[ Index ]

PHP Cross Reference of MyBB 1.8.39

title

Body

[close]

/ -> modcp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'modcp.php');
  13  
  14  $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation";
  15  $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview";
  16  $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning";
  17  $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info";
  18  $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts";
  19  $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist";
  20  $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link";
  21  $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link";
  22  $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away";
  23  $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link";
  24  $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete";
  25  $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread";
  26  $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active";
  27  $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text";
  28  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit";
  29  $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/functions_upload.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  require_once  MYBB_ROOT."inc/class_parser.php";
  36  $parser = new postParser;
  37  
  38  // Set up the array of ban times.
  39  $bantimes = fetch_ban_times();
  40  
  41  // Load global language phrases
  42  $lang->load("modcp");
  43  $lang->load("announcements");
  44  
  45  if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
  46  {
  47      error_no_permission();
  48  }
  49  
  50  if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
  51  {
  52      $mybb->settings['threadsperpage'] = 20;
  53  }
  54  
  55  $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach =
  56  $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = '';
  57  // SQL for fetching items only related to forums this user moderates
  58  $moderated_forums = array();
  59  $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  60  if($mybb->usergroup['issupermod'] != 1)
  61  {
  62      $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')");
  63      while($forum = $db->fetch_array($query))
  64      {
  65          $moderated_forums[] = $forum['fid'];
  66          $children = get_child_list($forum['fid']);
  67          if(is_array($children))
  68          {
  69              $moderated_forums = array_merge($moderated_forums, $children);
  70          }
  71      }
  72      $moderated_forums = array_unique($moderated_forums);
  73  
  74      $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  75      foreach($moderated_forums as $moderated_forum)
  76      {
  77          // For Announcements
  78          if(is_moderator($moderated_forum, 'canmanageannouncements'))
  79          {
  80              ++$numannouncements;
  81          }
  82  
  83          // For the Mod Queues
  84          if(is_moderator($moderated_forum, 'canapproveunapprovethreads'))
  85          {
  86              $flist_queue_threads .= ",'{$moderated_forum}'";
  87              ++$nummodqueuethreads;
  88          }
  89  
  90          if(is_moderator($moderated_forum, 'canapproveunapproveposts'))
  91          {
  92              $flist_queue_posts .= ",'{$moderated_forum}'";
  93              ++$nummodqueueposts;
  94          }
  95  
  96          if(is_moderator($moderated_forum, 'canapproveunapproveattachs'))
  97          {
  98              $flist_queue_attach .= ",'{$moderated_forum}'";
  99              ++$nummodqueueattach;
 100          }
 101  
 102          // For Reported posts
 103          if(is_moderator($moderated_forum, 'canmanagereportedposts'))
 104          {
 105              $flist_reports .= ",'{$moderated_forum}'";
 106              ++$numreportedposts;
 107          }
 108  
 109          // For the Mod Log
 110          if(is_moderator($moderated_forum, 'canviewmodlog'))
 111          {
 112              $flist_modlog .= ",'{$moderated_forum}'";
 113              ++$nummodlogs;
 114          }
 115  
 116          $flist .= ",'{$moderated_forum}'";
 117      }
 118      if($flist_queue_threads)
 119      {
 120          $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})";
 121          $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})";
 122      }
 123      if($flist_queue_posts)
 124      {
 125          $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})";
 126          $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})";
 127      }
 128      if($flist_queue_attach)
 129      {
 130          $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})";
 131          $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})";
 132      }
 133      if($flist_reports)
 134      {
 135          $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})";
 136          $tflist_reports = " AND r.id3 IN (0{$flist_reports})";
 137          $flist_reports = " AND id3 IN (0{$flist_reports})";
 138      }
 139      if($flist_modlog)
 140      {
 141          $tflist_modlog = " AND t.fid IN (0{$flist_modlog})";
 142          $flist_modlog = " AND fid IN (0{$flist_modlog})";
 143      }
 144      if($flist)
 145      {
 146          $tflist = " AND t.fid IN (0{$flist})";
 147          $flist = " AND fid IN (0{$flist})";
 148      }
 149  }
 150  
 151  // Retrieve a list of unviewable forums
 152  $unviewableforums = get_unviewable_forums();
 153  $inactiveforums = get_inactive_forums();
 154  $unviewablefids1 = $unviewablefids2 = array();
 155  
 156  if($unviewableforums)
 157  {
 158      $flist .= " AND fid NOT IN ({$unviewableforums})";
 159      $tflist .= " AND t.fid NOT IN ({$unviewableforums})";
 160  
 161      $unviewablefids1 = explode(',', $unviewableforums);
 162  }
 163  
 164  if($inactiveforums)
 165  {
 166      $flist .= " AND fid NOT IN ({$inactiveforums})";
 167      $tflist .= " AND t.fid NOT IN ({$inactiveforums})";
 168  
 169      $unviewablefids2 = explode(',', $inactiveforums);
 170  }
 171  
 172  $unviewableforums = array_merge($unviewablefids1, $unviewablefids2);
 173  
 174  if(!isset($collapsedimg['modcpforums']))
 175  {
 176      $collapsedimg['modcpforums'] = '';
 177  }
 178  
 179  if(!isset($collapsed['modcpforums_e']))
 180  {
 181      $collapsed['modcpforums_e'] = '';
 182  }
 183  
 184  if(!isset($collapsedimg['modcpusers']))
 185  {
 186      $collapsedimg['modcpusers'] = '';
 187  }
 188  
 189  if(!isset($collapsed['modcpusers_e']))
 190  {
 191      $collapsed['modcpusers_e'] = '';
 192  }
 193  
 194  // Fetch the Mod CP menu
 195  $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = '';
 196  if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1)
 197  {
 198      eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";");
 199  }
 200  
 201  if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1)
 202  {
 203      eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";");
 204  }
 205  
 206  if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1)
 207  {
 208      eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";");
 209  }
 210  
 211  if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1)
 212  {
 213      eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";");
 214  }
 215  
 216  if($mybb->usergroup['caneditprofiles'] == 1)
 217  {
 218      eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";");
 219  }
 220  
 221  if($mybb->usergroup['canbanusers'] == 1)
 222  {
 223      eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";");
 224  }
 225  
 226  if($mybb->usergroup['canviewwarnlogs'] == 1)
 227  {
 228      eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";");
 229  }
 230  
 231  if($mybb->usergroup['canuseipsearch'] == 1)
 232  {
 233      eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";");
 234  }
 235  
 236  $plugins->run_hooks("modcp_nav");
 237  
 238  if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs))
 239  {
 240      $expaltext = (in_array("modcpforums", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;
 241      eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";");
 242  }
 243  
 244  if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch))
 245  {
 246      $expaltext = (in_array("modcpusers", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;
 247      eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";");
 248  }
 249  
 250  eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";");
 251  
 252  $plugins->run_hooks("modcp_start");
 253  
 254  // Make navigation
 255  add_breadcrumb($lang->nav_modcp, "modcp.php");
 256  
 257  $mybb->input['action'] = $mybb->get_input('action');
 258  if($mybb->input['action'] == "do_reports")
 259  {
 260      // Verify incoming POST request
 261      verify_post_check($mybb->get_input('my_post_key'));
 262  
 263      $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY);
 264      if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports']))
 265      {
 266          error($lang->error_noselected_reports);
 267      }
 268  
 269      $message = $lang->redirect_reportsmarked;
 270  
 271      if(isset($mybb->cookies['inlinereports']))
 272      {
 273          if($mybb->cookies['inlinereports'] == '|ALL|') {
 274              $message = $lang->redirect_allreportsmarked;
 275              $sql = "1=1";
 276              if(isset($mybb->cookies['inlinereports_removed']))
 277              {
 278                  $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']);
 279                  $reports = array_map("intval", $inlinereportremovedlist);
 280                  $rids = implode("','", $reports);
 281                  $sql = "rid NOT IN ('0','{$rids}')";
 282              }
 283          }
 284          else
 285          {
 286              $inlinereportlist = explode("|", $mybb->cookies['inlinereports']);
 287              $reports = array_map("intval", $inlinereportlist);
 288  
 289              if(!count($reports))
 290              {
 291                  error($lang->error_noselected_reports);
 292              }
 293  
 294              $rids = implode("','", $reports);
 295  
 296              $sql = "rid IN ('0','{$rids}')";
 297          }
 298      }
 299      else
 300      {
 301          $mybb->input['reports'] = array_map("intval", $mybb->input['reports']);
 302          $rids = implode("','", $mybb->input['reports']);
 303  
 304          $sql = "rid IN ('0','{$rids}')";
 305      }
 306  
 307      $plugins->run_hooks("modcp_do_reports");
 308  
 309      $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}");
 310      $cache->update_reportedcontent();
 311  
 312      my_unsetcookie('inlinereports');
 313      my_unsetcookie('inlinereports_removed');
 314  
 315      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 316  
 317      redirect("modcp.php?action=reports&page={$page}", $message);
 318  }
 319  
 320  if($mybb->input['action'] == "reports")
 321  {
 322      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 323      {
 324          error_no_permission();
 325      }
 326  
 327      if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1)
 328      {
 329          error($lang->you_cannot_view_reported_posts);
 330      }
 331  
 332      $lang->load('report');
 333      add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports");
 334  
 335      $perpage = $mybb->settings['threadsperpage'];
 336      if(!$perpage)
 337      {
 338          $perpage = 20;
 339      }
 340  
 341      // Multipage
 342      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 343      {
 344          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'");
 345          $report_count = $db->fetch_field($query, "count");
 346      }
 347      else
 348      {
 349          $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')");
 350  
 351          $report_count = 0;
 352          while($fid = $db->fetch_field($query, 'id3'))
 353          {
 354              if(is_moderator($fid, "canmanagereportedposts"))
 355              {
 356                  ++$report_count;
 357              }
 358          }
 359          unset($fid);
 360      }
 361  
 362      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 363  
 364      $postcount = (int)$report_count;
 365      $pages = $postcount / $perpage;
 366      $pages = ceil($pages);
 367  
 368      if($page > $pages || $page <= 0)
 369      {
 370          $page = 1;
 371      }
 372  
 373      if($page && $page > 0)
 374      {
 375          $start = ($page-1) * $perpage;
 376      }
 377      else
 378      {
 379          $start = 0;
 380          $page = 1;
 381      }
 382  
 383      $multipage = $reportspages = '';
 384      if($postcount > $perpage)
 385      {
 386          $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports");
 387          eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 388      }
 389  
 390      $plugins->run_hooks("modcp_reports_start");
 391  
 392      // Reports
 393      $reports = $selectall = '';
 394      $inlinecount = 0;
 395  
 396      $query = $db->query("
 397          SELECT r.*, u.username, rr.title
 398          FROM ".TABLE_PREFIX."reportedcontent r
 399          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid)
 400          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 401          WHERE r.reportstatus = '0'{$tflist_reports}
 402          ORDER BY r.reports DESC
 403          LIMIT {$start}, {$perpage}
 404      ");
 405  
 406      if(!$db->num_rows($query))
 407      {
 408          // No unread reports
 409          eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";");
 410      }
 411      else
 412      {
 413          $reportedcontent = $cache->read("reportedcontent");
 414          $reportcache = $usercache = $postcache = array();
 415  
 416          while($report = $db->fetch_array($query))
 417          {
 418              if($report['type'] == 'profile' || $report['type'] == 'reputation')
 419              {
 420                  // Profile UID is in ID
 421                  if(!isset($usercache[$report['id']]))
 422                  {
 423                      $usercache[$report['id']] = $report['id'];
 424                  }
 425  
 426                  // Reputation comment? The offender is the ID2
 427                  if($report['type'] == 'reputation')
 428                  {
 429                      if(!isset($usercache[$report['id2']]))
 430                      {
 431                          $usercache[$report['id2']] = $report['id2'];
 432                      }
 433                      if(!isset($usercache[$report['id3']]))
 434                      {
 435                          // The user who was offended
 436                          $usercache[$report['id3']] = $report['id3'];
 437                      }
 438                  }
 439              }
 440              else if(!$report['type'] || $report['type'] == 'post')
 441              {
 442                  // This (should) be a post
 443                  $postcache[$report['id']] = $report['id'];
 444              }
 445  
 446              // Lastpost info - is it missing (pre-1.8)?
 447              $lastposter = $report['uid'];
 448              if(!$report['lastreport'])
 449              {
 450                  // Last reporter is our first reporter
 451                  $report['lastreport'] = $report['dateline'];
 452              }
 453  
 454              if($report['reporters'])
 455              {
 456                  $reporters = my_unserialize($report['reporters']);
 457  
 458                  if(is_array($reporters))
 459                  {
 460                      $lastposter = end($reporters);
 461                  }
 462              }
 463  
 464              if(!isset($usercache[$lastposter]))
 465              {
 466                  $usercache[$lastposter] = $lastposter;
 467              }
 468  
 469              $report['lastreporter'] = $lastposter;
 470              $reportcache[] = $report;
 471          }
 472  
 473          // Report Center gets messy
 474          // Find information about our users (because we don't log it when they file a report)
 475          if(!empty($usercache))
 476          {
 477              $sql = implode(',', array_keys($usercache));
 478              $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})");
 479  
 480              while($user = $db->fetch_array($query))
 481              {
 482                  $usercache[$user['uid']] = $user;
 483              }
 484          }
 485  
 486          // Messy * 2
 487          // Find out post information for our reported posts
 488          if(!empty($postcache))
 489          {
 490              $sql = implode(',', array_keys($postcache));
 491              $query = $db->query("
 492                  SELECT p.pid, p.uid, p.username, p.tid, t.subject
 493                  FROM ".TABLE_PREFIX."posts p
 494                  LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid)
 495                  WHERE p.pid IN ({$sql})
 496              ");
 497  
 498              while($post = $db->fetch_array($query))
 499              {
 500                  $postcache[$post['pid']] = $post;
 501              }
 502          }
 503  
 504          $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache));
 505          $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count);
 506          $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count);
 507          eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";");
 508  
 509          $plugins->run_hooks('modcp_reports_intermediate');
 510  
 511          // Now that we have all of the information needed, display the reports
 512          foreach($reportcache as $report)
 513          {
 514              $trow = alt_trow();
 515  
 516              if(!$report['type'])
 517              {
 518                  // Assume a post
 519                  $report['type'] = 'post';
 520              }
 521  
 522              // Report Information
 523              $report_data = array();
 524  
 525              switch($report['type'])
 526              {
 527                  case 'post':
 528                      $post = get_post_link($report['id'])."#pid{$report['id']}";
 529                      $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']);
 530                      $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 531  
 532                      $thread_link = get_thread_link($postcache[$report['id']]['tid']);
 533                      $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject']));
 534                      $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 535  
 536                      break;
 537                  case 'profile':
 538                      $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']);
 539                      $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 540                      break;
 541                  case 'reputation':
 542                      $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}";
 543                      $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']);
 544                      $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user);
 545  
 546                      $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']);
 547                      $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user);
 548                      break;
 549              }
 550  
 551              // Report reason and comment
 552              if($report['reasonid'] > 0)
 553              {
 554                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 555  
 556                  if(empty($report['reason']))
 557                  {
 558                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 559                  }
 560                  else
 561                  {
 562                      $comment = htmlspecialchars_uni($report['reason']);
 563                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 564                  }
 565              }
 566              else
 567              {
 568                  $report_data['comment'] = $lang->na;
 569              }
 570  
 571              $report_reports = 1;
 572              if($report['reports'])
 573              {
 574                  $report_data['reports'] = my_number_format($report['reports']);
 575              }
 576  
 577              if($report['lastreporter'])
 578              {
 579                  if(is_array($usercache[$report['lastreporter']]))
 580                  {
 581                      $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']);
 582                  }
 583                  elseif($usercache[$report['lastreporter']] > 0)
 584                  {
 585                      $lastreport_user = htmlspecialchars_uni($lang->na_deleted);
 586                  }
 587  
 588                  $lastreport_date = my_date('relative', $report['lastreport']);
 589                  $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user);
 590              }
 591  
 592              $inlinecheck = '';
 593              if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false)
 594              {
 595                  $inlinecheck = " checked=\"checked\"";
 596                  ++$inlinecount;
 597              }
 598  
 599              $plugins->run_hooks("modcp_reports_report");
 600              eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";");
 601          }
 602      }
 603  
 604      $plugins->run_hooks("modcp_reports_end");
 605  
 606      eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";");
 607      output_page($reportedcontent);
 608  }
 609  
 610  if($mybb->input['action'] == "allreports")
 611  {
 612      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 613      {
 614          error_no_permission();
 615      }
 616  
 617      $lang->load('report');
 618  
 619      add_breadcrumb($lang->report_center, "modcp.php?action=reports");
 620      add_breadcrumb($lang->all_reports, "modcp.php?action=allreports");
 621  
 622      if(!$mybb->settings['threadsperpage'])
 623      {
 624          $mybb->settings['threadsperpage'] = 20;
 625      }
 626  
 627      // Figure out if we need to display multiple pages.
