[ Index ]

PHP Cross Reference of MyBB 1.8.15

title

Body

[close]

/ -> modcp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'modcp.php');
  13  
  14  $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation";
  15  $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview";
  16  $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning";
  17  $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info";
  18  $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts";
  19  $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist";
  20  $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link";
  21  $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link";
  22  $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away";
  23  $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link";
  24  $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete";
  25  $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread";
  26  $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active";
  27  $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text";
  28  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit";
  29  $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/functions_upload.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  require_once  MYBB_ROOT."inc/class_parser.php";
  36  $parser = new postParser;
  37  
  38  // Set up the array of ban times.
  39  $bantimes = fetch_ban_times();
  40  
  41  // Load global language phrases
  42  $lang->load("modcp");
  43  $lang->load("announcements");
  44  
  45  if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
  46  {
  47      error_no_permission();
  48  }
  49  
  50  if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
  51  {
  52      $mybb->settings['threadsperpage'] = 20;
  53  }
  54  
  55  $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach =
  56  $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = '';
  57  // SQL for fetching items only related to forums this user moderates
  58  $moderated_forums = array();
  59  if($mybb->usergroup['issupermod'] != 1)
  60  {
  61      $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')");
  62  
  63      $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  64      while($forum = $db->fetch_array($query))
  65      {
  66          // For Announcements
  67          if($forum['canmanageannouncements'] == 1)
  68          {
  69              ++$numannouncements;
  70          }
  71  
  72          // For the Mod Queues
  73          if($forum['canapproveunapprovethreads'] == 1)
  74          {
  75              $flist_queue_threads .= ",'{$forum['fid']}'";
  76  
  77              $children = get_child_list($forum['fid']);
  78              if(!empty($children))
  79              {
  80                  $flist_queue_threads .= ",'".implode("','", $children)."'";
  81              }
  82              ++$nummodqueuethreads;
  83          }
  84  
  85          if($forum['canapproveunapproveposts'] == 1)
  86          {
  87              $flist_queue_posts .= ",'{$forum['fid']}'";
  88  
  89              $children = get_child_list($forum['fid']);
  90              if(!empty($children))
  91              {
  92                  $flist_queue_posts .= ",'".implode("','", $children)."'";
  93              }
  94              ++$nummodqueueposts;
  95          }
  96  
  97          if($forum['canapproveunapproveattachs'] == 1)
  98          {
  99              $flist_queue_attach .= ",'{$forum['fid']}'";
 100  
 101              $children = get_child_list($forum['fid']);
 102              if(!empty($children))
 103              {
 104                  $flist_queue_attach .= ",'".implode("','", $children)."'";
 105              }
 106              ++$nummodqueueattach;
 107          }
 108  
 109          // For Reported posts
 110          if($forum['canmanagereportedposts'] == 1)
 111          {
 112              $flist_reports .= ",'{$forum['fid']}'";
 113  
 114              $children = get_child_list($forum['fid']);
 115              if(!empty($children))
 116              {
 117                  $flist_reports .= ",'".implode("','", $children)."'";
 118              }
 119              ++$numreportedposts;
 120          }
 121  
 122          // For the Mod Log
 123          if($forum['canviewmodlog'] == 1)
 124          {
 125              $flist_modlog .= ",'{$forum['fid']}'";
 126  
 127              $children = get_child_list($forum['fid']);
 128              if(!empty($children))
 129              {
 130                  $flist_modlog .= ",'".implode("','", $children)."'";
 131              }
 132              ++$nummodlogs;
 133          }
 134  
 135          $flist .= ",'{$forum['fid']}'";
 136  
 137          $children = get_child_list($forum['fid']);
 138          if(!empty($children))
 139          {
 140              $flist .= ",'".implode("','", $children)."'";
 141          }
 142          $moderated_forums[] = $forum['fid'];
 143      }
 144      if($flist_queue_threads)
 145      {
 146          $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})";
 147          $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})";
 148      }
 149      if($flist_queue_posts)
 150      {
 151          $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})";
 152          $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})";
 153      }
 154      if($flist_queue_attach)
 155      {
 156          $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})";
 157          $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})";
 158      }
 159      if($flist_reports)
 160      {
 161          $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})";
 162          $tflist_reports = " AND r.id3 IN (0{$flist_reports})";
 163          $flist_reports = " AND id3 IN (0{$flist_reports})";
 164      }
 165      if($flist_modlog)
 166      {
 167          $tflist_modlog = " AND t.fid IN (0{$flist_modlog})";
 168          $flist_modlog = " AND fid IN (0{$flist_modlog})";
 169      }
 170      if($flist)
 171      {
 172          $tflist = " AND t.fid IN (0{$flist})";
 173          $flist = " AND fid IN (0{$flist})";
 174      }
 175  }
 176  
 177  // Retrieve a list of unviewable forums
 178  $unviewableforums = get_unviewable_forums();
 179  $inactiveforums = get_inactive_forums();
 180  $unviewablefids1 = $unviewablefids2 = array();
 181  
 182  if($unviewableforums)
 183  {
 184      $flist .= " AND fid NOT IN ({$unviewableforums})";
 185      $tflist .= " AND t.fid NOT IN ({$unviewableforums})";
 186  
 187      $unviewablefids1 = explode(',', $unviewableforums);
 188  }
 189  
 190  if($inactiveforums)
 191  {
 192      $flist .= " AND fid NOT IN ({$inactiveforums})";
 193      $tflist .= " AND t.fid NOT IN ({$inactiveforums})";
 194  
 195      $unviewablefids2 = explode(',', $inactiveforums);
 196  }
 197  
 198  $unviewableforums = array_merge($unviewablefids1, $unviewablefids2);
 199  
 200  if(!isset($collapsedimg['modcpforums']))
 201  {
 202      $collapsedimg['modcpforums'] = '';
 203  }
 204  
 205  if(!isset($collapsed['modcpforums_e']))
 206  {
 207      $collapsed['modcpforums_e'] = '';
 208  }
 209  
 210  if(!isset($collapsedimg['modcpusers']))
 211  {
 212      $collapsedimg['modcpusers'] = '';
 213  }
 214  
 215  if(!isset($collapsed['modcpusers_e']))
 216  {
 217      $collapsed['modcpusers_e'] = '';
 218  }
 219  
 220  // Fetch the Mod CP menu
 221  $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = '';
 222  if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1)
 223  {
 224      eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";");
 225  }
 226  
 227  if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1)
 228  {
 229      eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";");
 230  }
 231  
 232  if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1)
 233  {
 234      eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";");
 235  }
 236  
 237  if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1)
 238  {
 239      eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";");
 240  }
 241  
 242  if($mybb->usergroup['caneditprofiles'] == 1)
 243  {
 244      eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";");
 245  }
 246  
 247  if($mybb->usergroup['canbanusers'] == 1)
 248  {
 249      eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";");
 250  }
 251  
 252  if($mybb->usergroup['canviewwarnlogs'] == 1)
 253  {
 254      eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";");
 255  }
 256  
 257  if($mybb->usergroup['canuseipsearch'] == 1)
 258  {
 259      eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";");
 260  }
 261  
 262  $plugins->run_hooks("modcp_nav");
 263  
 264  if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs))
 265  {
 266      eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";");
 267  }
 268  
 269  if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch))
 270  {
 271      eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";");
 272  }
 273  
 274  eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";");
 275  
 276  $plugins->run_hooks("modcp_start");
 277  
 278  // Make navigation
 279  add_breadcrumb($lang->nav_modcp, "modcp.php");
 280  
 281  $mybb->input['action'] = $mybb->get_input('action');
 282  if($mybb->input['action'] == "do_reports")
 283  {
 284      // Verify incoming POST request
 285      verify_post_check($mybb->get_input('my_post_key'));
 286  
 287      $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY);
 288      if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports']))
 289      {
 290          error($lang->error_noselected_reports);
 291      }
 292  
 293      $message = $lang->redirect_reportsmarked;
 294  
 295      if(isset($mybb->cookies['inlinereports']))
 296      {
 297          if($mybb->cookies['inlinereports'] == '|ALL|') {
 298              $message = $lang->redirect_allreportsmarked;
 299              $sql = "1=1";
 300              if(isset($mybb->cookies['inlinereports_removed']))
 301              {
 302                  $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']);
 303                  $reports = array_map("intval", $inlinereportremovedlist);
 304                  $rids = implode("','", $reports);
 305                  $sql = "rid NOT IN ('0','{$rids}')";
 306              }
 307          }
 308          else
 309          {
 310              $inlinereportlist = explode("|", $mybb->cookies['inlinereports']);
 311              $reports = array_map("intval", $inlinereportlist);
 312  
 313              if(!count($reports))
 314              {
 315                  error($lang->error_noselected_reports);
 316              }
 317  
 318              $rids = implode("','", $reports);
 319  
 320              $sql = "rid IN ('0','{$rids}')";
 321          }
 322      }
 323      else
 324      {
 325          $mybb->input['reports'] = array_map("intval", $mybb->input['reports']);
 326          $rids = implode("','", $mybb->input['reports']);
 327  
 328          $sql = "rid IN ('0','{$rids}')";
 329      }
 330  
 331      $plugins->run_hooks("modcp_do_reports");
 332  
 333      $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}");
 334      $cache->update_reportedcontent();
 335  
 336      my_unsetcookie('inlinereports');
 337      my_unsetcookie('inlinereports_removed');
 338  
 339      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 340  
 341      redirect("modcp.php?action=reports&page={$page}", $message);
 342  }
 343  
 344  if($mybb->input['action'] == "reports")
 345  {
 346      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 347      {
 348          error_no_permission();
 349      }
 350  
 351      if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1)
 352      {
 353          error($lang->you_cannot_view_reported_posts);
 354      }
 355  
 356      $lang->load('report');
 357      add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports");
 358  
 359      $perpage = $mybb->settings['threadsperpage'];
 360      if(!$perpage)
 361      {
 362          $perpage = 20;
 363      }
 364  
 365      // Multipage
 366      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 367      {
 368          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'");
 369          $report_count = $db->fetch_field($query, "count");
 370      }
 371      else
 372      {
 373          $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')");
 374  
 375          $report_count = 0;
 376          while($fid = $db->fetch_field($query, 'id3'))
 377          {
 378              if(is_moderator($fid, "canmanagereportedposts"))
 379              {
 380                  ++$report_count;
 381              }
 382          }
 383          unset($fid);
 384      }
 385  
 386      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 387  
 388      $postcount = (int)$report_count;
 389      $pages = $postcount / $perpage;
 390      $pages = ceil($pages);
 391  
 392      if($page > $pages || $page <= 0)
 393      {
 394          $page = 1;
 395      }
 396  
 397      if($page && $page > 0)
 398      {
 399          $start = ($page-1) * $perpage;
 400      }
 401      else
 402      {
 403          $start = 0;
 404          $page = 1;
 405      }
 406  
 407      $multipage = $reportspages = '';
 408      if($postcount > $perpage)
 409      {
 410          $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports");
 411          eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 412      }
 413  
 414      $plugins->run_hooks("modcp_reports_start");
 415  
 416      // Reports
 417      $reports = '';
 418      $query = $db->query("
 419          SELECT r.*, u.username, rr.title
 420          FROM ".TABLE_PREFIX."reportedcontent r
 421          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid)
 422          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 423          WHERE r.reportstatus = '0'{$tflist_reports}
 424          ORDER BY r.reports DESC
 425          LIMIT {$start}, {$perpage}
 426      ");
 427  
 428      if(!$db->num_rows($query))
 429      {
 430          // No unread reports
 431          eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";");
 432      }
 433      else
 434      {
 435          $reportedcontent = $cache->read("reportedcontent");
 436          $reportcache = $usercache = $postcache = array();
 437  
 438          while($report = $db->fetch_array($query))
 439          {
 440              if($report['type'] == 'profile' || $report['type'] == 'reputation')
 441              {
 442                  // Profile UID is in ID
 443                  if(!isset($usercache[$report['id']]))
 444                  {
 445                      $usercache[$report['id']] = $report['id'];
 446                  }
 447  
 448                  // Reputation comment? The offender is the ID2
 449                  if($report['type'] == 'reputation')
 450                  {
 451                      if(!isset($usercache[$report['id2']]))
 452                      {
 453                          $usercache[$report['id2']] = $report['id2'];
 454                      }
 455                      if(!isset($usercache[$report['id3']]))
 456                      {
 457                          // The user who was offended
 458                          $usercache[$report['id3']] = $report['id3'];
 459                      }
 460                  }
 461              }
 462              else if(!$report['type'] || $report['type'] == 'post')
 463              {
 464                  // This (should) be a post
 465                  $postcache[$report['id']] = $report['id'];
 466              }
 467  
 468              // Lastpost info - is it missing (pre-1.8)?
