[ Index ] |
PHP Cross Reference of MyBB 1.8.36 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'modcp.php'); 13 14 $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation"; 15 $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview"; 16 $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning"; 17 $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info"; 18 $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts"; 19 $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist"; 20 $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link"; 21 $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link"; 22 $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away"; 23 $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link"; 24 $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete"; 25 $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread"; 26 $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active"; 27 $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text"; 28 $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit"; 29 $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox"; 30 31 require_once "./global.php"; 32 require_once MYBB_ROOT."inc/functions_user.php"; 33 require_once MYBB_ROOT."inc/functions_upload.php"; 34 require_once MYBB_ROOT."inc/functions_modcp.php"; 35 require_once MYBB_ROOT."inc/class_parser.php"; 36 $parser = new postParser; 37 38 // Set up the array of ban times. 39 $bantimes = fetch_ban_times(); 40 41 // Load global language phrases 42 $lang->load("modcp"); 43 $lang->load("announcements"); 44 45 if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) 46 { 47 error_no_permission(); 48 } 49 50 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 51 { 52 $mybb->settings['threadsperpage'] = 20; 53 } 54 55 $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach = 56 $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = ''; 57 // SQL for fetching items only related to forums this user moderates 58 $moderated_forums = array(); 59 $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0; 60 if($mybb->usergroup['issupermod'] != 1) 61 { 62 $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')"); 63 while($forum = $db->fetch_array($query)) 64 { 65 $moderated_forums[] = $forum['fid']; 66 $children = get_child_list($forum['fid']); 67 if(is_array($children)) 68 { 69 $moderated_forums = array_merge($moderated_forums, $children); 70 } 71 } 72 $moderated_forums = array_unique($moderated_forums); 73 74 $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0; 75 foreach($moderated_forums as $moderated_forum) 76 { 77 // For Announcements 78 if(is_moderator($moderated_forum, 'canmanageannouncements')) 79 { 80 ++$numannouncements; 81 } 82 83 // For the Mod Queues 84 if(is_moderator($moderated_forum, 'canapproveunapprovethreads')) 85 { 86 $flist_queue_threads .= ",'{$moderated_forum}'"; 87 ++$nummodqueuethreads; 88 } 89 90 if(is_moderator($moderated_forum, 'canapproveunapproveposts')) 91 { 92 $flist_queue_posts .= ",'{$moderated_forum}'"; 93 ++$nummodqueueposts; 94 } 95 96 if(is_moderator($moderated_forum, 'canapproveunapproveattachs')) 97 { 98 $flist_queue_attach .= ",'{$moderated_forum}'"; 99 ++$nummodqueueattach; 100 } 101 102 // For Reported posts 103 if(is_moderator($moderated_forum, 'canmanagereportedposts')) 104 { 105 $flist_reports .= ",'{$moderated_forum}'"; 106 ++$numreportedposts; 107 } 108 109 // For the Mod Log 110 if(is_moderator($moderated_forum, 'canviewmodlog')) 111 { 112 $flist_modlog .= ",'{$moderated_forum}'"; 113 ++$nummodlogs; 114 } 115 116 $flist .= ",'{$moderated_forum}'"; 117 } 118 if($flist_queue_threads) 119 { 120 $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})"; 121 $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})"; 122 } 123 if($flist_queue_posts) 124 { 125 $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})"; 126 $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})"; 127 } 128 if($flist_queue_attach) 129 { 130 $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})"; 131 $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})"; 132 } 133 if($flist_reports) 134 { 135 $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})"; 136 $tflist_reports = " AND r.id3 IN (0{$flist_reports})"; 137 $flist_reports = " AND id3 IN (0{$flist_reports})"; 138 } 139 if($flist_modlog) 140 { 141 $tflist_modlog = " AND t.fid IN (0{$flist_modlog})"; 142 $flist_modlog = " AND fid IN (0{$flist_modlog})"; 143 } 144 if($flist) 145 { 146 $tflist = " AND t.fid IN (0{$flist})"; 147 $flist = " AND fid IN (0{$flist})"; 148 } 149 } 150 151 // Retrieve a list of unviewable forums 152 $unviewableforums = get_unviewable_forums(); 153 $inactiveforums = get_inactive_forums(); 154 $unviewablefids1 = $unviewablefids2 = array(); 155 156 if($unviewableforums) 157 { 158 $flist .= " AND fid NOT IN ({$unviewableforums})"; 159 $tflist .= " AND t.fid NOT IN ({$unviewableforums})"; 160 161 $unviewablefids1 = explode(',', $unviewableforums); 162 } 163 164 if($inactiveforums) 165 { 166 $flist .= " AND fid NOT IN ({$inactiveforums})"; 167 $tflist .= " AND t.fid NOT IN ({$inactiveforums})"; 168 169 $unviewablefids2 = explode(',', $inactiveforums); 170 } 171 172 $unviewableforums = array_merge($unviewablefids1, $unviewablefids2); 173 174 if(!isset($collapsedimg['modcpforums'])) 175 { 176 $collapsedimg['modcpforums'] = ''; 177 } 178 179 if(!isset($collapsed['modcpforums_e'])) 180 { 181 $collapsed['modcpforums_e'] = ''; 182 } 183 184 if(!isset($collapsedimg['modcpusers'])) 185 { 186 $collapsedimg['modcpusers'] = ''; 187 } 188 189 if(!isset($collapsed['modcpusers_e'])) 190 { 191 $collapsed['modcpusers_e'] = ''; 192 } 193 194 // Fetch the Mod CP menu 195 $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = ''; 196 if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1) 197 { 198 eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";"); 199 } 200 201 if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1) 202 { 203 eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";"); 204 } 205 206 if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1) 207 { 208 eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";"); 209 } 210 211 if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1) 212 { 213 eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";"); 214 } 215 216 if($mybb->usergroup['caneditprofiles'] == 1) 217 { 218 eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";"); 219 } 220 221 if($mybb->usergroup['canbanusers'] == 1) 222 { 223 eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";"); 224 } 225 226 if($mybb->usergroup['canviewwarnlogs'] == 1) 227 { 228 eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";"); 229 } 230 231 if($mybb->usergroup['canuseipsearch'] == 1) 232 { 233 eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";"); 234 } 235 236 $plugins->run_hooks("modcp_nav"); 237 238 if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs)) 239 { 240 $expaltext = (in_array("modcpforums", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 241 eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";"); 242 } 243 244 if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch)) 245 { 246 $expaltext = (in_array("modcpusers", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 247 eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";"); 248 } 249 250 eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";"); 251 252 $plugins->run_hooks("modcp_start"); 253 254 // Make navigation 255 add_breadcrumb($lang->nav_modcp, "modcp.php"); 256 257 $mybb->input['action'] = $mybb->get_input('action'); 258 if($mybb->input['action'] == "do_reports") 259 { 260 // Verify incoming POST request 261 verify_post_check($mybb->get_input('my_post_key')); 262 263 $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY); 264 if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports'])) 265 { 266 error($lang->error_noselected_reports); 267 } 268 269 $message = $lang->redirect_reportsmarked; 270 271 if(isset($mybb->cookies['inlinereports'])) 272 { 273 if($mybb->cookies['inlinereports'] == '|ALL|') { 274 $message = $lang->redirect_allreportsmarked; 275 $sql = "1=1"; 276 if(isset($mybb->cookies['inlinereports_removed'])) 277 { 278 $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']); 279 $reports = array_map("intval", $inlinereportremovedlist); 280 $rids = implode("','", $reports); 281 $sql = "rid NOT IN ('0','{$rids}')"; 282 } 283 } 284 else 285 { 286 $inlinereportlist = explode("|", $mybb->cookies['inlinereports']); 287 $reports = array_map("intval", $inlinereportlist); 288 289 if(!count($reports)) 290 { 291 error($lang->error_noselected_reports); 292 } 293 294 $rids = implode("','", $reports); 295 296 $sql = "rid IN ('0','{$rids}')"; 297 } 298 } 299 else 300 { 301 $mybb->input['reports'] = array_map("intval", $mybb->input['reports']); 302 $rids = implode("','", $mybb->input['reports']); 303 304 $sql = "rid IN ('0','{$rids}')"; 305 } 306 307 $plugins->run_hooks("modcp_do_reports"); 308 309 $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}"); 310 $cache->update_reportedcontent(); 311 312 my_unsetcookie('inlinereports'); 313 my_unsetcookie('inlinereports_removed'); 314 315 $page = $mybb->get_input('page', MyBB::INPUT_INT); 316 317 redirect("modcp.php?action=reports&page={$page}", $message); 318 } 319 320 if($mybb->input['action'] == "reports") 321 { 322 if($mybb->usergroup['canmanagereportedcontent'] == 0) 323 { 324 error_no_permission(); 325 } 326 327 if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1) 328 { 329 error($lang->you_cannot_view_reported_posts); 330 } 331 332 $lang->load('report'); 333 add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports"); 334 335 $perpage = $mybb->settings['threadsperpage']; 336 if(!$perpage) 337 { 338 $perpage = 20; 339 } 340 341 // Multipage 342 if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod']) 343 { 344 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'"); 345 $report_count = $db->fetch_field($query, "count"); 346 } 347 else 348 { 349 $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')"); 350 351 $report_count = 0; 352 while($fid = $db->fetch_field($query, 'id3')) 353 { 354 if(is_moderator($fid, "canmanagereportedposts")) 355 { 356 ++$report_count; 357 } 358 } 359 unset($fid); 360 } 361 362 $page = $mybb->get_input('page', MyBB::INPUT_INT); 363 364 $postcount = (int)$report_count; 365 $pages = $postcount / $perpage; 366 $pages = ceil($pages); 367 368 if($page > $pages || $page <= 0) 369 { 370 $page = 1; 371 } 372 373 if($page && $page > 0) 374 { 375 $start = ($page-1) * $perpage; 376 } 377 else 378 { 379 $start = 0; 380 $page = 1; 381 } 382 383 $multipage = $reportspages = ''; 384 if($postcount > $perpage) 385 { 386 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports"); 387 eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 388 } 389 390 $plugins->run_hooks("modcp_reports_start"); 391 392 // Reports 393 $reports = $selectall = ''; 394 $inlinecount = 0; 395 396 $query = $db->query(" 397 SELECT r.*, u.username, rr.title 398 FROM ".TABLE_PREFIX."reportedcontent r 399 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid) 400 LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid) 401 WHERE r.reportstatus = '0'{$tflist_reports} 402 ORDER BY r.reports DESC 403 LIMIT {$start}, {$perpage} 404 "); 405 406 if(!$db->num_rows($query)) 407 { 408 // No unread reports 409 eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";"); 410 } 411 else 412 { 413 $reportedcontent = $cache->read("reportedcontent"); 414 $reportcache = $usercache = $postcache = array(); 415 416 while($report = $db->fetch_array($query)) 417 { 418 if($report['type'] == 'profile' || $report['type'] == 'reputation') 419 { 420 // Profile UID is in ID 421 if(!isset($usercache[$report['id']])) 422 { 423 $usercache[$report['id']] = $report['id']; 424 } 425 426 // Reputation comment? The offender is the ID2 427 if($report['type'] == 'reputation') 428 { 429 if(!isset($usercache[$report['id2']])) 430 { 431 $usercache[$report['id2']] = $report['id2']; 432 } 433 if(!isset($usercache[$report['id3']])) 434 { 435 // The user who was offended 436 $usercache[$report['id3']] = $report['id3']; 437 } 438 } 439 } 440 else if(!$report['type'] || $report['type'] == 'post') 441 { 442 // This (should) be a post 443 $postcache[$report['id']] = $report['id']; 444 } 445 446 // Lastpost info - is it missing (pre-1.8)? 447 $lastposter = $report['uid']; 448 if(!