 628      $perpage = $mybb->settings['threadsperpage'];
 629      if($mybb->get_input('page') != "last")
 630      {
 631          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 632      }
 633  
 634      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 635      {
 636          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count");
 637          $report_count = $db->fetch_field($query, "count");
 638      }
 639      else
 640      {
 641          $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''");
 642  
 643          $report_count = 0;
 644          while($fid = $db->fetch_field($query, 'id3'))
 645          {
 646              if(is_moderator($fid, "canmanagereportedposts"))
 647              {
 648                  ++$report_count;
 649              }
 650          }
 651          unset($fid);
 652      }
 653  
 654      if(isset($mybb->input['rid']))
 655      {
 656          $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT);
 657          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'");
 658          $result = $db->fetch_field($query, "count");
 659          if(($result % $perpage) == 0)
 660          {
 661              $page = $result / $perpage;
 662          }
 663          else
 664          {
 665              $page = (int)$result / $perpage + 1;
 666          }
 667      }
 668      $postcount = (int)$report_count;
 669      $pages = $postcount / $perpage;
 670      $pages = ceil($pages);
 671  
 672      if($mybb->get_input('page') == "last")
 673      {
 674          $page = $pages;
 675      }
 676  
 677      if($page > $pages || $page <= 0)
 678      {
 679          $page = 1;
 680      }
 681  
 682      if($page)
 683      {
 684          $start = ($page-1) * $perpage;
 685      }
 686      else
 687      {
 688          $start = 0;
 689          $page = 1;
 690      }
 691      $upper = $start+$perpage;
 692  
 693      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
 694      $allreportspages = '';
 695      if($postcount > $perpage)
 696      {
 697          eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 698      }
 699  
 700      $plugins->run_hooks("modcp_allreports_start");
 701  
 702      $query = $db->query("
 703          SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title
 704          FROM ".TABLE_PREFIX."reportedcontent r
 705          LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid)
 706          LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)
 707          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
 708          LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
 709          LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id)
 710          LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2)
 711          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 712          {$wflist_reports}
 713          ORDER BY r.dateline DESC
 714          LIMIT {$start}, {$perpage}
 715      ");
 716  
 717      $allreports = '';
 718      if(!$db->num_rows($query))
 719      {
 720          eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";");
 721      }
 722      else
 723      {
 724          while($report = $db->fetch_array($query))
 725          {
 726              $trow = alt_trow();
 727  
 728              if($report['type'] == 'post')
 729              {
 730                  $post = get_post_link($report['id'])."#pid{$report['id']}";
 731                  $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']);
 732                  $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 733  
 734                  $thread_link = get_thread_link($report['id2']);
 735                  $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject']));
 736                  $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 737              }
 738              else if($report['type'] == 'profile')
 739              {
 740                  $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']);
 741                  $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 742              }
 743              else if($report['type'] == 'reputation')
 744              {
 745                  $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']);
 746                  $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}";
 747                  $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user);
 748              }
 749  
 750              // Report reason and comment
 751              if($report['reasonid'] > 0)
 752              {
 753                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 754  
 755                  if(empty($report['reason']))
 756                  {
 757                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 758                  }
 759                  else
 760                  {
 761                      $comment = htmlspecialchars_uni($report['reason']);
 762                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 763                  }
 764              }
 765              else
 766              {
 767                  $report_data['comment'] = $lang->na;
 768              }
 769  
 770              $report['reporterlink'] = get_profile_link($report['uid']);
 771              if(!$report['username'])
 772              {
 773                  $report['username'] = $lang->na_deleted;
 774                  $report['reporterlink'] = $post;
 775              }
 776              $report['username'] = htmlspecialchars_uni($report['username']);
 777  
 778              $report_data['reports'] = my_number_format($report['reports']);
 779              $report_data['time'] = my_date('relative', $report['dateline']);
 780  
 781              $plugins->run_hooks("modcp_allreports_report");
 782              eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";");
 783          }
 784      }
 785  
 786      $plugins->run_hooks("modcp_allreports_end");
 787  
 788      eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";");
 789      output_page($allreportedcontent);
 790  }
 791  
 792  if($mybb->input['action'] == "modlogs")
 793  {
 794      if($mybb->usergroup['canviewmodlogs'] == 0)
 795      {
 796          error_no_permission();
 797      }
 798  
 799      if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1)
 800      {
 801          error($lang->you_cannot_view_mod_logs);
 802      }
 803  
 804      add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");
 805  
 806      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
 807      if(!$perpage || $perpage <= 0)
 808      {
 809          $perpage = $mybb->settings['threadsperpage'];
 810      }
 811  
 812      $where = '';
 813  
 814      // Searching for entries by a particular user
 815      if($mybb->get_input('uid', MyBB::INPUT_INT))
 816      {
 817          $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
 818      }
 819  
 820      // Searching for entries in a specific forum
 821      if($mybb->get_input('fid', MyBB::INPUT_INT))
 822      {
 823          $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
 824      }
 825  
 826      $mybb->input['sortby'] = $mybb->get_input('sortby');
 827  
 828      // Order?
 829      switch($mybb->input['sortby'])
 830      {
 831          case "username":
 832              $sortby = "u.username";
 833              break;
 834          case "forum":
 835              $sortby = "f.name";
 836              break;
 837          case "thread":
 838              $sortby = "t.subject";
 839              break;
 840          default:
 841              $sortby = "l.dateline";
 842      }
 843      $order = $mybb->get_input('order');
 844      if($order != "asc")
 845      {
 846          $order = "desc";
 847      }
 848  
 849      $plugins->run_hooks("modcp_modlogs_start");
 850  
 851      $query = $db->query("
 852          SELECT COUNT(l.dateline) AS count
 853          FROM ".TABLE_PREFIX."moderatorlog l
 854          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 855          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 856          WHERE 1=1 {$where}{$tflist_modlog}
 857      ");
 858      $rescount = $db->fetch_field($query, "count");
 859  
 860      // Figure out if we need to display multiple pages.
 861      if($mybb->get_input('page') != "last")
 862      {
 863          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 864      }
 865  
 866      $postcount = (int)$rescount;
 867      $pages = $postcount / $perpage;
 868      $pages = ceil($pages);
 869  
 870      if($mybb->get_input('page') == "last")
 871      {
 872          $page = $pages;
 873      }
 874  
 875      if($page > $pages || $page <= 0)
 876      {
 877          $page = 1;
 878      }
 879  
 880      if($page)
 881      {
 882          $start = ($page-1) * $perpage;
 883      }
 884      else
 885      {
 886          $start = 0;
 887          $page = 1;
 888      }
 889  
 890      $page_url = 'modcp.php?action=modlogs&amp;perpage='.$perpage;
 891      foreach(array('uid', 'fid') as $field)
 892      {
 893          $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT);
 894          if(!empty($mybb->input[$field]))
 895          {
 896              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 897          }
 898      }
 899      foreach(array('sortby', 'order') as $field)
 900      {
 901          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
 902          if(!empty($mybb->input[$field]))
 903          {
 904              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 905          }
 906      }
 907  
 908      $multipage = multipage($postcount, $perpage, $page, $page_url);
 909      $resultspages = '';
 910      if($postcount > $perpage)
 911      {
 912          eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");
 913      }
 914      $query = $db->query("
 915          SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
 916          FROM ".TABLE_PREFIX."moderatorlog l
 917          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 918          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 919          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
 920          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
 921          WHERE 1=1 {$where}{$tflist_modlog}
 922          ORDER BY {$sortby} {$order}
 923          LIMIT {$start}, {$perpage}
 924      ");
 925      $results = '';
 926      while($logitem = $db->fetch_array($query))
 927      {
 928          $information = '';
 929          $logitem['action'] = htmlspecialchars_uni($logitem['action']);
 930          $log_date = my_date('relative', $logitem['dateline']);
 931          $trow = alt_trow();
 932          if($logitem['username'])
 933          {
 934              $logitem['username'] = htmlspecialchars_uni($logitem['username']);
 935              $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
 936              $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
 937          }
 938          else
 939          {
 940              $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted);
 941          }
 942          $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress']));
 943  
 944          if($logitem['tsubject'])
 945          {
 946              $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject']));
 947              $logitem['thread'] = get_thread_link($logitem['tid']);
 948              eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";");
 949          }
 950          if($logitem['fname'])
 951          {
 952              $logitem['forum'] = get_forum_link($logitem['fid']);
 953              eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";");
 954          }
 955          if($logitem['psubject'])
 956          {
 957              $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject']));
 958              $logitem['post'] = get_post_link($logitem['pid']);
 959              eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";");
 960          }
 961  
 962          // Edited a user or managed announcement?
 963          if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
 964          {
 965              $data = my_unserialize($logitem['data']);
 966              if(!empty($data['uid']))
 967              {
 968                  $data['username'] = htmlspecialchars_uni($data['username']);
 969                  $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
 970              }
 971              if(!empty($data['aid']))
 972              {
 973                  $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject']));
 974                  $data['announcement'] = get_announcement_link($data['aid']);
 975                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";");
 976              }
 977          }
 978  
 979          $plugins->run_hooks("modcp_modlogs_result");
 980  
 981          eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");
 982      }
 983  
 984      if(!$results)
 985      {
 986          eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");
 987      }
 988  
 989      $plugins->run_hooks("modcp_modlogs_filter");
 990  
 991      // Fetch filter options
 992      $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => '');
 993      $sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";
 994      $ordersel = array('asc' => '', 'desc' => '');
 995      $ordersel[$order] = "selected=\"selected\"";
 996      $user_options = '';
 997      $query = $db->query("
 998          SELECT DISTINCT l.uid, u.username
 999          FROM ".TABLE_PREFIX."moderatorlog l
1000          LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid)
1001          ORDER BY u.username ASC
1002      ");
1003      while($user = $db->fetch_array($query))
1004      {
1005          // Deleted Users
1006          if(!$user['username'])
1007          {
1008              $user['username'] = $lang->na_deleted;
1009          }
1010  
1011          $selected = '';
1012          if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid'])
1013          {
1014              $selected = " selected=\"selected\"";
1015          }
1016  
1017          $user['username'] = htmlspecialchars_uni($user['username']);
1018          eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";");
1019      }
1020  
1021      $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid");
1022  
1023      eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";");
1024      output_page($modlogs);
1025  }
1026  
1027  if($mybb->input['action'] == "do_delete_announcement")
1028  {
1029      verify_post_check($mybb->get_input('my_post_key'));
1030  
1031      if($mybb->usergroup['canmanageannounce'] == 0)
1032      {
1033          error_no_permission();
1034      }
1035  
1036      $aid = $mybb->get_input('aid');
1037      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1038      $announcement = $db->fetch_array($query);
1039  
1040      if(!$announcement)
1041      {
1042          error($lang->error_invalid_announcement);
1043      }
1044      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1045      {
1046          error_no_permission();
1047      }
1048  
1049      $plugins->run_hooks("modcp_do_delete_announcement");
1050  
1051      $db->delete_query("announcements", "aid='{$aid}'");
1052      log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted);
1053      $cache->update_forumsdisplay();
1054  
1055      redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);
1056  }
1057  
1058  if($mybb->input['action'] == "delete_announcement")
1059  {
1060      if($mybb->usergroup['canmanageannounce'] == 0)
1061      {
1062          error_no_permission();
1063      }
1064  
1065      $aid = $mybb->get_input('aid');
1066      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1067  
1068      $announcement = $db->fetch_array($query);
1069      $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1070  
1071      if(!$announcement)
1072      {
1073          error($lang->error_invalid_announcement);
1074      }
1075  
1076      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1077      {
1078          error_no_permission();
1079      }
1080  
1081      $plugins->run_hooks("modcp_delete_announcement");
1082  
1083      eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
1084      output_page($announcements);
1085  }
1086  
1087  if($mybb->input['action'] == "do_new_announcement")
1088  {
1089      verify_post_check($mybb->get_input('my_post_key'));
1090  
1091      if($mybb->usergroup['canmanageannounce'] == 0)
1092      {
1093          error_no_permission();
1094      }
1095  
1096      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1097      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1098      {
1099          error_no_permission();
1100      }
1101  
1102      $errors = array();
1103  
1104      $mybb->input['title'] = $mybb->get_input('title');
1105      if(!trim($mybb->input['title']))
1106      {
1107          $errors[] = $lang->error_missing_title;
1108      }
1109  
1110      $mybb->input['message'] = $mybb->get_input('message');
1111      if(!trim($mybb->input['message']))
1112      {
1113          $errors[] = $lang->error_missing_message;
1114      }
1115  
1116      if(!$announcement_fid)
1117      {
1118          $errors[] = $lang->error_missing_forum;
1119      }
1120  
1121      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1122      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1123      $startdate = @explode(" ", $mybb->input['starttime_time']);
1124      $startdate = @explode(":", $startdate[0]);
1125      $enddate = @explode(" ", $mybb->input['endtime_time']);
1126      $enddate = @explode(":", $enddate[0]);
1127  
1128      if(stristr($mybb->input['starttime_time'], "pm"))
1129      {
1130          $startdate[0] = 12+$startdate[0];
1131          if($startdate[0] >= 24)
1132          {
1133              $startdate[0] = "00";
1134          }
1135      }
1136  
1137      if(stristr($mybb->input['endtime_time'], "pm"))
1138      {
1139          $enddate[0] = 12+$enddate[0];
1140          if($enddate[0] >= 24)
1141          {
1142              $enddate[0] = "00";
1143          }
1144      }
1145  
1146      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1147      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1148      if(!in_array($mybb->input['starttime_month'], $months))
1149      {
1150          $mybb->input['starttime_month'] = '01';
1151      }
1152  
1153      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1154  
1155      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1156      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1157      {
1158          $errors[] = $lang->error_invalid_start_date;
1159      }
1160  
1161      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2)
1162      {
1163          $enddate = '0';
1164          $mybb->input['endtime_month'] = '01';
1165      }
1166      else
1167      {
1168          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1169          if(!in_array($mybb->input['endtime_month'], $months))
1170          {
1171              $mybb->input['endtime_month'] = '01';
1172          }
1173          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1174          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1175          {
1176              $errors[] = $lang->error_invalid_end_date;
1177          }
1178  
1179          if($enddate <= $startdate)
1180          {
1181              $errors[] = $lang->error_end_before_start;
1182          }
1183      }
1184  
1185      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1186      {
1187          $allowhtml = 1;
1188      }
1189      else
1190      {
1191          $allowhtml = 0;
1192      }
1193      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1194      {
1195          $allowmycode = 1;
1196      }
1197      else
1198      {
1199          $allowmycode = 0;
1200      }
1201      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1202      {
1203          $allowsmilies = 1;
1204      }
1205      else
1206      {
1207          $allowsmilies = 0;
1208      }
1209  
1210      $plugins->run_hooks("modcp_do_new_announcement_start");
1211  
1212      if(!$errors)
1213      {
1214          if(isset($mybb->input['preview']))
1215          {
1216              $preview = array();
1217              $mybb->input['action'] = 'new_announcement';
1218          }
1219          else
1220          {
1221              $insert_announcement = array(
1222                  'fid' => $announcement_fid,
1223                  'uid' => $mybb->user['uid'],
1224                  'subject' => $db->escape_string($mybb->input['title']),
1225                  'message' => $db->escape_string($mybb->input['message']),
1226                  'startdate' => $startdate,
1227                  'enddate' => $enddate,
1228                  'allowhtml' => $allowhtml,
1229                  'allowmycode' => $allowmycode,
1230                  'allowsmilies' => $allowsmilies
1231              );
1232              $aid = $db->insert_query("announcements", $insert_announcement);
1233  
1234              log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added);
1235  
1236              $plugins->run_hooks("modcp_do_new_announcement_end");
1237  
1238              $cache->update_forumsdisplay();
1239              redirect("modcp.php?action=announcements", $lang->redirect_add_announcement);
1240          }
1241      }
1242      else
1243      {
1244          $mybb->input['action'] = 'new_announcement';
1245      }
1246  }
1247  
1248  if($mybb->input['action'] == "new_announcement")
1249  {
1250      if($mybb->usergroup['canmanageannounce'] == 0)
1251      {
1252          error_no_permission();
1253      }
1254  
1255      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1256      add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements");
1257  
1258      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1259  
1260      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1261      {
1262          error_no_permission();
1263      }
1264  
1265      // Deal with inline errors
1266      if(!empty($errors) || isset($preview))
1267      {
1268          if(!empty($errors))
1269          {
1270              $errors = inline_error($errors);
1271          }
1272          else
1273          {
1274              $errors = '';
1275          }
1276  
1277          // Set $announcement to input stuff
1278          $announcement['subject'] = $mybb->input['title'];
1279          $announcement['message'] = $mybb->input['message'];
1280          $announcement['allowhtml'] = $allowhtml;
1281          $announcement['allowmycode'] = $allowmycode;
1282          $announcement['allowsmilies'] = $allowsmilies;
1283  
1284          $startmonth = $mybb->input['starttime_month'];
1285          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1286          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1287          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1288          $endmonth = $mybb->input['endtime_month'];
1289          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1290          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1291          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1292      }
1293      else
1294      {
1295          $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1296  
1297          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1298          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1299          $startday = $endday = gmdate("j", $localized_time);
1300          $startmonth = $endmonth = gmdate("m", $localized_time);
1301          $startdateyear = gmdate("Y", $localized_time);
1302  
1303          $announcement = array(
1304              'subject' => '',
1305              'message' => '',
1306              'allowhtml' => 0,
1307              'allowmycode' => 1,
1308              'allowsmilies' => 1
1309              );
1310  
1311          $enddateyear = $startdateyear+1;
1312      }
1313  
1314      // Generate form elements
1315      $startdateday = $enddateday = '';
1316      for($day = 1; $day <= 31; ++$day)
1317      {
1318          if($startday == $day)
1319          {
1320              $selected = " selected=\"selected\"";
1321              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1322          }
1323          else
1324          {
1325              $selected = '';
1326              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1327          }
1328  
1329          if($endday == $day)
1330          {
1331              $selected = " selected=\"selected\"";
1332              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1333          }
1334          else
1335          {
1336              $selected = '';
1337              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1338          }
1339      }
1340  
1341      $startmonthsel = $endmonthsel = array();
1342      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1343      {
1344          $startmonthsel[$month] = '';
1345          $endmonthsel[$month] = '';
1346      }
1347      $startmonthsel[$startmonth] = "selected=\"selected\"";
1348      $endmonthsel[$endmonth] = "selected=\"selected\"";
1349  
1350      $startdatemonth = $enddatemonth = '';
1351  
1352      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1353      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1354  
1355      $title = htmlspecialchars_uni($announcement['subject']);
1356      $message = htmlspecialchars_uni($announcement['message']);
1357  
1358      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1359  
1360      if($mybb->settings['announcementshtml'])
1361      {
1362          if($announcement['allowhtml'])
1363          {
1364              $html_sel['yes'] = ' checked="checked"';
1365          }
1366          else
1367          {
1368              $html_sel['no'] = ' checked="checked"';
1369          }
1370  
1371          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1372      }
1373      else
1374      {
1375          $allow_html = '';
1376      }
1377  
1378      if($announcement['allowmycode'])
1379      {
1380          $mycode_sel['yes'] = ' checked="checked"';
1381      }
1382      else
1383      {
1384          $mycode_sel['no'] = ' checked="checked"';
1385      }
1386  
1387      if($announcement['allowsmilies'])
1388      {
1389          $smilies_sel['yes'] = ' checked="checked"';
1390      }
