[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> modcp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'modcp.php');
  13  
  14  $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation";
  15  $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview";
  16  $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning";
  17  $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info";
  18  $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts";
  19  $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist";
  20  $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link";
  21  $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link";
  22  $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away";
  23  $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link";
  24  $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete";
  25  $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread";
  26  $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active";
  27  $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text";
  28  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit";
  29  $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/functions_upload.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  require_once  MYBB_ROOT."inc/class_parser.php";
  36  $parser = new postParser;
  37  
  38  // Set up the array of ban times.
  39  $bantimes = fetch_ban_times();
  40  
  41  // Load global language phrases
  42  $lang->load("modcp");
  43  $lang->load("announcements");
  44  
  45  if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
  46  {
  47      error_no_permission();
  48  }
  49  
  50  if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
  51  {
  52      $mybb->settings['threadsperpage'] = 20;
  53  }
  54  
  55  $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach =
  56  $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = '';
  57  // SQL for fetching items only related to forums this user moderates
  58  $moderated_forums = array();
  59  if($mybb->usergroup['issupermod'] != 1)
  60  {
  61      $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id='{$mybb->user['usergroup']}' AND isgroup = '1')");
  62  
  63      $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  64      while($forum = $db->fetch_array($query))
  65      {
  66          // For Announcements
  67          if($forum['canmanageannouncements'] == 1)
  68          {
  69              ++$numannouncements;
  70          }
  71  
  72          // For the Mod Queues
  73          if($forum['canapproveunapprovethreads'] == 1)
  74          {
  75              $flist_queue_threads .= ",'{$forum['fid']}'";
  76  
  77              $children = get_child_list($forum['fid']);
  78              if(!empty($children))
  79              {
  80                  $flist_queue_threads .= ",'".implode("','", $children)."'";
  81              }
  82              ++$nummodqueuethreads;
  83          }
  84  
  85          if($forum['canapproveunapproveposts'] == 1)
  86          {
  87              $flist_queue_posts .= ",'{$forum['fid']}'";
  88  
  89              $children = get_child_list($forum['fid']);
  90              if(!empty($children))
  91              {
  92                  $flist_queue_posts .= ",'".implode("','", $children)."'";
  93              }
  94              ++$nummodqueueposts;
  95          }
  96  
  97          if($forum['canapproveunapproveattachs'] == 1)
  98          {
  99              $flist_queue_attach .= ",'{$forum['fid']}'";
 100  
 101              $children = get_child_list($forum['fid']);
 102              if(!empty($children))
 103              {
 104                  $flist_queue_attach .= ",'".implode("','", $children)."'";
 105              }
 106              ++$nummodqueueattach;
 107          }
 108  
 109          // For Reported posts
 110          if($forum['canmanagereportedposts'] == 1)
 111          {
 112              $flist_reports .= ",'{$forum['fid']}'";
 113  
 114              $children = get_child_list($forum['fid']);
 115              if(!empty($children))
 116              {
 117                  $flist_reports .= ",'".implode("','", $children)."'";
 118              }
 119              ++$numreportedposts;
 120          }
 121  
 122          // For the Mod Log
 123          if($forum['canviewmodlog'] == 1)
 124          {
 125              $flist_modlog .= ",'{$forum['fid']}'";
 126  
 127              $children = get_child_list($forum['fid']);
 128              if(!empty($children))
 129              {
 130                  $flist_modlog .= ",'".implode("','", $children)."'";
 131              }
 132              ++$nummodlogs;
 133          }
 134  
 135          $flist .= ",'{$forum['fid']}'";
 136  
 137          $children = get_child_list($forum['fid']);
 138          if(!empty($children))
 139          {
 140              $flist .= ",'".implode("','", $children)."'";
 141          }
 142          $moderated_forums[] = $forum['fid'];
 143      }
 144      if($flist_queue_threads)
 145      {
 146          $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})";
 147          $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})";
 148      }
 149      if($flist_queue_posts)
 150      {
 151          $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})";
 152          $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})";
 153      }
 154      if($flist_queue_attach)
 155      {
 156          $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})";
 157          $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})";
 158      }
 159      if($flist_reports)
 160      {
 161          $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})";
 162          $tflist_reports = " AND r.id3 IN (0{$flist_reports})";
 163          $flist_reports = " AND id3 IN (0{$flist_reports})";
 164      }
 165      if($flist_modlog)
 166      {
 167          $tflist_modlog = " AND t.fid IN (0{$flist_modlog})";
 168          $flist_modlog = " AND fid IN (0{$flist_modlog})";
 169      }
 170      if($flist)
 171      {
 172          $tflist = " AND t.fid IN (0{$flist})";
 173          $flist = " AND fid IN (0{$flist})";
 174      }
 175  }
 176  
 177  // Retrieve a list of unviewable forums
 178  $unviewableforums = get_unviewable_forums();
 179  $inactiveforums = get_inactive_forums();
 180  $unviewablefids1 = $unviewablefids2 = array();
 181  
 182  if($unviewableforums)
 183  {
 184      $flist .= " AND fid NOT IN ({$unviewableforums})";
 185      $tflist .= " AND t.fid NOT IN ({$unviewableforums})";
 186  
 187      $unviewablefids1 = explode(',', $unviewableforums);
 188  }
 189  
 190  if($inactiveforums)
 191  {
 192      $flist .= " AND fid NOT IN ({$inactiveforums})";
 193      $tflist .= " AND t.fid NOT IN ({$inactiveforums})";
 194  
 195      $unviewablefids2 = explode(',', $inactiveforums);
 196  }
 197  
 198  $unviewableforums = array_merge($unviewablefids1, $unviewablefids2);
 199  
 200  if(!isset($collapsedimg['modcpforums']))
 201  {
 202      $collapsedimg['modcpforums'] = '';
 203  }
 204  
 205  if(!isset($collapsed['modcpforums_e']))
 206  {
 207      $collapsed['modcpforums_e'] = '';
 208  }
 209  
 210  if(!isset($collapsedimg['modcpusers']))
 211  {
 212      $collapsedimg['modcpusers'] = '';
 213  }
 214  
 215  if(!isset($collapsed['modcpusers_e']))
 216  {
 217      $collapsed['modcpusers_e'] = '';
 218  }
 219  
 220  // Fetch the Mod CP menu
 221  $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = '';
 222  if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1)
 223  {
 224      eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";");
 225  }
 226  
 227  if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1)
 228  {
 229      eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";");
 230  }
 231  
 232  if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1)
 233  {
 234      eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";");
 235  }
 236  
 237  if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1)
 238  {
 239      eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";");
 240  }
 241  
 242  if($mybb->usergroup['caneditprofiles'] == 1)
 243  {
 244      eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";");
 245  }
 246  
 247  if($mybb->usergroup['canbanusers'] == 1)
 248  {
 249      eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";");
 250  }
 251  
 252  if($mybb->usergroup['canviewwarnlogs'] == 1)
 253  {
 254      eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";");
 255  }
 256  
 257  if($mybb->usergroup['canuseipsearch'] == 1)
 258  {
 259      eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";");
 260  }
 261  
 262  $plugins->run_hooks("modcp_nav");
 263  
 264  if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs))
 265  {
 266      eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";");
 267  }
 268  
 269  if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch))
 270  {
 271      eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";");
 272  }
 273  
 274  eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";");
 275  
 276  $plugins->run_hooks("modcp_start");
 277  
 278  // Make navigation
 279  add_breadcrumb($lang->nav_modcp, "modcp.php");
 280  
 281  $mybb->input['action'] = $mybb->get_input('action');
 282  if($mybb->input['action'] == "do_reports")
 283  {
 284      // Verify incoming POST request
 285      verify_post_check($mybb->get_input('my_post_key'));
 286  
 287      $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY);
 288      if(empty($mybb->input['reports']))
 289      {
 290          error($lang->error_noselected_reports);
 291      }
 292  
 293      $sql = '1=1';
 294      if(empty($mybb->input['allbox']))
 295      {
 296          $mybb->input['reports'] = array_map("intval", $mybb->input['reports']);
 297          $rids = implode("','", $mybb->input['reports']);
 298  
 299          $sql = "rid IN ('0','{$rids}')";
 300      }
 301  
 302      $plugins->run_hooks("modcp_do_reports");
 303  
 304      $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}");
 305      $cache->update_reportedcontent();
 306  
 307      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 308  
 309      redirect("modcp.php?action=reports&page={$page}", $lang->redirect_reportsmarked);
 310  }
 311  
 312  if($mybb->input['action'] == "reports")
 313  {
 314      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 315      {
 316          error_no_permission();
 317      }
 318  
 319      if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1)
 320      {
 321          error($lang->you_cannot_view_reported_posts);
 322      }
 323  
 324      $lang->load('report');
 325      add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports");
 326  
 327      $perpage = $mybb->settings['threadsperpage'];
 328      if(!$perpage)
 329      {
 330          $perpage = 20;
 331      }
 332  
 333      // Multipage
 334      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 335      {
 336          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'");
 337          $report_count = $db->fetch_field($query, "count");
 338      }
 339      else
 340      {
 341          $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')");
 342  
 343          $report_count = 0;
 344          while($fid = $db->fetch_field($query, 'id3'))
 345          {
 346              if(is_moderator($fid, "canmanagereportedposts"))
 347              {
 348                  ++$report_count;
 349              }
 350          }
 351          unset($fid);
 352      }
 353  
 354      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 355  
 356      $postcount = (int)$report_count;
 357      $pages = $postcount / $perpage;
 358      $pages = ceil($pages);
 359  
 360      if($page > $pages || $page <= 0)
 361      {
 362          $page = 1;
 363      }
 364  
 365      if($page && $page > 0)
 366      {
 367          $start = ($page-1) * $perpage;
 368      }
 369      else
 370      {
 371          $start = 0;
 372          $page = 1;
 373      }
 374  
 375      $multipage = $reportspages = '';
 376      if($postcount > $perpage)
 377      {
 378          $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports");
 379          eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 380      }
 381  
 382      $plugins->run_hooks("modcp_reports_start");
 383  
 384      // Reports
 385      $reports = '';
 386      $query = $db->query("
 387          SELECT r.*, u.username, rr.title
 388          FROM ".TABLE_PREFIX."reportedcontent r
 389          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid)
 390          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 391          WHERE r.reportstatus = '0'{$tflist_reports}
 392          ORDER BY r.reports DESC
 393          LIMIT {$start}, {$perpage}
 394      ");
 395  
 396      if(!$db->num_rows($query))
 397      {
 398          // No unread reports
 399          eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";");
 400      }
 401      else
 402      {
 403          $reportedcontent = $cache->read("reportedcontent");
 404          $reportcache = $usercache = $postcache = array();
 405  
 406          while($report = $db->fetch_array($query))
 407          {
 408              if($report['type'] == 'profile' || $report['type'] == 'reputation')
 409              {
 410                  // Profile UID is in ID
 411                  if(!isset($usercache[$report['id']]))
 412                  {
 413                      $usercache[$report['id']] = $report['id'];
 414                  }
 415  
 416                  // Reputation comment? The offender is the ID2
 417                  if($report['type'] == 'reputation')
 418                  {
 419                      if(!isset($usercache[$report['id2']]))
 420                      {
 421                          $usercache[$report['id2']] = $report['id2'];
 422                      }
 423                      if(!isset($usercache[$report['id3']]))
 424                      {
 425                          // The user who was offended
 426                          $usercache[$report['id3']] = $report['id3'];
 427                      }
 428                  }
 429              }
 430              else if(!$report['type'] || $report['type'] == 'post')
 431              {
 432                  // This (should) be a post
 433                  $postcache[$report['id']] = $report['id'];
 434              }
 435  
 436              // Lastpost info - is it missing (pre-1.8)?
 437              $lastposter = $report['uid'];
 438              if(!$report['lastreport'])
 439              {
 440                  // Last reporter is our first reporter
 441                  $report['lastreport'] = $report['dateline'];
 442              }
 443  
 444              if($report['reporters'])
 445              {
 446                  $reporters = my_unserialize($report['reporters']);
 447  
 448                  if(is_array($reporters))
 449                  {
 450                      $lastposter = end($reporters);
 451                  }
 452              }
 453  
 454              if(!isset($usercache[$lastposter]))
 455              {
 456                  $usercache[$lastposter] = $lastposter;
 457              }
 458  
 459              $report['lastreporter'] = $lastposter;
 460              $reportcache[] = $report;
 461          }
 462  
 463          // Report Center gets messy
 464          // Find information about our users (because we don't log it when they file a report)
 465          if(!empty($usercache))
 466          {
 467              $sql = implode(',', array_keys($usercache));
 468              $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})");
 469  
 470              while($user = $db->fetch_array($query))
 471              {
 472                  $usercache[$user['uid']] = $user;
 473              }
 474          }
 475  
 476          // Messy * 2
 477          // Find out post information for our reported posts
 478          if(!empty($postcache))
 479          {
 480              $sql = implode(',', array_keys($postcache));
 481              $query = $db->query("
 482                  SELECT p.pid, p.uid, p.username, p.tid, t.subject
 483                  FROM ".TABLE_PREFIX."posts p
 484                  LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid)
 485                  WHERE p.pid IN ({$sql})
 486              ");
 487  
 488              while($post = $db->fetch_array($query))
 489              {
 490                  $postcache[$post['pid']] = $post;
 491              }
 492          }
 493  
 494          $plugins->run_hooks('modcp_reports_intermediate');
 495  
 496          // Now that we have all of the information needed, display the reports
 497          foreach($reportcache as $report)
 498          {
 499              $trow = alt_trow();
 500  
 501              if(!$report['type'])
 502              {
 503                  // Assume a post
 504                  $report['type'] = 'post';
 505              }
 506  
 507              // Report Information
 508              $report_data = array();
 509  
 510              switch($report['type'])
 511              {
 512                  case 'post':
 513                      $post = get_post_link($report['id'])."#pid{$report['id']}";
 514                      $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']);
 515                      $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 516  
 517                      $thread_link = get_thread_link($postcache[$report['id']]['tid']);
 518                      $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject']));
 519                      $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 520  
 521                      break;
 522                  case 'profile':
 523                      $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']);
 524                      $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 525                      break;
 526                  case 'reputation':
 527                      $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}";
 528                      $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']);
 529                      $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user);
 530  
 531                      $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']);
 532                      $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user);
 533                      break;
 534              }
 535  
 536              // Report reason and comment
 537              if($report['reasonid'] > 0)
 538              {
 539                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 540  
 541                  if(empty($report['reason']))
 542                  {
 543                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 544                  }
 545                  else
 546                  {
 547                      $comment = htmlspecialchars_uni($report['reason']);
 548                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 549                  }
 550              }
 551              else
 552              {
 553                  $report_data['comment'] = $lang->na;
 554              }
 555  
 556              $report_reports = 1;
 557              if($report['reports'])
 558              {
 559                  $report_data['reports'] = my_number_format($report['reports']);
 560              }
 561  
 562              if($report['lastreporter'])
 563              {
 564                  if(is_array($usercache[$report['lastreporter']]))
 565                  {
 566                      $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']);
 567                  }
 568                  elseif($usercache[$report['lastreporter']] > 0)
 569                  {
 570                      $lastreport_user = $lang->na_deleted;
 571                  }
 572  
 573                  $lastreport_date = my_date('relative', $report['lastreport']);
 574                  $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user);
 575              }
 576  
 577              $plugins->run_hooks("modcp_reports_report");
 578              eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";");
 579          }
 580      }
 581  
 582      $plugins->run_hooks("modcp_reports_end");
 583  
 584      eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";");
 585      output_page($reportedcontent);
 586  }
 587  
 588  if($mybb->input['action'] == "allreports")
 589  {
 590      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 591      {
 592          error_no_permission();
 593      }
 594  
 595      $lang->load('report');
 596  
 597      add_breadcrumb($lang->report_center, "modcp.php?action=reports");
 598      add_breadcrumb($lang->all_reports, "modcp.php?action=allreports");
 599  
 600      if(!$mybb->settings['threadsperpage'])
 601      {
 602          $mybb->settings['threadsperpage'] = 20;
 603      }
 604  
 605      // Figure out if we need to display multiple pages.
 606      $perpage = $mybb->settings['threadsperpage'];
 607      if($mybb->get_input('page') != "last")
 608      {
 609          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 610      }
 611  
 612      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 613      {
 614          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count");
 615          $report_count = $db->fetch_field($query, "count");
 616      }
 617      else
 618      {
 619          $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''");
 620  
 621          $report_count = 0;
 622          while($fid = $db->fetch_field($query, 'id3'))
 623          {
 624              if(is_moderator($fid, "canmanagereportedposts"))
 625              {
 626                  ++$report_count;
 627              }
 628          }
 629          unset($fid);
 630      }
 631  
 632      if(isset($mybb->input['rid']))
 633      {
 634          $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT);
 635          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'");
 636          $result = $db->fetch_field($query, "count");
 637          if(($result % $perpage) == 0)
 638          {
 639              $page = $result / $perpage;
 640          }
 641          else
 642          {
 643              $page = (int)$result / $perpage + 1;
 644          }
 645      }
 646      $postcount = (int)$report_count;
 647      $pages = $postcount / $perpage;
 648      $pages = ceil($pages);
 649  
 650      if($mybb->get_input('page') == "last")
 651      {
 652          $page = $pages;
 653      }
 654  
 655      if($page > $pages || $page <= 0)
 656      {
 657          $page = 1;
 658      }
 659  
 660      if($page)
 661      {
 662          $start = ($page-1) * $perpage;
 663      }
 664      else
 665      {
 666          $start = 0;
 667          $page = 1;
 668      }
 669      $upper = $start+$perpage;
 670  
 671      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
 672      $allreportspages = '';
 673      if($postcount > $perpage)
 674      {
 675          eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 676      }
 677  
 678      $plugins->run_hooks("modcp_allreports_start");
 679  
 680      $query = $db->query("
 681          SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title
 682          FROM ".TABLE_PREFIX."reportedcontent r
 683          LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid)
 684          LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)
 685          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
 686          LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
 687          LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id)
 688          LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2)
 689          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 690          {$wflist_reports}
 691          ORDER BY r.dateline DESC
 692          LIMIT {$start}, {$perpage}
 693      ");
 694  
 695      $allreports = '';
 696      if(!$db->num_rows($query))
 697      {
 698          eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";");
 699      }
 700      else
 701      {
 702          while($report = $db->fetch_array($query))
 703          {
 704              $trow = alt_trow();
 705  
 706              if($report['type'] == 'post')
 707              {
 708                  $post = get_post_link($report['id'])."#pid{$report['id']}";
 709                  $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']);
 710                  $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 711  
 712                  $thread_link = get_thread_link($report['id2']);
 713                  $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject']));
 714                  $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 715              }
 716              else if($report['type'] == 'profile')
 717              {
 718                  $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']);
 719                  $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 720              }
 721              else if($report['type'] == 'reputation')
 722              {
 723                  $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']);
 724                  $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}";
 725                  $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user);
 726              }
 727  
 728              // Report reason and comment
 729              if($report['reasonid'] > 0)
 730              {
 731                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 732  
 733                  if(empty($report['reason']))
 734                  {
 735                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 736                  }
 737                  else
 738                  {
 739                      $comment = htmlspecialchars_uni($report['reason']);
 740                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 741                  }
 742              }
 743              else
 744              {
 745                  $report_data['comment'] = $lang->na;
 746              }
 747  
 748              $report['reporterlink'] = get_profile_link($report['uid']);
 749              if(!$report['username'])
 750              {
 751                  $report['username'] = $lang->na_deleted;
 752                  $report['reporterlink'] = $post;
 753              }
 754              $report['username'] = htmlspecialchars_uni($report['username']);
 755  
 756              $report_data['reports'] = my_number_format($report['reports']);
 757              $report_data['time'] = my_date('relative', $report['dateline']);
 758  
 759              $plugins->run_hooks("modcp_allreports_report");
 760              eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";");
 761          }
 762      }
 763  
 764      $plugins->run_hooks("modcp_allreports_end");
 765  
 766      eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";");
 767      output_page($allreportedcontent);
 768  }
 769  
 770  if($mybb->input['action'] == "modlogs")
 771  {
 772      if($mybb->usergroup['canviewmodlogs'] == 0)
 773      {
 774          error_no_permission();
 775      }
 776  
 777      if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1)
 778      {
 779          error($lang->you_cannot_view_mod_logs);
 780      }
 781  
 782      add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");
 783  
 784      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
 785      if(!$perpage || $perpage <= 0)
 786      {
 787          $perpage = $mybb->settings['threadsperpage'];
 788      }
 789  
 790      $where = '';
 791  
 792      // Searching for entries by a particular user
 793      if($mybb->get_input('uid', MyBB::INPUT_INT))
 794      {
 795          $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
 796      }
 797  
 798      // Searching for entries in a specific forum
 799      if($mybb->get_input('fid', MyBB::INPUT_INT))
 800      {
 801          $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
 802      }
 803  
 804      $mybb->input['sortby'] = $mybb->get_input('sortby');
 805  
 806      // Order?
 807      switch($mybb->input['sortby'])
 808      {
 809          case "username":
 810              $sortby = "u.username";
 811              break;
 812          case "forum":
 813              $sortby = "f.name";
 814              break;
 815          case "thread":
 816              $sortby = "t.subject";
 817              break;
 818          default:
 819              $sortby = "l.dateline";
 820      }
 821      $order = $mybb->get_input('order');
 822      if($order != "asc")
 823      {
 824          $order = "desc";
 825      }
 826  
 827      $plugins->run_hooks("modcp_modlogs_start");
 828  
 829      $query = $db->query("
 830          SELECT COUNT(l.dateline) AS count
 831          FROM ".TABLE_PREFIX."moderatorlog l
 832          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 833          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 834          WHERE 1=1 {$where}{$tflist_modlog}
 835      ");
 836      $rescount = $db->fetch_field($query, "count");
 837  
 838      // Figure out if we need to display multiple pages.
 839      if($mybb->get_input('page') != "last")
 840      {
 841          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 842      }
 843  
 844      $postcount = (int)$rescount;
 845      $pages = $postcount / $perpage;
 846      $pages = ceil($pages);
 847  
 848      if($mybb->get_input('page') == "last")
 849      {
 850          $page = $pages;
 851      }
 852  
 853      if($page > $pages || $page <= 0)
 854      {
 855          $page = 1;
 856      }
 857  
 858      if($page)
 859      {
 860          $start = ($page-1) * $perpage;
 861      }
 862      else
 863      {
 864          $start = 0;
 865          $page = 1;
 866      }
 867  
 868      $page_url = 'modcp.php?action=modlogs&amp;perpage='.$perpage;
 869      foreach(array('uid', 'fid') as $field)
 870      {
 871          $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT);
 872          if(!empty($mybb->input[$field]))
 873          {
 874              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 875          }
 876      }
 877      foreach(array('sortby', 'order') as $field)
 878      {
 879          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
 880          if(!empty($mybb->input[$field]))
 881          {
 882              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 883          }
 884      }
 885  
 886      $multipage = multipage($postcount, $perpage, $page, $page_url);
 887      $resultspages = '';
 888      if($postcount > $perpage)
 889      {
 890          eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");
 891      }
 892      $query = $db->query("
 893          SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
 894          FROM ".TABLE_PREFIX."moderatorlog l
 895          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 896          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 897          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
 898          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
 899          WHERE 1=1 {$where}{$tflist_modlog}
 900          ORDER BY {$sortby} {$order}
 901          LIMIT {$start}, {$perpage}
 902      ");
 903      $results = '';
 904      while($logitem = $db->fetch_array($query))
 905      {
 906          $information = '';
 907          $logitem['action'] = htmlspecialchars_uni($logitem['action']);
 908          $log_date = my_date('relative', $logitem['dateline']);
 909          $trow = alt_trow();
 910          $logitem['username'] = htmlspecialchars_uni($logitem['username']);
 911          $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
 912          $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
 913          $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress']));
 914  
 915          if($logitem['tsubject'])
 916          {
 917              $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject']));
 918              $logitem['thread'] = get_thread_link($logitem['tid']);
 919              eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";");
 920          }
 921          if($logitem['fname'])
 922          {
 923              $logitem['forum'] = get_forum_link($logitem['fid']);
 924              eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";");
 925          }
 926          if($logitem['psubject'])
 927          {
 928              $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject']));
 929              $logitem['post'] = get_post_link($logitem['pid']);
 930              eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";");
 931          }
 932  
 933          // Edited a user or managed announcement?
 934          if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
 935          {
 936              $data = my_unserialize($logitem['data']);
 937              if(!empty($data['uid']))
 938              {
 939                  $data['username'] = htmlspecialchars_uni($data['username']);
 940                  $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
 941              }
 942              if(!empty($data['aid']))
 943              {
 944                  $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject']));
 945                  $data['announcement'] = get_announcement_link($data['aid']);
 946                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";");
 947              }
 948          }
 949  
 950          $plugins->run_hooks("modcp_modlogs_result");
 951  
 952          eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");
 953      }
 954  
 955      if(!$results)
 956      {
 957          eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");
 958      }
 959  
 960      $plugins->run_hooks("modcp_modlogs_filter");
 961  
 962      // Fetch filter options
 963      $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => '');
 964      $sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";
 965      $ordersel = array('asc' => '', 'desc' => '');
 966      $ordersel[$order] = "selected=\"selected\"";
 967      $user_options = '';
 968      $query = $db->query("
 969          SELECT DISTINCT l.uid, u.username
 970          FROM ".TABLE_PREFIX."moderatorlog l
 971          LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid)
 972          ORDER BY u.username ASC
 973      ");
 974      while($user = $db->fetch_array($query))
 975      {
 976          // Deleted Users
 977          if(!$user['username'])
 978          {
 979              $user['username'] = $lang->na_deleted;
 980          }
 981  
 982          $selected = '';
 983          if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid'])
 984          {
 985              $selected = " selected=\"selected\"";
 986          }
 987  
 988          $user['username'] = htmlspecialchars_uni($user['username']);
 989          eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";");
 990      }
 991  
 992      $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid");
 993  
 994      eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";");
 995      output_page($modlogs);
 996  }
 997  
 998  if($mybb->input['action'] == "do_delete_announcement")
 999  {
1000      verify_post_check($mybb->get_input('my_post_key'));
1001  
1002      if($mybb->usergroup['canmanageannounce'] == 0)
1003      {
1004          error_no_permission();
1005      }
1006  
1007      $aid = $mybb->get_input('aid');
1008      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1009      $announcement = $db->fetch_array($query);
1010  
1011      if(!$announcement)
1012      {
1013          error($lang->error_invalid_announcement);
1014      }
1015      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1016      {
1017          error_no_permission();
1018      }
1019  
1020      $plugins->run_hooks("modcp_do_delete_announcement");
1021  
1022      $db->delete_query("announcements", "aid='{$aid}'");
1023      log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted);
1024      $cache->update_forumsdisplay();
1025  
1026      redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);
1027  }
1028  
1029  if($mybb->input['action'] == "delete_announcement")
1030  {
1031      if($mybb->usergroup['canmanageannounce'] == 0)
1032      {
1033          error_no_permission();
1034      }
1035  
1036      $aid = $mybb->get_input('aid');
1037      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1038  
1039      $announcement = $db->fetch_array($query);
1040      $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1041  
1042      if(!$announcement)
1043      {
1044          error($lang->error_invalid_announcement);
1045      }
1046  
1047      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1048      {
1049          error_no_permission();
1050      }
1051  
1052      $plugins->run_hooks("modcp_delete_announcement");
1053  
1054      eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
1055      output_page($announcements);
1056  }
1057  
1058  if($mybb->input['action'] == "do_new_announcement")
1059  {
1060      verify_post_check($mybb->get_input('my_post_key'));
1061  
1062      if($mybb->usergroup['canmanageannounce'] == 0)
1063      {
1064          error_no_permission();
1065      }
1066  
1067      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1068      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1069      {
1070          error_no_permission();
1071      }
1072  
1073      $errors = array();
1074  
1075      $mybb->input['title'] = $mybb->get_input('title');
1076      if(!trim($mybb->input['title']))
1077      {
1078          $errors[] = $lang->error_missing_title;
1079      }
1080  
1081      $mybb->input['message'] = $mybb->get_input('message');
1082      if(!trim($mybb->input['message']))
1083      {
1084          $errors[] = $lang->error_missing_message;
1085      }
1086  
1087      if(!$announcement_fid)
1088      {
1089          $errors[] = $lang->error_missing_forum;
1090      }
1091  
1092      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1093      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1094      $startdate = @explode(" ", $mybb->input['starttime_time']);
1095      $startdate = @explode(":", $startdate[0]);
1096      $enddate = @explode(" ", $mybb->input['endtime_time']);
1097      $enddate = @explode(":", $enddate[0]);
1098  
1099      if(stristr($mybb->input['starttime_time'], "pm"))
1100      {
1101          $startdate[0] = 12+$startdate[0];
1102          if($startdate[0] >= 24)
1103          {
1104              $startdate[0] = "00";
1105          }
1106      }
1107  
1108      if(stristr($mybb->input['endtime_time'], "pm"))
1109      {
1110          $enddate[0] = 12+$enddate[0];
1111          if($enddate[0] >= 24)
1112          {
1113              $enddate[0] = "00";
1114          }
1115      }
1116  
1117      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1118      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1119      if(!in_array($mybb->input['starttime_month'], $months))
1120      {
1121          $mybb->input['starttime_month'] = '01';
1122      }
1123  
1124      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1125  
1126      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1127      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1128      {
1129          $errors[] = $lang->error_invalid_start_date;
1130      }
1131  
1132      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2)
1133      {
1134          $enddate = '0';
1135          $mybb->input['endtime_month'] = '01';
1136      }
1137      else
1138      {
1139          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1140          if(!in_array($mybb->input['endtime_month'], $months))
1141          {
1142              $mybb->input['endtime_month'] = '01';
1143          }
1144          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1145          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1146          {
1147              $errors[] = $lang->error_invalid_end_date;
1148          }
1149  
1150          if($enddate <= $startdate)
1151          {
1152              $errors[] = $lang->error_end_before_start;
1153          }
1154      }
1155  
1156      if($mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1157      {
1158          $allowhtml = 1;
1159      }
1160      else
1161      {
1162          $allowhtml = 0;
1163      }
1164      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1165      {
1166          $allowmycode = 1;
1167      }
1168      else
1169      {
1170          $allowmycode = 0;
1171      }
1172      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1173      {
1174          $allowsmilies = 1;
1175      }
1176      else
1177      {
1178          $allowsmilies = 0;
1179      }
1180  
1181      $plugins->run_hooks("modcp_do_new_announcement_start");
1182  
1183      if(!$errors)
1184      {
1185          if(isset($mybb->input['preview']))
1186          {
1187              $preview = array();
1188              $mybb->input['action'] = 'new_announcement';
1189          }
1190          else
1191          {
1192              $insert_announcement = array(
1193                  'fid' => $announcement_fid,
1194                  'uid' => $mybb->user['uid'],
1195                  'subject' => $db->escape_string($mybb->input['title']),
1196                  'message' => $db->escape_string($mybb->input['message']),
1197                  'startdate' => $startdate,
1198                  'enddate' => $enddate,
1199                  'allowhtml' => $allowhtml,
1200                  'allowmycode' => $allowmycode,
1201                  'allowsmilies' => $allowsmilies
1202              );
1203              $aid = $db->insert_query("announcements", $insert_announcement);
1204  
1205              log_moderator_action(array("aid" => $aid, "subject" => $db->escape_string($mybb->input['title'])), $lang->announcement_added);
1206  
1207              $plugins->run_hooks("modcp_do_new_announcement_end");
1208  
1209              $cache->update_forumsdisplay();
1210              redirect("modcp.php?action=announcements", $lang->redirect_add_announcement);
1211          }
1212      }
1213      else
1214      {
1215          $mybb->input['action'] = 'new_announcement';
1216      }
1217  }
1218  
1219  if($mybb->input['action'] == "new_announcement")
1220  {
1221      if($mybb->usergroup['canmanageannounce'] == 0)
1222      {
1223          error_no_permission();
1224      }
1225  
1226      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1227      add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements");
1228  
1229      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1230  
1231      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1232      {
1233          error_no_permission();
1234      }
1235  
1236      // Deal with inline errors
1237      if(!empty($errors) || isset($preview))
1238      {
1239          if(!empty($errors))
1240          {
1241              $errors = inline_error($errors);
1242          }
1243          else
1244          {
1245              $errors = '';
1246          }
1247  
1248          // Set $announcement to input stuff
1249          $announcement['subject'] = $mybb->input['title'];
1250          $announcement['message'] = $mybb->input['message'];
1251          $announcement['allowhtml'] = $allowhtml;
1252          $announcement['allowmycode'] = $allowmycode;
1253          $announcement['allowsmilies'] = $allowsmilies;
1254  
1255          $startmonth = $mybb->input['starttime_month'];
1256          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1257          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1258          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1259          $endmonth = $mybb->input['endtime_month'];
1260          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1261          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1262          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1263      }
1264      else
1265      {
1266          $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1267  
1268          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1269          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1270          $startday = $endday = gmdate("j", $localized_time);
1271          $startmonth = $endmonth = gmdate("m", $localized_time);
1272          $startdateyear = gmdate("Y", $localized_time);
1273  
1274          $announcement = array(
1275              'subject' => '',
1276              'message' => '',
1277              'allowhtml' => 1,
1278              'allowmycode' => 1,
1279              'allowsmilies' => 1
1280              );
1281  
1282          $enddateyear = $startdateyear+1;
1283      }
1284  
1285      // Generate form elements
1286      $startdateday = $enddateday = '';
1287      for($day = 1; $day <= 31; ++$day)
1288      {
1289          if($startday == $day)
1290          {
1291              $selected = " selected=\"selected\"";
1292              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1293          }
1294          else
1295          {
1296              $selected = '';
1297              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1298          }
1299  
1300          if($endday == $day)
1301          {
1302              $selected = " selected=\"selected\"";
1303              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1304          }
1305          else
1306          {
1307              $selected = '';
1308              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1309          }
1310      }
1311  
1312      $startmonthsel = $endmonthsel = array();
1313      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1314      {
1315          $startmonthsel[$month] = '';
1316          $endmonthsel[$month] = '';
1317      }
1318      $startmonthsel[$startmonth] = "selected=\"selected\"";
1319      $endmonthsel[$endmonth] = "selected=\"selected\"";
1320  
1321      $startdatemonth = $enddatemonth = '';
1322  
1323      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1324      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1325  
1326      $title = htmlspecialchars_uni($announcement['subject']);
1327      $message = htmlspecialchars_uni($announcement['message']);
1328  
1329      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1330      if($announcement['allowhtml'])
1331      {
1332          $html_sel['yes'] = ' checked="checked"';
1333      }
1334      else
1335      {
1336          $html_sel['no'] = ' checked="checked"';
1337      }
1338  
1339      if($announcement['allowmycode'])
1340      {
1341          $mycode_sel['yes'] = ' checked="checked"';
1342      }
1343      else
1344      {
1345          $mycode_sel['no'] = ' checked="checked"';
1346      }
1347  
1348      if($announcement['allowsmilies'])
1349      {
1350          $smilies_sel['yes'] = ' checked="checked"';
1351      }
1352      else
1353      {
1354          $smilies_sel['no'] = ' checked="checked"';
1355      }
1356  
1357      $end_type_sel = array('infinite' => '', 'finite' => '');
1358      if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2)
1359      {
1360          $end_type_sel['infinite'] = ' checked="checked"';
1361      }
1362      else
1363      {
1364          $end_type_sel['finite'] = ' checked="checked"';
1365      }
1366  
1367      // MyCode editor
1368      $codebuttons = build_mycode_inserter();
1369      $smilieinserter = build_clickable_smilies();
1370  
1371      if(isset($preview))
1372      {
1373          $announcementarray = array(
1374              'aid' => 0,
1375              'fid' => $announcement_fid,
1376              'uid' => $mybb->user['uid'],
1377              'subject' => $mybb->input['title'],
1378              'message' => $mybb->input['message'],
1379              'allowhtml' => $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1380              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1381              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1382              'dateline' => TIME_NOW,
1383              'userusername' => $mybb->user['username'],
1384          );
1385  
1386          $array = $mybb->user;
1387          foreach($array as $key => $element)
1388          {
1389              $announcementarray[$key] = $element;
1390          }
1391  
1392          // Gather usergroup data from the cache
1393          // Field => Array Key
1394          $data_key = array(
1395              'title' => 'grouptitle',
1396              'usertitle' => 'groupusertitle',
1397              'stars' => 'groupstars',
1398              'starimage' => 'groupstarimage',
1399              'image' => 'groupimage',
1400              'namestyle' => 'namestyle',
1401              'usereputationsystem' => 'usereputationsystem'
1402          );
1403  
1404          foreach($data_key as $field => $key)
1405          {
1406              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1407          }
1408  
1409          require_once  MYBB_ROOT."inc/functions_post.php";
1410          $postbit = build_postbit($announcementarray, 3);
1411          eval("\$preview = \"".$templates->get("previewpost")."\";");
1412      }
1413      else
1414      {
1415          $preview = '';
1416      }
1417  
1418      $plugins->run_hooks("modcp_new_announcement");
1419  
1420      eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";");
1421      output_page($announcements);
1422  }
1423  
1424  if($mybb->input['action'] == "do_edit_announcement")
1425  {
1426      verify_post_check($mybb->get_input('my_post_key'));
1427  
1428      if($mybb->usergroup['canmanageannounce'] == 0)
1429      {
1430          error_no_permission();
1431      }
1432  
1433      // Get the announcement
1434      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1435      $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1436      $announcement = $db->fetch_array($query);
1437  
1438      // Check that it exists
1439      if(!$announcement)
1440      {
1441          error($lang->error_invalid_announcement);
1442      }
1443  
1444      // Mod has permissions to edit this announcement
1445      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1446      {
1447          error_no_permission();
1448      }
1449  
1450      $errors = array();
1451  
1452      // Basic error checking
1453      $mybb->input['title'] = $mybb->get_input('title');
1454      if(!trim($mybb->input['title']))
1455      {
1456          $errors[] = $lang->error_missing_title;
1457      }
1458  
1459      $mybb->input['message'] = $mybb->get_input('message');
1460      if(!trim($mybb->input['message']))
1461      {
1462          $errors[] = $lang->error_missing_message;
1463      }
1464  
1465      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1466      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1467      $startdate = @explode(" ", $mybb->input['starttime_time']);
1468      $startdate = @explode(":", $startdate[0]);
1469      $enddate = @explode(" ", $mybb->input['endtime_time']);
1470      $enddate = @explode(":", $enddate[0]);
1471  
1472      if(stristr($mybb->input['starttime_time'], "pm"))
1473      {
1474          $startdate[0] = 12+$startdate[0];
1475          if($startdate[0] >= 24)
1476          {
1477              $startdate[0] = "00";
1478          }
1479      }
1480  
1481      if(stristr($mybb->input['endtime_time'], "pm"))
1482      {
1483          $enddate[0] = 12+$enddate[0];
1484          if($enddate[0] >= 24)
1485          {
1486              $enddate[0] = "00";
1487          }
1488      }
1489  
1490      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1491      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1492      if(!in_array($mybb->input['starttime_month'], $months))
1493      {
1494          $mybb->input['starttime_month'] = '01';
1495      }
1496  
1497      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1498  
1499      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1500      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1501      {
1502          $errors[] = $lang->error_invalid_start_date;
1503      }
1504  
1505      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2")
1506      {
1507          $enddate = '0';
1508          $mybb->input['endtime_month'] = '01';
1509      }
1510      else
1511      {
1512          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1513          if(!in_array($mybb->input['endtime_month'], $months))
1514          {
1515              $mybb->input['endtime_month'] = '01';
1516          }
1517          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1518          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1519          {
1520              $errors[] = $lang->error_invalid_end_date;
1521          }
1522          elseif($enddate <= $startdate)
1523          {
1524              $errors[] = $lang->error_end_before_start;
1525          }
1526      }
1527  
1528      if($mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1529      {
1530          $allowhtml = 1;
1531      }
1532      else
1533      {
1534          $allowhtml = 0;
1535      }
1536      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1537      {
1538          $allowmycode = 1;
1539      }
1540      else
1541      {
1542          $allowmycode = 0;
1543      }
1544      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1545      {
1546          $allowsmilies = 1;
1547      }
1548      else
1549      {
1550          $allowsmilies = 0;
1551      }
1552  
1553      $plugins->run_hooks("modcp_do_edit_announcement_start");
1554  
1555      // Proceed to update if no errors
1556      if(!$errors)
1557      {
1558          if(isset($mybb->input['preview']))
1559          {
1560              $preview = array();
1561              $mybb->input['action'] = 'edit_announcement';
1562          }
1563          else
1564          {
1565              $update_announcement = array(
1566                  'uid' => $mybb->user['uid'],
1567                  'subject' => $db->escape_string($mybb->input['title']),
1568                  'message' => $db->escape_string($mybb->input['message']),
1569                  'startdate' => $startdate,
1570                  'enddate' => $enddate,
1571                  'allowhtml' => $allowhtml,
1572                  'allowmycode' => $allowmycode,
1573                  'allowsmilies' => $allowsmilies
1574              );
1575              $db->update_query("announcements", $update_announcement, "aid='{$aid}'");
1576  
1577              log_moderator_action(array("aid" => $announcement['aid'], "subject" => $db->escape_string($mybb->input['title'])), $lang->announcement_edited);
1578  
1579              $plugins->run_hooks("modcp_do_edit_announcement_end");
1580  
1581              $cache->update_forumsdisplay();
1582              redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement);
1583          }
1584      }
1585      else
1586      {
1587          $mybb->input['action'] = 'edit_announcement';
1588      }
1589  }
1590  
1591  if($mybb->input['action'] == "edit_announcement")
1592  {
1593      if($mybb->usergroup['canmanageannounce'] == 0)
1594      {
1595          error_no_permission();
1596      }
1597  
1598      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1599  
1600      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1601      add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&amp;aid={$aid}");
1602  
1603      // Get announcement
1604      if(!isset($announcement) || $mybb->request_method != 'post')
1605      {
1606          $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1607          $announcement = $db->fetch_array($query);
1608      }
1609  
1610      if(!$announcement)
1611      {
1612          error($lang->error_invalid_announcement);
1613      }
1614      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1615      {
1616          error_no_permission();
1617      }
1618  
1619      if(!$announcement['startdate'])
1620      {
1621          // No start date? Make it now.
1622          $announcement['startdate'] = TIME_NOW;
1623      }
1624  
1625      $makeshift_end = false;
1626      if(!$announcement['enddate'])
1627      {
1628          $makeshift_end = true;
1629          $makeshift_time = TIME_NOW;
1630          if($announcement['startdate'])
1631          {
1632              $makeshift_time = $announcement['startdate'];
1633          }
1634  
1635          // No end date? Make it a year from now.
1636          $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366);
1637      }
1638  
1639      // Deal with inline errors
1640      if(!empty($errors) || isset($preview))
1641      {
1642          if(!empty($errors))
1643          {
1644              $errors = inline_error($errors);
1645          }
1646          else
1647          {
1648              $errors = '';
1649          }
1650  
1651          // Set $announcement to input stuff
1652          $announcement['subject'] = $mybb->input['title'];
1653          $announcement['message'] = $mybb->input['message'];
1654          $announcement['allowhtml'] = $allowhtml;
1655          $announcement['allowmycode'] = $allowmycode;
1656          $announcement['allowsmilies'] = $allowsmilies;
1657  
1658          $startmonth = $mybb->input['starttime_month'];
1659          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1660          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1661          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1662          $endmonth = $mybb->input['endtime_month'];
1663          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1664          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1665          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1666  
1667          $errored = true;
1668      }
1669      else
1670      {
1671          $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1672          $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1673  
1674          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate);
1675          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate);
1676  
1677          $startday = gmdate('j', $localized_time_startdate);
1678          $endday = gmdate('j', $localized_time_enddate);
1679  
1680          $startmonth = gmdate('m', $localized_time_startdate);
1681          $endmonth = gmdate('m', $localized_time_enddate);
1682  
1683          $startdateyear = gmdate('Y', $localized_time_startdate);
1684          $enddateyear = gmdate('Y', $localized_time_enddate);
1685  
1686          $errored = false;
1687      }
1688  
1689      // Generate form elements
1690      $startdateday = $enddateday = '';
1691      for($day = 1; $day <= 31; ++$day)
1692      {
1693          if($startday == $day)
1694          {
1695              $selected = " selected=\"selected\"";
1696              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1697          }
1698          else
1699          {
1700              $selected = '';
1701              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1702          }
1703  
1704          if($endday == $day)
1705          {
1706              $selected = " selected=\"selected\"";
1707              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1708          }
1709          else
1710          {
1711              $selected = '';
1712              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1713          }
1714      }
1715  
1716      $startmonthsel = $endmonthsel = array();
1717      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1718      {
1719          $startmonthsel[$month] = '';
1720          $endmonthsel[$month] = '';
1721      }
1722      $startmonthsel[$startmonth] = "selected=\"selected\"";
1723      $endmonthsel[$endmonth] = "selected=\"selected\"";
1724  
1725      $startdatemonth = $enddatemonth = '';
1726  
1727      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1728      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1729  
1730      $title = htmlspecialchars_uni($announcement['subject']);
1731      $message = htmlspecialchars_uni($announcement['message']);
1732  
1733      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1734      if($announcement['allowhtml'])
1735      {
1736          $html_sel['yes'] = ' checked="checked"';
1737      }
1738      else
1739      {
1740          $html_sel['no'] = ' checked="checked"';
1741      }
1742  
1743      if($announcement['allowmycode'])
1744      {
1745          $mycode_sel['yes'] = ' checked="checked"';
1746      }
1747      else
1748      {
1749          $mycode_sel['no'] = ' checked="checked"';
1750      }
1751  
1752      if($announcement['allowsmilies'])
1753      {
1754          $smilies_sel['yes'] = ' checked="checked"';
1755      }
1756      else
1757      {
1758          $smilies_sel['no'] = ' checked="checked"';
1759      }
1760  
1761      $end_type_sel = array('infinite' => '', 'finite' => '');
1762      if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true)
1763      {
1764          $end_type_sel['infinite'] = ' checked="checked"';
1765      }
1766      else
1767      {
1768          $end_type_sel['finite'] = ' checked="checked"';
1769      }
1770  
1771      // MyCode editor
1772      $codebuttons = build_mycode_inserter();
1773      $smilieinserter = build_clickable_smilies();
1774  
1775      if(isset($preview))
1776      {
1777          $announcementarray = array(
1778              'aid' => $announcement['aid'],
1779              'fid' => $announcement['fid'],
1780              'uid' => $mybb->user['uid'],
1781              'subject' => $mybb->input['title'],
1782              'message' => $mybb->input['message'],
1783              'allowhtml' => $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1784              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1785              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1786              'dateline' => TIME_NOW,
1787              'userusername' => $mybb->user['username'],
1788          );
1789  
1790          $array = $mybb->user;
1791          foreach($array as $key => $element)
1792          {
1793              $announcementarray[$key] = $element;
1794          }
1795  
1796          // Gather usergroup data from the cache
1797          // Field => Array Key
1798          $data_key = array(
1799              'title' => 'grouptitle',
1800              'usertitle' => 'groupusertitle',
1801              'stars' => 'groupstars',
1802              'starimage' => 'groupstarimage',
1803              'image' => 'groupimage',
1804              'namestyle' => 'namestyle',
1805              'usereputationsystem' => 'usereputationsystem'
1806          );
1807  
1808          foreach($data_key as $field => $key)
1809          {
1810              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1811          }
1812  
1813          require_once  MYBB_ROOT."inc/functions_post.php";
1814          $postbit = build_postbit($announcementarray, 3);
1815          eval("\$preview = \"".$templates->get("previewpost")."\";");
1816      }
1817      else
1818      {
1819          $preview = '';
1820      }
1821  
1822      $plugins->run_hooks("modcp_edit_announcement");
1823  
1824      eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";");
1825      output_page($announcements);
1826  }
1827  
1828  if($mybb->input['action'] == "announcements")
1829  {
1830      if($mybb->usergroup['canmanageannounce'] == 0)
1831      {
1832          error_no_permission();
1833      }
1834  
1835      if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1)
1836      {
1837          error($lang->you_cannot_manage_announcements);
1838      }
1839  
1840      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1841  
1842      // Fetch announcements into their proper arrays
1843      $query = $db->simple_select("announcements", "aid, fid, subject, enddate");
1844      $announcements = $global_announcements = array();
1845      while($announcement = $db->fetch_array($query))
1846      {
1847          if($announcement['fid'] == -1)
1848          {
1849              $global_announcements[$announcement['aid']] = $announcement;
1850              continue;
1851          }
1852          $announcements[$announcement['fid']][$announcement['aid']] = $announcement;
1853      }
1854  
1855      $announcements_global = '';
1856      if($mybb->usergroup['issupermod'] == 1)
1857      {
1858          if($global_announcements && $mybb->usergroup['issupermod'] == 1)
1859          {
1860              // Get the global announcements
1861              foreach($global_announcements as $aid => $announcement)
1862              {
1863                  $trow = alt_trow();
1864                  if($announcement['startdate'] > TIME_NOW || ($announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0))
1865                  {
1866                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";");
1867                  }
1868                  else
1869                  {
1870                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";");
1871                  }
1872  
1873                  $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1874  
1875                  eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";");
1876              }
1877          }
1878          else
1879          {
1880              // No global announcements
1881              eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";");
1882          }
1883          eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";");
1884      }
1885  
1886      $announcements_forum = '';
1887      fetch_forum_announcements();
1888  
1889      if(!$announcements_forum)
1890      {
1891          eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";");
1892      }
1893  
1894      $plugins->run_hooks("modcp_announcements");
1895  
1896      eval("\$announcements = \"".$templates->get("modcp_announcements")."\";");
1897      output_page($announcements);
1898  }
1899  
1900  if($mybb->input['action'] == "do_modqueue")
1901  {
1902      require_once  MYBB_ROOT."inc/class_moderation.php";
1903      $moderation = new Moderation;
1904  
1905      // Verify incoming POST request
1906      verify_post_check($mybb->get_input('my_post_key'));
1907  
1908      if($mybb->usergroup['canmanagemodqueue'] == 0)
1909      {
1910          error_no_permission();
1911      }
1912  
1913      $plugins->run_hooks("modcp_do_modqueue_start");
1914  
1915      $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY);
1916      $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY);
1917      $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY);
1918      if(!empty($mybb->input['threads']))
1919      {
1920          $threads = array_map("intval", array_keys($mybb->input['threads']));
1921          $threads_to_approve = $threads_to_delete = array();
1922          // Fetch threads
1923          $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}");
1924          while($thread = $db->fetch_array($query))
1925          {
1926              if(!isset($mybb->input['threads'][$thread['tid']]))
1927              {
1928                  continue;
1929              }
1930              $action = $mybb->input['threads'][$thread['tid']];
1931              if($action == "approve")
1932              {
1933                  $threads_to_approve[] = $thread['tid'];
1934              }
1935              else if($action == "delete")
1936              {
1937                  $threads_to_delete[] = $thread['tid'];
1938              }
1939          }
1940          if(!empty($threads_to_approve))
1941          {
1942              $moderation->approve_threads($threads_to_approve);
1943              log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads);
1944          }
1945          if(!empty($threads_to_delete))
1946          {
1947              if($mybb->settings['soft_delete'] == 1)
1948              {
1949                  $moderation->soft_delete_threads($threads_to_delete);
1950                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads);
1951              }
1952              else
1953              {
1954                  foreach($threads_to_delete as $tid)
1955                  {
1956                      $moderation->delete_thread($tid);
1957                  }
1958                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads);
1959              }
1960          }
1961  
1962          $plugins->run_hooks("modcp_do_modqueue_end");
1963  
1964          redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated);
1965      }
1966      else if(!empty($mybb->input['posts']))
1967      {
1968          $posts = array_map("intval", array_keys($mybb->input['posts']));
1969          // Fetch posts
1970          $posts_to_approve = $posts_to_delete = array();
1971          $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}");
1972          while($post = $db->fetch_array($query))
1973          {
1974              if(!isset($mybb->input['posts'][$post['pid']]))
1975              {
1976                  continue;
1977              }
1978              $action = $mybb->input['posts'][$post['pid']];
1979              if($action == "approve")
1980              {
1981                  $posts_to_approve[] = $post['pid'];
1982              }
1983              else if($action == "delete" && $mybb->settings['soft_delete'] != 1)
1984              {
1985                  $moderation->delete_post($post['pid']);
1986              }
1987              else if($action == "delete")
1988              {
1989                  $posts_to_delete[] = $post['pid'];
1990              }
1991          }
1992          if(!empty($posts_to_approve))
1993          {
1994              $moderation->approve_posts($posts_to_approve);
1995              log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts);
1996          }
1997          if(!empty($posts_to_delete))
1998          {
1999              if($mybb->settings['soft_delete'] == 1)
2000              {
2001                  $moderation->soft_delete_posts($posts_to_delete);
2002                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts);
2003              }
2004              else
2005              {
2006                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts);
2007              }
2008          }
2009  
2010          $plugins->run_hooks("modcp_do_modqueue_end");
2011  
2012          redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated);
2013      }
2014      else if(!empty($mybb->input['attachments']))
2015      {
2016          $attachments = array_map("intval", array_keys($mybb->input['attachments']));
2017          $query = $db->query("
2018              SELECT a.pid, a.aid
2019              FROM  ".TABLE_PREFIX."attachments a
2020              LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
2021              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2022              WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach}
2023          ");
2024          while($attachment = $db->fetch_array($query))
2025          {
2026              if(!isset($mybb->input['attachments'][$attachment['aid']]))
2027              {
2028                  continue;
2029              }
2030              $action = $mybb->input['attachments'][$attachment['aid']];
2031              if($action == "approve")
2032              {
2033                  $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");
2034              }
2035              else if($action == "delete")
2036              {
2037                  remove_attachment($attachment['pid'], '', $attachment['aid']);
2038              }
2039          }
2040  
2041          $plugins->run_hooks("modcp_do_modqueue_end");
2042  
2043          redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
2044      }
2045  }
2046  
2047  if($mybb->input['action'] == "modqueue")
2048  {
2049      $navsep = '';
2050  
2051      if($mybb->usergroup['canmanagemodqueue'] == 0)
2052      {
2053          error_no_permission();
2054      }
2055  
2056      if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2057      {
2058          error($lang->you_cannot_use_mod_queue);
2059      }
2060  
2061      $mybb->input['type'] = $mybb->get_input('type');
2062      $threadqueue = $postqueue = $attachmentqueue = '';
2063      if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1))
2064      {
2065          if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1)
2066          {
2067              error($lang->you_cannot_moderate_threads);
2068          }
2069  
2070          $forum_cache = $cache->read("forums");
2071  
2072          $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
2073          $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
2074  
2075          // Figure out if we need to display multiple pages.
2076          if($mybb->get_input('page') != "last")
2077          {
2078              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2079          }
2080  
2081          $perpage = $mybb->settings['threadsperpage'];
2082          $pages = $unapproved_threads / $perpage;
2083          $pages = ceil($pages);
2084  
2085          if($mybb->get_input('page') == "last")
2086          {
2087              $page = $pages;
2088          }
2089  
2090          if($page > $pages || $page <= 0)
2091          {
2092              $page = 1;
2093          }
2094  
2095          if($page)
2096          {
2097              $start = ($page-1) * $perpage;
2098          }
2099          else
2100          {
2101              $start = 0;
2102              $page = 1;
2103          }
2104  
2105          $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads");
2106  
2107          $query = $db->query("
2108              SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid
2109              FROM ".TABLE_PREFIX."threads t
2110              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost)
2111              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
2112              WHERE t.visible='0' {$tflist_queue_threads}
2113              ORDER BY t.lastpost DESC
2114              LIMIT {$start}, {$perpage}
2115          ");
2116          $threads = '';
2117          while($thread = $db->fetch_array($query))
2118          {
2119              $altbg = alt_trow();
2120              $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
2121              $thread['threadlink'] = get_thread_link($thread['tid']);
2122              $forum_link = get_forum_link($thread['fid']);
2123              $forum_name = $forum_cache[$thread['fid']]['name'];
2124              $threaddate = my_date('relative', $thread['dateline']);
2125  
2126              if($thread['username'] == "")
2127              {
2128                  if($thread['threadusername'] != "")
2129                  {
2130                      $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']);
2131                      $profile_link = $thread['threadusername'];
2132                  }
2133                  else
2134                  {
2135                      $profile_link = $lang->guest;
2136                  }
2137              }
2138              else
2139              {
2140                  $thread['username'] = htmlspecialchars_uni($thread['username']);
2141                  $profile_link = build_profile_link($thread['username'], $thread['uid']);
2142              }
2143  
2144              $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage']));
2145              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2146              eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";");
2147          }
2148  
2149          if(!$threads && $mybb->input['type'] == "threads")
2150          {
2151              eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";");
2152          }
2153  
2154          if($threads)
2155          {
2156              add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&amp;type=threads");
2157  
2158              $plugins->run_hooks("modcp_modqueue_threads_end");
2159  
2160              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2161              {
2162                  $navsep = " | ";
2163                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2164              }
2165  
2166              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2167              {
2168                  $navsep = " | ";
2169                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2170              }
2171  
2172              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2173              eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";");
2174              output_page($threadqueue);
2175          }
2176          $type = 'threads';
2177      }
2178  
2179      if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)))
2180      {
2181          if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1)
2182          {
2183              error($lang->you_cannot_moderate_posts);
2184          }
2185  
2186          $forum_cache = $cache->read("forums");
2187  
2188          $query = $db->query("
2189              SELECT COUNT(pid) AS unapprovedposts
2190              FROM  ".TABLE_PREFIX."posts p
2191              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2192              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2193          ");
2194          $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
2195  
2196          // Figure out if we need to display multiple pages.
2197          if($mybb->get_input('page') != "last")
2198          {
2199              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2200          }
2201  
2202          $perpage = $mybb->settings['postsperpage'];
2203          $pages = $unapproved_posts / $perpage;
2204          $pages = ceil($pages);
2205  
2206          if($mybb->get_input('page') == "last")
2207          {
2208              $page = $pages;
2209          }
2210  
2211          if($page > $pages || $page <= 0)
2212          {
2213              $page = 1;
2214          }
2215  
2216          if($page)
2217          {
2218              $start = ($page-1) * $perpage;
2219          }
2220          else
2221          {
2222              $start = 0;
2223              $page = 1;
2224          }
2225  
2226          $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");
2227  
2228          $query = $db->query("
2229              SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline
2230              FROM  ".TABLE_PREFIX."posts p
2231              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2232              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2233              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2234              ORDER BY p.dateline DESC
2235              LIMIT {$start}, {$perpage}
2236          ");
2237          $posts = '';
2238          while($post = $db->fetch_array($query))
2239          {
2240              $altbg = alt_trow();
2241              $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject']));
2242              $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject']));
2243              $post['threadlink'] = get_thread_link($post['tid']);
2244              $post['postlink'] = get_post_link($post['pid'], $post['tid']);
2245              $forum_link = get_forum_link($post['fid']);
2246              $forum_name = $forum_cache[$post['fid']]['name'];
2247              $postdate = my_date('relative', $post['dateline']);
2248  
2249              if($post['username'] == "")
2250              {
2251                  if($post['postusername'] != "")
2252                  {
2253                      $post['postusername'] = htmlspecialchars_uni($post['postusername']);
2254                      $profile_link = $post['postusername'];
2255                  }
2256                  else
2257                  {
2258                      $profile_link = $lang->guest;
2259                  }
2260              }
2261              else
2262              {
2263                  $post['username'] = htmlspecialchars_uni($post['username']);
2264                  $profile_link = build_profile_link($post['username'], $post['uid']);
2265              }
2266  
2267              eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";");
2268              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2269              $post['message'] = nl2br(htmlspecialchars_uni($post['message']));
2270              eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";");
2271          }
2272  
2273          if(!$posts && $mybb->input['type'] == "posts")
2274          {
2275              eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";");
2276          }
2277  
2278          if($posts)
2279          {
2280              add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&amp;type=posts");
2281  
2282              $plugins->run_hooks("modcp_modqueue_posts_end");
2283  
2284              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2285              {
2286                  $navsep = " | ";
2287                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2288              }
2289  
2290              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2291              {
2292                  $navsep = " | ";
2293                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2294              }
2295  
2296              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2297              eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";");
2298              output_page($postqueue);
2299          }
2300      }
2301  
2302      if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)))
2303      {
2304          if($mybb->settings['enableattachments'] == 0)
2305          {
2306              error($lang->attachments_disabled);
2307          }
2308  
2309          if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2310          {
2311              error($lang->you_cannot_moderate_attachments);
2312          }
2313  
2314          $query = $db->query("
2315              SELECT COUNT(aid) AS unapprovedattachments
2316              FROM  ".TABLE_PREFIX."attachments a
2317              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2318              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2319              WHERE a.visible='0'{$tflist_queue_attach}
2320          ");
2321          $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
2322  
2323          // Figure out if we need to display multiple pages.
2324          if($mybb->get_input('page') != "last")
2325          {
2326              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2327          }
2328  
2329          $perpage = $mybb->settings['postsperpage'];
2330          $pages = $unapproved_attachments / $perpage;
2331          $pages = ceil($pages);
2332  
2333          if($mybb->get_input('page') == "last")
2334          {
2335              $page = $pages;
2336          }
2337  
2338          if($page > $pages || $page <= 0)
2339          {
2340              $page = 1;
2341          }
2342  
2343          if($page)
2344          {
2345              $start = ($page-1) * $perpage;
2346          }
2347          else
2348          {
2349              $start = 0;
2350              $page = 1;
2351          }
2352  
2353          $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");
2354  
2355          $query = $db->query("
2356              SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject
2357              FROM  ".TABLE_PREFIX."attachments a
2358              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2359              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2360              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2361              WHERE a.visible='0'{$tflist_queue_attach}
2362              ORDER BY a.dateuploaded DESC
2363              LIMIT {$start}, {$perpage}
2364          ");
2365          $attachments = '';
2366          while($attachment = $db->fetch_array($query))
2367          {
2368              $altbg = alt_trow();
2369  
2370              if(!$attachment['dateuploaded'])
2371              {
2372                  $attachment['dateuploaded'] = $attachment['dateline'];
2373              }
2374  
2375              $attachdate = my_date('relative', $attachment['dateuploaded']);
2376  
2377              $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject']));
2378              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
2379              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
2380              $attachment['filesize'] = get_friendly_size($attachment['filesize']);
2381  
2382              $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}";
2383              $thread_link = get_thread_link($attachment['tid']);
2384              $attachment['username'] = htmlspecialchars_uni($attachment['username']);
2385              $profile_link = build_profile_link($attachment['username'], $attachment['uid']);
2386  
2387              eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";");
2388          }
2389  
2390          if(!$attachments && $mybb->input['type'] == "attachments")
2391          {
2392              eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";");
2393          }
2394  
2395          if($attachments)
2396          {
2397              add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&amp;type=attachments");
2398  
2399              $plugins->run_hooks("modcp_modqueue_attachments_end");
2400  
2401              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2402              {
2403                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2404                  $navsep = " | ";
2405              }
2406  
2407              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2408              {
2409                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2410                  $navsep = " | ";
2411              }
2412  
2413              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2414              eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";");
2415              output_page($attachmentqueue);
2416          }
2417      }
2418  
2419      // Still nothing? All queues are empty! :-D
2420      if(!$threadqueue && !$postqueue && !$attachmentqueue)
2421      {
2422          add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue");
2423  
2424          $plugins->run_hooks("modcp_modqueue_end");
2425  
2426          eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";");
2427          output_page($queue);
2428      }
2429  }
2430  
2431  if($mybb->input['action'] == "do_editprofile")
2432  {
2433      // Verify incoming POST request
2434      verify_post_check($mybb->input['my_post_key']);
2435  
2436      if($mybb->usergroup['caneditprofiles'] == 0)
2437      {
2438          error_no_permission();
2439      }
2440  
2441      $user = get_user($mybb->input['uid']);
2442      if(!$user)
2443      {
2444          error($lang->error_nomember);
2445      }
2446  
2447      // Check if the current user has permission to edit this user
2448      if(!modcp_can_manage_user($user['uid']))
2449      {
2450          error_no_permission();
2451      }
2452  
2453      $plugins->run_hooks("modcp_do_editprofile_start");
2454  
2455      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
2456      {
2457          $awaydate = TIME_NOW;
2458          if(!empty($mybb->input['awayday']))
2459          {
2460              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
2461              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
2462              {
2463                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
2464              }
2465              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
2466              {
2467                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
2468              }
2469  
2470              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
2471              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
2472              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
2473  
2474              // Check if return date is after the away date.
2475              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
2476              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
2477              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
2478              {
2479                  error($lang->error_modcp_return_date_past);
2480              }
2481  
2482              $returndate = "{$return_day}-{$return_month}-{$return_year}";
2483          }
2484          else
2485          {
2486              $returndate = "";
2487          }
2488          $away = array(
2489              "away" => 1,
2490              "date" => $awaydate,
2491              "returndate" => $returndate,
2492              "awayreason" => $mybb->get_input('awayreason')
2493          );
2494      }
2495      else
2496      {
2497          $away = array(
2498              "away" => 0,
2499              "date" => '',
2500              "returndate" => '',
2501              "awayreason" => ''
2502          );
2503      }
2504  
2505      // Set up user handler.
2506      require_once  MYBB_ROOT."inc/datahandlers/user.php";
2507      $userhandler = new UserDataHandler('update');
2508  
2509      // Set the data for the new user.
2510      $updated_user = array(
2511          "uid" => $user['uid'],
2512          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
2513          "profile_fields_editable" => true,
2514          "website" => $mybb->get_input('website'),
2515          "icq" => $mybb->get_input('icq'),
2516          "aim" => $mybb->get_input('aim'),
2517          "yahoo" => $mybb->get_input('yahoo'),
2518          "skype" => $mybb->get_input('skype'),
2519          "google" => $mybb->get_input('google'),
2520          "signature" => $mybb->get_input('signature'),
2521          "usernotes" => $mybb->get_input('usernotes'),
2522          "away" => $away
2523      );
2524  
2525      $updated_user['birthday'] = array(
2526          "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT),
2527          "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT),
2528          "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT)
2529      );
2530  
2531      if(!empty($mybb->input['usertitle']))
2532      {
2533          $updated_user['usertitle'] = $mybb->get_input('usertitle');
2534      }
2535      else if(!empty($mybb->input['reverttitle']))
2536      {
2537          $updated_user['usertitle'] = '';
2538      }
2539  
2540      if(!empty($mybb->input['remove_avatar']))
2541      {
2542          $updated_user['avatarurl'] = '';
2543      }
2544  
2545      // Set the data of the user in the datahandler.
2546      $userhandler->set_data($updated_user);
2547      $errors = '';
2548  
2549      // Validate the user and get any errors that might have occurred.
2550      if(!$userhandler->validate_user())
2551      {
2552          $errors = $userhandler->get_friendly_errors();
2553          $mybb->input['action'] = "editprofile";
2554      }
2555      else
2556      {
2557          // Are we removing an avatar from this user?
2558          if(!empty($mybb->input['remove_avatar']))
2559          {
2560              $extra_user_updates = array(
2561                  "avatar" => "",
2562                  "avatardimensions" => "",
2563                  "avatartype" => ""
2564              );
2565              remove_avatars($user['uid']);
2566          }
2567  
2568          // Moderator "Options" (suspend signature, suspend/moderate posting)
2569          $moderator_options = array(
2570              1 => array(
2571                  "action" => "suspendsignature", // The moderator action we're performing
2572                  "period" => "action_period", // The time period we've selected from the dropdown box
2573                  "time" => "action_time", // The time we've entered
2574                  "update_field" => "suspendsignature", // The field in the database to update if true
2575                  "update_length" => "suspendsigtime" // The length of suspension field in the database
2576              ),
2577              2 => array(
2578                  "action" => "moderateposting",
2579                  "period" => "modpost_period",
2580                  "time" => "modpost_time",
2581                  "update_field" => "moderateposts",
2582                  "update_length" => "moderationtime"
2583              ),
2584              3 => array(
2585                  "action" => "suspendposting",
2586                  "period" => "suspost_period",
2587                  "time" => "suspost_time",
2588                  "update_field" => "suspendposting",
2589                  "update_length" => "suspensiontime"
2590              )
2591          );
2592  
2593          require_once  MYBB_ROOT."inc/functions_warnings.php";
2594          foreach($moderator_options as $option)
2595          {
2596              $mybb->input[$option['time']] = $mybb->get_input($option['time'], MyBB::INPUT_INT);
2597              $mybb->input[$option['period']] = $mybb->get_input($option['period']);
2598              if(empty($mybb->input[$option['action']]))
2599              {
2600                  if($user[$option['update_field']] == 1)
2601                  {
2602                      // We're revoking the suspension
2603                      $extra_user_updates[$option['update_field']] = 0;
2604                      $extra_user_updates[$option['update_length']] = 0;
2605                  }
2606  
2607                  // Skip this option if we haven't selected it
2608                  continue;
2609              }
2610  
2611              else
2612              {
2613                  if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
2614                  {
2615                      // User has selected a type of ban, but not entered a valid time frame
2616                      $string = $option['action']."_error";
2617                      $errors[] = $lang->$string;
2618                  }
2619  
2620                  if(!is_array($errors))
2621                  {
2622                      $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
2623  
2624                      if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
2625                      {
2626                          // We already have a suspension, but entered a new time
2627                          if($suspend_length == "-1")
2628                          {
2629                              // Permanent ban on action
2630                              $extra_user_updates[$option['update_length']] = 0;
2631                          }
2632                          elseif($suspend_length && $suspend_length != "-1")
2633                          {
2634                              // Temporary ban on action
2635                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2636                          }
2637                      }
2638                      elseif(!$user[$option['update_field']])
2639                      {
2640                          // New suspension for this user... bad user!
2641                          $extra_user_updates[$option['update_field']] = 1;
2642                          if($suspend_length == "-1")
2643                          {
2644                              $extra_user_updates[$option['update_length']] = 0;
2645                          }
2646                          else
2647                          {
2648                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2649                          }
2650                      }
2651                  }
2652              }
2653          }
2654  
2655          // Those with javascript turned off will be able to select both - cheeky!
2656          // Check to make sure we're not moderating AND suspending posting
2657          if(isset($extra_user_updates) && $extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
2658          {
2659              $errors[] = $lang->suspendmoderate_error;
2660          }
2661  
2662          if(is_array($errors))
2663          {
2664              $mybb->input['action'] = "editprofile";
2665          }
2666          else
2667          {
2668              $plugins->run_hooks("modcp_do_editprofile_update");
2669  
2670              // Continue with the update if there is no errors
2671              $user_info = $userhandler->update_user();
2672              if(!empty($extra_user_updates))
2673              {
2674                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
2675              }
2676              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user);
2677  
2678              $plugins->run_hooks("modcp_do_editprofile_end");
2679  
2680              redirect("modcp.php?action=finduser", $lang->redirect_user_updated);
2681          }
2682      }
2683  }
2684  
2685  if($mybb->input['action'] == "editprofile")
2686  {
2687      if($mybb->usergroup['caneditprofiles'] == 0)
2688      {
2689          error_no_permission();
2690      }
2691  
2692      add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile");
2693  
2694      $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
2695      if(!$user)
2696      {
2697          error($lang->error_nomember);
2698      }
2699  
2700      // Check if the current user has permission to edit this user
2701      if(!modcp_can_manage_user($user['uid']))
2702      {
2703          error_no_permission();
2704      }
2705  
2706      if(!my_validate_url($user['website']))
2707      {
2708          $user['website'] = '';
2709      }
2710  
2711      if($user['icq'] != "0")
2712      {
2713          $user['icq'] = (int)$user['icq'];
2714      }
2715  
2716      if(!$errors)
2717      {
2718          $mybb->input = array_merge($user, $mybb->input);
2719          $birthday = explode('-', $user['birthday']);
2720          if(!isset($birthday[1]))
2721          {
2722              $birthday[1] = '';
2723          }
2724          if(!isset($birthday[2]))
2725          {
2726              $birthday[2] = '';
2727          }
2728          list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday;
2729      }
2730      else
2731      {
2732          $errors = inline_error($errors);
2733      }
2734  
2735      // Sanitize all input
2736      foreach(array('usertitle', 'website', 'icq', 'aim', 'yahoo', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
2737      {
2738          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
2739      }
2740  
2741      // Custom user title, check to see if we have a default group title
2742      if(!$user['displaygroup'])
2743      {
2744          $user['displaygroup'] = $user['usergroup'];
2745      }
2746  
2747      $displaygroupfields = array('usertitle');
2748      $display_group = usergroup_displaygroup($user['displaygroup']);
2749  
2750      if(!empty($display_group['usertitle']))
2751      {
2752          $defaulttitle = htmlspecialchars_uni($display_group['usertitle']);
2753      }
2754      else
2755      {
2756          // Go for post count title if a group default isn't set
2757          $usertitles = $cache->read('usertitles');
2758  
2759          foreach($usertitles as $title)
2760          {
2761              if($title['posts'] <= $user['postnum'])
2762              {
2763                  $defaulttitle = $title['title'];
2764                  break;
2765              }
2766          }
2767      }
2768  
2769      $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
2770  
2771      if(empty($user['usertitle']))
2772      {
2773          $lang->current_custom_usertitle = '';
2774      }
2775  
2776      $bdaydaysel = $selected = '';
2777      for($day = 1; $day <= 31; ++$day)
2778      {
2779          if($mybb->input['birthday_day'] == $day)
2780          {
2781              $selected = "selected=\"selected\"";
2782          }
2783          else
2784          {
2785              $selected = '';
2786          }
2787  
2788          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
2789      }
2790  
2791      $bdaymonthsel = array();
2792      foreach(range(1, 12) as $month)
2793      {
2794          $bdaymonthsel[$month] = '';
2795      }
2796      $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"';
2797  
2798      if($mybb->settings['allowaway'] != 0)
2799      {
2800          $awaycheck = array('', '');
2801          if($errors)
2802          {
2803              if($user['away'] == 1)
2804              {
2805                  $awaycheck[1] = "checked=\"checked\"";
2806              }
2807              else
2808              {
2809                  $awaycheck[0] = "checked=\"checked\"";
2810              }
2811              $returndate = array();
2812              $returndate[0] = $mybb->get_input('awayday');
2813              $returndate[1] = $mybb->get_input('awaymonth');
2814              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
2815              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
2816          }
2817          else
2818          {
2819              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
2820              if($user['away'] == 1)
2821              {
2822                  $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']);
2823                  $awaycheck[1] = "checked=\"checked\"";
2824                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
2825              }
2826              else
2827              {
2828                  $awaynotice = $lang->away_notice;
2829                  $awaycheck[0] = "checked=\"checked\"";
2830              }
2831              $returndate = explode("-", $user['returndate']);
2832          }
2833          $returndatesel = $selected = '';
2834          for($day = 1; $day <= 31; ++$day)
2835          {
2836              if($returndate[0] == $day)
2837              {
2838                  $selected = "selected=\"selected\"";
2839              }
2840              else
2841              {
2842                  $selected = '';
2843              }
2844  
2845              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
2846          }
2847  
2848          $returndatemonthsel = array();
2849          foreach(range(1, 12) as $month)
2850          {
2851              $returndatemonthsel[$month] = '';
2852          }
2853          if(isset($returndate[1]))
2854          {
2855              $returndatemonthsel[$returndate[1]] = " selected=\"selected\"";
2856          }
2857  
2858          if(!isset($returndate[2]))
2859          {
2860              $returndate[2] = '';
2861          }
2862  
2863          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
2864      }
2865  
2866      $plugins->run_hooks("modcp_editprofile_start");
2867  
2868      // Fetch profile fields
2869      $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
2870      $user_fields = $db->fetch_array($query);
2871  
2872      $requiredfields = '';
2873      $customfields = '';
2874      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
2875  
2876      $pfcache = $cache->read('profilefields');
2877  
2878      if(is_array($pfcache))
2879      {
2880          foreach($pfcache as $profilefield)
2881          {
2882              $userfield = $code = $select = $val = $options = $expoptions = $useropts = '';
2883              $seloptions = array();
2884              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
2885              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
2886              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
2887              $thing = explode("\n", $profilefield['type'], "2");
2888              $type = $thing[0];
2889              if(isset($thing[1]))
2890              {
2891                  $options = $thing[1];
2892              }
2893              $field = "fid{$profilefield['fid']}";
2894              if($errors)
2895              {
2896                  if(isset($mybb->input['profile_fields'][$field]))
2897                  {
2898                      $userfield = $mybb->input['profile_fields'][$field];
2899                  }
2900              }
2901              else
2902              {
2903                  $userfield = $user_fields[$field];
2904              }
2905              if($type == "multiselect")
2906              {
2907                  if($errors)
2908                  {
2909                      $useropts = $userfield;
2910                  }
2911                  else
2912                  {
2913                      $useropts = explode("\n", $userfield);
2914                  }
2915                  if(is_array($useropts))
2916                  {
2917                      foreach($useropts as $key => $val)
2918                      {
2919                          $seloptions[$val] = $val;
2920                      }
2921                  }
2922                  $expoptions = explode("\n", $options);
2923                  if(is_array($expoptions))
2924                  {
2925                      foreach($expoptions as $key => $val)
2926                      {
2927                          $val = trim($val);
2928                          $val = str_replace("\n", "\\n", $val);
2929  
2930                          $sel = "";
2931                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
2932                          {
2933                              $sel = " selected=\"selected\"";
2934                          }
2935  
2936                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
2937                      }
2938                      if(!$profilefield['length'])
2939                      {
2940                          $profilefield['length'] = 3;
2941                      }
2942  
2943                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
2944                  }
2945              }
2946              elseif($type == "select")
2947              {
2948                  $expoptions = explode("\n", $options);
2949                  if(is_array($expoptions))
2950                  {
2951                      foreach($expoptions as $key => $val)
2952                      {
2953                          $val = trim($val);
2954                          $val = str_replace("\n", "\\n", $val);
2955                          $sel = "";
2956                          if($val == $userfield)
2957                          {
2958                              $sel = " selected=\"selected\"";
2959                          }
2960  
2961                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
2962                      }
2963                      if(!$profilefield['length'])
2964                      {
2965                          $profilefield['length'] = 1;
2966                      }
2967  
2968                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
2969                  }
2970              }
2971              elseif($type == "radio")
2972              {
2973                  $expoptions = explode("\n", $options);
2974                  if(is_array($expoptions))
2975                  {
2976                      foreach($expoptions as $key => $val)
2977                      {
2978                          $checked = "";
2979                          if($val == $userfield)
2980                          {
2981                              $checked = " checked=\"checked\"";
2982                          }
2983  
2984                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
2985                      }
2986                  }
2987              }
2988              elseif($type == "checkbox")
2989              {
2990                  if($errors)
2991                  {
2992                      $useropts = $userfield;
2993                  }
2994                  else
2995                  {
2996                      $useropts = explode("\n", $userfield);
2997                  }
2998                  if(is_array($useropts))
2999                  {
3000                      foreach($useropts as $key => $val)
3001                      {
3002                          $seloptions[$val] = $val;
3003                      }
3004                  }
3005                  $expoptions = explode("\n", $options);
3006                  if(is_array($expoptions))
3007                  {
3008                      foreach($expoptions as $key => $val)
3009                      {
3010                          $checked = "";
3011                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3012                          {
3013                              $checked = " checked=\"checked\"";
3014                          }
3015  
3016                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
3017                      }
3018                  }
3019              }
3020              elseif($type == "textarea")
3021              {
3022                  $value = htmlspecialchars_uni($userfield);
3023                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
3024              }
3025              else
3026              {
3027                  $value = htmlspecialchars_uni($userfield);
3028                  $maxlength = "";
3029                  if($profilefield['maxlength'] > 0)
3030                  {
3031                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
3032                  }
3033  
3034                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
3035              }
3036  
3037              if($profilefield['required'] == 1)
3038              {
3039                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3040              }
3041              else
3042              {
3043                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3044              }
3045              $altbg = alt_trow();
3046          }
3047      }
3048      if($customfields)
3049      {
3050          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
3051      }
3052  
3053      $user['username'] = htmlspecialchars_uni($user['username']);
3054      $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']);
3055      $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3056  
3057      $user['signature'] = htmlspecialchars_uni($user['signature']);
3058      $codebuttons = build_mycode_inserter("signature");
3059  
3060      // Do we mark the suspend signature box?
3061      if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors)))
3062      {
3063          $checked = 1;
3064          $checked_item = "checked=\"checked\"";
3065      }
3066      else
3067      {
3068          $checked = 0;
3069          $checked_item = '';
3070      }
3071  
3072      // Do we mark the moderate posts box?
3073      if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors)))
3074      {
3075          $modpost_check = 1;
3076          $modpost_checked = "checked=\"checked\"";
3077      }
3078      else
3079      {
3080          $modpost_check = 0;
3081          $modpost_checked = '';
3082      }
3083  
3084      // Do we mark the suspend posts box?
3085      if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors)))
3086      {
3087          $suspost_check = 1;
3088          $suspost_checked = "checked=\"checked\"";
3089      }
3090      else
3091      {
3092          $suspost_check = 0;
3093          $suspost_checked = '';
3094      }
3095  
3096      $moderator_options = array(
3097          1 => array(
3098              "action" => "suspendsignature", // The input action for this option
3099              "option" => "suspendsignature", // The field in the database that this option relates to
3100              "time" => "action_time", // The time we've entered
3101              "length" => "suspendsigtime", // The length of suspension field in the database
3102              "select_option" => "action" // The name of the select box of this option
3103          ),
3104          2 => array(
3105              "action" => "moderateposting",
3106              "option" => "moderateposts",
3107              "time" => "modpost_time",
3108              "length" => "moderationtime",
3109              "select_option" => "modpost"
3110          ),
3111          3 => array(
3112              "action" => "suspendposting",
3113              "option" => "suspendposting",
3114              "time" => "suspost_time",
3115              "length" => "suspensiontime",
3116              "select_option" => "suspost"
3117          )
3118      );
3119  
3120      $periods = array(
3121          "hours" => $lang->expire_hours,
3122          "days" => $lang->expire_days,
3123          "weeks" => $lang->expire_weeks,
3124          "months" => $lang->expire_months,
3125          "never" => $lang->expire_permanent
3126      );
3127  
3128      $suspendsignature_info = $moderateposts_info = $suspendposting_info = '';
3129      $action_options = $modpost_options = $suspost_options = '';
3130      foreach($moderator_options as $option)
3131      {
3132          $mybb->input[$option['time']] = $mybb->get_input($option['time'], MyBB::INPUT_INT);
3133          // Display the suspension info, if this user has this option suspended
3134          if($user[$option['option']])
3135          {
3136              if($user[$option['length']] == 0)
3137              {
3138                  // User has a permanent ban
3139                  $string = $option['option']."_perm";
3140                  $suspension_info = $lang->$string;
3141              }
3142              else
3143              {
3144                  // User has a temporary (or limited) ban
3145                  $string = $option['option']."_for";
3146                  $for_date = my_date('relative', $user[$option['length']], '', 2);
3147                  $suspension_info = $lang->sprintf($lang->$string, $for_date);
3148              }
3149  
3150              switch($option['option'])
3151              {
3152                  case "suspendsignature":
3153                      eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3154                      break;
3155                  case "moderateposts":
3156                      eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3157                      break;
3158                  case "suspendposting":
3159                      eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3160                      break;
3161              }
3162          }
3163  
3164          // Generate the boxes for this option
3165          $selection_options = '';
3166          foreach($periods as $key => $value)
3167          {
3168              $string = $option['select_option']."_period";
3169              if($mybb->get_input($string) == $key)
3170              {
3171                  $selected = "selected=\"selected\"";
3172              }
3173              else
3174              {
3175                  $selected = '';
3176              }
3177  
3178              eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";");
3179          }
3180  
3181          $select_name = $option['select_option']."_period";
3182          switch($option['option'])
3183          {
3184              case "suspendsignature":
3185                  eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";");
3186                  break;
3187              case "moderateposts":
3188                  eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3189                  break;
3190              case "suspendposting":
3191                  eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3192                  break;
3193          }
3194      }
3195  
3196      eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";");
3197  
3198      if(!isset($newtitle))
3199      {
3200          $newtitle = '';
3201      }
3202  
3203      $plugins->run_hooks("modcp_editprofile_end");
3204  
3205      eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";");
3206      output_page($edituser);
3207  }
3208  
3209  if($mybb->input['action'] == "finduser")
3210  {
3211      if($mybb->usergroup['caneditprofiles'] == 0)
3212      {
3213          error_no_permission();
3214      }
3215  
3216      add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser");
3217  
3218      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3219      if(!$perpage || $perpage <= 0)
3220      {
3221          $perpage = $mybb->settings['threadsperpage'];
3222      }
3223      $where = '';
3224  
3225      if(isset($mybb->input['username']))
3226      {
3227          switch($db->type)
3228          {
3229              case 'mysql':
3230              case 'mysqli':
3231                  $field = 'username';
3232                  break;
3233              default:
3234                  $field = 'LOWER(username)';
3235                  break;
3236          }
3237          $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'";
3238      }
3239  
3240      // Sort order & direction
3241      switch($mybb->get_input('sortby'))
3242      {
3243          case "lastvisit":
3244              $sortby = "lastvisit";
3245              break;
3246          case "postnum":
3247              $sortby = "postnum";
3248              break;
3249          case "username":
3250              $sortby = "username";
3251              break;
3252          default:
3253              $sortby = "regdate";
3254      }
3255      $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => '');
3256      $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\"";
3257      $order = $mybb->get_input('order');
3258      if($order != "asc")
3259      {
3260          $order = "desc";
3261      }
3262      $ordersel = array('asc' => '', 'desc' => '');
3263      $ordersel[$order] = " selected=\"selected\"";
3264  
3265      $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}");
3266      $user_count = $db->fetch_field($query, "count");
3267  
3268      // Figure out if we need to display multiple pages.
3269      if($mybb->get_input('page') != "last")
3270      {
3271          $page = $mybb->get_input('page');
3272      }
3273  
3274      $pages = $user_count / $perpage;
3275      $pages = ceil($pages);
3276  
3277      if($mybb->get_input('page') == "last")
3278      {
3279          $page = $pages;
3280      }
3281  
3282      if($page > $pages || $page <= 0)
3283      {
3284          $page = 1;
3285      }
3286      if($page)
3287      {
3288          $start = ($page-1) * $perpage;
3289      }
3290      else
3291      {
3292          $start = 0;
3293          $page = 1;
3294      }
3295  
3296      $page_url = 'modcp.php?action=finduser';
3297      foreach(array('username', 'sortby', 'order') as $field)
3298      {
3299          if(!empty($mybb->input[$field]))
3300          {
3301              $page_url .= "&amp;{$field}=".$mybb->input[$field];
3302          }
3303      }
3304  
3305      $multipage = multipage($user_count, $perpage, $page, $page_url);
3306  
3307      $usergroups_cache = $cache->read("usergroups");
3308  
3309      $plugins->run_hooks("modcp_finduser_start");
3310  
3311      // Fetch out results
3312      $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start));
3313      $users = '';
3314      while($user = $db->fetch_array($query))
3315      {
3316          $alt_row = alt_trow();
3317          $user['username'] = htmlspecialchars_uni($user['username']);
3318          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
3319          $user['postnum'] = my_number_format($user['postnum']);
3320          $regdate = my_date('relative', $user['regdate']);
3321  
3322          if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])
3323          {
3324              $lastdate = $lang->lastvisit_never;
3325  
3326              if($user['lastvisit'])
3327              {
3328                  // We have had at least some active time, hide it instead
3329                  $lastdate = $lang->lastvisit_hidden;
3330              }
3331          }
3332          else
3333          {
3334              $lastdate = my_date('relative', $user['lastvisit']);
3335          }
3336  
3337          $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']);
3338          eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";");
3339      }
3340  
3341      // No results?
3342      if(!$users)
3343      {
3344          eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";");
3345      }
3346  
3347      $plugins->run_hooks("modcp_finduser_end");
3348  
3349      eval("\$finduser = \"".$templates->get("modcp_finduser")."\";");
3350      output_page($finduser);
3351  }
3352  
3353  if($mybb->input['action'] == "warninglogs")
3354  {
3355      if($mybb->usergroup['canviewwarnlogs'] == 0)
3356      {
3357          error_no_permission();
3358      }
3359  
3360      add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs");
3361  
3362      // Filter options
3363      $where_sql = '';
3364      $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY);
3365      $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY);
3366      if(!empty($mybb->input['filter']['username']))
3367      {
3368          $search_user = get_user_by_username($mybb->input['filter']['username']);
3369  
3370          $mybb->input['filter']['uid'] = (int)$search_user['uid'];
3371          $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']);
3372      }
3373      else
3374      {
3375          $mybb->input['filter']['username'] = '';
3376      }
3377      if(!empty($mybb->input['filter']['uid']))
3378      {
3379          $search['uid'] = (int)$mybb->input['filter']['uid'];
3380          $where_sql .= " AND w.uid='{$search['uid']}'";
3381          if(!isset($mybb->input['search']['username']))
3382          {
3383              $user = get_user($mybb->input['search']['uid']);
3384              $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']);
3385          }
3386      }
3387      else
3388      {
3389          $mybb->input['filter']['uid'] = '';
3390      }
3391      if(!empty($mybb->input['filter']['mod_username']))
3392      {
3393          $mod_user = get_user_by_username($mybb->input['filter']['mod_username']);
3394  
3395          $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid'];
3396          $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']);
3397      }
3398      else
3399      {
3400          $mybb->input['filter']['mod_username'] = '';
3401      }
3402      if(!empty($mybb->input['filter']['mod_uid']))
3403      {
3404          $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid'];
3405          $where_sql .= " AND w.issuedby='{$search['mod_uid']}'";
3406          if(!isset($mybb->input['search']['mod_username']))
3407          {
3408              $mod_user = get_user($mybb->input['search']['uid']);
3409              $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']);
3410          }
3411      }
3412      else
3413      {
3414          $mybb->input['filter']['mod_uid'] = '';
3415      }
3416      if(!empty($mybb->input['filter']['reason']))
3417      {
3418          $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']);
3419          $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";
3420          $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']);
3421      }
3422      else
3423      {
3424          $mybb->input['filter']['reason'] = '';
3425      }
3426      $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => '');
3427      if(!isset($mybb->input['filter']['sortby']))
3428      {
3429          $mybb->input['filter']['sortby'] = '';
3430      }
3431      switch($mybb->input['filter']['sortby'])
3432      {
3433          case "username":
3434              $sortby = "u.username";
3435              $sortbysel['username'] = ' selected="selected"';
3436              break;
3437          case "expires":
3438              $sortby = "w.expires";
3439              $sortbysel['expires'] = ' selected="selected"';
3440              break;
3441          case "issuedby":
3442              $sortby = "i.username";
3443              $sortbysel['issuedby'] = ' selected="selected"';
3444              break;
3445          default: // "dateline"
3446              $sortby = "w.dateline";
3447              $sortbysel['dateline'] = ' selected="selected"';
3448      }
3449      if(!isset($mybb->input['filter']['order']))
3450      {
3451          $mybb->input['filter']['order'] = '';
3452      }
3453      $order = $mybb->input['filter']['order'];
3454      $ordersel = array('asc' => '', 'desc' => '');
3455      if($order != "asc")
3456      {
3457          $order = "desc";
3458          $ordersel['desc'] = ' selected="selected"';
3459      }
3460      else
3461      {
3462          $ordersel['asc'] = ' selected="selected"';
3463      }
3464  
3465      $plugins->run_hooks("modcp_warninglogs_start");
3466  
3467      // Pagination stuff
3468      $sql = "
3469          SELECT COUNT(wid) as count
3470          FROM
3471              ".TABLE_PREFIX."warnings w
3472              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3473          WHERE 1=1
3474              {$where_sql}
3475      ";
3476      $query = $db->query($sql);
3477      $total_warnings = $db->fetch_field($query, 'count');
3478      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3479      if($page <= 0)
3480      {
3481          $page = 1;
3482      }
3483      $per_page = 20;
3484      if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0)
3485      {
3486          $per_page = (int)$mybb->input['filter']['per_page'];
3487      }
3488      $start = ($page-1) * $per_page;
3489      // Build the base URL for pagination links
3490      $url = 'modcp.php?action=warninglogs';
3491      if(is_array($mybb->input['filter']) && count($mybb->input['filter']))
3492      {
3493          foreach($mybb->input['filter'] as $field => $value)
3494          {
3495              $value = urlencode($value);
3496              $url .= "&amp;filter[{$field}]={$value}";
3497          }
3498      }
3499      $multipage = multipage($total_warnings, $per_page, $page, $url);
3500  
3501      // The actual query
3502      $sql = "
3503          SELECT
3504              w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby,
3505              t.title,
3506              u.uid, u.username, u.usergroup, u.displaygroup,
3507              i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup
3508          FROM ".TABLE_PREFIX."warnings w
3509              LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid)
3510              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3511              LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby)
3512          WHERE 1=1
3513              {$where_sql}
3514          ORDER BY {$sortby} {$order}
3515          LIMIT {$start}, {$per_page}
3516      ";
3517      $query = $db->query($sql);
3518  
3519  
3520      $warning_list = '';
3521      while($row = $db->fetch_array($query))
3522      {
3523          $trow = alt_trow();
3524          $row['username'] = htmlspecialchars_uni($row['username']);
3525          $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']);
3526          $username_link = build_profile_link($username, $row['uid']);
3527          $row['mod_username'] = htmlspecialchars_uni($row['mod_username']);
3528          $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']);
3529          $mod_username_link = build_profile_link($mod_username, $row['mod_uid']);
3530          $issued_date = my_date($mybb->settings['dateformat'], $row['dateline']).' '.my_date($mybb->settings['timeformat'], $row['dateline']);
3531          $revoked_text = '';
3532          if($row['daterevoked'] > 0)
3533          {
3534              $revoked_date = my_date('relative', $row['daterevoked']);
3535              eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";");
3536          }
3537          if($row['expires'] > 0)
3538          {
3539              $expire_date = my_date('relative', $row['expires'], '', 2);
3540          }
3541          else
3542          {
3543              $expire_date = $lang->never;
3544          }
3545          $title = $row['title'];
3546          if(empty($row['title']))
3547          {
3548              $title = $row['custom_title'];
3549          }
3550          $title = htmlspecialchars_uni($title);
3551          if($row['points'] >= 0)
3552          {
3553              $points = '+'.$row['points'];
3554          }
3555  
3556          eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";");
3557      }
3558  
3559      if(!$warning_list)
3560      {
3561          eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";");
3562      }
3563  
3564      $plugins->run_hooks("modcp_warninglogs_end");
3565  
3566      eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";");
3567      output_page($warninglogs);
3568  }
3569  
3570  if($mybb->input['action'] == "ipsearch")
3571  {
3572      if($mybb->usergroup['canuseipsearch'] == 0)
3573      {
3574          error_no_permission();
3575      }
3576  
3577      add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch");
3578  
3579      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
3580      if($mybb->input['ipaddress'])
3581      {
3582          if(!is_array($groupscache))
3583          {
3584              $groupscache = $cache->read("usergroups");
3585          }
3586  
3587          $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']);
3588  
3589          $ip_range = fetch_ip_range($mybb->input['ipaddress']);
3590  
3591          $post_results = $user_results = 0;
3592  
3593          // Searching post IP addresses
3594          if(isset($mybb->input['search_posts']))
3595          {
3596              if($ip_range)
3597              {
3598                  if(!is_array($ip_range))
3599                  {
3600                      $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range);
3601                  }
3602                  else
3603                  {
3604                      $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3605                  }
3606              }
3607  
3608              $plugins->run_hooks("modcp_ipsearch_posts_start");
3609  
3610              if($post_ip_sql)
3611              {
3612                  $where_sql = '';
3613  
3614                  $unviewable_forums = get_unviewable_forums(true);
3615  
3616                  if($unviewable_forums)
3617                  {
3618                      $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})";
3619                  }
3620  
3621                  if($inactiveforums)
3622                  {
3623                      $where_sql .= " AND p.fid NOT IN ({$inactiveforums})";
3624                  }
3625  
3626                  // Check group permissions if we can't view threads not started by us
3627                  $onlyusfids = array();
3628                  $group_permissions = forum_permissions();
3629                  foreach($group_permissions as $fid => $forumpermissions)
3630                  {
3631                      if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1)
3632                      {
3633                          $onlyusfids[] = $fid;
3634                      }
3635                  }
3636  
3637                  if(!empty($onlyusfids))
3638                  {
3639                      $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
3640                  }
3641  
3642                  // Moderators can view unapproved/deleted posts
3643                  if($mybb->usergroup['issupermod'] != 1)
3644                  {
3645                      $unapprove_forums = array();
3646                      $deleted_forums = array();
3647                      $visible_sql = " AND (p.visible = 1 AND t.visible = 1)";
3648                      $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
3649                      while($moderator = $db->fetch_array($query))
3650                      {
3651                          if($moderator['canviewunapprove'] == 1)
3652                          {
3653                              $unapprove_forums[] = $moderator['fid'];
3654                          }
3655  
3656                          if($moderator['canviewdeleted'] == 1)
3657                          {
3658                              $deleted_forums[] = $moderator['fid'];
3659                          }
3660                      }
3661  
3662                      if(!empty($unapprove_forums))
3663                      {
3664                          $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
3665                      }
3666                      if(!empty($deleted_forums))
3667                      {
3668                          $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
3669                      }
3670                  }
3671                  else
3672                  {
3673                      // Super moderators (and admins)
3674                      $visible_sql = " AND p.visible >= -1";
3675                  }
3676  
3677                  $query = $db->query("
3678                      SELECT COUNT(p.pid) AS count
3679                      FROM ".TABLE_PREFIX."posts p
3680                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3681                      WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3682                  ");
3683                  $post_results = $db->fetch_field($query, "count");
3684              }
3685          }
3686  
3687          // Searching user IP addresses
3688          if(isset($mybb->input['search_users']))
3689          {
3690              if($ip_range)
3691              {
3692                  if(!is_array($ip_range))
3693                  {
3694                      $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range);
3695                  }
3696                  else
3697                  {
3698                      $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3699                  }
3700              }
3701  
3702              $plugins->run_hooks("modcp_ipsearch_users_start");
3703  
3704              if($user_ip_sql)
3705              {
3706                  $query = $db->simple_select('users', 'COUNT(uid) AS count', $user_ip_sql);
3707  
3708                  $user_results = $db->fetch_field($query, "count");
3709              }
3710          }
3711  
3712          $total_results = $post_results+$user_results;
3713  
3714          if(!$total_results)
3715          {
3716              $total_results = 1;
3717          }
3718  
3719          // Now we have the result counts, paginate
3720          $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3721          if(!$perpage || $perpage <= 0)
3722          {
3723              $perpage = $mybb->settings['threadsperpage'];
3724          }
3725  
3726          // Figure out if we need to display multiple pages.
3727          if($mybb->get_input('page') != "last")
3728          {
3729              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3730          }
3731  
3732          $pages = $total_results / $perpage;
3733          $pages = ceil($pages);
3734  
3735          if($mybb->get_input('page') == "last")
3736          {
3737              $page = $pages;
3738          }
3739  
3740          if($page > $pages || $page <= 0)
3741          {
3742              $page = 1;
3743          }
3744  
3745          if($page)
3746          {
3747              $start = ($page-1) * $perpage;
3748          }
3749          else
3750          {
3751              $start = 0;
3752              $page = 1;
3753          }
3754  
3755          $page_url = "modcp.php?action=ipsearch&amp;perpage={$perpage}";
3756          foreach(array('ipaddress', 'search_users', 'search_posts') as $input)
3757          {
3758              if(!empty($mybb->input[$input]))
3759              {
3760                  $page_url .= "&amp;{$input}=".urlencode($mybb->input[$input]);
3761              }
3762          }
3763          $multipage = multipage($total_results, $perpage, $page, $page_url);
3764  
3765          $post_limit = $perpage;
3766          $results = '';
3767          if(isset($mybb->input['search_users']) && $user_results && $start <= $user_results)
3768          {
3769              $query = $db->simple_select('users', 'username, uid, regip, lastip', $user_ip_sql,
3770                      array('order_by' => 'regdate', 'order_dir' => 'DESC', 'limit_start' => $start, 'limit' => $perpage));
3771  
3772              while($ipaddress = $db->fetch_array($query))
3773              {
3774                  $result = false;
3775                  $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']);
3776                  $profile_link = build_profile_link($ipaddress['username'], $ipaddress['uid']);
3777                  $trow = alt_trow();
3778                  $ip = false;
3779                  if(is_array($ip_range))
3780                  {
3781                      if(strcmp($ip_range[0], $ipaddress['regip']) <= 0 && strcmp($ip_range[1], $ipaddress['regip']) >= 0)
3782                      {
3783                          eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";");
3784                          $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip']));
3785                      }
3786                      elseif(strcmp($ip_range[0], $ipaddress['lastip']) <= 0 && strcmp($ip_range[1], $ipaddress['lastip']) >= 0)
3787                      {
3788                          eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";");
3789                          $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip']));
3790                      }
3791                  }
3792                  elseif($ipaddress['regip'] == $ip_range)
3793                  {
3794                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";");
3795                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip']));
3796                  }
3797                  elseif($ipaddress['lastip'] == $ip_range)
3798                  {
3799                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";");
3800                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip']));
3801                  }
3802                  if($ip)
3803                  {
3804                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
3805                      $result = true;
3806                  }
3807                  if($result)
3808                  {
3809                      --$post_limit;
3810                  }
3811              }
3812          }
3813          $post_start = 0;
3814          if($total_results > $user_results && $post_limit)
3815          {
3816              $post_start = $start-$user_results;
3817              if($post_start < 0)
3818              {
3819                  $post_start = 0;
3820              }
3821          }
3822          if(isset($mybb->input['search_posts']) && $post_results && (!isset($mybb->input['search_users']) || (isset($mybb->input['search_users']) && $post_limit > 0)))
3823          {
3824              $ipaddresses = $tids = $uids = array();
3825  
3826              $query = $db->query("
3827                  SELECT p.username AS postusername, p.uid, p.subject, p.pid, p.tid, p.ipaddress
3828                  FROM ".TABLE_PREFIX."posts p
3829                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3830                  WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3831                  ORDER BY p.dateline desc
3832                  LIMIT {$post_start}, {$post_limit}
3833              ");
3834              while($ipaddress = $db->fetch_array($query))
3835              {
3836                  $tids[$ipaddress['tid']] = $ipaddress['pid'];
3837                  $uids[$ipaddress['uid']] = $ipaddress['pid'];
3838                  $ipaddresses[$ipaddress['pid']] = $ipaddress;
3839              }
3840  
3841              if(!empty($ipaddresses))
3842              {
3843                  $query = $db->simple_select("threads", "subject, tid", "tid IN(".implode(',', array_keys($tids)).")");
3844                  while($thread = $db->fetch_array($query))
3845                  {
3846                      $ipaddresses[$tids[$thread['tid']]]['threadsubject'] = $thread['subject'];
3847                  }
3848                  unset($tids);
3849  
3850                  $query = $db->simple_select("users", "username, uid", "uid IN(".implode(',', array_keys($uids)).")");
3851                  while($user = $db->fetch_array($query))
3852                  {
3853                      $ipaddresses[$uids[$user['uid']]]['username'] = $user['username'];
3854                  }
3855                  unset($uids);
3856  
3857                  foreach($ipaddresses as $ipaddress)
3858                  {
3859                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['ipaddress']));
3860                      if(!$ipaddress['username'])
3861                      {
3862                          $ipaddress['username'] = $ipaddress['postusername']; // Guest username support
3863                      }
3864                      $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']);
3865                      $trow = alt_trow();
3866                      if(!$ipaddress['subject'])
3867                      {
3868                          $ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}";
3869                      }
3870  
3871                      $ipaddress['postlink'] = get_post_link($ipaddress['pid'], $ipaddress['tid']);
3872                      $ipaddress['subject'] = htmlspecialchars_uni($parser->parse_badwords($ipaddress['subject']));
3873                      $ipaddress['profilelink'] = build_profile_link($ipaddress['username'], $ipaddress['uid']);
3874  
3875                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_post")."\";");
3876                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
3877                  }
3878              }
3879          }
3880  
3881          if(!$results)
3882          {
3883              eval("\$results = \"".$templates->get("modcp_ipsearch_noresults")."\";");
3884          }
3885  
3886          if($ipaddressvalue)
3887          {
3888              $lang->ipsearch_results = $lang->sprintf($lang->ipsearch_results, $ipaddressvalue);
3889          }
3890          else
3891          {
3892              $lang->ipsearch_results = $lang->ipsearch;
3893          }
3894  
3895          $ipaddress = $ipaddress_url = $misc_info_link = '';
3896          if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], "/"))
3897          {
3898              $ipaddress = htmlspecialchars_uni($mybb->input['ipaddress']);
3899              $ipaddress_url = urlencode($mybb->input['ipaddress']);
3900              eval("\$misc_info_link = \"".$templates->get("modcp_ipsearch_results_information")."\";");
3901          }
3902  
3903          eval("\$ipsearch_results = \"".$templates->get("modcp_ipsearch_results")."\";");
3904      }
3905  
3906      // Fetch filter options
3907      if(!$mybb->input['ipaddress'])
3908      {
3909          $mybb->input['search_posts'] = 1;
3910          $mybb->input['search_users'] = 1;
3911      }
3912      $usersearchselect = $postsearchselect = '';
3913      if(isset($mybb->input['search_posts']))
3914      {
3915          $postsearchselect = "checked=\"checked\"";
3916      }
3917      if(isset($mybb->input['search_users']))
3918      {
3919          $usersearchselect = "checked=\"checked\"";
3920      }
3921  
3922      $plugins->run_hooks("modcp_ipsearch_end");
3923  
3924      eval("\$ipsearch = \"".$templates->get("modcp_ipsearch")."\";");
3925      output_page($ipsearch);
3926  }
3927  
3928  if($mybb->