 469              $lastposter = $report['uid'];
 470              if(!$report['lastreport'])
 471              {
 472                  // Last reporter is our first reporter
 473                  $report['lastreport'] = $report['dateline'];
 474              }
 475  
 476              if($report['reporters'])
 477              {
 478                  $reporters = my_unserialize($report['reporters']);
 479  
 480                  if(is_array($reporters))
 481                  {
 482                      $lastposter = end($reporters);
 483                  }
 484              }
 485  
 486              if(!isset($usercache[$lastposter]))
 487              {
 488                  $usercache[$lastposter] = $lastposter;
 489              }
 490  
 491              $report['lastreporter'] = $lastposter;
 492              $reportcache[] = $report;
 493          }
 494  
 495          // Report Center gets messy
 496          // Find information about our users (because we don't log it when they file a report)
 497          if(!empty($usercache))
 498          {
 499              $sql = implode(',', array_keys($usercache));
 500              $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})");
 501  
 502              while($user = $db->fetch_array($query))
 503              {
 504                  $usercache[$user['uid']] = $user;
 505              }
 506          }
 507  
 508          // Messy * 2
 509          // Find out post information for our reported posts
 510          if(!empty($postcache))
 511          {
 512              $sql = implode(',', array_keys($postcache));
 513              $query = $db->query("
 514                  SELECT p.pid, p.uid, p.username, p.tid, t.subject
 515                  FROM ".TABLE_PREFIX."posts p
 516                  LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid)
 517                  WHERE p.pid IN ({$sql})
 518              ");
 519  
 520              while($post = $db->fetch_array($query))
 521              {
 522                  $postcache[$post['pid']] = $post;
 523              }
 524          }
 525  
 526          $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache));
 527          $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count);
 528          $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count);
 529          eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";");
 530  
 531          $plugins->run_hooks('modcp_reports_intermediate');
 532  
 533          $inlinecount = 0;
 534          // Now that we have all of the information needed, display the reports
 535          foreach($reportcache as $report)
 536          {
 537              $trow = alt_trow();
 538  
 539              if(!$report['type'])
 540              {
 541                  // Assume a post
 542                  $report['type'] = 'post';
 543              }
 544  
 545              // Report Information
 546              $report_data = array();
 547  
 548              switch($report['type'])
 549              {
 550                  case 'post':
 551                      $post = get_post_link($report['id'])."#pid{$report['id']}";
 552                      $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']);
 553                      $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 554  
 555                      $thread_link = get_thread_link($postcache[$report['id']]['tid']);
 556                      $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject']));
 557                      $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 558  
 559                      break;
 560                  case 'profile':
 561                      $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']);
 562                      $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 563                      break;
 564                  case 'reputation':
 565                      $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}";
 566                      $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']);
 567                      $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user);
 568  
 569                      $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']);
 570                      $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user);
 571                      break;
 572              }
 573  
 574              // Report reason and comment
 575              if($report['reasonid'] > 0)
 576              {
 577                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 578  
 579                  if(empty($report['reason']))
 580                  {
 581                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 582                  }
 583                  else
 584                  {
 585                      $comment = htmlspecialchars_uni($report['reason']);
 586                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 587                  }
 588              }
 589              else
 590              {
 591                  $report_data['comment'] = $lang->na;
 592              }
 593  
 594              $report_reports = 1;
 595              if($report['reports'])
 596              {
 597                  $report_data['reports'] = my_number_format($report['reports']);
 598              }
 599  
 600              if($report['lastreporter'])
 601              {
 602                  if(is_array($usercache[$report['lastreporter']]))
 603                  {
 604                      $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']);
 605                  }
 606                  elseif($usercache[$report['lastreporter']] > 0)
 607                  {
 608                      $lastreport_user = htmlspecialchars_uni($lang->na_deleted);
 609                  }
 610  
 611                  $lastreport_date = my_date('relative', $report['lastreport']);
 612                  $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user);
 613              }
 614  
 615              $inlinecheck = '';
 616              if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false)
 617              {
 618                  $inlinecheck = " checked=\"checked\"";
 619                  ++$inlinecount;
 620              }
 621  
 622              $plugins->run_hooks("modcp_reports_report");
 623              eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";");
 624          }
 625      }
 626  
 627      $plugins->run_hooks("modcp_reports_end");
 628  
 629      eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";");
 630      output_page($reportedcontent);
 631  }
 632  
 633  if($mybb->input['action'] == "allreports")
 634  {
 635      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 636      {
 637          error_no_permission();
 638      }
 639  
 640      $lang->load('report');
 641  
 642      add_breadcrumb($lang->report_center, "modcp.php?action=reports");
 643      add_breadcrumb($lang->all_reports, "modcp.php?action=allreports");
 644  
 645      if(!$mybb->settings['threadsperpage'])
 646      {
 647          $mybb->settings['threadsperpage'] = 20;
 648      }
 649  
 650      // Figure out if we need to display multiple pages.
 651      $perpage = $mybb->settings['threadsperpage'];
 652      if($mybb->get_input('page') != "last")
 653      {
 654          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 655      }
 656  
 657      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 658      {
 659          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count");
 660          $report_count = $db->fetch_field($query, "count");
 661      }
 662      else
 663      {
 664          $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''");
 665  
 666          $report_count = 0;
 667          while($fid = $db->fetch_field($query, 'id3'))
 668          {
 669              if(is_moderator($fid, "canmanagereportedposts"))
 670              {
 671                  ++$report_count;
 672              }
 673          }
 674          unset($fid);
 675      }
 676  
 677      if(isset($mybb->input['rid']))
 678      {
 679          $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT);
 680          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'");
 681          $result = $db->fetch_field($query, "count");
 682          if(($result % $perpage) == 0)
 683          {
 684              $page = $result / $perpage;
 685          }
 686          else
 687          {
 688              $page = (int)$result / $perpage + 1;
 689          }
 690      }
 691      $postcount = (int)$report_count;
 692      $pages = $postcount / $perpage;
 693      $pages = ceil($pages);
 694  
 695      if($mybb->get_input('page') == "last")
 696      {
 697          $page = $pages;
 698      }
 699  
 700      if($page > $pages || $page <= 0)
 701      {
 702          $page = 1;
 703      }
 704  
 705      if($page)
 706      {
 707          $start = ($page-1) * $perpage;
 708      }
 709      else
 710      {
 711          $start = 0;
 712          $page = 1;
 713      }
 714      $upper = $start+$perpage;
 715  
 716      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
 717      $allreportspages = '';
 718      if($postcount > $perpage)
 719      {
 720          eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 721      }
 722  
 723      $plugins->run_hooks("modcp_allreports_start");
 724  
 725      $query = $db->query("
 726          SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title
 727          FROM ".TABLE_PREFIX."reportedcontent r
 728          LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid)
 729          LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)
 730          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
 731          LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
 732          LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id)
 733          LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2)
 734          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 735          {$wflist_reports}
 736          ORDER BY r.dateline DESC
 737          LIMIT {$start}, {$perpage}
 738      ");
 739  
 740      $allreports = '';
 741      if(!$db->num_rows($query))
 742      {
 743          eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";");
 744      }
 745      else
 746      {
 747          while($report = $db->fetch_array($query))
 748          {
 749              $trow = alt_trow();
 750  
 751              if($report['type'] == 'post')
 752              {
 753                  $post = get_post_link($report['id'])."#pid{$report['id']}";
 754                  $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']);
 755                  $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 756  
 757                  $thread_link = get_thread_link($report['id2']);
 758                  $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject']));
 759                  $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 760              }
 761              else if($report['type'] == 'profile')
 762              {
 763                  $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']);
 764                  $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 765              }
 766              else if($report['type'] == 'reputation')
 767              {
 768                  $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']);
 769                  $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}";
 770                  $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user);
 771              }
 772  
 773              // Report reason and comment
 774              if($report['reasonid'] > 0)
 775              {
 776                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 777  
 778                  if(empty($report['reason']))
 779                  {
 780                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 781                  }
 782                  else
 783                  {
 784                      $comment = htmlspecialchars_uni($report['reason']);
 785                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 786                  }
 787              }
 788              else
 789              {
 790                  $report_data['comment'] = $lang->na;
 791              }
 792  
 793              $report['reporterlink'] = get_profile_link($report['uid']);
 794              if(!$report['username'])
 795              {
 796                  $report['username'] = $lang->na_deleted;
 797                  $report['reporterlink'] = $post;
 798              }
 799              $report['username'] = htmlspecialchars_uni($report['username']);
 800  
 801              $report_data['reports'] = my_number_format($report['reports']);
 802              $report_data['time'] = my_date('relative', $report['dateline']);
 803  
 804              $plugins->run_hooks("modcp_allreports_report");
 805              eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";");
 806          }
 807      }
 808  
 809      $plugins->run_hooks("modcp_allreports_end");
 810  
 811      eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";");
 812      output_page($allreportedcontent);
 813  }
 814  
 815  if($mybb->input['action'] == "modlogs")
 816  {
 817      if($mybb->usergroup['canviewmodlogs'] == 0)
 818      {
 819          error_no_permission();
 820      }
 821  
 822      if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1)
 823      {
 824          error($lang->you_cannot_view_mod_logs);
 825      }
 826  
 827      add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");
 828  
 829      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
 830      if(!$perpage || $perpage <= 0)
 831      {
 832          $perpage = $mybb->settings['threadsperpage'];
 833      }
 834  
 835      $where = '';
 836  
 837      // Searching for entries by a particular user
 838      if($mybb->get_input('uid', MyBB::INPUT_INT))
 839      {
 840          $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
 841      }
 842  
 843      // Searching for entries in a specific forum
 844      if($mybb->get_input('fid', MyBB::INPUT_INT))
 845      {
 846          $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
 847      }
 848  
 849      $mybb->input['sortby'] = $mybb->get_input('sortby');
 850  
 851      // Order?
 852      switch($mybb->input['sortby'])
 853      {
 854          case "username":
 855              $sortby = "u.username";
 856              break;
 857          case "forum":
 858              $sortby = "f.name";
 859              break;
 860          case "thread":
 861              $sortby = "t.subject";
 862              break;
 863          default:
 864              $sortby = "l.dateline";
 865      }
 866      $order = $mybb->get_input('order');
 867      if($order != "asc")
 868      {
 869          $order = "desc";
 870      }
 871  
 872      $plugins->run_hooks("modcp_modlogs_start");
 873  
 874      $query = $db->query("
 875          SELECT COUNT(l.dateline) AS count
 876          FROM ".TABLE_PREFIX."moderatorlog l
 877          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 878          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 879          WHERE 1=1 {$where}{$tflist_modlog}
 880      ");
 881      $rescount = $db->fetch_field($query, "count");
 882  
 883      // Figure out if we need to display multiple pages.
 884      if($mybb->get_input('page') != "last")
 885      {
 886          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 887      }
 888  
 889      $postcount = (int)$rescount;
 890      $pages = $postcount / $perpage;
 891      $pages = ceil($pages);
 892  
 893      if($mybb->get_input('page') == "last")
 894      {
 895          $page = $pages;
 896      }
 897  
 898      if($page > $pages || $page <= 0)
 899      {
 900          $page = 1;
 901      }
 902  
 903      if($page)
 904      {
 905          $start = ($page-1) * $perpage;
 906      }
 907      else
 908      {
 909          $start = 0;
 910          $page = 1;
 911      }
 912  
 913      $page_url = 'modcp.php?action=modlogs&amp;perpage='.$perpage;
 914      foreach(array('uid', 'fid') as $field)
 915      {
 916          $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT);
 917          if(!empty($mybb->input[$field]))
 918          {
 919              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 920          }
 921      }
 922      foreach(array('sortby', 'order') as $field)
 923      {
 924          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
 925          if(!empty($mybb->input[$field]))
 926          {
 927              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 928          }
 929      }
 930  
 931      $multipage = multipage($postcount, $perpage, $page, $page_url);
 932      $resultspages = '';
 933      if($postcount > $perpage)
 934      {
 935          eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");
 936      }
 937      $query = $db->query("
 938          SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
 939          FROM ".TABLE_PREFIX."moderatorlog l
 940          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 941          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 942          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
 943          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
 944          WHERE 1=1 {$where}{$tflist_modlog}
 945          ORDER BY {$sortby} {$order}
 946          LIMIT {$start}, {$perpage}
 947      ");
 948      $results = '';
 949      while($logitem = $db->fetch_array($query))
 950      {
 951          $information = '';
 952          $logitem['action'] = htmlspecialchars_uni($logitem['action']);
 953          $log_date = my_date('relative', $logitem['dateline']);
 954          $trow = alt_trow();
 955          if($logitem['username'])
 956          {
 957              $logitem['username'] = htmlspecialchars_uni($logitem['username']);
 958              $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
 959              $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
 960          }
 961          else
 962          {
 963              $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted);
 964          }
 965          $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress']));
 966  
 967          if($logitem['tsubject'])
 968          {
 969              $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject']));
 970              $logitem['thread'] = get_thread_link($logitem['tid']);
 971              eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";");
 972          }
 973          if($logitem['fname'])
 974          {
 975              $logitem['forum'] = get_forum_link($logitem['fid']);
 976              eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";");
 977          }
 978          if($logitem['psubject'])
 979          {
 980              $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject']));
 981              $logitem['post'] = get_post_link($logitem['pid']);
 982              eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";");
 983          }
 984  
 985          // Edited a user or managed announcement?
