[ Index ] |
PHP Cross Reference of MyBB 1.8.38 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'modcp.php'); 13 14 $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation"; 15 $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview"; 16 $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning"; 17 $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info"; 18 $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts"; 19 $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist"; 20 $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link"; 21 $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link"; 22 $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away"; 23 $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link"; 24 $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete"; 25 $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread"; 26 $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active"; 27 $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text"; 28 $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit"; 29 $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox"; 30 31 require_once "./global.php"; 32 require_once MYBB_ROOT."inc/functions_user.php"; 33 require_once MYBB_ROOT."inc/functions_upload.php"; 34 require_once MYBB_ROOT."inc/functions_modcp.php"; 35 require_once MYBB_ROOT."inc/class_parser.php"; 36 $parser = new postParser; 37 38 // Set up the array of ban times. 39 $bantimes = fetch_ban_times(); 40 41 // Load global language phrases 42 $lang->load("modcp"); 43 $lang->load("announcements"); 44 45 if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) 46 { 47 error_no_permission(); 48 } 49 50 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 51 { 52 $mybb->settings['threadsperpage'] = 20; 53 } 54 55 $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach = 56 $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = ''; 57 // SQL for fetching items only related to forums this user moderates 58 $moderated_forums = array(); 59 $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0; 60 if($mybb->usergroup['issupermod'] != 1) 61 { 62 $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')"); 63 while($forum = $db->fetch_array($query)) 64 { 65 $moderated_forums[] = $forum['fid']; 66 $children = get_child_list($forum['fid']); 67 if(is_array($children)) 68 { 69 $moderated_forums = array_merge($moderated_forums, $children); 70 } 71 } 72 $moderated_forums = array_unique($moderated_forums); 73 74 $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0; 75 foreach($moderated_forums as $moderated_forum) 76 { 77 // For Announcements 78 if(is_moderator($moderated_forum, 'canmanageannouncements')) 79 { 80 ++$numannouncements; 81 } 82 83 // For the Mod Queues 84 if(is_moderator($moderated_forum, 'canapproveunapprovethreads')) 85 { 86 $flist_queue_threads .= ",'{$moderated_forum}'"; 87 ++$nummodqueuethreads; 88 } 89 90 if(is_moderator($moderated_forum, 'canapproveunapproveposts')) 91 { 92 $flist_queue_posts .= ",'{$moderated_forum}'"; 93 ++$nummodqueueposts; 94 } 95 96 if(is_moderator($moderated_forum, 'canapproveunapproveattachs')) 97 { 98 $flist_queue_attach .= ",'{$moderated_forum}'"; 99 ++$nummodqueueattach; 100 } 101 102 // For Reported posts 103 if(is_moderator($moderated_forum, 'canmanagereportedposts')) 104 { 105 $flist_reports .= ",'{$moderated_forum}'"; 106 ++$numreportedposts; 107 } 108 109 // For the Mod Log 110 if(is_moderator($moderated_forum, 'canviewmodlog')) 111 { 112 $flist_modlog .= ",'{$moderated_forum}'"; 113 ++$nummodlogs; 114 } 115 116 $flist .= ",'{$moderated_forum}'"; 117 } 118 if($flist_queue_threads) 119 { 120 $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})"; 121 $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})"; 122 } 123 if($flist_queue_posts) 124 { 125 $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})"; 126 $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})"; 127 } 128 if($flist_queue_attach) 129 { 130 $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})"; 131 $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})"; 132 } 133 if($flist_reports) 134 { 135 $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})"; 136 $tflist_reports = " AND r.id3 IN (0{$flist_reports})"; 137 $flist_reports = " AND id3 IN (0{$flist_reports})"; 138 } 139 if($flist_modlog) 140 { 141 $tflist_modlog = " AND t.fid IN (0{$flist_modlog})"; 142 $flist_modlog = " AND fid IN (0{$flist_modlog})"; 143 } 144 if($flist) 145 { 146 $tflist = " AND t.fid IN (0{$flist})"; 147 $flist = " AND fid IN (0{$flist})"; 148 } 149 } 150 151 // Retrieve a list of unviewable forums 152 $unviewableforums = get_unviewable_forums(); 153 $inactiveforums = get_inactive_forums(); 154 $unviewablefids1 = $unviewablefids2 = array(); 155 156 if($unviewableforums) 157 { 158 $flist .= " AND fid NOT IN ({$unviewableforums})"; 159 $tflist .= " AND t.fid NOT IN ({$unviewableforums})"; 160 161 $unviewablefids1 = explode(',', $unviewableforums); 162 } 163 164 if($inactiveforums) 165 { 166 $flist .= " AND fid NOT IN ({$inactiveforums})"; 167 $tflist .= " AND t.fid NOT IN ({$inactiveforums})"; 168 169 $unviewablefids2 = explode(',', $inactiveforums); 170 } 171 172 $unviewableforums = array_merge($unviewablefids1, $unviewablefids2); 173 174 if(!isset($collapsedimg['modcpforums'])) 175 { 176 $collapsedimg['modcpforums'] = ''; 177 } 178 179 if(!isset($collapsed['modcpforums_e'])) 180 { 181 $collapsed['modcpforums_e'] = ''; 182 } 183 184 if(!isset($collapsedimg['modcpusers'])) 185 { 186 $collapsedimg['modcpusers'] = ''; 187 } 188 189 if(!isset($collapsed['modcpusers_e'])) 190 { 191 $collapsed['modcpusers_e'] = ''; 192 } 193 194 // Fetch the Mod CP menu 195 $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = ''; 196 if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1) 197 { 198 eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";"); 199 } 200 201 if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1) 202 { 203 eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";"); 204 } 205 206 if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1) 207 { 208 eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";"); 209 } 210 211 if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1) 212 { 213 eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";"); 214 } 215 216 if($mybb->usergroup['caneditprofiles'] == 1) 217 { 218 eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";"); 219 } 220 221 if($mybb->usergroup['canbanusers'] == 1) 222 { 223 eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";"); 224 } 225 226 if($mybb->usergroup['canviewwarnlogs'] == 1) 227 { 228 eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";"); 229 } 230 231 if($mybb->usergroup['canuseipsearch'] == 1) 232 { 233 eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";"); 234 } 235 236 $plugins->run_hooks("modcp_nav"); 237 238 if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs)) 239 { 240 $expaltext = (in_array("modcpforums", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 241 eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";"); 242 } 243 244 if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch)) 245 { 246 $expaltext = (in_array("modcpusers", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 247 eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";"); 248 } 249 250 eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";"); 251 252 $plugins->run_hooks("modcp_start"); 253 254 // Make navigation 255 add_breadcrumb($lang->nav_modcp, "modcp.php"); 256 257 $mybb->input['action'] = $mybb->get_input('action'); 258 if($mybb->input['action'] == "do_reports") 259 { 260 // Verify incoming POST request 261 verify_post_check($mybb->get_input('my_post_key')); 262 263 $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY); 264 if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports'])) 265 { 266 error($lang->error_noselected_reports); 267 } 268 269 $message = $lang->redirect_reportsmarked; 270 271 if(isset($mybb->cookies['inlinereports'])) 272 { 273 if($mybb->cookies['inlinereports'] == '|ALL|') { 274 $message = $lang->redirect_allreportsmarked; 275 $sql = "1=1"; 276 if(isset($mybb->cookies['inlinereports_removed'])) 277 { 278 $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']); 279 $reports = array_map("intval", $inlinereportremovedlist); 280 $rids = implode("','", $reports); 281 $sql = "rid NOT IN ('0','{$rids}')"; 282 } 283 } 284 else 285 { 286 $inlinereportlist = explode("|", $mybb->cookies['inlinereports']); 287 $reports = array_map("intval", $inlinereportlist); 288 289 if(!count($reports)) 290 { 291 error($lang->error_noselected_reports); 292 } 293 294 $rids = implode("','", $reports); 295 296 $sql = "rid IN ('0','{$rids}')"; 297 } 298 } 299 else 300 { 301 $mybb->input['reports'] = array_map("intval", $mybb->input['reports']); 302 $rids = implode("','", $mybb->input['reports']); 303 304 $sql = "rid IN ('0','{$rids}')"; 305 } 306 307 $plugins->run_hooks("modcp_do_reports"); 308 309 $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}"); 310 $cache->update_reportedcontent(); 311 312 my_unsetcookie('inlinereports'); 313 my_unsetcookie('inlinereports_removed'); 314 315 $page = $mybb->get_input('page', MyBB::INPUT_INT); 316 317 redirect("modcp.php?action=reports&page={$page}", $message); 318 } 319 320 if($mybb->input['action'] == "reports") 321 { 322 if($mybb->usergroup['canmanagereportedcontent'] == 0) 323 { 324 error_no_permission(); 325 } 326 327 if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1) 328 { 329 error($lang->you_cannot_view_reported_posts); 330 } 331 332 $lang->load('report'); 333 add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports"); 334 335 $perpage = $mybb->settings['threadsperpage']; 336 if(!$perpage) 337 { 338 $perpage = 20; 339 } 340 341 // Multipage 342 if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod']) 343 { 344 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'"); 345 $report_count = $db->fetch_field($query, "count"); 346 } 347 else 348 { 349 $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')"); 350 351 $report_count = 0; 352 while($fid = $db->fetch_field($query, 'id3')) 353 { 354 if(is_moderator($fid, "canmanagereportedposts")) 355 { 356 ++$report_count; 357 } 358 } 359 unset($fid); 360 } 361 362 $page = $mybb->get_input('page', MyBB::INPUT_INT); 363 364 $postcount = (int)$report_count; 365 $pages = $postcount / $perpage; 366 $pages = ceil($pages); 367 368 if($page > $pages || $page <= 0) 369 { 370 $page = 1; 371 } 372 373 if($page && $page > 0) 374 { 375 $start = ($page-1) * $perpage; 376 } 377 else 378 { 379 $start = 0; 380 $page = 1; 381 } 382 383 $multipage = $reportspages = ''; 384 if($postcount > $perpage) 385 { 386 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports"); 387 eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 388 } 389 390 $plugins->run_hooks("modcp_reports_start"); 391 392 // Reports 393 $reports = $selectall = ''; 394 $inlinecount = 0; 395 396 $query = $db->query(" 397 SELECT r.*, u.username, rr.title 398 FROM ".TABLE_PREFIX."reportedcontent r 399 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid) 400 LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid) 401 WHERE r.reportstatus = '0'{$tflist_reports} 402 ORDER BY r.reports DESC 403 LIMIT {$start}, {$perpage} 404 "); 405 406 if(!$db->num_rows($query)) 407 { 408 // No unread reports 409 eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";"); 410 } 411 else 412 { 413 $reportedcontent = $cache->read("reportedcontent"); 414 $reportcache = $usercache = $postcache = array(); 415 416 while($report = $db->fetch_array($query)) 417 { 418 if($report['type'] == 'profile' || $report['type'] == 'reputation') 419 { 420 // Profile UID is in ID 421 if(!isset($usercache[$report['id']])) 422 { 423 $usercache[$report['id']] = $report['id']; 424 } 425 426 // Reputation comment? The offender is the ID2 427 if($report['type'] == 'reputation') 428 { 429 if(!isset($usercache[$report['id2']])) 430 { 431 $usercache[$report['id2']] = $report['id2']; 432 } 433 if(!isset($usercache[$report['id3']])) 434 { 435 // The user who was offended 436 $usercache[$report['id3']] = $report['id3']; 437 } 438 } 439 } 440 else if(!$report['type'] || $report['type'] == 'post') 441 { 442 // This (should) be a post 443 $postcache[$report['id']] = $report['id']; 444 } 445 446 // Lastpost info - is it missing (pre-1.8)? 447 $lastposter = $report['uid']; 448 if(!$report['lastreport']) 449 { 450 // Last reporter is our first reporter 451 $report['lastreport'] = $report['dateline']; 452 } 453 454 if($report['reporters']) 455 { 456 $reporters = my_unserialize($report['reporters']); 457 458 if(is_array($reporters)) 459 { 460 $lastposter = end($reporters); 461 } 462 } 463 464 if(!isset($usercache[$lastposter])) 465 { 466 $usercache[$lastposter] = $lastposter; 467 } 468 469 $report['lastreporter'] = $lastposter; 470 $reportcache[] = $report; 471 } 472 473 // Report Center gets messy 474 // Find information about our users (because we don't log it when they file a report) 475 if(!empty($usercache)) 476 { 477 $sql = implode(',', array_keys($usercache)); 478 $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})"); 479 480 while($user = $db->fetch_array($query)) 481 { 482 $usercache[$user['uid']] = $user; 483 } 484 } 485 486 // Messy * 2 487 // Find out post information for our reported posts 488 if(!empty($postcache)) 489 { 490 $sql = implode(',', array_keys($postcache)); 491 $query = $db->query(" 492 SELECT p.pid, p.uid, p.username, p.tid, t.subject 493 FROM ".TABLE_PREFIX."posts p 494 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid) 495 WHERE p.pid IN ({$sql}) 496 "); 497 498 while($post = $db->fetch_array($query)) 499 { 500 $postcache[$post['pid']] = $post; 501 } 502 } 503 504 $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache)); 505 $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count); 506 $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count); 507 eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";"); 508 509 $plugins->run_hooks('modcp_reports_intermediate'); 510 511 // Now that we have all of the information needed, display the reports 512 foreach($reportcache as $report) 513 { 514 $trow = alt_trow(); 515 516 if(!$report['type']) 517 { 518 // Assume a post 519 $report['type'] = 'post'; 520 } 521 522 // Report Information 523 $report_data = array(); 524 525 switch($report['type']) 526 { 527 case 'post': 528 $post = get_post_link($report['id'])."#pid{$report['id']}"; 529 $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']); 530 $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user); 531 532 $thread_link = get_thread_link($postcache[$report['id']]['tid']); 533 $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject'])); 534 $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject); 535 536 break; 537 case 'profile': 538 $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']); 539 $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user); 540 break; 541 case 'reputation': 542 $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}"; 543 $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']); 544 $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user); 545 546 $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']); 547 $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user); 548 break; 549 } 550 551 // Report reason and comment 552 if($report['reasonid'] > 0) 553 { 554 $reason = htmlspecialchars_uni($lang->parse($report['title'])); 555 556 if(empty($report['reason'])) 557 { 558 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";"); 559 } 560 else 561 { 562 $comment = htmlspecialchars_uni($report['reason']); 563 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";"); 564 } 565 } 566 else 567 { 568 $report_data['comment'] = $lang->na; 569 } 570 571 $report_reports = 1; 572 if($report['reports']) 573 { 574 $report_data['reports'] = my_number_format($report['reports']); 575 } 576 577 if($report['lastreporter']) 578 { 579 if(is_array($usercache[$report['lastreporter']])) 580 { 581 $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']); 582 } 583 elseif($usercache[$report['lastreporter']] > 0) 584 { 585 $lastreport_user = htmlspecialchars_uni($lang->na_deleted); 586 } 587 588 $lastreport_date = my_date('relative', $report['lastreport']); 589 $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user); 590 } 591 592 $inlinecheck = ''; 593 if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false) 594 { 595 $inlinecheck = " checked=\"checked\""; 596 ++$inlinecount; 597 } 598 599 $plugins->run_hooks("modcp_reports_report"); 600 eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";"); 601 } 602 } 603 604 $plugins->run_hooks("modcp_reports_end"); 605 606 eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";"); 607 output_page($reportedcontent); 608 } 609 610 if($mybb->input['action'] == "allreports") 611 { 612 if($mybb->usergroup['canmanagereportedcontent'] == 0) 613 { 614 error_no_permission(); 615 } 616 617 $lang->load('report'); 618 619 add_breadcrumb($lang->report_center, "modcp.php?action=reports"); 620 add_breadcrumb($lang->all_reports, "modcp.php?action=allreports"); 621 622 if(!$mybb->settings['threadsperpage']) 623 { 624 $mybb->settings['threadsperpage'] = 20; 625 } 626 627 // Figure out if we need to display multiple pages. 628 $perpage = $mybb->settings['threadsperpage']; 629 if($mybb->get_input('page') != "last") 630 { 631 $page = $mybb->get_input('page', MyBB::INPUT_INT); 632 } 633 634 if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod']) 635 { 636 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count"); 637 $report_count = $db->fetch_field($query, "count"); 638 } 639 else 640 { 641 $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''"); 642 643 $report_count = 0; 644 while($fid = $db->fetch_field($query, 'id3')) 645 { 646 if(is_moderator($fid, "canmanagereportedposts")) 647 { 648 ++$report_count; 649 } 650 } 651 unset($fid); 652 } 653 654 if(isset($mybb->input['rid'])) 655 { 656 $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT); 657 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'"); 658 $result = $db->fetch_field($query, "count"); 659 if(($result % $perpage) == 0) 660 { 661 $page = $result / $perpage; 662 } 663 else 664 { 665 $page = (int)$result / $perpage + 1; 666 } 667 } 668 $postcount = (int)$report_count; 669 $pages = $postcount / $perpage; 670 $pages = ceil($pages); 671 672 if($mybb->get_input('page') == "last") 673 { 674 $page = $pages; 675 } 676 677 if($page > $pages || $page <= 0) 678 { 679 $page = 1; 680 } 681 682 if($page) 683 { 684 $start = ($page-1) * $perpage; 685 } 686 else 687 { 688 $start = 0; 689 $page = 1; 690 } 691 $upper = $start+$perpage; 692 693 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports"); 694 $allreportspages = ''; 695 if($postcount > $perpage) 696 { 697 eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 698 } 699 700 $plugins->run_hooks("modcp_allreports_start"); 701 702 $query = $db->query(" 703 SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title 704 FROM ".TABLE_PREFIX."reportedcontent r 705 LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid) 706 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid) 707 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid) 708 LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid) 709 LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id) 710 LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2) 711 LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid) 712 {$wflist_reports} 713 ORDER BY r.dateline DESC 714 LIMIT {$start}, {$perpage} 715 "); 716 717 $allreports = ''; 718 if(!$db->num_rows($query)) 719 { 720 eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";"); 721 } 722 else 723 { 724 while($report = $db->fetch_array($query)) 725 { 726 $trow = alt_trow(); 727 728 if($report['type'] == 'post') 729 { 730 $post = get_post_link($report['id'])."#pid{$report['id']}"; 731 $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']); 732 $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user); 733 734 $thread_link = get_thread_link($report['id2']); 735 $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject'])); 736 $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject); 737 } 738 else if($report['type'] == 'profile') 739 { 740 $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']); 741 $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user); 742 } 743 else if($report['type'] == 'reputation') 744 { 745 $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']); 746 $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}"; 747 $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user); 748 } 749 750 // Report reason and comment 751 if($report['reasonid'] > 0) 752 { 753 $reason = htmlspecialchars_uni($lang->parse($report['title'])); 754 755 if(empty($report['reason'])) 756 { 757 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";"); 758 } 759 else 760 { 761 $comment = htmlspecialchars_uni($report['reason']); 762 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";"); 763 } 764 } 765 else 766 { 767 $report_data['comment'] = $lang->na; 768 } 769 770 $report['reporterlink'] = get_profile_link($report['uid']); 771 if(!$report['username']) 772 { 773 $report['username'] = $lang->na_deleted; 774 $report['reporterlink'] = $post; 775 } 776 $report['username'] = htmlspecialchars_uni($report['username']); 777 778 $report_data['reports'] = my_number_format($report['reports']); 779 $report_data['time'] = my_date('relative', $report['dateline']); 780 781 $plugins->run_hooks("modcp_allreports_report"); 782 eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";"); 783 } 784 } 785 786 $plugins->run_hooks("modcp_allreports_end"); 787 788 eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";"); 789 output_page($allreportedcontent); 790 } 791 792 if($mybb->input['action'] == "modlogs") 793 { 794 if($mybb->usergroup['canviewmodlogs'] == 0) 795 { 796 error_no_permission(); 797 } 798 799 if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1) 800 { 801 error($lang->you_cannot_view_mod_logs); 802 } 803 804 add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs"); 805 806 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 807 if(!$perpage || $perpage <= 0) 808 { 809 $perpage = $mybb->settings['threadsperpage']; 810 } 811 812 $where = ''; 813 814 // Searching for entries by a particular user 815 if($mybb->get_input('uid', MyBB::INPUT_INT)) 816 { 817 $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"; 818 } 819 820 // Searching for entries in a specific forum 821 if($mybb->get_input('fid', MyBB::INPUT_INT)) 822 { 823 $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'"; 824 } 825 826 $mybb->input['sortby'] = $mybb->get_input('sortby'); 827 828 // Order? 829 switch($mybb->input['sortby']) 830 { 831 case "username": 832 $sortby = "u.username"; 833 break; 834 case "forum": 835 $sortby = "f.name"; 836 break; 837 case "thread": 838 $sortby = "t.subject"; 839 break; 840 default: 841 $sortby = "l.dateline"; 842 } 843 $order = $mybb->get_input('order'); 844 if($order != "asc") 845 { 846 $order = "desc"; 847 } 848 849 $plugins->run_hooks("modcp_modlogs_start"); 850 851 $query = $db->query(" 852 SELECT COUNT(l.dateline) AS count 853 FROM ".TABLE_PREFIX."moderatorlog l 854 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 855 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 856 WHERE 1=1 {$where}{$tflist_modlog} 857 "); 858 $rescount = $db->fetch_field($query, "count"); 859 860 // Figure out if we need to display multiple pages. 861 if($mybb->get_input('page') != "last") 862 { 863 $page = $mybb->get_input('page', MyBB::INPUT_INT); 864 } 865 866 $postcount = (int)$rescount; 867 $pages = $postcount / $perpage; 868 $pages = ceil($pages); 869 870 if($mybb->get_input('page') == "last") 871 { 872 $page = $pages; 873 } 874 875 if($page > $pages || $page <= 0) 876 { 877 $page = 1; 878 } 879 880 if($page) 881 { 882 $start = ($page-1) * $perpage; 883 } 884 else 885 { 886 $start = 0; 887 $page = 1; 888 } 889 890 $page_url = 'modcp.php?action=modlogs&perpage='.$perpage; 891 foreach(array('uid', 'fid') as $field) 892 { 893 $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT); 894 if(!empty($mybb->input[$field])) 895 { 896 $page_url .= "&{$field}=".$mybb->input[$field]; 897 } 898 } 899 foreach(array('sortby', 'order') as $field) 900 { 901 $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 902 if(!empty($mybb->input[$field])) 903 { 904 $page_url .= "&{$field}=".$mybb->input[$field]; 905 } 906 } 907 908 $multipage = multipage($postcount, $perpage, $page, $page_url); 909 $resultspages = ''; 910 if($postcount > $perpage) 911 { 912 eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";"); 913 } 914 $query = $db->query(" 915 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 916 FROM ".TABLE_PREFIX."moderatorlog l 917 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 918 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 919 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 920 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 921 WHERE 1=1 {$where}{$tflist_modlog} 922 ORDER BY {$sortby} {$order} 923 LIMIT {$start}, {$perpage} 924 "); 925 $results = ''; 926 while($logitem = $db->fetch_array($query)) 927 { 928 $information = ''; 929 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 930 $log_date = my_date('relative', $logitem['dateline']); 931 $trow = alt_trow(); 932 if($logitem['username']) 933 { 934 $logitem['username'] = htmlspecialchars_uni($logitem['username']); 935 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 936 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 937 } 938 else 939 { 940 $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted); 941 } 942 $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress'])); 943 944 if($logitem['tsubject']) 945 { 946 $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject'])); 947 $logitem['thread'] = get_thread_link($logitem['tid']); 948 eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";"); 949 } 950 if($logitem['fname']) 951 { 952 $logitem['forum'] = get_forum_link($logitem['fid']); 953 eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";"); 954 } 955 if($logitem['psubject']) 956 { 957 $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject'])); 958 $logitem['post'] = get_post_link($logitem['pid']); 959 eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";"); 960 } 961 962 // Edited a user or managed announcement? 963 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 964 { 965 $data = my_unserialize($logitem['data']); 966 if(!empty($data['uid'])) 967 { 968 $data['username'] = htmlspecialchars_uni($data['username']); 969 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 970 } 971 if(!empty($data['aid'])) 972 { 973 $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject'])); 974 $data['announcement'] = get_announcement_link($data['aid']); 975 eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";"); 976 } 977 } 978 979 $plugins->run_hooks("modcp_modlogs_result"); 980 981 eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";"); 982 } 983 984 if(!$results) 985 { 986 eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";"); 987 } 988 989 $plugins->run_hooks("modcp_modlogs_filter"); 990 991 // Fetch filter options 992 $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => ''); 993 $sortbysel[$mybb->input['sortby']] = "selected=\"selected\""; 994 $ordersel = array('asc' => '', 'desc' => ''); 995 $ordersel[$order] = "selected=\"selected\""; 996 $user_options = ''; 997 $query = $db->query(" 998 SELECT DISTINCT l.uid, u.username 999 FROM ".TABLE_PREFIX."moderatorlog l 1000 LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid) 1001 ORDER BY u.username ASC 1002 "); 1003 while($user = $db->fetch_array($query)) 1004 { 1005 // Deleted Users 1006 if(!$user['username']) 1007 { 1008 $user['username'] = $lang->na_deleted; 1009 } 1010 1011 $selected = ''; 1012 if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid']) 1013 { 1014 $selected = " selected=\"selected\""; 1015 } 1016 1017 $user['username'] = htmlspecialchars_uni($user['username']); 1018 eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";"); 1019 } 1020 1021 $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid"); 1022 1023 eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";"); 1024 output_page($modlogs); 1025 } 1026 1027 if($mybb->input['action'] == "do_delete_announcement") 1028 { 1029 verify_post_check($mybb->get_input('my_post_key')); 1030 1031 if($mybb->usergroup['canmanageannounce'] == 0) 1032 { 1033 error_no_permission(); 1034 } 1035 1036 $aid = $mybb->get_input('aid'); 1037 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 1038 $announcement = $db->fetch_array($query); 1039 1040 if(!$announcement) 1041 { 1042 error($lang->error_invalid_announcement); 1043 } 1044 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1045 { 1046 error_no_permission(); 1047 } 1048 1049 $plugins->run_hooks("modcp_do_delete_announcement"); 1050 1051 $db->delete_query("announcements", "aid='{$aid}'"); 1052 log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted); 1053 $cache->update_forumsdisplay(); 1054 1055 redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement); 1056 } 1057 1058 if($mybb->input['action'] == "delete_announcement") 1059 { 1060 if($mybb->usergroup['canmanageannounce'] == 0) 1061 { 1062 error_no_permission(); 1063 } 1064 1065 $aid = $mybb->get_input('aid'); 1066 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 1067 1068 $announcement = $db->fetch_array($query); 1069 $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); 1070 1071 if(!$announcement) 1072 { 1073 error($lang->error_invalid_announcement); 1074 } 1075 1076 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1077 { 1078 error_no_permission(); 1079 } 1080 1081 $plugins->run_hooks("modcp_delete_announcement"); 1082 1083 eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";"); 1084 output_page($announcements); 1085 } 1086 1087 if($mybb->input['action'] == "do_new_announcement") 1088 { 1089 verify_post_check($mybb->get_input('my_post_key')); 1090 1091 if($mybb->usergroup['canmanageannounce'] == 0) 1092 { 1093 error_no_permission(); 1094 } 1095 1096 $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT); 1097 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums))) 1098 { 1099 error_no_permission(); 1100 } 1101 1102 $errors = array(); 1103 1104 $mybb->input['title'] = $mybb->get_input('title'); 1105 if(!trim($mybb->input['title'])) 1106 { 1107 $errors[] = $lang->error_missing_title; 1108 } 1109 1110 $mybb->input['message'] = $mybb->get_input('message'); 1111 if(!trim($mybb->input['message'])) 1112 { 1113 $errors[] = $lang->error_missing_message; 1114 } 1115 1116 if(!$announcement_fid) 1117 { 1118 $errors[] = $lang->error_missing_forum; 1119 } 1120 1121 $mybb->input['starttime_time'] = $mybb->get_input('starttime_time'); 1122 $mybb->input['endtime_time'] = $mybb->get_input('endtime_time'); 1123 $startdate = @explode(" ", $mybb->input['starttime_time']); 1124 $startdate = @explode(":", $startdate[0]); 1125 $enddate = @explode(" ", $mybb->input['endtime_time']); 1126 $enddate = @explode(":", $enddate[0]); 1127 1128 if(stristr($mybb->input['starttime_time'], "pm")) 1129 { 1130 $startdate[0] = 12+$startdate[0]; 1131 if($startdate[0] >= 24) 1132 { 1133 $startdate[0] = "00"; 1134 } 1135 } 1136 1137 if(stristr($mybb->input['endtime_time'], "pm")) 1138 { 1139 $enddate[0] = 12+$enddate[0]; 1140 if($enddate[0] >= 24) 1141 { 1142 $enddate[0] = "00"; 1143 } 1144 } 1145 1146 $mybb->input['starttime_month'] = $mybb->get_input('starttime_month'); 1147 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1148 if(!in_array($mybb->input['starttime_month'], $months)) 1149 { 1150 $mybb->input['starttime_month'] = '01'; 1151 } 1152 1153 $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1154 1155 $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1156 if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false) 1157 { 1158 $errors[] = $lang->error_invalid_start_date; 1159 } 1160 1161 if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) 1162 { 1163 $enddate = '0'; 1164 $mybb->input['endtime_month'] = '01'; 1165 } 1166 else 1167 { 1168 $mybb->input['endtime_month'] = $mybb->get_input('endtime_month'); 1169 if(!in_array($mybb->input['endtime_month'], $months)) 1170 { 1171 $mybb->input['endtime_month'] = '01'; 1172 } 1173 $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1174 if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false) 1175 { 1176 $errors[] = $lang->error_invalid_end_date; 1177 } 1178 1179 if($enddate <= $startdate) 1180 { 1181 $errors[] = $lang->error_end_before_start; 1182 } 1183 } 1184 1185 if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1) 1186 { 1187 $allowhtml = 1; 1188 } 1189 else 1190 { 1191 $allowhtml = 0; 1192 } 1193 if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1) 1194 { 1195 $allowmycode = 1; 1196 } 1197 else 1198 { 1199 $allowmycode = 0; 1200 } 1201 if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1) 1202 { 1203 $allowsmilies = 1; 1204 } 1205 else 1206 { 1207 $allowsmilies = 0; 1208 } 1209 1210 $plugins->run_hooks("modcp_do_new_announcement_start"); 1211 1212 if(!$errors) 1213 { 1214 if(isset($mybb->input['preview'])) 1215 { 1216 $preview = array(); 1217 $mybb->input['action'] = 'new_announcement'; 1218 } 1219 else 1220 { 1221 $insert_announcement = array( 1222 'fid' => $announcement_fid, 1223 'uid' => $mybb->user['uid'], 1224 'subject' => $db->escape_string($mybb->input['title']), 1225 'message' => $db->escape_string($mybb->input['message']), 1226 'startdate' => $startdate, 1227 'enddate' => $enddate, 1228 'allowhtml' => $allowhtml, 1229 'allowmycode' => $allowmycode, 1230 'allowsmilies' => $allowsmilies 1231 ); 1232 $aid = $db->insert_query("announcements", $insert_announcement); 1233 1234 log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added); 1235 1236 $plugins->run_hooks("modcp_do_new_announcement_end"); 1237 1238 $cache->update_forumsdisplay(); 1239 redirect("modcp.php?action=announcements", $lang->redirect_add_announcement); 1240 } 1241 } 1242 else 1243 { 1244 $mybb->input['action'] = 'new_announcement'; 1245 } 1246 } 1247 1248 if($mybb->input['action'] == "new_announcement") 1249 { 1250 if($mybb->usergroup['canmanageannounce'] == 0) 1251 { 1252 error_no_permission(); 1253 } 1254 1255 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1256 add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements"); 1257 1258 $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT); 1259 1260 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums))) 1261 { 1262 error_no_permission(); 1263 } 1264 1265 // Deal with inline errors 1266 if(!empty($errors) || isset($preview)) 1267 { 1268 if(!empty($errors)) 1269 { 1270 $errors = inline_error($errors); 1271 } 1272 else 1273 { 1274 $errors = ''; 1275 } 1276 1277 // Set $announcement to input stuff 1278 $announcement['subject'] = $mybb->input['title']; 1279 $announcement['message'] = $mybb->input['message']; 1280 $announcement['allowhtml'] = $allowhtml; 1281 $announcement['allowmycode'] = $allowmycode; 1282 $announcement['allowsmilies'] = $allowsmilies; 1283 1284 $startmonth = $mybb->input['starttime_month']; 1285 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1286 $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT); 1287 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1288 $endmonth = $mybb->input['endtime_month']; 1289 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1290 $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT); 1291 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1292 } 1293 else 1294 { 1295 $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1296 1297 $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time); 1298 $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time); 1299 $startday = $endday = gmdate("j", $localized_time); 1300 $startmonth = $endmonth = gmdate("m", $localized_time); 1301 $startdateyear = gmdate("Y", $localized_time); 1302 1303 $announcement = array( 1304 'subject' => '', 1305 'message' => '', 1306 'allowhtml' => 0, 1307 'allowmycode' => 1, 1308 'allowsmilies' => 1 1309 ); 1310 1311 $enddateyear = $startdateyear+1; 1312 } 1313 1314 // Generate form elements 1315 $startdateday = $enddateday = ''; 1316 for($day = 1; $day <= 31; ++$day) 1317 { 1318 if($startday == $day) 1319 { 1320 $selected = " selected=\"selected\""; 1321 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1322 } 1323 else 1324 { 1325 $selected = ''; 1326 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1327 } 1328 1329 if($endday == $day) 1330 { 1331 $selected = " selected=\"selected\""; 1332 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1333 } 1334 else 1335 { 1336 $selected = ''; 1337 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1338 } 1339 } 1340 1341 $startmonthsel = $endmonthsel = array(); 1342 foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month) 1343 { 1344 $startmonthsel[$month] = ''; 1345 $endmonthsel[$month] = ''; 1346 } 1347 $startmonthsel[$startmonth] = "selected=\"selected\""; 1348 $endmonthsel[$endmonth] = "selected=\"selected\""; 1349 1350 $startdatemonth = $enddatemonth = ''; 1351 1352 eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";"); 1353 eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";"); 1354 1355 $title = htmlspecialchars_uni($announcement['subject']); 1356 $message = htmlspecialchars_uni($announcement['message']); 1357 1358 $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => ''); 1359 1360 if($mybb->settings['announcementshtml']) 1361 { 1362 if($announcement['allowhtml']) 1363 { 1364 $html_sel['yes'] = ' checked="checked"'; 1365 } 1366 else 1367 { 1368 $html_sel['no'] = ' checked="checked"'; 1369 } 1370 1371 eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";"); 1372 } 1373 else 1374 { 1375 $allow_html = ''; 1376 } 1377 1378 if($announcement['allowmycode']) 1379 { 1380 $mycode_sel['yes'] = ' checked="checked"'; 1381 } 1382 else 1383 { 1384 $mycode_sel['no'] = ' checked="checked"'; 1385 } 1386 1387 if($announcement['allowsmilies']) 1388 { 1389 $smilies_sel['yes'] = ' checked="checked"'; 1390 } 1391 else 1392 { 1393 $smilies_sel['no'] = ' checked="checked"'; 1394 } 1395 1396 $end_type_sel = array('infinite' => '', 'finite' => ''); 1397 if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2) 1398 { 1399 $end_type_sel['infinite'] = ' checked="checked"'; 1400 } 1401 else 1402 { 1403 $end_type_sel['finite'] = ' checked="checked"'; 1404 } 1405 1406 // MyCode editor 1407 $codebuttons = build_mycode_inserter(); 1408 $smilieinserter = build_clickable_smilies(); 1409 1410 if(isset($preview)) 1411 { 1412 $announcementarray = array( 1413 'aid' => 0, 1414 'fid' => $announcement_fid, 1415 'uid' => $mybb->user['uid'], 1416 'subject' => $mybb->input['title'], 1417 'message' => $mybb->input['message'], 1418 'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT), 1419 'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT), 1420 'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT), 1421 'dateline' => TIME_NOW, 1422 'userusername' => $mybb->user['username'], 1423 ); 1424 1425 $array = $mybb->user; 1426 foreach($array as $key => $element) 1427 { 1428 $announcementarray[$key] = $element; 1429 } 1430 1431 // Gather usergroup data from the cache 1432 // Field => Array Key 1433 $data_key = array( 1434 'title' => 'grouptitle', 1435 'usertitle' => 'groupusertitle', 1436 'stars' => 'groupstars', 1437 'starimage' => 'groupstarimage', 1438 'image' => 'groupimage', 1439 'namestyle' => 'namestyle', 1440 'usereputationsystem' => 'usereputationsystem' 1441 ); 1442 1443 foreach($data_key as $field => $key) 1444 { 1445 $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; 1446 } 1447 1448 require_once MYBB_ROOT."inc/functions_post.php"; 1449 $postbit = build_postbit($announcementarray, 3); 1450 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1451 } 1452 else 1453 { 1454 $preview = ''; 1455 } 1456 1457 $plugins->run_hooks("modcp_new_announcement"); 1458 1459 eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";"); 1460 output_page($announcements); 1461 } 1462 1463 if($mybb->input['action'] == "do_edit_announcement") 1464 { 1465 verify_post_check($mybb->get_input('my_post_key')); 1466 1467 if($mybb->usergroup['canmanageannounce'] == 0) 1468 { 1469 error_no_permission(); 1470 } 1471 1472 // Get the announcement 1473 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 1474 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 1475 $announcement = $db->fetch_array($query); 1476 1477 // Check that it exists 1478 if(!$announcement) 1479 { 1480 error($lang->error_invalid_announcement); 1481 } 1482 1483 // Mod has permissions to edit this announcement 1484 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1485 { 1486 error_no_permission(); 1487 } 1488 1489 $errors = array(); 1490 1491 // Basic error checking 1492 $mybb->input['title'] = $mybb->get_input('title'); 1493 if(!trim($mybb->input['title'])) 1494 { 1495 $errors[] = $lang->error_missing_title; 1496 } 1497 1498 $mybb->input['message'] = $mybb->get_input('message'); 1499 if(!trim($mybb->input['message'])) 1500 { 1501 $errors[] = $lang->error_missing_message; 1502 } 1503 1504 $mybb->input['starttime_time'] = $mybb->get_input('starttime_time'); 1505 $mybb->input['endtime_time'] = $mybb->get_input('endtime_time'); 1506 $startdate = @explode(" ", $mybb->input['starttime_time']); 1507 $startdate = @explode(":", $startdate[0]); 1508 $enddate = @explode(" ", $mybb->input['endtime_time']); 1509 $enddate = @explode(":", $enddate[0]); 1510 1511 if(stristr($mybb->input['starttime_time'], "pm")) 1512 { 1513 $startdate[0] = 12+$startdate[0]; 1514 if($startdate[0] >= 24) 1515 { 1516 $startdate[0] = "00"; 1517 } 1518 } 1519 1520 if(stristr($mybb->input['endtime_time'], "pm")) 1521 { 1522 $enddate[0] = 12+$enddate[0]; 1523 if($enddate[0] >= 24) 1524 { 1525 $enddate[0] = "00"; 1526 } 1527 } 1528 1529 $mybb->input['starttime_month'] = $mybb->get_input('starttime_month'); 1530 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1531 if(!in_array($mybb->input['starttime_month'], $months)) 1532 { 1533 $mybb->input['starttime_month'] = '01'; 1534 } 1535 1536 $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1537 1538 $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1539 if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false) 1540 { 1541 $errors[] = $lang->error_invalid_start_date; 1542 } 1543 1544 if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2") 1545 { 1546 $enddate = '0'; 1547 $mybb->input['endtime_month'] = '01'; 1548 } 1549 else 1550 { 1551 $mybb->input['endtime_month'] = $mybb->get_input('endtime_month'); 1552 if(!in_array($mybb->input['endtime_month'], $months)) 1553 { 1554 $mybb->input['endtime_month'] = '01'; 1555 } 1556 $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1557 if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false) 1558 { 1559 $errors[] = $lang->error_invalid_end_date; 1560 } 1561 elseif($enddate <= $startdate) 1562 { 1563 $errors[] = $lang->error_end_before_start; 1564 } 1565 } 1566 1567 if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1) 1568 { 1569 $allowhtml = 1; 1570 } 1571 else 1572 { 1573 $allowhtml = 0; 1574 } 1575 if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1) 1576 { 1577 $allowmycode = 1; 1578 } 1579 else 1580 { 1581 $allowmycode = 0; 1582 } 1583 if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1) 1584 { 1585 $allowsmilies = 1; 1586 } 1587 else 1588 { 1589 $allowsmilies = 0; 1590 } 1591 1592 $plugins->run_hooks("modcp_do_edit_announcement_start"); 1593 1594 // Proceed to update if no errors 1595 if(!$errors) 1596 { 1597 if(isset($mybb->input['preview'])) 1598 { 1599 $preview = array(); 1600 $mybb->input['action'] = 'edit_announcement'; 1601 } 1602 else 1603 { 1604 $update_announcement = array( 1605 'uid' => $mybb->user['uid'], 1606 'subject' => $db->escape_string($mybb->input['title']), 1607 'message' => $db->escape_string($mybb->input['message']), 1608 'startdate' => $startdate, 1609 'enddate' => $enddate, 1610 'allowhtml' => $allowhtml, 1611 'allowmycode' => $allowmycode, 1612 'allowsmilies' => $allowsmilies 1613 ); 1614 $db->update_query("announcements", $update_announcement, "aid='{$aid}'"); 1615 1616 log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited); 1617 1618 $plugins->run_hooks("modcp_do_edit_announcement_end"); 1619 1620 $cache->update_forumsdisplay(); 1621 redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement); 1622 } 1623 } 1624 else 1625 { 1626 $mybb->input['action'] = 'edit_announcement'; 1627 } 1628 } 1629 1630 if($mybb->input['action'] == "edit_announcement") 1631 { 1632 if($mybb->usergroup['canmanageannounce'] == 0) 1633 { 1634 error_no_permission(); 1635 } 1636 1637 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 1638 1639 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1640 add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&aid={$aid}"); 1641 1642 // Get announcement 1643 if(!isset($announcement) || $mybb->request_method != 'post') 1644 { 1645 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 1646 $announcement = $db->fetch_array($query); 1647 } 1648 1649 if(!$announcement) 1650 { 1651 error($lang->error_invalid_announcement); 1652 } 1653 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1654 { 1655 error_no_permission(); 1656 } 1657 1658 if(!$announcement['startdate']) 1659 { 1660 // No start date? Make it now. 1661 $announcement['startdate'] = TIME_NOW; 1662 } 1663 1664 $makeshift_end = false; 1665 if(!$announcement['enddate']) 1666 { 1667 $makeshift_end = true; 1668 $makeshift_time = TIME_NOW; 1669 if($announcement['startdate']) 1670 { 1671 $makeshift_time = $announcement['startdate']; 1672 } 1673 1674 // No end date? Make it a year from now. 1675 $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366); 1676 } 1677 1678 // Deal with inline errors 1679 if(!empty($errors) || isset($preview)) 1680 { 1681 if(!empty($errors)) 1682 { 1683 $errors = inline_error($errors); 1684 } 1685 else 1686 { 1687 $errors = ''; 1688 } 1689 1690 // Set $announcement to input stuff 1691 $announcement['subject'] = $mybb->input['title']; 1692 $announcement['message'] = $mybb->input['message']; 1693 $announcement['allowhtml'] = $allowhtml; 1694 $announcement['allowmycode'] = $allowmycode; 1695 $announcement['allowsmilies'] = $allowsmilies; 1696 1697 $startmonth = $mybb->input['starttime_month']; 1698 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1699 $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT); 1700 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1701 $endmonth = $mybb->input['endtime_month']; 1702 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1703 $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT); 1704 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1705 1706 $errored = true; 1707 } 1708 else 1709 { 1710 $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1711 $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1712 1713 $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate); 1714 $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate); 1715 1716 $startday = gmdate('j', $localized_time_startdate); 1717 $endday = gmdate('j', $localized_time_enddate); 1718 1719 $startmonth = gmdate('m', $localized_time_startdate); 1720 $endmonth = gmdate('m', $localized_time_enddate); 1721 1722 $startdateyear = gmdate('Y', $localized_time_startdate); 1723 $enddateyear = gmdate('Y', $localized_time_enddate); 1724 1725 $errored = false; 1726 } 1727 1728 // Generate form elements 1729 $startdateday = $enddateday = ''; 1730 for($day = 1; $day <= 31; ++$day) 1731 { 1732 if($startday == $day) 1733 { 1734 $selected = " selected=\"selected\""; 1735 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1736 } 1737 else 1738 { 1739 $selected = ''; 1740 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1741 } 1742 1743 if($endday == $day) 1744 { 1745 $selected = " selected=\"selected\""; 1746 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1747 } 1748 else 1749 { 1750 $selected = ''; 1751 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1752 } 1753 } 1754 1755 $startmonthsel = $endmonthsel = array(); 1756 foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month) 1757 { 1758 $startmonthsel[$month] = ''; 1759 $endmonthsel[$month] = ''; 1760 } 1761 $startmonthsel[$startmonth] = "selected=\"selected\""; 1762 $endmonthsel[$endmonth] = "selected=\"selected\""; 1763 1764 $startdatemonth = $enddatemonth = ''; 1765 1766 eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";"); 1767 eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";"); 1768 1769 $title = htmlspecialchars_uni($announcement['subject']); 1770 $message = htmlspecialchars_uni($announcement['message']); 1771 1772 $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => ''); 1773 1774 if($mybb->settings['announcementshtml']) 1775 { 1776 if($announcement['allowhtml']) 1777 { 1778 $html_sel['yes'] = ' checked="checked"'; 1779 } 1780 else 1781 { 1782 $html_sel['no'] = ' checked="checked"'; 1783 } 1784 1785 eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";"); 1786 } 1787 else 1788 { 1789 $allow_html = ''; 1790 } 1791 1792 if($announcement['allowmycode']) 1793 { 1794 $mycode_sel['yes'] = ' checked="checked"'; 1795 } 1796 else 1797 { 1798 $mycode_sel['no'] = ' checked="checked"'; 1799 } 1800 1801 if($announcement['allowsmilies']) 1802 { 1803 $smilies_sel['yes'] = ' checked="checked"'; 1804 } 1805 else 1806 { 1807 $smilies_sel['no'] = ' checked="checked"'; 1808 } 1809 1810 $end_type_sel = array('infinite' => '', 'finite' => ''); 1811 if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true) 1812 { 1813 $end_type_sel['infinite'] = ' checked="checked"'; 1814 } 1815 else 1816 { 1817 $end_type_sel['finite'] = ' checked="checked"'; 1818 } 1819 1820 // MyCode editor 1821 $codebuttons = build_mycode_inserter(); 1822 $smilieinserter = build_clickable_smilies(); 1823 1824 if(isset($preview)) 1825 { 1826 $announcementarray = array( 1827 'aid' => $announcement['aid'], 1828 'fid' => $announcement['fid'], 1829 'uid' => $mybb->user['uid'], 1830 'subject' => $mybb->input['title'], 1831 'message' => $mybb->input['message'], 1832 'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT), 1833 'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT), 1834 'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT), 1835 'dateline' => TIME_NOW, 1836 'userusername' => $mybb->user['username'], 1837 ); 1838 1839 $array = $mybb->user; 1840 foreach($array as $key => $element) 1841 { 1842 $announcementarray[$key] = $element; 1843 } 1844 1845 // Gather usergroup data from the cache 1846 // Field => Array Key 1847 $data_key = array( 1848 'title' => 'grouptitle', 1849 'usertitle' => 'groupusertitle', 1850 'stars' => 'groupstars', 1851 'starimage' => 'groupstarimage', 1852 'image' => 'groupimage', 1853 'namestyle' => 'namestyle', 1854 'usereputationsystem' => 'usereputationsystem' 1855 ); 1856 1857 foreach($data_key as $field => $key) 1858 { 1859 $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; 1860 } 1861 1862 require_once MYBB_ROOT."inc/functions_post.php"; 1863 $postbit = build_postbit($announcementarray, 3); 1864 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1865 } 1866 else 1867 { 1868 $preview = ''; 1869 } 1870 1871 $plugins->run_hooks("modcp_edit_announcement"); 1872 1873 eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";"); 1874 output_page($announcements); 1875 } 1876 1877 if($mybb->input['action'] == "announcements") 1878 { 1879 if($mybb->usergroup['canmanageannounce'] == 0) 1880 { 1881 error_no_permission(); 1882 } 1883 1884 if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1) 1885 { 1886 error($lang->you_cannot_manage_announcements); 1887 } 1888 1889 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1890 1891 // Fetch announcements into their proper arrays 1892 $query = $db->simple_select("announcements", "aid, fid, subject, enddate"); 1893 $announcements = $global_announcements = array(); 1894 while($announcement = $db->fetch_array($query)) 1895 { 1896 if($announcement['fid'] == -1) 1897 { 1898 $global_announcements[$announcement['aid']] = $announcement; 1899 continue; 1900 } 1901 $announcements[$announcement['fid']][$announcement['aid']] = $announcement; 1902 } 1903 1904 $announcements_global = ''; 1905 if($mybb->usergroup['issupermod'] == 1) 1906 { 1907 if($global_announcements && $mybb->usergroup['issupermod'] == 1) 1908 { 1909 // Get the global announcements 1910 foreach($global_announcements as $aid => $announcement) 1911 { 1912 $trow = alt_trow(); 1913 if((isset($announcement['startdate']) && $announcement['startdate'] > TIME_NOW) || (isset($announcement['enddate']) && $announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0)) 1914 { 1915 eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";"); 1916 } 1917 else 1918 { 1919 eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";"); 1920 } 1921 1922 $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); 1923 1924 eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";"); 1925 } 1926 } 1927 else 1928 { 1929 // No global announcements 1930 eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";"); 1931 } 1932 eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";"); 1933 } 1934 1935 $announcements_forum = ''; 1936 fetch_forum_announcements(); 1937 1938 if(!$announcements_forum) 1939 { 1940 eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";"); 1941 } 1942 1943 $plugins->run_hooks("modcp_announcements"); 1944 1945 eval("\$announcements = \"".$templates->get("modcp_announcements")."\";"); 1946 output_page($announcements); 1947 } 1948 1949 if($mybb->input['action'] == "do_modqueue") 1950 { 1951 require_once MYBB_ROOT."inc/class_moderation.php"; 1952 $moderation = new Moderation; 1953 1954 // Verify incoming POST request 1955 verify_post_check($mybb->get_input('my_post_key')); 1956 1957 if($mybb->usergroup['canmanagemodqueue'] == 0) 1958 { 1959 error_no_permission(); 1960 } 1961 1962 $plugins->run_hooks("modcp_do_modqueue_start"); 1963 1964 $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY); 1965 $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY); 1966 $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY); 1967 if(!empty($mybb->input['threads'])) 1968 { 1969 $threads = array_map("intval", array_keys($mybb->input['threads'])); 1970 $threads_to_approve = $threads_to_delete = array(); 1971 // Fetch threads 1972 $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}"); 1973 while($thread = $db->fetch_array($query)) 1974 { 1975 if(!isset($mybb->input['threads'][$thread['tid']])) 1976 { 1977 continue; 1978 } 1979 $action = $mybb->input['threads'][$thread['tid']]; 1980 if($action == "approve") 1981 { 1982 $threads_to_approve[] = $thread['tid']; 1983 } 1984 else if($action == "delete") 1985 { 1986 $threads_to_delete[] = $thread['tid']; 1987 } 1988 } 1989 if(!empty($threads_to_approve)) 1990 { 1991 $moderation->approve_threads($threads_to_approve); 1992 log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads); 1993 } 1994 if(!empty($threads_to_delete)) 1995 { 1996 if($mybb->settings['soft_delete'] == 1) 1997 { 1998 $moderation->soft_delete_threads($threads_to_delete); 1999 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads); 2000 } 2001 else 2002 { 2003 foreach($threads_to_delete as $tid) 2004 { 2005 $moderation->delete_thread($tid); 2006 } 2007 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads); 2008 } 2009 } 2010 2011 $plugins->run_hooks("modcp_do_modqueue_end"); 2012 2013 redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated); 2014 } 2015 else if(!empty($mybb->input['posts'])) 2016 { 2017 $posts = array_map("intval", array_keys($mybb->input['posts'])); 2018 // Fetch posts 2019 $posts_to_approve = $posts_to_delete = array(); 2020 $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}"); 2021 while($post = $db->fetch_array($query)) 2022 { 2023 if(!isset($mybb->input['posts'][$post['pid']])) 2024 { 2025 continue; 2026 } 2027 $action = $mybb->input['posts'][$post['pid']]; 2028 if($action == "approve") 2029 { 2030 $posts_to_approve[] = $post['pid']; 2031 } 2032 else if($action == "delete" && $mybb->settings['soft_delete'] != 1) 2033 { 2034 $moderation->delete_post($post['pid']); 2035 } 2036 else if($action == "delete") 2037 { 2038 $posts_to_delete[] = $post['pid']; 2039 } 2040 } 2041 if(!empty($posts_to_approve)) 2042 { 2043 $moderation->approve_posts($posts_to_approve); 2044 log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts); 2045 } 2046 if(!empty($posts_to_delete)) 2047 { 2048 if($mybb->settings['soft_delete'] == 1) 2049 { 2050 $moderation->soft_delete_posts($posts_to_delete); 2051 log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts); 2052 } 2053 else 2054 { 2055 log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts); 2056 } 2057 } 2058 2059 $plugins->run_hooks("modcp_do_modqueue_end"); 2060 2061 redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated); 2062 } 2063 else if(!empty($mybb->input['attachments'])) 2064 { 2065 $attachments = array_map("intval", array_keys($mybb->input['attachments'])); 2066 $query = $db->query(" 2067 SELECT a.pid, a.aid, t.tid 2068 FROM ".TABLE_PREFIX."attachments a 2069 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 2070 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2071 WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach} 2072 "); 2073 while($attachment = $db->fetch_array($query)) 2074 { 2075 if(!isset($mybb->input['attachments'][$attachment['aid']])) 2076 { 2077 continue; 2078 } 2079 $action = $mybb->input['attachments'][$attachment['aid']]; 2080 if($action == "approve") 2081 { 2082 $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'"); 2083 if(isset($attachment['tid'])) 2084 { 2085 update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "+1")); 2086 } 2087 } 2088 else if($action == "delete") 2089 { 2090 remove_attachment($attachment['pid'], '', $attachment['aid']); 2091 if(isset($attachment['tid'])) 2092 { 2093 update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "-1")); 2094 } 2095 } 2096 } 2097 2098 $plugins->run_hooks("modcp_do_modqueue_end"); 2099 2100 redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated); 2101 } 2102 } 2103 2104 if($mybb->input['action'] == "modqueue") 2105 { 2106 $navsep = ''; 2107 2108 if($mybb->usergroup['canmanagemodqueue'] == 0) 2109 { 2110 error_no_permission(); 2111 } 2112 2113 if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) 2114 { 2115 error($lang->you_cannot_use_mod_queue); 2116 } 2117 2118 $mybb->input['type'] = $mybb->get_input('type'); 2119 $threadqueue = $postqueue = $attachmentqueue = ''; 2120 if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)) 2121 { 2122 if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1) 2123 { 2124 error($lang->you_cannot_moderate_threads); 2125 } 2126 2127 $forum_cache = $cache->read("forums"); 2128 2129 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}"); 2130 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 2131 2132 // Figure out if we need to display multiple pages. 2133 if($mybb->get_input('page') != "last") 2134 { 2135 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2136 } 2137 2138 $perpage = $mybb->settings['threadsperpage']; 2139 $pages = $unapproved_threads / $perpage; 2140 $pages = ceil($pages); 2141 2142 if($mybb->get_input('page') == "last") 2143 { 2144 $page = $pages; 2145 } 2146 2147 if($page > $pages || $page <= 0) 2148 { 2149 $page = 1; 2150 } 2151 2152 if($page) 2153 { 2154 $start = ($page-1) * $perpage; 2155 } 2156 else 2157 { 2158 $start = 0; 2159 $page = 1; 2160 } 2161 2162 $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads"); 2163 2164 $query = $db->query(" 2165 SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid 2166 FROM ".TABLE_PREFIX."threads t 2167 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost) 2168 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid) 2169 WHERE t.visible='0' {$tflist_queue_threads} 2170 ORDER BY t.lastpost DESC 2171 LIMIT {$start}, {$perpage} 2172 "); 2173 $threads = ''; 2174 while($thread = $db->fetch_array($query)) 2175 { 2176 $altbg = alt_trow(); 2177 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 2178 $thread['threadlink'] = get_thread_link($thread['tid']); 2179 $forum_link = get_forum_link($thread['fid']); 2180 $forum_name = $forum_cache[$thread['fid']]['name']; 2181 $threaddate = my_date('relative', $thread['dateline']); 2182 2183 if($thread['username'] == "") 2184 { 2185 if($thread['threadusername'] != "") 2186 { 2187 $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']); 2188 $profile_link = $thread['threadusername']; 2189 } 2190 else 2191 { 2192 $profile_link = $lang->guest; 2193 } 2194 } 2195 else 2196 { 2197 $thread['username'] = htmlspecialchars_uni($thread['username']); 2198 $profile_link = build_profile_link($thread['username'], $thread['uid']); 2199 } 2200 2201 $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage'])); 2202 eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";"); 2203 eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";"); 2204 } 2205 2206 if(!$threads && $mybb->input['type'] == "threads") 2207 { 2208 eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";"); 2209 } 2210 2211 if($threads) 2212 { 2213 add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&type=threads"); 2214 2215 $plugins->run_hooks("modcp_modqueue_threads_end"); 2216 2217 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 2218 { 2219 $navsep = " | "; 2220 eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";"); 2221 } 2222 2223 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 2224 { 2225 $navsep = " | "; 2226 eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";"); 2227 } 2228 2229 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2230 eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";"); 2231 output_page($threadqueue); 2232 } 2233 $type = 'threads'; 2234 } 2235 2236 if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1))) 2237 { 2238 if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1) 2239 { 2240 error($lang->you_cannot_moderate_posts); 2241 } 2242 2243 $forum_cache = $cache->read("forums"); 2244 2245 $query = $db->query(" 2246 SELECT COUNT(pid) AS unapprovedposts 2247 FROM ".TABLE_PREFIX."posts p 2248 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2249 WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid 2250 "); 2251 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 2252 2253 // Figure out if we need to display multiple pages. 2254 if($mybb->get_input('page') != "last") 2255 { 2256 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2257 } 2258 2259 $perpage = $mybb->settings['postsperpage']; 2260 $pages = $unapproved_posts / $perpage; 2261 $pages = ceil($pages); 2262 2263 if($mybb->get_input('page') == "last") 2264 { 2265 $page = $pages; 2266 } 2267 2268 if($page > $pages || $page <= 0) 2269 { 2270 $page = 1; 2271 } 2272 2273 if($page) 2274 { 2275 $start = ($page-1) * $perpage; 2276 } 2277 else 2278 { 2279 $start = 0; 2280 $page = 1; 2281 } 2282 2283 $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&type=posts"); 2284 2285 $query = $db->query(" 2286 SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline 2287 FROM ".TABLE_PREFIX."posts p 2288 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2289 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 2290 WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid 2291 ORDER BY p.dateline DESC, p.pid DESC 2292 LIMIT {$start}, {$perpage} 2293 "); 2294 $posts = ''; 2295 while($post = $db->fetch_array($query)) 2296 { 2297 $altbg = alt_trow(); 2298 $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject'])); 2299 $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject'])); 2300 $post['threadlink'] = get_thread_link($post['tid']); 2301 $post['postlink'] = get_post_link($post['pid'], $post['tid']); 2302 $forum_link = get_forum_link($post['fid']); 2303 $forum_name = $forum_cache[$post['fid']]['name']; 2304 $postdate = my_date('relative', $post['dateline']); 2305 2306 if($post['username'] == "") 2307 { 2308 if($post['postusername'] != "") 2309 { 2310 $post['postusername'] = htmlspecialchars_uni($post['postusername']); 2311 $profile_link = $post['postusername']; 2312 } 2313 else 2314 { 2315 $profile_link = $lang->guest; 2316 } 2317 } 2318 else 2319 { 2320 $post['username'] = htmlspecialchars_uni($post['username']); 2321 $profile_link = build_profile_link($post['username'], $post['uid']); 2322 } 2323 2324 eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";"); 2325 eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";"); 2326 $post['message'] = nl2br(htmlspecialchars_uni($post['message'])); 2327 eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";"); 2328 } 2329 2330 if(!$posts && $mybb->input['type'] == "posts") 2331 { 2332 eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";"); 2333 } 2334 2335 if($posts) 2336 { 2337 add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&type=posts"); 2338 2339 $plugins->run_hooks("modcp_modqueue_posts_end"); 2340 2341 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 2342 { 2343 $navsep = " | "; 2344 eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";"); 2345 } 2346 2347 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 2348 { 2349 $navsep = " | "; 2350 eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";"); 2351 } 2352 2353 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2354 eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";"); 2355 output_page($postqueue); 2356 } 2357 } 2358 2359 if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))) 2360 { 2361 if($mybb->settings['enableattachments'] == 0) 2362 { 2363 error($lang->attachments_disabled); 2364 } 2365 2366 if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) 2367 { 2368 error($lang->you_cannot_moderate_attachments); 2369 } 2370 2371 $query = $db->query(" 2372 SELECT COUNT(aid) AS unapprovedattachments 2373 FROM ".TABLE_PREFIX."attachments a 2374 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 2375 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2376 WHERE a.visible='0'{$tflist_queue_attach} 2377 "); 2378 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 2379 2380 // Figure out if we need to display multiple pages. 2381 if($mybb->get_input('page') != "last") 2382 { 2383 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2384 } 2385 2386 $perpage = $mybb->settings['postsperpage']; 2387 $pages = $unapproved_attachments / $perpage; 2388 $pages = ceil($pages); 2389 2390 if($mybb->get_input('page') == "last") 2391 { 2392 $page = $pages; 2393 } 2394 2395 if($page > $pages || $page <= 0) 2396 { 2397 $page = 1; 2398 } 2399 2400 if($page) 2401 { 2402 $start = ($page-1) * $perpage; 2403 } 2404 else 2405 { 2406 $start = 0; 2407 $page = 1; 2408 } 2409 2410 $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&type=attachments"); 2411 2412 $query = $db->query(" 2413 SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject 2414 FROM ".TABLE_PREFIX."attachments a 2415 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 2416 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2417 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 2418 WHERE a.visible='0'{$tflist_queue_attach} 2419 ORDER BY a.dateuploaded DESC 2420 LIMIT {$start}, {$perpage} 2421 "); 2422 $attachments = ''; 2423 while($attachment = $db->fetch_array($query)) 2424 { 2425 $altbg = alt_trow(); 2426 2427 if(!$attachment['dateuploaded']) 2428 { 2429 $attachment['dateuploaded'] = $attachment['dateline']; 2430 } 2431 2432 $attachdate = my_date('relative', $attachment['dateuploaded']); 2433 2434 $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject'])); 2435 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 2436 $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject'])); 2437 $attachment['filesize'] = get_friendly_size($attachment['filesize']); 2438 2439 $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}"; 2440 $thread_link = get_thread_link($attachment['tid']); 2441 $attachment['username'] = htmlspecialchars_uni($attachment['username']); 2442 $profile_link = build_profile_link($attachment['username'], $attachment['uid']); 2443 2444 eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";"); 2445 } 2446 2447 if(!$attachments && $mybb->input['type'] == "attachments") 2448 { 2449 eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";"); 2450 } 2451 2452 if($attachments) 2453 { 2454 add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&type=attachments"); 2455 2456 $plugins->run_hooks("modcp_modqueue_attachments_end"); 2457 2458 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 2459 { 2460 eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";"); 2461 $navsep = " | "; 2462 } 2463 2464 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 2465 { 2466 eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";"); 2467 $navsep = " | "; 2468 } 2469 2470 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2471 eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";"); 2472 output_page($attachmentqueue); 2473 } 2474 } 2475 2476 // Still nothing? All queues are empty! :-D 2477 if(!$threadqueue && !$postqueue && !$attachmentqueue) 2478 { 2479 add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue"); 2480 2481 $plugins->run_hooks("modcp_modqueue_end"); 2482 2483 eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";"); 2484 output_page($queue); 2485 } 2486 } 2487 2488 if($mybb->input['action'] == "do_editprofile") 2489 { 2490 // Verify incoming POST request 2491 verify_post_check($mybb->get_input('my_post_key')); 2492 2493 if($mybb->usergroup['caneditprofiles'] == 0) 2494 { 2495 error_no_permission(); 2496 } 2497 2498 $user = get_user($mybb->input['uid']); 2499 if(!$user) 2500 { 2501 error($lang->error_nomember); 2502 } 2503 2504 // Check if the current user has permission to edit this user 2505 if(!modcp_can_manage_user($user['uid'])) 2506 { 2507 error_no_permission(); 2508 } 2509 2510 $plugins->run_hooks("modcp_do_editprofile_start"); 2511 2512 if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0) 2513 { 2514 $awaydate = TIME_NOW; 2515 if(!empty($mybb->input['awayday'])) 2516 { 2517 // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year 2518 if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT)) 2519 { 2520 $mybb->input['awaymonth'] = my_date('n', $awaydate); 2521 } 2522 if(!$mybb->get_input('awayyear', MyBB::INPUT_INT)) 2523 { 2524 $mybb->input['awayyear'] = my_date('Y', $awaydate); 2525 } 2526 2527 $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2); 2528 $return_day = (int)substr($mybb->get_input('awayday'), 0, 2); 2529 $return_year = min((int)$mybb->get_input('awayyear'), 9999); 2530 2531 // Check if return date is after the away date. 2532 $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year); 2533 $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate)); 2534 if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate))) 2535 { 2536 error($lang->error_modcp_return_date_past); 2537 } 2538 2539 $returndate = "{$return_day}-{$return_month}-{$return_year}"; 2540 } 2541 else 2542 { 2543 $returndate = ""; 2544 } 2545 $away = array( 2546 "away" => 1, 2547 "date" => $awaydate, 2548 "returndate" => $returndate, 2549 "awayreason" => $mybb->get_input('awayreason') 2550 ); 2551 } 2552 else 2553 { 2554 $away = array( 2555 "away" => 0, 2556 "date" => '', 2557 "returndate" => '', 2558 "awayreason" => '' 2559 ); 2560 } 2561 2562 // Set up user handler. 2563 require_once MYBB_ROOT."inc/datahandlers/user.php"; 2564 $userhandler = new UserDataHandler('update'); 2565 2566 // Set the data for the new user. 2567 $updated_user = array( 2568 "uid" => $user['uid'], 2569 "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY), 2570 "profile_fields_editable" => true, 2571 "website" => $mybb->get_input('website'), 2572 "icq" => $mybb->get_input('icq'), 2573 "skype" => $mybb->get_input('skype'), 2574 "google" => $mybb->get_input('google'), 2575 "signature" => $mybb->get_input('signature'), 2576 "usernotes" => $mybb->get_input('usernotes'), 2577 "away" => $away 2578 ); 2579 2580 $updated_user['birthday'] = array( 2581 "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT), 2582 "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT), 2583 "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT) 2584 ); 2585 2586 if(!empty($mybb->input['usertitle'])) 2587 { 2588 $updated_user['usertitle'] = $mybb->get_input('usertitle'); 2589 } 2590 else if(!empty($mybb->input['reverttitle'])) 2591 { 2592 $updated_user['usertitle'] = ''; 2593 } 2594 2595 if(!empty($mybb->input['remove_avatar'])) 2596 { 2597 $updated_user['avatarurl'] = ''; 2598 } 2599 2600 // Set the data of the user in the datahandler. 2601 $userhandler->set_data($updated_user); 2602 $errors = array(); 2603 2604 // Validate the user and get any errors that might have occurred. 2605 if(!$userhandler->validate_user()) 2606 { 2607 $errors = $userhandler->get_friendly_errors(); 2608 $mybb->input['action'] = "editprofile"; 2609 } 2610 else 2611 { 2612 // Are we removing an avatar from this user? 2613 if(!empty($mybb->input['remove_avatar'])) 2614 { 2615 $extra_user_updates = array( 2616 "avatar" => "", 2617 "avatardimensions" => "", 2618 "avatartype" => "" 2619 ); 2620 remove_avatars($user['uid']); 2621 } 2622 2623 // Moderator "Options" (suspend signature, suspend/moderate posting) 2624 $moderator_options = array( 2625 1 => array( 2626 "action" => "suspendsignature", // The moderator action we're performing 2627 "period" => "action_period", // The time period we've selected from the dropdown box 2628 "time" => "action_time", // The time we've entered 2629 "update_field" => "suspendsignature", // The field in the database to update if true 2630 "update_length" => "suspendsigtime" // The length of suspension field in the database 2631 ), 2632 2 => array( 2633 "action" => "moderateposting", 2634 "period" => "modpost_period", 2635 "time" => "modpost_time", 2636 "update_field" => "moderateposts", 2637 "update_length" => "moderationtime" 2638 ), 2639 3 => array( 2640 "action" => "suspendposting", 2641 "period" => "suspost_period", 2642 "time" => "suspost_time", 2643 "update_field" => "suspendposting", 2644 "update_length" => "suspensiontime" 2645 ) 2646 ); 2647 2648 require_once MYBB_ROOT."inc/functions_warnings.php"; 2649 foreach($moderator_options as $option) 2650 { 2651 ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT); 2652 $mybb->input[$option['period']] = $mybb->get_input($option['period']); 2653 if(empty($mybb->input[$option['action']])) 2654 { 2655 if($user[$option['update_field']] == 1) 2656 { 2657 // We're revoking the suspension 2658 $extra_user_updates[$option['update_field']] = 0; 2659 $extra_user_updates[$option['update_length']] = 0; 2660 } 2661 2662 // Skip this option if we haven't selected it 2663 continue; 2664 } 2665 2666 else 2667 { 2668 if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1) 2669 { 2670 // User has selected a type of ban, but not entered a valid time frame 2671 $string = $option['action']."_error"; 2672 $errors[] = $lang->$string; 2673 } 2674 else 2675 { 2676 $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]); 2677 2678 if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never")) 2679 { 2680 // We already have a suspension, but entered a new time 2681 if($suspend_length == "-1") 2682 { 2683 // Permanent ban on action 2684 $extra_user_updates[$option['update_length']] = 0; 2685 } 2686 elseif($suspend_length && $suspend_length != "-1") 2687 { 2688 // Temporary ban on action 2689 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 2690 } 2691 } 2692 elseif(!$user[$option['update_field']]) 2693 { 2694 // New suspension for this user... bad user! 2695 $extra_user_updates[$option['update_field']] = 1; 2696 if($suspend_length == "-1") 2697 { 2698 $extra_user_updates[$option['update_length']] = 0; 2699 } 2700 else 2701 { 2702 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 2703 } 2704 } 2705 } 2706 } 2707 } 2708 2709 // Those with javascript turned off will be able to select both - cheeky! 2710 // Check to make sure we're not moderating AND suspending posting 2711 if(isset($extra_user_updates) && !empty($extra_user_updates['moderateposts']) && !empty($extra_user_updates['suspendposting'])) 2712 { 2713 $errors[] = $lang->suspendmoderate_error; 2714 } 2715 2716 if(is_array($errors) && !empty($errors)) 2717 { 2718 $mybb->input['action'] = "editprofile"; 2719 } 2720 else 2721 { 2722 $plugins->run_hooks("modcp_do_editprofile_update"); 2723 2724 // Continue with the update if there is no errors 2725 $user_info = $userhandler->update_user(); 2726 if(!empty($extra_user_updates)) 2727 { 2728 $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'"); 2729 } 2730 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user); 2731 2732 $plugins->run_hooks("modcp_do_editprofile_end"); 2733 2734 redirect("modcp.php?action=finduser", $lang->redirect_user_updated); 2735 } 2736 } 2737 } 2738 2739 if($mybb->input['action'] == "editprofile") 2740 { 2741 if($mybb->usergroup['caneditprofiles'] == 0) 2742 { 2743 error_no_permission(); 2744 } 2745 2746 add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile"); 2747 2748 $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); 2749 if(!$user) 2750 { 2751 error($lang->error_nomember); 2752 } 2753 2754 // Check if the current user has permission to edit this user 2755 if(!modcp_can_manage_user($user['uid'])) 2756 { 2757 error_no_permission(); 2758 } 2759 2760 $userperms = user_permissions($user['uid']); 2761 2762 // Set display group 2763 $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image"); 2764 2765 if(!$user['displaygroup']) 2766 { 2767 $user['displaygroup'] = $user['usergroup']; 2768 } 2769 2770 $display_group = usergroup_displaygroup($user['displaygroup']); 2771 if(is_array($display_group)) 2772 { 2773 $userperms = array_merge($userperms, $display_group); 2774 } 2775 2776 if(!my_validate_url($user['website'])) 2777 { 2778 $user['website'] = ''; 2779 } 2780 2781 if($user['icq'] != "0") 2782 { 2783 $user['icq'] = (int)$user['icq']; 2784 } 2785 2786 if(!$errors) 2787 { 2788 $mybb->input = array_merge($user, $mybb->input); 2789 $birthday = explode('-', $user['birthday']); 2790 if(!isset($birthday[1])) 2791 { 2792 $birthday[1] = ''; 2793 } 2794 if(!isset($birthday[2])) 2795 { 2796 $birthday[2] = ''; 2797 } 2798 list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday; 2799 } 2800 else 2801 { 2802 $errors = inline_error($errors); 2803 } 2804 2805 // Sanitize all input 2806 foreach(array('usertitle', 'website', 'icq', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field) 2807 { 2808 $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 2809 } 2810 2811 // Custom user title 2812 if(!empty($userperms['usertitle'])) 2813 { 2814 $defaulttitle = htmlspecialchars_uni($userperms['usertitle']); 2815 } 2816 else 2817 { 2818 // Go for post count title if a group default isn't set 2819 $usertitles = $cache->read('usertitles'); 2820 2821 foreach($usertitles as $title) 2822 { 2823 if($title['posts'] <= $user['postnum']) 2824 { 2825 $defaulttitle = htmlspecialchars_uni($title['title']); 2826 break; 2827 } 2828 } 2829 } 2830 2831 $user['usertitle'] = htmlspecialchars_uni($user['usertitle']); 2832 2833 if(empty($user['usertitle'])) 2834 { 2835 $lang->current_custom_usertitle = ''; 2836 } 2837 2838 $bdaydaysel = $selected = ''; 2839 for($day = 1; $day <= 31; ++$day) 2840 { 2841 if($mybb->input['birthday_day'] == $day) 2842 { 2843 $selected = "selected=\"selected\""; 2844 } 2845 else 2846 { 2847 $selected = ''; 2848 } 2849 2850 eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";"); 2851 } 2852 2853 $bdaymonthsel = array(); 2854 foreach(range(1, 12) as $month) 2855 { 2856 $bdaymonthsel[$month] = ''; 2857 } 2858 $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"'; 2859 2860 $awaysection = ''; 2861 2862 if($mybb->settings['allowaway'] != 0) 2863 { 2864 $awaycheck = array('', ''); 2865 if($errors) 2866 { 2867 if($user['away'] == 1) 2868 { 2869 $awaycheck[1] = "checked=\"checked\""; 2870 } 2871 else 2872 { 2873 $awaycheck[0] = "checked=\"checked\""; 2874 } 2875 $returndate = array(); 2876 $returndate[0] = $mybb->get_input('awayday'); 2877 $returndate[1] = $mybb->get_input('awaymonth'); 2878 $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT); 2879 $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason')); 2880 } 2881 else 2882 { 2883 $user['awayreason'] = htmlspecialchars_uni($user['awayreason']); 2884 if($user['away'] == 1) 2885 { 2886 $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']); 2887 $awaycheck[1] = "checked=\"checked\""; 2888 $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate); 2889 } 2890 else 2891 { 2892 $awaynotice = $lang->away_notice; 2893 $awaycheck[0] = "checked=\"checked\""; 2894 } 2895 $returndate = explode("-", $user['returndate']); 2896 } 2897 $returndatesel = $selected = ''; 2898 for($day = 1; $day <= 31; ++$day) 2899 { 2900 if($returndate[0] == $day) 2901 { 2902 $selected = "selected=\"selected\""; 2903 } 2904 else 2905 { 2906 $selected = ''; 2907 } 2908 2909 eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";"); 2910 } 2911 2912 $returndatemonthsel = array(); 2913 foreach(range(1, 12) as $month) 2914 { 2915 $returndatemonthsel[$month] = ''; 2916 } 2917 if(isset($returndate[1])) 2918 { 2919 $returndatemonthsel[$returndate[1]] = " selected=\"selected\""; 2920 } 2921 2922 if(!isset($returndate[2])) 2923 { 2924 $returndate[2] = ''; 2925 } 2926 2927 eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";"); 2928 } 2929 2930 $plugins->run_hooks("modcp_editprofile_start"); 2931 2932 // Fetch profile fields 2933 $user_fields = array(); 2934 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 2935 if($db->num_rows($query) > 0) 2936 { 2937 $user_fields = $db->fetch_array($query); 2938 } 2939 2940 $requiredfields = ''; 2941 $customfields = ''; 2942 $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY); 2943 2944 $pfcache = $cache->read('profilefields'); 2945 2946 if(is_array($pfcache)) 2947 { 2948 foreach($pfcache as $profilefield) 2949 { 2950 $userfield = $code = $select = $val = $options = $expoptions = $useropts = ''; 2951 $seloptions = array(); 2952 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 2953 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 2954 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 2955 $thing = explode("\n", $profilefield['type'], "2"); 2956 $type = $thing[0]; 2957 if(isset($thing[1])) 2958 { 2959 $options = $thing[1]; 2960 } 2961 $field = "fid{$profilefield['fid']}"; 2962 if($errors) 2963 { 2964 if(isset($mybb->input['profile_fields'][$field])) 2965 { 2966 $userfield = $mybb->input['profile_fields'][$field]; 2967 } 2968 } 2969 elseif(isset($user_fields[$field])) 2970 { 2971 $userfield = $user_fields[$field]; 2972 } 2973 if($type == "multiselect") 2974 { 2975 if($errors) 2976 { 2977 $useropts = $userfield; 2978 } 2979 else 2980 { 2981 $useropts = explode("\n", $userfield); 2982 } 2983 if(is_array($useropts)) 2984 { 2985 foreach($useropts as $key => $val) 2986 { 2987 $seloptions[$val] = $val; 2988 } 2989 } 2990 $expoptions = explode("\n", $options); 2991 if(is_array($expoptions)) 2992 { 2993 foreach($expoptions as $key => $val) 2994 { 2995 $val = trim($val); 2996 $val = str_replace("\n", "\\n", $val); 2997 2998 $sel = ""; 2999 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 3000 { 3001 $sel = " selected=\"selected\""; 3002 } 3003 3004 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 3005 } 3006 if(!$profilefield['length']) 3007 { 3008 $profilefield['length'] = 3; 3009 } 3010 3011 eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";"); 3012 } 3013 } 3014 elseif($type == "select") 3015 { 3016 $expoptions = explode("\n", $options); 3017 if(is_array($expoptions)) 3018 { 3019 foreach($expoptions as $key => $val) 3020 { 3021 $val = trim($val); 3022 $val = str_replace("\n", "\\n", $val); 3023 $sel = ""; 3024 if($val == $userfield) 3025 { 3026 $sel = " selected=\"selected\""; 3027 } 3028 3029 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 3030 } 3031 if(!$profilefield['length']) 3032 { 3033 $profilefield['length'] = 1; 3034 } 3035 3036 eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";"); 3037 } 3038 } 3039 elseif($type == "radio") 3040 { 3041 $expoptions = explode("\n", $options); 3042 if(is_array($expoptions)) 3043 { 3044 foreach($expoptions as $key => $val) 3045 { 3046 $checked = ""; 3047 if($val == $userfield) 3048 { 3049 $checked = " checked=\"checked\""; 3050 } 3051 3052 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";"); 3053 } 3054 } 3055 } 3056 elseif($type == "checkbox") 3057 { 3058 if($errors) 3059 { 3060 $useropts = $userfield; 3061 } 3062 else 3063 { 3064 $useropts = explode("\n", $userfield); 3065 } 3066 if(is_array($useropts)) 3067 { 3068 foreach($useropts as $key => $val) 3069 { 3070 $seloptions[$val] = $val; 3071 } 3072 } 3073 $expoptions = explode("\n", $options); 3074 if(is_array($expoptions)) 3075 { 3076 foreach($expoptions as $key => $val) 3077 { 3078 $checked = ""; 3079 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 3080 { 3081 $checked = " checked=\"checked\""; 3082 } 3083 3084 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";"); 3085 } 3086 } 3087 } 3088 elseif($type == "textarea") 3089 { 3090 $value = htmlspecialchars_uni($userfield); 3091 eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";"); 3092 } 3093 else 3094 { 3095 $value = htmlspecialchars_uni($userfield); 3096 $maxlength = ""; 3097 if($profilefield['maxlength'] > 0) 3098 { 3099 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 3100 } 3101 3102 eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";"); 3103 } 3104 3105 if($profilefield['required'] == 1) 3106 { 3107 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 3108 } 3109 else 3110 { 3111 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 3112 } 3113 $altbg = alt_trow(); 3114 } 3115 } 3116 if($customfields) 3117 { 3118 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 3119 } 3120 3121 $user['username'] = htmlspecialchars_uni($user['username']); 3122 $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']); 3123 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3124 3125 $user['signature'] = htmlspecialchars_uni($user['signature']); 3126 $codebuttons = build_mycode_inserter("signature"); 3127 3128 // Do we mark the suspend signature box? 3129 if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors))) 3130 { 3131 $checked = 1; 3132 $checked_item = "checked=\"checked\""; 3133 } 3134 else 3135 { 3136 $checked = 0; 3137 $checked_item = ''; 3138 } 3139 3140 // Do we mark the moderate posts box? 3141 if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors))) 3142 { 3143 $modpost_check = 1; 3144 $modpost_checked = "checked=\"checked\""; 3145 } 3146 else 3147 { 3148 $modpost_check = 0; 3149 $modpost_checked = ''; 3150 } 3151 3152 // Do we mark the suspend posts box? 3153 if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors))) 3154 { 3155 $suspost_check = 1; 3156 $suspost_checked = "checked=\"checked\""; 3157 } 3158 else 3159 { 3160 $suspost_check = 0; 3161 $suspost_checked = ''; 3162 } 3163 3164 $moderator_options = array( 3165 1 => array( 3166 "action" => "suspendsignature", // The input action for this option 3167 "option" => "suspendsignature", // The field in the database that this option relates to 3168 "time" => "action_time", // The time we've entered 3169 "length" => "suspendsigtime", // The length of suspension field in the database 3170 "select_option" => "action" // The name of the select box of this option 3171 ), 3172 2 => array( 3173 "action" => "moderateposting", 3174 "option" => "moderateposts", 3175 "time" => "modpost_time", 3176 "length" => "moderationtime", 3177 "select_option" => "modpost" 3178 ), 3179 3 => array( 3180 "action" => "suspendposting", 3181 "option" => "suspendposting", 3182 "time" => "suspost_time", 3183 "length" => "suspensiontime", 3184 "select_option" => "suspost" 3185 ) 3186 ); 3187 3188 $periods = array( 3189 "hours" => $lang->expire_hours, 3190 "days" => $lang->expire_days, 3191 "weeks" => $lang->expire_weeks, 3192 "months" => $lang->expire_months, 3193 "never" => $lang->expire_permanent 3194 ); 3195 3196 $suspendsignature_info = $moderateposts_info = $suspendposting_info = ''; 3197 $action_options = $modpost_options = $suspost_options = ''; 3198 $modopts = array(); 3199 foreach($moderator_options as $option) 3200 { 3201 ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT); 3202 // Display the suspension info, if this user has this option suspended 3203 if($user[$option['option']]) 3204 { 3205 if($user[$option['length']] == 0) 3206 { 3207 // User has a permanent ban 3208 $string = $option['option']."_perm"; 3209 $suspension_info = $lang->$string; 3210 } 3211 else 3212 { 3213 // User has a temporary (or limited) ban 3214 $string = $option['option']."_for"; 3215 $for_date = my_date('relative', $user[$option['length']], '', 2); 3216 $suspension_info = $lang->sprintf($lang->$string, $for_date); 3217 } 3218 3219 switch($option['option']) 3220 { 3221 case "suspendsignature": 3222 eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3223 break; 3224 case "moderateposts": 3225 eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3226 break; 3227 case "suspendposting": 3228 eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3229 break; 3230 } 3231 } 3232 3233 // Generate the boxes for this option 3234 $selection_options = ''; 3235 foreach($periods as $key => $value) 3236 { 3237 $string = $option['select_option']."_period"; 3238 if($mybb->get_input($string) == $key) 3239 { 3240 $selected = "selected=\"selected\""; 3241 } 3242 else 3243 { 3244 $selected = ''; 3245 } 3246 3247 eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";"); 3248 } 3249 3250 $select_name = $option['select_option']."_period"; 3251 switch($option['option']) 3252 { 3253 case "suspendsignature": 3254 eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3255 break; 3256 case "moderateposts": 3257 eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3258 break; 3259 case "suspendposting": 3260 eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3261 break; 3262 } 3263 } 3264 3265 eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";"); 3266 3267 $user['usernotes'] = htmlspecialchars_uni($user['usernotes']); 3268 3269 if(!isset($newtitle)) 3270 { 3271 $newtitle = ''; 3272 } 3273 3274 $birthday_year = $mybb->input['birthday_year']; 3275 $user_website = $mybb->input['website']; 3276 $user_icq = $mybb->input['icq']; 3277 $user_skype = $mybb->input['skype']; 3278 $user_google = $mybb->input['google']; 3279 3280 $plugins->run_hooks("modcp_editprofile_end"); 3281 3282 eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";"); 3283 output_page($edituser); 3284 } 3285 3286 if($mybb->input['action'] == "finduser") 3287 { 3288 if($mybb->usergroup['caneditprofiles'] == 0) 3289 { 3290 error_no_permission(); 3291 } 3292 3293 add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser"); 3294 3295 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 3296 if(!$perpage || $perpage <= 0) 3297 { 3298 $perpage = $mybb->settings['threadsperpage']; 3299 } 3300 $where = ''; 3301 3302 if(isset($mybb->input['username'])) 3303 { 3304 switch($db->type) 3305 { 3306 case 'mysql': 3307 case 'mysqli': 3308 $field = 'username'; 3309 break; 3310 default: 3311 $field = 'LOWER(username)'; 3312 break; 3313 } 3314 $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'"; 3315 } 3316 3317 // Sort order & direction 3318 switch($mybb->get_input('sortby')) 3319 { 3320 case "lastvisit": 3321 $sortby = "lastvisit"; 3322 break; 3323 case "postnum": 3324 $sortby = "postnum"; 3325 break; 3326 case "username": 3327 $sortby = "username"; 3328 break; 3329 default: 3330 $sortby = "regdate"; 3331 } 3332 $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => ''); 3333 $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\""; 3334 $order = $mybb->get_input('order'); 3335 if($order != "asc") 3336 { 3337 $order = "desc"; 3338 } 3339 $ordersel = array('asc' => '', 'desc' => ''); 3340 $ordersel[$order] = " selected=\"selected\""; 3341 3342 $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}"); 3343 $user_count = $db->fetch_field($query, "count"); 3344 3345 // Figure out if we need to display multiple pages. 3346 if($mybb->get_input('page') != "last") 3347 { 3348 $page = $mybb->get_input('page'); 3349 } 3350 3351 $pages = $user_count / $perpage; 3352 $pages = ceil($pages); 3353 3354 if($mybb->get_input('page') == "last") 3355 { 3356 $page = $pages; 3357 } 3358 3359 if($page > $pages || $page <= 0) 3360 { 3361 $page = 1; 3362 } 3363 if($page) 3364 { 3365 $start = ($page-1) * $perpage; 3366 } 3367 else 3368 { 3369 $start = 0; 3370 $page = 1; 3371 } 3372 3373 $page_url = 'modcp.php?action=finduser'; 3374 foreach(array('username', 'sortby', 'order') as $field) 3375 { 3376 if(!empty($mybb->input[$field])) 3377 { 3378 $page_url .= "&{$field}=".$mybb->input[$field]; 3379 } 3380 } 3381 3382 $multipage = multipage($user_count, $perpage, $page, $page_url); 3383 3384 $usergroups_cache = $cache->read("usergroups"); 3385 3386 $plugins->run_hooks("modcp_finduser_start"); 3387 3388 // Fetch out results 3389 $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start)); 3390 $users = ''; 3391 while($user = $db->fetch_array($query)) 3392 { 3393 $alt_row = alt_trow(); 3394 $user['username'] = htmlspecialchars_uni($user['username']); 3395 $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 3396 $user['postnum'] = my_number_format($user['postnum']); 3397 $regdate = my_date('relative', $user['regdate']); 3398 3399 if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid']) 3400 { 3401 $lastdate = $lang->lastvisit_never; 3402 3403 if($user['lastvisit']) 3404 { 3405 // We have had at least some active time, hide it instead 3406 $lastdate = $lang->lastvisit_hidden; 3407 } 3408 } 3409 else 3410 { 3411 $lastdate = my_date('relative', $user['lastvisit']); 3412 } 3413 3414 $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']); 3415 eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";"); 3416 } 3417 3418 // No results? 3419 if(!$users) 3420 { 3421 eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";"); 3422 } 3423 3424 $plugins->run_hooks("modcp_finduser_end"); 3425 3426 $username = htmlspecialchars_uni($mybb->get_input('username')); 3427 eval("\$finduser = \"".$templates->get("modcp_finduser")."\";"); 3428 output_page($finduser); 3429 } 3430 3431 if($mybb->input['action'] == "warninglogs") 3432 { 3433 if($mybb->usergroup['canviewwarnlogs'] == 0) 3434 { 3435 error_no_permission(); 3436 } 3437 3438 add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs"); 3439 3440 // Filter options 3441 $where_sql = ''; 3442 $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY); 3443 $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY); 3444 if(!empty($mybb->input['filter']['username'])) 3445 { 3446 $search_user = get_user_by_username($mybb->input['filter']['username']); 3447 3448 $mybb->input['filter']['uid'] = (int)$search_user['uid']; 3449 $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']); 3450 } 3451 else 3452 { 3453 $mybb->input['filter']['username'] = ''; 3454 } 3455 if(!empty($mybb->input['filter']['uid'])) 3456 { 3457 $search['uid'] = (int)$mybb->input['filter']['uid']; 3458 $where_sql .= " AND w.uid='{$search['uid']}'"; 3459 if(!isset($mybb->input['search']['username'])) 3460 { 3461 $user = get_user($mybb->input['search']['uid']); 3462 $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']); 3463 } 3464 } 3465 else 3466 { 3467 $mybb->input['filter']['uid'] = ''; 3468 } 3469 if(!empty($mybb->input['filter']['mod_username'])) 3470 { 3471 $mod_user = get_user_by_username($mybb->input['filter']['mod_username']); 3472 3473 $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid']; 3474 $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']); 3475 } 3476 else 3477 { 3478 $mybb->input['filter']['mod_username'] = ''; 3479 } 3480 if(!empty($mybb->input['filter']['mod_uid'])) 3481 { 3482 $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid']; 3483 $where_sql .= " AND w.issuedby='{$search['mod_uid']}'"; 3484 if(!isset($mybb->input['search']['mod_username'])) 3485 { 3486 $mod_user = get_user($mybb->input['search']['uid']); 3487 $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']); 3488 } 3489 } 3490 else 3491 { 3492 $mybb->input['filter']['mod_uid'] = ''; 3493 } 3494 if(!empty($mybb->input['filter']['reason'])) 3495 { 3496 $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']); 3497 $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')"; 3498 $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']); 3499 } 3500 else 3501 { 3502 $mybb->input['filter']['reason'] = ''; 3503 } 3504 $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => ''); 3505 if(!isset($mybb->input['filter']['sortby'])) 3506 { 3507 $mybb->input['filter']['sortby'] = ''; 3508 } 3509 switch($mybb->input['filter']['sortby']) 3510 { 3511 case "username": 3512 $sortby = "u.username"; 3513 $sortbysel['username'] = ' selected="selected"'; 3514 break; 3515 case "expires": 3516 $sortby = "w.expires"; 3517 $sortbysel['expires'] = ' selected="selected"'; 3518 break; 3519 case "issuedby": 3520 $sortby = "i.username"; 3521 $sortbysel['issuedby'] = ' selected="selected"'; 3522 break; 3523 default: // "dateline" 3524 $sortby = "w.dateline"; 3525 $sortbysel['dateline'] = ' selected="selected"'; 3526 } 3527 if(!isset($mybb->input['filter']['order'])) 3528 { 3529 $mybb->input['filter']['order'] = ''; 3530 } 3531 $order = $mybb->input['filter']['order']; 3532 $ordersel = array('asc' => '', 'desc' => ''); 3533 if($order != "asc") 3534 { 3535 $order = "desc"; 3536 $ordersel['desc'] = ' selected="selected"'; 3537 } 3538 else 3539 { 3540 $ordersel['asc'] = ' selected="selected"'; 3541 } 3542 3543 $plugins->run_hooks("modcp_warninglogs_start"); 3544 3545 // Pagination stuff 3546 $sql = " 3547 SELECT COUNT(wid) as count 3548 FROM 3549 ".TABLE_PREFIX."warnings w 3550 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 3551 WHERE 1=1 3552 {$where_sql} 3553 "; 3554 $query = $db->query($sql); 3555 $total_warnings = $db->fetch_field($query, 'count'); 3556 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3557 if($page <= 0) 3558 { 3559 $page = 1; 3560 } 3561 $per_page = 20; 3562 if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0) 3563 { 3564 $per_page = (int)$mybb->input['filter']['per_page']; 3565 } 3566 $start = ($page-1) * $per_page; 3567 $pages = ceil($total_warnings / $per_page); 3568 if($page > $pages) 3569 { 3570 $start = 0; 3571 $page = 1; 3572 } 3573 // Build the base URL for pagination links 3574 $url = 'modcp.php?action=warninglogs'; 3575 if(is_array($mybb->input['filter']) && count($mybb->input['filter'])) 3576 { 3577 foreach($mybb->input['filter'] as $field => $value) 3578 { 3579 $value = urlencode($value); 3580 $url .= "&filter[{$field}]={$value}"; 3581 } 3582 } 3583 $multipage = multipage($total_warnings, $per_page, $page, $url); 3584 3585 // The actual query 3586 $sql = " 3587 SELECT 3588 w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby, 3589 t.title, 3590 u.uid, u.username, u.usergroup, u.displaygroup, 3591 i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup 3592 FROM ".TABLE_PREFIX."warnings w 3593 LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid) 3594 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 3595 LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby) 3596 WHERE 1=1 3597 {$where_sql} 3598 ORDER BY {$sortby} {$order} 3599 LIMIT {$start}, {$per_page} 3600 "; 3601 $query = $db->query($sql); 3602 3603 3604 $warning_list = ''; 3605 while($row = $db->fetch_array($query)) 3606 { 3607 $trow = alt_trow(); 3608 $row['username'] = htmlspecialchars_uni($row['username']); 3609 $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']); 3610 $username_link = build_profile_link($username, $row['uid']); 3611 $row['mod_username'] = htmlspecialchars_uni($row['mod_username']); 3612 $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']); 3613 $mod_username_link = build_profile_link($mod_username, $row['mod_uid']); 3614 $issued_date = my_date('normal', $row['dateline']); 3615 $revoked_text = ''; 3616 if($row['daterevoked'] > 0) 3617 { 3618 $revoked_date = my_date('relative', $row['daterevoked']); 3619 eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";"); 3620 } 3621 if($row['expires'] > 0) 3622 { 3623 $expire_date = nice_time($row['expires']-TIME_NOW); 3624 } 3625 else 3626 { 3627 $expire_date = $lang->never; 3628 } 3629 $title = $row['title']; 3630 if(empty($row['title'])) 3631 { 3632 $title = $row['custom_title']; 3633 } 3634 $title = htmlspecialchars_uni($title); 3635 if($row['points'] >= 0) 3636 { 3637 $points = '+'.$row['points']; 3638 } 3639 3640 eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";"); 3641 } 3642 3643 if(!$warning_list) 3644 { 3645 eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";"); 3646 } 3647 3648 $plugins->run_hooks("modcp_warninglogs_end"); 3649 3650 $filter_username = $mybb->input['filter']['username']; 3651 $filter_modusername = $mybb->input['filter']['mod_username']; 3652 $filter_reason = $mybb->input['filter']['reason']; 3653 3654 eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";"); 3655 output_page($warninglogs); 3656 } 3657 3658 if($mybb->input['action'] == "ipsearch") 3659 { 3660 if($mybb->usergroup['canuseipsearch'] == 0) 3661 { 3662 error_no_permission(); 3663 } 3664 3665 add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch"); 3666 3667 $ipsearch_results = $ipaddressvalue = ''; 3668 $mybb->input['ipaddress'] = $mybb->get_input('ipaddress'); 3669 if($mybb->input['ipaddress']) 3670 { 3671 if(!is_array($groupscache)) 3672 { 3673 $groupscache = $cache->read("usergroups"); 3674 } 3675 3676 $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']); 3677 3678 $ip_range = fetch_ip_range($mybb->input['ipaddress']); 3679 3680 $post_results = $user_results = 0; 3681 3682 // Searching post IP addresses 3683 if(isset($mybb->input['search_posts'])) 3684 { 3685 $post_ip_sql = ''; 3686 if($ip_range) 3687 { 3688 if(!is_array($ip_range)) 3689 { 3690 $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range); 3691 } 3692 else 3693 { 3694 $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]); 3695 } 3696 } 3697 3698 $plugins->run_hooks("modcp_ipsearch_posts_start"); 3699 3700 if($post_ip_sql) 3701 { 3702 $where_sql = ''; 3703 3704 $unviewable_forums = get_unviewable_forums(true); 3705 3706 if($unviewable_forums) 3707 { 3708 $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})"; 3709 } 3710 3711 if($inactiveforums) 3712 { 3713 $where_sql .= " AND p.fid NOT IN ({$inactiveforums})"; 3714 } 3715 3716 // Check group permissions if we can't view threads not started by us 3717 $onlyusfids = array(); 3718 $group_permissions = forum_permissions(); 3719 foreach($group_permissions as $fid => $forumpermissions) 3720 { 3721 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1) 3722 { 3723 $onlyusfids[] = $fid; 3724 } 3725 } 3726 3727 if(!empty($onlyusfids)) 3728 { 3729 $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 3730 } 3731 3732 // Moderators can view unapproved/deleted posts 3733 if($mybb->usergroup['issupermod'] != 1) 3734 { 3735 $unapprove_forums = array(); 3736 $deleted_forums = array(); 3737 $visible_sql = " AND (p.visible = 1 AND t.visible = 1)"; 3738 $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')"); 3739 while($moderator = $db->fetch_array($query)) 3740 { 3741 if($moderator['canviewunapprove'] == 1) 3742 { 3743 $unapprove_forums[] = $moderator['fid']; 3744 } 3745 3746 if($moderator['canviewdeleted'] == 1) 3747 { 3748 $deleted_forums[] = $moderator['fid']; 3749 } 3750 } 3751 3752 if(!empty($unapprove_forums)) 3753 { 3754 $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))"; 3755 } 3756 if(!empty($deleted_forums)) 3757 { 3758 $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))"; 3759 } 3760 } 3761 else 3762 { 3763 // Super moderators (and admins) 3764 $visible_sql = " AND p.visible >= -1"; 3765 } 3766 3767 $query = $db->query(" 3768 SELECT COUNT(p.pid) AS count 3769 FROM ".TABLE_PREFIX."posts p 3770 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid) 3771 WHERE {$post_ip_sql}{$where_sql}{$visible_sql} 3772 "); 3773 $post_results = $db->fetch_field($query, "count"); 3774 } 3775 } 3776 3777 // Searching user IP addresses 3778 if(isset($mybb->input['search_users'])) 3779 { 3780 $user_ip_sql = ''; 3781 if($ip_range) 3782 { 3783 if(!is_array($ip_range)) 3784 { 3785 $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range); 3786 } 3787 else 3788 { 3789 $user_ip_sql = "regip BETWEEN ".