1391      else
1392      {
1393          $smilies_sel['no'] = ' checked="checked"';
1394      }
1395  
1396      $end_type_sel = array('infinite' => '', 'finite' => '');
1397      if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2)
1398      {
1399          $end_type_sel['infinite'] = ' checked="checked"';
1400      }
1401      else
1402      {
1403          $end_type_sel['finite'] = ' checked="checked"';
1404      }
1405  
1406      // MyCode editor
1407      $codebuttons = build_mycode_inserter();
1408      $smilieinserter = build_clickable_smilies();
1409  
1410      if(isset($preview))
1411      {
1412          $announcementarray = array(
1413              'aid' => 0,
1414              'fid' => $announcement_fid,
1415              'uid' => $mybb->user['uid'],
1416              'subject' => $mybb->input['title'],
1417              'message' => $mybb->input['message'],
1418              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1419              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1420              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1421              'dateline' => TIME_NOW,
1422              'userusername' => $mybb->user['username'],
1423          );
1424  
1425          $array = $mybb->user;
1426          foreach($array as $key => $element)
1427          {
1428              $announcementarray[$key] = $element;
1429          }
1430  
1431          // Gather usergroup data from the cache
1432          // Field => Array Key
1433          $data_key = array(
1434              'title' => 'grouptitle',
1435              'usertitle' => 'groupusertitle',
1436              'stars' => 'groupstars',
1437              'starimage' => 'groupstarimage',
1438              'image' => 'groupimage',
1439              'namestyle' => 'namestyle',
1440              'usereputationsystem' => 'usereputationsystem'
1441          );
1442  
1443          foreach($data_key as $field => $key)
1444          {
1445              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1446          }
1447  
1448          require_once  MYBB_ROOT."inc/functions_post.php";
1449          $postbit = build_postbit($announcementarray, 3);
1450          eval("\$preview = \"".$templates->get("previewpost")."\";");
1451      }
1452      else
1453      {
1454          $preview = '';
1455      }
1456  
1457      $plugins->run_hooks("modcp_new_announcement");
1458  
1459      eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";");
1460      output_page($announcements);
1461  }
1462  
1463  if($mybb->input['action'] == "do_edit_announcement")
1464  {
1465      verify_post_check($mybb->get_input('my_post_key'));
1466  
1467      if($mybb->usergroup['canmanageannounce'] == 0)
1468      {
1469          error_no_permission();
1470      }
1471  
1472      // Get the announcement
1473      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1474      $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1475      $announcement = $db->fetch_array($query);
1476  
1477      // Check that it exists
1478      if(!$announcement)
1479      {
1480          error($lang->error_invalid_announcement);
1481      }
1482  
1483      // Mod has permissions to edit this announcement
1484      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1485      {
1486          error_no_permission();
1487      }
1488  
1489      $errors = array();
1490  
1491      // Basic error checking
1492      $mybb->input['title'] = $mybb->get_input('title');
1493      if(!trim($mybb->input['title']))
1494      {
1495          $errors[] = $lang->error_missing_title;
1496      }
1497  
1498      $mybb->input['message'] = $mybb->get_input('message');
1499      if(!trim($mybb->input['message']))
1500      {
1501          $errors[] = $lang->error_missing_message;
1502      }
1503  
1504      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1505      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1506      $startdate = @explode(" ", $mybb->input['starttime_time']);
1507      $startdate = @explode(":", $startdate[0]);
1508      $enddate = @explode(" ", $mybb->input['endtime_time']);
1509      $enddate = @explode(":", $enddate[0]);
1510  
1511      if(stristr($mybb->input['starttime_time'], "pm"))
1512      {
1513          $startdate[0] = 12+$startdate[0];
1514          if($startdate[0] >= 24)
1515          {
1516              $startdate[0] = "00";
1517          }
1518      }
1519  
1520      if(stristr($mybb->input['endtime_time'], "pm"))
1521      {
1522          $enddate[0] = 12+$enddate[0];
1523          if($enddate[0] >= 24)
1524          {
1525              $enddate[0] = "00";
1526          }
1527      }
1528  
1529      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1530      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1531      if(!in_array($mybb->input['starttime_month'], $months))
1532      {
1533          $mybb->input['starttime_month'] = '01';
1534      }
1535  
1536      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1537  
1538      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1539      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1540      {
1541          $errors[] = $lang->error_invalid_start_date;
1542      }
1543  
1544      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2")
1545      {
1546          $enddate = '0';
1547          $mybb->input['endtime_month'] = '01';
1548      }
1549      else
1550      {
1551          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1552          if(!in_array($mybb->input['endtime_month'], $months))
1553          {
1554              $mybb->input['endtime_month'] = '01';
1555          }
1556          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1557          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1558          {
1559              $errors[] = $lang->error_invalid_end_date;
1560          }
1561          elseif($enddate <= $startdate)
1562          {
1563              $errors[] = $lang->error_end_before_start;
1564          }
1565      }
1566  
1567      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1568      {
1569          $allowhtml = 1;
1570      }
1571      else
1572      {
1573          $allowhtml = 0;
1574      }
1575      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1576      {
1577          $allowmycode = 1;
1578      }
1579      else
1580      {
1581          $allowmycode = 0;
1582      }
1583      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1584      {
1585          $allowsmilies = 1;
1586      }
1587      else
1588      {
1589          $allowsmilies = 0;
1590      }
1591  
1592      $plugins->run_hooks("modcp_do_edit_announcement_start");
1593  
1594      // Proceed to update if no errors
1595      if(!$errors)
1596      {
1597          if(isset($mybb->input['preview']))
1598          {
1599              $preview = array();
1600              $mybb->input['action'] = 'edit_announcement';
1601          }
1602          else
1603          {
1604              $update_announcement = array(
1605                  'uid' => $mybb->user['uid'],
1606                  'subject' => $db->escape_string($mybb->input['title']),
1607                  'message' => $db->escape_string($mybb->input['message']),
1608                  'startdate' => $startdate,
1609                  'enddate' => $enddate,
1610                  'allowhtml' => $allowhtml,
1611                  'allowmycode' => $allowmycode,
1612                  'allowsmilies' => $allowsmilies
1613              );
1614              $db->update_query("announcements", $update_announcement, "aid='{$aid}'");
1615  
1616              log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited);
1617  
1618              $plugins->run_hooks("modcp_do_edit_announcement_end");
1619  
1620              $cache->update_forumsdisplay();
1621              redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement);
1622          }
1623      }
1624      else
1625      {
1626          $mybb->input['action'] = 'edit_announcement';
1627      }
1628  }
1629  
1630  if($mybb->input['action'] == "edit_announcement")
1631  {
1632      if($mybb->usergroup['canmanageannounce'] == 0)
1633      {
1634          error_no_permission();
1635      }
1636  
1637      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1638  
1639      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1640      add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&amp;aid={$aid}");
1641  
1642      // Get announcement
1643      if(!isset($announcement) || $mybb->request_method != 'post')
1644      {
1645          $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1646          $announcement = $db->fetch_array($query);
1647      }
1648  
1649      if(!$announcement)
1650      {
1651          error($lang->error_invalid_announcement);
1652      }
1653      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1654      {
1655          error_no_permission();
1656      }
1657  
1658      if(!$announcement['startdate'])
1659      {
1660          // No start date? Make it now.
1661          $announcement['startdate'] = TIME_NOW;
1662      }
1663  
1664      $makeshift_end = false;
1665      if(!$announcement['enddate'])
1666      {
1667          $makeshift_end = true;
1668          $makeshift_time = TIME_NOW;
1669          if($announcement['startdate'])
1670          {
1671              $makeshift_time = $announcement['startdate'];
1672          }
1673  
1674          // No end date? Make it a year from now.
1675          $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366);
1676      }
1677  
1678      // Deal with inline errors
1679      if(!empty($errors) || isset($preview))
1680      {
1681          if(!empty($errors))
1682          {
1683              $errors = inline_error($errors);
1684          }
1685          else
1686          {
1687              $errors = '';
1688          }
1689  
1690          // Set $announcement to input stuff
1691          $announcement['subject'] = $mybb->input['title'];
1692          $announcement['message'] = $mybb->input['message'];
1693          $announcement['allowhtml'] = $allowhtml;
1694          $announcement['allowmycode'] = $allowmycode;
1695          $announcement['allowsmilies'] = $allowsmilies;
1696  
1697          $startmonth = $mybb->input['starttime_month'];
1698          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1699          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1700          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1701          $endmonth = $mybb->input['endtime_month'];
1702          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1703          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1704          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1705  
1706          $errored = true;
1707      }
1708      else
1709      {
1710          $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1711          $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1712  
1713          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate);
1714          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate);
1715  
1716          $startday = gmdate('j', $localized_time_startdate);
1717          $endday = gmdate('j', $localized_time_enddate);
1718  
1719          $startmonth = gmdate('m', $localized_time_startdate);
1720          $endmonth = gmdate('m', $localized_time_enddate);
1721  
1722          $startdateyear = gmdate('Y', $localized_time_startdate);
1723          $enddateyear = gmdate('Y', $localized_time_enddate);
1724  
1725          $errored = false;
1726      }
1727  
1728      // Generate form elements
1729      $startdateday = $enddateday = '';
1730      for($day = 1; $day <= 31; ++$day)
1731      {
1732          if($startday == $day)
1733          {
1734              $selected = " selected=\"selected\"";
1735              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1736          }
1737          else
1738          {
1739              $selected = '';
1740              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1741          }
1742  
1743          if($endday == $day)
1744          {
1745              $selected = " selected=\"selected\"";
1746              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1747          }
1748          else
1749          {
1750              $selected = '';
1751              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1752          }
1753      }
1754  
1755      $startmonthsel = $endmonthsel = array();
1756      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1757      {
1758          $startmonthsel[$month] = '';
1759          $endmonthsel[$month] = '';
1760      }
1761      $startmonthsel[$startmonth] = "selected=\"selected\"";
1762      $endmonthsel[$endmonth] = "selected=\"selected\"";
1763  
1764      $startdatemonth = $enddatemonth = '';
1765  
1766      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1767      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1768  
1769      $title = htmlspecialchars_uni($announcement['subject']);
1770      $message = htmlspecialchars_uni($announcement['message']);
1771  
1772      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1773  
1774      if($mybb->settings['announcementshtml'])
1775      {
1776          if($announcement['allowhtml'])
1777          {
1778              $html_sel['yes'] = ' checked="checked"';
1779          }
1780          else
1781          {
1782              $html_sel['no'] = ' checked="checked"';
1783          }
1784  
1785          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1786      }
1787      else
1788      {
1789          $allow_html = '';
1790      }
1791  
1792      if($announcement['allowmycode'])
1793      {
1794          $mycode_sel['yes'] = ' checked="checked"';
1795      }
1796      else
1797      {
1798          $mycode_sel['no'] = ' checked="checked"';
1799      }
1800  
1801      if($announcement['allowsmilies'])
1802      {
1803          $smilies_sel['yes'] = ' checked="checked"';
1804      }
1805      else
1806      {
1807          $smilies_sel['no'] = ' checked="checked"';
1808      }
1809  
1810      $end_type_sel = array('infinite' => '', 'finite' => '');
1811      if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true)
1812      {
1813          $end_type_sel['infinite'] = ' checked="checked"';
1814      }
1815      else
1816      {
1817          $end_type_sel['finite'] = ' checked="checked"';
1818      }
1819  
1820      // MyCode editor
1821      $codebuttons = build_mycode_inserter();
1822      $smilieinserter = build_clickable_smilies();
1823  
1824      if(isset($preview))
1825      {
1826          $announcementarray = array(
1827              'aid' => $announcement['aid'],
1828              'fid' => $announcement['fid'],
1829              'uid' => $mybb->user['uid'],
1830              'subject' => $mybb->input['title'],
1831              'message' => $mybb->input['message'],
1832              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1833              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1834              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1835              'dateline' => TIME_NOW,
1836              'userusername' => $mybb->user['username'],
1837          );
1838  
1839          $array = $mybb->user;
1840          foreach($array as $key => $element)
1841          {
1842              $announcementarray[$key] = $element;
1843          }
1844  
1845          // Gather usergroup data from the cache
1846          // Field => Array Key
1847          $data_key = array(
1848              'title' => 'grouptitle',
1849              'usertitle' => 'groupusertitle',
1850              'stars' => 'groupstars',
1851              'starimage' => 'groupstarimage',
1852              'image' => 'groupimage',
1853              'namestyle' => 'namestyle',
1854              'usereputationsystem' => 'usereputationsystem'
1855          );
1856  
1857          foreach($data_key as $field => $key)
1858          {
1859              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1860          }
1861  
1862          require_once  MYBB_ROOT."inc/functions_post.php";
1863          $postbit = build_postbit($announcementarray, 3);
1864          eval("\$preview = \"".$templates->get("previewpost")."\";");
1865      }
1866      else
1867      {
1868          $preview = '';
1869      }
1870  
1871      $plugins->run_hooks("modcp_edit_announcement");
1872  
1873      eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";");
1874      output_page($announcements);
1875  }
1876  
1877  if($mybb->input['action'] == "announcements")
1878  {
1879      if($mybb->usergroup['canmanageannounce'] == 0)
1880      {
1881          error_no_permission();
1882      }
1883  
1884      if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1)
1885      {
1886          error($lang->you_cannot_manage_announcements);
1887      }
1888  
1889      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1890  
1891      // Fetch announcements into their proper arrays
1892      $query = $db->simple_select("announcements", "aid, fid, subject, enddate");
1893      $announcements = $global_announcements = array();
1894      while($announcement = $db->fetch_array($query))
1895      {
1896          if($announcement['fid'] == -1)
1897          {
1898              $global_announcements[$announcement['aid']] = $announcement;
1899              continue;
1900          }
1901          $announcements[$announcement['fid']][$announcement['aid']] = $announcement;
1902      }
1903  
1904      $announcements_global = '';
1905      if($mybb->usergroup['issupermod'] == 1)
1906      {
1907          if($global_announcements && $mybb->usergroup['issupermod'] == 1)
1908          {
1909              // Get the global announcements
1910              foreach($global_announcements as $aid => $announcement)
1911              {
1912                  $trow = alt_trow();
1913                  if((isset($announcement['startdate']) && $announcement['startdate'] > TIME_NOW) || (isset($announcement['enddate']) && $announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0))
1914                  {
1915                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";");
1916                  }
1917                  else
1918                  {
1919                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";");
1920                  }
1921  
1922                  $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1923  
1924                  eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";");
1925              }
1926          }
1927          else
1928          {
1929              // No global announcements
1930              eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";");
1931          }
1932          eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";");
1933      }
1934  
1935      $announcements_forum = '';
1936      fetch_forum_announcements();
1937  
1938      if(!$announcements_forum)
1939      {
1940          eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";");
1941      }
1942  
1943      $plugins->run_hooks("modcp_announcements");
1944  
1945      eval("\$announcements = \"".$templates->get("modcp_announcements")."\";");
1946      output_page($announcements);
1947  }
1948  
1949  if($mybb->input['action'] == "do_modqueue")
1950  {
1951      require_once  MYBB_ROOT."inc/class_moderation.php";
1952      $moderation = new Moderation;
1953  
1954      // Verify incoming POST request
1955      verify_post_check($mybb->get_input('my_post_key'));
1956  
1957      if($mybb->usergroup['canmanagemodqueue'] == 0)
1958      {
1959          error_no_permission();
1960      }
1961  
1962      $plugins->run_hooks("modcp_do_modqueue_start");
1963  
1964      $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY);
1965      $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY);
1966      $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY);
1967      if(!empty($mybb->input['threads']))
1968      {
1969          $threads = array_map("intval", array_keys($mybb->input['threads']));
1970          $threads_to_approve = $threads_to_delete = array();
1971          // Fetch threads
1972          $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}");
1973          while($thread = $db->fetch_array($query))
1974          {
1975              if(!isset($mybb->input['threads'][$thread['tid']]))
1976              {
1977                  continue;
1978              }
1979              $action = $mybb->input['threads'][$thread['tid']];
1980              if($action == "approve")
1981              {
1982                  $threads_to_approve[] = $thread['tid'];
1983              }
1984              else if($action == "delete")
1985              {
1986                  $threads_to_delete[] = $thread['tid'];
1987              }
1988          }
1989          if(!empty($threads_to_approve))
1990          {
1991              $moderation->approve_threads($threads_to_approve);
1992              log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads);
1993          }
1994          if(!empty($threads_to_delete))
1995          {
1996              if($mybb->settings['soft_delete'] == 1)
1997              {
1998                  $moderation->soft_delete_threads($threads_to_delete);
1999                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads);
2000              }
2001              else
2002              {
2003                  foreach($threads_to_delete as $tid)
2004                  {
2005                      $moderation->delete_thread($tid);
2006                  }
2007                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads);
2008              }
2009          }
2010  
2011          $plugins->run_hooks("modcp_do_modqueue_end");
2012  
2013          redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated);
2014      }
2015      else if(!empty($mybb->input['posts']))
2016      {
2017          $posts = array_map("intval", array_keys($mybb->input['posts']));
2018          // Fetch posts
2019          $posts_to_approve = $posts_to_delete = array();
2020          $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}");
2021          while($post = $db->fetch_array($query))
2022          {
2023              if(!isset($mybb->input['posts'][$post['pid']]))
2024              {
2025                  continue;
2026              }
2027              $action = $mybb->input['posts'][$post['pid']];
2028              if($action == "approve")
2029              {
2030                  $posts_to_approve[] = $post['pid'];
2031              }
2032              else if($action == "delete" && $mybb->settings['soft_delete'] != 1)
2033              {
2034                  $moderation->delete_post($post['pid']);
2035              }
2036              else if($action == "delete")
2037              {
2038                  $posts_to_delete[] = $post['pid'];
2039              }
2040          }
2041          if(!empty($posts_to_approve))
2042          {
2043              $moderation->approve_posts($posts_to_approve);
2044              log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts);
2045          }
2046          if(!empty($posts_to_delete))
2047          {
2048              if($mybb->settings['soft_delete'] == 1)
2049              {
2050                  $moderation->soft_delete_posts($posts_to_delete);
2051                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts);
2052              }
2053              else
2054              {
2055                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts);
2056              }
2057          }
2058  
2059          $plugins->run_hooks("modcp_do_modqueue_end");
2060  
2061          redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated);
2062      }
2063      else if(!empty($mybb->input['attachments']))
2064      {
2065          $attachments = array_map("intval", array_keys($mybb->input['attachments']));
2066          $query = $db->query("
2067              SELECT a.pid, a.aid, t.tid
2068              FROM  ".TABLE_PREFIX."attachments a
2069              LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
2070              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2071              WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach}
2072          ");
2073          while($attachment = $db->fetch_array($query))
2074          {
2075              if(!isset($mybb->input['attachments'][$attachment['aid']]))
2076              {
2077                  continue;
2078              }
2079              $action = $mybb->input['attachments'][$attachment['aid']];
2080              if($action == "approve")
2081              {
2082                  $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");
2083                  if(isset($attachment['tid']))
2084                  {
2085                      update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "+1"));
2086                  }
2087              }
2088              else if($action == "delete")
2089              {
2090                  remove_attachment($attachment['pid'], '', $attachment['aid']);
2091                  if(isset($attachment['tid']))
2092                  {
2093                      update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "-1"));
2094                  }
2095              }
2096          }
2097  
2098          $plugins->run_hooks("modcp_do_modqueue_end");
2099  
2100          redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
2101      }
2102  }
2103  
2104  if($mybb->input['action'] == "modqueue")
2105  {
2106      $navsep = '';
2107  
2108      if($mybb->usergroup['canmanagemodqueue'] == 0)
2109      {
2110          error_no_permission();
2111      }
2112  
2113      if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2114      {
2115          error($lang->you_cannot_use_mod_queue);
2116      }
2117  
2118      $mybb->input['type'] = $mybb->get_input('type');
2119      $threadqueue = $postqueue = $attachmentqueue = '';
2120      if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1))
2121      {
2122          if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1)
2123          {
2124              error($lang->you_cannot_moderate_threads);
2125          }
2126  
2127          $forum_cache = $cache->read("forums");
2128  
2129          $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
2130          $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
2131  
2132          // Figure out if we need to display multiple pages.
2133          if($mybb->get_input('page') != "last")
2134          {
2135              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2136          }
2137  
2138          $perpage = $mybb->settings['threadsperpage'];
2139          $pages = $unapproved_threads / $perpage;
2140          $pages = ceil($pages);
2141  
2142          if($mybb->get_input('page') == "last")
2143          {
2144              $page = $pages;
2145          }
2146  
2147          if($page > $pages || $page <= 0)
2148          {
2149              $page = 1;
2150          }
2151  
2152          if($page)
2153          {
2154              $start = ($page-1) * $perpage;
2155          }
2156          else
2157          {
2158              $start = 0;
2159              $page = 1;
2160          }
2161  
2162          $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads");
2163  
2164          $query = $db->query("
2165              SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid
2166              FROM ".TABLE_PREFIX."threads t
2167              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost)
2168              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
2169              WHERE t.visible='0' {$tflist_queue_threads}
2170              ORDER BY t.lastpost DESC
2171              LIMIT {$start}, {$perpage}
2172          ");
2173          $threads = '';
2174          while($thread = $db->fetch_array($query))
2175          {
2176              $altbg = alt_trow();
2177              $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
2178              $thread['threadlink'] = get_thread_link($thread['tid']);
2179              $forum_link = get_forum_link($thread['fid']);
2180              $forum_name = $forum_cache[$thread['fid']]['name'];
2181              $threaddate = my_date('relative', $thread['dateline']);
2182  
2183              if($thread['username'] == "")
2184              {
2185                  if($thread['threadusername'] != "")
2186                  {
2187                      $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']);
2188                      $profile_link = $thread['threadusername'];
2189                  }
2190                  else
2191                  {
2192                      $profile_link = $lang->guest;
2193                  }
2194              }
2195              else
2196              {
2197                  $thread['username'] = htmlspecialchars_uni($thread['username']);
2198                  $profile_link = build_profile_link($thread['username'], $thread['uid']);
2199              }
2200  
2201              $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage']));
2202              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2203              eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";");
2204          }
2205  
2206          if(!$threads && $mybb->input['type'] == "threads")
2207          {
2208              eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";");
2209          }
2210  
2211          if($threads)
2212          {
2213              add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&amp;type=threads");
2214  
2215              $plugins->run_hooks("modcp_modqueue_threads_end");
2216  
2217              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2218              {
2219                  $navsep = " | ";
2220                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2221              }
2222  
2223              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2224              {
2225                  $navsep = " | ";
2226                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2227              }
2228  
2229              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2230              eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";");
2231              output_page($threadqueue);
2232          }
2233          $type = 'threads';
2234      }
2235  
2236      if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)))
2237      {
2238          if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1)
2239          {
2240              error($lang->you_cannot_moderate_posts);
2241          }
2242  
2243          $forum_cache = $cache->read("forums");
2244  
2245          $query = $db->query("
2246              SELECT COUNT(pid) AS unapprovedposts
2247              FROM  ".TABLE_PREFIX."posts p
2248              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2249              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2250          ");
2251          $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
2252  
2253          // Figure out if we need to display multiple pages.
2254          if($mybb->get_input('page') != "last")
2255          {
2256              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2257          }
2258  
2259          $perpage = $mybb->settings['postsperpage'];
2260          $pages = $unapproved_posts / $perpage;
2261          $pages = ceil($pages);
2262  
2263          if($mybb->get_input('page') == "last")
2264          {
2265              $page = $pages;
2266          }
2267  
2268          if($page > $pages || $page <= 0)
2269          {
2270              $page = 1;
2271          }
2272  
2273          if($page)
2274          {
2275              $start = ($page-1) * $perpage;
2276          }
2277          else
2278          {
2279              $start = 0;
2280              $page = 1;
2281          }
2282  
2283          $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");
2284  
2285          $query = $db->query("
2286              SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline
2287              FROM  ".TABLE_PREFIX."posts p
2288              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2289              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2290              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2291              ORDER BY p.dateline DESC, p.pid DESC
2292              LIMIT {$start}, {$perpage}
2293          ");
2294          $posts = '';
2295          while($post = $db->fetch_array($query))
2296          {
2297              $altbg = alt_trow();
2298              $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject']));
2299              $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject']));
2300              $post['threadlink'] = get_thread_link($post['tid']);
2301              $post['postlink'] = get_post_link($post['pid'], $post['tid']);
2302              $forum_link = get_forum_link($post['fid']);
2303              $forum_name = $forum_cache[$post['fid']]['name'];
2304              $postdate = my_date('relative', $post['dateline']);
2305  
2306              if($post['username'] == "")
2307              {
2308                  if($post['postusername'] != "")
2309                  {
2310                      $post['postusername'] = htmlspecialchars_uni($post['postusername']);
2311                      $profile_link = $post['postusername'];
2312                  }
2313                  else
2314                  {
2315                      $profile_link = $lang->guest;
2316                  }
2317              }
2318              else
2319              {
2320                  $post['username'] = htmlspecialchars_uni($post['username']);
2321                  $profile_link = build_profile_link($post['username'], $post['uid']);
2322              }
2323  
2324              eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";");
2325              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2326              $post['message'] = nl2br(htmlspecialchars_uni($post['message']));
2327              eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";");
2328          }
2329  
2330          if(!$posts && $mybb->input['type'] == "posts")
2331          {
2332              eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";");
2333          }
2334  
2335          if($posts)
2336          {
2337              add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&amp;type=posts");
2338  
2339              $plugins->run_hooks("modcp_modqueue_posts_end");
2340  
2341              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2342              {
2343                  $navsep = " | ";
2344                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2345              }
2346  
2347              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2348              {
2349                  $navsep = " | ";
2350                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2351              }
2352  
2353              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2354              eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";");
2355              output_page($postqueue);
2356          }
2357      }
2358  
2359      if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)))
2360      {
2361          if($mybb->settings['enableattachments'] == 0)
2362          {
2363              error($lang->attachments_disabled);
2364          }
2365  
2366          if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2367          {
2368              error($lang->you_cannot_moderate_attachments);
2369          }
2370  
2371          $query = $db->query("
2372              SELECT COUNT(aid) AS unapprovedattachments
2373              FROM  ".TABLE_PREFIX."attachments a
2374              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2375              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2376              WHERE a.visible='0'{$tflist_queue_attach}
2377          ");
2378          $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
2379  
2380          // Figure out if we need to display multiple pages.
2381          if($mybb->get_input('page') != "last")
2382          {
2383              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2384          }
2385  
2386          $perpage = $mybb->settings['postsperpage'];
2387          $pages = $unapproved_attachments / $perpage;
2388          $pages = ceil($pages);
2389  
2390          if($mybb->get_input('page') == "last")
2391          {
2392              $page = $pages;
2393          }
2394  
2395          if($page > $pages || $page <= 0)
2396          {
2397              $page = 1;
2398          }
2399  
2400          if($page)
2401          {
2402              $start = ($page-1) * $perpage;
2403          }
2404          else
2405          {
2406              $start = 0;
2407              $page = 1;
2408          }
2409  
2410          $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");
2411  
2412          $query = $db->query("
2413              SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject
2414              FROM  ".TABLE_PREFIX."attachments a
2415              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2416              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2417              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2418              WHERE a.visible='0'{$tflist_queue_attach}
2419              ORDER BY a.dateuploaded DESC
2420              LIMIT {$start}, {$perpage}
2421          ");
2422          $attachments = '';
2423          while($attachment = $db->fetch_array($query))
2424          {
2425              $altbg = alt_trow();
2426  
2427              if(!$attachment['dateuploaded'])
2428              {
2429                  $attachment['dateuploaded'] = $attachment['dateline'];
2430              }
2431  
2432              $attachdate = my_date('relative', $attachment['dateuploaded']);
2433  
2434              $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject']));
2435              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
2436              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
2437              $attachment['filesize'] = get_friendly_size($attachment['filesize']);
2438  
2439              $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}";
2440              $thread_link = get_thread_link($attachment['tid']);
2441              $attachment['username'] = htmlspecialchars_uni($attachment['username']);
2442              $profile_link = build_profile_link($attachment['username'], $attachment['uid']);
2443  
2444              eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";");
2445          }
2446  
2447          if(!$attachments && $mybb->input['type'] == "attachments")
2448          {
2449              eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";");
2450          }
2451  
2452          if($attachments)
2453          {
2454              add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&amp;type=attachments");
2455  
2456              $plugins->run_hooks("modcp_modqueue_attachments_end");
2457  
2458              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2459              {
2460                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2461                  $navsep = " | ";
2462              }
2463  
2464              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2465              {
2466                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2467                  $navsep = " | ";
2468              }
2469  
2470              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2471              eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";");
2472              output_page($attachmentqueue);
2473          }
2474      }
2475  
2476      // Still nothing? All queues are empty! :-D
2477      if(!$threadqueue && !$postqueue && !$attachmentqueue)
2478      {
2479          add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue");
2480  
2481          $plugins->run_hooks("modcp_modqueue_end");
2482  
2483          eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";");
2484          output_page($queue);
2485      }
2486  }
2487  
2488  if($mybb->input['action'] == "do_editprofile")
2489  {
2490      // Verify incoming POST request
2491      verify_post_check($mybb->get_input('my_post_key'));
2492  
2493      if($mybb->usergroup['caneditprofiles'] == 0)
2494      {
2495          error_no_permission();
2496      }
2497  
2498      $user = get_user($mybb->input['uid']);
2499      if(!$user)
2500      {
2501          error($lang->error_nomember);
2502      }
2503  
2504      // Check if the current user has permission to edit this user
2505      if(!modcp_can_manage_user($user['uid']))
2506      {
2507          error_no_permission();
2508      }
2509  
2510      $plugins->run_hooks("modcp_do_editprofile_start");
2511  
2512      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
2513      {
2514          $awaydate = TIME_NOW;
2515          if(!empty($mybb->input['awayday']))
2516          {
2517              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
2518              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
2519              {
2520                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
2521              }
2522              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
2523              {
2524                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
2525              }
2526  
2527              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
2528              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
2529              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
2530  
2531              // Check if return date is after the away date.
2532              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
2533              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
2534              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
2535              {
2536                  error($lang->error_modcp_return_date_past);
2537              }
2538  
2539              $returndate = "{$return_day}-{$return_month}-{$return_year}";
2540          }
2541          else
2542          {
2543              $returndate = "";
2544          }
2545          $away = array(
2546              "away" => 1,
2547              "date" => $awaydate,
2548              "returndate" => $returndate,
2549              "awayreason" => $mybb->get_input('awayreason')
2550          );
2551      }
2552      else
2553      {
2554          $away = array(
2555              "away" => 0,
2556              "date" => '',
2557              "returndate" => '',
2558              "awayreason" => ''
2559          );
2560      }
2561  
2562      // Set up user handler.
2563      require_once  MYBB_ROOT."inc/datahandlers/user.php";
2564      $userhandler = new UserDataHandler('update');
2565  
2566      // Set the data for the new user.
2567      $updated_user = array(
2568          "uid" => $user['uid'],
2569          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
2570          "profile_fields_editable" => true,
2571          "website" => $mybb->get_input('website'),
2572          "skype" => $mybb->get_input('skype'),
2573          "google" => $mybb->get_input('google'),
2574          "signature" => $mybb->get_input('signature'),
2575          "usernotes" => $mybb->get_input('usernotes'),
2576          "away" => $away
2577      );
2578  
2579      $updated_user['birthday'] = array(
2580          "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT),
2581          "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT),
2582          "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT)
2583      );
2584  
2585      if(!empty($mybb->input['usertitle']))
2586      {
2587          $updated_user['usertitle'] = $mybb->get_input('usertitle');
2588      }
2589      else if(!empty($mybb->input['reverttitle']))
2590      {
2591          $updated_user['usertitle'] = '';
2592      }
2593  
2594      if(!empty($mybb->input['remove_avatar']))
2595      {
2596          $updated_user['avatarurl'] = '';
2597      }
2598  
2599      // Set the data of the user in the datahandler.
2600      $userhandler->set_data($updated_user);
2601      $errors = array();
2602  
2603      // Validate the user and get any errors that might have occurred.
2604      if(!$userhandler->validate_user())
2605      {
2606          $errors = $userhandler->get_friendly_errors();
2607          $mybb->input['action'] = "editprofile";
2608      }
2609      else
2610      {
2611          // Are we removing an avatar from this user?