$report['lastreport']) 449 { 450 // Last reporter is our first reporter 451 $report['lastreport'] = $report['dateline']; 452 } 453 454 if($report['reporters']) 455 { 456 $reporters = my_unserialize($report['reporters']); 457 458 if(is_array($reporters)) 459 { 460 $lastposter = end($reporters); 461 } 462 } 463 464 if(!isset($usercache[$lastposter])) 465 { 466 $usercache[$lastposter] = $lastposter; 467 } 468 469 $report['lastreporter'] = $lastposter; 470 $reportcache[] = $report; 471 } 472 473 // Report Center gets messy 474 // Find information about our users (because we don't log it when they file a report) 475 if(!empty($usercache)) 476 { 477 $sql = implode(',', array_keys($usercache)); 478 $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})"); 479 480 while($user = $db->fetch_array($query)) 481 { 482 $usercache[$user['uid']] = $user; 483 } 484 } 485 486 // Messy * 2 487 // Find out post information for our reported posts 488 if(!empty($postcache)) 489 { 490 $sql = implode(',', array_keys($postcache)); 491 $query = $db->query(" 492 SELECT p.pid, p.uid, p.username, p.tid, t.subject 493 FROM ".TABLE_PREFIX."posts p 494 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid) 495 WHERE p.pid IN ({$sql}) 496 "); 497 498 while($post = $db->fetch_array($query)) 499 { 500 $postcache[$post['pid']] = $post; 501 } 502 } 503 504 $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache)); 505 $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count); 506 $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count); 507 eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";"); 508 509 $plugins->run_hooks('modcp_reports_intermediate'); 510 511 // Now that we have all of the information needed, display the reports 512 foreach($reportcache as $report) 513 { 514 $trow = alt_trow(); 515 516 if(!$report['type']) 517 { 518 // Assume a post 519 $report['type'] = 'post'; 520 } 521 522 // Report Information 523 $report_data = array(); 524 525 switch($report['type']) 526 { 527 case 'post': 528 $post = get_post_link($report['id'])."#pid{$report['id']}"; 529 $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']); 530 $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user); 531 532 $thread_link = get_thread_link($postcache[$report['id']]['tid']); 533 $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject'])); 534 $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject); 535 536 break; 537 case 'profile': 538 $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']); 539 $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user); 540 break; 541 case 'reputation': 542 $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}"; 543 $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']); 544 $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user); 545 546 $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']); 547 $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user); 548 break; 549 } 550 551 // Report reason and comment 552 if($report['reasonid'] > 0) 553 { 554 $reason = htmlspecialchars_uni($lang->parse($report['title'])); 555 556 if(empty($report['reason'])) 557 { 558 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";"); 559 } 560 else 561 { 562 $comment = htmlspecialchars_uni($report['reason']); 563 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";"); 564 } 565 } 566 else 567 { 568 $report_data['comment'] = $lang->na; 569 } 570 571 $report_reports = 1; 572 if($report['reports']) 573 { 574 $report_data['reports'] = my_number_format($report['reports']); 575 } 576 577 if($report['lastreporter']) 578 { 579 if(is_array($usercache[$report['lastreporter']])) 580 { 581 $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']); 582 } 583 elseif($usercache[$report['lastreporter']] > 0) 584 { 585 $lastreport_user = htmlspecialchars_uni($lang->na_deleted); 586 } 587 588 $lastreport_date = my_date('relative', $report['lastreport']); 589 $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user); 590 } 591 592 $inlinecheck = ''; 593 if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false) 594 { 595 $inlinecheck = " checked=\"checked\""; 596 ++$inlinecount; 597 } 598 599 $plugins->run_hooks("modcp_reports_report"); 600 eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";"); 601 } 602 } 603 604 $plugins->run_hooks("modcp_reports_end"); 605 606 eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";"); 607 output_page($reportedcontent); 608 } 609 610 if($mybb->input['action'] == "allreports") 611 { 612 if($mybb->usergroup['canmanagereportedcontent'] == 0) 613 { 614 error_no_permission(); 615 } 616 617 $lang->load('report'); 618 619 add_breadcrumb($lang->report_center, "modcp.php?action=reports"); 620 add_breadcrumb($lang->all_reports, "modcp.php?action=allreports"); 621 622 if(!$mybb->settings['threadsperpage']) 623 { 624 $mybb->settings['threadsperpage'] = 20; 625 } 626 627 // Figure out if we need to display multiple pages. 628 $perpage = $mybb->settings['threadsperpage']; 629 if($mybb->get_input('page') != "last") 630 { 631 $page = $mybb->get_input('page', MyBB::INPUT_INT); 632 } 633 634 if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod']) 635 { 636 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count"); 637 $report_count = $db->fetch_field($query, "count"); 638 } 639 else 640 { 641 $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''"); 642 643 $report_count = 0; 644 while($fid = $db->fetch_field($query, 'id3')) 645 { 646 if(is_moderator($fid, "canmanagereportedposts")) 647 { 648 ++$report_count; 649 } 650 } 651 unset($fid); 652 } 653 654 if(isset($mybb->input['rid'])) 655 { 656 $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT); 657 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'"); 658 $result = $db->fetch_field($query, "count"); 659 if(($result % $perpage) == 0) 660 { 661 $page = $result / $perpage; 662 } 663 else 664 { 665 $page = (int)$result / $perpage + 1; 666 } 667 } 668 $postcount = (int)$report_count; 669 $pages = $postcount / $perpage; 670 $pages = ceil($pages); 671 672 if($mybb->get_input('page') == "last") 673 { 674 $page = $pages; 675 } 676 677 if($page > $pages || $page <= 0) 678 { 679 $page = 1; 680 } 681 682 if($page) 683 { 684 $start = ($page-1) * $perpage; 685 } 686 else 687 { 688 $start = 0; 689 $page = 1; 690 } 691 $upper = $start+$perpage; 692 693 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports"); 694 $allreportspages = ''; 695 if($postcount > $perpage) 696 { 697 eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 698 } 699 700 $plugins->run_hooks("modcp_allreports_start"); 701 702 $query = $db->query(" 703 SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title 704 FROM ".TABLE_PREFIX."reportedcontent r 705 LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid) 706 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid) 707 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid) 708 LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid) 709 LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id) 710 LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2) 711 LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid) 712 {$wflist_reports} 713 ORDER BY r.dateline DESC 714 LIMIT {$start}, {$perpage} 715 "); 716 717 $allreports = ''; 718 if(!$db->num_rows($query)) 719 { 720 eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";"); 721 } 722 else 723 { 724 while($report = $db->fetch_array($query)) 725 { 726 $trow = alt_trow(); 727 728 if($report['type'] == 'post') 729 { 730 $post = get_post_link($report['id'])."#pid{$report['id']}"; 731 $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']); 732 $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user); 733 734 $thread_link = get_thread_link($report['id2']); 735 $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject'])); 736 $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject); 737 } 738 else if($report['type'] == 'profile') 739 { 740 $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']); 741 $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user); 742 } 743 else if($report['type'] == 'reputation') 744 { 745 $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']); 746 $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}"; 747 $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user); 748 } 749 750 // Report reason and comment 751 if($report['reasonid'] > 0) 752 { 753 $reason = htmlspecialchars_uni($lang->parse($report['title'])); 754 755 if(empty($report['reason'])) 756 { 757 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";"); 758 } 759 else 760 { 761 $comment = htmlspecialchars_uni($report['reason']); 762 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";"); 763 } 764 } 765 else 766 { 767 $report_data['comment'] = $lang->na; 768 } 769 770 $report['reporterlink'] = get_profile_link($report['uid']); 771 if(!$report['username']) 772 { 773 $report['username'] = $lang->na_deleted; 774 $report['reporterlink'] = $post; 775 } 776 $report['username'] = htmlspecialchars_uni($report['username']); 777 778 $report_data['reports'] = my_number_format($report['reports']); 779 $report_data['time'] = my_date('relative', $report['dateline']); 780 781 $plugins->run_hooks("modcp_allreports_report"); 782 eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";"); 783 } 784 } 785 786 $plugins->run_hooks("modcp_allreports_end"); 787 788 eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";"); 789 output_page($allreportedcontent); 790 } 791 792 if($mybb->input['action'] == "modlogs") 793 { 794 if($mybb->usergroup['canviewmodlogs'] == 0) 795 { 796 error_no_permission(); 797 } 798 799 if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1) 800 { 801 error($lang->you_cannot_view_mod_logs); 802 } 803 804 add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs"); 805 806 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 807 if(!$perpage || $perpage <= 0) 808 { 809 $perpage = $mybb->settings['threadsperpage']; 810 } 811 812 $where = ''; 813 814 // Searching for entries by a particular user 815 if($mybb->get_input('uid', MyBB::INPUT_INT)) 816 { 817 $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"; 818 } 819 820 // Searching for entries in a specific forum 821 if($mybb->get_input('fid', MyBB::INPUT_INT)) 822 { 823 $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'"; 824 } 825 826 $mybb->input['sortby'] = $mybb->get_input('sortby'); 827 828 // Order? 829 switch($mybb->input['sortby']) 830 { 831 case "username": 832 $sortby = "u.username"; 833 break; 834 case "forum": 835 $sortby = "f.name"; 836 break; 837 case "thread": 838 $sortby = "t.subject"; 839 break; 840 default: 841 $sortby = "l.dateline"; 842 } 843 $order = $mybb->get_input('order'); 844 if($order != "asc") 845 { 846 $order = "desc"; 847 } 848 849 $plugins->run_hooks("modcp_modlogs_start"); 850 851 $query = $db->query(" 852 SELECT COUNT(l.dateline) AS count 853 FROM ".TABLE_PREFIX."moderatorlog l 854 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 855 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 856 WHERE 1=1 {$where}{$tflist_modlog} 857 "); 858 $rescount = $db->fetch_field($query, "count"); 859 860 // Figure out if we need to display multiple pages. 861 if($mybb->get_input('page') != "last") 862 { 863 $page = $mybb->get_input('page', MyBB::INPUT_INT); 864 } 865 866 $postcount = (int)$rescount; 867 $pages = $postcount / $perpage; 868 $pages = ceil($pages); 869 870 if($mybb->get_input('page') == "last") 871 { 872 $page = $pages; 873 } 874 875 if($page > $pages || $page <= 0) 876 { 877 $page = 1; 878 } 879 880 if($page) 881 { 882 $start = ($page-1) * $perpage; 883 } 884 else 885 { 886 $start = 0; 887 $page = 1; 888 } 889 890 $page_url = 'modcp.php?action=modlogs&perpage='.$perpage; 891 foreach(array('uid', 'fid') as $field) 892 { 893 $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT); 894 if(!empty($mybb->input[$field])) 895 { 896 $page_url .= "&{$field}=".$mybb->input[$field]; 897 } 898 } 899 foreach(array('sortby', 'order') as $field) 900 { 901 $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 902 if(!empty($mybb->input[$field])) 903 { 904 $page_url .= "&{$field}=".$mybb->input[$field]; 905 } 906 } 907 908 $multipage = multipage($postcount, $perpage, $page, $page_url); 909 $resultspages = ''; 910 if($postcount > $perpage) 911 { 912 eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";"); 913 } 914 $query = $db->query(" 915 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 916 FROM ".TABLE_PREFIX."moderatorlog l 917 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 918 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 919 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 920 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 921 WHERE 1=1 {$where}{$tflist_modlog} 922 ORDER BY {$sortby} {$order} 923 LIMIT {$start}, {$perpage} 924 "); 925 $results = ''; 926 while($logitem = $db->fetch_array($query)) 927 { 928 $information = ''; 929 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 930 $log_date = my_date('relative', $logitem['dateline']); 931 $trow = alt_trow(); 932 if($logitem['username']) 933 { 934 $logitem['username'] = htmlspecialchars_uni($logitem['username']); 935 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 936 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 937 } 938 else 939 { 940 $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted); 941 } 942 $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress'])); 943 944 if($logitem['tsubject']) 945 { 946 $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject'])); 947 $logitem['thread'] = get_thread_link($logitem['tid']); 948 eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";"); 949 } 950 if($logitem['fname']) 951 { 952 $logitem['forum'] = get_forum_link($logitem['fid']); 953 eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";"); 954 } 955 if($logitem['psubject']) 956 { 957 $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject'])); 958 $logitem['post'] = get_post_link($logitem['pid']); 959 eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";"); 960 } 961 962 // Edited a user or managed announcement? 963 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 964 { 965 $data = my_unserialize($logitem['data']); 966 if(!empty($data['uid'])) 967 { 968 $data['username'] = htmlspecialchars_uni($data['username']); 969 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 970 } 971 if(!empty($data['aid'])) 972 { 973 $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject'])); 974 $data['announcement'] = get_announcement_link($data['aid']); 975 eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";"); 976 } 977 } 978 979 $plugins->run_hooks("modcp_modlogs_result"); 980 981 eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";"); 982 } 983 984 if(!$results) 985 { 986 eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";"); 987 } 988 989 $plugins->run_hooks("modcp_modlogs_filter"); 990 991 // Fetch filter options 992 $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => ''); 993 $sortbysel[$mybb->input['sortby']] = "selected=\"selected\""; 994 $ordersel = array('asc' => '', 'desc' => ''); 995 $ordersel[$order] = "selected=\"selected\""; 996 $user_options = ''; 997 $query = $db->query(" 998 SELECT DISTINCT l.uid, u.username 999 FROM ".TABLE_PREFIX."moderatorlog l 1000 LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid) 1001 ORDER BY u.username ASC 1002 "); 1003 while($user = $db->fetch_array($query)) 1004 { 1005 // Deleted Users 1006 if(!$user['username']) 1007 { 1008 $user['username'] = $lang->na_deleted; 1009 } 1010 1011 $selected = ''; 1012 if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid']) 1013 { 1014 $selected = " selected=\"selected\""; 1015 } 1016 1017 $user['username'] = htmlspecialchars_uni($user['username']); 1018 eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";"); 1019 } 1020 1021 $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid"); 1022 1023 eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";"); 1024 output_page($modlogs); 1025 } 1026 1027 if($mybb->input['action'] == "do_delete_announcement") 1028 { 1029 verify_post_check($mybb->get_input('my_post_key')); 1030 1031 if($mybb->usergroup['canmanageannounce'] == 0) 1032 { 1033 error_no_permission(); 1034 } 1035 1036 $aid = $mybb->get_input('aid'); 1037 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 1038 $announcement = $db->fetch_array($query); 1039 1040 if(!$announcement) 1041 { 1042 error($lang->error_invalid_announcement); 1043 } 1044 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1045 { 1046 error_no_permission(); 1047 } 1048 1049 $plugins->run_hooks("modcp_do_delete_announcement"); 1050 1051 $db->delete_query("announcements", "aid='{$aid}'"); 1052 log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted); 1053 $cache->update_forumsdisplay(); 1054 1055 redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement); 1056 } 1057 1058 if($mybb->input['action'] == "delete_announcement") 1059 { 1060 if($mybb->usergroup['canmanageannounce'] == 0) 1061 { 1062 error_no_permission(); 1063 } 1064 1065 $aid = $mybb->get_input('aid'); 1066 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 1067 1068 $announcement = $db->fetch_array($query); 1069 $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); 1070 1071 if(!$announcement) 1072 { 1073 error($lang->error_invalid_announcement); 1074 } 1075 1076 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1077 { 1078 error_no_permission(); 1079 } 1080 1081 $plugins->run_hooks("modcp_delete_announcement"); 1082 1083 eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";"); 1084 output_page($announcements); 1085 } 1086 1087 if($mybb->input['action'] == "do_new_announcement") 1088 { 1089 verify_post_check($mybb->get_input('my_post_key')); 1090 1091 if($mybb->usergroup['canmanageannounce'] == 0) 1092 { 1093 error_no_permission(); 1094 } 1095 1096 $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT); 1097 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums))) 1098 { 1099 error_no_permission(); 1100 } 1101 1102 $errors = array(); 1103 1104 $mybb->input['title'] = $mybb->get_input('title'); 1105 if(!trim($mybb->input['title'])) 1106 { 1107 $errors[] = $lang->error_missing_title; 1108 } 1109 1110 $mybb->input['message'] = $mybb->get_input('message'); 1111 if(!trim($mybb->input['message'])) 1112 { 1113 $errors[] = $lang->error_missing_message; 1114 } 1115 1116 if(!$announcement_fid) 1117 { 1118 $errors[] = $lang->error_missing_forum; 1119 } 1120 1121 $mybb->input['starttime_time'] = $mybb->get_input('starttime_time'); 1122 $mybb->input['endtime_time'] = $mybb->get_input('endtime_time'); 1123 $startdate = @explode(" ", $mybb->input['starttime_time']); 1124 $startdate = @explode(":", $startdate[0]); 1125 $enddate = @explode(" ", $mybb->input['endtime_time']); 1126 $enddate = @explode(":", $enddate[0]); 1127 1128 if(stristr($mybb->input['starttime_time'], "pm")) 1129 { 1130 $startdate[0] = 12+$startdate[0]; 1131 if($startdate[0] >= 24) 1132 { 1133 $startdate[0] = "00"; 1134 } 1135 } 1136 1137 if(stristr($mybb->input['endtime_time'], "pm")) 1138 { 1139 $enddate[0] = 12+$enddate[0]; 1140 if($enddate[0] >= 24) 1141 { 1142 $enddate[0] = "00"; 1143 } 1144 } 1145 1146 $mybb->input['starttime_month'] = $mybb->get_input('starttime_month'); 1147 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1148 if(!in_array($mybb->input['starttime_month'], $months)) 1149 { 1150 $mybb->input['starttime_month'] = '01'; 1151 } 1152 1153 $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1154 1155 $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1156 if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false) 1157 { 1158 $errors[] = $lang->error_invalid_start_date; 1159 } 1160 1161 if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) 1162 { 1163 $enddate = '0'; 1164 $mybb->input['endtime_month'] = '01'; 1165 } 1166 else 1167 { 1168 $mybb->input['endtime_month'] = $mybb->get_input('endtime_month'); 1169 if(!in_array($mybb->input['endtime_month'], $months)) 1170 { 1171 $mybb->input['endtime_month'] = '01'; 1172 } 1173 $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1174 if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false) 1175 { 1176 $errors[] = $lang->error_invalid_end_date; 1177 } 1178 1179 if($enddate <= $startdate) 1180 { 1181 $errors[] = $lang->error_end_before_start; 1182 } 1183 } 1184 1185 if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1) 1186 { 1187 $allowhtml = 1; 1188 } 1189 else 1190 { 1191 $allowhtml = 0; 1192 } 1193 if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1) 1194 { 1195 $allowmycode = 1; 1196 } 1197 else 1198 { 1199 $allowmycode = 0; 1200 } 1201 if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1) 1202 { 1203 $allowsmilies = 1; 1204 } 1205 else 1206 { 1207 $allowsmilies = 0; 1208 } 1209 1210 $plugins->run_hooks("modcp_do_new_announcement_start"); 1211 1212 if(!$errors) 1213 { 1214 if(isset($mybb->input['preview'])) 1215 { 1216 $preview = array(); 1217 $mybb->input['action'] = 'new_announcement'; 1218 } 1219 else 1220 { 1221 $insert_announcement = array( 1222 'fid' => $announcement_fid, 1223 'uid' => $mybb->user['uid'], 1224 'subject' => $db->escape_string($mybb->input['title']), 1225 'message' => $db->escape_string($mybb->input['message']), 1226 'startdate' => $startdate, 1227 'enddate' => $enddate, 1228 'allowhtml' => $allowhtml, 1229 'allowmycode' => $allowmycode, 1230 'allowsmilies' => $allowsmilies 1231 ); 1232 $aid = $db->insert_query("announcements", $insert_announcement); 1233 1234 log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added); 1235 1236 $plugins->run_hooks("modcp_do_new_announcement_end"); 1237 1238 $cache->update_forumsdisplay(); 1239 redirect("modcp.php?action=announcements", $lang->redirect_add_announcement); 1240 } 1241 } 1242 else 1243 { 1244 $mybb->input['action'] = 'new_announcement'; 1245 } 1246 } 1247 1248 if($mybb->input['action'] == "new_announcement") 1249 { 1250 if($mybb->usergroup['canmanageannounce'] == 0) 1251 { 1252 error_no_permission(); 1253 } 1254 1255 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1256 add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements"); 1257 1258 $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT); 1259 1260 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums))) 1261 { 1262 error_no_permission(); 1263 } 1264 1265 // Deal with inline errors 1266 if(!empty($errors) || isset($preview)) 1267 { 1268 if(!empty($errors)) 1269 { 1270 $errors = inline_error($errors); 1271 } 1272 else 1273 { 1274 $errors = ''; 1275 } 1276 1277 // Set $announcement to input stuff 1278 $announcement['subject'] = $mybb->input['title']; 1279 $announcement['message'] = $mybb->input['message']; 1280 $announcement['allowhtml'] = $allowhtml; 1281 $announcement['allowmycode'] = $allowmycode; 1282 $announcement['allowsmilies'] = $allowsmilies; 1283 1284 $startmonth = $mybb->input['starttime_month']; 1285 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1286 $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT); 1287 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1288 $endmonth = $mybb->input['endtime_month']; 1289 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1290 $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT); 1291 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1292 } 1293 else 1294 { 1295 $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1296 1297 $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time); 1298 $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time); 1299 $startday = $endday = gmdate("j", $localized_time); 1300 $startmonth = $endmonth = gmdate("m", $localized_time); 1301 $startdateyear = gmdate("Y", $localized_time); 1302 1303 $announcement = array( 1304 'subject' => '', 1305 'message' => '', 1306 'allowhtml' => 0, 1307 'allowmycode' => 1, 1308 'allowsmilies' => 1 1309 ); 1310 1311 $enddateyear = $startdateyear+1; 1312 } 1313 1314 // Generate form elements 1315 $startdateday = $enddateday = ''; 1316 for($day = 1; $day <= 31; ++$day) 1317 { 1318 if($startday == $day) 1319 { 1320 $selected = " selected=\"selected\""; 1321 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1322 } 1323 else 1324 { 1325 $selected = ''; 1326 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1327 } 1328 1329 if($endday == $day) 1330 { 1331 $selected = " selected=\"selected\""; 1332 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1333 } 1334 else 1335 { 1336 $selected = ''; 1337 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1338 } 1339 } 1340 1341 $startmonthsel = $endmonthsel = array(); 1342 foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month) 1343 { 1344 $startmonthsel[$month] = ''; 1345 $endmonthsel[$month] = ''; 1346 } 1347 $startmonthsel[$startmonth] = "selected=\"selected\""; 1348 $endmonthsel[$endmonth] = "selected=\"selected\""; 1349 1350 $startdatemonth = $enddatemonth = ''; 1351 1352 eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";"); 1353 eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";"); 1354 1355 $title = htmlspecialchars_uni($announcement['subject']); 1356 $message = htmlspecialchars_uni($announcement['message']); 1357 1358 $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => ''); 1359 1360 if($mybb->settings['announcementshtml']) 1361 { 1362 if($announcement['allowhtml']) 1363 { 1364 $html_sel['yes'] = ' checked="checked"'; 1365 } 1366 else 1367 { 1368 $html_sel['no'] = ' checked="checked"'; 1369 } 1370 1371 eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";"); 1372 } 1373 else 1374 { 1375 $allow_html = ''; 1376 } 1377 1378 if($announcement['allowmycode']) 1379 { 1380 $mycode_sel['yes'] = ' checked="checked"'; 1381 } 1382 else 1383 { 1384 $mycode_sel['no'] = ' checked="checked"'; 1385 } 1386 1387 if($announcement['allowsmilies']) 1388 { 1389 $smilies_sel['yes'] = ' checked="checked"'; 1390 } 1391 else 1392 { 1393 $smilies_sel['no'] = ' checked="checked"'; 1394 } 1395 1396 $end_type_sel = array('infinite' => '', 'finite' => ''); 1397 if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2) 1398 { 1399 $end_type_sel['infinite'] = ' checked="checked"'; 1400 } 1401 else 1402 { 1403 $end_type_sel['finite'] = ' checked="checked"'; 1404 } 1405 1406 // MyCode editor 1407 $codebuttons = build_mycode_inserter(); 1408 $smilieinserter = build_clickable_smilies(); 1409 1410 if(isset($preview)) 1411 { 1412 $announcementarray = array( 1413 'aid' => 0, 1414 'fid' => $announcement_fid, 1415 'uid' => $mybb->user['uid'], 1416 'subject' => $mybb->input['title'], 1417 'message' => $mybb->input['message'], 1418 'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT), 1419 'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT), 1420 'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT), 1421 'dateline' => TIME_NOW, 1422 'userusername' => $mybb->user['username'], 1423 ); 1424 1425 $array = $mybb->user; 1426 foreach($array as $key => $element) 1427 { 1428 $announcementarray[$key] = $element; 1429 } 1430 1431 // Gather usergroup data from the cache 1432 // Field => Array Key 1433 $data_key = array( 1434 'title' => 'grouptitle', 1435 'usertitle' => 'groupusertitle', 1436 'stars' => 'groupstars', 1437 'starimage' => 'groupstarimage', 1438 'image' => 'groupimage', 1439 'namestyle' => 'namestyle', 1440 'usereputationsystem' => 'usereputationsystem' 1441 ); 1442 1443 foreach($data_key as $field => $key) 1444 { 1445 $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; 1446 } 1447 1448 require_once MYBB_ROOT."inc/functions_post.php"; 1449 $postbit = build_postbit($announcementarray, 3); 1450 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1451 } 1452 else 1453 { 1454 $preview = ''; 1455 } 1456 1457 $plugins->run_hooks("modcp_new_announcement"); 1458 1459 eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";"); 1460 output_page($announcements); 1461 } 1462 1463 if($mybb->input['action'] == "do_edit_announcement") 1464 { 1465 verify_post_check($mybb->get_input('my_post_key')); 1466 1467 if($mybb->usergroup['canmanageannounce'] == 0) 1468 { 1469 error_no_permission(); 1470 } 1471 1472 // Get the announcement 1473 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 1474 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 1475 $announcement = $db->fetch_array($query); 1476 1477 // Check that it exists 1478 if(!$announcement) 1479 { 1480 error($lang->error_invalid_announcement); 1481 } 1482 1483 // Mod has permissions to edit this announcement 1484 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1485 { 1486 error_no_permission(); 1487 } 1488 1489 $errors = array(); 1490 1491 // Basic error checking 1492 $mybb->input['title'] = $mybb->get_input('title'); 1493 if(!trim($mybb->input['title'])) 1494 { 1495 $errors[] = $lang->error_missing_title; 1496 } 1497 1498 $mybb->input['message'] = $mybb->get_input('message'); 1499 if(!trim($mybb->input['message'])) 1500 { 1501 $errors[] = $lang->error_missing_message; 1502 } 1503 1504 $mybb->input['starttime_time'] = $mybb->get_input('starttime_time'); 1505 $mybb->input['endtime_time'] = $mybb->get_input('endtime_time'); 1506 $startdate = @explode(" ", $mybb->input['starttime_time']); 1507 $startdate = @explode(":", $startdate[0]); 1508 $enddate = @explode(" ", $mybb->input['endtime_time']); 1509 $enddate = @explode(":", $enddate[0]); 1510 1511 if(stristr($mybb->input['starttime_time'], "pm")) 1512 { 1513 $startdate[0] = 12+$startdate[0]; 1514 if($startdate[0] >= 24) 1515 { 1516 $startdate[0] = "00"; 1517 } 1518 } 1519 1520 if(stristr($mybb->input['endtime_time'], "pm")) 1521 { 1522 $enddate[0] = 12+$enddate[0]; 1523 if($enddate[0] >= 24) 1524 { 1525 $enddate[0] = "00"; 1526 } 1527 } 1528 1529 $mybb->input['starttime_month'] = $mybb->get_input('starttime_month'); 1530 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1531 if(!in_array($mybb->input['starttime_month'], $months)) 1532 { 1533 $mybb->input['starttime_month'] = '01'; 1534 } 1535 1536 $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1537 1538 $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1539 if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false) 1540 { 1541 $errors[] = $lang->error_invalid_start_date; 1542 } 1543 1544 if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2") 1545 { 1546 $enddate = '0'; 1547 $mybb->input['endtime_month'] = '01'; 1548 } 1549 else 1550 { 1551 $mybb->input['endtime_month'] = $mybb->get_input('endtime_month'); 1552 if(!in_array($mybb->input['endtime_month'], $months)) 1553 { 1554 $mybb->input['endtime_month'] = '01'; 1555 } 1556 $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1557 if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false) 1558 { 1559 $errors[] = $lang->error_invalid_end_date; 1560 } 1561 elseif($enddate <= $startdate) 1562 { 1563 $errors[] = $lang->error_end_before_start; 1564 } 1565 } 1566 1567 if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1) 1568 { 1569 $allowhtml = 1; 1570 } 1571 else 1572 { 1573 $allowhtml = 0; 1574 } 1575 if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1) 1576 { 1577 $allowmycode = 1; 1578 } 1579 else 1580 { 1581 $allowmycode = 0; 1582 } 1583 if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1) 1584 { 1585 $allowsmilies = 1; 1586 } 1587 else 1588 { 1589 $allowsmilies = 0; 1590 } 1591 1592 $plugins->run_hooks("modcp_do_edit_announcement_start"); 1593 1594 // Proceed to update if no errors 1595 if(!$errors) 1596 { 1597 if(isset($mybb->input['preview'])) 1598 { 1599 $preview = array(); 1600 $mybb->input['action'] = 'edit_announcement'; 1601 } 1602 else 1603 { 1604 $update_announcement = array( 1605 'uid' => $mybb->user['uid'], 1606 'subject' => $db->escape_string($mybb->input['title']), 1607 'message' => $db->escape_string($mybb->input['message']), 1608 'startdate' => $startdate, 1609 'enddate' => $enddate, 1610 'allowhtml' => $allowhtml, 1611 'allowmycode' => $allowmycode, 1612 'allowsmilies' => $allowsmilies 1613 ); 1614 $db->update_query("announcements", $update_announcement, "aid='{$aid}'"); 1615 1616 log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited); 1617 1618 $plugins->run_hooks("modcp_do_edit_announcement_end"); 1619 1620 $cache->update_forumsdisplay(); 1621 redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement); 1622 } 1623 } 1624 else 1625 { 1626 $mybb->input['action'] = 'edit_announcement'; 1627 } 1628 } 1629 1630 if($mybb->input['action'] == "edit_announcement") 1631 { 1632 if($mybb->usergroup['canmanageannounce'] == 0) 1633 { 1634 error_no_permission(); 1635 } 1636 1637 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 1638 1639 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1640 add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&aid={$aid}"); 1641 1642 // Get announcement 1643 if(!isset($announcement) || $mybb->request_method != 'post') 1644 { 1645 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 1646 $announcement = $db->fetch_array($query); 1647 } 1648 1649 if(!$announcement) 1650 { 1651 error($lang->error_invalid_announcement); 1652 } 1653 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1654 { 1655 error_no_permission(); 1656 } 1657 1658 if(!$announcement['startdate']) 1659 { 1660 // No start date? Make it now. 1661 $announcement['startdate'] = TIME_NOW; 1662 } 1663 1664 $makeshift_end = false; 1665 if(!$announcement['enddate']) 1666 { 1667 $makeshift_end = true; 1668 $makeshift_time = TIME_NOW; 1669 if($announcement['startdate']) 1670 { 1671 $makeshift_time = $announcement['startdate']; 1672 } 1673 1674 // No end date? Make it a year from now. 1675 $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366); 1676 } 1677 1678 // Deal with inline errors 1679 if(!empty($errors) || isset($preview)) 1680 { 1681 if(!empty($errors)) 1682 { 1683 $errors = inline_error($errors); 1684 } 1685 else 1686 { 1687 $errors = ''; 1688 } 1689 1690 // Set $announcement to input stuff 1691 $announcement['subject'] = $mybb->input['title']; 1692 $announcement['message'] = $mybb->input['message']; 1693 $announcement['allowhtml'] = $allowhtml; 1694 $announcement['allowmycode'] = $allowmycode; 1695 $announcement['allowsmilies'] = $allowsmilies; 1696 1697 $startmonth = $mybb->input['starttime_month']; 1698 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1699 $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT); 1700 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1701 $endmonth = $mybb->input['endtime_month']; 1702 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1703 $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT); 1704 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1705 1706 $errored = true; 1707 } 1708 else 1709 { 1710 $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1711 $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1712 1713 $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate); 1714 $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate); 1715 1716 $startday = gmdate('j', $localized_time_startdate); 1717 $endday = gmdate('j', $localized_time_enddate); 1718 1719 $startmonth = gmdate('m', $localized_time_startdate); 1720 $endmonth = gmdate('m', $localized_time_enddate); 1721 1722 $startdateyear = gmdate('Y', $localized_time_startdate); 1723 $enddateyear = gmdate('Y', $localized_time_enddate); 1724 1725 $errored = false; 1726 } 1727 1728 // Generate form elements 1729 $startdateday = $enddateday = ''; 1730 for($day = 1; $day <= 31; ++$day) 1731 { 1732 if($startday == $day) 1733 { 1734 $selected = " selected=\"selected\""; 1735 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1736 } 1737 else 1738 { 1739 $selected = ''; 1740 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1741 } 1742 1743 if($endday == $day) 1744 { 1745 $selected = " selected=\"selected\""; 1746 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1747 } 1748 else 1749 { 1750 $selected = ''; 1751 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1752 } 1753 } 1754 1755 $startmonthsel = $endmonthsel = array(); 1756 foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month) 1757 { 1758 $startmonthsel[$month] = ''; 1759 $endmonthsel[$month] = ''; 1760 } 1761 $startmonthsel[$startmonth] = "selected=\"selected\""; 1762 $endmonthsel[$endmonth] = "selected=\"selected\""; 1763 1764 $startdatemonth = $enddatemonth = ''; 1765 1766 eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";"); 1767 eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";"); 1768 1769 $title = htmlspecialchars_uni($announcement['subject']); 1770 $message = htmlspecialchars_uni($announcement['message']); 1771 1772 $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => ''); 1773 1774 if($mybb->settings['announcementshtml']) 1775 { 1776 if($announcement['allowhtml']) 1777 { 1778 $html_sel['yes'] = ' checked="checked"'; 1779 } 1780 else 1781 { 1782 $html_sel['no'] = ' checked="checked"'; 1783 } 1784 1785 eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";"); 1786 } 1787 else 1788 { 1789 $allow_html = ''; 1790 } 1791 1792 if($announcement['allowmycode']) 1793 { 1794 $mycode_sel['yes'] = ' checked="checked"'; 1795 } 1796 else 1797 { 1798 $mycode_sel['no'] = ' checked="checked"'; 1799 } 1800 1801 if($announcement['allowsmilies']) 1802 { 1803 $smilies_sel['yes'] = ' checked="checked"'; 1804 } 1805 else 1806 { 1807 $smilies_sel['no'] = ' checked="checked"'; 1808 } 1809 1810 $end_type_sel = array('infinite' => '', 'finite' => ''); 1811 if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true) 1812 { 1813 $end_type_sel['infinite'] = ' checked="checked"'; 1814 } 1815 else 1816 { 1817 $end_type_sel['finite'] = ' checked="checked"'; 1818 } 1819 1820 // MyCode editor 1821 $codebuttons = build_mycode_inserter(); 1822 $smilieinserter = build_clickable_smilies(); 1823 1824 if(isset($preview)) 1825 { 1826 $announcementarray = array( 1827 'aid' => $announcement['aid'], 1828 'fid' => $announcement['fid'], 1829 'uid' => $mybb->user['uid'], 1830 'subject' => $mybb->input['title'], 1831 'message' => $mybb->input['message'], 1832 'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT), 1833 'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT), 1834 'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT), 1835 'dateline' => TIME_NOW, 1836 'userusername' => $mybb->user['username'], 1837 ); 1838 1839 $array = $mybb->user; 1840 foreach($array as $key => $element) 1841 { 1842 $announcementarray[$key] = $element; 1843 } 1844 1845 // Gather usergroup data from the cache 1846 // Field => Array Key 1847 $data_key = array( 1848 'title' => 'grouptitle', 1849 'usertitle' => 'groupusertitle', 1850 'stars' => 'groupstars', 1851 'starimage' => 'groupstarimage', 1852 'image' => 'groupimage', 1853 'namestyle' => 'namestyle', 1854 'usereputationsystem' => 'usereputationsystem' 1855 ); 1856 1857 foreach($data_key as $field => $key) 1858 { 1859 $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; 1860 } 1861 1862 require_once MYBB_ROOT."inc/functions_post.php"; 1863 $postbit = build_postbit($announcementarray, 3); 1864 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1865 } 1866 else 1867 { 1868 $preview = ''; 1869 } 1870 1871 $plugins->run_hooks("modcp_edit_announcement"); 1872 1873 eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";"); 1874 output_page($announcements); 1875 } 1876 1877 if($mybb->input['action'] == "announcements") 1878 { 1879 if($mybb->usergroup['canmanageannounce'] == 0) 1880 { 1881 error_no_permission(); 1882 } 1883 1884 if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1) 1885 { 1886 error($lang->you_cannot_manage_announcements); 1887 } 1888 1889 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1890 1891 // Fetch announcements into their proper arrays 1892 $query = $db->simple_select("announcements", "aid, fid, subject, enddate"); 1893 $announcements = $global_announcements = array(); 1894 while($announcement = $db->fetch_array($query)) 1895 { 1896 if($announcement['fid'] == -1) 1897 { 1898 $global_announcements[$announcement['aid']] = $announcement; 1899 continue; 1900 } 1901 $announcements[$announcement['fid']][$announcement['aid']] = $announcement; 1902 } 1903 1904 $announcements_global = ''; 1905 if($mybb->usergroup['issupermod'] == 1) 1906 { 1907 if($global_announcements && $mybb->usergroup['issupermod'] == 1) 1908 { 1909 // Get the global announcements 1910 foreach($global_announcements as $aid => $announcement) 1911 { 1912 $trow = alt_trow(); 1913 if((isset($announcement['startdate']) && $announcement['startdate'] > TIME_NOW) || (isset($announcement['enddate']) && $announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0)) 1914 { 1915 eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";"); 1916 } 1917 else 1918 { 1919 eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";"); 1920 } 1921 1922 $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); 1923 1924 eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";"); 1925 } 1926 } 1927 else 1928 { 1929 // No global announcements 1930 eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";"); 1931 } 1932 eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";"); 1933 } 1934 1935 $announcements_forum = ''; 1936 fetch_forum_announcements(); 1937 1938 if(!$announcements_forum) 1939 { 1940 eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";"); 1941 } 1942 1943 $plugins->run_hooks("modcp_announcements"); 1944 1945 eval("\$announcements = \"".$templates->get("modcp_announcements")."\";"); 1946 output_page($announcements); 1947 } 1948 1949 if($mybb->input['action'] == "do_modqueue") 1950 { 1951 require_once MYBB_ROOT."inc/class_moderation.php"; 1952 $moderation = new Moderation; 1953 1954 // Verify incoming POST request 1955 verify_post_check($mybb->get_input('my_post_key')); 1956 1957 if($mybb->usergroup['canmanagemodqueue'] == 0) 1958 { 1959 error_no_permission(); 1960 } 1961 1962 $plugins->run_hooks("modcp_do_modqueue_start"); 1963 1964 $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY); 1965 $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY); 1966 $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY); 1967 if(!empty($mybb->input['threads'])) 1968 { 1969 $threads = array_map("intval", array_keys($mybb->input['threads'])); 1970 $threads_to_approve = $threads_to_delete = array(); 1971 // Fetch threads 1972 $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}"); 1973 while($thread = $db->fetch_array($query)) 1974 { 1975 if(!isset($mybb->input['threads'][$thread['tid']])) 1976 { 1977 continue; 1978 } 1979 $action = $mybb->input['threads'][$thread['tid']]; 1980 if($action == "approve") 1981 { 1982 $threads_to_approve[] = $thread['tid']; 1983 } 1984 else if($action == "delete") 1985 { 1986 $threads_to_delete[] = $thread['tid']; 1987 } 1988 } 1989 if(!empty($threads_to_approve)) 1990 { 1991 $moderation->approve_threads($threads_to_approve); 1992 log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads); 1993 } 1994 if(!empty($threads_to_delete)) 1995 { 1996 if($mybb->settings['soft_delete'] == 1) 1997 { 1998 $moderation->soft_delete_threads($threads_to_delete); 1999 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads); 2000 } 2001 else 2002 { 2003 foreach($threads_to_delete as $tid) 2004 { 2005 $moderation->delete_thread($tid); 2006 } 2007 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads); 2008 } 2009 } 2010 2011 $plugins->run_hooks("modcp_do_modqueue_end"); 2012 2013 redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated); 2014 } 2015 else if(!empty($mybb->input['posts'])) 2016 { 2017 $posts = array_map("intval", array_keys($mybb->input['posts'])); 2018 // Fetch posts 2019 $posts_to_approve = $posts_to_delete = array(); 2020 $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}"); 2021 while($post = $db->fetch_array($query)) 2022 { 2023 if(!isset($mybb->input['posts'][$post['pid']])) 2024 { 2025 continue; 2026 } 2027 $action = $mybb->input['posts'][$post['pid']]; 2028 if($action == "approve") 2029 { 2030 $posts_to_approve[] = $post['pid']; 2031 } 2032 else if($action == "delete" && $mybb->settings['soft_delete'] != 1) 2033 { 2034 $moderation->delete_post($post['pid']); 2035 } 2036 else if($action == "delete") 2037 { 2038 $posts_to_delete[] = $post['pid']; 2039 } 2040 } 2041 if(!empty($posts_to_approve)) 2042 { 2043 $moderation->approve_posts($posts_to_approve); 2044 log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts); 2045 } 2046 if(!empty($posts_to_delete)) 2047 { 2048 if($mybb->settings['soft_delete'] == 1) 2049 { 2050 $moderation->soft_delete_posts($posts_to_delete); 2051 log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts); 2052 } 2053 else 2054 { 2055 log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts); 2056 } 2057 } 2058 2059 $plugins->run_hooks("modcp_do_modqueue_end"); 2060 2061 redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated); 2062 } 2063 else if(!empty($mybb->input['attachments'])) 2064 { 2065 $attachments = array_map("intval", array_keys($mybb->input['attachments'])); 2066 $query = $db->query(" 2067 SELECT a.pid, a.aid 2068 FROM ".TABLE_PREFIX."attachments a 2069 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 2070 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2071 WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach} 2072 "); 2073 while($attachment = $db->fetch_array($query)) 2074 { 2075 if(!isset($mybb->input['attachments'][$attachment['aid']])) 2076 { 2077 continue; 2078 } 2079 $action = $mybb->input['attachments'][$attachment['aid']]; 2080 if($action == "approve") 2081 { 2082 $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'"); 2083 } 2084 else if($action == "delete") 2085 { 2086 remove_attachment($attachment['pid'], '', $attachment['aid']); 2087 } 2088 } 2089 2090 $plugins->run_hooks("modcp_do_modqueue_end"); 2091 2092 redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated); 2093 } 2094 } 2095 2096 if($mybb->input['action'] == "modqueue") 2097 { 2098 $navsep = ''; 2099 2100 if($mybb->usergroup['canmanagemodqueue'] == 0) 2101 { 2102 error_no_permission(); 2103 } 2104 2105 if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) 2106 { 2107 error($lang->you_cannot_use_mod_queue); 2108 } 2109 2110 $mybb->input['type'] = $mybb->get_input('type'); 2111 $threadqueue = $postqueue = $attachmentqueue = ''; 2112 if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)) 2113 { 2114 if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1) 2115 { 2116 error($lang->you_cannot_moderate_threads); 2117 } 2118 2119 $forum_cache = $cache->read("forums"); 2120 2121 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}"); 2122 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 2123 2124 // Figure out if we need to display multiple pages. 2125 if($mybb->get_input('page') != "last") 2126 { 2127 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2128 } 2129 2130 $perpage = $mybb->settings['threadsperpage']; 2131 $pages = $unapproved_threads / $perpage; 2132 $pages = ceil($pages); 2133 2134 if($mybb->get_input('page') == "last") 2135 { 2136 $page = $pages; 2137 } 2138 2139 if($page > $pages || $page <= 0) 2140 { 2141 $page = 1; 2142 } 2143 2144 if($page) 2145 { 2146 $start = ($page-1) * $perpage; 2147 } 2148 else 2149 { 2150 $start = 0; 2151 $page = 1; 2152 } 2153 2154 $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads"); 2155 2156 $query = $db->query(" 2157 SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid 2158 FROM ".TABLE_PREFIX."threads t 2159 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost) 2160 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid) 2161 WHERE t.visible='0' {$tflist_queue_threads} 2162 ORDER BY t.lastpost DESC 2163 LIMIT {$start}, {$perpage} 2164 "); 2165 $threads = ''; 2166 while($thread = $db->fetch_array($query)) 2167 { 2168 $altbg = alt_trow(); 2169 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 2170 $thread['threadlink'] = get_thread_link($thread['tid']); 2171 $forum_link = get_forum_link($thread['fid']); 2172 $forum_name = $forum_cache[$thread['fid']]['name']; 2173 $threaddate = my_date('relative', $thread['dateline']); 2174 2175 if($thread['username'] == "") 2176 { 2177 if($thread['threadusername'] != "") 2178 { 2179 $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']); 2180 $profile_link = $thread['threadusername']; 2181 } 2182 else 2183 { 2184 $profile_link = $lang->guest; 2185 } 2186 } 2187 else 2188 { 2189 $thread['username'] = htmlspecialchars_uni($thread['username']); 2190 $profile_link = build_profile_link($thread['username'], $thread['uid']); 2191 } 2192 2193 $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage'])); 2194 eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";"); 2195 eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";"); 2196 } 2197 2198 if(!$threads && $mybb->input['type'] == "threads") 2199 { 2200 eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";"); 2201 } 2202 2203 if($threads) 2204 { 2205 add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&type=threads"); 2206 2207 $plugins->run_hooks("modcp_modqueue_threads_end"); 2208 2209 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 2210 { 2211 $navsep = " | "; 2212 eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";"); 2213 } 2214 2215 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 2216 { 2217 $navsep = " | "; 2218 eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";"); 2219 } 2220 2221 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2222 eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";"); 2223 output_page($threadqueue); 2224 } 2225 $type = 'threads'; 2226 } 2227 2228 if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1))) 2229 { 2230 if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1) 2231 { 2232 error($lang->you_cannot_moderate_posts); 2233 } 2234 2235 $forum_cache = $cache->read("forums"); 2236 2237 $query = $db->query(" 2238 SELECT COUNT(pid) AS unapprovedposts 2239 FROM ".TABLE_PREFIX."posts p 2240 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2241 WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid 2242 "); 2243 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 2244 2245 // Figure out if we need to display multiple pages. 2246 if($mybb->get_input('page') != "last") 2247 { 2248 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2249 } 2250 2251 $perpage = $mybb->settings['postsperpage']; 2252 $pages = $unapproved_posts / $perpage; 2253 $pages = ceil($pages); 2254 2255 if($mybb->get_input('page') == "last") 2256 { 2257 $page = $pages; 2258 } 2259 2260 if($page > $pages || $page <= 0) 2261 { 2262 $page = 1; 2263 } 2264 2265 if($page) 2266 { 2267 $start = ($page-1) * $perpage; 2268 } 2269 else 2270 { 2271 $start = 0; 2272 $page = 1; 2273 } 2274 2275 $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&type=posts"); 2276 2277 $query = $db->query(" 2278 SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline 2279 FROM ".TABLE_PREFIX."posts p 2280 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2281 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 2282 WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid 2283 ORDER BY p.dateline DESC, p.pid DESC 2284 LIMIT {$start}, {$perpage} 2285 "); 2286 $posts = ''; 2287 while($post = $db->fetch_array($query)) 2288 { 2289 $altbg = alt_trow(); 2290 $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject'])); 2291 $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject'])); 2292 $post['threadlink'] = get_thread_link($post['tid']); 2293 $post['postlink'] = get_post_link($post['pid'], $post['tid']); 2294 $forum_link = get_forum_link($post['fid']); 2295 $forum_name = $forum_cache[$post['fid']]['name']; 2296 $postdate = my_date('relative', $post['dateline']); 2297 2298 if($post['username'] == "") 2299 { 2300 if($post['postusername'] != "") 2301 { 2302 $post['postusername'] = htmlspecialchars_uni($post['postusername']); 2303 $profile_link = $post['postusername']; 2304 } 2305 else 2306 { 2307 $profile_link = $lang->guest; 2308 } 2309 } 2310 else 2311 { 2312 $post['username'] = htmlspecialchars_uni($post['username']); 2313 $profile_link = build_profile_link($post['username'], $post['uid']); 2314 } 2315 2316 eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";"); 2317 eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";"); 2318 $post['message'] = nl2br(htmlspecialchars_uni($post['message'])); 2319 eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";"); 2320 } 2321 2322 if(!$posts && $mybb->input['type'] == "posts") 2323 { 2324 eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";"); 2325 } 2326 2327 if($posts) 2328 { 2329 add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&type=posts"); 2330 2331 $plugins->run_hooks("modcp_modqueue_posts_end"); 2332 2333 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 2334 { 2335 $navsep = " | "; 2336 eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";"); 2337 } 2338 2339 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 2340 { 2341 $navsep = " | "; 2342 eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";"); 2343 } 2344 2345 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2346 eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";"); 2347 output_page($postqueue); 2348 } 2349 } 2350 2351 if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))) 2352 { 2353 if($mybb->settings['enableattachments'] == 0) 2354 { 2355 error($lang->attachments_disabled); 2356 } 2357 2358 if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) 2359 { 2360 error($lang->you_cannot_moderate_attachments); 2361 } 2362 2363 $query = $db->query(" 2364 SELECT COUNT(aid) AS unapprovedattachments 2365 FROM ".TABLE_PREFIX."attachments a 2366 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 2367 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2368 WHERE a.visible='0'{$tflist_queue_attach} 2369 "); 2370 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 2371 2372 // Figure out if we need to display multiple pages. 2373 if($mybb->get_input('page') != "last") 2374 { 2375 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2376 } 2377 2378 $perpage = $mybb->settings['postsperpage']; 2379 $pages = $unapproved_attachments / $perpage; 2380 $pages = ceil($pages); 2381 2382 if($mybb->get_input('page') == "last") 2383 { 2384 $page = $pages; 2385 } 2386 2387 if($page > $pages || $page <= 0) 2388 { 2389 $page = 1; 2390 } 2391 2392 if($page) 2393 { 2394 $start = ($page-1) * $perpage; 2395 } 2396 else 2397 { 2398 $start = 0; 2399 $page = 1; 2400 } 2401 2402 $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&type=attachments"); 2403 2404 $query = $db->query(" 2405 SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject 2406 FROM ".TABLE_PREFIX."attachments a 2407 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 2408 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2409 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 2410 WHERE a.visible='0'{$tflist_queue_attach} 2411 ORDER BY a.dateuploaded DESC 2412 LIMIT {$start}, {$perpage} 2413 "); 2414 $attachments = ''; 2415 while($attachment = $db->fetch_array($query)) 2416 { 2417 $altbg = alt_trow(); 2418 2419 if(!$attachment['dateuploaded']) 2420 { 2421 $attachment['dateuploaded'] = $attachment['dateline']; 2422 } 2423 2424 $attachdate = my_date('relative', $attachment['dateuploaded']); 2425 2426 $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject'])); 2427 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 2428 $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject'])); 2429 $attachment['filesize'] = get_friendly_size($attachment['filesize']); 2430 2431 $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}"; 2432 $thread_link = get_thread_link($attachment['tid']); 2433 $attachment['username'] = htmlspecialchars_uni($attachment['username']); 2434 $profile_link = build_profile_link($attachment['username'], $attachment['uid']); 2435 2436 eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";"); 2437 } 2438 2439 if(!$attachments && $mybb->input['type'] == "attachments") 2440 { 2441 eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";"); 2442 } 2443 2444 if($attachments) 2445 { 2446 add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&type=attachments"); 2447 2448 $plugins->run_hooks("modcp_modqueue_attachments_end"); 2449 2450 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 2451 { 2452 eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";"); 2453 $navsep = " | "; 2454 } 2455 2456 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 2457 { 2458 eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";"); 2459 $navsep = " | "; 2460 } 2461 2462 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2463 eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";"); 2464 output_page($attachmentqueue); 2465 } 2466 } 2467 2468 // Still nothing? All queues are empty! :-D 2469 if(!$threadqueue && !$postqueue && !$attachmentqueue) 2470 { 2471 add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue"); 2472 2473 $plugins->run_hooks("modcp_modqueue_end"); 2474 2475 eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";"); 2476 output_page($queue); 2477 } 2478 } 2479 2480 if($mybb->input['action'] == "do_editprofile") 2481 { 2482 // Verify incoming POST request 2483 verify_post_check($mybb->get_input('my_post_key')); 2484 2485 if($mybb->usergroup['caneditprofiles'] == 0) 2486 { 2487 error_no_permission(); 2488 } 2489 2490 $user = get_user($mybb->input['uid']); 2491 if(!$user) 2492 { 2493 error($lang->error_nomember); 2494 } 2495 2496 // Check if the current user has permission to edit this user 2497 if(!modcp_can_manage_user($user['uid'])) 2498 { 2499 error_no_permission(); 2500 } 2501 2502 $plugins->run_hooks("modcp_do_editprofile_start"); 2503 2504 if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0) 2505 { 2506 $awaydate = TIME_NOW; 2507 if(!empty($mybb->input['awayday'])) 2508 { 2509 // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year 2510 if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT)) 2511 { 2512 $mybb->input['awaymonth'] = my_date('n', $awaydate); 2513 } 2514 if(!$mybb->get_input('awayyear', MyBB::INPUT_INT)) 2515 { 2516 $mybb->input['awayyear'] = my_date('Y', $awaydate); 2517 } 2518 2519 $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2); 2520 $return_day = (int)substr($mybb->get_input('awayday'), 0, 2); 2521 $return_year = min((int)$mybb->get_input('awayyear'), 9999); 2522 2523 // Check if return date is after the away date. 2524 $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year); 2525 $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate)); 2526 if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate))) 2527 { 2528 error($lang->error_modcp_return_date_past); 2529 } 2530 2531 $returndate = "{$return_day}-{$return_month}-{$return_year}"; 2532 } 2533 else 2534 { 2535 $returndate = ""; 2536 } 2537 $away = array( 2538 "away" => 1, 2539 "date" => $awaydate, 2540 "returndate" => $returndate, 2541 "awayreason" => $mybb->get_input('awayreason') 2542 ); 2543 } 2544 else 2545 { 2546 $away = array( 2547 "away" => 0, 2548 "date" => '', 2549 "returndate" => '', 2550 "awayreason" => '' 2551 ); 2552 } 2553 2554 // Set up user handler. 2555 require_once MYBB_ROOT."inc/datahandlers/user.php"; 2556 $userhandler = new UserDataHandler('update'); 2557 2558 // Set the data for the new user. 2559 $updated_user = array( 2560 "uid" => $user['uid'], 2561 "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY), 2562 "profile_fields_editable" => true, 2563 "website" => $mybb->get_input('website'), 2564 "icq" => $mybb->get_input('icq'), 2565 "skype" => $mybb->get_input('skype'), 2566 "google" => $mybb->get_input('google'), 2567 "signature" => $mybb->get_input('signature'), 2568 "usernotes" => $mybb->get_input('usernotes'), 2569 "away" => $away 2570 ); 2571 2572 $updated_user['birthday'] = array( 2573 "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT), 2574 "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT), 2575 "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT) 2576 ); 2577 2578 if(!empty($mybb->input['usertitle'])) 2579 { 2580 $updated_user['usertitle'] = $mybb->get_input('usertitle'); 2581 } 2582 else if(!empty($mybb->input['reverttitle'])) 2583 { 2584 $updated_user['usertitle'] = ''; 2585 } 2586 2587 if(!empty($mybb->input['remove_avatar'])) 2588 { 2589 $updated_user['avatarurl'] = ''; 2590 } 2591 2592 // Set the data of the user in the datahandler. 2593 $userhandler->set_data($updated_user); 2594 $errors = array(); 2595 2596 // Validate the user and get any errors that might have occurred. 2597 if(!$userhandler->validate_user()) 2598 { 2599 $errors = $userhandler->get_friendly_errors(); 2600 $mybb->input['action'] = "editprofile"; 2601 } 2602 else 2603 { 2604 // Are we removing an avatar from this user? 2605 if(!empty($mybb->input['remove_avatar'])) 2606 { 2607 $extra_user_updates = array( 2608 "avatar" => "", 2609 "avatardimensions" => "", 2610 "avatartype" => "" 2611 ); 2612 remove_avatars($user['uid']); 2613 } 2614 2615 // Moderator "Options" (suspend signature, suspend/moderate posting) 2616 $moderator_options = array( 2617 1 => array( 2618 "action" => "suspendsignature", // The moderator action we're performing 2619 "period" => "action_period", // The time period we've selected from the dropdown box 2620 "time" => "action_time", // The time we've entered 2621 "update_field" => "suspendsignature", // The field in the database to update if true 2622 "update_length" => "suspendsigtime" // The length of suspension field in the database 2623 ), 2624 2 => array( 2625 "action" => "moderateposting", 2626 "period" => "modpost_period", 2627 "time" => "modpost_time", 2628 "update_field" => "moderateposts", 2629 "update_length" => "moderationtime" 2630 ), 2631 3 => array( 2632 "action" => "suspendposting", 2633 "period" => "suspost_period", 2634 "time" => "suspost_time", 2635 "update_field" => "suspendposting", 2636 "update_length" => "suspensiontime" 2637 ) 2638 ); 2639 2640 require_once MYBB_ROOT."inc/functions_warnings.php"; 2641 foreach($moderator_options as $option) 2642 { 2643 ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT); 2644 $mybb->input[$option['period']] = $mybb->get_input($option['period']); 2645 if(empty($mybb->input[$option['action']])) 2646 { 2647 if($user[$option['update_field']] == 1) 2648 { 2649 // We're revoking the suspension 2650 $extra_user_updates[$option['update_field']] = 0; 2651 $extra_user_updates[$option['update_length']] = 0; 2652 } 2653 2654 // Skip this option if we haven't selected it 2655 continue; 2656 } 2657 2658 else 2659 { 2660 if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1) 2661 { 2662 // User has selected a type of ban, but not entered a valid time frame 2663 $string = $option['action']."_error"; 2664 $errors[] = $lang->$string; 2665 } 2666 else 2667 { 2668 $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]); 2669 2670 if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never")) 2671 { 2672 // We already have a suspension, but entered a new time 2673 if($suspend_length == "-1") 2674 { 2675 // Permanent ban on action 2676 $extra_user_updates[$option['update_length']] = 0; 2677 } 2678 elseif($suspend_length && $suspend_length != "-1") 2679 { 2680 // Temporary ban on action 2681 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 2682 } 2683 } 2684 elseif(!$user[$option['update_field']]) 2685 { 2686 // New suspension for this user... bad user! 2687 $extra_user_updates[$option['update_field']] = 1; 2688 if($suspend_length == "-1") 2689 { 2690 $extra_user_updates[$option['update_length']] = 0; 2691 } 2692 else 2693 { 2694 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 2695 } 2696 } 2697 } 2698 } 2699 } 2700 2701 // Those with javascript turned off will be able to select both - cheeky! 2702 // Check to make sure we're not moderating AND suspending posting 2703 if(isset($extra_user_updates) && !empty($extra_user_updates['moderateposts']) && !empty($extra_user_updates['suspendposting'])) 2704 { 2705 $errors[] = $lang->suspendmoderate_error; 2706 } 2707 2708 if(is_array($errors) && !empty($errors)) 2709 { 2710 $mybb->input['action'] = "editprofile"; 2711 } 2712 else 2713 { 2714 $plugins->run_hooks("modcp_do_editprofile_update"); 2715 2716 // Continue with the update if there is no errors 2717 $user_info = $userhandler->update_user(); 2718 if(!empty($extra_user_updates)) 2719 { 2720 $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'"); 2721 } 2722 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user); 2723 2724 $plugins->run_hooks("modcp_do_editprofile_end"); 2725 2726 redirect("modcp.php?action=finduser", $lang->redirect_user_updated); 2727 } 2728 } 2729 } 2730 2731 if($mybb->input['action'] == "editprofile") 2732 { 2733 if($mybb->usergroup['caneditprofiles'] == 0) 2734 { 2735 error_no_permission(); 2736 } 2737 2738 add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile"); 2739 2740 $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); 2741 if(!$user) 2742 { 2743 error($lang->error_nomember); 2744 } 2745 2746 // Check if the current user has permission to edit this user 2747 if(!modcp_can_manage_user($user['uid'])) 2748 { 2749 error_no_permission(); 2750 } 2751 2752 $userperms = user_permissions($user['uid']); 2753 2754 // Set display group 2755 $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image"); 2756 2757 if(!$user['displaygroup']) 2758 { 2759 $user['displaygroup'] = $user['usergroup']; 2760 } 2761 2762 $display_group = usergroup_displaygroup($user['displaygroup']); 2763 if(is_array($display_group)) 2764 { 2765 $userperms = array_merge($userperms, $display_group); 2766 } 2767 2768 if(!my_validate_url($user['website'])) 2769 { 2770 $user['website'] = ''; 2771 } 2772 2773 if($user['icq'] != "0") 2774 { 2775 $user['icq'] = (int)$user['icq']; 2776 } 2777 2778 if(!$errors) 2779 { 2780 $mybb->input = array_merge($user, $mybb->input); 2781 $birthday = explode('-', $user['birthday']); 2782 if(!isset($birthday[1])) 2783 { 2784 $birthday[1] = ''; 2785 } 2786 if(!isset($birthday[2])) 2787 { 2788 $birthday[2] = ''; 2789 } 2790 list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday; 2791 } 2792 else 2793 { 2794 $errors = inline_error($errors); 2795 } 2796 2797 // Sanitize all input 2798 foreach(array('usertitle', 'website', 'icq', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field) 2799 { 2800 $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 2801 } 2802 2803 // Custom user title 2804 if(!empty($userperms['usertitle'])) 2805 { 2806 $defaulttitle = htmlspecialchars_uni($userperms['usertitle']); 2807 } 2808 else 2809 { 2810 // Go for post count title if a group default isn't set 2811 $usertitles = $cache->read('usertitles'); 2812 2813 foreach($usertitles as $title) 2814 { 2815 if($title['posts'] <= $user['postnum']) 2816 { 2817 $defaulttitle = htmlspecialchars_uni($title['title']); 2818 break; 2819 } 2820 } 2821 } 2822 2823 $user['usertitle'] = htmlspecialchars_uni($user['usertitle']); 2824 2825 if(empty($user['usertitle'])) 2826 { 2827 $lang->current_custom_usertitle = ''; 2828 } 2829 2830 $bdaydaysel = $selected = ''; 2831 for($day = 1; $day <= 31; ++$day) 2832 { 2833 if($mybb->input['birthday_day'] == $day) 2834 { 2835 $selected = "selected=\"selected\""; 2836 } 2837 else 2838 { 2839 $selected = ''; 2840 } 2841 2842 eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";"); 2843 } 2844 2845 $bdaymonthsel = array(); 2846 foreach(range(1, 12) as $month) 2847 { 2848 $bdaymonthsel[$month] = ''; 2849 } 2850 $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"'; 2851 2852 $awaysection = ''; 2853 2854 if($mybb->settings['allowaway'] != 0) 2855 { 2856 $awaycheck = array('', ''); 2857 if($errors) 2858 { 2859 if($user['away'] == 1) 2860 { 2861 $awaycheck[1] = "checked=\"checked\""; 2862 } 2863 else 2864 { 2865 $awaycheck[0] = "checked=\"checked\""; 2866 } 2867 $returndate = array(); 2868 $returndate[0] = $mybb->get_input('awayday'); 2869 $returndate[1] = $mybb->get_input('awaymonth'); 2870 $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT); 2871 $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason')); 2872 } 2873 else 2874 { 2875 $user['awayreason'] = htmlspecialchars_uni($user['awayreason']); 2876 if($user['away'] == 1) 2877 { 2878 $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']); 2879 $awaycheck[1] = "checked=\"checked\""; 2880 $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate); 2881 } 2882 else 2883 { 2884 $awaynotice = $lang->away_notice; 2885 $awaycheck[0] = "checked=\"checked\""; 2886 } 2887 $returndate = explode("-", $user['returndate']); 2888 } 2889 $returndatesel = $selected = ''; 2890 for($day = 1; $day <= 31; ++$day) 2891 { 2892 if($returndate[0] == $day) 2893 { 2894 $selected = "selected=\"selected\""; 2895 } 2896 else 2897 { 2898 $selected = ''; 2899 } 2900 2901 eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";"); 2902 } 2903 2904 $returndatemonthsel = array(); 2905 foreach(range(1, 12) as $month) 2906 { 2907 $returndatemonthsel[$month] = ''; 2908 } 2909 if(isset($returndate[1])) 2910 { 2911 $returndatemonthsel[$returndate[1]] = " selected=\"selected\""; 2912 } 2913 2914 if(!isset($returndate[2])) 2915 { 2916 $returndate[2] = ''; 2917 } 2918 2919 eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";"); 2920 } 2921 2922 $plugins->run_hooks("modcp_editprofile_start"); 2923 2924 // Fetch profile fields 2925 $user_fields = array(); 2926 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 2927 if($db->num_rows($query) > 0) 2928 { 2929 $user_fields = $db->fetch_array($query); 2930 } 2931 2932 $requiredfields = ''; 2933 $customfields = ''; 2934 $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY); 2935 2936 $pfcache = $cache->read('profilefields'); 2937 2938 if(is_array($pfcache)) 2939 { 2940 foreach($pfcache as $profilefield) 2941 { 2942 $userfield = $code = $select = $val = $options = $expoptions = $useropts = ''; 2943 $seloptions = array(); 2944 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 2945 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 2946 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 2947 $thing = explode("\n", $profilefield['type'], "2"); 2948 $type = $thing[0]; 2949 if(isset($thing[1])) 2950 { 2951 $options = $thing[1]; 2952 } 2953 $field = "fid{$profilefield['fid']}"; 2954 if($errors) 2955 { 2956 if(isset($mybb->input['profile_fields'][$field])) 2957 { 2958 $userfield = $mybb->input['profile_fields'][$field]; 2959 } 2960 } 2961 elseif(isset($user_fields[$field])) 2962 { 2963 $userfield = $user_fields[$field]; 2964 } 2965 if($type == "multiselect") 2966 { 2967 if($errors) 2968 { 2969 $useropts = $userfield; 2970 } 2971 else 2972 { 2973 $useropts = explode("\n", $userfield); 2974 } 2975 if(is_array($useropts)) 2976 { 2977 foreach($useropts as $key => $val) 2978 { 2979 $seloptions[$val] = $val; 2980 } 2981 } 2982 $expoptions = explode("\n", $options); 2983 if(is_array($expoptions)) 2984 { 2985 foreach($expoptions as $key => $val) 2986 { 2987 $val = trim($val); 2988 $val = str_replace("\n", "\\n", $val); 2989 2990 $sel = ""; 2991 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 2992 { 2993 $sel = " selected=\"selected\""; 2994 } 2995 2996 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 2997 } 2998 if(!$profilefield['length']) 2999 { 3000 $profilefield['length'] = 3; 3001 } 3002 3003 eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";"); 3004 } 3005 } 3006 elseif($type == "select") 3007 { 3008 $expoptions = explode("\n", $options); 3009 if(is_array($expoptions)) 3010 { 3011 foreach($expoptions as $key => $val) 3012 { 3013 $val = trim($val); 3014 $val = str_replace("\n", "\\n", $val); 3015 $sel = ""; 3016 if($val == $userfield) 3017 { 3018 $sel = " selected=\"selected\""; 3019 } 3020 3021 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 3022 } 3023 if(!$profilefield['length']) 3024 { 3025 $profilefield['length'] = 1; 3026 } 3027 3028 eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";"); 3029 } 3030 } 3031 elseif($type == "radio") 3032 { 3033 $expoptions = explode("\n", $options); 3034 if(is_array($expoptions)) 3035 { 3036 foreach($expoptions as $key => $val) 3037 { 3038 $checked = ""; 3039 if($val == $userfield) 3040 { 3041 $checked = " checked=\"checked\""; 3042 } 3043 3044 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";"); 3045 } 3046 } 3047 } 3048 elseif($type == "checkbox") 3049 { 3050 if($errors) 3051 { 3052 $useropts = $userfield; 3053 } 3054 else 3055 { 3056 $useropts = explode("\n", $userfield); 3057 } 3058 if(is_array($useropts)) 3059 { 3060 foreach($useropts as $key => $val) 3061 { 3062 $seloptions[$val] = $val; 3063 } 3064 } 3065 $expoptions = explode("\n", $options); 3066 if(is_array($expoptions)) 3067 { 3068 foreach($expoptions as $key => $val) 3069 { 3070 $checked = ""; 3071 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 3072 { 3073 $checked = " checked=\"checked\""; 3074 } 3075 3076 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";"); 3077 } 3078 } 3079 } 3080 elseif($type == "textarea") 3081 { 3082 $value = htmlspecialchars_uni($userfield); 3083 eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";"); 3084 } 3085 else 3086 { 3087 $value = htmlspecialchars_uni($userfield); 3088 $maxlength = ""; 3089 if($profilefield['maxlength'] > 0) 3090 { 3091 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 3092 } 3093 3094 eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";"); 3095 } 3096 3097 if($profilefield['required'] == 1) 3098 { 3099 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 3100 } 3101 else 3102 { 3103 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 3104 } 3105 $altbg = alt_trow(); 3106 } 3107 } 3108 if($customfields) 3109 { 3110 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 3111 } 3112 3113 $user['username'] = htmlspecialchars_uni($user['username']); 3114 $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']); 3115 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3116 3117 $user['signature'] = htmlspecialchars_uni($user['signature']); 3118 $codebuttons = build_mycode_inserter("signature"); 3119 3120 // Do we mark the suspend signature box? 3121 if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors))) 3122 { 3123 $checked = 1; 3124 $checked_item = "checked=\"checked\""; 3125 } 3126 else 3127 { 3128 $checked = 0; 3129 $checked_item = ''; 3130 } 3131 3132 // Do we mark the moderate posts box? 3133 if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors))) 3134 { 3135 $modpost_check = 1; 3136 $modpost_checked = "checked=\"checked\""; 3137 } 3138 else 3139 { 3140 $modpost_check = 0; 3141 $modpost_checked = ''; 3142 } 3143 3144 // Do we mark the suspend posts box? 3145 if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors))) 3146 { 3147 $suspost_check = 1; 3148 $suspost_checked = "checked=\"checked\""; 3149 } 3150 else 3151 { 3152 $suspost_check = 0; 3153 $suspost_checked = ''; 3154 } 3155 3156 $moderator_options = array( 3157 1 => array( 3158 "action" => "suspendsignature", // The input action for this option 3159 "option" => "suspendsignature", // The field in the database that this option relates to 3160 "time" => "action_time", // The time we've entered 3161 "length" => "suspendsigtime", // The length of suspension field in the database 3162 "select_option" => "action" // The name of the select box of this option 3163 ), 3164 2 => array( 3165 "action" => "moderateposting", 3166 "option" => "moderateposts", 3167 "time" => "modpost_time", 3168 "length" => "moderationtime", 3169 "select_option" => "modpost" 3170 ), 3171 3 => array( 3172 "action" => "suspendposting", 3173 "option" => "suspendposting", 3174 "time" => "suspost_time", 3175 "length" => "suspensiontime", 3176 "select_option" => "suspost" 3177 ) 3178 ); 3179 3180 $periods = array( 3181 "hours" => $lang->expire_hours, 3182 "days" => $lang->expire_days, 3183 "weeks" => $lang->expire_weeks, 3184 "months" => $lang->expire_months, 3185 "never" => $lang->expire_permanent 3186 ); 3187 3188 $suspendsignature_info = $moderateposts_info = $suspendposting_info = ''; 3189 $action_options = $modpost_options = $suspost_options = ''; 3190 $modopts = array(); 3191 foreach($moderator_options as $option) 3192 { 3193 ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT); 3194 // Display the suspension info, if this user has this option suspended 3195 if($user[$option['option']]) 3196 { 3197 if($user[$option['length']] == 0) 3198 { 3199 // User has a permanent ban 3200 $string = $option['option']."_perm"; 3201 $suspension_info = $lang->$string; 3202 } 3203 else 3204 { 3205 // User has a temporary (or limited) ban 3206 $string = $option['option']."_for"; 3207 $for_date = my_date('relative', $user[$option['length']], '', 2); 3208 $suspension_info = $lang->sprintf($lang->$string, $for_date); 3209 } 3210 3211 switch($option['option']) 3212 { 3213 case "suspendsignature": 3214 eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3215 break; 3216 case "moderateposts": 3217 eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3218 break; 3219 case "suspendposting": 3220 eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3221 break; 3222 } 3223 } 3224 3225 // Generate the boxes for this option 3226 $selection_options = ''; 3227 foreach($periods as $key => $value) 3228 { 3229 $string = $option['select_option']."_period"; 3230 if($mybb->get_input($string) == $key) 3231 { 3232 $selected = "selected=\"selected\""; 3233 } 3234 else 3235 { 3236 $selected = ''; 3237 } 3238 3239 eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";"); 3240 } 3241 3242 $select_name = $option['select_option']."_period"; 3243 switch($option['option']) 3244 { 3245 case "suspendsignature": 3246 eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3247 break; 3248 case "moderateposts": 3249 eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3250 break; 3251 case "suspendposting": 3252 eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3253 break; 3254 } 3255 } 3256 3257 eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";"); 3258 3259 $user['usernotes'] = htmlspecialchars_uni($user['usernotes']); 3260 3261 if(!isset($newtitle)) 3262 { 3263 $newtitle = ''; 3264 } 3265 3266 $birthday_year = $mybb->input['birthday_year']; 3267 $user_website = $mybb->input['website']; 3268 $user_icq = $mybb->input['icq']; 3269 $user_skype = $mybb->input['skype']; 3270 $user_google = $mybb->input['google']; 3271 3272 $plugins->run_hooks("modcp_editprofile_end"); 3273 3274 eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";"); 3275 output_page($edituser); 3276 } 3277 3278 if($mybb->input['action'] == "finduser") 3279 { 3280 if($mybb->usergroup['caneditprofiles'] == 0) 3281 { 3282 error_no_permission(); 3283 } 3284 3285 add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser"); 3286 3287 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 3288 if(!$perpage || $perpage <= 0) 3289 { 3290 $perpage = $mybb->settings['threadsperpage']; 3291 } 3292 $where = ''; 3293 3294 if(isset($mybb->input['username'])) 3295 { 3296 switch($db->type) 3297 { 3298 case 'mysql': 3299 case 'mysqli': 3300 $field = 'username'; 3301 break; 3302 default: 3303 $field = 'LOWER(username)'; 3304 break; 3305 } 3306 $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'"; 3307 } 3308 3309 // Sort order & direction 3310 switch($mybb->get_input('sortby')) 3311 { 3312 case "lastvisit": 3313 $sortby = "lastvisit"; 3314 break; 3315 case "postnum": 3316 $sortby = "postnum"; 3317 break; 3318 case "username": 3319 $sortby = "username"; 3320 break; 3321 default: 3322 $sortby = "regdate"; 3323 } 3324 $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => ''); 3325 $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\""; 3326 $order = $mybb->get_input('order'); 3327 if($order != "asc") 3328 { 3329 $order = "desc"; 3330 } 3331 $ordersel = array('asc' => '', 'desc' => ''); 3332 $ordersel[$order] = " selected=\"selected\""; 3333 3334 $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}"); 3335 $user_count = $db->fetch_field($query, "count"); 3336 3337 // Figure out if we need to display multiple pages. 3338 if($mybb->get_input('page') != "last") 3339 { 3340 $page = $mybb->get_input('page'); 3341 } 3342 3343 $pages = $user_count / $perpage; 3344 $pages = ceil($pages); 3345 3346 if($mybb->get_input('page') == "last") 3347 { 3348 $page = $pages; 3349 } 3350 3351 if($page > $pages || $page <= 0) 3352 { 3353 $page = 1; 3354 } 3355 if($page) 3356 { 3357 $start = ($page-1) * $perpage; 3358 } 3359 else 3360 { 3361 $start = 0; 3362 $page = 1; 3363 } 3364 3365 $page_url = 'modcp.php?action=finduser'; 3366 foreach(array('username', 'sortby', 'order') as $field) 3367 { 3368 if(!empty($mybb->input[$field])) 3369 { 3370 $page_url .= "&{$field}=".$mybb->input[$field]; 3371 } 3372 } 3373 3374 $multipage = multipage($user_count, $perpage, $page, $page_url); 3375 3376 $usergroups_cache = $cache->read("usergroups"); 3377 3378 $plugins->run_hooks("modcp_finduser_start"); 3379 3380 // Fetch out results 3381 $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start)); 3382 $users = ''; 3383 while($user = $db->fetch_array($query)) 3384 { 3385 $alt_row = alt_trow(); 3386 $user['username'] = htmlspecialchars_uni($user['username']); 3387 $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 3388 $user['postnum'] = my_number_format($user['postnum']); 3389 $regdate = my_date('relative', $user['regdate']); 3390 3391 if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid']) 3392 { 3393 $lastdate = $lang->lastvisit_never; 3394 3395 if($user['lastvisit']) 3396 { 3397 // We have had at least some active time, hide it instead 3398 $lastdate = $lang->lastvisit_hidden; 3399 } 3400 } 3401 else 3402 { 3403 $lastdate = my_date('relative', $user['lastvisit']); 3404 } 3405 3406 $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']); 3407 eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";"); 3408 } 3409 3410 // No results? 3411 if(!$users) 3412 { 3413 eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";"); 3414 } 3415 3416 $plugins->run_hooks("modcp_finduser_end"); 3417 3418 $username = htmlspecialchars_uni($mybb->get_input('username')); 3419 eval("\$finduser = \"".$templates->get("modcp_finduser")."\";"); 3420 output_page($finduser); 3421 } 3422 3423 if($mybb->input['action'] == "warninglogs") 3424 { 3425 if($mybb->usergroup['canviewwarnlogs'] == 0) 3426 { 3427 error_no_permission(); 3428 } 3429 3430 add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs"); 3431 3432 // Filter options 3433 $where_sql = ''; 3434 $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY); 3435 $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY); 3436 if(!empty($mybb->input['filter']['username'])) 3437 { 3438 $search_user = get_user_by_username($mybb->input['filter']['username']); 3439 3440 $mybb->input['filter']['uid'] = (int)$search_user['uid']; 3441 $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']); 3442 } 3443 else 3444 { 3445 $mybb->input['filter']['username'] = ''; 3446 } 3447 if(!empty($mybb->input['filter']['uid'])) 3448 { 3449 $search['uid'] = (int)$mybb->input['filter']['uid']; 3450 $where_sql .= " AND w.uid='{$search['uid']}'"; 3451 if(!isset($mybb->input['search']['username'])) 3452 { 3453 $user = get_user($mybb->input['search']['uid']); 3454 $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']); 3455 } 3456 } 3457 else 3458 { 3459 $mybb->input['filter']['uid'] = ''; 3460 } 3461 if(!empty($mybb->input['filter']['mod_username'])) 3462 { 3463 $mod_user = get_user_by_username($mybb->input['filter']['mod_username']); 3464 3465 $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid']; 3466 $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']); 3467 } 3468 else 3469 { 3470 $mybb->input['filter']['mod_username'] = ''; 3471 } 3472 if(!empty($mybb->input['filter']['mod_uid'])) 3473 { 3474 $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid']; 3475 $where_sql .= " AND w.issuedby='{$search['mod_uid']}'"; 3476 if(!isset($mybb->input['search']['mod_username'])) 3477 { 3478 $mod_user = get_user($mybb->input['search']['uid']); 3479 $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']); 3480 } 3481 } 3482 else 3483 { 3484 $mybb->input['filter']['mod_uid'] = ''; 3485 } 3486 if(!empty($mybb->input['filter']['reason'])) 3487 { 3488 $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']); 3489 $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')"; 3490 $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']); 3491 } 3492 else 3493 { 3494 $mybb->input['filter']['reason'] = ''; 3495 } 3496 $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => ''); 3497 if(!isset($mybb->input['filter']['sortby'])) 3498 { 3499 $mybb->input['filter']['sortby'] = ''; 3500 } 3501 switch($mybb->input['filter']['sortby']) 3502 { 3503 case "username": 3504 $sortby = "u.username"; 3505 $sortbysel['username'] = ' selected="selected"'; 3506 break; 3507 case "expires": 3508 $sortby = "w.expires"; 3509 $sortbysel['expires'] = ' selected="selected"'; 3510 break; 3511 case "issuedby": 3512 $sortby = "i.username"; 3513 $sortbysel['issuedby'] = ' selected="selected"'; 3514 break; 3515 default: // "dateline" 3516 $sortby = "w.dateline"; 3517 $sortbysel['dateline'] = ' selected="selected"'; 3518 } 3519 if(!isset($mybb->input['filter']['order'])) 3520 { 3521 $mybb->input['filter']['order'] = ''; 3522 } 3523 $order = $mybb->input['filter']['order']; 3524 $ordersel = array('asc' => '', 'desc' => ''); 3525 if($order != "asc") 3526 { 3527 $order = "desc"; 3528 $ordersel['desc'] = ' selected="selected"'; 3529 } 3530 else 3531 { 3532 $ordersel['asc'] = ' selected="selected"'; 3533 } 3534 3535 $plugins->run_hooks("modcp_warninglogs_start"); 3536 3537 // Pagination stuff 3538 $sql = " 3539 SELECT COUNT(wid) as count 3540 FROM 3541 ".TABLE_PREFIX."warnings w 3542 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 3543 WHERE 1=1 3544 {$where_sql} 3545 "; 3546 $query = $db->query($sql); 3547 $total_warnings = $db->fetch_field($query, 'count'); 3548 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3549 if($page <= 0) 3550 { 3551 $page = 1; 3552 } 3553 $per_page = 20; 3554 if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0) 3555 { 3556 $per_page = (int)$mybb->input['filter']['per_page']; 3557 } 3558 $start = ($page-1) * $per_page; 3559 $pages = ceil($total_warnings / $per_page); 3560 if($page > $pages) 3561 { 3562 $start = 0; 3563 $page = 1; 3564 } 3565 // Build the base URL for pagination links 3566 $url = 'modcp.php?action=warninglogs'; 3567 if(is_array($mybb->input['filter']) && count($mybb->input['filter'])) 3568 { 3569 foreach($mybb->input['filter'] as $field => $value) 3570 { 3571 $value = urlencode($value); 3572 $url .= "&filter[{$field}]={$value}"; 3573 } 3574 } 3575 $multipage = multipage($total_warnings, $per_page, $page, $url); 3576 3577 // The actual query 3578 $sql = " 3579 SELECT 3580 w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby, 3581 t.title, 3582 u.uid, u.username, u.usergroup, u.displaygroup, 3583 i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup 3584 FROM ".TABLE_PREFIX."warnings w 3585 LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid) 3586 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 3587 LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby) 3588 WHERE 1=1 3589 {$where_sql} 3590 ORDER BY {$sortby} {$order} 3591 LIMIT {$start}, {$per_page} 3592 "; 3593 $query = $db->query($sql); 3594 3595 3596 $warning_list = ''; 3597 while($row = $db->fetch_array($query)) 3598 { 3599 $trow = alt_trow(); 3600 $row['username'] = htmlspecialchars_uni($row['username']); 3601 $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']); 3602 $username_link = build_profile_link($username, $row['uid']); 3603 $row['mod_username'] = htmlspecialchars_uni($row['mod_username']); 3604 $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']); 3605 $mod_username_link = build_profile_link($mod_username, $row['mod_uid']); 3606 $issued_date = my_date('normal', $row['dateline']); 3607 $revoked_text = ''; 3608 if($row['daterevoked'] > 0) 3609 { 3610 $revoked_date = my_date('relative', $row['daterevoked']); 3611 eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";"); 3612 } 3613 if($row['expires'] > 0) 3614 { 3615 $expire_date = nice_time($row['expires']-TIME_NOW); 3616 } 3617 else 3618 { 3619 $expire_date = $lang->never; 3620 } 3621 $title = $row['title']; 3622 if(empty($row['title'])) 3623 { 3624 $title = $row['custom_title']; 3625 } 3626 $title = htmlspecialchars_uni($title); 3627 if($row['points'] >= 0) 3628 { 3629 $points = '+'.$row['points']; 3630 } 3631 3632 eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";"); 3633 } 3634 3635 if(!$warning_list) 3636 { 3637 eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";"); 3638 } 3639 3640 $plugins->run_hooks("modcp_warninglogs_end"); 3641 3642 $filter_username = $mybb->input['filter']['username']; 3643 $filter_modusername = $mybb->input['filter']['mod_username']; 3644 $filter_reason = $mybb->input['filter']['reason']; 3645 3646 eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";"); 3647 output_page($warninglogs); 3648 } 3649 3650 if($mybb->input['action'] == "ipsearch") 3651 { 3652 if($mybb->usergroup['canuseipsearch'] == 0) 3653 { 3654 error_no_permission(); 3655 } 3656 3657 add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch"); 3658 3659 $ipsearch_results = $ipaddressvalue = ''; 3660 $mybb->input['ipaddress'] = $mybb->get_input('ipaddress'); 3661 if($mybb->input['ipaddress']) 3662 { 3663 if(!is_array($groupscache)) 3664 { 3665 $groupscache = $cache->read("usergroups"); 3666 } 3667 3668 $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']); 3669 3670 $ip_range = fetch_ip_range($mybb->input['ipaddress']); 3671 3672 $post_results = $user_results = 0; 3673 3674 // Searching post IP addresses 3675 if(isset($mybb->input['search_posts'])) 3676 { 3677 $post_ip_sql = ''; 3678 if($ip_range) 3679 { 3680 if(!is_array($ip_range)) 3681 { 3682 $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range); 3683 } 3684 else 3685 { 3686 $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]); 3687 } 3688 } 3689 3690 $plugins->run_hooks("modcp_ipsearch_posts_start"); 3691 3692 if($post_ip_sql) 3693 { 3694 $where_sql = ''; 3695 3696 $unviewable_forums = get_unviewable_forums(true); 3697 3698 if($unviewable_forums) 3699 { 3700 $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})"; 3701 } 3702 3703 if($inactiveforums) 3704 { 3705 $where_sql .= " AND p.fid NOT IN ({$inactiveforums})"; 3706 } 3707 3708 // Check group permissions if we can't view threads not started by us 3709 $onlyusfids = array(); 3710 $group_permissions = forum_permissions(); 3711 foreach($group_permissions as $fid => $forumpermissions) 3712 { 3713 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1) 3714 { 3715 $onlyusfids[] = $fid; 3716 } 3717 } 3718 3719 if(!empty($onlyusfids)) 3720 { 3721 $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 3722 } 3723 3724 // Moderators can view unapproved/deleted posts 3725 if($mybb->usergroup['issupermod'] != 1) 3726 { 3727 $unapprove_forums = array(); 3728 $deleted_forums = array(); 3729 $visible_sql = " AND (p.visible = 1 AND t.visible = 1)"; 3730 $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')"); 3731 while($moderator = $db->fetch_array($query)) 3732 { 3733 if($moderator['canviewunapprove'] == 1) 3734 { 3735 $unapprove_forums[] = $moderator['fid']; 3736 } 3737 3738 if($moderator['canviewdeleted'] == 1) 3739 { 3740 $deleted_forums[] = $moderator['fid']; 3741 } 3742 } 3743 3744 if(!empty($unapprove_forums)) 3745 { 3746 $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))"; 3747 } 3748 if(!empty($deleted_forums)) 3749 { 3750 $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))"; 3751 } 3752 } 3753 else 3754 { 3755 // Super moderators (and admins) 3756 $visible_sql = " AND p.visible >= -1"; 3757 } 3758 3759 $query = $db->query(" 3760 SELECT COUNT(p.pid) AS count 3761 FROM ".TABLE_PREFIX."posts p 3762 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid) 3763 WHERE {$post_ip_sql}{$where_sql}{$visible_sql} 3764 "); 3765 $post_results = $db->fetch_field($query, "count"); 3766 } 3767 } 3768 3769 // Searching user IP addresses 3770 if(isset($mybb->input['search_users'])) 3771 { 3772 $user_ip_sql = ''; 3773 if($ip_range) 3774 { 3775 if(!is_array($ip_range)) 3776 { 3777 $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range); 3778 } 3779 else 3780 { 3781 $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary(