[ Index ]

PHP Cross Reference of MyBB 1.8.19

title

Body

[close]

/ -> modcp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'modcp.php');
  13  
  14  $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation";
  15  $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview";
  16  $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning";
  17  $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info";
  18  $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts";
  19  $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist";
  20  $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link";
  21  $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link";
  22  $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away";
  23  $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link";
  24  $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete";
  25  $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread";
  26  $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active";
  27  $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text";
  28  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit";
  29  $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/functions_upload.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  require_once  MYBB_ROOT."inc/class_parser.php";
  36  $parser = new postParser;
  37  
  38  // Set up the array of ban times.
  39  $bantimes = fetch_ban_times();
  40  
  41  // Load global language phrases
  42  $lang->load("modcp");
  43  $lang->load("announcements");
  44  
  45  if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
  46  {
  47      error_no_permission();
  48  }
  49  
  50  if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
  51  {
  52      $mybb->settings['threadsperpage'] = 20;
  53  }
  54  
  55  $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach =
  56  $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = '';
  57  // SQL for fetching items only related to forums this user moderates
  58  $moderated_forums = array();
  59  if($mybb->usergroup['issupermod'] != 1)
  60  {
  61      $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')");
  62  
  63      $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  64      while($forum = $db->fetch_array($query))
  65      {
  66          // For Announcements
  67          if($forum['canmanageannouncements'] == 1)
  68          {
  69              ++$numannouncements;
  70          }
  71  
  72          // For the Mod Queues
  73          if($forum['canapproveunapprovethreads'] == 1)
  74          {
  75              $flist_queue_threads .= ",'{$forum['fid']}'";
  76  
  77              $children = get_child_list($forum['fid']);
  78              if(!empty($children))
  79              {
  80                  $flist_queue_threads .= ",'".implode("','", $children)."'";
  81              }
  82              ++$nummodqueuethreads;
  83          }
  84  
  85          if($forum['canapproveunapproveposts'] == 1)
  86          {
  87              $flist_queue_posts .= ",'{$forum['fid']}'";
  88  
  89              $children = get_child_list($forum['fid']);
  90              if(!empty($children))
  91              {
  92                  $flist_queue_posts .= ",'".implode("','", $children)."'";
  93              }
  94              ++$nummodqueueposts;
  95          }
  96  
  97          if($forum['canapproveunapproveattachs'] == 1)
  98          {
  99              $flist_queue_attach .= ",'{$forum['fid']}'";
 100  
 101              $children = get_child_list($forum['fid']);
 102              if(!empty($children))
 103              {
 104                  $flist_queue_attach .= ",'".implode("','", $children)."'";
 105              }
 106              ++$nummodqueueattach;
 107          }
 108  
 109          // For Reported posts
 110          if($forum['canmanagereportedposts'] == 1)
 111          {
 112              $flist_reports .= ",'{$forum['fid']}'";
 113  
 114              $children = get_child_list($forum['fid']);
 115              if(!empty($children))
 116              {
 117                  $flist_reports .= ",'".implode("','", $children)."'";
 118              }
 119              ++$numreportedposts;
 120          }
 121  
 122          // For the Mod Log
 123          if($forum['canviewmodlog'] == 1)
 124          {
 125              $flist_modlog .= ",'{$forum['fid']}'";
 126  
 127              $children = get_child_list($forum['fid']);
 128              if(!empty($children))
 129              {
 130                  $flist_modlog .= ",'".implode("','", $children)."'";
 131              }
 132              ++$nummodlogs;
 133          }
 134  
 135          $flist .= ",'{$forum['fid']}'";
 136  
 137          $children = get_child_list($forum['fid']);
 138          if(!empty($children))
 139          {
 140              $flist .= ",'".implode("','", $children)."'";
 141          }
 142          $moderated_forums[] = $forum['fid'];
 143      }
 144      if($flist_queue_threads)
 145      {
 146          $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})";
 147          $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})";
 148      }
 149      if($flist_queue_posts)
 150      {
 151          $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})";
 152          $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})";
 153      }
 154      if($flist_queue_attach)
 155      {
 156          $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})";
 157          $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})";
 158      }
 159      if($flist_reports)
 160      {
 161          $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})";
 162          $tflist_reports = " AND r.id3 IN (0{$flist_reports})";
 163          $flist_reports = " AND id3 IN (0{$flist_reports})";
 164      }
 165      if($flist_modlog)
 166      {
 167          $tflist_modlog = " AND t.fid IN (0{$flist_modlog})";
 168          $flist_modlog = " AND fid IN (0{$flist_modlog})";
 169      }
 170      if($flist)
 171      {
 172          $tflist = " AND t.fid IN (0{$flist})";
 173          $flist = " AND fid IN (0{$flist})";
 174      }
 175  }
 176  
 177  // Retrieve a list of unviewable forums
 178  $unviewableforums = get_unviewable_forums();
 179  $inactiveforums = get_inactive_forums();
 180  $unviewablefids1 = $unviewablefids2 = array();
 181  
 182  if($unviewableforums)
 183  {
 184      $flist .= " AND fid NOT IN ({$unviewableforums})";
 185      $tflist .= " AND t.fid NOT IN ({$unviewableforums})";
 186  
 187      $unviewablefids1 = explode(',', $unviewableforums);
 188  }
 189  
 190  if($inactiveforums)
 191  {
 192      $flist .= " AND fid NOT IN ({$inactiveforums})";
 193      $tflist .= " AND t.fid NOT IN ({$inactiveforums})";
 194  
 195      $unviewablefids2 = explode(',', $inactiveforums);
 196  }
 197  
 198  $unviewableforums = array_merge($unviewablefids1, $unviewablefids2);
 199  
 200  if(!isset($collapsedimg['modcpforums']))
 201  {
 202      $collapsedimg['modcpforums'] = '';
 203  }
 204  
 205  if(!isset($collapsed['modcpforums_e']))
 206  {
 207      $collapsed['modcpforums_e'] = '';
 208  }
 209  
 210  if(!isset($collapsedimg['modcpusers']))
 211  {
 212      $collapsedimg['modcpusers'] = '';
 213  }
 214  
 215  if(!isset($collapsed['modcpusers_e']))
 216  {
 217      $collapsed['modcpusers_e'] = '';
 218  }
 219  
 220  // Fetch the Mod CP menu
 221  $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = '';
 222  if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1)
 223  {
 224      eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";");
 225  }
 226  
 227  if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1)
 228  {
 229      eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";");
 230  }
 231  
 232  if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1)
 233  {
 234      eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";");
 235  }
 236  
 237  if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1)
 238  {
 239      eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";");
 240  }
 241  
 242  if($mybb->usergroup['caneditprofiles'] == 1)
 243  {
 244      eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";");
 245  }
 246  
 247  if($mybb->usergroup['canbanusers'] == 1)
 248  {
 249      eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";");
 250  }
 251  
 252  if($mybb->usergroup['canviewwarnlogs'] == 1)
 253  {
 254      eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";");
 255  }
 256  
 257  if($mybb->usergroup['canuseipsearch'] == 1)
 258  {
 259      eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";");
 260  }
 261  
 262  $plugins->run_hooks("modcp_nav");
 263  
 264  if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs))
 265  {
 266      $expaltext = (in_array("modcpforums", $collapse)) ? "[+]" : "[-]";
 267      eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";");
 268  }
 269  
 270  if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch))
 271  {
 272      $expaltext = (in_array("modcpusers", $collapse)) ? "[+]" : "[-]";
 273      eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";");
 274  }
 275  
 276  eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";");
 277  
 278  $plugins->run_hooks("modcp_start");
 279  
 280  // Make navigation
 281  add_breadcrumb($lang->nav_modcp, "modcp.php");
 282  
 283  $mybb->input['action'] = $mybb->get_input('action');
 284  if($mybb->input['action'] == "do_reports")
 285  {
 286      // Verify incoming POST request
 287      verify_post_check($mybb->get_input('my_post_key'));
 288  
 289      $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY);
 290      if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports']))
 291      {
 292          error($lang->error_noselected_reports);
 293      }
 294  
 295      $message = $lang->redirect_reportsmarked;
 296  
 297      if(isset($mybb->cookies['inlinereports']))
 298      {
 299          if($mybb->cookies['inlinereports'] == '|ALL|') {
 300              $message = $lang->redirect_allreportsmarked;
 301              $sql = "1=1";
 302              if(isset($mybb->cookies['inlinereports_removed']))
 303              {
 304                  $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']);
 305                  $reports = array_map("intval", $inlinereportremovedlist);
 306                  $rids = implode("','", $reports);
 307                  $sql = "rid NOT IN ('0','{$rids}')";
 308              }
 309          }
 310          else
 311          {
 312              $inlinereportlist = explode("|", $mybb->cookies['inlinereports']);
 313              $reports = array_map("intval", $inlinereportlist);
 314  
 315              if(!count($reports))
 316              {
 317                  error($lang->error_noselected_reports);
 318              }
 319  
 320              $rids = implode("','", $reports);
 321  
 322              $sql = "rid IN ('0','{$rids}')";
 323          }
 324      }
 325      else
 326      {
 327          $mybb->input['reports'] = array_map("intval", $mybb->input['reports']);
 328          $rids = implode("','", $mybb->input['reports']);
 329  
 330          $sql = "rid IN ('0','{$rids}')";
 331      }
 332  
 333      $plugins->run_hooks("modcp_do_reports");
 334  
 335      $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}");
 336      $cache->update_reportedcontent();
 337  
 338      my_unsetcookie('inlinereports');
 339      my_unsetcookie('inlinereports_removed');
 340  
 341      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 342  
 343      redirect("modcp.php?action=reports&page={$page}", $message);
 344  }
 345  
 346  if($mybb->input['action'] == "reports")
 347  {
 348      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 349      {
 350          error_no_permission();
 351      }
 352  
 353      if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1)
 354      {
 355          error($lang->you_cannot_view_reported_posts);
 356      }
 357  
 358      $lang->load('report');
 359      add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports");
 360  
 361      $perpage = $mybb->settings['threadsperpage'];
 362      if(!$perpage)
 363      {
 364          $perpage = 20;
 365      }
 366  
 367      // Multipage
 368      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 369      {
 370          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'");
 371          $report_count = $db->fetch_field($query, "count");
 372      }
 373      else
 374      {
 375          $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')");
 376  
 377          $report_count = 0;
 378          while($fid = $db->fetch_field($query, 'id3'))
 379          {
 380              if(is_moderator($fid, "canmanagereportedposts"))
 381              {
 382                  ++$report_count;
 383              }
 384          }
 385          unset($fid);
 386      }
 387  
 388      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 389  
 390      $postcount = (int)$report_count;
 391      $pages = $postcount / $perpage;
 392      $pages = ceil($pages);
 393  
 394      if($page > $pages || $page <= 0)
 395      {
 396          $page = 1;
 397      }
 398  
 399      if($page && $page > 0)
 400      {
 401          $start = ($page-1) * $perpage;
 402      }
 403      else
 404      {
 405          $start = 0;
 406          $page = 1;
 407      }
 408  
 409      $multipage = $reportspages = '';
 410      if($postcount > $perpage)
 411      {
 412          $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports");
 413          eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 414      }
 415  
 416      $plugins->run_hooks("modcp_reports_start");
 417  
 418      // Reports
 419      $reports = '';
 420      $query = $db->query("
 421          SELECT r.*, u.username, rr.title
 422          FROM ".TABLE_PREFIX."reportedcontent r
 423          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid)
 424          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 425          WHERE r.reportstatus = '0'{$tflist_reports}
 426          ORDER BY r.reports DESC
 427          LIMIT {$start}, {$perpage}
 428      ");
 429  
 430      if(!$db->num_rows($query))
 431      {
 432          // No unread reports
 433          eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";");
 434      }
 435      else
 436      {
 437          $reportedcontent = $cache->read("reportedcontent");
 438          $reportcache = $usercache = $postcache = array();
 439  
 440          while($report = $db->fetch_array($query))
 441          {
 442              if($report['type'] == 'profile' || $report['type'] == 'reputation')
 443              {
 444                  // Profile UID is in ID
 445                  if(!isset($usercache[$report['id']]))
 446                  {
 447                      $usercache[$report['id']] = $report['id'];
 448                  }
 449  
 450                  // Reputation comment? The offender is the ID2
 451                  if($report['type'] == 'reputation')
 452                  {
 453                      if(!isset($usercache[$report['id2']]))
 454                      {
 455                          $usercache[$report['id2']] = $report['id2'];
 456                      }
 457                      if(!isset($usercache[$report['id3']]))
 458                      {
 459                          // The user who was offended
 460                          $usercache[$report['id3']] = $report['id3'];
 461                      }
 462                  }
 463              }
 464              else if(!$report['type'] || $report['type'] == 'post')
 465              {
 466                  // This (should) be a post
 467                  $postcache[$report['id']] = $report['id'];
 468              }
 469  
 470              // Lastpost info - is it missing (pre-1.8)?