2612          if(!empty($mybb->input['remove_avatar']))
2613          {
2614              $extra_user_updates = array(
2615                  "avatar" => "",
2616                  "avatardimensions" => "",
2617                  "avatartype" => ""
2618              );
2619              remove_avatars($user['uid']);
2620          }
2621  
2622          // Moderator "Options" (suspend signature, suspend/moderate posting)
2623          $moderator_options = array(
2624              1 => array(
2625                  "action" => "suspendsignature", // The moderator action we're performing
2626                  "period" => "action_period", // The time period we've selected from the dropdown box
2627                  "time" => "action_time", // The time we've entered
2628                  "update_field" => "suspendsignature", // The field in the database to update if true
2629                  "update_length" => "suspendsigtime" // The length of suspension field in the database
2630              ),
2631              2 => array(
2632                  "action" => "moderateposting",
2633                  "period" => "modpost_period",
2634                  "time" => "modpost_time",
2635                  "update_field" => "moderateposts",
2636                  "update_length" => "moderationtime"
2637              ),
2638              3 => array(
2639                  "action" => "suspendposting",
2640                  "period" => "suspost_period",
2641                  "time" => "suspost_time",
2642                  "update_field" => "suspendposting",
2643                  "update_length" => "suspensiontime"
2644              )
2645          );
2646  
2647          require_once  MYBB_ROOT."inc/functions_warnings.php";
2648          foreach($moderator_options as $option)
2649          {
2650              ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT);
2651              $mybb->input[$option['period']] = $mybb->get_input($option['period']);
2652              if(empty($mybb->input[$option['action']]))
2653              {
2654                  if($user[$option['update_field']] == 1)
2655                  {
2656                      // We're revoking the suspension
2657                      $extra_user_updates[$option['update_field']] = 0;
2658                      $extra_user_updates[$option['update_length']] = 0;
2659                  }
2660  
2661                  // Skip this option if we haven't selected it
2662                  continue;
2663              }
2664  
2665              else
2666              {
2667                  if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
2668                  {
2669                      // User has selected a type of ban, but not entered a valid time frame
2670                      $string = $option['action']."_error";
2671                      $errors[] = $lang->$string;
2672                  }
2673                  else
2674                  {
2675                      $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
2676  
2677                      if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
2678                      {
2679                          // We already have a suspension, but entered a new time
2680                          if($suspend_length == "-1")
2681                          {
2682                              // Permanent ban on action
2683                              $extra_user_updates[$option['update_length']] = 0;
2684                          }
2685                          elseif($suspend_length && $suspend_length != "-1")
2686                          {
2687                              // Temporary ban on action
2688                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2689                          }
2690                      }
2691                      elseif(!$user[$option['update_field']])
2692                      {
2693                          // New suspension for this user... bad user!
2694                          $extra_user_updates[$option['update_field']] = 1;
2695                          if($suspend_length == "-1")
2696                          {
2697                              $extra_user_updates[$option['update_length']] = 0;
2698                          }
2699                          else
2700                          {
2701                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2702                          }
2703                      }
2704                  }
2705              }
2706          }
2707  
2708          // Those with javascript turned off will be able to select both - cheeky!
2709          // Check to make sure we're not moderating AND suspending posting
2710          if(isset($extra_user_updates) && !empty($extra_user_updates['moderateposts']) && !empty($extra_user_updates['suspendposting']))
2711          {
2712              $errors[] = $lang->suspendmoderate_error;
2713          }
2714  
2715          if(is_array($errors) && !empty($errors))
2716          {
2717              $mybb->input['action'] = "editprofile";
2718          }
2719          else
2720          {
2721              $plugins->run_hooks("modcp_do_editprofile_update");
2722  
2723              // Continue with the update if there is no errors
2724              $user_info = $userhandler->update_user();
2725              if(!empty($extra_user_updates))
2726              {
2727                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
2728              }
2729              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user);
2730  
2731              $plugins->run_hooks("modcp_do_editprofile_end");
2732  
2733              redirect("modcp.php?action=finduser", $lang->redirect_user_updated);
2734          }
2735      }
2736  }
2737  
2738  if($mybb->input['action'] == "editprofile")
2739  {
2740      if($mybb->usergroup['caneditprofiles'] == 0)
2741      {
2742          error_no_permission();
2743      }
2744  
2745      add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile");
2746  
2747      $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
2748      if(!$user)
2749      {
2750          error($lang->error_nomember);
2751      }
2752  
2753      // Check if the current user has permission to edit this user
2754      if(!modcp_can_manage_user($user['uid']))
2755      {
2756          error_no_permission();
2757      }
2758  
2759      $userperms = user_permissions($user['uid']);
2760  
2761      // Set display group
2762      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2763  
2764      if(!$user['displaygroup'])
2765      {
2766          $user['displaygroup'] = $user['usergroup'];
2767      }
2768  
2769      $display_group = usergroup_displaygroup($user['displaygroup']);
2770      if(is_array($display_group))
2771      {
2772          $userperms = array_merge($userperms, $display_group);
2773      }
2774  
2775      if(!my_validate_url($user['website']))
2776      {
2777          $user['website'] = '';
2778      }
2779  
2780      if(!$errors)
2781      {
2782          $mybb->input = array_merge($user, $mybb->input);
2783          $birthday = explode('-', $user['birthday']);
2784          if(!isset($birthday[1]))
2785          {
2786              $birthday[1] = '';
2787          }
2788          if(!isset($birthday[2]))
2789          {
2790              $birthday[2] = '';
2791          }
2792          list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday;
2793      }
2794      else
2795      {
2796          $errors = inline_error($errors);
2797      }
2798  
2799      // Sanitize all input
2800      foreach(array('usertitle', 'website', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
2801      {
2802          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
2803      }
2804  
2805      // Custom user title
2806      if(!empty($userperms['usertitle']))
2807      {
2808          $defaulttitle = htmlspecialchars_uni($userperms['usertitle']);
2809      }
2810      else
2811      {
2812          // Go for post count title if a group default isn't set
2813          $usertitles = $cache->read('usertitles');
2814  
2815          foreach($usertitles as $title)
2816          {
2817              if($title['posts'] <= $user['postnum'])
2818              {
2819                  $defaulttitle = htmlspecialchars_uni($title['title']);
2820                  break;
2821              }
2822          }
2823      }
2824  
2825      $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
2826  
2827      if(empty($user['usertitle']))
2828      {
2829          $lang->current_custom_usertitle = '';
2830      }
2831  
2832      $bdaydaysel = $selected = '';
2833      for($day = 1; $day <= 31; ++$day)
2834      {
2835          if($mybb->input['birthday_day'] == $day)
2836          {
2837              $selected = "selected=\"selected\"";
2838          }
2839          else
2840          {
2841              $selected = '';
2842          }
2843  
2844          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
2845      }
2846  
2847      $bdaymonthsel = array();
2848      foreach(range(1, 12) as $month)
2849      {
2850          $bdaymonthsel[$month] = '';
2851      }
2852      $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"';
2853  
2854      $awaysection = '';
2855  
2856      if($mybb->settings['allowaway'] != 0)
2857      {
2858          $awaycheck = array('', '');
2859          if($errors)
2860          {
2861              if($user['away'] == 1)
2862              {
2863                  $awaycheck[1] = "checked=\"checked\"";
2864              }
2865              else
2866              {
2867                  $awaycheck[0] = "checked=\"checked\"";
2868              }
2869              $returndate = array();
2870              $returndate[0] = $mybb->get_input('awayday');
2871              $returndate[1] = $mybb->get_input('awaymonth');
2872              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
2873              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
2874          }
2875          else
2876          {
2877              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
2878              if($user['away'] == 1)
2879              {
2880                  $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']);
2881                  $awaycheck[1] = "checked=\"checked\"";
2882                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
2883              }
2884              else
2885              {
2886                  $awaynotice = $lang->away_notice;
2887                  $awaycheck[0] = "checked=\"checked\"";
2888              }
2889              $returndate = explode("-", $user['returndate']);
2890          }
2891          $returndatesel = $selected = '';
2892          for($day = 1; $day <= 31; ++$day)
2893          {
2894              if($returndate[0] == $day)
2895              {
2896                  $selected = "selected=\"selected\"";
2897              }
2898              else
2899              {
2900                  $selected = '';
2901              }
2902  
2903              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
2904          }
2905  
2906          $returndatemonthsel = array();
2907          foreach(range(1, 12) as $month)
2908          {
2909              $returndatemonthsel[$month] = '';
2910          }
2911          if(isset($returndate[1]))
2912          {
2913              $returndatemonthsel[$returndate[1]] = " selected=\"selected\"";
2914          }
2915  
2916          if(!isset($returndate[2]))
2917          {
2918              $returndate[2] = '';
2919          }
2920  
2921          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
2922      }
2923  
2924      $plugins->run_hooks("modcp_editprofile_start");
2925  
2926      // Fetch profile fields
2927      $user_fields = array();
2928      $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
2929      if($db->num_rows($query) > 0)
2930      {
2931          $user_fields = $db->fetch_array($query);
2932      }
2933  
2934      $requiredfields = '';
2935      $customfields = '';
2936      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
2937  
2938      $pfcache = $cache->read('profilefields');
2939  
2940      if(is_array($pfcache))
2941      {
2942          foreach($pfcache as $profilefield)
2943          {
2944              $userfield = $code = $select = $val = $options = $expoptions = $useropts = '';
2945              $seloptions = array();
2946              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
2947              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
2948              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
2949              $thing = explode("\n", $profilefield['type'], "2");
2950              $type = $thing[0];
2951              if(isset($thing[1]))
2952              {
2953                  $options = $thing[1];
2954              }
2955              $field = "fid{$profilefield['fid']}";
2956              if($errors)
2957              {
2958                  if(isset($mybb->input['profile_fields'][$field]))
2959                  {
2960                      $userfield = $mybb->input['profile_fields'][$field];
2961                  }
2962              }
2963              elseif(isset($user_fields[$field]))
2964              {
2965                  $userfield = $user_fields[$field];
2966              }
2967              if($type == "multiselect")
2968              {
2969                  if($errors)
2970                  {
2971                      $useropts = $userfield;
2972                  }
2973                  else
2974                  {
2975                      $useropts = explode("\n", $userfield);
2976                  }
2977                  if(is_array($useropts))
2978                  {
2979                      foreach($useropts as $key => $val)
2980                      {
2981                          $seloptions[$val] = $val;
2982                      }
2983                  }
2984                  $expoptions = explode("\n", $options);
2985                  if(is_array($expoptions))
2986                  {
2987                      foreach($expoptions as $key => $val)
2988                      {
2989                          $val = trim($val);
2990                          $val = str_replace("\n", "\\n", $val);
2991  
2992                          $sel = "";
2993                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
2994                          {
2995                              $sel = " selected=\"selected\"";
2996                          }
2997  
2998                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
2999                      }
3000                      if(!$profilefield['length'])
3001                      {
3002                          $profilefield['length'] = 3;
3003                      }
3004  
3005                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
3006                  }
3007              }
3008              elseif($type == "select")
3009              {
3010                  $expoptions = explode("\n", $options);
3011                  if(is_array($expoptions))
3012                  {
3013                      foreach($expoptions as $key => $val)
3014                      {
3015                          $val = trim($val);
3016                          $val = str_replace("\n", "\\n", $val);
3017                          $sel = "";
3018                          if($val == $userfield)
3019                          {
3020                              $sel = " selected=\"selected\"";
3021                          }
3022  
3023                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
3024                      }
3025                      if(!$profilefield['length'])
3026                      {
3027                          $profilefield['length'] = 1;
3028                      }
3029  
3030                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
3031                  }
3032              }
3033              elseif($type == "radio")
3034              {
3035                  $expoptions = explode("\n", $options);
3036                  if(is_array($expoptions))
3037                  {
3038                      foreach($expoptions as $key => $val)
3039                      {
3040                          $checked = "";
3041                          if($val == $userfield)
3042                          {
3043                              $checked = " checked=\"checked\"";
3044                          }
3045  
3046                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
3047                      }
3048                  }
3049              }
3050              elseif($type == "checkbox")
3051              {
3052                  if($errors)
3053                  {
3054                      $useropts = $userfield;
3055                  }
3056                  else
3057                  {
3058                      $useropts = explode("\n", $userfield);
3059                  }
3060                  if(is_array($useropts))
3061                  {
3062                      foreach($useropts as $key => $val)
3063                      {
3064                          $seloptions[$val] = $val;
3065                      }
3066                  }
3067                  $expoptions = explode("\n", $options);
3068                  if(is_array($expoptions))
3069                  {
3070                      foreach($expoptions as $key => $val)
3071                      {
3072                          $checked = "";
3073                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3074                          {
3075                              $checked = " checked=\"checked\"";
3076                          }
3077  
3078                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
3079                      }
3080                  }
3081              }
3082              elseif($type == "textarea")
3083              {
3084                  $value = htmlspecialchars_uni($userfield);
3085                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
3086              }
3087              else
3088              {
3089                  $value = htmlspecialchars_uni($userfield);
3090                  $maxlength = "";
3091                  if($profilefield['maxlength'] > 0)
3092                  {
3093                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
3094                  }
3095  
3096                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
3097              }
3098  
3099              if($profilefield['required'] == 1)
3100              {
3101                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3102              }
3103              else
3104              {
3105                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3106              }
3107              $altbg = alt_trow();
3108          }
3109      }
3110      if($customfields)
3111      {
3112          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
3113      }
3114  
3115      $user['username'] = htmlspecialchars_uni($user['username']);
3116      $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']);
3117      $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3118  
3119      $user['signature'] = htmlspecialchars_uni($user['signature']);
3120      $codebuttons = build_mycode_inserter("signature");
3121  
3122      // Do we mark the suspend signature box?
3123      if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors)))
3124      {
3125          $checked = 1;
3126          $checked_item = "checked=\"checked\"";
3127      }
3128      else
3129      {
3130          $checked = 0;
3131          $checked_item = '';
3132      }
3133  
3134      // Do we mark the moderate posts box?
3135      if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors)))
3136      {
3137          $modpost_check = 1;
3138          $modpost_checked = "checked=\"checked\"";
3139      }
3140      else
3141      {
3142          $modpost_check = 0;
3143          $modpost_checked = '';
3144      }
3145  
3146      // Do we mark the suspend posts box?
3147      if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors)))
3148      {
3149          $suspost_check = 1;
3150          $suspost_checked = "checked=\"checked\"";
3151      }
3152      else
3153      {
3154          $suspost_check = 0;
3155          $suspost_checked = '';
3156      }
3157  
3158      $moderator_options = array(
3159          1 => array(
3160              "action" => "suspendsignature", // The input action for this option
3161              "option" => "suspendsignature", // The field in the database that this option relates to
3162              "time" => "action_time", // The time we've entered
3163              "length" => "suspendsigtime", // The length of suspension field in the database
3164              "select_option" => "action" // The name of the select box of this option
3165          ),
3166          2 => array(
3167              "action" => "moderateposting",
3168              "option" => "moderateposts",
3169              "time" => "modpost_time",
3170              "length" => "moderationtime",
3171              "select_option" => "modpost"
3172          ),
3173          3 => array(
3174              "action" => "suspendposting",
3175              "option" => "suspendposting",
3176              "time" => "suspost_time",
3177              "length" => "suspensiontime",
3178              "select_option" => "suspost"
3179          )
3180      );
3181  
3182      $periods = array(
3183          "hours" => $lang->expire_hours,
3184          "days" => $lang->expire_days,
3185          "weeks" => $lang->expire_weeks,
3186          "months" => $lang->expire_months,
3187          "never" => $lang->expire_permanent
3188      );
3189  
3190      $suspendsignature_info = $moderateposts_info = $suspendposting_info = '';
3191      $action_options = $modpost_options = $suspost_options = '';
3192      $modopts = array();
3193      foreach($moderator_options as $option)
3194      {
3195          ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT);
3196          // Display the suspension info, if this user has this option suspended
3197          if($user[$option['option']])
3198          {
3199              if($user[$option['length']] == 0)
3200              {
3201                  // User has a permanent ban
3202                  $string = $option['option']."_perm";
3203                  $suspension_info = $lang->$string;
3204              }
3205              else
3206              {
3207                  // User has a temporary (or limited) ban
3208                  $string = $option['option']."_for";
3209                  $for_date = my_date('relative', $user[$option['length']], '', 2);
3210                  $suspension_info = $lang->sprintf($lang->$string, $for_date);
3211              }
3212  
3213              switch($option['option'])
3214              {
3215                  case "suspendsignature":
3216                      eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3217                      break;
3218                  case "moderateposts":
3219                      eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3220                      break;
3221                  case "suspendposting":
3222                      eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3223                      break;
3224              }
3225          }
3226  
3227          // Generate the boxes for this option
3228          $selection_options = '';
3229          foreach($periods as $key => $value)
3230          {
3231              $string = $option['select_option']."_period";
3232              if($mybb->get_input($string) == $key)
3233              {
3234                  $selected = "selected=\"selected\"";
3235              }
3236              else
3237              {
3238                  $selected = '';
3239              }
3240  
3241              eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";");
3242          }
3243  
3244          $select_name = $option['select_option']."_period";
3245          switch($option['option'])
3246          {
3247              case "suspendsignature":
3248                  eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";");
3249                  break;
3250              case "moderateposts":
3251                  eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3252                  break;
3253              case "suspendposting":
3254                  eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3255                  break;
3256          }
3257      }
3258  
3259      eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";");
3260  
3261      $user['usernotes'] = htmlspecialchars_uni($user['usernotes']);
3262  
3263      if(!isset($newtitle))
3264      {
3265          $newtitle = '';
3266      }
3267  
3268      $birthday_year = $mybb->input['birthday_year'];
3269      $user_website = $mybb->input['website'];
3270      $user_skype = $mybb->input['skype'];
3271      $user_google = $mybb->input['google'];
3272  
3273      $plugins->run_hooks("modcp_editprofile_end");
3274  
3275      eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";");
3276      output_page($edituser);
3277  }
3278  
3279  if($mybb->input['action'] == "finduser")
3280  {
3281      if($mybb->usergroup['caneditprofiles'] == 0)
3282      {
3283          error_no_permission();
3284      }
3285  
3286      add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser");
3287  
3288      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3289      if(!$perpage || $perpage <= 0)
3290      {
3291          $perpage = $mybb->settings['threadsperpage'];
3292      }
3293      $where = '';
3294  
3295      if(isset($mybb->input['username']))
3296      {
3297          switch($db->type)
3298          {
3299              case 'mysql':
3300              case 'mysqli':
3301                  $field = 'username';
3302                  break;
3303              default:
3304                  $field = 'LOWER(username)';
3305                  break;
3306          }
3307          $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'";
3308      }
3309  
3310      // Sort order & direction
3311      switch($mybb->get_input('sortby'))
3312      {
3313          case "lastvisit":
3314              $sortby = "lastvisit";
3315              break;
3316          case "postnum":
3317              $sortby = "postnum";
3318              break;
3319          case "username":
3320              $sortby = "username";
3321              break;
3322          default:
3323              $sortby = "regdate";
3324      }
3325      $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => '');
3326      $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\"";
3327      $order = $mybb->get_input('order');
3328      if($order != "asc")
3329      {
3330          $order = "desc";
3331      }
3332      $ordersel = array('asc' => '', 'desc' => '');
3333      $ordersel[$order] = " selected=\"selected\"";
3334  
3335      $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}");
3336      $user_count = $db->fetch_field($query, "count");
3337  
3338      // Figure out if we need to display multiple pages.