 986          if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
 987          {
 988              $data = my_unserialize($logitem['data']);
 989              if(!empty($data['uid']))
 990              {
 991                  $data['username'] = htmlspecialchars_uni($data['username']);
 992                  $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
 993              }
 994              if(!empty($data['aid']))
 995              {
 996                  $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject']));
 997                  $data['announcement'] = get_announcement_link($data['aid']);
 998                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";");
 999              }
1000          }
1001  
1002          $plugins->run_hooks("modcp_modlogs_result");
1003  
1004          eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");
1005      }
1006  
1007      if(!$results)
1008      {
1009          eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");
1010      }
1011  
1012      $plugins->run_hooks("modcp_modlogs_filter");
1013  
1014      // Fetch filter options
1015      $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => '');
1016      $sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";
1017      $ordersel = array('asc' => '', 'desc' => '');
1018      $ordersel[$order] = "selected=\"selected\"";
1019      $user_options = '';
1020      $query = $db->query("
1021          SELECT DISTINCT l.uid, u.username
1022          FROM ".TABLE_PREFIX."moderatorlog l
1023          LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid)
1024          ORDER BY u.username ASC
1025      ");
1026      while($user = $db->fetch_array($query))
1027      {
1028          // Deleted Users
1029          if(!$user['username'])
1030          {
1031              $user['username'] = $lang->na_deleted;
1032          }
1033  
1034          $selected = '';
1035          if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid'])
1036          {
1037              $selected = " selected=\"selected\"";
1038          }
1039  
1040          $user['username'] = htmlspecialchars_uni($user['username']);
1041          eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";");
1042      }
1043  
1044      $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid");
1045  
1046      eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";");
1047      output_page($modlogs);
1048  }
1049  
1050  if($mybb->input['action'] == "do_delete_announcement")
1051  {
1052      verify_post_check($mybb->get_input('my_post_key'));
1053  
1054      if($mybb->usergroup['canmanageannounce'] == 0)
1055      {
1056          error_no_permission();
1057      }
1058  
1059      $aid = $mybb->get_input('aid');
1060      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1061      $announcement = $db->fetch_array($query);
1062  
1063      if(!$announcement)
1064      {
1065          error($lang->error_invalid_announcement);
1066      }
1067      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1068      {
1069          error_no_permission();
1070      }
1071  
1072      $plugins->run_hooks("modcp_do_delete_announcement");
1073  
1074      $db->delete_query("announcements", "aid='{$aid}'");
1075      log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted);
1076      $cache->update_forumsdisplay();
1077  
1078      redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);
1079  }
1080  
1081  if($mybb->input['action'] == "delete_announcement")
1082  {
1083      if($mybb->usergroup['canmanageannounce'] == 0)
1084      {
1085          error_no_permission();
1086      }
1087  
1088      $aid = $mybb->get_input('aid');
1089      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1090  
1091      $announcement = $db->fetch_array($query);
1092      $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1093  
1094      if(!$announcement)
1095      {
1096          error($lang->error_invalid_announcement);
1097      }
1098  
1099      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1100      {
1101          error_no_permission();
1102      }
1103  
1104      $plugins->run_hooks("modcp_delete_announcement");
1105  
1106      eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
1107      output_page($announcements);
1108  }
1109  
1110  if($mybb->input['action'] == "do_new_announcement")
1111  {
1112      verify_post_check($mybb->get_input('my_post_key'));
1113  
1114      if($mybb->usergroup['canmanageannounce'] == 0)
1115      {
1116          error_no_permission();
1117      }
1118  
1119      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1120      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1121      {
1122          error_no_permission();
1123      }
1124  
1125      $errors = array();
1126  
1127      $mybb->input['title'] = $mybb->get_input('title');
1128      if(!trim($mybb->input['title']))
1129      {
1130          $errors[] = $lang->error_missing_title;
1131      }
1132  
1133      $mybb->input['message'] = $mybb->get_input('message');
1134      if(!trim($mybb->input['message']))
1135      {
1136          $errors[] = $lang->error_missing_message;
1137      }
1138  
1139      if(!$announcement_fid)
1140      {
1141          $errors[] = $lang->error_missing_forum;
1142      }
1143  
1144      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1145      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1146      $startdate = @explode(" ", $mybb->input['starttime_time']);
1147      $startdate = @explode(":", $startdate[0]);
1148      $enddate = @explode(" ", $mybb->input['endtime_time']);
1149      $enddate = @explode(":", $enddate[0]);
1150  
1151      if(stristr($mybb->input['starttime_time'], "pm"))
1152      {
1153          $startdate[0] = 12+$startdate[0];
1154          if($startdate[0] >= 24)
1155          {
1156              $startdate[0] = "00";
1157          }
1158      }
1159  
1160      if(stristr($mybb->input['endtime_time'], "pm"))
1161      {
1162          $enddate[0] = 12+$enddate[0];
1163          if($enddate[0] >= 24)
1164          {
1165              $enddate[0] = "00";
1166          }
1167      }
1168  
1169      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1170      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1171      if(!in_array($mybb->input['starttime_month'], $months))
1172      {
1173          $mybb->input['starttime_month'] = '01';
1174      }
1175  
1176      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1177  
1178      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1179      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1180      {
1181          $errors[] = $lang->error_invalid_start_date;
1182      }
1183  
1184      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2)
1185      {
1186          $enddate = '0';
1187          $mybb->input['endtime_month'] = '01';
1188      }
1189      else
1190      {
1191          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1192          if(!in_array($mybb->input['endtime_month'], $months))
1193          {
1194              $mybb->input['endtime_month'] = '01';
1195          }
1196          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1197          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1198          {
1199              $errors[] = $lang->error_invalid_end_date;
1200          }
1201  
1202          if($enddate <= $startdate)
1203          {
1204              $errors[] = $lang->error_end_before_start;
1205          }
1206      }
1207  
1208      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1209      {
1210          $allowhtml = 1;
1211      }
1212      else
1213      {
1214          $allowhtml = 0;
1215      }
1216      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1217      {
1218          $allowmycode = 1;
1219      }
1220      else
1221      {
1222          $allowmycode = 0;
1223      }
1224      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1225      {
1226          $allowsmilies = 1;
1227      }
1228      else
1229      {
1230          $allowsmilies = 0;
1231      }
1232  
1233      $plugins->run_hooks("modcp_do_new_announcement_start");
1234  
1235      if(!$errors)
1236      {
1237          if(isset($mybb->input['preview']))
1238          {
1239              $preview = array();
1240              $mybb->input['action'] = 'new_announcement';
1241          }
1242          else
1243          {
1244              $insert_announcement = array(
1245                  'fid' => $announcement_fid,
1246                  'uid' => $mybb->user['uid'],
1247                  'subject' => $db->escape_string($mybb->input['title']),
1248                  'message' => $db->escape_string($mybb->input['message']),
1249                  'startdate' => $startdate,
1250                  'enddate' => $enddate,
1251                  'allowhtml' => $allowhtml,
1252                  'allowmycode' => $allowmycode,
1253                  'allowsmilies' => $allowsmilies
1254              );
1255              $aid = $db->insert_query("announcements", $insert_announcement);
1256  
1257              log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added);
1258  
1259              $plugins->run_hooks("modcp_do_new_announcement_end");
1260  
1261              $cache->update_forumsdisplay();
1262              redirect("modcp.php?action=announcements", $lang->redirect_add_announcement);
1263          }
1264      }
1265      else
1266      {
1267          $mybb->input['action'] = 'new_announcement';
1268      }
1269  }
1270  
1271  if($mybb->input['action'] == "new_announcement")
1272  {
1273      if($mybb->usergroup['canmanageannounce'] == 0)
1274      {
1275          error_no_permission();
1276      }
1277  
1278      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1279      add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements");
1280  
1281      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1282  
1283      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1284      {
1285          error_no_permission();
1286      }
1287  
1288      // Deal with inline errors
1289      if(!empty($errors) || isset($preview))
1290      {
1291          if(!empty($errors))
1292          {
1293              $errors = inline_error($errors);
1294          }
1295          else
1296          {
1297              $errors = '';
1298          }
1299  
1300          // Set $announcement to input stuff
1301          $announcement['subject'] = $mybb->input['title'];
1302          $announcement['message'] = $mybb->input['message'];
1303          $announcement['allowhtml'] = $allowhtml;
1304          $announcement['allowmycode'] = $allowmycode;
1305          $announcement['allowsmilies'] = $allowsmilies;
1306  
1307          $startmonth = $mybb->input['starttime_month'];
1308          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1309          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1310          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1311          $endmonth = $mybb->input['endtime_month'];
1312          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1313          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1314          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1315      }
1316      else
1317      {
1318          $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1319  
1320          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1321          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1322          $startday = $endday = gmdate("j", $localized_time);
1323          $startmonth = $endmonth = gmdate("m", $localized_time);
1324          $startdateyear = gmdate("Y", $localized_time);
1325  
1326          $announcement = array(
1327              'subject' => '',
1328              'message' => '',
1329              'allowhtml' => 0,
1330              'allowmycode' => 1,
1331              'allowsmilies' => 1
1332              );
1333  
1334          $enddateyear = $startdateyear+1;
1335      }
1336  
1337      // Generate form elements
1338      $startdateday = $enddateday = '';
1339      for($day = 1; $day <= 31; ++$day)
1340      {
1341          if($startday == $day)
1342          {
1343              $selected = " selected=\"selected\"";
1344              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1345          }
1346          else
1347          {
1348              $selected = '';
1349              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1350          }
1351  
1352          if($endday == $day)
1353          {
1354              $selected = " selected=\"selected\"";
1355              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1356          }
1357          else
1358          {
1359              $selected = '';
1360              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1361          }
1362      }
1363  
1364      $startmonthsel = $endmonthsel = array();
1365      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1366      {
1367          $startmonthsel[$month] = '';
1368          $endmonthsel[$month] = '';
1369      }
1370      $startmonthsel[$startmonth] = "selected=\"selected\"";
1371      $endmonthsel[$endmonth] = "selected=\"selected\"";
1372  
1373      $startdatemonth = $enddatemonth = '';
1374  
1375      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1376      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1377  
1378      $title = htmlspecialchars_uni($announcement['subject']);
1379      $message = htmlspecialchars_uni($announcement['message']);
1380  
1381      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1382  
1383      if($mybb->settings['announcementshtml'])
1384      {
1385          if($announcement['allowhtml'])
1386          {
1387              $html_sel['yes'] = ' checked="checked"';
1388          }
1389          else
1390          {
1391              $html_sel['no'] = ' checked="checked"';
1392          }
1393  
1394          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1395      }
1396      else
1397      {
1398          $allow_html = '';
1399      }
1400  
1401      if($announcement['allowmycode'])
1402      {
1403          $mycode_sel['yes'] = ' checked="checked"';
1404      }
1405      else
1406      {
1407          $mycode_sel['no'] = ' checked="checked"';
1408      }
1409  
1410      if($announcement['allowsmilies'])
1411      {
1412          $smilies_sel['yes'] = ' checked="checked"';
1413      }
1414      else
1415      {
1416          $smilies_sel['no'] = ' checked="checked"';
1417      }
1418  
1419      $end_type_sel = array('infinite' => '', 'finite' => '');
1420      if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2)
1421      {
1422          $end_type_sel['infinite'] = ' checked="checked"';
1423      }
1424      else
1425      {
1426          $end_type_sel['finite'] = ' checked="checked"';
1427      }
1428  
1429      // MyCode editor
1430      $codebuttons = build_mycode_inserter();
1431      $smilieinserter = build_clickable_smilies();
1432  
1433      if(isset($preview))
1434      {
1435          $announcementarray = array(
1436              'aid' => 0,
1437              'fid' => $announcement_fid,
1438              'uid' => $mybb->user['uid'],
1439              'subject' => $mybb->input['title'],
1440              'message' => $mybb->input['message'],
1441              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1442              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1443              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1444              'dateline' => TIME_NOW,
1445              'userusername' => $mybb->user['username'],
1446          );
1447  
1448          $array = $mybb->user;
1449          foreach($array as $key => $element)
1450          {
1451              $announcementarray[$key] = $element;
1452          }
1453  
1454          // Gather usergroup data from the cache
1455          // Field => Array Key
1456          $data_key = array(
1457              'title' => 'grouptitle',
1458              'usertitle' => 'groupusertitle',
1459              'stars' => 'groupstars',
1460              'starimage' => 'groupstarimage',
1461              'image' => 'groupimage',
1462              'namestyle' => 'namestyle',
1463              'usereputationsystem' => 'usereputationsystem'
1464          );
1465  
1466          foreach($data_key as $field => $key)
1467          {
1468              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1469          }
1470  
1471          require_once  MYBB_ROOT."inc/functions_post.php";
1472          $postbit = build_postbit($announcementarray, 3);
1473          eval("\$preview = \"".$templates->get("previewpost")."\";");
1474      }
1475      else
1476      {
1477          $preview = '';