 471              $lastposter = $report['uid'];
 472              if(!$report['lastreport'])
 473              {
 474                  // Last reporter is our first reporter
 475                  $report['lastreport'] = $report['dateline'];
 476              }
 477  
 478              if($report['reporters'])
 479              {
 480                  $reporters = my_unserialize($report['reporters']);
 481  
 482                  if(is_array($reporters))
 483                  {
 484                      $lastposter = end($reporters);
 485                  }
 486              }
 487  
 488              if(!isset($usercache[$lastposter]))
 489              {
 490                  $usercache[$lastposter] = $lastposter;
 491              }
 492  
 493              $report['lastreporter'] = $lastposter;
 494              $reportcache[] = $report;
 495          }
 496  
 497          // Report Center gets messy
 498          // Find information about our users (because we don't log it when they file a report)
 499          if(!empty($usercache))
 500          {
 501              $sql = implode(',', array_keys($usercache));
 502              $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})");
 503  
 504              while($user = $db->fetch_array($query))
 505              {
 506                  $usercache[$user['uid']] = $user;
 507              }
 508          }
 509  
 510          // Messy * 2
 511          // Find out post information for our reported posts
 512          if(!empty($postcache))
 513          {
 514              $sql = implode(',', array_keys($postcache));
 515              $query = $db->query("
 516                  SELECT p.pid, p.uid, p.username, p.tid, t.subject
 517                  FROM ".TABLE_PREFIX."posts p
 518                  LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid)
 519                  WHERE p.pid IN ({$sql})
 520              ");
 521  
 522              while($post = $db->fetch_array($query))
 523              {
 524                  $postcache[$post['pid']] = $post;
 525              }
 526          }
 527  
 528          $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache));
 529          $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count);
 530          $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count);
 531          eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";");
 532  
 533          $plugins->run_hooks('modcp_reports_intermediate');
 534  
 535          $inlinecount = 0;
 536          // Now that we have all of the information needed, display the reports
 537          foreach($reportcache as $report)
 538          {
 539              $trow = alt_trow();
 540  
 541              if(!$report['type'])
 542              {
 543                  // Assume a post
 544                  $report['type'] = 'post';
 545              }
 546  
 547              // Report Information
 548              $report_data = array();
 549  
 550              switch($report['type'])
 551              {
 552                  case 'post':
 553                      $post = get_post_link($report['id'])."#pid{$report['id']}";
 554                      $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']);
 555                      $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 556  
 557                      $thread_link = get_thread_link($postcache[$report['id']]['tid']);
 558                      $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject']));
 559                      $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 560  
 561                      break;
 562                  case 'profile':
 563                      $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']);
 564                      $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 565                      break;
 566                  case 'reputation':
 567                      $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}";
 568                      $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']);
 569                      $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user);
 570  
 571                      $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']);
 572                      $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user);
 573                      break;
 574              }
 575  
 576              // Report reason and comment
 577              if($report['reasonid'] > 0)
 578              {
 579                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 580  
 581                  if(empty($report['reason']))
 582                  {
 583                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 584                  }
 585                  else
 586                  {
 587                      $comment = htmlspecialchars_uni($report['reason']);
 588                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 589                  }
 590              }
 591              else
 592              {
 593                  $report_data['comment'] = $lang->na;
 594              }
 595  
 596              $report_reports = 1;
 597              if($report['reports'])
 598              {
 599                  $report_data['reports'] = my_number_format($report['reports']);
 600              }
 601  
 602              if($report['lastreporter'])
 603              {
 604                  if(is_array($usercache[$report['lastreporter']]))
 605                  {
 606                      $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']);
 607                  }
 608                  elseif($usercache[$report['lastreporter']] > 0)
 609                  {
 610                      $lastreport_user = htmlspecialchars_uni($lang->na_deleted);
 611                  }
 612  
 613                  $lastreport_date = my_date('relative', $report['lastreport']);
 614                  $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user);
 615              }
 616  
 617              $inlinecheck = '';
 618              if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false)
 619              {
 620                  $inlinecheck = " checked=\"checked\"";
 621                  ++$inlinecount;
 622              }
 623  
 624              $plugins->run_hooks("modcp_reports_report");
 625              eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";");
 626          }
 627      }
 628  
 629      $plugins->run_hooks("modcp_reports_end");
 630  
 631      eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";");
 632      output_page($reportedcontent);
 633  }
 634  
 635  if($mybb->input['action'] == "allreports")
 636  {
 637      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 638      {
 639          error_no_permission();
 640      }
 641  
 642      $lang->load('report');
 643  
 644      add_breadcrumb($lang->report_center, "modcp.php?action=reports");
 645      add_breadcrumb($lang->all_reports, "modcp.php?action=allreports");
 646  
 647      if(!$mybb->settings['threadsperpage'])
 648      {
 649          $mybb->settings['threadsperpage'] = 20;
 650      }
 651  
 652      // Figure out if we need to display multiple pages.
 653      $perpage = $mybb->settings['threadsperpage'];
 654      if($mybb->get_input('page') != "last")
 655      {
 656          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 657      }
 658  
 659      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 660      {
 661          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count");
 662          $report_count = $db->fetch_field($query, "count");
 663      }
 664      else
 665      {
 666          $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''");
 667  
 668          $report_count = 0;
 669          while($fid = $db->fetch_field($query, 'id3'))
 670          {
 671              if(is_moderator($fid, "canmanagereportedposts"))
 672              {
 673                  ++$report_count;
 674              }
 675          }
 676          unset($fid);
 677      }
 678  
 679      if(isset($mybb->input['rid']))
 680      {
 681          $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT);
 682          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'");
 683          $result = $db->fetch_field($query, "count");
 684          if(($result % $perpage) == 0)
 685          {
 686              $page = $result / $perpage;
 687          }
 688          else
 689          {
 690              $page = (int)$result / $perpage + 1;
 691          }
 692      }
 693      $postcount = (int)$report_count;
 694      $pages = $postcount / $perpage;
 695      $pages = ceil($pages);
 696  
 697      if($mybb->get_input('page') == "last")
 698      {
 699          $page = $pages;
 700      }
 701  
 702      if($page > $pages || $page <= 0)
 703      {
 704          $page = 1;
 705      }
 706  
 707      if($page)
 708      {
 709          $start = ($page-1) * $perpage;
 710      }
 711      else
 712      {
 713          $start = 0;
 714          $page = 1;
 715      }
 716      $upper = $start+$perpage;
 717  
 718      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
 719      $allreportspages = '';
 720      if($postcount > $perpage)
 721      {
 722          eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 723      }
 724  
 725      $plugins->run_hooks("modcp_allreports_start");
 726  
 727      $query = $db->query("
 728          SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title
 729          FROM ".TABLE_PREFIX."reportedcontent r
 730          LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid)
 731          LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)
 732          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
 733          LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
 734          LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id)
 735          LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2)
 736          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 737          {$wflist_reports}
 738          ORDER BY r.dateline DESC
 739          LIMIT {$start}, {$perpage}
 740      ");
 741  
 742      $allreports = '';
 743      if(!$db->num_rows($query))
 744      {
 745          eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";");
 746      }
 747      else
 748      {
 749          while($report = $db->fetch_array($query))
 750          {
 751              $trow = alt_trow();
 752  
 753              if($report['type'] == 'post')
 754              {
 755                  $post = get_post_link($report['id'])."#pid{$report['id']}";
 756                  $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']);
 757                  $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 758  
 759                  $thread_link = get_thread_link($report['id2']);
 760                  $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject']));
 761                  $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 762              }
 763              else if($report['type'] == 'profile')
 764              {
 765                  $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']);
 766                  $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 767              }
 768              else if($report['type'] == 'reputation')
 769              {
 770                  $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']);
 771                  $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}";
 772                  $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user);
 773              }
 774  
 775              // Report reason and comment
 776              if($report['reasonid'] > 0)
 777              {
 778                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 779  
 780                  if(empty($report['reason']))
 781                  {
 782                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 783                  }
 784                  else
 785                  {
 786                      $comment = htmlspecialchars_uni($report['reason']);
 787                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 788                  }
 789              }
 790              else
 791              {
 792                  $report_data['comment'] = $lang->na;
 793              }
 794  
 795              $report['reporterlink'] = get_profile_link($report['uid']);
 796              if(!$report['username'])
 797              {
 798                  $report['username'] = $lang->na_deleted;
 799                  $report['reporterlink'] = $post;
 800              }
 801              $report['username'] = htmlspecialchars_uni($report['username']);
 802  
 803              $report_data['reports'] = my_number_format($report['reports']);
 804              $report_data['time'] = my_date('relative', $report['dateline']);
 805  
 806              $plugins->run_hooks("modcp_allreports_report");
 807              eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";");
 808          }
 809      }
 810  
 811      $plugins->run_hooks("modcp_allreports_end");
 812  
 813      eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";");
 814      output_page($allreportedcontent);
 815  }
 816  
 817  if($mybb->input['action'] == "modlogs")
 818  {
 819      if($mybb->usergroup['canviewmodlogs'] == 0)
 820      {
 821          error_no_permission();
 822      }
 823  
 824      if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1)
 825      {
 826          error($lang->you_cannot_view_mod_logs);
 827      }
 828  
 829      add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");
 830  
 831      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
 832      if(!$perpage || $perpage <= 0)
 833      {
 834          $perpage = $mybb->settings['threadsperpage'];
 835      }
 836  
 837      $where = '';
 838  
 839      // Searching for entries by a particular user
 840      if($mybb->get_input('uid', MyBB::INPUT_INT))
 841      {
 842          $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
 843      }
 844  
 845      // Searching for entries in a specific forum
 846      if($mybb->get_input('fid', MyBB::INPUT_INT))
 847      {
 848          $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
 849      }
 850  
 851      $mybb->input['sortby'] = $mybb->get_input('sortby');
 852  
 853      // Order?
 854      switch($mybb->input['sortby'])
 855      {
 856          case "username":
 857              $sortby = "u.username";
 858              break;
 859          case "forum":
 860              $sortby = "f.name";
 861              break;
 862          case "thread":
 863              $sortby = "t.subject";
 864              break;
 865          default:
 866              $sortby = "l.dateline";
 867      }
 868      $order = $mybb->get_input('order');
 869      if($order != "asc")
 870      {
 871          $order = "desc";
 872      }
 873  
 874      $plugins->run_hooks("modcp_modlogs_start");
 875  
 876      $query = $db->query("
 877          SELECT COUNT(l.dateline) AS count
 878          FROM ".TABLE_PREFIX."moderatorlog l
 879          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 880          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 881          WHERE 1=1 {$where}{$tflist_modlog}
 882      ");
 883      $rescount = $db->fetch_field($query, "count");
 884  
 885      // Figure out if we need to display multiple pages.
 886      if($mybb->get_input('page') != "last")
 887      {
 888          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 889      }
 890  
 891      $postcount = (int)$rescount;
 892      $pages = $postcount / $perpage;
 893      $pages = ceil($pages);
 894  
 895      if($mybb->get_input('page') == "last")
 896      {
 897          $page = $pages;
 898      }
 899  
 900      if($page > $pages || $page <= 0)
 901      {
 902          $page = 1;
 903      }
 904  
 905      if($page)
 906      {
 907          $start = ($page-1) * $perpage;
 908      }
 909      else
 910      {
 911          $start = 0;
 912          $page = 1;
 913      }
 914  
 915      $page_url = 'modcp.php?action=modlogs&amp;perpage='.$perpage;
 916      foreach(array('uid', 'fid') as $field)
 917      {
 918          $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT);
 919          if(!empty($mybb->input[$field]))
 920          {
 921              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 922          }
 923      }
 924      foreach(array('sortby', 'order') as $field)
 925      {
 926          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
 927          if(!empty($mybb->input[$field]))
 928          {
 929              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 930          }
 931      }
 932  
 933      $multipage = multipage($postcount, $perpage, $page, $page_url);
 934      $resultspages = '';
 935      if($postcount > $perpage)
 936      {
 937          eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");
 938      }
 939      $query = $db->query("
 940          SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
 941          FROM ".TABLE_PREFIX."moderatorlog l
 942          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 943          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 944          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
 945          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
 946          WHERE 1=1 {$where}{$tflist_modlog}
 947          ORDER BY {$sortby} {$order}
 948          LIMIT {$start}, {$perpage}
 949      ");
 950      $results = '';
 951      while($logitem = $db->fetch_array($query))
 952      {
 953          $information = '';
 954          $logitem['action'] = htmlspecialchars_uni($logitem['action']);
 955          $log_date = my_date('relative', $logitem['dateline']);
 956          $trow = alt_trow();
 957          if($logitem['username'])
 958          {
 959              $logitem['username'] = htmlspecialchars_uni($logitem['username']);
 960              $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
 961              $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
 962          }
 963          else
 964          {
 965              $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted);
 966          }
 967          $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress']));
 968  
 969          if($logitem['tsubject'])
 970          {
 971              $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject']));
 972              $logitem['thread'] = get_thread_link($logitem['tid']);
 973              eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";");
 974          }
 975          if($logitem['fname'])
 976          {
 977              $logitem['forum'] = get_forum_link($logitem['fid']);
 978              eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";");
 979          }
 980          if($logitem['psubject'])
 981          {
 982              $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject']));
 983              $logitem['post'] = get_post_link($logitem['pid']);
 984              eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";");
 985          }
 986  
 987          // Edited a user or managed announcement?
 988          if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
 989          {
 990              $data = my_unserialize($logitem['data']);
 991              if(!empty($data['uid']))
 992              {
 993                  $data['username'] = htmlspecialchars_uni($data['username']);
 994                  $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
 995              }
 996              if(!empty($data['aid']))
 997              {
 998                  $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject']));
 999                  $data['announcement'] = get_announcement_link($data['aid']);
1000                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";");
1001              }
1002          }
1003  
1004          $plugins->run_hooks("modcp_modlogs_result");
1005  
1006          eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");
1007      }
1008  
1009      if(!$results)
1010      {
1011          eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");
1012      }
1013  
1014      $plugins->run_hooks("modcp_modlogs_filter");
1015  
1016      // Fetch filter options
1017      $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => '');
1018      $sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";
1019      $ordersel = array('asc' => '', 'desc' => '');
1020      $ordersel[$order] = "selected=\"selected\"";
1021      $user_options = '';
1022      $query = $db->query("
1023          SELECT DISTINCT l.uid, u.username
1024          FROM ".TABLE_PREFIX."moderatorlog l
1025          LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid)
1026          ORDER BY u.username ASC
1027      ");
1028      while($user = $db->fetch_array($query))
1029      {
1030          // Deleted Users
1031          if(!$user['username'])
1032          {
1033              $user['username'] = $lang->na_deleted;
1034          }
1035  
1036          $selected = '';
1037          if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid'])
1038          {
1039              $selected = " selected=\"selected\"";
1040          }
1041  
1042          $user['username'] = htmlspecialchars_uni($user['username']);
1043          eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";");
1044      }
1045  
1046      $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid");
1047  
1048      eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";");
1049      output_page($modlogs);
1050  }
1051  
1052  if($mybb->input['action'] == "do_delete_announcement")
1053  {
1054      verify_post_check($mybb->get_input('my_post_key'));
1055  
1056      if($mybb->usergroup['canmanageannounce'] == 0)
1057      {
1058          error_no_permission();
1059      }
1060  
1061      $aid = $mybb->get_input('aid');
1062      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1063      $announcement = $db->fetch_array($query);
1064  
1065      if(!$announcement)
1066      {
1067          error($lang->error_invalid_announcement);
1068      }
1069      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1070      {
1071          error_no_permission();
1072      }
1073  
1074      $plugins->run_hooks("modcp_do_delete_announcement");
1075  
1076      $db->delete_query("announcements", "aid='{$aid}'");
1077      log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted);
1078      $cache->update_forumsdisplay();
1079  
1080      redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);
1081  }
1082  
1083  if($mybb->input['action'] == "delete_announcement")
1084  {
1085      if($mybb->usergroup['canmanageannounce'] == 0)
1086      {
1087          error_no_permission();
1088      }
1089  
1090      $aid = $mybb->get_input('aid');
1091      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1092  
1093      $announcement = $db->fetch_array($query);
1094      $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1095  
1096      if(!$announcement)
1097      {
1098          error($lang->error_invalid_announcement);
1099      }
1100  
1101      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1102      {
1103          error_no_permission();
1104      }
1105  
1106      $plugins->run_hooks("modcp_delete_announcement");
1107  
1108      eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
1109      output_page($announcements);
1110  }
1111  
1112  if($mybb->input['action'] == "do_new_announcement")
1113  {
1114      verify_post_check($mybb->get_input('my_post_key'));
1115  
1116      if($mybb->usergroup['canmanageannounce'] == 0)
1117      {
1118          error_no_permission();
1119      }
1120  
1121      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1122      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1123      {
1124          error_no_permission();
1125      }
1126  
1127      $errors = array();
1128  
1129      $mybb->input['title'] = $mybb->get_input('title');
1130      if(!trim($mybb->input['title']))
1131      {
1132          $errors[] = $lang->error_missing_title;
1133      }
1134  
1135      $mybb->input['message'] = $mybb->get_input('message');
1136      if(!trim($mybb->input['message']))
1137      {
1138          $errors[] = $lang->error_missing_message;
1139      }
1140  
1141      if(!$announcement_fid)
1142      {
1143          $errors[] = $lang->error_missing_forum;
1144      }
1145  
1146      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1147      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1148      $startdate = @explode(" ", $mybb->input['starttime_time']);
1149      $startdate = @explode(":", $startdate[0]);
1150      $enddate = @explode(" ", $mybb->input['endtime_time']);
1151      $enddate = @explode(":", $enddate[0]);
1152  
1153      if(stristr($mybb->input['starttime_time'], "pm"))
1154      {
1155          $startdate[0] = 12+$startdate[0];
1156          if($startdate[0] >= 24)
1157          {
1158              $startdate[0] = "00";
1159          }
1160      }
1161  
1162      if(stristr($mybb->input['endtime_time'], "pm"))
1163      {
1164          $enddate[0] = 12+$enddate[0];
1165          if($enddate[0] >= 24)
1166          {
1167              $enddate[0] = "00";
1168          }
1169      }
1170  
1171      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1172      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1173      if(!in_array($mybb->input['starttime_month'], $months))
1174      {
1175          $mybb->input['starttime_month'] = '01';
1176      }
1177  
1178      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1179  
1180      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1181      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1182      {
1183          $errors[] = $lang->error_invalid_start_date;
1184      }
1185  
1186      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2)
1187      {
1188          $enddate = '0';
1189          $mybb->input['endtime_month'] = '01';
1190      }
1191      else
1192      {
1193          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1194          if(!in_array($mybb->input['endtime_month'], $months))
1195          {
1196              $mybb->input['endtime_month'] = '01';
1197          }
1198          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1199          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1200          {
1201              $errors[] = $lang->error_invalid_end_date;
1202          }
1203  
1204          if($enddate <= $startdate)
1205          {
1206              $errors[] = $lang->error_end_before_start;
1207          }
1208      }
1209  
1210      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1211      {
1212          $allowhtml = 1;
1213      }
1214      else
1215      {
1216          $allowhtml = 0;
1217      }
1218      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1219      {
1220          $allowmycode = 1;
1221      }
1222      else
1223      {
1224          $allowmycode = 0;
1225      }
1226      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1227      {
1228          $allowsmilies = 1;
1229      }
1230      else
1231      {
1232          $allowsmilies = 0;
1233      }
1234  
1235      $plugins->run_hooks("modcp_do_new_announcement_start");
1236  
1237      if(!$errors)
1238      {
1239          if(isset($mybb->input['preview']))
1240          {
1241              $preview = array();
1242              $mybb->input['action'] = 'new_announcement';
1243          }
1244          else
1245          {
1246              $insert_announcement = array(
1247                  'fid' => $announcement_fid,
1248                  'uid' => $mybb->user['uid'],
1249                  'subject' => $db->escape_string($mybb->input['title']),
1250                  'message' => $db->escape_string($mybb->input['message']),
1251                  'startdate' => $startdate,
1252                  'enddate' => $enddate,
1253                  'allowhtml' => $allowhtml,
1254                  'allowmycode' => $allowmycode,
1255                  'allowsmilies' => $allowsmilies
1256              );
1257              $aid = $db->insert_query("announcements", $insert_announcement);
1258  
1259              log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added);
1260  
1261              $plugins->run_hooks("modcp_do_new_announcement_end");
1262  
1263              $cache->update_forumsdisplay();
1264              redirect("modcp.php?action=announcements", $lang->redirect_add_announcement);
1265          }
1266      }
1267      else
1268      {
1269          $mybb->input['action'] = 'new_announcement';
1270      }
1271  }
1272  
1273  if($mybb->input['action'] == "new_announcement")
1274  {
1275      if($mybb->usergroup['canmanageannounce'] == 0)
1276      {
1277          error_no_permission();
1278      }
1279  
1280      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1281      add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements");
1282  
1283      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1284  
1285      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1286      {
1287          error_no_permission();
1288      }
1289  
1290      // Deal with inline errors
1291      if(!empty($errors) || isset($preview))
1292      {
1293          if(!empty($errors))
1294          {
1295              $errors = inline_error($errors);
1296          }
1297          else
1298          {
1299              $errors = '';
1300          }
1301  
1302          // Set $announcement to input stuff
1303          $announcement['subject'] = $mybb->input['title'];
1304          $announcement['message'] = $mybb->input['message'];
1305          $announcement['allowhtml'] = $allowhtml;
1306          $announcement['allowmycode'] = $allowmycode;
1307          $announcement['allowsmilies'] = $allowsmilies;
1308  
1309          $startmonth = $mybb->input['starttime_month'];
1310          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1311          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1312          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1313          $endmonth = $mybb->input['endtime_month'];
1314          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1315          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1316          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1317      }
1318      else
1319      {
1320          $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1321  
1322          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1323          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1324          $startday = $endday = gmdate("j", $localized_time);
1325          $startmonth = $endmonth = gmdate("m", $localized_time);
1326          $startdateyear = gmdate("Y", $localized_time);
1327  
1328          $announcement = array(
1329              'subject' => '',
1330              'message' => '',
1331              'allowhtml' => 0,
1332              'allowmycode' => 1,
1333              'allowsmilies' => 1
1334              );
1335  
1336          $enddateyear = $startdateyear+1;
1337      }
1338  
1339      // Generate form elements
1340      $startdateday = $enddateday = '';
1341      for($day = 1; $day <= 31; ++$day)
1342      {
1343          if($startday == $day)
1344          {
1345              $selected = " selected=\"selected\"";
1346              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1347          }
1348          else
1349          {
1350              $selected = '';
1351              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1352          }
1353  
1354          if($endday == $day)
1355          {
1356              $selected = " selected=\"selected\"";
1357              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1358          }
1359          else
1360          {
1361              $selected = '';
1362              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1363          }
1364      }
1365  
1366      $startmonthsel = $endmonthsel = array();
1367      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1368      {
1369          $startmonthsel[$month] = '';
1370          $endmonthsel[$month] = '';
1371      }
1372      $startmonthsel[$startmonth] = "selected=\"selected\"";
1373      $endmonthsel[$endmonth] = "selected=\"selected\"";
1374  
1375      $startdatemonth = $enddatemonth = '';
1376  
1377      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1378      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1379  
1380      $title = htmlspecialchars_uni($announcement['subject']);
1381      $message = htmlspecialchars_uni($announcement['message']);
1382  
1383      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1384  
1385      if($mybb->settings['announcementshtml'])
1386      {
1387          if($announcement['allowhtml'])
1388          {
1389              $html_sel['yes'] = ' checked="checked"';
1390          }
1391          else
1392          {
1393              $html_sel['no'] = ' checked="checked"';
1394          }
1395  
1396          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1397      }
1398      else
1399      {
1400          $allow_html = '';
1401      }
1402  
1403      if($announcement['allowmycode'])
1404      {
1405          $mycode_sel['yes'] = ' checked="checked"';
1406      }
1407      else
1408      {
1409          $mycode_sel['no'] = ' checked="checked"';
1410      }
1411  
1412      if($announcement['allowsmilies'])
1413      {
1414          $smilies_sel['yes'] = ' checked="checked"';
1415      }
1416      else
1417      {
1418          $smilies_sel['no'] = ' checked="checked"';
1419      }
1420  
1421      $end_type_sel = array('infinite' => '', 'finite' => '');
1422      if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2)
1423      {
1424          $end_type_sel['infinite'] = ' checked="checked"';
1425      }
1426      else
1427      {
1428          $end_type_sel['finite'] = ' checked="checked"';
1429      }
1430  
1431      // MyCode editor
1432      $codebuttons = build_mycode_inserter();
1433      $smilieinserter = build_clickable_smilies();
1434  
1435      if(isset($preview))
1436      {
1437          $announcementarray = array(
1438              'aid' => 0,
1439              'fid' => $announcement_fid,
1440              'uid' => $mybb->user['uid'],
1441              'subject' => $mybb->input['title'],
1442              'message' => $mybb->input['message'],
1443              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1444              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1445              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1446              'dateline' => TIME_NOW,
1447              'userusername' => $mybb->user['username'],
1448          );
1449  
1450          $array = $mybb->user;
1451          foreach($array as $key => $element)
1452          {
1453              $announcementarray[$key] = $element;
1454          }
1455  
1456          // Gather usergroup data from the cache
1457          // Field => Array Key
1458          $data_key = array(
1459              'title' => 'grouptitle',
1460              'usertitle' => 'groupusertitle',
1461              'stars' => 'groupstars',
1462              'starimage' => 'groupstarimage',
1463              'image' => 'groupimage',
1464              'namestyle' => 'namestyle',
1465              'usereputationsystem' => 'usereputationsystem'
1466          );
1467  
1468          foreach($data_key as $field => $key)
1469          {
1470              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1471          }
1472  
1473          require_once  MYBB_ROOT."inc/functions_post.php";
1474          $postbit = build_postbit($announcementarray, 3);
1475          eval("\$preview = \"".$templates->get("previewpost")."\";");
1476      }
1477      else
1478      {
1479          $preview = '';
1480      }
1481  
1482      $plugins->run_hooks("modcp_new_announcement");
1483  
1484      eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";");
1485      output_page($announcements);
1486  }
1487  
1488  if($mybb->input['action'] == "do_edit_announcement")
1489  {
1490      verify_post_check($mybb->get_input('my_post_key'));
1491  
1492      if($mybb->usergroup['canmanageannounce'] == 0)
1493      {
1494          error_no_permission();
1495      }
1496  
1497      // Get the announcement
1498      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1499      $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1500      $announcement = $db->fetch_array($query);
1501  
1502      // Check that it exists
1503      if(!$announcement)
1504      {
1505          error($lang->error_invalid_announcement);
1506      }
1507  
1508      // Mod has permissions to edit this announcement
1509      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1510      {
1511          error_no_permission();
1512      }
1513  
1514      $errors = array();
1515  
1516      // Basic error checking
1517      $mybb->input['title'] = $mybb->get_input('title');
1518      if(!trim($mybb->input['title']))
1519      {
1520          $errors[] = $lang->error_missing_title;
1521      }
1522  
1523      $mybb->input['message'] = $mybb->get_input('message');
1524      if(!trim($mybb->input['message']))
1525      {
1526          $errors[] = $lang->error_missing_message;
1527      }
1528  
1529      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1530      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1531      $startdate = @explode(" ", $mybb->input['starttime_time']);
1532      $startdate = @explode(":", $startdate[0]);
1533      $enddate = @explode(" ", $mybb->input['endtime_time']);
1534      $enddate = @explode(":", $enddate[0]);
1535  
1536      if(stristr($mybb->input['starttime_time'], "pm"))
1537      {
1538          $startdate[0] = 12+$startdate[0];
1539          if($startdate[0] >= 24)
1540          {
1541              $startdate[0] = "00";
1542          }
1543      }
1544  
1545      if(stristr($mybb->input['endtime_time'], "pm"))
1546      {
1547          $enddate[0] = 12+$enddate[0];
1548          if($enddate[0] >= 24)
1549          {
1550              $enddate[0] = "00";
1551          }
1552      }
1553  
1554      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1555      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1556      if(!in_array($mybb->input['starttime_month'], $months))
1557      {
1558          $mybb->input['starttime_month'] = '01';
1559      }
1560  
1561      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1562  
1563      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1564      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1565      {
1566          $errors[] = $lang->error_invalid_start_date;
1567      }
1568  
1569      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2")
1570      {
1571          $enddate = '0';
1572          $mybb->input['endtime_month'] = '01';
1573      }
1574      else
1575      {
1576          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1577          if(!in_array($mybb->input['endtime_month'], $months))
1578          {
1579              $mybb->input['endtime_month'] = '01';
1580          }
1581          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1582          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1583          {
1584              $errors[] = $lang->error_invalid_end_date;
1585          }
1586          elseif($enddate <= $startdate)
1587          {
1588              $errors[] = $lang->error_end_before_start;
1589          }
1590      }
1591  
1592      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1593      {
1594          $allowhtml = 1;
1595      }
1596      else
1597      {
1598          $allowhtml = 0;
1599      }
1600      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1601      {
1602          $allowmycode = 1;
1603      }
1604      else
1605      {
1606          $allowmycode = 0;
1607      }
1608      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1609      {
1610          $allowsmilies = 1;
1611      }
1612      else
1613      {
1614          $allowsmilies = 0;
1615      }
1616  
1617      $plugins->run_hooks("modcp_do_edit_announcement_start");
1618  
1619      // Proceed to update if no errors
1620      if(!$errors)
1621      {
1622          if(isset($mybb->input['preview']))
1623          {
1624              $preview = array();
1625              $mybb->input['action'] = 'edit_announcement';
1626          }
1627          else
1628          {
1629              $update_announcement = array(
1630                  'uid' => $mybb->user['uid'],
1631                  'subject' => $db->escape_string($mybb->input['title']),
1632                  'message' => $db->escape_string($mybb->input['message']),
1633                  'startdate' => $startdate,
1634                  'enddate' => $enddate,
1635                  'allowhtml' => $allowhtml,
1636                  'allowmycode' => $allowmycode,
1637                  'allowsmilies' => $allowsmilies
1638              );
1639              $db->update_query("announcements", $update_announcement, "aid='{$aid}'");
1640  
1641              log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited);
1642  
1643              $plugins->run_hooks("modcp_do_edit_announcement_end");
1644  
1645              $cache->update_forumsdisplay();
1646              redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement);
1647          }
1648      }
1649      else
1650      {
1651          $mybb->input['action'] = 'edit_announcement';
1652      }
1653  }
1654  
1655  if($mybb->input['action'] == "edit_announcement")
1656  {
1657      if($mybb->usergroup['canmanageannounce'] == 0)
1658      {
1659          error_no_permission();
1660      }
1661  
1662      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1663  
1664      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1665      add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&amp;aid={$aid}");
1666  
1667      // Get announcement
1668      if(!isset($announcement) || $mybb->request_method != 'post')
1669      {
1670          $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1671          $announcement = $db->fetch_array($query);
1672      }
1673  
1674      if(!$announcement)
1675      {
1676          error($lang->error_invalid_announcement);
1677      }
1678      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1679      {
1680          error_no_permission();
1681      }
1682  
1683      if(!$announcement['startdate'])
1684      {
1685          // No start date? Make it now.
1686          $announcement['startdate'] = TIME_NOW;
1687      }
1688  
1689      $makeshift_end = false;
1690      if(!$announcement['enddate'])
1691      {
1692          $makeshift_end = true;
1693          $makeshift_time = TIME_NOW;
1694          if($announcement['startdate'])
1695          {
1696              $makeshift_time = $announcement['startdate'];
1697          }
1698  
1699          // No end date? Make it a year from now.
1700          $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366);
1701      }
1702  
1703      // Deal with inline errors
1704      if(!empty($errors) || isset($preview))
1705      {
1706          if(!empty($errors))
1707          {
1708              $errors = inline_error($errors);
1709          }
1710          else
1711          {
1712              $errors = '';
1713          }
1714  
1715          // Set $announcement to input stuff
1716          $announcement['subject'] = $mybb->input['title'];
1717          $announcement['message'] = $mybb->input['message'];
1718          $announcement['allowhtml'] = $allowhtml;
1719          $announcement['allowmycode'] = $allowmycode;
1720          $announcement['allowsmilies'] = $allowsmilies;
1721  
1722          $startmonth = $mybb->input['starttime_month'];
1723          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1724          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1725          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1726          $endmonth = $mybb->input['endtime_month'];
1727          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1728          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1729          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1730  
1731          $errored = true;
1732      }
1733      else
1734      {
1735          $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1736          $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1737  
1738          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate);
1739          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate);
1740  
1741          $startday = gmdate('j', $localized_time_startdate);
1742          $endday = gmdate('j', $localized_time_enddate);
1743  
1744          $startmonth = gmdate('m', $localized_time_startdate);
1745          $endmonth = gmdate('m', $localized_time_enddate);
1746  
1747          $startdateyear = gmdate('Y', $localized_time_startdate);
1748          $enddateyear = gmdate('Y', $localized_time_enddate);
1749  
1750          $errored = false;
1751      }
1752  
1753      // Generate form elements
1754      $startdateday = $enddateday = '';
1755      for($day = 1; $day <= 31; ++$day)
1756      {
1757          if($startday == $day)
1758          {
1759              $selected = " selected=\"selected\"";
1760              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1761          }
1762          else
1763          {
1764              $selected = '';
1765              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1766          }
1767  
1768          if($endday == $day)
1769          {
1770              $selected = " selected=\"selected\"";
1771              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1772          }
1773          else
1774          {
1775              $selected = '';
1776              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1777          }
1778      }
1779  
1780      $startmonthsel = $endmonthsel = array();
1781      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1782      {
1783          $startmonthsel[$month] = '';
1784          $endmonthsel[$month] = '';
1785      }
1786      $startmonthsel[$startmonth] = "selected=\"selected\"";
1787      $endmonthsel[$endmonth] = "selected=\"selected\"";
1788  
1789      $startdatemonth = $enddatemonth = '';
1790  
1791      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1792      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1793  
1794      $title = htmlspecialchars_uni($announcement['subject']);
1795      $message = htmlspecialchars_uni($announcement['message']);
1796  
1797      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1798  
1799      if($mybb->settings['announcementshtml'])
1800      {
1801          if($announcement['allowhtml'])
1802          {
1803              $html_sel['yes'] = ' checked="checked"';
1804          }
1805          else
1806          {
1807              $html_sel['no'] = ' checked="checked"';
1808          }
1809  
1810          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1811      }
1812      else
1813      {
1814          $allow_html = '';
1815      }
1816  
1817      if($announcement['allowmycode'])
1818      {
1819          $mycode_sel['yes'] = ' checked="checked"';
1820      }
1821      else
1822      {
1823          $mycode_sel['no'] = ' checked="checked"';
1824      }
1825  
1826      if($announcement['allowsmilies'])
1827      {
1828          $smilies_sel['yes'] = ' checked="checked"';
1829      }
1830      else
1831      {
1832          $smilies_sel['no'] = ' checked="checked"';
1833      }
1834  
1835      $end_type_sel = array('infinite' => '', 'finite' => '');
1836      if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true)
1837      {
1838          $end_type_sel['infinite'] = ' checked="checked"';
1839      }
1840      else
1841      {
1842          $end_type_sel['finite'] = ' checked="checked"';
1843      }
1844  
1845      // MyCode editor
1846      $codebuttons = build_mycode_inserter();
1847      $smilieinserter = build_clickable_smilies();
1848  
1849      if(isset($preview))
1850      {
1851          $announcementarray = array(
1852              'aid' => $announcement['aid'],
1853              'fid' => $announcement['fid'],
1854              'uid' => $mybb->user['uid'],
1855              'subject' => $mybb->input['title'],
1856              'message' => $mybb->input['message'],
1857              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1858              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1859              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1860              'dateline' => TIME_NOW,
1861              'userusername' => $mybb->user['username'],
1862          );
1863  
1864          $array = $mybb->user;
1865          foreach($array as $key => $element)
1866          {
1867              $announcementarray[$key] = $element;
1868          }
1869  
1870          // Gather usergroup data from the cache
1871          // Field => Array Key
1872          $data_key = array(
1873              'title' => 'grouptitle',
1874              'usertitle' => 'groupusertitle',
1875              'stars' => 'groupstars',
1876              'starimage' => 'groupstarimage',
1877              'image' => 'groupimage',
1878              'namestyle' => 'namestyle',
1879              'usereputationsystem' => 'usereputationsystem'
1880          );
1881  
1882          foreach($data_key as $field => $key)
1883          {
1884              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1885          }
1886  
1887          require_once  MYBB_ROOT."inc/functions_post.php";
1888          $postbit = build_postbit($announcementarray, 3);
1889          eval("\$preview = \"".$templates->get("previewpost")."\";");
1890      }
1891      else
1892      {
1893          $preview = '';
1894      }
1895  
1896      $plugins->run_hooks("modcp_edit_announcement");
1897  
1898      eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";");
1899      output_page($announcements);
1900  }
1901  
1902  if($mybb->input['action'] == "announcements")
1903  {
1904      if($mybb->usergroup['canmanageannounce'] == 0)
1905      {
1906          error_no_permission();
1907      }
1908  
1909      if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1)
1910      {
1911          error($lang->you_cannot_manage_announcements);
1912      }
1913  
1914      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1915  
1916      // Fetch announcements into their proper arrays
1917      $query = $db->simple_select("announcements", "aid, fid, subject, enddate");
1918      $announcements = $global_announcements = array();
1919      while($announcement = $db->fetch_array($query))
1920      {
1921          if($announcement['fid'] == -1)
1922          {
1923              $global_announcements[$announcement['aid']] = $announcement;
1924              continue;
1925          }
1926          $announcements[$announcement['fid']][$announcement['aid']] = $announcement;
1927      }
1928  
1929      $announcements_global = '';
1930      if($mybb->usergroup['issupermod'] == 1)
1931      {
1932          if($global_announcements && $mybb->usergroup['issupermod'] == 1)
1933          {
1934              // Get the global announcements
1935              foreach($global_announcements as $aid => $announcement)
1936              {
1937                  $trow = alt_trow();
1938                  if($announcement['startdate'] > TIME_NOW || ($announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0))
1939                  {
1940                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";");
1941                  }
1942                  else
1943                  {
1944                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";");
1945                  }
1946  
1947                  $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1948  
1949                  eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";");
1950              }
1951          }
1952          else
1953          {
1954              // No global announcements
1955              eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";");
1956          }
1957          eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";");
1958      }
1959  
1960      $announcements_forum = '';
1961      fetch_forum_announcements();
1962  
1963      if(!$announcements_forum)
1964      {
1965          eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";");
1966      }
1967  
1968      $plugins->run_hooks("modcp_announcements");
1969  
1970      eval("\$announcements = \"".$templates->get("modcp_announcements")."\";");
1971      output_page($announcements);
1972  }
1973  
1974  if($mybb->input['action'] == "do_modqueue")
1975  {
1976      require_once  MYBB_ROOT."inc/class_moderation.php";
1977      $moderation = new Moderation;
1978  
1979      // Verify incoming POST request
1980      verify_post_check($mybb->get_input('my_post_key'));
1981  
1982      if($mybb->usergroup['canmanagemodqueue'] == 0)
1983      {
1984          error_no_permission();
1985      }
1986  
1987      $plugins->run_hooks("modcp_do_modqueue_start");
1988  
1989      $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY);
1990      $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY);
1991      $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY);
1992      if(!empty($mybb->input['threads']))
1993      {
1994          $threads = array_map("intval", array_keys($mybb->input['threads']));
1995          $threads_to_approve = $threads_to_delete = array();
1996          // Fetch threads
1997          $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}");
1998          while($thread = $db->fetch_array($query))
1999          {
2000              if(!isset($mybb->input['threads'][$thread['tid']]))
2001              {
2002                  continue;
2003              }
2004              $action = $mybb->input['threads'][$thread['tid']];
2005              if($action == "approve")
2006              {
2007                  $threads_to_approve[] = $thread['tid'];
2008              }
2009              else if($action == "delete")
2010              {
2011                  $threads_to_delete[] = $thread['tid'];
2012              }
2013          }
2014          if(!empty($threads_to_approve))
2015          {
2016              $moderation->approve_threads($threads_to_approve);
2017              log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads);
2018          }
2019          if(!empty($threads_to_delete))
2020          {
2021              if($mybb->settings['soft_delete'] == 1)
2022              {
2023                  $moderation->soft_delete_threads($threads_to_delete);
2024                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads);
2025              }
2026              else
2027              {
2028                  foreach($threads_to_delete as $tid)
2029                  {
2030                      $moderation->delete_thread($tid);
2031                  }
2032                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads);
2033              }
2034          }
2035  
2036          $plugins->run_hooks("modcp_do_modqueue_end");
2037  
2038          redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated);
2039      }
2040      else if(!empty($mybb->input['posts']))
2041      {
2042          $posts = array_map("intval", array_keys($mybb->input['posts']));
2043          // Fetch posts
2044          $posts_to_approve = $posts_to_delete = array();
2045          $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}");
2046          while($post = $db->fetch_array($query))
2047          {
2048              if(!isset($mybb->input['posts'][$post['pid']]))
2049              {
2050                  continue;
2051              }
2052              $action = $mybb->input['posts'][$post['pid']];
2053              if($action == "approve")
2054              {
2055                  $posts_to_approve[] = $post['pid'];
2056              }
2057              else if($action == "delete" && $mybb->settings['soft_delete'] != 1)
2058              {
2059                  $moderation->delete_post($post['pid']);
2060              }
2061              else if($action == "delete")
2062              {
2063                  $posts_to_delete[] = $post['pid'];
2064              }
2065          }
2066          if(!empty($posts_to_approve))
2067          {
2068              $moderation->approve_posts($posts_to_approve);
2069              log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts);
2070          }
2071          if(!empty($posts_to_delete))
2072          {
2073              if($mybb->settings['soft_delete'] == 1)
2074              {
2075                  $moderation->soft_delete_posts($posts_to_delete);
2076                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts);
2077              }
2078              else
2079              {
2080                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts);
2081              }
2082          }
2083  
2084          $plugins->run_hooks("modcp_do_modqueue_end");
2085  
2086          redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated);
2087      }
2088      else if(!empty($mybb->input['attachments']))
2089      {
2090          $attachments = array_map("intval", array_keys($mybb->input['attachments']));
2091          $query = $db->query("
2092              SELECT a.pid, a.aid
2093              FROM  ".TABLE_PREFIX."attachments a
2094              LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
2095              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2096              WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach}
2097          ");
2098          while($attachment = $db->fetch_array($query))
2099          {
2100              if(!isset($mybb->input['attachments'][$attachment['aid']]))
2101              {
2102                  continue;
2103              }
2104              $action = $mybb->input['attachments'][$attachment['aid']];
2105              if($action == "approve")
2106              {
2107                  $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");
2108              }
2109              else if($action == "delete")
2110              {
2111                  remove_attachment($attachment['pid'], '', $attachment['aid']);
2112              }
2113          }
2114  
2115          $plugins->run_hooks("modcp_do_modqueue_end");
2116  
2117          redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
2118      }
2119  }
2120  
2121  if($mybb->input['action'] == "modqueue")
2122  {
2123      $navsep = '';
2124  
2125      if($mybb->usergroup['canmanagemodqueue'] == 0)
2126      {
2127          error_no_permission();
2128      }
2129  
2130      if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2131      {
2132          error($lang->you_cannot_use_mod_queue);
2133      }
2134  
2135      $mybb->input['type'] = $mybb->get_input('type');
2136      $threadqueue = $postqueue = $attachmentqueue = '';
2137      if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1))
2138      {
2139          if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1)
2140          {
2141              error($lang->you_cannot_moderate_threads);
2142          }
2143  
2144          $forum_cache = $cache->read("forums");
2145  
2146          $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
2147          $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
2148  
2149          // Figure out if we need to display multiple pages.
2150          if($mybb->get_input('page') != "last")
2151          {
2152              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2153          }
2154  
2155          $perpage = $mybb->settings['threadsperpage'];
2156          $pages = $unapproved_threads / $perpage;
2157          $pages = ceil($pages);
2158  
2159          if($mybb->get_input('page') == "last")
2160          {
2161              $page = $pages;
2162          }
2163  
2164          if($page > $pages || $page <= 0)
2165          {
2166              $page = 1;
2167          }
2168  
2169          if($page)
2170          {
2171              $start = ($page-1) * $perpage;
2172          }
2173          else
2174          {
2175              $start = 0;
2176              $page = 1;
2177          }
2178  
2179          $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads");
2180  
2181          $query = $db->query("
2182              SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid
2183              FROM ".TABLE_PREFIX."threads t
2184              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost)
2185              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
2186              WHERE t.visible='0' {$tflist_queue_threads}
2187              ORDER BY t.lastpost DESC
2188              LIMIT {$start}, {$perpage}
2189          ");
2190          $threads = '';
2191          while($thread = $db->fetch_array($query))
2192          {
2193              $altbg = alt_trow();
2194              $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
2195              $thread['threadlink'] = get_thread_link($thread['tid']);
2196              $forum_link = get_forum_link($thread['fid']);
2197              $forum_name = $forum_cache[$thread['fid']]['name'];
2198              $threaddate = my_date('relative', $thread['dateline']);
2199  
2200              if($thread['username'] == "")
2201              {
2202                  if($thread['threadusername'] != "")
2203                  {
2204                      $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']);
2205                      $profile_link = $thread['threadusername'];
2206                  }
2207                  else
2208                  {
2209                      $profile_link = $lang->guest;
2210                  }
2211              }
2212              else
2213              {
2214                  $thread['username'] = htmlspecialchars_uni($thread['username']);
2215                  $profile_link = build_profile_link($thread['username'], $thread['uid']);
2216              }
2217  
2218              $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage']));
2219              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2220              eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";");
2221          }
2222  
2223          if(!$threads && $mybb->input['type'] == "threads")
2224          {
2225              eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";");
2226          }
2227  
2228          if($threads)
2229          {
2230              add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&amp;type=threads");
2231  
2232              $plugins->run_hooks("modcp_modqueue_threads_end");
2233  
2234              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2235              {
2236                  $navsep = " | ";
2237                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2238              }
2239  
2240              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2241              {
2242                  $navsep = " | ";
2243                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2244              }
2245  
2246              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2247              eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";");
2248              output_page($threadqueue);
2249          }
2250          $type = 'threads';
2251      }
2252  
2253      if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)))
2254      {
2255          if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1)
2256          {
2257              error($lang->you_cannot_moderate_posts);
2258          }
2259  
2260          $forum_cache = $cache->read("forums");
2261  
2262          $query = $db->query("
2263              SELECT COUNT(pid) AS unapprovedposts
2264              FROM  ".TABLE_PREFIX."posts p
2265              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2266              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2267          ");
2268          $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
2269  
2270          // Figure out if we need to display multiple pages.
2271          if($mybb->get_input('page') != "last")
2272          {
2273              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2274          }
2275  
2276          $perpage = $mybb->settings['postsperpage'];
2277          $pages = $unapproved_posts / $perpage;
2278          $pages = ceil($pages);
2279  
2280          if($mybb->get_input('page') == "last")
2281          {
2282              $page = $pages;
2283          }
2284  
2285          if($page > $pages || $page <= 0)
2286          {
2287              $page = 1;
2288          }
2289  
2290          if($page)
2291          {
2292              $start = ($page-1) * $perpage;
2293          }
2294          else
2295          {
2296              $start = 0;
2297              $page = 1;
2298          }
2299  
2300          $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");
2301  
2302          $query = $db->query("
2303              SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline
2304              FROM  ".TABLE_PREFIX."posts p
2305              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2306              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2307              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2308              ORDER BY p.dateline DESC
2309              LIMIT {$start}, {$perpage}
2310          ");
2311          $posts = '';
2312          while($post = $db->fetch_array($query))
2313          {
2314              $altbg = alt_trow();
2315              $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject']));
2316              $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject']));
2317              $post['threadlink'] = get_thread_link($post['tid']);
2318              $post['postlink'] = get_post_link($post['pid'], $post['tid']);
2319              $forum_link = get_forum_link($post['fid']);
2320              $forum_name = $forum_cache[$post['fid']]['name'];
2321              $postdate = my_date('relative', $post['dateline']);
2322  
2323              if($post['username'] == "")
2324              {
2325                  if($post['postusername'] != "")
2326                  {
2327                      $post['postusername'] = htmlspecialchars_uni($post['postusername']);
2328                      $profile_link = $post['postusername'];
2329                  }
2330                  else
2331                  {
2332                      $profile_link = $lang->guest;
2333                  }
2334              }
2335              else
2336              {
2337                  $post['username'] = htmlspecialchars_uni($post['username']);
2338                  $profile_link = build_profile_link($post['username'], $post['uid']);
2339              }
2340  
2341              eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";");
2342              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2343              $post['message'] = nl2br(htmlspecialchars_uni($post['message']));
2344              eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";");
2345          }
2346  
2347          if(!$posts && $mybb->input['type'] == "posts")
2348          {
2349              eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";");
2350          }
2351  
2352          if($posts)
2353          {
2354              add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&amp;type=posts");
2355  
2356              $plugins->run_hooks("modcp_modqueue_posts_end");
2357  
2358              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2359              {
2360                  $navsep = " | ";
2361                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2362              }
2363  
2364              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2365              {
2366                  $navsep = " | ";
2367                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2368              }
2369  
2370              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2371              eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";");
2372              output_page($postqueue);
2373          }
2374      }
2375  
2376      if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)))
2377      {
2378          if($mybb->settings['enableattachments'] == 0)
2379          {
2380              error($lang->attachments_disabled);
2381          }
2382  
2383          if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2384          {
2385              error($lang->you_cannot_moderate_attachments);
2386          }
2387  
2388          $query = $db->query("
2389              SELECT COUNT(aid) AS unapprovedattachments
2390              FROM  ".TABLE_PREFIX."attachments a
2391              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2392              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2393              WHERE a.visible='0'{$tflist_queue_attach}
2394          ");
2395          $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
2396  
2397          // Figure out if we need to display multiple pages.
2398          if($mybb->get_input('page') != "last")
2399          {
2400              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2401          }
2402  
2403          $perpage = $mybb->settings['postsperpage'];
2404          $pages = $unapproved_attachments / $perpage;
2405          $pages = ceil($pages);
2406  
2407          if($mybb->get_input('page') == "last")
2408          {
2409              $page = $pages;
2410          }
2411  
2412          if($page > $pages || $page <= 0)
2413          {
2414              $page = 1;
2415          }
2416  
2417          if($page)
2418          {
2419              $start = ($page-1) * $perpage;
2420          }
2421          else
2422          {
2423              $start = 0;
2424              $page = 1;
2425          }
2426  
2427          $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");
2428  
2429          $query = $db->query("
2430              SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject
2431              FROM  ".TABLE_PREFIX."attachments a
2432              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2433              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2434              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2435              WHERE a.visible='0'{$tflist_queue_attach}
2436              ORDER BY a.dateuploaded DESC
2437              LIMIT {$start}, {$perpage}
2438          ");
2439          $attachments = '';
2440          while($attachment = $db->fetch_array($query))
2441          {
2442              $altbg = alt_trow();
2443  
2444              if(!$attachment['dateuploaded'])
2445              {
2446                  $attachment['dateuploaded'] = $attachment['dateline'];
2447              }
2448  
2449              $attachdate = my_date('relative', $attachment['dateuploaded']);
2450  
2451              $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject']));
2452              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
2453              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
2454              $attachment['filesize'] = get_friendly_size($attachment['filesize']);
2455  
2456              $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}";
2457              $thread_link = get_thread_link($attachment['tid']);
2458              $attachment['username'] = htmlspecialchars_uni($attachment['username']);
2459              $profile_link = build_profile_link($attachment['username'], $attachment['uid']);
2460  
2461              eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";");
2462          }
2463  
2464          if(!$attachments && $mybb->input['type'] == "attachments")
2465          {
2466              eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";");
2467          }
2468  
2469          if($attachments)
2470          {
2471              add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&amp;type=attachments");
2472  
2473              $plugins->run_hooks("modcp_modqueue_attachments_end");
2474  
2475              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2476              {
2477                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2478                  $navsep = " | ";
2479              }
2480  
2481              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2482              {
2483                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2484                  $navsep = " | ";
2485              }
2486  
2487              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2488              eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";");
2489              output_page($attachmentqueue);
2490          }
2491      }
2492  
2493      // Still nothing? All queues are empty! :-D
2494      if(!$threadqueue && !$postqueue && !$attachmentqueue)
2495      {
2496          add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue");
2497  
2498          $plugins->run_hooks("modcp_modqueue_end");
2499  
2500          eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";");
2501          output_page($queue);
2502      }
2503  }
2504  
2505  if($mybb->input['action'] == "do_editprofile")
2506  {
2507      // Verify incoming POST request
2508      verify_post_check($mybb->input['my_post_key']);
2509  
2510      if($mybb->usergroup['caneditprofiles'] == 0)
2511      {
2512          error_no_permission();
2513      }
2514  
2515      $user = get_user($mybb->input['uid']);
2516      if(!$user)
2517      {
2518          error($lang->error_nomember);
2519      }
2520  
2521      // Check if the current user has permission to edit this user
2522      if(!modcp_can_manage_user($user['uid']))
2523      {
2524          error_no_permission();
2525      }
2526  
2527      $plugins->run_hooks("modcp_do_editprofile_start");
2528  
2529      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
2530      {
2531          $awaydate = TIME_NOW;
2532          if(!empty($mybb->input['awayday']))
2533          {
2534              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
2535              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
2536              {
2537                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
2538              }
2539              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
2540              {
2541                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
2542              }
2543  
2544              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
2545              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
2546              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
2547  
2548              // Check if return date is after the away date.
2549              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
2550              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
2551              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
2552              {
2553                  error($lang->error_modcp_return_date_past);
2554              }
2555  
2556              $returndate = "{$return_day}-{$return_month}-{$return_year}";
2557          }
2558          else
2559          {
2560              $returndate = "";
2561          }
2562          $away = array(
2563              "away" => 1,
2564              "date" => $awaydate,
2565              "returndate" => $returndate,
2566              "awayreason" => $mybb->get_input('awayreason')
2567          );
2568      }
2569      else
2570      {
2571          $away = array(
2572              "away" => 0,
2573              "date" => '',
2574              "returndate" => '',
2575              "awayreason" => ''
2576          );
2577      }
2578  
2579      // Set up user handler.
2580      require_once  MYBB_ROOT."inc/datahandlers/user.php";
2581      $userhandler = new UserDataHandler('update');
2582  
2583      // Set the data for the new user.
2584      $updated_user = array(
2585          "uid" => $user['uid'],
2586          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
2587          "profile_fields_editable" => true,
2588          "website" => $mybb->get_input('website'),
2589          "icq" => $mybb->get_input('icq'),
2590          "yahoo" => $mybb->get_input('yahoo'),
2591          "skype" => $mybb->get_input('skype'),
2592          "google" => $mybb->get_input('google'),
2593          "signature" => $mybb->get_input('signature'),
2594          "usernotes" => $mybb->get_input('usernotes'),
2595          "away" => $away
2596      );
2597  
2598      $updated_user['birthday'] = array(
2599          "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT),
2600          "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT),
2601          "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT)
2602      );
2603  
2604      if(!empty($mybb->input['usertitle']))
2605      {
2606          $updated_user['usertitle'] = $mybb->get_input('usertitle');
2607      }
2608      else if(!empty($mybb->input['reverttitle']))
2609      {
2610          $updated_user['usertitle'] = '';
2611      }
2612  
2613      if(!empty($mybb->input['remove_avatar']))
2614      {
2615          $updated_user['avatarurl'] = '';
2616      }
2617  
2618      // Set the data of the user in the datahandler.
2619      $userhandler->set_data($updated_user);
2620      $errors = '';
2621  
2622      // Validate the user and get any errors that might have occurred.
2623      if(!$userhandler->validate_user())
2624      {
2625          $errors = $userhandler->get_friendly_errors();
2626          $mybb->input['action'] = "editprofile";
2627      }
2628      else
2629      {
2630          // Are we removing an avatar from this user?
2631          if(!empty($mybb->input['remove_avatar']))
2632          {
2633              $extra_user_updates = array(
2634                  "avatar" => "",
2635                  "avatardimensions" => "",
2636                  "avatartype" => ""
2637              );
2638              remove_avatars($user['uid']);
2639          }
2640  
2641          // Moderator "Options" (suspend signature, suspend/moderate posting)
2642          $moderator_options = array(
2643              1 => array(
2644                  "action" => "suspendsignature", // The moderator action we're performing
2645                  "period" => "action_period", // The time period we've selected from the dropdown box
2646                  "time" => "action_time", // The time we've entered
2647                  "update_field" => "suspendsignature", // The field in the database to update if true
2648                  "update_length" => "suspendsigtime" // The length of suspension field in the database
2649              ),
2650              2 => array(
2651                  "action" => "moderateposting",
2652                  "period" => "modpost_period",
2653                  "time" => "modpost_time",
2654                  "update_field" => "moderateposts",
2655                  "update_length" => "moderationtime"
2656              ),
2657              3 => array(
2658                  "action" => "suspendposting",
2659                  "period" => "suspost_period",
2660                  "time" => "suspost_time",
2661                  "update_field" => "suspendposting",
2662                  "update_length" => "suspensiontime"
2663              )
2664          );
2665  
2666          require_once  MYBB_ROOT."inc/functions_warnings.php";
2667          foreach($moderator_options as $option)
2668          {
2669              ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT);
2670              $mybb->input[$option['period']] = $mybb->get_input($option['period']);
2671              if(empty($mybb->input[$option['action']]))
2672              {
2673                  if($user[$option['update_field']] == 1)
2674                  {
2675                      // We're revoking the suspension
2676                      $extra_user_updates[$option['update_field']] = 0;
2677                      $extra_user_updates[$option['update_length']] = 0;
2678                  }
2679  
2680                  // Skip this option if we haven't selected it
2681                  continue;
2682              }
2683  
2684              else
2685              {
2686                  if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
2687                  {
2688                      // User has selected a type of ban, but not entered a valid time frame
2689                      $string = $option['action']."_error";
2690                      $errors[] = $lang->$string;
2691                  }
2692  
2693                  if(!is_array($errors))
2694                  {
2695                      $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
2696  
2697                      if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
2698                      {
2699                          // We already have a suspension, but entered a new time
2700                          if($suspend_length == "-1")
2701                          {
2702                              // Permanent ban on action
2703                              $extra_user_updates[$option['update_length']] = 0;
2704                          }
2705                          elseif($suspend_length && $suspend_length != "-1")
2706                          {
2707                              // Temporary ban on action
2708                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2709                          }
2710                      }
2711                      elseif(!$user[$option['update_field']])
2712                      {
2713                          // New suspension for this user... bad user!
2714                          $extra_user_updates[$option['update_field']] = 1;
2715                          if($suspend_length == "-1")
2716                          {
2717                              $extra_user_updates[$option['update_length']] = 0;
2718                          }
2719                          else
2720                          {
2721                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2722                          }
2723                      }
2724                  }
2725              }
2726          }
2727  
2728          // Those with javascript turned off will be able to select both - cheeky!
2729          // Check to make sure we're not moderating AND suspending posting
2730          if(isset($extra_user_updates) && $extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
2731          {
2732              $errors[] = $lang->suspendmoderate_error;
2733          }
2734  
2735          if(is_array($errors))
2736          {
2737              $mybb->input['action'] = "editprofile";
2738          }
2739          else
2740          {
2741              $plugins->run_hooks("modcp_do_editprofile_update");
2742  
2743              // Continue with the update if there is no errors
2744              $user_info = $userhandler->update_user();
2745              if(!empty($extra_user_updates))
2746              {
2747                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
2748              }
2749              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user);
2750  
2751              $plugins->run_hooks("modcp_do_editprofile_end");
2752  
2753              redirect("modcp.php?action=finduser", $lang->redirect_user_updated);
2754          }
2755      }
2756  }
2757  
2758  if($mybb->input['action'] == "editprofile")
2759  {
2760      if($mybb->usergroup['caneditprofiles'] == 0)
2761      {
2762          error_no_permission();
2763      }
2764  
2765      add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile");
2766  
2767      $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
2768      if(!$user)
2769      {
2770          error($lang->error_nomember);
2771      }
2772  
2773      // Check if the current user has permission to edit this user
2774      if(!modcp_can_manage_user($user['uid']))
2775      {
2776          error_no_permission();
2777      }
2778  
2779      $userperms = user_permissions($user['uid']);
2780  
2781      // Set display group
2782      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2783  
2784      if(!$user['displaygroup'])
2785      {
2786          $user['displaygroup'] = $user['usergroup'];
2787      }
2788  
2789      $display_group = usergroup_displaygroup($user['displaygroup']);
2790      if(is_array($display_group))
2791      {
2792          $userperms = array_merge($userperms, $display_group);
2793      }
2794  
2795      if(!my_validate_url($user['website']))
2796      {
2797          $user['website'] = '';
2798      }
2799  
2800      if($user['icq'] != "0")
2801      {
2802          $user['icq'] = (int)$user['icq'];
2803      }
2804  
2805      if(!$errors)
2806      {
2807          $mybb->input = array_merge($user, $mybb->input);
2808          $birthday = explode('-', $user['birthday']);
2809          if(!isset($birthday[1]))
2810          {
2811              $birthday[1] = '';
2812          }
2813          if(!isset($birthday[2]))
2814          {
2815              $birthday[2] = '';
2816          }
2817          list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday;
2818      }
2819      else
2820      {
2821          $errors = inline_error($errors);
2822      }
2823  
2824      // Sanitize all input
2825      foreach(array('usertitle', 'website', 'icq', 'yahoo', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
2826      {
2827          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
2828      }
2829  
2830      // Custom user title
2831      if(!empty($userperms['usertitle']))
2832      {
2833          $defaulttitle = htmlspecialchars_uni($userperms['usertitle']);
2834      }
2835      else
2836      {
2837          // Go for post count title if a group default isn't set
2838          $usertitles = $cache->read('usertitles');
2839  
2840          foreach($usertitles as $title)
2841          {
2842              if($title['posts'] <= $user['postnum'])
2843              {
2844                  $defaulttitle = $title['title'];
2845                  break;
2846              }
2847          }
2848      }
2849  
2850      $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
2851  
2852      if(empty($user['usertitle']))
2853      {
2854          $lang->current_custom_usertitle = '';
2855      }
2856  
2857      $bdaydaysel = $selected = '';
2858      for($day = 1; $day <= 31; ++$day)
2859      {
2860          if($mybb->input['birthday_day'] == $day)
2861          {
2862              $selected = "selected=\"selected\"";
2863          }
2864          else
2865          {
2866              $selected = '';
2867          }
2868  
2869          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
2870      }
2871  
2872      $bdaymonthsel = array();
2873      foreach(range(1, 12) as $month)
2874      {
2875          $bdaymonthsel[$month] = '';
2876      }
2877      $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"';
2878  
2879      if($mybb->settings['allowaway'] != 0)
2880      {
2881          $awaycheck = array('', '');
2882          if($errors)
2883          {
2884              if($user['away'] == 1)
2885              {
2886                  $awaycheck[1] = "checked=\"checked\"";
2887              }
2888              else
2889              {
2890                  $awaycheck[0] = "checked=\"checked\"";
2891              }
2892              $returndate = array();
2893              $returndate[0] = $mybb->get_input('awayday');
2894              $returndate[1] = $mybb->get_input('awaymonth');
2895              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
2896              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
2897          }
2898          else
2899          {
2900              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
2901              if($user['away'] == 1)
2902              {
2903                  $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']);
2904                  $awaycheck[1] = "checked=\"checked\"";
2905                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
2906              }
2907              else
2908              {
2909                  $awaynotice = $lang->away_notice;
2910                  $awaycheck[0] = "checked=\"checked\"";
2911              }
2912              $returndate = explode("-", $user['returndate']);
2913          }
2914          $returndatesel = $selected = '';
2915          for($day = 1; $day <= 31; ++$day)
2916          {
2917              if($returndate[0] == $day)
2918              {
2919                  $selected = "selected=\"selected\"";
2920              }
2921              else
2922              {
2923                  $selected = '';
2924              }
2925  
2926              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
2927          }
2928  
2929          $returndatemonthsel = array();
2930          foreach(range(1, 12) as $month)
2931          {
2932              $returndatemonthsel[$month] = '';
2933          }
2934          if(isset($returndate[1]))
2935          {
2936              $returndatemonthsel[$returndate[1]] = " selected=\"selected\"";
2937          }
2938  
2939          if(!isset($returndate[2]))
2940          {
2941              $returndate[2] = '';
2942          }
2943  
2944          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
2945      }
2946  
2947      $plugins->run_hooks("modcp_editprofile_start");
2948  
2949      // Fetch profile fields
2950      $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
2951      $user_fields = $db->fetch_array($query);
2952  
2953      $requiredfields = '';
2954      $customfields = '';
2955      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
2956  
2957      $pfcache = $cache->read('profilefields');
2958  
2959      if(is_array($pfcache))
2960      {
2961          foreach($pfcache as $profilefield)
2962          {
2963              $userfield = $code = $select = $val = $options = $expoptions = $useropts = '';
2964              $seloptions = array();
2965              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
2966              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
2967              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
2968              $thing = explode("\n", $profilefield['type'], "2");
2969              $type = $thing[0];
2970              if(isset($thing[1]))
2971              {
2972                  $options = $thing[1];
2973              }
2974              $field = "fid{$profilefield['fid']}";
2975              if($errors)
2976              {
2977                  if(isset($mybb->input['profile_fields'][$field]))
2978                  {
2979                      $userfield = $mybb->input['profile_fields'][$field];
2980                  }
2981              }
2982              else
2983              {
2984                  $userfield = $user_fields[$field];
2985              }
2986              if($type == "multiselect")
2987              {
2988                  if($errors)
2989                  {
2990                      $useropts = $userfield;
2991                  }
2992                  else
2993                  {
2994                      $useropts = explode("\n", $userfield);
2995                  }
2996                  if(is_array($useropts))
2997                  {
2998                      foreach($useropts as $key => $val)
2999                      {
3000                          $seloptions[$val] = $val;
3001                      }
3002                  }
3003                  $expoptions = explode("\n", $options);
3004                  if(is_array($expoptions))
3005                  {
3006                      foreach($expoptions as $key => $val)
3007                      {
3008                          $val = trim($val);
3009                          $val = str_replace("\n", "\\n", $val);
3010  
3011                          $sel = "";
3012                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3013                          {
3014                              $sel = " selected=\"selected\"";
3015                          }
3016  
3017                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
3018                      }
3019                      if(!$profilefield['length'])
3020                      {
3021                          $profilefield['length'] = 3;
3022                      }
3023  
3024                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
3025                  }
3026              }
3027              elseif($type == "select")
3028              {
3029                  $expoptions = explode("\n", $options);
3030                  if(is_array($expoptions))
3031                  {
3032                      foreach($expoptions as $key => $val)
3033                      {
3034                          $val = trim($val);
3035                          $val = str_replace("\n", "\\n", $val);
3036                          $sel = "";
3037                          if($val == $userfield)
3038                          {
3039                              $sel = " selected=\"selected\"";
3040                          }
3041  
3042                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
3043                      }
3044                      if(!$profilefield['length'])
3045                      {
3046                          $profilefield['length'] = 1;
3047                      }
3048  
3049                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
3050                  }
3051              }
3052              elseif($type == "radio")
3053              {
3054                  $expoptions = explode("\n", $options);
3055                  if(is_array($expoptions))
3056                  {
3057                      foreach($expoptions as $key => $val)
3058                      {
3059                          $checked = "";
3060                          if($val == $userfield)
3061                          {
3062                              $checked = " checked=\"checked\"";
3063                          }
3064  
3065                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
3066                      }
3067                  }
3068              }
3069              elseif($type == "checkbox")
3070              {
3071                  if($errors)
3072                  {
3073                      $useropts = $userfield;
3074                  }
3075                  else
3076                  {
3077                      $useropts = explode("\n", $userfield);
3078                  }
3079                  if(is_array($useropts))
3080                  {
3081                      foreach($useropts as $key => $val)
3082                      {
3083                          $seloptions[$val] = $val;
3084                      }
3085                  }
3086                  $expoptions = explode("\n", $options);
3087                  if(is_array($expoptions))
3088                  {
3089                      foreach($expoptions as $key => $val)
3090                      {
3091                          $checked = "";
3092                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3093                          {
3094                              $checked = " checked=\"checked\"";
3095                          }
3096  
3097                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
3098                      }
3099                  }
3100              }
3101              elseif($type == "textarea")
3102              {
3103                  $value = htmlspecialchars_uni($userfield);
3104                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
3105              }
3106              else
3107              {
3108                  $value = htmlspecialchars_uni($userfield);
3109                  $maxlength = "";
3110                  if($profilefield['maxlength'] > 0)
3111                  {
3112                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
3113                  }
3114  
3115                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
3116              }
3117  
3118              if($profilefield['required'] == 1)
3119              {
3120                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3121              }
3122              else
3123              {
3124                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3125              }
3126              $altbg = alt_trow();
3127          }
3128      }
3129      if($customfields)
3130      {
3131          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
3132      }
3133  
3134      $user['username'] = htmlspecialchars_uni($user['username']);
3135      $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']);
3136      $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3137  
3138      $user['signature'] = htmlspecialchars_uni($user['signature']);
3139      $codebuttons = build_mycode_inserter("signature");
3140  
3141      // Do we mark the suspend signature box?
3142      if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors)))
3143      {
3144          $checked = 1;
3145          $checked_item = "checked=\"checked\"";
3146      }
3147      else
3148      {
3149          $checked = 0;
3150          $checked_item = '';
3151      }
3152  
3153      // Do we mark the moderate posts box?
3154      if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors)))
3155      {
3156          $modpost_check = 1;
3157          $modpost_checked = "checked=\"checked\"";
3158      }
3159      else
3160      {
3161          $modpost_check = 0;
3162          $modpost_checked = '';
3163      }
3164  
3165      // Do we mark the suspend posts box?
3166      if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors)))
3167      {
3168          $suspost_check = 1;
3169          $suspost_checked = "checked=\"checked\"";
3170      }
3171      else
3172      {
3173          $suspost_check = 0;
3174          $suspost_checked = '';
3175      }
3176  
3177      $moderator_options = array(
3178          1 => array(
3179              "action" => "suspendsignature", // The input action for this option
3180              "option" => "suspendsignature", // The field in the database that this option relates to
3181              "time" => "action_time", // The time we've entered
3182              "length" => "suspendsigtime", // The length of suspension field in the database
3183              "select_option" => "action" // The name of the select box of this option
3184          ),
3185          2 => array(
3186              "action" => "moderateposting",
3187              "option" => "moderateposts",
3188              "time" => "modpost_time",
3189              "length" => "moderationtime",
3190              "select_option" => "modpost"
3191          ),
3192          3 => array(
3193              "action" => "suspendposting",
3194              "option" => "suspendposting",
3195              "time" => "suspost_time",
3196              "length" => "suspensiontime",
3197              "select_option" => "suspost"
3198          )
3199      );
3200  
3201      $periods = array(
3202          "hours" => $lang->expire_hours,
3203          "days" => $lang->expire_days,
3204          "weeks" => $lang->expire_weeks,
3205          "months" => $lang->expire_months,
3206          "never" => $lang->expire_permanent
3207      );
3208  
3209      $suspendsignature_info = $moderateposts_info = $suspendposting_info = '';
3210      $action_options = $modpost_options = $suspost_options = '';
3211      $modopts = array();
3212      foreach($moderator_options as $option)
3213      {
3214          ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT);
3215          // Display the suspension info, if this user has this option suspended
3216          if($user[$option['option']])
3217          {
3218              if($user[$option['length']] == 0)
3219              {
3220                  // User has a permanent ban
3221                  $string = $option['option']."_perm";
3222                  $suspension_info = $lang->$string;
3223              }
3224              else
3225              {
3226                  // User has a temporary (or limited) ban
3227                  $string = $option['option']."_for";
3228                  $for_date = my_date('relative', $user[$option['length']], '', 2);
3229                  $suspension_info = $lang->sprintf($lang->$string, $for_date);
3230              }
3231  
3232              switch($option['option'])
3233              {
3234                  case "suspendsignature":
3235                      eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3236                      break;
3237                  case "moderateposts":
3238                      eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3239                      break;
3240                  case "suspendposting":
3241                      eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3242                      break;
3243              }
3244          }
3245  
3246          // Generate the boxes for this option
3247          $selection_options = '';
3248          foreach($periods as $key => $value)
3249          {
3250              $string = $option['select_option']."_period";
3251              if($mybb->get_input($string) == $key)
3252              {
3253                  $selected = "selected=\"selected\"";
3254              }
3255              else
3256              {
3257                  $selected = '';
3258              }
3259  
3260              eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";");
3261          }
3262  
3263          $select_name = $option['select_option']."_period";
3264          switch($option['option'])
3265          {
3266              case "suspendsignature":
3267                  eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";");
3268                  break;
3269              case "moderateposts":
3270                  eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3271                  break;
3272              case "suspendposting":
3273                  eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3274                  break;
3275          }
3276      }
3277  
3278      eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";");
3279  
3280      $user['usernotes'] = htmlspecialchars_uni($user['usernotes']);
3281  
3282      if(!isset($newtitle))
3283      {
3284          $newtitle = '';
3285      }
3286  
3287      $birthday_year = $mybb->input['birthday_year'];
3288      $user_website = $mybb->input['website'];
3289      $user_icq = $mybb->input['icq'];
3290      $user_skype = $mybb->input['skype'];
3291      $user_google = $mybb->input['google'];
3292      $user_yahoo = $mybb->input['yahoo'];
3293  
3294      $plugins->run_hooks("modcp_editprofile_end");
3295  
3296      eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";");
3297      output_page($edituser);
3298  }
3299  
3300  if($mybb->input['action'] == "finduser")
3301  {
3302      if($mybb->usergroup['caneditprofiles'] == 0)
3303      {
3304          error_no_permission();
3305      }
3306  
3307      add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser");
3308  
3309      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3310      if(!$perpage || $perpage <= 0)
3311      {
3312          $perpage = $mybb->settings['threadsperpage'];
3313      }
3314      $where = '';
3315  
3316      if(isset($mybb->input['username']))
3317      {
3318          switch($db->type)
3319          {
3320              case 'mysql':
3321              case 'mysqli':
3322                  $field = 'username';
3323                  break;
3324              default:
3325                  $field = 'LOWER(username)';
3326                  break;
3327          }
3328          $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'";
3329      }
3330  
3331      // Sort order & direction
3332      switch($mybb->get_input('sortby'))
3333      {
3334          case "lastvisit":
3335              $sortby = "lastvisit";
3336              break;
3337          case "postnum":
3338              $sortby = "postnum";
3339              break;
3340          case "username":
3341              $sortby = "username";
3342              break;
3343          default:
3344              $sortby = "regdate";
3345      }
3346      $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => '');
3347      $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\"";
3348      $order = $mybb->get_input('order');
3349      if($order != "asc")
3350      {
3351          $order = "desc";
3352      }
3353      $ordersel = array('asc' => '', 'desc' => '');
3354      $ordersel[$order] = " selected=\"selected\"";
3355  
3356      $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}");
3357      $user_count = $db->fetch_field($query, "count");
3358  
3359      // Figure out if we need to display multiple pages.
3360      if($mybb->get_input('page') != "last")
3361      {
3362          $page = $mybb->get_input('page');
3363      }
3364  
3365      $pages = $user_count / $perpage;
3366      $pages = ceil($pages);
3367  
3368      if($mybb->get_input('page') == "last")
3369      {
3370          $page = $pages;
3371      }
3372  
3373      if($page > $pages || $page <= 0)
3374      {
3375          $page = 1;
3376      }
3377      if($page)
3378      {
3379          $start = ($page-1) * $perpage;
3380      }
3381      else
3382      {
3383          $start = 0;
3384          $page = 1;
3385      }
3386  
3387      $page_url = 'modcp.php?action=finduser';
3388      foreach(array('username', 'sortby', 'order') as $field)
3389      {
3390          if(!empty($mybb->input[$field]))
3391          {
3392              $page_url .= "&amp;{$field}=".$mybb->input[$field];
3393          }
3394      }
3395  
3396      $multipage = multipage($user_count, $perpage, $page, $page_url);
3397  
3398      $usergroups_cache = $cache->read("usergroups");
3399  
3400      $plugins->run_hooks("modcp_finduser_start");
3401  
3402      // Fetch out results
3403      $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start));
3404      $users = '';
3405      while($user = $db->fetch_array($query))
3406      {
3407          $alt_row = alt_trow();
3408          $user['username'] = htmlspecialchars_uni($user['username']);
3409          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
3410          $user['postnum'] = my_number_format($user['postnum']);
3411          $regdate = my_date('relative', $user['regdate']);
3412  
3413          if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])
3414          {
3415              $lastdate = $lang->lastvisit_never;
3416  
3417              if($user['lastvisit'])
3418              {
3419                  // We have had at least some active time, hide it instead
3420                  $lastdate = $lang->lastvisit_hidden;
3421              }
3422          }
3423          else
3424          {
3425              $lastdate = my_date('relative', $user['lastvisit']);
3426          }
3427  
3428          $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']);
3429          eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";");
3430      }
3431  
3432      // No results?
3433      if(!$users)
3434      {
3435          eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";");
3436      }
3437  
3438      $plugins->run_hooks("modcp_finduser_end");
3439  
3440      $username = $mybb->get_input('username');
3441      eval("\$finduser = \"".$templates->get("modcp_finduser")."\";");
3442      output_page($finduser);
3443  }
3444  
3445  if($mybb->input['action'] == "warninglogs")
3446  {
3447      if($mybb->usergroup['canviewwarnlogs'] == 0)
3448      {
3449          error_no_permission();
3450      }
3451  
3452      add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs");
3453  
3454      // Filter options
3455      $where_sql = '';
3456      $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY);
3457      $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY);
3458      if(!empty($mybb->input['filter']['username']))
3459      {
3460          $search_user = get_user_by_username($mybb->input['filter']['username']);
3461  
3462          $mybb->input['filter']['uid'] = (int)$search_user['uid'];
3463          $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']);
3464      }
3465      else
3466      {
3467          $mybb->input['filter']['username'] = '';
3468      }
3469      if(!empty($mybb->input['filter']['uid']))
3470      {
3471          $search['uid'] = (int)$mybb->input['filter']['uid'];
3472          $where_sql .= " AND w.uid='{$search['uid']}'";
3473          if(!isset($mybb->input['search']['username']))
3474          {
3475              $user = get_user($mybb->input['search']['uid']);
3476              $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']);
3477          }
3478      }
3479      else
3480      {
3481          $mybb->input['filter']['uid'] = '';
3482      }
3483      if(!empty($mybb->input['filter']['mod_username']))
3484      {
3485          $mod_user = get_user_by_username($mybb->input['filter']['mod_username']);
3486  
3487          $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid'];
3488          $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']);
3489      }
3490      else
3491      {
3492          $mybb->input['filter']['mod_username'] = '';
3493      }
3494      if(!empty($mybb->input['filter']['mod_uid']))
3495      {
3496          $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid'];
3497          $where_sql .= " AND w.issuedby='{$search['mod_uid']}'";
3498          if(!isset($mybb->input['search']['mod_username']))
3499          {
3500              $mod_user = get_user($mybb->input['search']['uid']);
3501              $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']);
3502          }
3503      }
3504      else
3505      {
3506          $mybb->input['filter']['mod_uid'] = '';
3507      }
3508      if(!empty($mybb->input['filter']['reason']))
3509      {
3510          $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']);
3511          $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";
3512          $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']);
3513      }
3514      else
3515      {
3516          $mybb->input['filter']['reason'] = '';
3517      }
3518      $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => '');
3519      if(!isset($mybb->input['filter']['sortby']))
3520      {
3521          $mybb->input['filter']['sortby'] = '';
3522      }
3523      switch($mybb->input['filter']['sortby'])
3524      {
3525          case "username":
3526              $sortby = "u.username";
3527              $sortbysel['username'] = ' selected="selected"';
3528              break;
3529          case "expires":
3530              $sortby = "w.expires";
3531              $sortbysel['expires'] = ' selected="selected"';
3532              break;
3533          case "issuedby":
3534              $sortby = "i.username";
3535              $sortbysel['issuedby'] = ' selected="selected"';
3536              break;
3537          default: // "dateline"
3538              $sortby = "w.dateline";
3539              $sortbysel['dateline'] = ' selected="selected"';
3540      }
3541      if(!isset($mybb->input['filter']['order']))
3542      {
3543          $mybb->input['filter']['order'] = '';
3544      }
3545      $order = $mybb->input['filter']['order'];
3546      $ordersel = array('asc' => '', 'desc' => '');
3547      if($order != "asc")
3548      {
3549          $order = "desc";
3550          $ordersel['desc'] = ' selected="selected"';
3551      }
3552      else
3553      {
3554          $ordersel['asc'] = ' selected="selected"';
3555      }
3556  
3557      $plugins->run_hooks("modcp_warninglogs_start");
3558  
3559      // Pagination stuff
3560      $sql = "
3561          SELECT COUNT(wid) as count
3562          FROM
3563              ".TABLE_PREFIX."warnings w
3564              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3565          WHERE 1=1
3566              {$where_sql}
3567      ";
3568      $query = $db->query($sql);
3569      $total_warnings = $db->fetch_field($query, 'count');
3570      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3571      if($page <= 0)
3572      {
3573          $page = 1;
3574      }
3575      $per_page = 20;
3576      if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0)
3577      {
3578          $per_page = (int)$mybb->input['filter']['per_page'];
3579      }
3580      $start = ($page-1) * $per_page;
3581      $pages = ceil($total_warning / $per_page);
3582      if($page > $pages)
3583      {
3584          $start = 0;
3585          $page = 1;
3586      }
3587      // Build the base URL for pagination links
3588      $url = 'modcp.php?action=warninglogs';
3589      if(is_array($mybb->input['filter']) && count($mybb->input['filter']))
3590      {
3591          foreach($mybb->input['filter'] as $field => $value)
3592          {
3593              $value = urlencode($value);
3594              $url .= "&amp;filter[{$field}]={$value}";
3595          }
3596      }
3597      $multipage = multipage($total_warnings, $per_page, $page, $url);
3598  
3599      // The actual query
3600      $sql = "
3601          SELECT
3602              w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby,
3603              t.title,
3604              u.uid, u.username, u.usergroup, u.displaygroup,
3605              i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup
3606          FROM ".TABLE_PREFIX."warnings w
3607              LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid)
3608              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3609              LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby)
3610          WHERE 1=1
3611              {$where_sql}
3612          ORDER BY {$sortby} {$order}
3613          LIMIT {$start}, {$per_page}
3614      ";
3615      $query = $db->query($sql);
3616  
3617  
3618      $warning_list = '';
3619      while($row = $db->fetch_array($query))
3620      {
3621          $trow = alt_trow();
3622          $row['username'] = htmlspecialchars_uni($row['username']);
3623          $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']);
3624          $username_link = build_profile_link($username, $row['uid']);
3625          $row['mod_username'] = htmlspecialchars_uni($row['mod_username']);
3626          $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']);
3627          $mod_username_link = build_profile_link($mod_username, $row['mod_uid']);
3628          $issued_date = my_date('normal', $row['dateline']);
3629          $revoked_text = '';
3630          if($row['daterevoked'] > 0)
3631          {
3632              $revoked_date = my_date('relative', $row['daterevoked']);
3633              eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";");
3634          }
3635          if($row['expires'] > 0)
3636          {
3637              $expire_date = nice_time($row['expires']-TIME_NOW);
3638          }
3639          else
3640          {
3641              $expire_date = $lang->never;
3642          }
3643          $title = $row['title'];
3644          if(empty($row['title']))
3645          {
3646              $title = $row['custom_title'];
3647          }
3648          $title = htmlspecialchars_uni($title);
3649          if($row['points'] >= 0)
3650          {
3651              $points = '+'.$row['points'];
3652          }
3653  
3654          eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";");
3655      }
3656  
3657      if(!$warning_list)
3658      {
3659          eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";");
3660      }
3661  
3662      $plugins->run_hooks("modcp_warninglogs_end");
3663  
3664      $filter_username = $mybb->input['filter']['username'];
3665      $filter_modusername = $mybb->input['filter']['mod_username'];
3666      $filter_reason = $mybb->input['filter']['reason'];
3667  
3668      eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";");
3669      output_page($warninglogs);
3670  }
3671  
3672  if($mybb->input['action'] == "ipsearch")
3673  {
3674      if($mybb->usergroup['canuseipsearch'] == 0)
3675      {
3676          error_no_permission();
3677      }
3678  
3679      add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch");
3680  
3681      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
3682      if($mybb->input['ipaddress'])
3683      {
3684          if(!is_array($groupscache))
3685          {
3686              $groupscache = $cache->read("usergroups");
3687          }
3688  
3689          $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']);
3690  
3691          $ip_range = fetch_ip_range($mybb->input['ipaddress']);
3692  
3693          $post_results = $user_results = 0;
3694  
3695          // Searching post IP addresses
3696          if(isset($mybb->input['search_posts']))
3697          {
3698              if($ip_range)
3699              {
3700                  if(!is_array($ip_range))
3701                  {
3702                      $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range);
3703                  }
3704                  else
3705                  {
3706                      $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3707                  }
3708              }
3709  
3710              $plugins->run_hooks("modcp_ipsearch_posts_start");
3711  
3712              if($post_ip_sql)
3713              {
3714                  $where_sql = '';
3715  
3716                  $unviewable_forums = get_unviewable_forums(true);
3717  
3718                  if($unviewable_forums)
3719                  {
3720                      $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})";
3721                  }
3722  
3723                  if($inactiveforums)
3724                  {
3725                      $where_sql .= " AND p.fid NOT IN ({$inactiveforums})";
3726                  }
3727  
3728                  // Check group permissions if we can't view threads not started by us
3729                  $onlyusfids = array();
3730                  $group_permissions = forum_permissions();
3731                  foreach($group_permissions as $fid => $forumpermissions)
3732                  {
3733                      if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1)
3734                      {
3735                          $onlyusfids[] = $fid;
3736                      }
3737                  }
3738  
3739                  if(!empty($onlyusfids))
3740                  {
3741                      $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
3742                  }
3743  
3744                  // Moderators can view unapproved/deleted posts
3745                  if($mybb->usergroup['issupermod'] != 1)
3746                  {
3747                      $unapprove_forums = array();
3748                      $deleted_forums = array();
3749                      $visible_sql = " AND (p.visible = 1 AND t.visible = 1)";
3750                      $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
3751                      while($moderator = $db->fetch_array($query))
3752                      {
3753                          if($moderator['canviewunapprove'] == 1)
3754                          {
3755                              $unapprove_forums[] = $moderator['fid'];
3756                          }
3757  
3758                          if($moderator['canviewdeleted'] == 1)
3759                          {
3760                              $deleted_forums[] = $moderator['fid'];
3761                          }
3762                      }
3763  
3764                      if(!empty($unapprove_forums))
3765                      {
3766                          $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
3767                      }
3768                      if(!empty($deleted_forums))
3769                      {
3770                          $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
3771                      }
3772                  }
3773                  else
3774                  {
3775                      // Super moderators (and admins)
3776                      $visible_sql = " AND p.visible >= -1";
3777                  }
3778  
3779                  $query = $db->query("
3780                      SELECT COUNT(p.pid) AS count
3781                      FROM ".TABLE_PREFIX."posts p
3782                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3783                      WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3784                  ");
3785                  $post_results = $db->fetch_field($query, "count");
3786              }
3787          }
3788  
3789          // Searching user IP addresses
3790          if(isset($mybb->input['search_users']))
3791          {
3792              if($ip_range)
3793              {
3794                  if(!is_array($ip_range))
3795                  {
3796                      $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range);
3797                  }
3798                  else
3799                  {
3800                      $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3801                  }
3802              }
3803  
3804              $plugins->run_hooks("modcp_ipsearch_users_start");
3805  
3806              if($user_ip_sql)
3807              {
3808                  $query = $db->simple_select('users', 'COUNT(uid) AS count', $user_ip_sql);
3809  
3810                  $user_results = $