3339      if($mybb->get_input('page') != "last")
3340      {
3341          $page = $mybb->get_input('page');
3342      }
3343  
3344      $pages = $user_count / $perpage;
3345      $pages = ceil($pages);
3346  
3347      if($mybb->get_input('page') == "last")
3348      {
3349          $page = $pages;
3350      }
3351  
3352      if($page > $pages || $page <= 0)
3353      {
3354          $page = 1;
3355      }
3356      if($page)
3357      {
3358          $start = ($page-1) * $perpage;
3359      }
3360      else
3361      {
3362          $start = 0;
3363          $page = 1;
3364      }
3365  
3366      $page_url = 'modcp.php?action=finduser';
3367      foreach(array('username', 'sortby', 'order') as $field)
3368      {
3369          if(!empty($mybb->input[$field]))
3370          {
3371              $page_url .= "&amp;{$field}=".$mybb->input[$field];
3372          }
3373      }
3374  
3375      $multipage = multipage($user_count, $perpage, $page, $page_url);
3376  
3377      $usergroups_cache = $cache->read("usergroups");
3378  
3379      $plugins->run_hooks("modcp_finduser_start");
3380  
3381      // Fetch out results
3382      $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start));
3383      $users = '';
3384      while($user = $db->fetch_array($query))
3385      {
3386          $alt_row = alt_trow();
3387          $user['username'] = htmlspecialchars_uni($user['username']);
3388          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
3389          $user['postnum'] = my_number_format($user['postnum']);
3390          $regdate = my_date('relative', $user['regdate']);
3391  
3392          if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])
3393          {
3394              // We have had at least some active time, hide it instead
3395              $lastdate = $lang->lastvisit_hidden;
3396          }
3397          else if($user['lastvisit'])
3398          {
3399              $lastdate = my_date('relative', $user['lastvisit']);
3400          }
3401          else
3402          {
3403              $lastdate = $lang->lastvisit_never;
3404          }
3405  
3406          $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']);
3407          eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";");
3408      }
3409  
3410      // No results?
3411      if(!$users)
3412      {
3413          eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";");
3414      }
3415  
3416      $plugins->run_hooks("modcp_finduser_end");
3417  
3418      $username = htmlspecialchars_uni($mybb->get_input('username'));
3419      eval("\$finduser = \"".$templates->get("modcp_finduser")."\";");
3420      output_page($finduser);
3421  }
3422  
3423  if($mybb->input['action'] == "warninglogs")
3424  {
3425      if($mybb->usergroup['canviewwarnlogs'] == 0)
3426      {
3427          error_no_permission();
3428      }
3429  
3430      add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs");
3431  
3432      // Filter options
3433      $where_sql = '';
3434      $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY);
3435      $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY);
3436      if(!empty($mybb->input['filter']['username']))
3437      {
3438          $search_user = get_user_by_username($mybb->input['filter']['username']);
3439  
3440          $mybb->input['filter']['uid'] = (int)$search_user['uid'];
3441          $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']);
3442      }
3443      else
3444      {
3445          $mybb->input['filter']['username'] = '';
3446      }
3447      if(!empty($mybb->input['filter']['uid']))
3448      {
3449          $search['uid'] = (int)$mybb->input['filter']['uid'];
3450          $where_sql .= " AND w.uid='{$search['uid']}'";
3451          if(!isset($mybb->input['search']['username']))
3452          {
3453              $user = get_user($mybb->input['search']['uid']);
3454              $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']);
3455          }
3456      }
3457      else
3458      {
3459          $mybb->input['filter']['uid'] = '';
3460      }
3461      if(!empty($mybb->input['filter']['mod_username']))
3462      {
3463          $mod_user = get_user_by_username($mybb->input['filter']['mod_username']);
3464  
3465          $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid'];
3466          $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']);
3467      }
3468      else
3469      {
3470          $mybb->input['filter']['mod_username'] = '';
3471      }
3472      if(!empty($mybb->input['filter']['mod_uid']))
3473      {
3474          $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid'];
3475          $where_sql .= " AND w.issuedby='{$search['mod_uid']}'";
3476          if(!isset($mybb->input['search']['mod_username']))
3477          {
3478              $mod_user = get_user($mybb->input['search']['uid']);
3479              $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']);
3480          }
3481      }
3482      else
3483      {
3484          $mybb->input['filter']['mod_uid'] = '';
3485      }
3486      if(!empty($mybb->input['filter']['reason']))
3487      {
3488          $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']);
3489          $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";
3490          $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']);
3491      }
3492      else
3493      {
3494          $mybb->input['filter']['reason'] = '';
3495      }
3496      $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => '');
3497      if(!isset($mybb->input['filter']['sortby']))
3498      {
3499          $mybb->input['filter']['sortby'] = '';
3500      }
3501      switch($mybb->input['filter']['sortby'])
3502      {
3503          case "username":
3504              $sortby = "u.username";
3505              $sortbysel['username'] = ' selected="selected"';
3506              break;
3507          case "expires":
3508              $sortby = "w.expires";
3509              $sortbysel['expires'] = ' selected="selected"';
3510              break;
3511          case "issuedby":
3512              $sortby = "i.username";
3513              $sortbysel['issuedby'] = ' selected="selected"';
3514              break;
3515          default: // "dateline"
3516              $sortby = "w.dateline";
3517              $sortbysel['dateline'] = ' selected="selected"';
3518      }
3519      if(!isset($mybb->input['filter']['order']))
3520      {
3521          $mybb->input['filter']['order'] = '';
3522      }
3523      $order = $mybb->input['filter']['order'];
3524      $ordersel = array('asc' => '', 'desc' => '');
3525      if($order != "asc")
3526      {
3527          $order = "desc";
3528          $ordersel['desc'] = ' selected="selected"';
3529      }
3530      else
3531      {
3532          $ordersel['asc'] = ' selected="selected"';
3533      }
3534  
3535      $plugins->run_hooks("modcp_warninglogs_start");
3536  
3537      // Pagination stuff
3538      $sql = "
3539          SELECT COUNT(wid) as count
3540          FROM
3541              ".TABLE_PREFIX."warnings w
3542              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3543          WHERE 1=1
3544              {$where_sql}
3545      ";
3546      $query = $db->query($sql);
3547      $total_warnings = $db->fetch_field($query, 'count');
3548      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3549      if($page <= 0)
3550      {
3551          $page = 1;
3552      }
3553      $per_page = 20;
3554      if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0)
3555      {
3556          $per_page = (int)$mybb->input['filter']['per_page'];
3557      }
3558      $start = ($page-1) * $per_page;
3559      $pages = ceil($total_warnings / $per_page);
3560      if($page > $pages)
3561      {
3562          $start = 0;
3563          $page = 1;
3564      }
3565      // Build the base URL for pagination links
3566      $url = 'modcp.php?action=warninglogs';
3567      if(is_array($mybb->input['filter']) && count($mybb->input['filter']))
3568      {
3569          foreach($mybb->input['filter'] as $field => $value)
3570          {
3571              $value = urlencode($value);
3572              $url .= "&amp;filter[{$field}]={$value}";
3573          }
3574      }
3575      $multipage = multipage($total_warnings, $per_page, $page, $url);
3576  
3577      // The actual query
3578      $sql = "
3579          SELECT
3580              w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby,
3581              t.title,
3582              u.uid, u.username, u.usergroup, u.displaygroup,
3583              i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup
3584          FROM ".TABLE_PREFIX."warnings w
3585              LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid)
3586              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3587              LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby)
3588          WHERE 1=1
3589              {$where_sql}
3590          ORDER BY {$sortby} {$order}
3591          LIMIT {$start}, {$per_page}
3592      ";
3593      $query = $db->query($sql);
3594  
3595  
3596      $warning_list = '';
3597      while($row = $db->fetch_array($query))
3598      {
3599          $trow = alt_trow();
3600          $row['username'] = htmlspecialchars_uni($row['username']);
3601          $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']);
3602          $username_link = build_profile_link($username, $row['uid']);
3603          $row['mod_username'] = htmlspecialchars_uni($row['mod_username']);
3604          $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']);
3605          $mod_username_link = build_profile_link($mod_username, $row['mod_uid']);
3606          $issued_date = my_date('normal', $row['dateline']);
3607          $revoked_text = '';
3608          if($row['daterevoked'] > 0)
3609          {
3610              $revoked_date = my_date('relative', $row['daterevoked']);
3611              eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";");
3612          }
3613          if($row['expires'] > 0)
3614          {
3615              $expire_date = nice_time($row['expires']-TIME_NOW);
3616          }
3617          else
3618          {
3619              $expire_date = $lang->never;
3620          }
3621          $title = $row['title'];
3622          if(empty($row['title']))
3623          {
3624              $title = $row['custom_title'];
3625          }
3626          $title = htmlspecialchars_uni($title);
3627          if($row['points'] >= 0)
3628          {
3629              $points = '+'.$row['points'];
3630          }
3631  
3632          eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";");
3633      }
3634  
3635      if(!$warning_list)
3636      {
3637          eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";");
3638      }
3639  
3640      $plugins->run_hooks("modcp_warninglogs_end");
3641  
3642      $filter_username = $mybb->input['filter']['username'];
3643      $filter_modusername = $mybb->input['filter']['mod_username'];
3644      $filter_reason = $mybb->input['filter']['reason'];
3645  
3646      eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";");
3647      output_page($warninglogs);
3648  }
3649  
3650  if($mybb->input['action'] == "ipsearch")
3651  {
3652      if($mybb->usergroup['canuseipsearch'] == 0)
3653      {
3654          error_no_permission();
3655      }
3656  
3657      add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch");
3658  
3659      $ipsearch_results = $ipaddressvalue = '';
3660      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
3661      if($mybb->input['ipaddress'])
3662      {
3663          if(!is_array($groupscache))
3664          {
3665              $groupscache = $cache->read("usergroups");
3666          }
3667  
3668          $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']);
3669  
3670          $ip_range = fetch_ip_range($mybb->input['ipaddress']);
3671  
3672          $post_results = $user_results = 0;
3673  
3674          // Searching post IP addresses
3675          if(isset($mybb->input['search_posts']))
3676          {
3677              $post_ip_sql = '';
3678              if($ip_range)
3679              {
3680                  if(!is_array($ip_range))
3681                  {
3682                      $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range);
3683                  }
3684                  else
3685                  {
3686                      $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3687                  }
3688              }
3689  
3690              $plugins->run_hooks("modcp_ipsearch_posts_start");
3691  
3692              if($post_ip_sql)
3693              {
3694                  $where_sql = '';
3695  
3696                  $unviewable_forums = get_unviewable_forums(true);
3697  
3698                  if($unviewable_forums)
3699                  {
3700                      $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})";
3701                  }
3702  
3703                  if($inactiveforums)
3704                  {
3705                      $where_sql .= " AND p.fid NOT IN ({$inactiveforums})";
3706                  }
3707  
3708                  // Check group permissions if we can't view threads not started by us
3709                  $onlyusfids = array();
3710                  $group_permissions = forum_permissions();
3711                  foreach($group_permissions as $fid => $forumpermissions)
3712                  {
3713                      if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1)
3714                      {
3715                          $onlyusfids[] = $fid;
3716                      }
3717                  }
3718  
3719                  if(!empty($onlyusfids))
3720                  {
3721                      $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
3722                  }
3723  
3724                  // Moderators can view unapproved/deleted posts
3725                  if($mybb->usergroup['issupermod'] != 1)
3726                  {
3727                      $unapprove_forums = array();
3728                      $deleted_forums = array();
3729                      $visible_sql = " AND (p.visible = 1 AND t.visible = 1)";
3730                      $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
3731                      while($moderator = $db->fetch_array($query))
3732                      {
3733                          if($moderator['canviewunapprove'] == 1)
3734                          {
3735                              $unapprove_forums[] = $moderator['fid'];
3736                          }
3737  
3738                          if($moderator['canviewdeleted'] == 1)
3739                          {
3740                              $deleted_forums[] = $moderator['fid'];
3741                          }
3742                      }
3743  
3744                      if(!empty($unapprove_forums))
3745                      {
3746                          $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
3747                      }
3748                      if(!empty($deleted_forums))
3749                      {
3750                          $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
3751                      }
3752                  }
3753                  else
3754                  {
3755                      // Super moderators (and admins)
3756                      $visible_sql = " AND p.visible >= -1";
3757                  }
3758  
3759                  $query = $db->query("
3760                      SELECT COUNT(p.pid) AS count
3761                      FROM ".TABLE_PREFIX."posts p
3762                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3763                      WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3764                  ");
3765                  $post_results = $db->fetch_field($query, "count");
3766              }
3767          }
3768  
3769          // Searching user IP addresses
3770          if(isset($mybb->input['search_users']))
3771          {
3772              $user_ip_sql = '';
3773              if($ip_range)
3774              {
3775                  if(!is_array($ip_range))
3776                  {
3777                      $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range);
3778                  }
3779                  else
3780                  {
3781                      $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3782                  }
3783              }
3784  
3785              $plugins->run_hooks("modcp_ipsearch_users_start");
3786  
3787              if($user_ip_sql)
3788              {
3789                  $query = $db->simple_select('users', 'COUNT(uid) AS count', $user_ip_sql);
3790  
3791                  $user_results = $db->fetch_field($query, "count");
3792              }
3793          }
3794  
3795          $total_results = $post_results+$user_results;
3796  
3797          if(!$total_results)
3798          {
3799              $total_results = 1;
3800          }
3801  
3802          // Now we have the result counts, paginate
3803          $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3804          if(!$perpage || $perpage <= 0)
3805          {
3806              $perpage = $mybb->settings['threadsperpage'];
3807          }
3808  
3809          // Figure out if we need to display multiple pages.
