3062      $page->output_nav_tabs($sub_tabs, 'browse_users');
3063  
3064      if(isset($mybb->input['search_id']) && $admin_session['data']['user_views'][$mybb->input['search_id']])
3065      {
3066          $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
3067          unset($admin_view['extra_sql']);
3068      }
3069      else
3070      {
3071          // Showing a specific view
3072          if(isset($mybb->input['vid']))
3073          {
3074              $query = $db->simple_select("adminviews", "*", "vid='".$mybb->get_input('vid', MyBB::INPUT_INT)."'");
3075              $admin_view = $db->fetch_array($query);
3076              // View does not exist or this view is private and does not belong to the current user
3077              if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
3078              {
3079                  unset($admin_view);
3080              }
3081          }
3082  
3083          // Don't have a view? Fetch the default
3084          if(!isset($admin_view))
3085          {
3086              $default_view = fetch_default_view("user");
3087              if(!$default_view)
3088              {
3089                  $default_view = "0";
3090              }
3091              $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
3092              $admin_view = $db->fetch_array($query);
3093          }
3094      }
3095  
3096      // Fetch a list of all of the views for this user
3097      $popup = new PopupMenu("views", $lang->views);
3098  
3099      $query = $db->simple_select("adminviews", "*", "type='user' AND (visibility=2 OR uid={$mybb->user['uid']})", array("order_by" => "title"));
3100      while($view = $db->fetch_array($query))
3101      {
3102          $popup->add_item(htmlspecialchars_uni($view['title']), "index.php?module=user-users&amp;vid={$view['vid']}");
3103      }
3104      $popup->add_item("<em>{$lang->manage_views}</em>", "index.php?module=user-users&amp;action=views");
3105      $admin_view['popup'] = $popup->fetch();
3106  
3107      if(isset($mybb->input['type']))
3108      {
3109          $admin_view['view_type'] = $mybb->input['type'];
3110      }
3111  
3112      $results = build_users_view($admin_view);
3113  
3114      if(!$results)
3115      {
3116          // If we came from the home page and clicked on the "Activate Users" link, send them back to here
3117          if($admin_session['data']['from'] == "home")
3118          {
3119              flash_message($admin_session['data']['flash_message2']['message'], $admin_session['data']['flash_message2']['type']);
3120              update_admin_session('flash_message2', '');
3121              update_admin_session('from', '');
3122              admin_redirect("index.php");
3123              exit;
3124          }
3125          else
3126          {
3127              $errors[] = $lang->error_no_users_found;
3128          }
3129      }
3130  
3131      // If we have any error messages, show them
3132      if($errors)
3133      {
3134          if($inline != true)
3135          {
3136              echo "<div style=\"display: inline; float: right;\">{$admin_view['popup']}</div><br />\n";
3137          }
3138          $page->output_inline_error($errors);
3139      }
3140  
3141      echo $results;
3142  
3143      $page->output_footer();
3144  }
3145  
3146  /**
3147   * @param array $view
3148   *
3149   * @return string
3150   */
3151  function build_users_view($view)
3152  {
3153      global $mybb, $db, $cache, $lang, $user_view_fields, $page;
3154  
3155      if($view['view_type'] != 'card')
3156      {
3157          $view['view_type'] = 'table';
3158      }
3159  
3160      $view_title = '';
3161      if($view['title'])
3162      {
3163          $title_string = "view_title_{$view['vid']}";
3164  
3165          if($lang->$title_string)
3166          {
3167              $view['title'] = $lang->$title_string;
3168          }
3169  
3170          $view_title .= " (".htmlspecialchars_uni($view['title']).")";
3171      }
3172  
3173      // Build the URL to this view
3174      if(!isset($view['url']))
3175      {
3176          $view['url'] = "index.php?module=user-users";
3177      }
3178      if(!is_array($view['conditions']))
3179      {
3180          $view['conditions'] = my_unserialize($view['conditions']);
3181      }
3182      if(!is_array($view['fields']))
3183      {
3184          $view['fields'] = my_unserialize($view['fields']);
3185      }
3186      if(!is_array($view['custom_profile_fields']))
3187      {
3188