1478      }
1479  
1480      $plugins->run_hooks("modcp_new_announcement");
1481  
1482      eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";");
1483      output_page($announcements);
1484  }
1485  
1486  if($mybb->input['action'] == "do_edit_announcement")
1487  {
1488      verify_post_check($mybb->get_input('my_post_key'));
1489  
1490      if($mybb->usergroup['canmanageannounce'] == 0)
1491      {
1492          error_no_permission();
1493      }
1494  
1495      // Get the announcement
1496      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1497      $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1498      $announcement = $db->fetch_array($query);
1499  
1500      // Check that it exists
1501      if(!$announcement)
1502      {
1503          error($lang->error_invalid_announcement);
1504      }
1505  
1506      // Mod has permissions to edit this announcement
1507      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1508      {
1509          error_no_permission();
1510      }
1511  
1512      $errors = array();
1513  
1514      // Basic error checking
1515      $mybb->input['title'] = $mybb->get_input('title');
1516      if(!trim($mybb->input['title']))
1517      {
1518          $errors[] = $lang->error_missing_title;
1519      }
1520  
1521      $mybb->input['message'] = $mybb->get_input('message');
1522      if(!trim($mybb->input['message']))
1523      {
1524          $errors[] = $lang->error_missing_message;
1525      }
1526  
1527      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1528      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1529      $startdate = @explode(" ", $mybb->input['starttime_time']);
1530      $startdate = @explode(":", $startdate[0]);
1531      $enddate = @explode(" ", $mybb->input['endtime_time']);
1532      $enddate = @explode(":", $enddate[0]);
1533  
1534      if(stristr($mybb->input['starttime_time'], "pm"))
1535      {
1536          $startdate[0] = 12+$startdate[0];
1537          if($startdate[0] >= 24)
1538          {
1539              $startdate[0] = "00";
1540          }
1541      }
1542  
1543      if(stristr($mybb->input['endtime_time'], "pm"))
1544      {
1545          $enddate[0] = 12+$enddate[0];
1546          if($enddate[0] >= 24)
1547          {
1548              $enddate[0] = "00";
1549          }
1550      }
1551  
1552      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1553      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1554      if(!in_array($mybb->input['starttime_month'], $months))
1555      {
1556          $mybb->input['starttime_month'] = '01';
1557      }
1558  
1559      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1560  
1561      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1562      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1563      {
1564          $errors[] = $lang->error_invalid_start_date;
1565      }
1566  
1567      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2")
1568      {
1569          $enddate = '0';
1570          $mybb->input['endtime_month'] = '01';
1571      }
1572      else
1573      {
1574          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1575          if(!in_array($mybb->input['endtime_month'], $months))
1576          {
1577              $mybb->input['endtime_month'] = '01';
1578          }
1579          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1580          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1581          {
1582              $errors[] = $lang->error_invalid_end_date;
1583          }
1584          elseif($enddate <= $startdate)
1585          {
1586              $errors[] = $lang->error_end_before_start;
1587          }
1588      }
1589  
1590      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1591      {
1592          $allowhtml = 1;
1593      }
1594      else
1595      {
1596          $allowhtml = 0;
1597      }
1598      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1599      {
1600          $allowmycode = 1;
1601      }
1602      else
1603      {
1604          $allowmycode = 0;
1605      }
1606      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1607      {
1608          $allowsmilies = 1;
1609      }
1610      else
1611      {
1612          $allowsmilies = 0;
1613      }
1614  
1615      $plugins->run_hooks("modcp_do_edit_announcement_start");
1616  
1617      // Proceed to update if no errors
1618      if(!$errors)
1619      {
1620          if(isset($mybb->input['preview']))
1621          {
1622              $preview = array();
1623              $mybb->input['action'] = 'edit_announcement';
1624          }
1625          else
1626          {
1627              $update_announcement = array(
1628                  'uid' => $mybb->user['uid'],
1629                  'subject' => $db->escape_string($mybb->input['title']),
1630                  'message' => $db->escape_string($mybb->input['message']),
1631                  'startdate' => $startdate,
1632                  'enddate' => $enddate,
1633                  'allowhtml' => $allowhtml,
1634                  'allowmycode' => $allowmycode,
1635                  'allowsmilies' => $allowsmilies
1636              );
1637              $db->update_query("announcements", $update_announcement, "aid='{$aid}'");
1638  
1639              log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited);
1640  
1641              $plugins->run_hooks("modcp_do_edit_announcement_end");
1642  
1643              $cache->update_forumsdisplay();
1644              redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement);
1645          }
1646      }
1647      else
1648      {
1649          $mybb->input['action'] = 'edit_announcement';
1650      }
1651  }
1652  
1653  if($mybb->input['action'] == "edit_announcement")
1654  {
1655      if($mybb->usergroup['canmanageannounce'] == 0)
1656      {
1657          error_no_permission();
1658      }
1659  
1660      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1661  
1662      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1663      add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&amp;aid={$aid}");
1664  
1665      // Get announcement
1666      if(!isset($announcement) || $mybb->request_method != 'post')
1667      {
1668          $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1669          $announcement = $db->fetch_array($query);
1670      }
1671  
1672      if(!$announcement)
1673      {
1674          error($lang->error_invalid_announcement);
1675      }
1676      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1677      {
1678          error_no_permission();
1679      }
1680  
1681      if(!$announcement['startdate'])
1682      {
1683          // No start date? Make it now.
1684          $announcement['startdate'] = TIME_NOW;
1685      }
1686  
1687      $makeshift_end = false;
1688      if(!$announcement['enddate'])
1689      {
1690          $makeshift_end = true;
1691          $makeshift_time = TIME_NOW;
1692          if($announcement['startdate'])
1693          {
1694              $makeshift_time = $announcement['startdate'];
1695          }
1696  
1697          // No end date? Make it a year from now.
1698          $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366);
1699      }
1700  
1701      // Deal with inline errors
1702      if(!empty($errors) || isset($preview))
1703      {
1704          if(!empty($errors))
1705          {
1706              $errors = inline_error($errors);
1707          }
1708          else
1709          {
1710              $errors = '';
1711          }
1712  
1713          // Set $announcement to input stuff
1714          $announcement['subject'] = $mybb->input['title'];
1715          $announcement['message'] = $mybb->input['message'];
1716          $announcement['allowhtml'] = $allowhtml;
1717          $announcement['allowmycode'] = $allowmycode;
1718          $announcement['allowsmilies'] = $allowsmilies;
1719  
1720          $startmonth = $mybb->input['starttime_month'];
1721          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1722          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1723          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1724          $endmonth = $mybb->input['endtime_month'];
1725          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1726          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1727          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1728  
1729          $errored = true;
1730      }
1731      else
1732      {
1733          $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1734          $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1735  
1736          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate);
1737          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate);
1738  
1739          $startday = gmdate('j', $localized_time_startdate);
1740          $endday = gmdate('j', $localized_time_enddate);
1741  
1742          $startmonth = gmdate('m', $localized_time_startdate);
1743          $endmonth = gmdate('m', $localized_time_enddate);
1744  
1745          $startdateyear = gmdate('Y', $localized_time_startdate);
1746          $enddateyear = gmdate('Y', $localized_time_enddate);
1747  
1748          $errored = false;
1749      }
1750  
1751      // Generate form elements
1752      $startdateday = $enddateday = '';
1753      for($day = 1; $day <= 31; ++$day)
1754      {
1755          if($startday == $day)
1756          {
1757              $selected = " selected=\"selected\"";
1758              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1759          }
1760          else
1761          {
1762              $selected = '';
1763              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1764          }
1765  
1766          if($endday == $day)
1767          {
1768              $selected = " selected=\"selected\"";
1769              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1770          }
1771          else
1772          {
1773              $selected = '';
1774              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1775          }
1776      }
1777  
1778      $startmonthsel = $endmonthsel = array();
1779      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1780      {
1781          $startmonthsel[$month] = '';
1782          $endmonthsel[$month] = '';
1783      }
1784      $startmonthsel[$startmonth] = "selected=\"selected\"";
1785      $endmonthsel[$endmonth] = "selected=\"selected\"";
1786  
1787      $startdatemonth = $enddatemonth = '';
1788  
1789      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1790      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1791  
1792      $title = htmlspecialchars_uni($announcement['subject']);
1793      $message = htmlspecialchars_uni($announcement['message']);
1794  
1795      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1796  
1797      if($mybb->settings['announcementshtml'])
1798      {
1799          if($announcement['allowhtml'])
1800          {
1801              $html_sel['yes'] = ' checked="checked"';
1802          }
1803          else
1804          {
1805              $html_sel['no'] = ' checked="checked"';
1806          }
1807  
1808          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1809      }
1810      else
1811      {
1812          $allow_html = '';
1813      }
1814  
1815      if($announcement['allowmycode'])
1816      {
1817          $mycode_sel['yes'] = ' checked="checked"';
1818      }
1819      else
1820      {
1821          $mycode_sel['no'] = ' checked="checked"';
1822      }
1823  
1824      if($announcement['allowsmilies'])
1825      {
1826          $smilies_sel['yes'] = ' checked="checked"';
1827      }
1828      else
1829      {
1830          $smilies_sel['no'] = ' checked="checked"';
1831      }
1832  
1833      $end_type_sel = array('infinite' => '', 'finite' => '');
1834      if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true)
1835      {
1836          $end_type_sel['infinite'] = ' checked="checked"';
1837      }
1838      else
1839      {
1840          $end_type_sel['finite'] = ' checked="checked"';
1841      }
1842  
1843      // MyCode editor
1844      $codebuttons = build_mycode_inserter();
1845      $smilieinserter = build_clickable_smilies();
1846  
1847      if(isset($preview))
1848      {
1849          $announcementarray = array(
1850              'aid' => $announcement['aid'],
1851              'fid' => $announcement['fid'],
1852              'uid' => $mybb->user['uid'],
1853              'subject' => $mybb->input['title'],
1854              'message' => $mybb->input['message'],
1855              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1856              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1857              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1858              'dateline' => TIME_NOW,
1859              'userusername' => $mybb->user['username'],
1860          );
1861  
1862          $array = $mybb->user;
1863          foreach($array as $key => $element)
1864          {
1865              $announcementarray[$key] = $element;
1866          }
1867  
1868          // Gather usergroup data from the cache
1869          // Field => Array Key
1870          $data_key = array(
1871              'title' => 'grouptitle',
1872              'usertitle' => 'groupusertitle',
1873              'stars' => 'groupstars',
1874              'starimage' => 'groupstarimage',
1875              'image' => 'groupimage',
1876              'namestyle' => 'namestyle',
1877              'usereputationsystem' => 'usereputationsystem'
1878          );
1879  
1880          foreach($data_key as $field => $key)
1881          {
1882              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1883          }
1884  
1885          require_once  MYBB_ROOT."inc/functions_post.php";
1886          $postbit = build_postbit($announcementarray, 3);
1887          eval("\$preview = \"".$templates->get("previewpost")."\";");
1888      }
1889      else
1890      {
1891          $preview = '';
1892      }
1893  
1894      $plugins->run_hooks("modcp_edit_announcement");
1895  
1896      eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";");
1897      output_page($announcements);
1898  }
1899  
1900  if($mybb->input['action'] == "announcements")
1901  {
1902      if($mybb->usergroup['canmanageannounce'] == 0)
1903      {
1904          error_no_permission();
1905      }
1906  
1907      if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1)
1908      {
1909          error($lang->you_cannot_manage_announcements);
1910      }
1911  
1912      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1913  
1914      // Fetch announcements into their proper arrays
1915      $query = $db->simple_select("announcements", "aid, fid, subject, enddate");
1916      $announcements = $global_announcements = array();
1917      while($announcement = $db->fetch_array($query))
1918      {
1919          if($announcement['fid'] == -1)
1920          {
1921              $global_announcements[$announcement['aid']] = $announcement;
1922              continue;
1923          }
1924          $announcements[$announcement['fid']][$announcement['aid']] = $announcement;
1925      }
1926  
1927      $announcements_global = '';
1928      if($mybb->usergroup['issupermod'] == 1)
1929      {
1930          if($global_announcements && $mybb->usergroup['issupermod'] == 1)
1931          {
1932              // Get the global announcements
1933              foreach($global_announcements as $aid => $announcement)
1934              {
1935                  $trow = alt_trow();
1936                  if($announcement['startdate'] > TIME_NOW || ($announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0))
1937                  {
1938                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";");
1939                  }
1940                  else
1941                  {
1942                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";");
1943                  }
1944  
1945                  $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1946  
1947                  eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";");
1948              }
1949          }
1950          else
1951          {
1952              // No global announcements
1953              eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";");
1954          }
1955          eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";");
1956      }
1957  
1958      $announcements_forum = '';
1959      fetch_forum_announcements();
1960  
1961      if(!$announcements_forum)
1962      {
1963          eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";");
1964      }
1965  
1966      $plugins->run_hooks("modcp_announcements");
1967  
1968      eval("\$announcements = \"".$templates->get("modcp_announcements")."\";");
1969      output_page($announcements);
1970  }
1971  
1972  if($mybb->input['action'] == "do_modqueue")
1973  {
1974      require_once  MYBB_ROOT."inc/class_moderation.php";
1975      $moderation = new Moderation;
1976  
1977      // Verify incoming POST request
1978      verify_post_check($mybb->get_input('my_post_key'));
1979  
1980      if($mybb->usergroup['canmanagemodqueue'] == 0)
1981      {
1982          error_no_permission();
1983      }
1984  
1985      $plugins->run_hooks("modcp_do_modqueue_start");
1986  
1987      $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY);
1988      $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY);
1989      $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY);
1990      if(!empty($mybb->input['threads']))
1991      {
1992          $threads = array_map("intval", array_keys($mybb->input['threads']));
1993          $threads_to_approve = $threads_to_delete = array();
1994          // Fetch threads
1995          $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}");
1996          while($thread = $db->fetch_array($query))
1997          {
1998              if(!isset($mybb->input['threads'][$thread['tid']]))
1999              {
2000                  continue;
2001              }
2002              $action = $mybb->input['threads'][$thread['tid']];
2003              if($action == "approve")
2004              {
2005                  $threads_to_approve[] = $thread['tid'];
2006              }
2007              else if($action == "delete")
2008              {
2009                  $threads_to_delete[] = $thread['tid'];
2010              }
2011          }
2012          if(!empty($threads_to_approve))
2013          {
2014              $moderation->approve_threads($threads_to_approve);
2015              log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads);
2016          }
2017          if(!empty($threads_to_delete))
2018          {
2019              if($mybb->settings['soft_delete'] == 1)
2020              {
2021                  $moderation->soft_delete_threads($threads_to_delete);
2022                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads);
2023              }
2024              else
2025              {
2026                  foreach($threads_to_delete as $tid)
2027                  {
2028                      $moderation->delete_thread($tid);
2029                  }
2030                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads);
2031              }
2032          }
2033  
2034          $plugins->run_hooks("modcp_do_modqueue_end");
2035  
2036          redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated);
2037      }
2038      else if(!empty($mybb->input['posts']))
2039      {
2040          $posts = array_map("intval", array_keys($mybb->input['posts']));
2041          // Fetch posts
2042          $posts_to_approve = $posts_to_delete = array();
2043          $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}");
2044          while($post = $db->fetch_array($query))
2045          {
2046              if(!isset($mybb->input['posts'][$post['pid']]))
2047              {
2048                  continue;
2049              }
2050              $action = $mybb->input['posts'][$post['pid']];
2051              if($action == "approve")
2052              {
2053                  $posts_to_approve[] = $post['pid'];
2054              }
2055              else if($action == "delete" && $mybb->settings['soft_delete'] != 1)
2056              {
2057                  $moderation->delete_post($post['pid']);
2058              }
2059              else if($action == "delete")
2060              {
2061                  $posts_to_delete[] = $post['pid'];
2062              }
2063          }
2064          if(!empty($posts_to_approve))
2065          {
2066              $moderation->approve_posts($posts_to_approve);
2067              log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts);
2068          }
2069          if(!empty($posts_to_delete))
2070          {
2071              if($mybb->settings['soft_delete'] == 1)
2072              {
2073                  $moderation->soft_delete_posts($posts_to_delete);
2074                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts);
2075              }
2076              else
2077              {
2078                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts);
2079              }
2080          }
2081  
2082          $plugins->run_hooks("modcp_do_modqueue_end");
2083  
2084          redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated);
2085      }
2086      else if(!empty($mybb->input['attachments']))
2087      {
2088          $attachments = array_map("intval", array_keys($mybb->input['attachments']));
2089          $query = $db->query("
2090              SELECT a.pid, a.aid
2091              FROM  ".TABLE_PREFIX."attachments a
2092              LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
2093              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2094              WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach}
2095          ");
2096          while($attachment = $db->fetch_array($query))
2097          {
2098              if(!isset($mybb->input['attachments'][$attachment['aid']]))
2099              {
2100                  continue;
2101              }
2102              $action = $mybb->input['attachments'][$attachment['aid']];
2103              if($action == "approve")
2104              {
2105                  $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");
2106              }
2107              else if($action == "delete")
2108              {
2109                  remove_attachment($attachment['pid'], '', $attachment['aid']);
2110              }
2111          }
2112  
2113          $plugins->run_hooks("modcp_do_modqueue_end");
2114  
2115          redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
2116      }
2117  }
2118  
2119  if($mybb->input['action'] == "modqueue")
2120  {
2121      $navsep = '';
2122  
2123      if($mybb->usergroup['canmanagemodqueue'] == 0)
2124      {
2125          error_no_permission();
2126      }
2127  
2128      if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2129      {
2130          error($lang->you_cannot_use_mod_queue);
2131      }
2132  
2133      $mybb->input['type'] = $mybb->get_input('type');
2134      $threadqueue = $postqueue = $attachmentqueue = '';
2135      if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1))
2136      {
2137          if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1)
2138          {
2139              error($lang->you_cannot_moderate_threads);
2140          }
2141  
2142          $forum_cache = $cache->read("forums");
2143  
2144          $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
2145          $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
2146  
2147          // Figure out if we need to display multiple pages.
2148          if($mybb->get_input('page') != "last")
2149          {
2150              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2151          }
2152  
2153          $perpage = $mybb->settings['threadsperpage'];
2154          $pages = $unapproved_threads / $perpage;
2155          $pages = ceil($pages);
2156  
2157          if($mybb->get_input('page') == "last")
2158          {
2159              $page = $pages;
2160          }
2161  
2162          if($page > $pages || $page <= 0)
2163          {
2164              $page = 1;
2165          }
2166  
2167          if($page)
2168          {
2169              $start = ($page-1) * $perpage;
2170          }
2171          else
2172          {
2173              $start = 0;
2174              $page = 1;
2175          }
2176  
2177          $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads");
2178  
2179          $query = $db->query("
2180              SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid
2181              FROM ".TABLE_PREFIX."threads t
2182              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost)
2183              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
2184              WHERE t.visible='0' {$tflist_queue_threads}
2185              ORDER BY t.lastpost DESC
2186              LIMIT {$start}, {$perpage}
2187          ");
2188          $threads = '';
2189          while($thread = $db->fetch_array($query))
2190          {
2191              $altbg = alt_trow();
2192              $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
2193              $thread['threadlink'] = get_thread_link($thread['tid']);
2194              $forum_link = get_forum_link($thread['fid']);
2195              $forum_name = $forum_cache[$thread['fid']]['name'];
2196              $threaddate = my_date('relative', $thread['dateline']);
2197  
2198              if($thread['username'] == "")
2199              {
2200                  if($thread['threadusername'] != "")
2201                  {
2202                      $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']);
2203                      $profile_link = $thread['threadusername'];
2204                  }
2205                  else
2206                  {
2207                      $profile_link = $lang->guest;
2208                  }
2209              }
2210              else
2211              {
2212                  $thread['username'] = htmlspecialchars_uni($thread['username']);
2213                  $profile_link = build_profile_link($thread['username'], $thread['uid']);
2214              }
2215  
2216              $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage']));
2217              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2218              eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";");
2219          }
2220  
2221          if(!$threads && $mybb->input['type'] == "threads")
2222          {
2223              eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";");
2224          }
2225  
2226          if($threads)
2227          {
2228              add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&amp;type=threads");
2229  
2230              $plugins->run_hooks("modcp_modqueue_threads_end");
2231  
2232              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2233              {
2234                  $navsep = " | ";
2235                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2236              }
2237  
2238              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2239              {
2240                  $navsep = " | ";
2241                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2242              }
2243  
2244              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2245              eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";");
2246              output_page($threadqueue);
2247          }
2248          $type = 'threads';
2249      }
2250  
2251      if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)))
2252      {
2253          if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1)
2254          {
2255              error($lang->you_cannot_moderate_posts);
2256          }
2257  
2258          $forum_cache = $cache->read("forums");
2259  
2260          $query = $db->query("
2261              SELECT COUNT(pid) AS unapprovedposts
2262              FROM  ".TABLE_PREFIX."posts p
2263              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2264              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2265          ");
2266          $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
2267  
2268          // Figure out if we need to display multiple pages.
2269          if($mybb->get_input('page') != "last")
2270          {
2271              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2272          }
2273  
2274          $perpage = $mybb->settings['postsperpage'];
2275          $pages = $unapproved_posts / $perpage;
2276          $pages = ceil($pages);
2277  
2278          if($mybb->get_input('page') == "last")
2279          {
2280              $page = $pages;
2281          }
2282  
2283          if($page > $pages || $page <= 0)
2284          {
2285              $page = 1;
2286          }
2287  
2288          if($page)
2289          {
2290              $start = ($page-1) * $perpage;
2291          }
2292          else
2293          {
2294              $start = 0;
2295              $page = 1;
2296          }
2297  
2298          $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");
2299  
2300          $query = $db->query("
2301              SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline
2302              FROM  ".TABLE_PREFIX."posts p
2303              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2304              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2305              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2306              ORDER BY p.dateline DESC
2307              LIMIT {$start}, {$perpage}
2308          ");
2309          $posts = '';
2310          while($post = $db->fetch_array($query))
2311          {
2312              $altbg = alt_trow();
2313              $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject']));
2314              $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject']));
2315              $post['threadlink'] = get_thread_link($post['tid']);
2316              $post['postlink'] = get_post_link($post['pid'], $post['tid']);
2317              $forum_link = get_forum_link($post['fid']);
2318              $forum_name = $forum_cache[$post['fid']]['name'];
2319              $postdate = my_date('relative', $post['dateline']);
2320  
2321              if($post['username'] == "")
2322              {
2323                  if($post['postusername'] != "")
2324                  {
2325                      $post['postusername'] = htmlspecialchars_uni($post['postusername']);
2326                      $profile_link = $post['postusername'];
2327                  }
2328                  else
2329                  {
2330                      $profile_link = $lang->guest;
2331                  }
2332              }
2333              else
2334              {
2335                  $post['username'] = htmlspecialchars_uni($post['username']);
2336                  $profile_link = build_profile_link($post['username'], $post['uid']);
2337              }
2338  
2339              eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";");
2340              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2341              $post['message'] = nl2br(htmlspecialchars_uni($post['message']));
2342              eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";");
2343          }
2344  
2345          if(!$posts && $mybb->input['type'] == "posts")
2346          {
2347              eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";");
2348          }
2349  
2350          if($posts)
2351          {
2352              add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&amp;type=posts");
2353  
2354              $plugins->run_hooks("modcp_modqueue_posts_end");
2355  
2356              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2357              {
2358                  $navsep = " | ";
2359                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2360              }
2361  
2362              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2363              {
2364                  $navsep = " | ";
2365                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2366              }
2367  
2368              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2369              eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";");
2370              output_page($postqueue);
2371          }
2372      }
2373  
2374      if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)))
2375      {
2376          if($mybb->settings['enableattachments'] == 0)
2377          {
2378              error($lang->attachments_disabled);
2379          }
2380  
2381          if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2382          {
2383              error($lang->you_cannot_moderate_attachments);
2384          }
2385  
2386          $query = $db->query("
2387              SELECT COUNT(aid) AS unapprovedattachments
2388              FROM  ".TABLE_PREFIX."attachments a
2389              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2390              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2391              WHERE a.visible='0'{$tflist_queue_attach}
2392          ");
2393          $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
2394  
2395          // Figure out if we need to display multiple pages.
2396          if($mybb->get_input('page') != "last")
2397          {
2398              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2399          }
2400  
2401          $perpage = $mybb->settings['postsperpage'];
2402          $pages = $unapproved_attachments / $perpage;
2403          $pages = ceil($pages);
2404  
2405          if($mybb->get_input('page') == "last")
2406          {
2407              $page = $pages;
2408          }
2409  
2410          if($page > $pages || $page <= 0)
2411          {
2412              $page = 1;
2413          }
2414  
2415          if($page)
2416          {
2417              $start = ($page-1) * $perpage;
2418          }
2419          else
2420          {
2421              $start = 0;
2422              $page = 1;
2423          }
2424  
2425          $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");
2426  
2427          $query = $db->query("
2428              SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject
2429              FROM  ".TABLE_PREFIX."attachments a
2430              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2431              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2432              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2433              WHERE a.visible='0'{$tflist_queue_attach}
2434              ORDER BY a.dateuploaded DESC
2435              LIMIT {$start}, {$perpage}
2436          ");
2437          $attachments = '';
2438          while($attachment = $db->fetch_array($query))
2439          {
2440              $altbg = alt_trow();
2441  
2442              if(!$attachment['dateuploaded'])
2443              {
2444                  $attachment['dateuploaded'] = $attachment['dateline'];
2445              }
2446  
2447              $attachdate = my_date('relative', $attachment['dateuploaded']);
2448  
2449              $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject']));
2450              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
2451              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
2452              $attachment['filesize'] = get_friendly_size($attachment['filesize']);
2453  
2454              $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}";
2455              $thread_link = get_thread_link($attachment['tid']);
2456              $attachment['username'] = htmlspecialchars_uni($attachment['username']);
2457              $profile_link = build_profile_link($attachment['username'], $attachment['uid']);
2458  
2459              eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";");
2460          }
2461  
2462          if(!$attachments && $mybb->input['type'] == "attachments")
2463          {
2464              eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";");
2465          }
2466  
2467          if($attachments)
2468          {
2469              add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&amp;type=attachments");
2470  
2471              $plugins->run_hooks("modcp_modqueue_attachments_end");
2472  
2473              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2474              {
2475                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2476                  $navsep = " | ";
2477              }
2478  
2479              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2480              {
2481                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2482                  $navsep = " | ";
2483              }
2484  
2485              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2486              eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";");
2487              output_page($attachmentqueue);
2488          }
2489      }
2490  
2491      // Still nothing? All queues are empty! :-D
2492      if(!$threadqueue && !$postqueue && !$attachmentqueue)
2493      {
2494          add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue");
2495  
2496          $plugins->run_hooks("modcp_modqueue_end");
2497  
2498          eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";");
2499          output_page($queue);
2500      }
2501  }
2502  
2503  if($mybb->input['action'] == "do_editprofile")
2504  {
2505      // Verify incoming POST request
2506      verify_post_check($mybb->input['my_post_key']);
2507  
2508      if($mybb->usergroup['caneditprofiles'] == 0)
2509      {
2510          error_no_permission();
2511      }
2512  
2513      $user = get_user($mybb->input['uid']);
2514      if(!$user)
2515      {
2516          error($lang->error_nomember);
2517      }
2518  
2519      // Check if the current user has permission to edit this user
2520      if(!modcp_can_manage_user($user['uid']))
2521      {
2522          error_no_permission();
2523      }
2524  
2525      $plugins->run_hooks("modcp_do_editprofile_start");
2526  
2527      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
2528      {
2529          $awaydate = TIME_NOW;
2530          if(!empty($mybb->input['awayday']))
2531          {
2532              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
2533              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
2534              {
2535                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
2536              }
2537              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
2538              {
2539                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
2540              }
2541  
2542              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
2543              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
2544              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
2545  
2546              // Check if return date is after the away date.
2547              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
2548              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
2549              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
2550              {
2551                  error($lang->error_modcp_return_date_past);
2552              }
2553  
2554              $returndate = "{$return_day}-{$return_month}-{$return_year}";
2555          }
2556          else
2557          {
2558              $returndate = "";
2559          }
2560          $away = array(
2561              "away" => 1,
2562              "date" => $awaydate,
2563              "returndate" => $returndate,
2564              "awayreason" => $mybb->get_input('awayreason')
2565          );
2566      }
2567      else
2568      {
2569          $away = array(
2570              "away" => 0,
2571              "date" => '',
2572              "returndate" => '',
2573              "awayreason" => ''
2574          );
2575      }
2576  
2577      // Set up user handler.
2578      require_once  MYBB_ROOT."inc/datahandlers/user.php";
2579      $userhandler = new UserDataHandler('update');
2580  
2581      // Set the data for the new user.
2582      $updated_user = array(
2583          "uid" => $user['uid'],
2584          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
2585          "profile_fields_editable" => true,
2586          "website" => $mybb->get_input('website'),
2587          "icq" => $mybb->get_input('icq'),
2588          "aim" => $mybb->get_input('aim'),
2589          "yahoo" => $mybb->get_input('yahoo'),
2590          "skype" => $mybb->get_input('skype'),
2591          "google" => $mybb->get_input('google'),
2592          "signature" => $mybb->get_input('signature'),
2593          "usernotes" => $mybb->get_input('usernotes'),
2594          "away" => $away
2595      );
2596  
2597      $updated_user['birthday'] = array(
2598          "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT),
2599          "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT),
2600          "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT)
2601      );
2602  
2603      if(!empty($mybb->input['usertitle']))
2604      {
2605          $updated_user['usertitle'] = $mybb->get_input('usertitle');
2606      }
2607      else if(!empty($mybb->input['reverttitle']))
2608      {
2609          $updated_user['usertitle'] = '';
2610      }
2611  
2612      if(!empty($mybb->input['remove_avatar']))
2613      {
2614          $updated_user['avatarurl'] = '';
2615      }
2616  
2617      // Set the data of the user in the datahandler.
2618      $userhandler->set_data($updated_user);
2619      $errors = '';
2620  
2621      // Validate the user and get any errors that might have occurred.
2622      if(!$userhandler->validate_user())
2623      {
2624          $errors = $userhandler->get_friendly_errors();
2625          $mybb->input['action'] = "editprofile";
2626      }
2627      else
2628      {
2629          // Are we removing an avatar from this user?
2630          if(!empty($mybb->input['remove_avatar']))
2631          {
2632              $extra_user_updates = array(
2633                  "avatar" => "",
2634                  "avatardimensions" => "",
2635                  "avatartype" => ""
2636              );
2637              remove_avatars($user['uid']);
2638          }
2639  
2640          // Moderator "Options" (suspend signature, suspend/moderate posting)
2641          $moderator_options = array(
2642              1 => array(
2643                  "action" => "suspendsignature", // The moderator action we're performing
2644                  "period" => "action_period", // The time period we've selected from the dropdown box
2645                  "time" => "action_time", // The time we've entered
2646                  "update_field" => "suspendsignature", // The field in the database to update if true
2647                  "update_length" => "suspendsigtime" // The length of suspension field in the database
2648              ),
2649              2 => array(
2650                  "action" => "moderateposting",
2651                  "period" => "modpost_period",
2652                  "time" => "modpost_time",
2653                  "update_field" => "moderateposts",
2654                  "update_length" => "moderationtime"
2655              ),
2656              3 => array(
2657                  "action" => "suspendposting",
2658                  "period" => "suspost_period",
2659                  "time" => "suspost_time",
2660                  "update_field" => "suspendposting",
2661                  "update_length" => "suspensiontime"
2662              )
2663          );
2664  
2665          require_once  MYBB_ROOT."inc/functions_warnings.php";
2666          foreach($moderator_options as $option)
2667          {
2668              $mybb->input[$option['time']] = $mybb->get_input($option['time'], MyBB::INPUT_INT);
2669              $mybb->input[$option['period']] = $mybb->get_input($option['period']);
2670              if(empty($mybb->input[$option['action']]))
2671              {
2672                  if($user[$option['update_field']] == 1)
2673                  {
2674                      // We're revoking the suspension
2675                      $extra_user_updates[$option['update_field']] = 0;
2676                      $extra_user_updates[$option['update_length']] = 0;
2677                  }
2678  
2679                  // Skip this option if we haven't selected it
2680                  continue;
2681              }
2682  
2683              else
2684              {
2685                  if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
2686                  {
2687                      // User has selected a type of ban, but not entered a valid time frame
2688                      $string = $option['action']."_error";
2689                      $errors[] = $lang->$string;
2690                  }
2691  
2692                  if(!is_array($errors))
2693                  {
2694                      $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
2695  
2696                      if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
2697                      {
2698                          // We already have a suspension, but entered a new time
2699                          if($suspend_length == "-1")
2700                          {
2701                              // Permanent ban on action
2702                              $extra_user_updates[$option['update_length']] = 0;
2703                          }
2704                          elseif($suspend_length && $suspend_length != "-1")
2705                          {
2706                              // Temporary ban on action
2707                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2708                          }
2709                      }
2710                      elseif(!$user[$option['update_field']])
2711                      {
2712                          // New suspension for this user... bad user!
2713                          $extra_user_updates[$option['update_field']] = 1;
2714                          if($suspend_length == "-1")
2715                          {
2716                              $extra_user_updates[$option['update_length']] = 0;
2717                          }
2718                          else
2719                          {
2720                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2721                          }
2722                      }
2723                  }
2724              }
2725          }
2726  
2727          // Those with javascript turned off will be able to select both - cheeky!
2728          // Check to make sure we're not moderating AND suspending posting
2729          if(isset($extra_user_updates) && $extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
2730          {
2731              $errors[] = $lang->suspendmoderate_error;
2732          }
2733  
2734          if(is_array($errors))
2735          {
2736              $mybb->input['action'] = "editprofile";
2737          }
2738          else
2739          {
2740              $plugins->run_hooks("modcp_do_editprofile_update");
2741  
2742              // Continue with the update if there is no errors
2743              $user_info = $userhandler->update_user();
2744              if(!empty($extra_user_updates))
2745              {
2746                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
2747              }
2748              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user);
2749  
2750              $plugins->run_hooks("modcp_do_editprofile_end");
2751  
2752              redirect("modcp.php?action=finduser", $lang->redirect_user_updated);
2753          }
2754      }
2755  }
2756  
2757  if($mybb->input['action'] == "editprofile")
2758  {
2759      if($mybb->usergroup['caneditprofiles'] == 0)
2760      {
2761          error_no_permission();
2762      }
2763  
2764      add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile");
2765  
2766      $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
2767      if(!$user)
2768      {
2769          error($lang->error_nomember);
2770      }
2771  
2772      // Check if the current user has permission to edit this user
2773      if(!modcp_can_manage_user($user['uid']))
2774      {
2775          error_no_permission();
2776      }
2777  
2778      if(!my_validate_url($user['website']))
2779      {
2780          $user['website'] = '';
2781      }
2782  
2783      if($user['icq'] != "0")
2784      {
2785          $user['icq'] = (int)$user['icq'];
2786      }
2787  
2788      if(!$errors)
2789      {
2790          $mybb->input = array_merge($user, $mybb->input);
2791          $birthday = explode('-', $user['birthday']);
2792          if(!isset($birthday[1]))
2793          {
2794              $birthday[1] = '';
2795          }
2796          if(!isset($birthday[2]))
2797          {
2798              $birthday[2] = '';
2799          }
2800          list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday;
2801      }
2802      else
2803      {
2804          $errors = inline_error($errors);
2805      }
2806  
2807      // Sanitize all input
2808      foreach(array('usertitle', 'website', 'icq', 'aim', 'yahoo', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
2809      {
2810          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
2811      }
2812  
2813      // Custom user title, check to see if we have a default group title
2814      if(!$user['displaygroup'])
2815      {
2816          $user['displaygroup'] = $user['usergroup'];
2817      }
2818  
2819      $displaygroupfields = array('usertitle');
2820      $display_group = usergroup_displaygroup($user['displaygroup']);
2821  
2822      if(!empty($display_group['usertitle']))
2823      {
2824          $defaulttitle = htmlspecialchars_uni($display_group['usertitle']);
2825      }
2826      else
2827      {
2828          // Go for post count title if a group default isn't set
2829          $usertitles = $cache->read('usertitles');
2830  
2831          foreach($usertitles as $title)
2832          {
2833              if($title['posts'] <= $user['postnum'])
2834              {
2835                  $defaulttitle = $title['title'];
2836                  break;
2837              }
2838          }
2839      }
2840  
2841      $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
2842  
2843      if(empty($user['usertitle']))
2844      {
2845          $lang->current_custom_usertitle = '';
2846      }
2847  
2848      $bdaydaysel = $selected = '';
2849      for($day = 1; $day <= 31; ++$day)
2850      {
2851          if($mybb->input['birthday_day'] == $day)
2852          {
2853              $selected = "selected=\"selected\"";
2854          }
2855          else
2856          {
2857              $selected = '';
2858          }
2859  
2860          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
2861      }
2862  
2863      $bdaymonthsel = array();
2864      foreach(range(1, 12) as $month)
2865      {
2866          $bdaymonthsel[$month] = '';
2867      }
2868      $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"';
2869  
2870      if($mybb->settings['allowaway'] != 0)
2871      {
2872          $awaycheck = array('', '');
2873          if($errors)
2874          {
2875              if($user['away'] == 1)
2876              {
2877                  $awaycheck[1] = "checked=\"checked\"";
2878              }
2879              else
2880              {
2881                  $awaycheck[0] = "checked=\"checked\"";
2882              }
2883              $returndate = array();
2884              $returndate[0] = $mybb->get_input('awayday');
2885              $returndate[1] = $mybb->get_input('awaymonth');
2886              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
2887              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
2888          }
2889          else
2890          {
2891              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
2892              if($user['away'] == 1)
2893              {
2894                  $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']);
2895                  $awaycheck[1] = "checked=\"checked\"";
2896                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
2897              }
2898              else
2899              {
2900                  $awaynotice = $lang->away_notice;
2901                  $awaycheck[0] = "checked=\"checked\"";
2902              }
2903              $returndate = explode("-", $user['returndate']);
2904          }
2905          $returndatesel = $selected = '';
2906          for($day = 1; $day <= 31; ++$day)
2907          {
2908              if($returndate[0] == $day)
2909              {
2910                  $selected = "selected=\"selected\"";
2911              }
2912              else
2913              {
2914                  $selected = '';
2915              }
2916  
2917              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
2918          }
2919  
2920          $returndatemonthsel = array();
2921          foreach(range(1, 12) as $month)
2922          {
2923              $returndatemonthsel[$month] = '';
2924          }
2925          if(isset($returndate[1]))
2926          {
2927              $returndatemonthsel[$returndate[1]] = " selected=\"selected\"";
2928          }
2929  
2930          if(!isset($returndate[2]))
2931          {
2932              $returndate[2] = '';
2933          }
2934  
2935          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
2936      }
2937  
2938      $plugins->run_hooks("modcp_editprofile_start");
2939  
2940      // Fetch profile fields
2941      $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
2942      $user_fields = $db->fetch_array($query);
2943  
2944      $requiredfields = '';
2945      $customfields = '';
2946      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
2947  
2948      $pfcache = $cache->read('profilefields');
2949  
2950      if(is_array($pfcache))
2951      {
2952          foreach($pfcache as $profilefield)
2953          {
2954              $userfield = $code = $select = $val = $options = $expoptions = $useropts = '';
2955              $seloptions = array();
2956              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
2957              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
2958              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
2959              $thing = explode("\n", $profilefield['type'], "2");
2960              $type = $thing[0];
2961              if(isset($thing[1]))
2962              {
2963                  $options = $thing[1];
2964              }
2965              $field = "fid{$profilefield['fid']}";
2966              if($errors)
2967              {
2968                  if(isset($mybb->input['profile_fields'][$field]))
2969                  {
2970                      $userfield = $mybb->input['profile_fields'][$field];
2971                  }
2972              }
2973              else
2974              {
2975                  $userfield = $user_fields[$field];
2976              }
2977              if($type == "multiselect")
2978              {
2979                  if($errors)
2980                  {
2981                      $useropts = $userfield;
2982                  }
2983                  else
2984                  {
2985                      $useropts = explode("\n", $userfield);
2986                  }
2987                  if(is_array($useropts))
2988                  {
2989                      foreach($useropts as $key => $val)
2990                      {
2991                          $seloptions[$val] = $val;
2992                      }
2993                  }
2994                  $expoptions = explode("\n", $options);
2995                  if(is_array($expoptions))
2996                  {
2997                      foreach($expoptions as $key => $val)
2998                      {
2999                          $val = trim($val);
3000                          $val = str_replace("\n", "\\n", $val);
3001  
3002                          $sel = "";
3003                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3004                          {
3005                              $sel = " selected=\"selected\"";
3006                          }
3007  
3008                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
3009                      }
3010                      if(!$profilefield['length'])
3011                      {
3012                          $profilefield['length'] = 3;
3013                      }
3014  
3015                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
3016                  }
3017              }
3018              elseif($type == "select")
3019              {
3020                  $expoptions = explode("\n", $options);
3021                  if(is_array($expoptions))
3022                  {
3023                      foreach($expoptions as $key => $val)
3024                      {
3025                          $val = trim($val);
3026                          $val = str_replace("\n", "\\n", $val);
3027                          $sel = "";
3028                          if($val == $userfield)
3029                          {
3030                              $sel = " selected=\"selected\"";
3031                          }
3032  
3033                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
3034                      }
3035                      if(!$profilefield['length'])
3036                      {
3037                          $profilefield['length'] = 1;
3038                      }
3039  
3040                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
3041                  }
3042              }
3043              elseif($type == "radio")
3044              {
3045                  $expoptions = explode("\n", $options);
3046                  if(is_array($expoptions))
3047                  {
3048                      foreach($expoptions as $key => $val)
3049                      {
3050                          $checked = "";
3051                          if($val == $userfield)
3052                          {
3053                              $checked = " checked=\"checked\"";
3054                          }
3055  
3056                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
3057                      }
3058                  }
3059              }
3060              elseif($type == "checkbox")
3061              {
3062                  if($errors)
3063                  {
3064                      $useropts = $userfield;
3065                  }
3066                  else
3067                  {
3068                      $useropts = explode("\n", $userfield);
3069                  }
3070                  if(is_array($useropts))
3071                  {
3072                      foreach($useropts as $key => $val)
3073                      {
3074                          $seloptions[$val] = $val;
3075                      }
3076                  }
3077                  $expoptions = explode("\n", $options);
3078                  if(is_array($expoptions))
3079                  {
3080                      foreach($expoptions as $key => $val)
3081                      {
3082                          $checked = "";
3083                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3084                          {
3085                              $checked = " checked=\"checked\"";
3086                          }
3087  
3088                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
3089                      }
3090                  }
3091              }
3092              elseif($type == "textarea")
3093              {
3094                  $value = htmlspecialchars_uni($userfield);
3095                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
3096              }
3097              else
3098              {
3099                  $value = htmlspecialchars_uni($userfield);
3100                  $maxlength = "";
3101                  if($profilefield['maxlength'] > 0)
3102                  {
3103                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
3104                  }
3105  
3106                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
3107              }
3108  
3109              if($profilefield['required'] == 1)
3110              {
3111                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3112              }
3113              else
3114              {
3115                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3116              }
3117              $altbg = alt_trow();
3118          }
3119      }
3120      if($customfields)
3121      {
3122          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
3123      }
3124  
3125      $user['username'] = htmlspecialchars_uni($user['username']);
3126      $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']);
3127      $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3128  
3129      $user['signature'] = htmlspecialchars_uni($user['signature']);
3130      $codebuttons = build_mycode_inserter("signature");
3131  
3132      // Do we mark the suspend signature box?
3133      if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors)))
3134      {
3135          $checked = 1;
3136          $checked_item = "checked=\"checked\"";
3137      }
3138      else
3139      {
3140          $checked = 0;
3141          $checked_item = '';
3142      }
3143  
3144      // Do we mark the moderate posts box?
3145      if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors)))
3146      {
3147          $modpost_check = 1;
3148          $modpost_checked = "checked=\"checked\"";
3149      }
3150      else
3151      {
3152          $modpost_check = 0;
3153          $modpost_checked = '';
3154      }
3155  
3156      // Do we mark the suspend posts box?
3157      if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors)))
3158      {
3159          $suspost_check = 1;
3160          $suspost_checked = "checked=\"checked\"";
3161      }
3162      else
3163      {
3164          $suspost_check = 0;
3165          $suspost_checked = '';
3166      }
3167  
3168      $moderator_options = array(
3169          1 => array(
3170              "action" => "suspendsignature", // The input action for this option
3171              "option" => "suspendsignature", // The field in the database that this option relates to
3172              "time" => "action_time", // The time we've entered
3173              "length" => "suspendsigtime", // The length of suspension field in the database
3174              "select_option" => "action" // The name of the select box of this option
3175          ),
3176          2 => array(
3177              "action" => "moderateposting",
3178              "option" => "moderateposts",
3179              "time" => "modpost_time",
3180              "length" => "moderationtime",
3181              "select_option" => "modpost"
3182          ),
3183          3 => array(
3184              "action" => "suspendposting",
3185              "option" => "suspendposting",
3186              "time" => "suspost_time",
3187              "length" => "suspensiontime",
3188              "select_option" => "suspost"
3189          )
3190      );
3191  
3192      $periods = array(
3193          "hours" => $lang->expire_hours,
3194          "days" => $lang->expire_days,
3195          "weeks" => $lang->expire_weeks,
3196          "months" => $lang->expire_months,
3197          "never" => $lang->expire_permanent
3198      );
3199  
3200      $suspendsignature_info = $moderateposts_info = $suspendposting_info = '';
3201      $action_options = $modpost_options = $suspost_options = '';
3202      foreach($moderator_options as $option)
3203      {
3204          $mybb->input[$option['time']] = $mybb->get_input($option['time'], MyBB::INPUT_INT);
3205          // Display the suspension info, if this user has this option suspended
3206          if($user[$option['option']])
3207          {
3208              if($user[$option['length']] == 0)
3209              {
3210                  // User has a permanent ban
3211                  $string = $option['option']."_perm";
3212                  $suspension_info = $lang->$string;
3213              }
3214              else
3215              {
3216                  // User has a temporary (or limited) ban
3217                  $string = $option['option']."_for";
3218                  $for_date = my_date('relative', $user[$option['length']], '', 2);
3219                  $suspension_info = $lang->sprintf($lang->$string, $for_date);
3220              }
3221  
3222              switch($option['option'])
3223              {
3224                  case "suspendsignature":
3225                      eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3226                      break;
3227                  case "moderateposts":
3228                      eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3229                      break;
3230                  case "suspendposting":
3231                      eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3232                      break;
3233              }
3234          }
3235  
3236          // Generate the boxes for this option
3237          $selection_options = '';
3238          foreach($periods as $key => $value)
3239          {
3240              $string = $option['select_option']."_period";
3241              if($mybb->get_input($string) == $key)
3242              {
3243                  $selected = "selected=\"selected\"";
3244              }
3245              else
3246              {
3247                  $selected = '';
3248              }
3249  
3250              eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";");
3251          }
3252  
3253          $select_name = $option['select_option']."_period";
3254          switch($option['option'])
3255          {
3256              case "suspendsignature":
3257                  eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";");
3258                  break;
3259              case "moderateposts":
3260                  eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3261                  break;
3262              case "suspendposting":
3263                  eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3264                  break;
3265          }
3266      }
3267  
3268      eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";");
3269  
3270      $user['usernotes'] = htmlspecialchars_uni($user['usernotes']);
3271  
3272      if(!isset($newtitle))
3273      {
3274          $newtitle = '';
3275      }
3276  
3277      $plugins->run_hooks("modcp_editprofile_end");
3278  
3279      eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";");
3280      output_page($edituser);
3281  }
3282  
3283  if($mybb->input['action'] == "finduser")
3284  {
3285      if($mybb->usergroup['caneditprofiles'] == 0)
3286      {
3287          error_no_permission();
3288      }
3289  
3290      add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser");
3291  
3292      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3293      if(!$perpage || $perpage <= 0)
3294      {
3295          $perpage = $mybb->settings['threadsperpage'];
3296      }
3297      $where = '';
3298  
3299      if(isset($mybb->input['username']))
3300      {
3301          switch($db->type)
3302          {
3303              case 'mysql':
3304              case 'mysqli':
3305                  $field = 'username';
3306                  break;
3307              default:
3308                  $field = 'LOWER(username)';
3309                  break;
3310          }
3311          $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'";
3312      }
3313  
3314      // Sort order & direction
3315      switch($mybb->get_input('sortby'))
3316      {
3317          case "lastvisit":
3318              $sortby = "lastvisit";
3319              break;
3320          case "postnum":
3321              $sortby = "postnum";
3322              break;
3323          case "username":
3324              $sortby = "username";
3325              break;
3326          default:
3327              $sortby = "regdate";
3328      }
3329      $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => '');
3330      $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\"";
3331      $order = $mybb->get_input('order');
3332      if($order != "asc")
3333      {
3334          $order = "desc";
3335      }
3336      $ordersel = array('asc' => '', 'desc' => '');
3337      $ordersel[$order] = " selected=\"selected\"";
3338  
3339      $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}");
3340      $user_count = $db->fetch_field($query, "count");
3341  
3342      // Figure out if we need to display multiple pages.
3343      if($mybb->get_input('page') != "last")
3344      {
3345          $page = $mybb->get_input('page');
3346      }
3347  
3348      $pages = $user_count / $perpage;
3349      $pages = ceil($pages);
3350  
3351      if($mybb->get_input('page') == "last")
3352      {
3353          $page = $pages;
3354      }
3355  
3356      if($page > $pages || $page <= 0)
3357      {
3358          $page = 1;
3359      }
3360      if($page)
3361      {
3362          $start = ($page-1) * $perpage;
3363      }
3364      else
3365      {
3366          $start = 0;
3367          $page = 1;
3368      }
3369  
3370      $page_url = 'modcp.php?action=finduser';
3371      foreach(array('username', 'sortby', 'order') as $field)
3372      {
3373          if(!empty($mybb->input[$field]))
3374          {
3375              $page_url .= "&amp;{$field}=".$mybb->input[$field];
3376          }
3377      }
3378  
3379      $multipage = multipage($user_count, $perpage, $page, $page_url);
3380  
3381      $usergroups_cache = $cache->read("usergroups");
3382  
3383      $plugins->run_hooks("modcp_finduser_start");
3384  
3385      // Fetch out results
3386      $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start));
3387      $users = '';
3388      while($user = $db->fetch_array($query))
3389      {
3390          $alt_row = alt_trow();
3391          $user['username'] = htmlspecialchars_uni($user['username']);
3392          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
3393          $user['postnum'] = my_number_format($user['postnum']);
3394          $regdate = my_date('relative', $user['regdate']);
3395  
3396          if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])
3397          {
3398              $lastdate = $lang->lastvisit_never;
3399  
3400              if($user['lastvisit'])
3401              {
3402                  // We have had at least some active time, hide it instead
3403                  $lastdate = $lang->lastvisit_hidden;
3404              }
3405          }
3406          else
3407          {
3408              $lastdate = my_date('relative', $user['lastvisit']);
3409          }
3410  
3411          $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']);
3412          eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";");
3413      }
3414  
3415      // No results?
3416      if(!$users)
3417      {
3418          eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";");
3419      }
3420  
3421      $plugins->run_hooks("modcp_finduser_end");
3422  
3423      eval("\$finduser = \"".$templates->get("modcp_finduser")."\";");
3424      output_page($finduser);
3425  }
3426  
3427  if($mybb->input['action'] == "warninglogs")
3428  {
3429      if($mybb->usergroup['canviewwarnlogs'] == 0)
3430      {
3431          error_no_permission();
3432      }
3433  
3434      add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs");
3435  
3436      // Filter options
3437      $where_sql = '';
3438      $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY);
3439      $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY);
3440      if(!empty($mybb->input['filter']['username']))
3441      {
3442          $search_user = get_user_by_username($mybb->input['filter']['username']);
3443  
3444          $mybb->input['filter']['uid'] = (int)$search_user['uid'];
3445          $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']);
3446      }
3447      else
3448      {
3449          $mybb->input['filter']['username'] = '';
3450      }
3451      if(!empty($mybb->input['filter']['uid']))
3452      {
3453          $search['uid'] = (int)$mybb->input['filter']['uid'];
3454          $where_sql .= " AND w.uid='{$search['uid']}'";
3455          if(!isset($mybb->input['search']['username']))
3456          {
3457              $user = get_user($mybb->input['search']['uid']);
3458              $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']);
3459          }
3460      }
3461      else
3462      {
3463          $mybb->input['filter']['uid'] = '';
3464      }
3465      if(!empty($mybb->input['filter']['mod_username']))
3466      {
3467          $mod_user = get_user_by_username($mybb->input['filter']['mod_username']);
3468  
3469          $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid'];
3470          $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']);
3471      }
3472      else
3473      {
3474          $mybb->input['filter']['mod_username'] = '';
3475      }
3476      if(!empty($mybb->input['filter']['mod_uid']))
3477      {
3478          $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid'];
3479          $where_sql .= " AND w.issuedby='{$search['mod_uid']}'";
3480          if(!isset($mybb->input['search']['mod_username']))
3481          {
3482              $mod_user = get_user($mybb->input['search']['uid']);
3483              $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']);
3484          }
3485      }
3486      else
3487      {
3488          $mybb->input['filter']['mod_uid'] = '';
3489      }
3490      if(!empty($mybb->input['filter']['reason']))
3491      {
3492          $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']);
3493          $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";
3494          $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']);
3495      }
3496      else
3497      {
3498          $mybb->input['filter']['reason'] = '';
3499      }
3500      $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => '');
3501      if(!isset($mybb->input['filter']['sortby']))
3502      {
3503          $mybb->input['filter']['sortby'] = '';
3504      }
3505      switch($mybb->input['filter']['sortby'])
3506      {
3507          case "username":
3508              $sortby = "u.username";
3509              $sortbysel['username'] = ' selected="selected"';
3510              break;
3511          case "expires":
3512              $sortby = "w.expires";
3513              $sortbysel['expires'] = ' selected="selected"';
3514              break;
3515          case "issuedby":
3516              $sortby = "i.username";
3517              $sortbysel['issuedby'] = ' selected="selected"';
3518              break;
3519          default: // "dateline"
3520              $sortby = "w.dateline";
3521              $sortbysel['dateline'] = ' selected="selected"';
3522      }
3523      if(!isset($mybb->input['filter']['order']))
3524      {
3525          $mybb->input['filter']['order'] = '';
3526      }
3527      $order = $mybb->input['filter']['order'];
3528      $ordersel = array('asc' => '', 'desc' => '');
3529      if($order != "asc")
3530      {
3531          $order = "desc";
3532          $ordersel['desc'] = ' selected="selected"';
3533      }
3534      else
3535      {
3536          $ordersel['asc'] = ' selected="selected"';
3537      }
3538  
3539      $plugins->run_hooks("modcp_warninglogs_start");
3540  
3541      // Pagination stuff
3542      $sql = "
3543          SELECT COUNT(wid) as count
3544          FROM
3545              ".TABLE_PREFIX."warnings w
3546              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3547          WHERE 1=1
3548              {$where_sql}
3549      ";
3550      $query = $db->query($sql);
3551      $total_warnings = $db->fetch_field($query, 'count');
3552      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3553      if($page <= 0)
3554      {
3555          $page = 1;
3556      }
3557      $per_page = 20;
3558      if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0)
3559      {
3560          $per_page = (int)$mybb->input['filter']['per_page'];
3561      }
3562      $start = ($page-1) * $per_page;
3563      // Build the base URL for pagination links
3564      $url = 'modcp.php?action=warninglogs';
3565      if(is_array($mybb->input['filter']) && count($mybb->input['filter']))
3566      {
3567          foreach($mybb->input['filter'] as $field => $value)
3568          {
3569              $value = urlencode($value);
3570              $url .= "&amp;filter[{$field}]={$value}";
3571          }
3572      }
3573      $multipage = multipage($total_warnings, $per_page, $page, $url);
3574  
3575      // The actual query
3576      $sql = "
3577          SELECT
3578              w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby,
3579              t.title,
3580              u.uid, u.username, u.usergroup, u.displaygroup,
3581              i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup
3582          FROM ".TABLE_PREFIX."warnings w
3583              LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid)
3584              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3585              LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby)
3586          WHERE 1=1
3587              {$where_sql}
3588          ORDER BY {$sortby} {$order}
3589          LIMIT {$start}, {$per_page}
3590      ";
3591      $query = $db->query($sql);
3592  
3593  
3594      $warning_list = '';
3595      while($row = $db->fetch_array($query))
3596      {
3597          $trow = alt_trow();
3598          $row['username'] = htmlspecialchars_uni($row['username']);
3599          $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']);
3600          $username_link = build_profile_link($username, $row['uid']);
3601          $row['mod_username'] = htmlspecialchars_uni($row['mod_username']);
3602          $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']);
3603          $mod_username_link = build_profile_link($mod_username, $row['mod_uid']);
3604          $issued_date = my_date('normal', $row['dateline']);
3605          $revoked_text = '';
3606          if($row['daterevoked'] > 0)
3607          {
3608              $revoked_date = my_date('relative', $row['daterevoked']);
3609              eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";");
3610          }
3611          if($row['expires'] > 0)
3612          {
3613              $expire_date = nice_time($row['expires']-TIME_NOW);
3614          }
3615          else
3616          {
3617              $expire_date = $lang->never;
3618          }
3619          $title = $row['title'];
3620          if(empty($row['title']))
3621          {
3622              $title = $row['custom_title'];
3623          }
3624          $title = htmlspecialchars_uni($title);
3625          if($row['points'] >= 0)
3626          {
3627              $points = '+'.$row['points'];
3628          }
3629  
3630          eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";");
3631      }
3632  
3633      if(!$warning_list)
3634      {
3635          eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";");
3636      }
3637  
3638      $plugins->run_hooks("modcp_warninglogs_end");
3639  
3640      eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";");
3641      output_page($warninglogs);
3642  }
3643  
3644  if($mybb->input['action'] == "ipsearch")
3645  {
3646      if($mybb->usergroup['canuseipsearch'] == 0)
3647      {
3648          error_no_permission();
3649      }
3650  
3651      add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch");
3652  
3653      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
3654      if($mybb->input['ipaddress'])
3655      {
3656          if(!is_array($groupscache))
3657          {
3658              $groupscache = $cache->read("usergroups");
3659          }
3660  
3661          $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']);
3662  
3663          $ip_range = fetch_ip_range($mybb->input['ipaddress']);
3664  
3665          $post_results = $user_results = 0;
3666  
3667          // Searching post IP addresses
3668          if(isset($mybb->input['search_posts']))
3669          {
3670              if($ip_range)
3671              {
3672                  if(!is_array($ip_range))
3673                  {
3674                      $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range);
3675                  }
3676                  else
3677                  {
3678                      $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3679                  }
3680              }
3681  
3682              $plugins->run_hooks("modcp_ipsearch_posts_start");
3683  
3684              if($post_ip_sql)
3685              {
3686                  $where_sql = '';
3687  
3688                  $unviewable_forums = get_unviewable_forums(true);
3689  
3690                  if($unviewable_forums)
3691                  {
3692                      $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})";
3693                  }
3694  
3695                  if($inactiveforums)
3696                  {
3697                      $where_sql .= " AND p.fid NOT IN ({$inactiveforums})";
3698                  }
3699  
3700                  // Check group permissions if we can't view threads not started by us
3701                  $onlyusfids = array();
3702                  $group_permissions = forum_permissions();
3703                  foreach($group_permissions as $fid => $forumpermissions)
3704                  {
3705                      if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1)
3706                      {
3707                          $onlyusfids[] = $fid;
3708                      }
3709                  }
3710  
3711                  if(!empty($onlyusfids))
3712                  {
3713                      $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
3714                  }
3715  
3716                  // Moderators can view unapproved/deleted posts
3717                  if($mybb->usergroup['issupermod'] != 1)
3718                  {
3719                      $unapprove_forums = array();
3720                      $deleted_forums = array();
3721                      $visible_sql = " AND (p.visible = 1 AND t.visible = 1)";
3722                      $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
3723                      while($moderator = $db->fetch_array($query))
3724                      {
3725                          if($moderator['canviewunapprove'] == 1)
3726                          {
3727                              $unapprove_forums[] = $moderator['fid'];
3728                          }
3729  
3730                          if($moderator['canviewdeleted'] == 1)
3731                          {
3732                              $deleted_forums[] = $moderator['fid'];
3733                          }
3734                      }
3735  
3736                      if(!empty($unapprove_forums))
3737                      {
3738                          $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
3739                      }
3740                      if(!empty($deleted_forums))
3741                      {
3742                          $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
3743                      }
3744                  }
3745                  else
3746                  {
3747                      // Super moderators (and admins)
3748                      $visible_sql = " AND p.visible >= -1";
3749                  }
3750  
3751                  $query = $db->query("
3752                      SELECT COUNT(p.pid) AS count
3753                      FROM ".TABLE_PREFIX."posts p
3754                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3755                      WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3756                  ");
3757                  $post_results = $db->fetch_field($query, "count");
3758              }
3759          }
3760  
3761          // Searching user IP addresses
3762          if(isset($mybb->input['search_users']))
3763          {
3764              if($ip_range)
3765              {
3766                  if(!is_array($ip_range))
3767                  {
3768                      $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range);
3769                  }
3770                  else
3771                  {
3772                      $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3773                  }
3774              }
3775  
3776              $plugins->run_hooks("modcp_ipsearch_users_start");
3777  
3778              if($user_ip_sql)
3779              {
3780                  $query = $db->simple_select('users', 'COUNT(uid) AS count', $user_ip_sql);
3781  
3782                  $user_results = $db->fetch_field($query, "count");
3783              }
3784          }
3785  
3786          $total_results = $post_results+$user_results;
3787  
3788          if(!$total_results)
3789          {
3790              $total_results = 1;
3791          }
3792  
3793          // Now we have the result counts, paginate
3794          $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3795          if(!$perpage || $perpage <= 0)
3796          {
3797              $perpage = $mybb->settings['threadsperpage'];
3798          }
3799  
3800          // Figure out if we need to display multiple pages.
3801          if($mybb->get_input('page') != "last")
3802          {
3803              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3804          }
3805  
3806          $pages = $total_results / $perpage;
3807          $pages = ceil($pages);
3808  
3809          if($mybb->get_input('page') == "last")
3810          {
3811              $page = $pages;
3812          }
3813  
3814          if($page > $pages || $page <= 0)
3815          {
3816              $page = 1;
3817          }
3818  
3819          if($page)
3820          {
3821              $start = ($page-1) * $perpage;
3822          }
3823          else
3824          {
3825              $start = 0;
3826              $page = 1;
3827          }
3828  
3829