3810          if($mybb->get_input('page') != "last")
3811          {
3812              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3813          }
3814  
3815          $pages = $total_results / $perpage;
3816          $pages = ceil($pages);
3817  
3818          if($mybb->get_input('page') == "last")
3819          {
3820              $page = $pages;
3821          }
3822  
3823          if($page > $pages || $page <= 0)
3824          {
3825              $page = 1;
3826          }
3827  
3828          if($page)
3829          {
3830              $start = ($page-1) * $perpage;
3831          }
3832          else
3833          {
3834              $start = 0;
3835              $page = 1;
3836          }
3837  
3838          $page_url = "modcp.php?action=ipsearch&amp;perpage={$perpage}";
3839          foreach(array('ipaddress', 'search_users', 'search_posts') as $input)
3840          {
3841              if(!empty($mybb->input[$input]))
3842              {
3843                  $page_url .= "&amp;{$input}=".urlencode($mybb->input[$input]);
3844              }
3845          }
3846          $multipage = multipage($total_results, $perpage, $page, $page_url);
3847  
3848          $post_limit = $perpage;
3849          $results = '';
3850          if(isset($mybb->input['search_users']) && $user_results && $start <= $user_results)
3851          {
3852              $query = $db->simple_select('users', 'username, uid, regip, lastip', $user_ip_sql,
3853                      array('order_by' => 'regdate', 'order_dir' => 'DESC', 'limit_start' => $start, 'limit' => $perpage));
3854  
3855              while($ipaddress = $db->fetch_array($query))
3856              {
3857                  $result = false;
3858                  $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']);
3859                  $profile_link = build_profile_link($ipaddress['username'], $ipaddress['uid']);
3860                  $trow = alt_trow();
3861                  $ip = false;
3862                  if(is_array($ip_range))
3863                  {
3864                      if(strcmp($ip_range[0], $ipaddress['regip']) <= 0 && strcmp($ip_range[1], $ipaddress['regip']) >= 0)
3865                      {
3866                          eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";");
3867                          $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip']));
3868                      }
3869                      elseif(strcmp($ip_range[0], $ipaddress['lastip']) <= 0 && strcmp($ip_range[1], $ipaddress['lastip']) >= 0)
3870                      {
3871                          eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";");
3872                          $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip']));
3873                      }
3874                  }
3875                  elseif($ipaddress['regip'] == $ip_range)
3876                  {
3877                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";");
3878                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip']));
3879                  }
3880                  elseif($ipaddress['lastip'] == $ip_range)
3881                  {
3882                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";");
3883                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip']));
3884                  }
3885                  if($ip)
3886                  {
3887                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
3888                      $result = true;
3889                  }
3890                  if($result)
3891                  {
3892                      --$post_limit;
3893                  }
3894              }
3895          }
3896          $post_start = 0;
3897          if($total_results > $user_results && $post_limit)
3898          {
3899              $post_start = $start-$user_results;
3900              if($post_start < 0)
3901              {
3902                  $post_start = 0;
3903              }
3904          }
3905          if(isset($mybb->input['search_posts']) && $post_results && (!isset($mybb->input['search_users']) || (isset($mybb->input['search_users']) && $post_limit > 0)))
3906          {
3907              $ipaddresses = $tids = $uids = array();
3908  
3909              $query = $db->query("
3910                  SELECT p.username AS postusername, p.uid, p.subject, p.pid, p.tid, p.ipaddress
3911                  FROM ".TABLE_PREFIX."posts p
3912                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3913                  WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3914                  ORDER BY p.dateline DESC, p.pid DESC
3915                  LIMIT {$post_start}, {$post_limit}
3916              ");
3917              while($ipaddress = $db->fetch_array($query))
3918              {
3919                  $tids[$ipaddress['tid']] = $ipaddress['pid'];
3920                  $uids[$ipaddress['uid']] = $ipaddress['pid'];
3921                  $ipaddresses[$ipaddress['pid']] = $ipaddress;
3922              }
3923  
3924              if(!empty($ipaddresses))
3925              {
3926                  $query = $db->simple_select("threads", "subject, tid", "tid IN(".implode(',', array_keys($tids)).")");
3927                  while($thread = $db->fetch_array($query))
3928                  {
3929                      $ipaddresses[$tids[$thread['tid']]]['threadsubject'] = $thread['subject'];
3930                  }
3931                  unset($tids);
3932  
3933                  $query = $db->simple_select("users", "username, uid", "uid IN(".implode(',', array_keys($uids)).")");
3934                  while($user = $db->fetch_array($query))
3935                  {
3936                      $ipaddresses[$uids[$user['uid']]]['username'] = $user['username'];
3937                  }
3938                  unset($uids);
3939  
3940                  foreach($ipaddresses as $ipaddress)
3941                  {
3942                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['ipaddress']));
3943                      if(empty($ipaddress['username']))
3944                      {
3945                          $ipaddress['username'] = $ipaddress['postusername']; // Guest username support
3946                      }
3947                      $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']);
3948                      $trow = alt_trow();
3949                      if(empty($ipaddress['subject']))
3950                      {
3951                          $ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}";
3952                      }
3953  
3954                      $ipaddress['postlink'] = get_post_link($ipaddress['pid'], $ipaddress['tid']);
3955                      $ipaddress['subject'] = htmlspecialchars_uni($parser->parse_badwords($ipaddress['subject']));
3956                      $ipaddress['profilelink'] = build_profile_link($ipaddress['username'], $ipaddress['uid']);
3957  
3958                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_post")."\";");
3959                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
3960                  }
3961              }
3962          }
3963  
3964          if(!$results)
3965          {
3966              eval("\$results = \"".$templates->get("modcp_ipsearch_noresults")."\";");
3967          }
3968  
3969          if($ipaddressvalue)
3970          {
3971              $lang->ipsearch_results = $lang->sprintf($lang->ipsearch_results, $ipaddressvalue);
3972          }
3973          else
3974          {
3975              $lang->ipsearch_results = $lang->ipsearch;
3976          }
3977  
3978          $ipaddress = $ipaddress_url = $misc_info_link = '';
3979          if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], "/"))
3980          {
3981              $ipaddress = htmlspecialchars_uni($mybb->input['ipaddress']);
3982              $ipaddress_url = urlencode($mybb->input['ipaddress']);
3983              eval("\$misc_info_link = \"".$templates->get("modcp_ipsearch_results_information")."\";");
3984          }
3985  
3986          eval("\$ipsearch_results = \"".$templates->get("modcp_ipsearch_results")."\";");
3987      }
3988  
3989      // Fetch filter options
3990      if(!$mybb->input['ipaddress'])
3991      {
3992          $mybb->input['search_posts'] = 1;
3993          $mybb->input['search_users'] = 1;
3994      }
3995      $usersearchselect = $postsearchselect = '';
3996      if(isset($mybb->input['search_posts']))
3997      {
3998          $postsearchselect = "checked=\"checked\"";
3999      }
4000      if(isset($mybb->input['search_users']))
4001      {
4002          $usersearchselect = "checked=\"checked\"";
4003      }
4004  
4005      $plugins->run_hooks("modcp_ipsearch_end");
4006  
4007      eval("\$ipsearch = \"".$templates->get("modcp_ipsearch")."\";");
4008      output_page($ipsearch);
4009  }
4010  
4011  if($mybb->input['action'] == "iplookup")
4012  {
4013      if($mybb->usergroup['canuseipsearch'] == 0)
4014      {
4015          error_no_permission();
4016      }
4017  
4018      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
4019      $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress']));
4020      $ipaddress_location = $lang->na;
4021      $ipaddress_host_name = $lang->na;
4022      $modcp_ipsearch_misc_info = '';
4023      if(!strstr($mybb->input['ipaddress'], "*"))
4024      {
4025          // Return GeoIP information if it is available to us
4026          if(function_exists('geoip_record_by_name'))
4027          {
4028              $ip_record = @geoip_record_by_name($mybb->input['ipaddress']);
4029              if($ip_record)
4030              {
4031                  $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name']));
4032                  if($ip_record['city'])
4033                  {
4034                      $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city']));
4035                  }
4036              }
4037          }
4038  
4039          $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress']));
4040  
4041          // gethostbyaddr returns the same ip on failure
4042          if($ipaddress_host_name == $mybb->input['ipaddress'])
4043          {
4044              $ipaddress_host_name = $lang->na;
4045          }
4046      }
4047  
4048      $plugins->run_hooks("modcp_iplookup_end");
4049  
4050      eval("\$iplookup = \"".$templates->get('modcp_ipsearch_misc_info', 1, 0)."\";");
4051      echo($iplookup);
4052      exit;
4053  }
4054  
4055  if($mybb->input['action'] == "banning")
4056  {
4057      if($mybb->usergroup['canbanusers'] == 0)
4058      {
4059          error_no_permission();
4060      }
4061  
4062      add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning");
4063  
4064      if(!$mybb->settings['threadsperpage'])
4065      {
4066          $mybb->settings['threadsperpage'] = 20;
4067      }
4068  
4069      // Figure out if we need to display multiple pages.
4070      $perpage = $mybb->settings['threadsperpage'];
4071      if($mybb->get_input('page') != "last")
4072      {
4073          $page = $mybb->get_input('page', MyBB::INPUT_INT);
4074      }
4075  
4076      $query = $db->simple_select("banned", "COUNT(uid) AS count");
4077      $banned_count = $db->fetch_field($query, "count");
4078  
4079      $postcount = (int)$banned_count;
4080      $pages = $postcount / $perpage;
4081      $pages = ceil($pages);
4082  
4083      if($mybb->get_input('page') == "last")
4084      {
4085          $page = $pages;
4086      }
4087  
4088      if($page > $pages || $page <= 0)
4089      {
4090          $page = 1;
4091      }
4092  
4093      if($page)
4094      {
4095          $start = ($page-1) * $perpage;
4096      }
4097      else
4098      {
4099          $start = 0;
4100          $page = 1;
4101      }
4102      $upper = $start+$perpage;
4103  
4104      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=banning");
4105  
4106      $plugins->run_hooks("modcp_banning_start");
4107  
4108      $query = $db->query("
4109          SELECT b.*, a.username AS adminuser, u.username
4110          FROM ".TABLE_PREFIX."banned b
4111          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
4112          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
4113          ORDER BY dateline DESC
4114          LIMIT {$start}, {$perpage}
4115      ");
4116  
4117      // Get the banned users
4118      $bannedusers = '';
4119      while($banned = $db->fetch_array($query))
4120      {
4121          $banned['username'] = htmlspecialchars_uni($banned['username']);
4122          $profile_link = build_profile_link($banned['username'], $banned['uid']);
4123  
4124          // Only show the edit & lift links if current user created ban, or is super mod/admin
4125          $edit_link = '';
4126          if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1)
4127          {
4128              eval("\$edit_link = \"".$templates->get("modcp_banning_edit")."\";");
4129          }
4130  
4131          $admin_profile = build_profile_link(htmlspecialchars_uni($banned['adminuser']), $banned['admin']);
4132  
4133          $trow = alt_trow();
4134  
4135          if($banned['reason'])
4136          {
4137              $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason']));
4138          }
4139          else
4140          {
4141              $banned['reason'] = $lang->na;
4142          }
4143  
4144          if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---')
4145          {
4146              $banlength = $lang->permanent;
4147              $timeremaining = $lang->na;
4148          }
4149          else
4150          {
4151              $banlength = $bantimes[$banned['bantime']];
4152              $remaining = $banned['lifted']-TIME_NOW;
4153  
4154              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
4155  
4156              $banned_class = '';
4157              $ban_remaining = "{$timeremaining} {$lang->ban_remaining}";
4158  
4159              if($remaining <= 0)
4160              {
4161                  $banned_class = "imminent_banned";
4162                  $ban_remaining = $lang->ban_ending_imminently;
4163              }
4164              if($remaining < 3600)
4165              {
4166                  $banned_class = "high_banned";
4167              }
4168              else if($remaining < 86400)
4169              {
4170                  $banned_class = "moderate_banned";
4171              }
4172              else if($remaining < 604800)
4173              {
4174                  $banned_class = "low_banned";
4175              }
4176              else
4177              {
4178                  $banned_class = "normal_banned";
4179              }
4180  
4181              eval('$timeremaining = "'.$templates->get('modcp_banning_remaining').'";');
4182          }
4183  
4184          eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";");
4185      }
4186  
4187      if(!$bannedusers)
4188      {
4189          eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";");
4190      }
4191  
4192      $plugins->run_hooks("modcp_banning");
4193  
4194      eval("\$bannedpage = \"".$templates->get("modcp_banning")."\";");
4195      output_page($bannedpage);
4196  }
4197  
4198  if($mybb->input['action'] == "liftban")
4199  {
4200      // Verify incoming POST request
4201      verify_post_check($mybb->get_input('my_post_key'));
4202  
4203      if($mybb->usergroup['canbanusers'] == 0)
4204      {
4205          error_no_permission();
4206      }
4207  
4208      $query = $db->simple_select("banned", "*", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
4209      $ban = $db->fetch_array($query);
4210  
4211      if(!$ban)
4212      {
4213          error($lang->error_invalidban);
4214      }
4215  
4216      // Permission to edit this ban?
4217      if($mybb->user['uid'] != $ban['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
4218      {
4219          error_no_permission();
4220      }
4221  
4222      $plugins->run_hooks("modcp_liftban_start");
4223  
4224      $query = $db->simple_select("users", "username", "uid = '{$ban['uid']}'");
4225      $username = $db->fetch_field($query, "username");
4226  
4227      $updated_group = array(
4228          'usergroup' => $ban['oldgroup'],
4229          'additionalgroups' => $db->escape_string($ban['oldadditionalgroups']),
4230          'displaygroup' => $ban['olddisplaygroup']
4231      );
4232      $db->update_query("users", $updated_group, "uid='{$ban['uid']}'");
4233      $db->delete_query("banned", "uid='{$ban['uid']}'");
4234  
4235      $cache->update_moderators();
4236      log_moderator_action(array("uid" => $ban['uid'], "username" => $username), $lang->lifted_ban);
4237  
4238      $plugins->run_hooks("modcp_liftban_end");
4239  
4240      redirect("modcp.php?action=banning", $lang->redirect_banlifted);
4241  }
4242  
4243  if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post")
4244  {
4245      // Verify incoming POST request
4246      verify_post_check($mybb->get_input('my_post_key'));
4247  
4248      if($mybb->usergroup['canbanusers'] == 0)
4249      {
4250          error_no_permission();
4251      }
4252  
4253      // Editing an existing ban
4254      $existing_ban = false;
4255      if($mybb->get_input('uid', MyBB::INPUT_INT))
4256      {
4257          // Get the users info from their uid
4258          $query = $db->query("
4259              SELECT b.*, u.uid, u.username, u.usergroup, u.additionalgroups, u.displaygroup
4260              FROM ".TABLE_PREFIX."banned b
4261              LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
4262              WHERE b.uid='{$mybb->input['uid']}'
4263          ");
4264          $user = $db->fetch_array($query);
4265  
4266          if($user)
4267          {
4268              $existing_ban = true;
4269          }
4270  
4271          // Permission to edit this ban?
4272          if($existing_ban && $mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
4273          {
4274              error_no_permission();
4275          }
4276      }
4277  
4278      $errors = array();
4279  
4280      // Creating a new ban
4281      if(!$existing_ban)
4282      {
4283          // Get the users info from their Username
4284          $options = array(
4285              'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup')
4286          );
4287  
4288          $user = get_user_by_username($mybb->input['username'], $options);
4289  
4290          if(!$user)
4291          {
4292              $errors[] = $lang->invalid_username;
4293          }
4294      }
4295  
4296      if($user['uid'] == $mybb->user['uid'])
4297      {
4298          $errors[] = $lang->error_cannotbanself;
4299      }
4300  
4301      // Have permissions to ban this user?
4302      if(!modcp_can_manage_user($user['uid']))
4303      {
4304          $errors[] = $lang->error_cannotbanuser;
4305      }
4306  
4307      // Check for an incoming reason
4308      if(empty($mybb->input['banreason']))
4309      {
4310          $errors[] = $lang->error_nobanreason;
4311      }
4312  
4313      // Check banned group
4314      $usergroups_cache = $cache->read('usergroups');
4315      if(isset($usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)]))
4316      {
4317          $usergroup = $usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)];
4318      }
4319  
4320      if(!isset($usergroup) || empty($usergroup['isbannedgroup']))
4321      {
4322          $errors[] = $lang->error_nobangroup;
4323      }
4324  
4325      // If this is a new ban, we check the user isn't already part of a banned group
4326      if(!$existing_ban && $user['uid'])
4327      {
4328          $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'", array('limit' => 1));
4329          if($db->num_rows($query) > 0)
4330          {
4331              $errors[] = $lang->error_useralreadybanned;
4332          }
4333      }
4334  
4335      $plugins->run_hooks("modcp_do_banuser_start");
4336  
4337      // Still no errors? Ban the user
4338      if(!$errors)
4339      {
4340          // Ban the user
4341          if($mybb->get_input('liftafter') == '---')
4342          {
4343              $lifted = 0;
4344          }
4345          else
4346          {
4347              if(!isset($user['dateline']))
4348              {
4349                  $user['dateline'] = 0;
4350              }
4351              $lifted = ban_date2timestamp($mybb->get_input('liftafter'), $user['dateline']);
4352          }
4353  
4354          $banreason = my_substr($mybb->get_input('banreason'), 0, 255);
4355  
4356          if($existing_ban)
4357          {
4358              $update_array = array(
4359                  'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
4360                  'dateline' => TIME_NOW,
4361                  'bantime' => $db->escape_string($mybb->get_input('liftafter')),
4362                  'lifted' => $db->escape_string($lifted),
4363                  'reason' => $db->escape_string($banreason)
4364              );
4365  
4366              $db->update_query('banned', $update_array, "uid='{$user['uid']}'");
4367          }
4368          else
4369          {
4370              $insert_array = array(
4371                  'uid' => $user['uid'],
4372                  'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
4373                  'oldgroup' => (int)$user['usergroup'],
4374                  'oldadditionalgroups' => $db->escape_string($user['additionalgroups']),
4375                  'olddisplaygroup' => (int)$user['displaygroup'],
4376                  'admin' => (int)$mybb->user['uid'],
4377                  'dateline' => TIME_NOW,
4378                  'bantime' => $db->escape_string($mybb->get_input('liftafter')),
4379                  'lifted' => $db->escape_string($lifted),
4380                  'reason' => $db->escape_string($banreason)
4381              );
4382  
4383              $db->insert_query('banned', $insert_array);
4384          }
4385  
4386          // Move the user to the banned group
4387          $update_array = array(
4388              'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
4389              'displaygroup' => 0,
4390              'additionalgroups' => '',
4391          );
4392          $db->update_query('users', $update_array, "uid = {$user['uid']}");
4393  
4394          // Log edit or add ban
4395          if($existing_ban)
4396          {
4397              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user_ban);
4398          }
4399          else
4400          {
4401              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user);
4402          }
4403  
4404          $plugins->run_hooks("modcp_do_banuser_end");
4405  
4406          if($existing_ban)
4407          {
4408              redirect("modcp.php?action=banning", $lang->redirect_banuser_updated);
4409          }
4410          else
4411          {
4412              redirect("modcp.php?action=banning", $lang->redirect_banuser);
4413          }
4414      }
4415      // Otherwise has errors, throw back to ban page
4416      else
4417      {
4418          $mybb->input['action'] = "banuser";
4419      }
4420  }
4421  
4422  if($mybb->input['action'] == "banuser")
4423  {
4424      add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning");
4425  
4426      if($mybb->usergroup['canbanusers'] == 0)
4427      {
4428          error_no_permission();
4429      }
4430  
4431      $mybb->input['uid'] = $mybb->get_input('uid', MyBB::INPUT_INT);
4432      if($mybb->input['uid'])
4433      {
4434          add_breadcrumb($lang->mcp_nav_editing_ban);
4435      }
4436      else
4437      {
4438          add_breadcrumb($lang->mcp_nav_ban_user);
4439      }
4440  
4441      $plugins->run_hooks("modcp_banuser_start");
4442  
4443      $banuser_username = '';
4444      $banreason = '';
4445  
4446      // If incoming user ID, we are editing a ban
4447      if($mybb->input['uid'])
4448      {
4449          $query = $db->query("
4450              SELECT b.*, u.username, u.uid
4451              FROM ".TABLE_PREFIX."banned b
4452              LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
4453              WHERE b.uid='{$mybb->input['uid']}'
4454          ");
4455          $banned = $db->fetch_array($query);
4456          if(!empty($banned['username']))
4457          {
4458              $username = $banned['username'] = htmlspecialchars_uni($banned['username']);
4459              $banreason = htmlspecialchars_uni($banned['reason']);
4460              $uid = $mybb->input['uid'];
4461              $user = get_user($banned['uid']);
4462              $lang->ban_user = $lang->edit_ban; // Swap over lang variables
4463              eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";");
4464          }
4465      }
4466  
4467      // Permission to edit this ban?
4468      if(!empty($banned) && $banned['uid'] && $mybb->user['uid'] != $banned['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
4469      {
4470          error_no_permission();
4471      }
4472  
4473      // New ban!
4474      if(!$banuser_username)
4475      {
4476          if($mybb->input['uid'])
4477          {
4478              $user = get_user($mybb->input['uid']);
4479              $user['username'] = htmlspecialchars_uni($user['username']);
4480              $username = $user['username'];
4481          }
4482          else
4483          {
4484              $username = htmlspecialchars_uni($mybb->get_input('username'));
4485          }
4486          eval("\$banuser_username = \"".$templates->get("modcp_banuser_addusername")."\";");
4487      }
4488  
4489      // Coming back to this page from an error?
4490      if($errors)
4491      {
4492          $errors = inline_error($errors);
4493          $banned = array(
4494              "bantime" => $mybb->get_input('liftafter'),
4495              "reason" => $mybb->get_input('reason'),
4496              "gid" => $mybb->get_input('gid', MyBB::INPUT_INT)
4497          );
4498          $banreason = htmlspecialchars_uni($mybb->get_input('banreason'));
4499      }
4500  
4501      // Generate the banned times dropdown
4502      $liftlist = '';
4503      foreach($bantimes as $time => $title)
4504      {
4505          $selected = '';
4506          if(isset($banned['bantime']) && $banned['bantime'] == $time)
4507          {
4508              $selected = " selected=\"selected\"";
4509          }
4510  
4511          $thattime = '';
4512          if($time != '---')
4513          {
4514              $dateline = TIME_NOW;
4515              if(isset($banned['dateline']))
4516              {
4517                  $dateline = $banned['dateline'];
4518              }
4519  
4520              $thatime = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time, $dateline));
4521              $thattime = " ({$thatime})";
4522          }
4523  
4524          eval("\$liftlist .= \"".$templates->get("modcp_banuser_liftlist")."\";");
4525      }
4526  
4527      $bangroup_option = $bangroups = '';
4528      $numgroups = $banned_group = 0;
4529      $groupscache = $cache->read("usergroups");
4530  
4531      foreach($groupscache as $key => $group)
4532      {
4533          if($group['isbannedgroup'])
4534          {
4535              $selected = "";
4536              if(isset($banned['gid']) && $banned['gid'] == $group['gid'])
4537              {
4538                  $selected = " selected=\"selected\"";
4539              }
4540  
4541              $group['title'] = htmlspecialchars_uni($group['title']);
4542              eval("\$bangroup_option .= \"".$templates->get("modcp_banuser_bangroups_group")."\";");
4543              $banned_group = $group['gid'];
4544              ++$numgroups;
4545          }
4546      }
4547  
4548      if($numgroups == 0)
4549      {
4550          error($lang->no_banned_group);
4551      }
4552      elseif($numgroups > 1)
4553      {
4554          eval("\$bangroups = \"".$templates->get("modcp_banuser_bangroups")."\";");
4555      }
4556      else
4557      {
4558          eval("\$bangroups = \"".$templates->get("modcp_banuser_bangroups_hidden")."\";");
4559      }
4560  
4561      if(!empty($banned['uid']))
4562      {
4563          eval("\$lift_link = \"".$templates->get("modcp_banuser_lift")."\";");
4564          $uid = $banned['uid'];
4565      }
4566      else
4567      {
4568          $lift_link = '';
4569          $uid = 0;
4570      }
4571  
4572      $plugins->run_hooks("modcp_banuser_end");
4573  
4574      eval("\$banuser = \"".$templates->get("modcp_banuser")."\";");
4575      output_page($banuser);
4576  }
4577  
4578  if($mybb->input['action'] == "do_modnotes")
4579  {
4580      // Verify incoming POST request
4581      verify_post_check($mybb->get_input('my_post_key'));
4582  
4583      $plugins->run_hooks("modcp_do_modnotes_start");
4584  
4585      // Update Moderator Notes cache
4586      $update_cache = array(
4587          "modmessage" => $mybb->get_input('modnotes')
4588      );
4589      $cache->update("modnotes", $update_cache);
4590  
4591      $plugins->run_hooks("modcp_do_modnotes_end");
4592  
4593      redirect("modcp.php", $lang->redirect_modnotes);
4594  }
4595  
4596  if(!$mybb->input['action'])
4597  {
4598      $awaitingattachments = $awaitingposts = $awaitingthreads = $awaitingmoderation = '';
4599  
4600      if($mybb->usergroup['canmanagemodqueue'] == 1)
4601      {
4602          if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
4603          {
4604              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
4605              {
4606                  $bgcolor = "trow1";
4607              }
4608              else
4609              {
4610                  $bgcolor = "trow2";
4611              }
4612  
4613              $query = $db->query("
4614                  SELECT COUNT(aid) AS unapprovedattachments
4615                  FROM  ".TABLE_PREFIX."attachments a
4616                  LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
4617                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4618                  WHERE a.visible='0' {$tflist}
4619              ");
4620              $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
4621  
4622              if($unapproved_attachments > 0)
4623              {
4624                  $query = $db->query("
4625                      SELECT t.tid, p.pid, p.uid, t.username, a.filename, a.dateuploaded
4626                      FROM  ".TABLE_PREFIX."attachments a
4627                      LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
4628                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4629                      WHERE a.visible='0' {$tflist}
4630                      ORDER BY a.dateuploaded DESC
4631                      LIMIT 1
4632                  ");
4633                  $attachment = $db->fetch_array($query);
4634                  $attachment['date'] = my_date('relative', $attachment['dateuploaded']);
4635                  $attachment['username'] = htmlspecialchars_uni($attachment['username']);
4636                  $attachment['profilelink'] = build_profile_link($attachment['username'], $attachment['uid']);
4637                  $attachment['link'] = get_post_link($attachment['pid'], $attachment['tid']);
4638                  $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
4639                  $unapproved_attachments = my_number_format($unapproved_attachments);
4640  
4641                  eval("\$latest_attachment = \"".$templates->get("modcp_lastattachment")."\";");
4642              }
4643              else
4644              {
4645                  eval("\$latest_attachment = \"".$templates->get("modcp_awaitingmoderation_none")."\";");
4646              }
4647  
4648              eval("\$awaitingattachments = \"".$templates->get("modcp_awaitingattachments")."\";");
4649          }
4650  
4651          if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
4652          {
4653              $query = $db->query("
4654                  SELECT COUNT(pid) AS unapprovedposts
4655                  FROM  ".TABLE_PREFIX."posts p
4656                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4657                  WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid
4658              ");
4659              $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
4660  
4661              if($unapproved_posts > 0)
4662              {
4663                  $query = $db->query("
4664                      SELECT p.pid, p.tid, p.subject, p.uid, p.username, p.dateline
4665                      FROM  ".TABLE_PREFIX."posts p
4666                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4667                      WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid
4668                      ORDER BY p.dateline DESC, p.pid DESC
4669                      LIMIT 1
4670                  ");
4671                  $post = $db->fetch_array($query);
4672                  $post['date'] = my_date('relative', $post['dateline']);
4673                  $post['username'] = htmlspecialchars_uni($post['username']);
4674                  $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
4675                  $post['link'] = get_post_link($post['pid'], $post['tid']);
4676                  $post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']);
4677                  if(my_strlen($post['subject']) > 25)
4678                  {
4679                      $post['subject'] = my_substr($post['subject'], 0, 25)."...";
4680                  }
4681                  $post['subject'] = htmlspecialchars_uni($post['subject']);
4682                  $post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']);
4683                  $unapproved_posts = my_number_format($unapproved_posts);
4684  
4685                  eval("\$latest_post = \"".$templates->get("modcp_lastpost")."\";");
4686              }
4687              else
4688              {
4689                  eval("\$latest_post = \"".$templates->get("modcp_awaitingmoderation_none")."\";");
4690              }
4691  
4692              eval("\$awaitingposts = \"".$templates->get("modcp_awaitingposts")."\";");
4693          }
4694  
4695          if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
4696          {
4697              $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
4698              $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
4699  
4700              if($unapproved_threads > 0)
4701              {
4702                  $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible='0' {$flist_queue_threads}", array('order_by' =>  'dateline', 'order_dir' => 'DESC', 'limit' => 1));
4703                  $thread = $db->fetch_array($query);
4704                  $thread['date'] = my_date('relative', $thread['dateline']);
4705                  $thread['username'] = htmlspecialchars_uni($thread['username']);
4706                  $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
4707                  $thread['link'] = get_thread_link($thread['tid']);
4708                  $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']);
4709                  if(my_strlen($thread['subject']) > 25)
4710                  {
4711                      $post['subject'] = my_substr($thread['subject'], 0, 25)."...";
4712                  }
4713                  $thread['subject'] = htmlspecialchars_uni($thread['subject']);
4714                  $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']);
4715                  $unapproved_threads = my_number_format($unapproved_threads);
4716  
4717                  eval("\$latest_thread = \"".$templates->get("modcp_lastthread")."\";");
4718              }
4719              else
4720              {
4721                  eval("\$latest_thread = \"".$templates->get("modcp_awaitingmoderation_none")."\";");
4722              }
4723  
4724              eval("\$awaitingthreads = \"".$templates->get("modcp_awaitingthreads")."\";");
4725          }
4726  
4727          if(!empty($awaitingattachments) || !empty($awaitingposts) || !empty($awaitingthreads))
4728          {
4729              eval("\$awaitingmoderation = \"".$templates->get("modcp_awaitingmoderation")."\";");
4730          }
4731      }
4732  
4733      $latestfivemodactions = '';
4734      if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1)
4735      {
4736          $where = '';
4737          if($tflist_modlog)
4738          {
4739              $where = "WHERE (t.fid <> 0 {$tflist_modlog}) OR (l.fid <> 0)";
4740          }
4741  
4742          $query = $db->query("
4743              SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
4744              FROM ".TABLE_PREFIX."moderatorlog l
4745              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
4746              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
4747              LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
4748              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
4749              {$where}
4750              ORDER BY l.dateline DESC
4751              LIMIT 5
4752          ");
4753  
4754          $modlogresults = '';
4755          while($logitem = $db->fetch_array($query))
4756          {
4757              $information = '';
4758              $logitem['action'] = htmlspecialchars_uni($logitem['action']);
4759              $log_date = my_date('relative', $logitem['dateline']);
4760              $trow = alt_trow();
4761              $logitem['username'] = htmlspecialchars_uni($logitem['username']);
4762              $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
4763              $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
4764              $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress']));
4765  
4766              if($logitem['tsubject'])
4767              {
4768                  $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject']));
4769                  $logitem['thread'] = get_thread_link($logitem['tid']);
4770                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";");
4771              }
4772              if($logitem['fname'])
4773              {
4774                  $logitem['forum'] = get_forum_link($logitem['fid']);
4775                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";");
4776              }
4777              if($logitem['psubject'])
4778              {
4779                  $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject']));
4780                  $logitem['post'] = get_post_link($logitem['pid']);
4781                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";");
4782              }
4783  
4784              // Edited a user or managed announcement?
4785              if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
4786              {
4787                  $data = my_unserialize($logitem['data']);
4788                  if(isset($data['uid']))
4789                  {
4790                      $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
4791                  }
4792                  if(isset($data['aid']))
4793                  {
4794                      $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject']));
4795                      $data['announcement'] = get_announcement_link($data['aid']);
4796                      eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";");
4797                  }
4798              }
4799  
4800              $plugins->run_hooks("modcp_modlogs_result");
4801  
4802              eval("\$modlogresults .= \"".$templates->get("modcp_modlogs_result")."\";");
4803          }
4804  
4805          if(!$modlogresults)
4806          {
4807              eval("\$modlogresults = \"".$templates->get("modcp_modlogs_nologs")."\";");
4808          }
4809  
4810          eval("\$latestfivemodactions = \"".$templates->get("modcp_latestfivemodactions")."\";");
4811      }
4812  
4813      $query = $db->query("
4814          SELECT b.*, a.username AS adminuser, u.username
4815          FROM ".TABLE_PREFIX."banned b
4816          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
4817          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
4818          WHERE b.bantime != '---' AND b.bantime != 'perm'
4819          ORDER BY lifted ASC
4820          LIMIT 5
4821      ");
4822  
4823      $banned_cache = array();
4824      while($banned = $db->fetch_array($query))
4825      {
4826          $banned['remaining'] = $banned['lifted']-TIME_NOW;
4827          $banned_cache[$banned['remaining'].$banned['uid']] = $banned;
4828  
4829          unset($banned);
4830      }
4831  
4832      // Get the banned users
4833      $bannedusers = '';
4834      foreach($banned_cache as $banned)
4835      {
4836          $banned['username'] = htmlspecialchars_uni($banned['username']);
4837          $profile_link = build_profile_link($banned['username'], $banned['uid']);
4838  
4839          // Only show the edit & lift links if current user created ban, or is super mod/admin
4840          $edit_link = '';
4841          if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1)
4842          {
4843              eval("\$edit_link = \"".$templates->get("modcp_banning_edit")."\";");
4844          }
4845  
4846          $admin_profile = build_profile_link(htmlspecialchars_uni($banned['adminuser']), $banned['admin']);
4847  
4848          $trow = alt_trow();
4849  
4850          if($banned['reason'])
4851          {
4852              $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason']));
4853          }
4854          else
4855          {
4856              $banned['reason'] = $lang->na;
4857          }
4858  
4859          if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---')
4860          {
4861              $banlength = $lang->permanent;
4862              $timeremaining = $lang->na;
4863          }
4864          else
4865          {
4866              $banlength = $bantimes[$banned['bantime']];
4867              $remaining = $banned['remaining'];
4868  
4869              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
4870  
4871              $banned_class = '';
4872              $ban_remaining = "{$timeremaining} {$lang->ban_remaining}";
4873  
4874              if($remaining <= 0)
4875              {
4876                  $banned_class = "imminent_banned";
4877                  $ban_remaining = $lang->ban_ending_imminently;
4878              }
4879              else if($remaining < 3600)
4880              {
4881                  $banned_class = "high_banned";
4882              }
4883              else if($remaining < 86400)
4884              {
4885                  $banned_class = "moderate_banned";
4886              }
4887              else if($remaining < 604800)
4888              {
4889                  $banned_class = "low_banned";
4890              }
4891              else
4892              {
4893                  $banned_class = "normal_banned";
4894              }
4895  
4896              eval('$timeremaining = "'.$templates->get('modcp_banning_remaining').'";');
4897          }
4898  
4899          eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";");
4900      }
4901  
4902      if(!$bannedusers)
4903      {
4904          eval("\$bannedusers = \"".$templates->get("modcp_nobanned")."\";");
4905      }
4906  
4907      $modnotes = '';
4908      $modnotes_cache = $cache->read("modnotes");
4909      if($modnotes_cache !== false)
4910      {
4911          $modnotes = htmlspecialchars_uni($modnotes_cache['modmessage']);
4912      }
4913  
4914      $plugins->run_hooks("modcp_end");
4915  
4916      eval("\$modcp = \"".$templates->get("modcp")."\";");
4917      output_page($modcp);
4918  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref