| [ Index ] |
PHP Cross Reference of MyBB 1.8.40 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'modcp.php'); 13 14 $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation"; 15 $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview"; 16 $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning"; 17 $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info"; 18 $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts"; 19 $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist"; 20 $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link"; 21 $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link"; 22 $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away"; 23 $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link"; 24 $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete"; 25 $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread"; 26 $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active"; 27 $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text"; 28 $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit"; 29 $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox"; 30 31 require_once "./global.php"; 32 require_once MYBB_ROOT."inc/functions_user.php"; 33 require_once MYBB_ROOT."inc/functions_upload.php"; 34 require_once MYBB_ROOT."inc/functions_modcp.php"; 35 require_once MYBB_ROOT."inc/class_parser.php"; 36 $parser = new postParser; 37 38 // Set up the array of ban times. 39 $bantimes = fetch_ban_times(); 40 41 // Load global language phrases 42 $lang->load("modcp"); 43 $lang->load("announcements"); 44 45 if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) 46 { 47 error_no_permission(); 48 } 49 50 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 51 { 52 $mybb->settings['threadsperpage'] = 20; 53 } 54 55 $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach = 56 $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = ''; 57 // SQL for fetching items only related to forums this user moderates 58 $moderated_forums = array(); 59 $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0; 60 if($mybb->usergroup['issupermod'] != 1) 61 { 62 $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')"); 63 while($forum = $db->fetch_array($query)) 64 { 65 $moderated_forums[] = $forum['fid']; 66 $children = get_child_list($forum['fid']); 67 if(is_array($children)) 68 { 69 $moderated_forums = array_merge($moderated_forums, $children); 70 } 71 } 72 $moderated_forums = array_unique($moderated_forums); 73 74 $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0; 75 foreach($moderated_forums as $moderated_forum) 76 { 77 // For Announcements 78 if(is_moderator($moderated_forum, 'canmanageannouncements')) 79 { 80 ++$numannouncements; 81 } 82 83 // For the Mod Queues 84 if(is_moderator($moderated_forum, 'canapproveunapprovethreads')) 85 { 86 $flist_queue_threads .= ",'{$moderated_forum}'"; 87 ++$nummodqueuethreads; 88 } 89 90 if(is_moderator($moderated_forum, 'canapproveunapproveposts')) 91 { 92 $flist_queue_posts .= ",'{$moderated_forum}'"; 93 ++$nummodqueueposts; 94 } 95 96 if(is_moderator($moderated_forum, 'canapproveunapproveattachs')) 97 { 98 $flist_queue_attach .= ",'{$moderated_forum}'"; 99 ++$nummodqueueattach; 100 } 101 102 // For Reported posts 103 if(is_moderator($moderated_forum, 'canmanagereportedposts')) 104 { 105 $flist_reports .= ",'{$moderated_forum}'"; 106 ++$numreportedposts; 107 } 108 109 // For the Mod Log 110 if(is_moderator($moderated_forum, 'canviewmodlog')) 111 { 112 $flist_modlog .= ",'{$moderated_forum}'"; 113 ++$nummodlogs; 114 } 115 116 $flist .= ",'{$moderated_forum}'"; 117 } 118 if($flist_queue_threads) 119 { 120 $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})"; 121 $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})"; 122 } 123 if($flist_queue_posts) 124 { 125 $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})"; 126 $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})"; 127 } 128 if($flist_queue_attach) 129 { 130 $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})"; 131 $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})"; 132 } 133 if($flist_reports) 134 { 135 $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})"; 136 $tflist_reports = " AND r.id3 IN (0{$flist_reports})"; 137 $flist_reports = " AND id3 IN (0{$flist_reports})"; 138 } 139 if($flist_modlog) 140 { 141 $tflist_modlog = " AND t.fid IN (0{$flist_modlog})"; 142 $flist_modlog = " AND fid IN (0{$flist_modlog})"; 143 } 144 if($flist) 145 { 146 $tflist = " AND t.fid IN (0{$flist})"; 147 $flist = " AND fid IN (0{$flist})"; 148 } 149 } 150 151 // Retrieve a list of unviewable forums 152 $unviewableforums = get_unviewable_forums(); 153 $inactiveforums = get_inactive_forums(); 154 $unviewablefids1 = $unviewablefids2 = array(); 155 156 if($unviewableforums) 157 { 158 $flist .= " AND fid NOT IN ({$unviewableforums})"; 159 $tflist .= " AND t.fid NOT IN ({$unviewableforums})"; 160 161 $unviewablefids1 = explode(',', $unviewableforums); 162 } 163 164 if($inactiveforums) 165 { 166 $flist .= " AND fid NOT IN ({$inactiveforums})"; 167 $tflist .= " AND t.fid NOT IN ({$inactiveforums})"; 168 169 $unviewablefids2 = explode(',', $inactiveforums); 170 } 171 172 $unviewableforums = array_merge($unviewablefids1, $unviewablefids2); 173 174 if(!isset($collapsedimg['modcpforums'])) 175 { 176 $collapsedimg['modcpforums'] = ''; 177 } 178 179 if(!isset($collapsed['modcpforums_e'])) 180 { 181 $collapsed['modcpforums_e'] = ''; 182 } 183 184 if(!isset($collapsedimg['modcpusers'])) 185 { 186 $collapsedimg['modcpusers'] = ''; 187 } 188 189 if(!isset($collapsed['modcpusers_e'])) 190 { 191 $collapsed['modcpusers_e'] = ''; 192 } 193 194 // Fetch the Mod CP menu 195 $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = ''; 196 if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1) 197 { 198 eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";"); 199 } 200 201 if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1) 202 { 203 eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";"); 204 } 205 206 if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1) 207 { 208 eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";"); 209 } 210 211 if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1) 212 { 213 eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";"); 214 } 215 216 if($mybb->usergroup['caneditprofiles'] == 1) 217 { 218 eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";"); 219 } 220 221 if($mybb->usergroup['canbanusers'] == 1) 222 { 223 eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";"); 224 } 225 226 if($mybb->usergroup['canviewwarnlogs'] == 1) 227 { 228 eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";"); 229 } 230 231 if($mybb->usergroup['canuseipsearch'] == 1) 232 { 233 eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";"); 234 } 235 236 $plugins->run_hooks("modcp_nav"); 237 238 if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs)) 239 { 240 $expaltext = (in_array("modcpforums", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 241 eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";"); 242 } 243 244 if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch)) 245 { 246 $expaltext = (in_array("modcpusers", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 247 eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";"); 248 } 249 250 eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";"); 251 252 $plugins->run_hooks("modcp_start"); 253 254 // Make navigation 255 add_breadcrumb($lang->nav_modcp, "modcp.php"); 256 257 $mybb->input['action'] = $mybb->get_input('action'); 258 if($mybb->input['action'] == "do_reports") 259 { 260 if($mybb->usergroup['canmanagereportedcontent'] == 0) 261 { 262 error_no_permission(); 263 } 264 265 if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1) 266 { 267 error($lang->you_cannot_view_reported_posts); 268 } 269 270 // Verify incoming POST request 271 verify_post_check($mybb->get_input('my_post_key')); 272 273 $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY); 274 if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports'])) 275 { 276 error($lang->error_noselected_reports); 277 } 278 279 $message = $lang->redirect_reportsmarked; 280 281 if(isset($mybb->cookies['inlinereports'])) 282 { 283 if($mybb->cookies['inlinereports'] == '|ALL|') { 284 $message = $lang->redirect_allreportsmarked; 285 $sql = "1=1"; 286 if(isset($mybb->cookies['inlinereports_removed'])) 287 { 288 $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']); 289 $reports = array_map("intval", $inlinereportremovedlist); 290 $rids = implode("','", $reports); 291 $sql = "rid NOT IN ('0','{$rids}')"; 292 } 293 } 294 else 295 { 296 $inlinereportlist = explode("|", $mybb->cookies['inlinereports']); 297 $reports = array_map("intval", $inlinereportlist); 298 299 if(!count($reports)) 300 { 301 error($lang->error_noselected_reports); 302 } 303 304 $rids = implode("','", $reports); 305 306 $sql = "rid IN ('0','{$rids}')"; 307 } 308 } 309 else 310 { 311 $mybb->input['reports'] = array_map("intval", $mybb->input['reports']); 312 $rids = implode("','", $mybb->input['reports']); 313 314 $sql = "rid IN ('0','{$rids}')"; 315 } 316 317 $plugins->run_hooks("modcp_do_reports"); 318 319 $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}"); 320 $cache->update_reportedcontent(); 321 322 my_unsetcookie('inlinereports'); 323 my_unsetcookie('inlinereports_removed'); 324 325 $page = $mybb->get_input('page', MyBB::INPUT_INT); 326 327 redirect("modcp.php?action=reports&page={$page}", $message); 328 } 329 330 if($mybb->input['action'] == "reports") 331 { 332 if($mybb->usergroup['canmanagereportedcontent'] == 0) 333 { 334 error_no_permission(); 335 } 336 337 if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1) 338 { 339 error($lang->you_cannot_view_reported_posts); 340 } 341 342 $lang->load('report'); 343 add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports"); 344 345 $perpage = $mybb->settings['threadsperpage']; 346 if(!$perpage) 347 { 348 $perpage = 20; 349 } 350 351 // Multipage 352 if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod']) 353 { 354 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'"); 355 $report_count = $db->fetch_field($query, "count"); 356 } 357 else 358 { 359 $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')"); 360 361 $report_count = 0; 362 while($fid = $db->fetch_field($query, 'id3')) 363 { 364 if(is_moderator($fid, "canmanagereportedposts")) 365 { 366 ++$report_count; 367 } 368 } 369 unset($fid); 370 } 371 372 $page = $mybb->get_input('page', MyBB::INPUT_INT); 373 374 $postcount = (int)$report_count; 375 $pages = $postcount / $perpage; 376 $pages = ceil($pages); 377 378 if($page > $pages || $page <= 0) 379 { 380 $page = 1; 381 } 382 383 if($page && $page > 0) 384 { 385 $start = ($page-1) * $perpage; 386 } 387 else 388 { 389 $start = 0; 390 $page = 1; 391 } 392 393 $multipage = $reportspages = ''; 394 if($postcount > $perpage) 395 { 396 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports"); 397 eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 398 } 399 400 $plugins->run_hooks("modcp_reports_start"); 401 402 // Reports 403 $reports = $selectall = ''; 404 $inlinecount = 0; 405 406 $query = $db->query(" 407 SELECT r.*, u.username, rr.title 408 FROM ".TABLE_PREFIX."reportedcontent r 409 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid) 410 LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid) 411 WHERE r.reportstatus = '0'{$tflist_reports} 412 ORDER BY r.reports DESC 413 LIMIT {$start}, {$perpage} 414 "); 415 416 if(!$db->num_rows($query)) 417 { 418 // No unread reports 419 eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";"); 420 } 421 else 422 { 423 $reportedcontent = $cache->read("reportedcontent"); 424 $reportcache = $usercache = $postcache = array(); 425 426 while($report = $db->fetch_array($query)) 427 { 428 if($report['type'] == 'profile' || $report['type'] == 'reputation') 429 { 430 // Profile UID is in ID 431 if(!isset($usercache[$report['id']])) 432 { 433 $usercache[$report['id']] = $report['id']; 434 } 435 436 // Reputation comment? The offender is the ID2 437 if($report['type'] == 'reputation') 438 { 439 if(!isset($usercache[$report['id2']])) 440 { 441 $usercache[$report['id2']] = $report['id2']; 442 } 443 if(!isset($usercache[$report['id3']])) 444 { 445 // The user who was offended 446 $usercache[$report['id3']] = $report['id3']; 447 } 448 } 449 } 450 else if(!$report['type'] || $report['type'] == 'post') 451 { 452 // This (should) be a post 453 $postcache[$report['id']] = $report['id']; 454 } 455 456 // Lastpost info - is it missing (pre-1.8)? 457 $lastposter = $report['uid']; 458 if(!$report['lastreport']) 459 { 460 // Last reporter is our first reporter 461 $report['lastreport'] = $report['dateline']; 462 } 463 464 if($report['reporters']) 465 { 466 $reporters = my_unserialize($report['reporters']); 467 468 if(is_array($reporters)) 469 { 470 $lastposter = end($reporters); 471 } 472 } 473 474 if(!isset($usercache[$lastposter])) 475 { 476 $usercache[$lastposter] = $lastposter; 477 } 478 479 $report['lastreporter'] = $lastposter; 480 $reportcache[] = $report; 481 } 482 483 // Report Center gets messy 484 // Find information about our users (because we don't log it when they file a report) 485 if(!empty($usercache)) 486 { 487 $sql = implode(',', array_keys($usercache)); 488 $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})"); 489 490 while($user = $db->fetch_array($query)) 491 { 492 $usercache[$user['uid']] = $user; 493 } 494 } 495 496 // Messy * 2 497 // Find out post information for our reported posts 498 if(!empty($postcache)) 499 { 500 $sql = implode(',', array_keys($postcache)); 501 $query = $db->query(" 502 SELECT p.pid, p.uid, p.username, p.tid, t.subject 503 FROM ".TABLE_PREFIX."posts p 504 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid) 505 WHERE p.pid IN ({$sql}) 506 "); 507 508 while($post = $db->fetch_array($query)) 509 { 510 $postcache[$post['pid']] = $post; 511 } 512 } 513 514 $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache)); 515 $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count); 516 $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count); 517 eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";"); 518 519 $plugins->run_hooks('modcp_reports_intermediate'); 520 521 // Now that we have all of the information needed, display the reports 522 foreach($reportcache as $report) 523 { 524 $trow = alt_trow(); 525 526 if(!$report['type']) 527 { 528 // Assume a post 529 $report['type'] = 'post'; 530 } 531 532 // Report Information 533 $report_data = array(); 534 535 switch($report['type']) 536 { 537 case 'post': 538 $post = get_post_link($report['id'])."#pid{$report['id']}"; 539 $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']); 540 $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user); 541 542 $thread_link = get_thread_link($postcache[$report['id']]['tid']); 543 $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject'])); 544 $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject); 545 546 break; 547 case 'profile': 548 $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']); 549 $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user); 550 break; 551 case 'reputation': 552 $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}"; 553 $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']); 554 $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user); 555 556 $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']); 557 $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user); 558 break; 559 } 560 561 // Report reason and comment 562 if($report['reasonid'] > 0) 563 { 564 $reason = htmlspecialchars_uni($lang->parse($report['title'])); 565 566 if(empty($report['reason'])) 567 { 568 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";"); 569 } 570 else 571 { 572 $comment = htmlspecialchars_uni($report['reason']); 573 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";"); 574 } 575 } 576 else 577 { 578 $report_data['comment'] = $lang->na; 579 } 580 581 $report_reports = 1; 582 if($report['reports']) 583 { 584 $report_data['reports'] = my_number_format($report['reports']); 585 } 586 587 if($report['lastreporter']) 588 { 589 if(is_array($usercache[$report['lastreporter']])) 590 { 591 $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']); 592 } 593 elseif($usercache[$report['lastreporter']] > 0) 594 { 595 $lastreport_user = htmlspecialchars_uni($lang->na_deleted); 596 } 597 598 $lastreport_date = my_date('relative', $report['lastreport']); 599 $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user); 600 } 601 602 $inlinecheck = ''; 603 if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false) 604 { 605 $inlinecheck = " checked=\"checked\""; 606 ++$inlinecount; 607 } 608 609 $plugins->run_hooks("modcp_reports_report"); 610 eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";"); 611 } 612 } 613 614 $plugins->run_hooks("modcp_reports_end"); 615 616 eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";"); 617 output_page($reportedcontent); 618 } 619 620 if($mybb->input['action'] == "allreports") 621 { 622 if($mybb->usergroup['canmanagereportedcontent'] == 0) 623 { 624 error_no_permission(); 625 } 626 627 $lang->load('report'); 628 629 add_breadcrumb($lang->report_center, "modcp.php?action=reports"); 630 add_breadcrumb($lang->all_reports, "modcp.php?action=allreports"); 631 632 if(!$mybb->settings['threadsperpage']) 633 { 634 $mybb->settings['threadsperpage'] = 20; 635 } 636 637 // Figure out if we need to display multiple pages. 638 $perpage = $mybb->settings['threadsperpage']; 639 if($mybb->get_input('page') != "last") 640 { 641 $page = $mybb->get_input('page', MyBB::INPUT_INT); 642 } 643 644 if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod']) 645 { 646 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count"); 647 $report_count = $db->fetch_field($query, "count"); 648 } 649 else 650 { 651 $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''"); 652 653 $report_count = 0; 654 while($fid = $db->fetch_field($query, 'id3')) 655 { 656 if(is_moderator($fid, "canmanagereportedposts")) 657 { 658 ++$report_count; 659 } 660 } 661 unset($fid); 662 } 663 664 if(isset($mybb->input['rid'])) 665 { 666 $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT); 667 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'"); 668 $result = $db->fetch_field($query, "count"); 669 if(($result % $perpage) == 0) 670 { 671 $page = $result / $perpage; 672 } 673 else 674 { 675 $page = (int)$result / $perpage + 1; 676 } 677 } 678 $postcount = (int)$report_count; 679 $pages = $postcount / $perpage; 680 $pages = ceil($pages); 681 682 if($mybb->get_input('page') == "last") 683 { 684 $page = $pages; 685 } 686 687 if($page > $pages || $page <= 0) 688 { 689 $page = 1; 690 } 691 692 if($page) 693 { 694 $start = ($page-1) * $perpage; 695 } 696 else 697 { 698 $start = 0; 699 $page = 1; 700 } 701 $upper = $start+$perpage; 702 703 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports"); 704 $allreportspages = ''; 705 if($postcount > $perpage) 706 { 707 eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 708 } 709 710 $plugins->run_hooks("modcp_allreports_start"); 711 712 $query = $db->query(" 713 SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title 714 FROM ".TABLE_PREFIX."reportedcontent r 715 LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid) 716 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid) 717 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid) 718 LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid) 719 LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id) 720 LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2) 721 LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid) 722 {$wflist_reports} 723 ORDER BY r.dateline DESC 724 LIMIT {$start}, {$perpage} 725 "); 726 727 $allreports = ''; 728 if(!$db->num_rows($query)) 729 { 730 eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";"); 731 } 732 else 733 { 734 while($report = $db->fetch_array($query)) 735 { 736 $trow = alt_trow(); 737 738 if($report['type'] == 'post') 739 { 740 $post = get_post_link($report['id'])."#pid{$report['id']}"; 741 $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']); 742 $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user); 743 744 $thread_link = get_thread_link($report['id2']); 745 $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject'])); 746 $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject); 747 } 748 else if($report['type'] == 'profile') 749 { 750 $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']); 751 $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user); 752 } 753 else if($report['type'] == 'reputation') 754 { 755 $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']); 756 $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}"; 757 $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user); 758 } 759 760 // Report reason and comment 761 if($report['reasonid'] > 0) 762 { 763 $reason = htmlspecialchars_uni($lang->parse($report['title'])); 764 765 if(empty($report['reason'])) 766 { 767 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";"); 768 } 769 else 770 { 771 $comment = htmlspecialchars_uni($report['reason']); 772 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";"); 773 } 774 } 775 else 776 { 777 $report_data['comment'] = $lang->na; 778 } 779 780 $report['reporterlink'] = get_profile_link($report['uid']); 781 if(!$report['username']) 782 { 783 $report['username'] = $lang->na_deleted; 784 $report['reporterlink'] = $post; 785 } 786 $report['username'] = htmlspecialchars_uni($report['username']); 787 788 $report_data['reports'] = my_number_format($report['reports']); 789 $report_data['time'] = my_date('relative', $report['dateline']); 790 791 $plugins->run_hooks("modcp_allreports_report"); 792 eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";"); 793 } 794 } 795 796 $plugins->run_hooks("modcp_allreports_end"); 797 798 eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";"); 799 output_page($allreportedcontent); 800 } 801 802 if($mybb->input['action'] == "modlogs") 803 { 804 if($mybb->usergroup['canviewmodlogs'] == 0) 805 { 806 error_no_permission(); 807 } 808 809 if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1) 810 { 811 error($lang->you_cannot_view_mod_logs); 812 } 813 814 add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs"); 815 816 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 817 if(!$perpage || $perpage <= 0) 818 { 819 $perpage = $mybb->settings['threadsperpage']; 820 } 821 822 $where = ''; 823 824 // Searching for entries by a particular user 825 if($mybb->get_input('uid', MyBB::INPUT_INT)) 826 { 827 $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"; 828 } 829 830 // Searching for entries in a specific forum 831 if($mybb->get_input('fid', MyBB::INPUT_INT)) 832 { 833 $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'"; 834 } 835 836 $mybb->input['sortby'] = $mybb->get_input('sortby'); 837 838 // Order? 839 switch($mybb->input['sortby']) 840 { 841 case "username": 842 $sortby = "u.username"; 843 break; 844 case "forum": 845 $sortby = "f.name"; 846 break; 847 case "thread": 848 $sortby = "t.subject"; 849 break; 850 default: 851 $sortby = "l.dateline"; 852 } 853 $order = $mybb->get_input('order'); 854 if($order != "asc") 855 { 856 $order = "desc"; 857 } 858 859 $plugins->run_hooks("modcp_modlogs_start"); 860 861 $query = $db->query(" 862 SELECT COUNT(l.dateline) AS count 863 FROM ".TABLE_PREFIX."moderatorlog l 864 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 865 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 866 WHERE 1=1 {$where}{$tflist_modlog} 867 "); 868 $rescount = $db->fetch_field($query, "count"); 869 870 // Figure out if we need to display multiple pages. 871 if($mybb->get_input('page') != "last") 872 { 873 $page = $mybb->get_input('page', MyBB::INPUT_INT); 874 } 875 876 $postcount = (int)$rescount; 877 $pages = $postcount / $perpage; 878 $pages = ceil($pages); 879 880 if($mybb->get_input('page') == "last") 881 { 882 $page = $pages; 883 } 884 885 if($page > $pages || $page <= 0) 886 { 887 $page = 1; 888 } 889 890 if($page) 891 { 892 $start = ($page-1) * $perpage; 893 } 894 else 895 { 896 $start = 0; 897 $page = 1; 898 } 899 900 $page_url = 'modcp.php?action=modlogs&perpage='.$perpage; 901 foreach(array('uid', 'fid') as $field) 902 { 903 $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT); 904 if(!empty($mybb->input[$field])) 905 { 906 $page_url .= "&{$field}=".$mybb->input[$field]; 907 } 908 } 909 foreach(array('sortby', 'order') as $field) 910 { 911 $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 912 if(!empty($mybb->input[$field])) 913 { 914 $page_url .= "&{$field}=".$mybb->input[$field]; 915 } 916 } 917 918 $multipage = multipage($postcount, $perpage, $page, $page_url); 919 $resultspages = ''; 920 if($postcount > $perpage) 921 { 922 eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";"); 923 } 924 $query = $db->query(" 925 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 926 FROM ".TABLE_PREFIX."moderatorlog l 927 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 928 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 929 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 930 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 931 WHERE 1=1 {$where}{$tflist_modlog} 932 ORDER BY {$sortby} {$order} 933 LIMIT {$start}, {$perpage} 934 "); 935 $results = ''; 936 while($logitem = $db->fetch_array($query)) 937 { 938 $information = ''; 939 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 940 $log_date = my_date('relative', $logitem['dateline']); 941 $trow = alt_trow(); 942 if($logitem['username']) 943 { 944 $logitem['username'] = htmlspecialchars_uni($logitem['username']); 945 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 946 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 947 } 948 else 949 { 950 $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted); 951 } 952 $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress'])); 953 954 if($logitem['tsubject']) 955 { 956 $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject'])); 957 $logitem['thread'] = get_thread_link($logitem['tid']); 958 eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";"); 959 } 960 if($logitem['fname']) 961 { 962 $logitem['forum'] = get_forum_link($logitem['fid']); 963 eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";"); 964 } 965 if($logitem['psubject']) 966 { 967 $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject'])); 968 $logitem['post'] = get_post_link($logitem['pid']); 969 eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";"); 970 } 971 972 // Edited a user or managed announcement? 973 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 974 { 975 $data = my_unserialize($logitem['data']); 976 if(!empty($data['uid'])) 977 { 978 $data['username'] = htmlspecialchars_uni($data['username']); 979 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 980 } 981 if(!empty($data['aid'])) 982 { 983 $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject'])); 984 $data['announcement'] = get_announcement_link($data['aid']); 985 eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";"); 986 } 987 } 988 989 $plugins->run_hooks("modcp_modlogs_result"); 990 991 eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";"); 992 } 993 994 if(!$results) 995 { 996 eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";"); 997 } 998 999 $plugins->run_hooks("modcp_modlogs_filter"); 1000 1001 // Fetch filter options 1002 $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => ''); 1003 $sortbysel[$mybb->input['sortby']] = "selected=\"selected\""; 1004 $ordersel = array('asc' => '', 'desc' => ''); 1005 $ordersel[$order] = "selected=\"selected\""; 1006 $user_options = ''; 1007 $query = $db->query(" 1008 SELECT DISTINCT l.uid, u.username 1009 FROM ".TABLE_PREFIX."moderatorlog l 1010 LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid) 1011 ORDER BY u.username ASC 1012 "); 1013 while($user = $db->fetch_array($query)) 1014 { 1015 // Deleted Users 1016 if(!$user['username']) 1017 { 1018 $user['username'] = $lang->na_deleted; 1019 } 1020 1021 $selected = ''; 1022 if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid']) 1023 { 1024 $selected = " selected=\"selected\""; 1025 } 1026 1027 $user['username'] = htmlspecialchars_uni($user['username']); 1028 eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";"); 1029 } 1030 1031 $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid"); 1032 1033 eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";"); 1034 output_page($modlogs); 1035 } 1036 1037 if($mybb->input['action'] == "do_delete_announcement") 1038 { 1039 verify_post_check($mybb->get_input('my_post_key')); 1040 1041 if($mybb->usergroup['canmanageannounce'] == 0) 1042 { 1043 error_no_permission(); 1044 } 1045 1046 $aid = $mybb->get_input('aid'); 1047 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 1048 $announcement = $db->fetch_array($query); 1049 1050 if(!$announcement) 1051 { 1052 error($lang->error_invalid_announcement); 1053 } 1054 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1055 { 1056 error_no_permission(); 1057 } 1058 1059 $plugins->run_hooks("modcp_do_delete_announcement"); 1060 1061 $db->delete_query("announcements", "aid='{$aid}'"); 1062 log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted); 1063 $cache->update_forumsdisplay(); 1064 1065 redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement); 1066 } 1067 1068 if($mybb->input['action'] == "delete_announcement") 1069 { 1070 if($mybb->usergroup['canmanageannounce'] == 0) 1071 { 1072 error_no_permission(); 1073 } 1074 1075 $aid = $mybb->get_input('aid'); 1076 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 1077 1078 $announcement = $db->fetch_array($query); 1079 $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); 1080 1081 if(!$announcement) 1082 { 1083 error($lang->error_invalid_announcement); 1084 } 1085 1086 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1087 { 1088 error_no_permission(); 1089 } 1090 1091 $plugins->run_hooks("modcp_delete_announcement"); 1092 1093 eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";"); 1094 output_page($announcements); 1095 } 1096 1097 if($mybb->input['action'] == "do_new_announcement") 1098 { 1099 verify_post_check($mybb->get_input('my_post_key')); 1100 1101 if($mybb->usergroup['canmanageannounce'] == 0) 1102 { 1103 error_no_permission(); 1104 } 1105 1106 $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT); 1107 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums))) 1108 { 1109 error_no_permission(); 1110 } 1111 1112 $errors = array(); 1113 1114 $mybb->input['title'] = $mybb->get_input('title'); 1115 if(!trim($mybb->input['title'])) 1116 { 1117 $errors[] = $lang->error_missing_title; 1118 } 1119 1120 $mybb->input['message'] = $mybb->get_input('message'); 1121 if(!trim($mybb->input['message'])) 1122 { 1123 $errors[] = $lang->error_missing_message; 1124 } 1125 1126 if(!$announcement_fid) 1127 { 1128 $errors[] = $lang->error_missing_forum; 1129 } 1130 1131 $mybb->input['starttime_time'] = $mybb->get_input('starttime_time'); 1132 $mybb->input['endtime_time'] = $mybb->get_input('endtime_time'); 1133 $startdate = @explode(" ", $mybb->input['starttime_time']); 1134 $startdate = @explode(":", $startdate[0]); 1135 $enddate = @explode(" ", $mybb->input['endtime_time']); 1136 $enddate = @explode(":", $enddate[0]); 1137 1138 if(stristr($mybb->input['starttime_time'], "pm")) 1139 { 1140 $startdate[0] = 12+$startdate[0]; 1141 if($startdate[0] >= 24) 1142 { 1143 $startdate[0] = "00"; 1144 } 1145 } 1146 1147 if(stristr($mybb->input['endtime_time'], "pm")) 1148 { 1149 $enddate[0] = 12+$enddate[0]; 1150 if($enddate[0] >= 24) 1151 { 1152 $enddate[0] = "00"; 1153 } 1154 } 1155 1156 $mybb->input['starttime_month'] = $mybb->get_input('starttime_month'); 1157 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1158 if(!in_array($mybb->input['starttime_month'], $months)) 1159 { 1160 $mybb->input['starttime_month'] = '01'; 1161 } 1162 1163 $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1164 1165 $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1166 if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false) 1167 { 1168 $errors[] = $lang->error_invalid_start_date; 1169 } 1170 1171 if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) 1172 { 1173 $enddate = '0'; 1174 $mybb->input['endtime_month'] = '01'; 1175 } 1176 else 1177 { 1178 $mybb->input['endtime_month'] = $mybb->get_input('endtime_month'); 1179 if(!in_array($mybb->input['endtime_month'], $months)) 1180 { 1181 $mybb->input['endtime_month'] = '01'; 1182 } 1183 $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1184 if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false) 1185 { 1186 $errors[] = $lang->error_invalid_end_date; 1187 } 1188 1189 if($enddate <= $startdate) 1190 { 1191 $errors[] = $lang->error_end_before_start; 1192 } 1193 } 1194 1195 if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1) 1196 { 1197 $allowhtml = 1; 1198 } 1199 else 1200 { 1201 $allowhtml = 0; 1202 } 1203 if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1) 1204 { 1205 $allowmycode = 1; 1206 } 1207 else 1208 { 1209 $allowmycode = 0; 1210 } 1211 if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1) 1212 { 1213 $allowsmilies = 1; 1214 } 1215 else 1216 { 1217 $allowsmilies = 0; 1218 } 1219 1220 $plugins->run_hooks("modcp_do_new_announcement_start"); 1221 1222 if(!$errors) 1223 { 1224 if(isset($mybb->input['preview'])) 1225 { 1226 $preview = array(); 1227 $mybb->input['action'] = 'new_announcement'; 1228 } 1229 else 1230 { 1231 $insert_announcement = array( 1232 'fid' => $announcement_fid, 1233 'uid' => $mybb->user['uid'], 1234 'subject' => $db->escape_string($mybb->input['title']), 1235 'message' => $db->escape_string($mybb->input['message']), 1236 'startdate' => $startdate, 1237 'enddate' => $enddate, 1238 'allowhtml' => $allowhtml, 1239 'allowmycode' => $allowmycode, 1240 'allowsmilies' => $allowsmilies 1241 ); 1242 $aid = $db->insert_query("announcements", $insert_announcement); 1243 1244 log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added); 1245 1246 $plugins->run_hooks("modcp_do_new_announcement_end"); 1247 1248 $cache->update_forumsdisplay(); 1249 redirect("modcp.php?action=announcements", $lang->redirect_add_announcement); 1250 } 1251 } 1252 else 1253 { 1254 $mybb->input['action'] = 'new_announcement'; 1255 } 1256 } 1257 1258 if($mybb->input['action'] == "new_announcement") 1259 { 1260 if($mybb->usergroup['canmanageannounce'] == 0) 1261 { 1262 error_no_permission(); 1263 } 1264 1265 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1266 add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements"); 1267 1268 $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT); 1269 1270 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums))) 1271 { 1272 error_no_permission(); 1273 } 1274 1275 // Deal with inline errors 1276 if(!empty($errors) || isset($preview)) 1277 { 1278 if(!empty($errors)) 1279 { 1280 $errors = inline_error($errors); 1281 } 1282 else 1283 { 1284 $errors = ''; 1285 } 1286 1287 // Set $announcement to input stuff 1288 $announcement['subject'] = $mybb->input['title']; 1289 $announcement['message'] = $mybb->input['message']; 1290 $announcement['allowhtml'] = $allowhtml; 1291 $announcement['allowmycode'] = $allowmycode; 1292 $announcement['allowsmilies'] = $allowsmilies; 1293 1294 $startmonth = $mybb->input['starttime_month']; 1295 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1296 $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT); 1297 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1298 $endmonth = $mybb->input['endtime_month']; 1299 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1300 $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT); 1301 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1302 } 1303 else 1304 { 1305 $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1306 1307 $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time); 1308 $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time); 1309 $startday = $endday = gmdate("j", $localized_time); 1310 $startmonth = $endmonth = gmdate("m", $localized_time); 1311 $startdateyear = gmdate("Y", $localized_time); 1312 1313 $announcement = array( 1314 'subject' => '', 1315 'message' => '', 1316 'allowhtml' => 0, 1317 'allowmycode' => 1, 1318 'allowsmilies' => 1 1319 ); 1320 1321 $enddateyear = $startdateyear+1; 1322 } 1323 1324 // Generate form elements 1325 $startdateday = $enddateday = ''; 1326 for($day = 1; $day <= 31; ++$day) 1327 { 1328 if($startday == $day) 1329 { 1330 $selected = " selected=\"selected\""; 1331 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1332 } 1333 else 1334 { 1335 $selected = ''; 1336 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1337 } 1338 1339 if($endday == $day) 1340 { 1341 $selected = " selected=\"selected\""; 1342 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1343 } 1344 else 1345 { 1346 $selected = ''; 1347 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1348 } 1349 } 1350 1351 $startmonthsel = $endmonthsel = array(); 1352 foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month) 1353 { 1354 $startmonthsel[$month] = ''; 1355 $endmonthsel[$month] = ''; 1356 } 1357 $startmonthsel[$startmonth] = "selected=\"selected\""; 1358 $endmonthsel[$endmonth] = "selected=\"selected\""; 1359 1360 $startdatemonth = $enddatemonth = ''; 1361 1362 eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";"); 1363 eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";"); 1364 1365 $title = htmlspecialchars_uni($announcement['subject']); 1366 $message = htmlspecialchars_uni($announcement['message']); 1367 1368 $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => ''); 1369 1370 if($mybb->settings['announcementshtml']) 1371 { 1372 if($announcement['allowhtml']) 1373 { 1374 $html_sel['yes'] = ' checked="checked"'; 1375 } 1376 else 1377 { 1378 $html_sel['no'] = ' checked="checked"'; 1379 } 1380 1381 eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";"); 1382 } 1383 else 1384 { 1385 $allow_html = ''; 1386 } 1387 1388 if($announcement['allowmycode']) 1389 { 1390 $mycode_sel['yes'] = ' checked="checked"'; 1391 } 1392 else 1393 { 1394 $mycode_sel['no'] = ' checked="checked"'; 1395 } 1396 1397 if($announcement['allowsmilies']) 1398 { 1399 $smilies_sel['yes'] = ' checked="checked"'; 1400 } 1401 else 1402 { 1403 $smilies_sel['no'] = ' checked="checked"'; 1404 } 1405 1406 $end_type_sel = array('infinite' => '', 'finite' => ''); 1407 if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2) 1408 { 1409 $end_type_sel['infinite'] = ' checked="checked"'; 1410 } 1411 else 1412 { 1413 $end_type_sel['finite'] = ' checked="checked"'; 1414 } 1415 1416 // MyCode editor 1417 $codebuttons = build_mycode_inserter(); 1418 $smilieinserter = build_clickable_smilies(); 1419 1420 if(isset($preview)) 1421 { 1422 $announcementarray = array( 1423 'aid' => 0, 1424 'fid' => $announcement_fid, 1425 'uid' => $mybb->user['uid'], 1426 'subject' => $mybb->input['title'], 1427 'message' => $mybb->input['message'], 1428 'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT), 1429 'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT), 1430 'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT), 1431 'dateline' => TIME_NOW, 1432 'userusername' => $mybb->user['username'], 1433 ); 1434 1435 $array = $mybb->user; 1436 foreach($array as $key => $element) 1437 { 1438 $announcementarray[$key] = $element; 1439 } 1440 1441 // Gather usergroup data from the cache 1442 // Field => Array Key 1443 $data_key = array( 1444 'title' => 'grouptitle', 1445 'usertitle' => 'groupusertitle', 1446 'stars' => 'groupstars', 1447 'starimage' => 'groupstarimage', 1448 'image' => 'groupimage', 1449 'namestyle' => 'namestyle', 1450 'usereputationsystem' => 'usereputationsystem' 1451 ); 1452 1453 foreach($data_key as $field => $key) 1454 { 1455 $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; 1456 } 1457 1458 require_once MYBB_ROOT."inc/functions_post.php"; 1459 $postbit = build_postbit($announcementarray, 3); 1460 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1461 } 1462 else 1463 { 1464 $preview = ''; 1465 } 1466 1467 $plugins->run_hooks("modcp_new_announcement"); 1468 1469 eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";"); 1470 output_page($announcements); 1471 } 1472 1473 if($mybb->input['action'] == "do_edit_announcement") 1474 { 1475 verify_post_check($mybb->get_input('my_post_key')); 1476 1477 if($mybb->usergroup['canmanageannounce'] == 0) 1478 { 1479 error_no_permission(); 1480 } 1481 1482 // Get the announcement 1483 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 1484 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 1485 $announcement = $db->fetch_array($query); 1486 1487 // Check that it exists 1488 if(!$announcement) 1489 { 1490 error($lang->error_invalid_announcement); 1491 } 1492 1493 // Mod has permissions to edit this announcement 1494 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1495 { 1496 error_no_permission(); 1497 } 1498 1499 $errors = array(); 1500 1501 // Basic error checking 1502 $mybb->input['title'] = $mybb->get_input('title'); 1503 if(!trim_blank_chrs($mybb->input['title'])) 1504 { 1505 $errors[] = $lang->error_missing_title; 1506 } 1507 1508 $mybb->input['message'] = $mybb->get_input('message'); 1509 if(!trim_blank_chrs($mybb->input['message'])) 1510 { 1511 $errors[] = $lang->error_missing_message; 1512 } 1513 1514 $mybb->input['starttime_time'] = $mybb->get_input('starttime_time'); 1515 $mybb->input['endtime_time'] = $mybb->get_input('endtime_time'); 1516 $startdate = @explode(" ", $mybb->input['starttime_time']); 1517 $startdate = @explode(":", $startdate[0]); 1518 $enddate = @explode(" ", $mybb->input['endtime_time']); 1519 $enddate = @explode(":", $enddate[0]); 1520 1521 if(stristr($mybb->input['starttime_time'], "pm")) 1522 { 1523 $startdate[0] = 12+$startdate[0]; 1524 if($startdate[0] >= 24) 1525 { 1526 $startdate[0] = "00"; 1527 } 1528 } 1529 1530 if(stristr($mybb->input['endtime_time'], "pm")) 1531 { 1532 $enddate[0] = 12+$enddate[0]; 1533 if($enddate[0] >= 24) 1534 { 1535 $enddate[0] = "00"; 1536 } 1537 } 1538 1539 $mybb->input['starttime_month'] = $mybb->get_input('starttime_month'); 1540 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1541 if(!in_array($mybb->input['starttime_month'], $months)) 1542 { 1543 $mybb->input['starttime_month'] = '01'; 1544 } 1545 1546 $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1547 1548 $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1549 if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false) 1550 { 1551 $errors[] = $lang->error_invalid_start_date; 1552 } 1553 1554 if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2") 1555 { 1556 $enddate = '0'; 1557 $mybb->input['endtime_month'] = '01'; 1558 } 1559 else 1560 { 1561 $mybb->input['endtime_month'] = $mybb->get_input('endtime_month'); 1562 if(!in_array($mybb->input['endtime_month'], $months)) 1563 { 1564 $mybb->input['endtime_month'] = '01'; 1565 } 1566 $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1567 if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false) 1568 { 1569 $errors[] = $lang->error_invalid_end_date; 1570 } 1571 elseif($enddate <= $startdate) 1572 { 1573 $errors[] = $lang->error_end_before_start; 1574 } 1575 } 1576 1577 if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1) 1578 { 1579 $allowhtml = 1; 1580 } 1581 else 1582 { 1583 $allowhtml = 0; 1584 } 1585 if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1) 1586 { 1587 $allowmycode = 1; 1588 } 1589 else 1590 { 1591 $allowmycode = 0; 1592 } 1593 if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1) 1594 { 1595 $allowsmilies = 1; 1596 } 1597 else 1598 { 1599 $allowsmilies = 0; 1600 } 1601 1602 $plugins->run_hooks("modcp_do_edit_announcement_start"); 1603 1604 // Proceed to update if no errors 1605 if(!$errors) 1606 { 1607 if(isset($mybb->input['preview'])) 1608 { 1609 $preview = array(); 1610 $mybb->input['action'] = 'edit_announcement'; 1611 } 1612 else 1613 { 1614 $update_announcement = array( 1615 'uid' => $mybb->user['uid'], 1616 'subject' => $db->escape_string($mybb->input['title']), 1617 'message' => $db->escape_string($mybb->input['message']), 1618 'startdate' => $startdate, 1619 'enddate' => $enddate, 1620 'allowhtml' => $allowhtml, 1621 'allowmycode' => $allowmycode, 1622 'allowsmilies' => $allowsmilies 1623 ); 1624 $db->update_query("announcements", $update_announcement, "aid='{$aid}'"); 1625 1626 log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited); 1627 1628 $plugins->run_hooks("modcp_do_edit_announcement_end"); 1629 1630 $cache->update_forumsdisplay(); 1631 redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement); 1632 } 1633 } 1634 else 1635 { 1636 $mybb->input['action'] = 'edit_announcement'; 1637 } 1638 } 1639 1640 if($mybb->input['action'] == "edit_announcement") 1641 { 1642 if($mybb->usergroup['canmanageannounce'] == 0) 1643 { 1644 error_no_permission(); 1645 } 1646 1647 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 1648 1649 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1650 add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&aid={$aid}"); 1651 1652 // Get announcement 1653 if(!isset($announcement) || $mybb->request_method != 'post') 1654 { 1655 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 1656 $announcement = $db->fetch_array($query); 1657 } 1658 1659 if(!$announcement) 1660 { 1661 error($lang->error_invalid_announcement); 1662 } 1663 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1664 { 1665 error_no_permission(); 1666 } 1667 1668 if(!$announcement['startdate']) 1669 { 1670 // No start date? Make it now. 1671 $announcement['startdate'] = TIME_NOW; 1672 } 1673 1674 $makeshift_end = false; 1675 if(!$announcement['enddate']) 1676 { 1677 $makeshift_end = true; 1678 $makeshift_time = TIME_NOW; 1679 if($announcement['startdate']) 1680 { 1681 $makeshift_time = $announcement['startdate']; 1682 } 1683 1684 // No end date? Make it a year from now. 1685 $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366); 1686 } 1687 1688 // Deal with inline errors 1689 if(!empty($errors) || isset($preview)) 1690 { 1691 if(!empty($errors)) 1692 { 1693 $errors = inline_error($errors); 1694 } 1695 else 1696 { 1697 $errors = ''; 1698 } 1699 1700 // Set $announcement to input stuff 1701 $announcement['subject'] = $mybb->input['title']; 1702 $announcement['message'] = $mybb->input['message']; 1703 $announcement['allowhtml'] = $allowhtml; 1704 $announcement['allowmycode'] = $allowmycode; 1705 $announcement['allowsmilies'] = $allowsmilies; 1706 1707 $startmonth = $mybb->input['starttime_month']; 1708 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1709 $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT); 1710 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1711 $endmonth = $mybb->input['endtime_month']; 1712 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1713 $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT); 1714 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1715 1716 $errored = true; 1717 } 1718 else 1719 { 1720 $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1721 $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1722 1723 $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate); 1724 $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate); 1725 1726 $startday = gmdate('j', $localized_time_startdate); 1727 $endday = gmdate('j', $localized_time_enddate); 1728 1729 $startmonth = gmdate('m', $localized_time_startdate); 1730 $endmonth = gmdate('m', $localized_time_enddate); 1731 1732 $startdateyear = gmdate('Y', $localized_time_startdate); 1733 $enddateyear = gmdate('Y', $localized_time_enddate); 1734 1735 $errored = false; 1736 } 1737 1738 // Generate form elements 1739 $startdateday = $enddateday = ''; 1740 for($day = 1; $day <= 31; ++$day) 1741 { 1742 if($startday == $day) 1743 { 1744 $selected = " selected=\"selected\""; 1745 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1746 } 1747 else 1748 { 1749 $selected = ''; 1750 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1751 } 1752 1753 if($endday == $day) 1754 { 1755 $selected = " selected=\"selected\""; 1756 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1757 } 1758 else 1759 { 1760 $selected = ''; 1761 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1762 } 1763 } 1764 1765 $startmonthsel = $endmonthsel = array(); 1766 foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month) 1767 { 1768 $startmonthsel[$month] = ''; 1769 $endmonthsel[$month] = ''; 1770 } 1771 $startmonthsel[$startmonth] = "selected=\"selected\""; 1772 $endmonthsel[$endmonth] = "selected=\"selected\""; 1773 1774 $startdatemonth = $enddatemonth = ''; 1775 1776 eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";"); 1777 eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";"); 1778 1779 $title = htmlspecialchars_uni($announcement['subject']); 1780 $message = htmlspecialchars_uni($announcement['message']); 1781 1782 $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => ''); 1783 1784 if($mybb->settings['announcementshtml']) 1785 { 1786 if($announcement['allowhtml']) 1787 { 1788 $html_sel['yes'] = ' checked="checked"'; 1789 } 1790 else 1791 { 1792 $html_sel['no'] = ' checked="checked"'; 1793 } 1794 1795 eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";"); 1796 } 1797 else 1798 { 1799 $allow_html = ''; 1800 } 1801 1802 if($announcement['allowmycode']) 1803 { 1804 $mycode_sel['yes'] = ' checked="checked"'; 1805 } 1806 else 1807 { 1808 $mycode_sel['no'] = ' checked="checked"'; 1809 } 1810 1811 if($announcement['allowsmilies']) 1812 { 1813 $smilies_sel['yes'] = ' checked="checked"'; 1814 } 1815 else 1816 { 1817 $smilies_sel['no'] = ' checked="checked"'; 1818 } 1819 1820 $end_type_sel = array('infinite' => '', 'finite' => ''); 1821 if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true) 1822 { 1823 $end_type_sel['infinite'] = ' checked="checked"'; 1824 } 1825 else 1826 { 1827 $end_type_sel['finite'] = ' checked="checked"'; 1828 } 1829 1830 // MyCode editor 1831 $codebuttons = build_mycode_inserter(); 1832 $smilieinserter = build_clickable_smilies(); 1833 1834 if(isset($preview)) 1835 { 1836 $announcementarray = array( 1837 'aid' => $announcement['aid'], 1838 'fid' => $announcement['fid'], 1839 'uid' => $mybb->user['uid'], 1840 'subject' => $mybb->input['title'], 1841 'message' => $mybb->input['message'], 1842 'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT), 1843 'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT), 1844 'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT), 1845 'dateline' => TIME_NOW, 1846 'userusername' => $mybb->user['username'], 1847 ); 1848 1849 $array = $mybb->user; 1850 foreach($array as $key => $element) 1851 { 1852 $announcementarray[$key] = $element; 1853 } 1854 1855 // Gather usergroup data from the cache 1856 // Field => Array Key 1857 $data_key = array( 1858 'title' => 'grouptitle', 1859 'usertitle' => 'groupusertitle', 1860 'stars' => 'groupstars', 1861 'starimage' => 'groupstarimage', 1862 'image' => 'groupimage', 1863 'namestyle' => 'namestyle', 1864 'usereputationsystem' => 'usereputationsystem' 1865 ); 1866 1867 foreach($data_key as $field => $key) 1868 { 1869 $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; 1870 } 1871 1872 require_once MYBB_ROOT."inc/functions_post.php"; 1873 $postbit = build_postbit($announcementarray, 3); 1874 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1875 } 1876 else 1877 { 1878 $preview = ''; 1879 } 1880 1881 $plugins->run_hooks("modcp_edit_announcement"); 1882 1883 eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";"); 1884 output_page($announcements); 1885 } 1886 1887 if($mybb->input['action'] == "announcements") 1888 { 1889 if($mybb->usergroup['canmanageannounce'] == 0) 1890 { 1891 error_no_permission(); 1892 } 1893 1894 if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1) 1895 { 1896 error($lang->you_cannot_manage_announcements); 1897 } 1898 1899 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1900 1901 // Fetch announcements into their proper arrays 1902 $query = $db->simple_select("announcements", "aid, fid, subject, enddate"); 1903 $announcements = $global_announcements = array(); 1904 while($announcement = $db->fetch_array($query)) 1905 { 1906 if($announcement['fid'] == -1) 1907 { 1908 $global_announcements[$announcement['aid']] = $announcement; 1909 continue; 1910 } 1911 $announcements[$announcement['fid']][$announcement['aid']] = $announcement; 1912 } 1913 1914 $announcements_global = ''; 1915 if($mybb->usergroup['issupermod'] == 1) 1916 { 1917 if($global_announcements && $mybb->usergroup['issupermod'] == 1) 1918 { 1919 // Get the global announcements 1920 foreach($global_announcements as $aid => $announcement) 1921 { 1922 $trow = alt_trow(); 1923 if((isset($announcement['startdate']) && $announcement['startdate'] > TIME_NOW) || (isset($announcement['enddate']) && $announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0)) 1924 { 1925 eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";"); 1926 } 1927 else 1928 { 1929 eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";"); 1930 } 1931 1932 $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); 1933 1934 eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";"); 1935 } 1936 } 1937 else 1938 { 1939 // No global announcements 1940 eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";"); 1941 } 1942 eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";"); 1943 } 1944 1945 $announcements_forum = ''; 1946 fetch_forum_announcements(); 1947 1948 if(!$announcements_forum) 1949 { 1950 eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";"); 1951 } 1952 1953 $plugins->run_hooks("modcp_announcements"); 1954 1955 eval("\$announcements = \"".$templates->get("modcp_announcements")."\";"); 1956 output_page($announcements); 1957 } 1958 1959 if($mybb->input['action'] == "do_modqueue") 1960 { 1961 require_once MYBB_ROOT."inc/class_moderation.php"; 1962 $moderation = new Moderation; 1963 1964 // Verify incoming POST request 1965 verify_post_check($mybb->get_input('my_post_key')); 1966 1967 if($mybb->usergroup['canmanagemodqueue'] == 0) 1968 { 1969 error_no_permission(); 1970 } 1971 1972 $plugins->run_hooks("modcp_do_modqueue_start"); 1973 1974 $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY); 1975 $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY); 1976 $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY); 1977 if(!empty($mybb->input['threads'])) 1978 { 1979 $threads = array_map("intval", array_keys($mybb->input['threads'])); 1980 $threads_to_approve = $threads_to_delete = array(); 1981 // Fetch threads 1982 $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}"); 1983 while($thread = $db->fetch_array($query)) 1984 { 1985 if(!isset($mybb->input['threads'][$thread['tid']])) 1986 { 1987 continue; 1988 } 1989 $action = $mybb->input['threads'][$thread['tid']]; 1990 if($action == "approve") 1991 { 1992 $threads_to_approve[] = $thread['tid']; 1993 } 1994 else if($action == "delete") 1995 { 1996 $threads_to_delete[] = $thread['tid']; 1997 } 1998 } 1999 if(!empty($threads_to_approve)) 2000 { 2001 $moderation->approve_threads($threads_to_approve); 2002 log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads); 2003 } 2004 if(!empty($threads_to_delete)) 2005 { 2006 if($mybb->settings['soft_delete'] == 1) 2007 { 2008 $moderation->soft_delete_threads($threads_to_delete); 2009 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads); 2010 } 2011 else 2012 { 2013 foreach($threads_to_delete as $tid) 2014 { 2015 $moderation->delete_thread($tid); 2016 } 2017 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads); 2018 } 2019 } 2020 2021 $plugins->run_hooks("modcp_do_modqueue_end"); 2022 2023 redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated); 2024 } 2025 else if(!empty($mybb->input['posts'])) 2026 { 2027 $posts = array_map("intval", array_keys($mybb->input['posts'])); 2028 // Fetch posts 2029 $posts_to_approve = $posts_to_delete = array(); 2030 $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}"); 2031 while($post = $db->fetch_array($query)) 2032 { 2033 if(!isset($mybb->input['posts'][$post['pid']])) 2034 { 2035 continue; 2036 } 2037 $action = $mybb->input['posts'][$post['pid']]; 2038 if($action == "approve") 2039 { 2040 $posts_to_approve[] = $post['pid']; 2041 } 2042 else if($action == "delete" && $mybb->settings['soft_delete'] != 1) 2043 { 2044 $moderation->delete_post($post['pid']); 2045 } 2046 else if($action == "delete") 2047 { 2048 $posts_to_delete[] = $post['pid']; 2049 } 2050 } 2051 if(!empty($posts_to_approve)) 2052 { 2053 $moderation->approve_posts($posts_to_approve); 2054 log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts); 2055 } 2056 if(!empty($posts_to_delete)) 2057 { 2058 if($mybb->settings['soft_delete'] == 1) 2059 { 2060 $moderation->soft_delete_posts($posts_to_delete); 2061 log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts); 2062 } 2063 else 2064 { 2065 log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts); 2066 } 2067 } 2068 2069 $plugins->run_hooks("modcp_do_modqueue_end"); 2070 2071 redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated); 2072 } 2073 else if(!empty($mybb->input['attachments'])) 2074 { 2075 $attachments = array_map("intval", array_keys($mybb->input['attachments'])); 2076 $query = $db->query(" 2077 SELECT a.pid, a.aid, t.tid 2078 FROM ".TABLE_PREFIX."attachments a 2079 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 2080 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2081 WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach} 2082 "); 2083 while($attachment = $db->fetch_array($query)) 2084 { 2085 if(!isset($mybb->input['attachments'][$attachment['aid']])) 2086 { 2087 continue; 2088 } 2089 $action = $mybb->input['attachments'][$attachment['aid']]; 2090 if($action == "approve") 2091 { 2092 $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'"); 2093 if(isset($attachment['tid'])) 2094 { 2095 update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "+1")); 2096 } 2097 } 2098 else if($action == "delete") 2099 { 2100 remove_attachment($attachment['pid'], '', $attachment['aid']); 2101 if(isset($attachment['tid'])) 2102 { 2103 update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "-1")); 2104 } 2105 } 2106 } 2107 2108 $plugins->run_hooks("modcp_do_modqueue_end"); 2109 2110 redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated); 2111 } 2112 } 2113 2114 if($mybb->input['action'] == "modqueue") 2115 { 2116 $navsep = ''; 2117 2118 if($mybb->usergroup['canmanagemodqueue'] == 0) 2119 { 2120 error_no_permission(); 2121 } 2122 2123 if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) 2124 { 2125 error($lang->you_cannot_use_mod_queue); 2126 } 2127 2128 $mybb->input['type'] = $mybb->get_input('type'); 2129 $threadqueue = $postqueue = $attachmentqueue = ''; 2130 if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)) 2131 { 2132 if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1) 2133 { 2134 error($lang->you_cannot_moderate_threads); 2135 } 2136 2137 $forum_cache = $cache->read("forums"); 2138 2139 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}"); 2140 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 2141 2142 // Figure out if we need to display multiple pages. 2143 if($mybb->get_input('page') != "last") 2144 { 2145 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2146 } 2147 2148 $perpage = $mybb->settings['threadsperpage']; 2149 $pages = $unapproved_threads / $perpage; 2150 $pages = ceil($pages); 2151 2152 if($mybb->get_input('page') == "last") 2153 { 2154 $page = $pages; 2155 } 2156 2157 if($page > $pages || $page <= 0) 2158 { 2159 $page = 1; 2160 } 2161 2162 if($page) 2163 { 2164 $start = ($page-1) * $perpage; 2165 } 2166 else 2167 { 2168 $start = 0; 2169 $page = 1; 2170 } 2171 2172 $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads"); 2173 2174 $query = $db->query(" 2175 SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid 2176 FROM ".TABLE_PREFIX."threads t 2177 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost) 2178 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid) 2179 WHERE t.visible='0' {$tflist_queue_threads} 2180 ORDER BY t.lastpost DESC 2181 LIMIT {$start}, {$perpage} 2182 "); 2183 $threads = ''; 2184 while($thread = $db->fetch_array($query)) 2185 { 2186 $altbg = alt_trow(); 2187 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 2188 $thread['threadlink'] = get_thread_link($thread['tid']); 2189 $forum_link = get_forum_link($thread['fid']); 2190 $forum_name = $forum_cache[$thread['fid']]['name']; 2191 $threaddate = my_date('relative', $thread['dateline']); 2192 2193 if($thread['username'] == "") 2194 { 2195 if($thread['threadusername'] != "") 2196 { 2197 $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']); 2198 $profile_link = $thread['threadusername']; 2199 } 2200 else 2201 { 2202 $profile_link = $lang->guest; 2203 } 2204 } 2205 else 2206 { 2207 $thread['username'] = htmlspecialchars_uni($thread['username']); 2208 $profile_link = build_profile_link($thread['username'], $thread['uid']); 2209 } 2210 2211 $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage'])); 2212 eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";"); 2213 eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";"); 2214 } 2215 2216 if(!$threads && $mybb->input['type'] == "threads") 2217 { 2218 eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";"); 2219 } 2220 2221 if($threads) 2222 { 2223 add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&type=threads"); 2224 2225 $plugins->run_hooks("modcp_modqueue_threads_end"); 2226 2227 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 2228 { 2229 $navsep = " | "; 2230 eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";"); 2231 } 2232 2233 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 2234 { 2235 $navsep = " | "; 2236 eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";"); 2237 } 2238 2239 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2240 eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";"); 2241 output_page($threadqueue); 2242 } 2243 $type = 'threads'; 2244 } 2245 2246 if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1))) 2247 { 2248 if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1) 2249 { 2250 error($lang->you_cannot_moderate_posts); 2251 } 2252 2253 $forum_cache = $cache->read("forums"); 2254 2255 $query = $db->query(" 2256 SELECT COUNT(pid) AS unapprovedposts 2257 FROM ".TABLE_PREFIX."posts p 2258 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2259 WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid 2260 "); 2261 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 2262 2263 // Figure out if we need to display multiple pages. 2264 if($mybb->get_input('page') != "last") 2265 { 2266 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2267 } 2268 2269 $perpage = $mybb->settings['postsperpage']; 2270 $pages = $unapproved_posts / $perpage; 2271 $pages = ceil($pages); 2272 2273 if($mybb->get_input('page') == "last") 2274 { 2275 $page = $pages; 2276 } 2277 2278 if($page > $pages || $page <= 0) 2279 { 2280 $page = 1; 2281 } 2282 2283 if($page) 2284 { 2285 $start = ($page-1) * $perpage; 2286 } 2287 else 2288 { 2289 $start = 0; 2290 $page = 1; 2291 } 2292 2293 $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&type=posts"); 2294 2295 $query = $db->query(" 2296 SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline 2297 FROM ".TABLE_PREFIX."posts p 2298 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2299 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 2300 WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid 2301 ORDER BY p.dateline DESC, p.pid DESC 2302 LIMIT {$start}, {$perpage} 2303 "); 2304 $posts = ''; 2305 while($post = $db->fetch_array($query)) 2306 { 2307 $altbg = alt_trow(); 2308 $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject'])); 2309 $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject'])); 2310 $post['threadlink'] = get_thread_link($post['tid']); 2311 $post['postlink'] = get_post_link($post['pid'], $post['tid']); 2312 $forum_link = get_forum_link($post['fid']); 2313 $forum_name = $forum_cache[$post['fid']]['name']; 2314 $postdate = my_date('relative', $post['dateline']); 2315 2316 if($post['username'] == "") 2317 { 2318 if($post['postusername'] != "") 2319 { 2320 $post['postusername'] = htmlspecialchars_uni($post['postusername']); 2321 $profile_link = $post['postusername']; 2322 } 2323 else 2324 { 2325 $profile_link = $lang->guest; 2326 } 2327 } 2328 else 2329 { 2330 $post['username'] = htmlspecialchars_uni($post['username']); 2331 $profile_link = build_profile_link($post['username'], $post['uid']); 2332 } 2333 2334 eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";"); 2335 eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";"); 2336 $post['message'] = nl2br(htmlspecialchars_uni($post['message'])); 2337 eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";"); 2338 } 2339 2340 if(!$posts && $mybb->input['type'] == "posts") 2341 { 2342 eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";"); 2343 } 2344 2345 if($posts) 2346 { 2347 add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&type=posts"); 2348 2349 $plugins->run_hooks("modcp_modqueue_posts_end"); 2350 2351 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 2352 { 2353 $navsep = " | "; 2354 eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";"); 2355 } 2356 2357 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 2358 { 2359 $navsep = " | "; 2360 eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";"); 2361 } 2362 2363 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2364 eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";"); 2365 output_page($postqueue); 2366 } 2367 } 2368 2369 if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))) 2370 { 2371 if($mybb->settings['enableattachments'] == 0) 2372 { 2373 error($lang->attachments_disabled); 2374 } 2375 2376 if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) 2377 { 2378 error($lang->you_cannot_moderate_attachments); 2379 } 2380 2381 $query = $db->query(" 2382 SELECT COUNT(aid) AS unapprovedattachments 2383 FROM ".TABLE_PREFIX."attachments a 2384 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 2385 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2386 WHERE a.visible='0'{$tflist_queue_attach} 2387 "); 2388 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 2389 2390 // Figure out if we need to display multiple pages. 2391 if($mybb->get_input('page') != "last") 2392 { 2393 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2394 } 2395 2396 $perpage = $mybb->settings['postsperpage']; 2397 $pages = $unapproved_attachments / $perpage; 2398 $pages = ceil($pages); 2399 2400 if($mybb->get_input('page') == "last") 2401 { 2402 $page = $pages; 2403 } 2404 2405 if($page > $pages || $page <= 0) 2406 { 2407 $page = 1; 2408 } 2409 2410 if($page) 2411 { 2412 $start = ($page-1) * $perpage; 2413 } 2414 else 2415 { 2416 $start = 0; 2417 $page = 1; 2418 } 2419 2420 $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&type=attachments"); 2421 2422 $query = $db->query(" 2423 SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject 2424 FROM ".TABLE_PREFIX."attachments a 2425 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 2426 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2427 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 2428 WHERE a.visible='0'{$tflist_queue_attach} 2429 ORDER BY a.dateuploaded DESC 2430 LIMIT {$start}, {$perpage} 2431 "); 2432 $attachments = ''; 2433 while($attachment = $db->fetch_array($query)) 2434 { 2435 $altbg = alt_trow(); 2436 2437 if(!$attachment['dateuploaded']) 2438 { 2439 $attachment['dateuploaded'] = $attachment['dateline']; 2440 } 2441 2442 $attachdate = my_date('relative', $attachment['dateuploaded']); 2443 2444 $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject'])); 2445 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 2446 $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject'])); 2447 $attachment['filesize'] = get_friendly_size($attachment['filesize']); 2448 2449 $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}"; 2450 $thread_link = get_thread_link($attachment['tid']); 2451 $attachment['username'] = htmlspecialchars_uni($attachment['username']); 2452 $profile_link = build_profile_link($attachment['username'], $attachment['uid']); 2453 2454 eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";"); 2455 } 2456 2457 if(!$attachments && $mybb->input['type'] == "attachments") 2458 { 2459 eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";"); 2460 } 2461 2462 if($attachments) 2463 { 2464 add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&type=attachments"); 2465 2466 $plugins->run_hooks("modcp_modqueue_attachments_end"); 2467 2468 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 2469 { 2470 eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";"); 2471 $navsep = " | "; 2472 } 2473 2474 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 2475 { 2476 eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";"); 2477 $navsep = " | "; 2478 } 2479 2480 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2481 eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";"); 2482 output_page($attachmentqueue); 2483 } 2484 } 2485 2486 // Still nothing? All queues are empty! :-D 2487 if(!$threadqueue && !$postqueue && !$attachmentqueue) 2488 { 2489 add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue"); 2490 2491 $plugins->run_hooks("modcp_modqueue_end"); 2492 2493 eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";"); 2494 output_page($queue); 2495 } 2496 } 2497 2498 if($mybb->input['action'] == "do_editprofile") 2499 { 2500 // Verify incoming POST request 2501 verify_post_check($mybb->get_input('my_post_key')); 2502 2503 if($mybb->usergroup['caneditprofiles'] == 0) 2504 { 2505 error_no_permission(); 2506 } 2507 2508 $user = get_user($mybb->input['uid']); 2509 if(!$user) 2510 { 2511 error($lang->error_nomember); 2512 } 2513 2514 // Check if the current user has permission to edit this user 2515 if(!modcp_can_manage_user($user['uid'])) 2516 { 2517 error_no_permission(); 2518 } 2519 2520 $plugins->run_hooks("modcp_do_editprofile_start"); 2521 2522 if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0) 2523 { 2524 $awaydate = TIME_NOW; 2525 if(!empty($mybb->input['awayday'])) 2526 { 2527 // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year 2528 if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT)) 2529 { 2530 $mybb->input['awaymonth'] = my_date('n', $awaydate); 2531 } 2532 if(!$mybb->get_input('awayyear', MyBB::INPUT_INT)) 2533 { 2534 $mybb->input['awayyear'] = my_date('Y', $awaydate); 2535 } 2536 2537 $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2); 2538 $return_day = (int)substr($mybb->get_input('awayday'), 0, 2); 2539 $return_year = min((int)$mybb->get_input('awayyear'), 9999); 2540 2541 // Check if return date is after the away date. 2542 $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year); 2543 $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate)); 2544 if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate))) 2545 { 2546 error($lang->error_modcp_return_date_past); 2547 } 2548 2549 $returndate = "{$return_day}-{$return_month}-{$return_year}"; 2550 } 2551 else 2552 { 2553 $returndate = ""; 2554 } 2555 $away = array( 2556 "away" => 1, 2557 "date" => $awaydate, 2558 "returndate" => $returndate, 2559 "awayreason" => $mybb->get_input('awayreason') 2560 ); 2561 } 2562 else 2563 { 2564 $away = array( 2565 "away" => 0, 2566 "date" => '', 2567 "returndate" => '', 2568 "awayreason" => '' 2569 ); 2570 } 2571 2572 // Set up user handler. 2573 require_once MYBB_ROOT."inc/datahandlers/user.php"; 2574 $userhandler = new UserDataHandler('update'); 2575 2576 // Set the data for the new user. 2577 $updated_user = array( 2578 "uid" => $user['uid'], 2579 "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY), 2580 "profile_fields_editable" => true, 2581 "website" => $mybb->get_input('website'), 2582 "signature" => $mybb->get_input('signature'), 2583 "usernotes" => $mybb->get_input('usernotes'), 2584 "away" => $away 2585 ); 2586 2587 $updated_user['birthday'] = array( 2588 "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT), 2589 "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT), 2590 "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT) 2591 ); 2592 2593 if(!empty($mybb->input['usertitle'])) 2594 { 2595 $updated_user['usertitle'] = $mybb->get_input('usertitle'); 2596 } 2597 else if(!empty($mybb->input['reverttitle'])) 2598 { 2599 $updated_user['usertitle'] = ''; 2600 } 2601 2602 if(!empty($mybb->input['remove_avatar'])) 2603 { 2604 $updated_user['avatarurl'] = ''; 2605 } 2606 2607 // Set the data of the user in the datahandler. 2608 $userhandler->set_data($updated_user); 2609 $errors = array(); 2610 2611 // Validate the user and get any errors that might have occurred. 2612 if(!$userhandler->validate_user()) 2613 { 2614 $errors = $userhandler->get_friendly_errors(); 2615 $mybb->input['action'] = "editprofile"; 2616 } 2617 else 2618 { 2619 // Are we removing an avatar from this user? 2620 if(!empty($mybb->input['remove_avatar'])) 2621 { 2622 $extra_user_updates = array( 2623 "avatar" => "", 2624 "avatardimensions" => "", 2625 "avatartype" => "" 2626 ); 2627 remove_avatars($user['uid']); 2628 } 2629 2630 // Moderator "Options" (suspend signature, suspend/moderate posting) 2631 $moderator_options = array( 2632 1 => array( 2633 "action" => "suspendsignature", // The moderator action we're performing 2634 "period" => "action_period", // The time period we've selected from the dropdown box 2635 "time" => "action_time", // The time we've entered 2636 "update_field" => "suspendsignature", // The field in the database to update if true 2637 "update_length" => "suspendsigtime" // The length of suspension field in the database 2638 ), 2639 2 => array( 2640 "action" => "moderateposting", 2641 "period" => "modpost_period", 2642 "time" => "modpost_time", 2643 "update_field" => "moderateposts", 2644 "update_length" => "moderationtime" 2645 ), 2646 3 => array( 2647 "action" => "suspendposting", 2648 "period" => "suspost_period", 2649 "time" => "suspost_time", 2650 "update_field" => "suspendposting", 2651 "update_length" => "suspensiontime" 2652 ) 2653 ); 2654 2655 require_once MYBB_ROOT."inc/functions_warnings.php"; 2656 foreach($moderator_options as $option) 2657 { 2658 ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT); 2659 $mybb->input[$option['period']] = $mybb->get_input($option['period']); 2660 if(empty($mybb->input[$option['action']])) 2661 { 2662 if($user[$option['update_field']] == 1) 2663 { 2664 // We're revoking the suspension 2665 $extra_user_updates[$option['update_field']] = 0; 2666 $extra_user_updates[$option['update_length']] = 0; 2667 } 2668 2669 // Skip this option if we haven't selected it 2670 continue; 2671 } 2672 2673 else 2674 { 2675 if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1) 2676 { 2677 // User has selected a type of ban, but not entered a valid time frame 2678 $string = $option['action']."_error"; 2679 $errors[] = $lang->$string; 2680 } 2681 else 2682 { 2683 $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]); 2684 2685 if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never")) 2686 { 2687 // We already have a suspension, but entered a new time 2688 if($suspend_length == "-1") 2689 { 2690 // Permanent ban on action 2691 $extra_user_updates[$option['update_length']] = 0; 2692 } 2693 elseif($suspend_length && $suspend_length != "-1") 2694 { 2695 // Temporary ban on action 2696 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 2697 } 2698 } 2699 elseif(!$user[$option['update_field']]) 2700 { 2701 // New suspension for this user... bad user! 2702 $extra_user_updates[$option['update_field']] = 1; 2703 if($suspend_length == "-1") 2704 { 2705 $extra_user_updates[$option['update_length']] = 0; 2706 } 2707 else 2708 { 2709 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 2710 } 2711 } 2712 } 2713 } 2714 } 2715 2716 // Those with javascript turned off will be able to select both - cheeky! 2717 // Check to make sure we're not moderating AND suspending posting 2718 if(isset($extra_user_updates) && !empty($extra_user_updates['moderateposts']) && !empty($extra_user_updates['suspendposting'])) 2719 { 2720 $errors[] = $lang->suspendmoderate_error; 2721 } 2722 2723 if(is_array($errors) && !empty($errors)) 2724 { 2725 $mybb->input['action'] = "editprofile"; 2726 } 2727 else 2728 { 2729 $plugins->run_hooks("modcp_do_editprofile_update"); 2730 2731 // Continue with the update if there is no errors 2732 $user_info = $userhandler->update_user(); 2733 if(!empty($extra_user_updates)) 2734 { 2735 $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'"); 2736 } 2737 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user); 2738 2739 $plugins->run_hooks("modcp_do_editprofile_end"); 2740 2741 redirect("modcp.php?action=finduser", $lang->redirect_user_updated); 2742 } 2743 } 2744 } 2745 2746 if($mybb->input['action'] == "editprofile") 2747 { 2748 if($mybb->usergroup['caneditprofiles'] == 0) 2749 { 2750 error_no_permission(); 2751 } 2752 2753 add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile"); 2754 2755 $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); 2756 if(!$user) 2757 { 2758 error($lang->error_nomember); 2759 } 2760 2761 // Check if the current user has permission to edit this user 2762 if(!modcp_can_manage_user($user['uid'])) 2763 { 2764 error_no_permission(); 2765 } 2766 2767 $userperms = user_permissions($user['uid']); 2768 2769 // Set display group 2770 $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image"); 2771 2772 if(!$user['displaygroup']) 2773 { 2774 $user['displaygroup'] = $user['usergroup']; 2775 } 2776 2777 $display_group = usergroup_displaygroup($user['displaygroup']); 2778 if(is_array($display_group)) 2779 { 2780 $userperms = array_merge($userperms, $display_group); 2781 } 2782 2783 if(!my_validate_url($user['website'])) 2784 { 2785 $user['website'] = ''; 2786 } 2787 2788 if(!$errors) 2789 { 2790 $mybb->input = array_merge($user, $mybb->input); 2791 $birthday = explode('-', $user['birthday']); 2792 if(!isset($birthday[1])) 2793 { 2794 $birthday[1] = ''; 2795 } 2796 if(!isset($birthday[2])) 2797 { 2798 $birthday[2] = ''; 2799 } 2800 list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday; 2801 } 2802 else 2803 { 2804 $errors = inline_error($errors); 2805 } 2806 2807 // Sanitize all input 2808 foreach(array('usertitle', 'website', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field) 2809 { 2810 $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 2811 } 2812 2813 // Custom user title 2814 if(!empty($userperms['usertitle'])) 2815 { 2816 $defaulttitle = htmlspecialchars_uni($userperms['usertitle']); 2817 } 2818 else 2819 { 2820 // Go for post count title if a group default isn't set 2821 $usertitles = $cache->read('usertitles'); 2822 2823 foreach($usertitles as $title) 2824 { 2825 if($title['posts'] <= $user['postnum']) 2826 { 2827 $defaulttitle = htmlspecialchars_uni($title['title']); 2828 break; 2829 } 2830 } 2831 } 2832 2833 $user['usertitle'] = htmlspecialchars_uni($user['usertitle']); 2834 2835 if(empty($user['usertitle'])) 2836 { 2837 $lang->current_custom_usertitle = ''; 2838 } 2839 2840 $bdaydaysel = $selected = ''; 2841 for($day = 1; $day <= 31; ++$day) 2842 { 2843 if($mybb->input['birthday_day'] == $day) 2844 { 2845 $selected = "selected=\"selected\""; 2846 } 2847 else 2848 { 2849 $selected = ''; 2850 } 2851 2852 eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";"); 2853 } 2854 2855 $bdaymonthsel = array(); 2856 foreach(range(1, 12) as $month) 2857 { 2858 $bdaymonthsel[$month] = ''; 2859 } 2860 $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"'; 2861 2862 $awaysection = ''; 2863 2864 if($mybb->settings['allowaway'] != 0) 2865 { 2866 $awaycheck = array('', ''); 2867 if($errors) 2868 { 2869 if($user['away'] == 1) 2870 { 2871 $awaycheck[1] = "checked=\"checked\""; 2872 } 2873 else 2874 { 2875 $awaycheck[0] = "checked=\"checked\""; 2876 } 2877 $returndate = array(); 2878 $returndate[0] = $mybb->get_input('awayday'); 2879 $returndate[1] = $mybb->get_input('awaymonth'); 2880 $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT); 2881 $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason')); 2882 } 2883 else 2884 { 2885 $user['awayreason'] = htmlspecialchars_uni($user['awayreason']); 2886 if($user['away'] == 1) 2887 { 2888 $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']); 2889 $awaycheck[1] = "checked=\"checked\""; 2890 $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate); 2891 } 2892 else 2893 { 2894 $awaynotice = $lang->away_notice; 2895 $awaycheck[0] = "checked=\"checked\""; 2896 } 2897 $returndate = explode("-", $user['returndate']); 2898 } 2899 $returndatesel = $selected = ''; 2900 for($day = 1; $day <= 31; ++$day) 2901 { 2902 if($returndate[0] == $day) 2903 { 2904 $selected = "selected=\"selected\""; 2905 } 2906 else 2907 { 2908 $selected = ''; 2909 } 2910 2911 eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";"); 2912 } 2913 2914 $returndatemonthsel = array(); 2915 foreach(range(1, 12) as $month) 2916 { 2917 $returndatemonthsel[$month] = ''; 2918 } 2919 if(isset($returndate[1])) 2920 { 2921 $returndatemonthsel[$returndate[1]] = " selected=\"selected\""; 2922 } 2923 2924 if(!isset($returndate[2])) 2925 { 2926 $returndate[2] = ''; 2927 } 2928 2929 eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";"); 2930 } 2931 2932 $plugins->run_hooks("modcp_editprofile_start"); 2933 2934 // Fetch profile fields 2935 $user_fields = array(); 2936 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 2937 if($db->num_rows($query) > 0) 2938 { 2939 $user_fields = $db->fetch_array($query); 2940 } 2941 2942 $requiredfields = ''; 2943 $customfields = ''; 2944 $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY); 2945 2946 $pfcache = $cache->read('profilefields'); 2947 2948 if(is_array($pfcache)) 2949 { 2950 foreach($pfcache as $profilefield) 2951 { 2952 $userfield = $code = $select = $val = $options = $expoptions = $useropts = ''; 2953 $seloptions = array(); 2954 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 2955 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 2956 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 2957 $thing = explode("\n", $profilefield['type'], "2"); 2958 $type = $thing[0]; 2959 if(isset($thing[1])) 2960 { 2961 $options = $thing[1]; 2962 } 2963 $field = "fid{$profilefield['fid']}"; 2964 if($errors) 2965 { 2966 if(isset($mybb->input['profile_fields'][$field])) 2967 { 2968 $userfield = $mybb->input['profile_fields'][$field]; 2969 } 2970 } 2971 elseif(isset($user_fields[$field])) 2972 { 2973 $userfield = $user_fields[$field]; 2974 } 2975 if($type == "multiselect") 2976 { 2977 if($errors) 2978 { 2979 $useropts = $userfield; 2980 } 2981 else 2982 { 2983 $useropts = explode("\n", $userfield); 2984 } 2985 if(is_array($useropts)) 2986 { 2987 foreach($useropts as $key => $val) 2988 { 2989 $seloptions[$val] = $val; 2990 } 2991 } 2992 $expoptions = explode("\n", $options); 2993 if(is_array($expoptions)) 2994 { 2995 foreach($expoptions as $key => $val) 2996 { 2997 $val = trim($val); 2998 $val = str_replace("\n", "\\n", $val); 2999 3000 $sel = ""; 3001 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 3002 { 3003 $sel = " selected=\"selected\""; 3004 } 3005 3006 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 3007 } 3008 if(!$profilefield['length']) 3009 { 3010 $profilefield['length'] = 3; 3011 } 3012 3013 eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";"); 3014 } 3015 } 3016 elseif($type == "select") 3017 { 3018 $expoptions = explode("\n", $options); 3019 if(is_array($expoptions)) 3020 { 3021 foreach($expoptions as $key => $val) 3022 { 3023 $val = trim($val); 3024 $val = str_replace("\n", "\\n", $val); 3025 $sel = ""; 3026 if($val == $userfield) 3027 { 3028 $sel = " selected=\"selected\""; 3029 } 3030 3031 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 3032 } 3033 if(!$profilefield['length']) 3034 { 3035 $profilefield['length'] = 1; 3036 } 3037 3038 eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";"); 3039 } 3040 } 3041 elseif($type == "radio") 3042 { 3043 $expoptions = explode("\n", $options); 3044 if(is_array($expoptions)) 3045 { 3046 foreach($expoptions as $key => $val) 3047 { 3048 $checked = ""; 3049 if($val == $userfield) 3050 { 3051 $checked = " checked=\"checked\""; 3052 } 3053 3054 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";"); 3055 } 3056 } 3057 } 3058 elseif($type == "checkbox") 3059 { 3060 if($errors) 3061 { 3062 $useropts = $userfield; 3063 } 3064 else 3065 { 3066 $useropts = explode("\n", $userfield); 3067 } 3068 if(is_array($useropts)) 3069 { 3070 foreach($useropts as $key => $val) 3071 { 3072 $seloptions[$val] = $val; 3073 } 3074 } 3075 $expoptions = explode("\n", $options); 3076 if(is_array($expoptions)) 3077 { 3078 foreach($expoptions as $key => $val) 3079 { 3080 $checked = ""; 3081 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 3082 { 3083 $checked = " checked=\"checked\""; 3084 } 3085 3086 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";"); 3087 } 3088 } 3089 } 3090 elseif($type == "textarea") 3091 { 3092 $value = htmlspecialchars_uni($userfield); 3093 eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";"); 3094 } 3095 else 3096 { 3097 $value = htmlspecialchars_uni($userfield); 3098 $maxlength = ""; 3099 if($profilefield['maxlength'] > 0) 3100 { 3101 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 3102 } 3103 3104 eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";"); 3105 } 3106 3107 if($profilefield['required'] == 1) 3108 { 3109 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 3110 } 3111 else 3112 { 3113 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 3114 } 3115 $altbg = alt_trow(); 3116 } 3117 } 3118 if($customfields) 3119 { 3120 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 3121 } 3122 3123 $user['username'] = htmlspecialchars_uni($user['username']); 3124 $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']); 3125 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3126 3127 $user['signature'] = htmlspecialchars_uni($user['signature']); 3128 $codebuttons = build_mycode_inserter("signature"); 3129 3130 // Do we mark the suspend signature box? 3131 if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors))) 3132 { 3133 $checked = 1; 3134 $checked_item = "checked=\"checked\""; 3135 } 3136 else 3137 { 3138 $checked = 0; 3139 $checked_item = ''; 3140 } 3141 3142 // Do we mark the moderate posts box? 3143 if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors))) 3144 { 3145 $modpost_check = 1; 3146 $modpost_checked = "checked=\"checked\""; 3147 } 3148 else 3149 { 3150 $modpost_check = 0; 3151 $modpost_checked = ''; 3152 } 3153 3154 // Do we mark the suspend posts box? 3155 if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors))) 3156 { 3157 $suspost_check = 1; 3158 $suspost_checked = "checked=\"checked\""; 3159 } 3160 else 3161 { 3162 $suspost_check = 0; 3163 $suspost_checked = ''; 3164 } 3165 3166 $moderator_options = array( 3167 1 => array( 3168 "action" => "suspendsignature", // The input action for this option 3169 "option" => "suspendsignature", // The field in the database that this option relates to 3170 "time" => "action_time", // The time we've entered 3171 "length" => "suspendsigtime", // The length of suspension field in the database 3172 "select_option" => "action" // The name of the select box of this option 3173 ), 3174 2 => array( 3175 "action" => "moderateposting", 3176 "option" => "moderateposts", 3177 "time" => "modpost_time", 3178 "length" => "moderationtime", 3179 "select_option" => "modpost" 3180 ), 3181 3 => array( 3182 "action" => "suspendposting", 3183 "option" => "suspendposting", 3184 "time" => "suspost_time", 3185 "length" => "suspensiontime", 3186 "select_option" => "suspost" 3187 ) 3188 ); 3189 3190 $periods = array( 3191 "hours" => $lang->expire_hours, 3192 "days" => $lang->expire_days, 3193 "weeks" => $lang->expire_weeks, 3194 "months" => $lang->expire_months, 3195 "never" => $lang->expire_permanent 3196 ); 3197 3198 $suspendsignature_info = $moderateposts_info = $suspendposting_info = ''; 3199 $action_options = $modpost_options = $suspost_options = ''; 3200 $modopts = array(); 3201 foreach($moderator_options as $option) 3202 { 3203 ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT); 3204 // Display the suspension info, if this user has this option suspended 3205 if($user[$option['option']]) 3206 { 3207 if($user[$option['length']] == 0) 3208 { 3209 // User has a permanent ban 3210 $string = $option['option']."_perm"; 3211 $suspension_info = $lang->$string; 3212 } 3213 else 3214 { 3215 // User has a temporary (or limited) ban 3216 $string = $option['option']."_for"; 3217 $for_date = my_date('relative', $user[$option['length']], '', 2); 3218 $suspension_info = $lang->sprintf($lang->$string, $for_date); 3219 } 3220 3221 switch($option['option']) 3222 { 3223 case "suspendsignature": 3224 eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3225 break; 3226 case "moderateposts": 3227 eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3228 break; 3229 case "suspendposting": 3230 eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3231 break; 3232 } 3233 } 3234 3235 // Generate the boxes for this option 3236 $selection_options = ''; 3237 foreach($periods as $key => $value) 3238 { 3239 $string = $option['select_option']."_period"; 3240 if($mybb->get_input($string) == $key) 3241 { 3242 $selected = "selected=\"selected\""; 3243 } 3244 else 3245 { 3246 $selected = ''; 3247 } 3248 3249 eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";"); 3250 } 3251 3252 $select_name = $option['select_option']."_period"; 3253 switch($option['option']) 3254 { 3255 case "suspendsignature": 3256 eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3257 break; 3258 case "moderateposts": 3259 eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3260 break; 3261 case "suspendposting": 3262 eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3263 break; 3264 } 3265 } 3266 3267 eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";"); 3268 3269 $user['usernotes'] = htmlspecialchars_uni($user['usernotes']); 3270 3271 if(!isset($newtitle)) 3272 { 3273 $newtitle = ''; 3274 } 3275 3276 $birthday_year = $mybb->input['birthday_year']; 3277 $user_website = $mybb->input['website']; 3278 3279 $plugins->run_hooks("modcp_editprofile_end"); 3280 3281 eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";"); 3282 output_page($edituser); 3283 } 3284 3285 if($mybb->input['action'] == "finduser") 3286 { 3287 if($mybb->usergroup['caneditprofiles'] == 0) 3288 { 3289 error_no_permission(); 3290 } 3291 3292 add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser"); 3293 3294 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 3295 if(!$perpage || $perpage <= 0) 3296 { 3297 $perpage = $mybb->settings['threadsperpage']; 3298 } 3299 $where = ''; 3300 3301 if(isset($mybb->input['username'])) 3302 { 3303 switch($db->type) 3304 { 3305 case 'mysql': 3306 case 'mysqli': 3307 $field = 'username'; 3308 break; 3309 default: 3310 $field = 'LOWER(username)'; 3311 break; 3312 } 3313 $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'"; 3314 } 3315 3316 // Sort order & direction 3317 switch($mybb->get_input('sortby')) 3318 { 3319 case "lastvisit": 3320 $sortby = "lastvisit"; 3321 break; 3322 case "postnum": 3323 $sortby = "postnum"; 3324 break; 3325 case "username": 3326 $sortby = "username"; 3327 break; 3328 default: 3329 $sortby = "regdate"; 3330 } 3331 $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => ''); 3332 $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\""; 3333 $order = $mybb->get_input('order'); 3334 if($order != "asc") 3335 { 3336 $order = "desc"; 3337 } 3338 $ordersel = array('asc' => '', 'desc' => ''); 3339 $ordersel[$order] = " selected=\"selected\""; 3340 3341 $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}"); 3342 $user_count = $db->fetch_field($query, "count"); 3343 3344 // Figure out if we need to display multiple pages. 3345 if($mybb->get_input('page') != "last") 3346 { 3347 $page = $mybb->get_input('page'); 3348 } 3349 3350 $pages = $user_count / $perpage; 3351 $pages = ceil($pages); 3352 3353 if($mybb->get_input('page') == "last") 3354 { 3355 $page = $pages; 3356 } 3357 3358 if($page > $pages || $page <= 0) 3359 { 3360 $page = 1; 3361 } 3362 if($page) 3363 { 3364 $start = ($page-1) * $perpage; 3365 } 3366 else 3367 { 3368 $start = 0; 3369 $page = 1; 3370 } 3371 3372 $page_url = 'modcp.php?action=finduser'; 3373 foreach(array('username', 'sortby', 'order') as $field) 3374 { 3375 if(!empty($mybb->input[$field])) 3376 { 3377 $page_url .= "&{$field}=".$mybb->input[$field]; 3378 } 3379 } 3380 3381 $multipage = multipage($user_count, $perpage, $page, $page_url); 3382 3383 $usergroups_cache = $cache->read("usergroups"); 3384 3385 $plugins->run_hooks("modcp_finduser_start"); 3386 3387 // Fetch out results 3388 $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start)); 3389 $users = ''; 3390 while($user = $db->fetch_array($query)) 3391 { 3392 $alt_row = alt_trow(); 3393 $user['username'] = htmlspecialchars_uni($user['username']); 3394 $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 3395 $user['postnum'] = my_number_format($user['postnum']); 3396 $regdate = my_date('relative', $user['regdate']); 3397 3398 if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid']) 3399 { 3400 // We have had at least some active time, hide it instead 3401 $lastdate = $lang->lastvisit_hidden; 3402 } 3403 else if($user['lastvisit']) 3404 { 3405 $lastdate = my_date('relative', $user['lastvisit']); 3406 } 3407 else 3408 { 3409 $lastdate = $lang->lastvisit_never; 3410 } 3411 3412 $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']); 3413 eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";"); 3414 } 3415 3416 // No results? 3417 if(!$users) 3418 { 3419 eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";"); 3420 } 3421 3422 $plugins->run_hooks("modcp_finduser_end"); 3423 3424 $username = htmlspecialchars_uni($mybb->get_input('username')); 3425 eval("\$finduser = \"".$templates->get("modcp_finduser")."\";"); 3426 output_page($finduser); 3427 } 3428 3429 if($mybb->input['action'] == "warninglogs") 3430 { 3431 if($mybb->usergroup['canviewwarnlogs'] == 0) 3432 { 3433 error_no_permission(); 3434 } 3435 3436 add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs"); 3437 3438 // Filter options 3439 $where_sql = ''; 3440 $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY); 3441 $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY); 3442 if(!empty($mybb->input['filter']['username'])) 3443 { 3444 $search_user = get_user_by_username($mybb->input['filter']['username']); 3445 3446 $mybb->input['filter']['uid'] = (int)$search_user['uid']; 3447 $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']); 3448 } 3449 else 3450 { 3451 $mybb->input['filter']['username'] = ''; 3452 } 3453 if(!empty($mybb->input['filter']['uid'])) 3454 { 3455 $search['uid'] = (int)$mybb->input['filter']['uid']; 3456 $where_sql .= " AND w.uid='{$search['uid']}'"; 3457 if(!isset($mybb->input['search']['username'])) 3458 { 3459 $user = get_user($mybb->input['search']['uid']); 3460 $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']); 3461 } 3462 } 3463 else 3464 { 3465 $mybb->input['filter']['uid'] = ''; 3466 } 3467 if(!empty($mybb->input['filter']['mod_username'])) 3468 { 3469 $mod_user = get_user_by_username($mybb->input['filter']['mod_username']); 3470 3471 $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid']; 3472 $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']); 3473 } 3474 else 3475 { 3476 $mybb->input['filter']['mod_username'] = ''; 3477 } 3478 if(!empty($mybb->input['filter']['mod_uid'])) 3479 { 3480 $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid']; 3481 $where_sql .= " AND w.issuedby='{$search['mod_uid']}'"; 3482 if(!isset($mybb->input['search']['mod_username'])) 3483 { 3484 $mod_user = get_user($mybb->input['search']['uid']); 3485 $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']); 3486 } 3487 } 3488 else 3489 { 3490 $mybb->input['filter']['mod_uid'] = ''; 3491 } 3492 if(!empty($mybb->input['filter']['reason'])) 3493 { 3494 $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']); 3495 $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')"; 3496 $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']); 3497 } 3498 else 3499 { 3500 $mybb->input['filter']['reason'] = ''; 3501 } 3502 $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => ''); 3503 if(!isset($mybb->input['filter']['sortby'])) 3504 { 3505 $mybb->input['filter']['sortby'] = ''; 3506 } 3507 switch($mybb->input['filter']['sortby']) 3508 { 3509 case "username": 3510 $sortby = "u.username"; 3511 $sortbysel['username'] = ' selected="selected"'; 3512 break; 3513 case "expires": 3514 $sortby = "w.expires"; 3515 $sortbysel['expires'] = ' selected="selected"'; 3516 break; 3517 case "issuedby": 3518 $sortby = "i.username"; 3519 $sortbysel['issuedby'] = ' selected="selected"'; 3520 break; 3521 default: // "dateline" 3522 $sortby = "w.dateline"; 3523 $sortbysel['dateline'] = ' selected="selected"'; 3524 } 3525 if(!isset($mybb->input['filter']['order'])) 3526 { 3527 $mybb->input['filter']['order'] = ''; 3528 } 3529 $order = $mybb->input['filter']['order']; 3530 $ordersel = array('asc' => '', 'desc' => ''); 3531 if($order != "asc") 3532 { 3533 $order = "desc"; 3534 $ordersel['desc'] = ' selected="selected"'; 3535 } 3536 else 3537 { 3538 $ordersel['asc'] = ' selected="selected"'; 3539 } 3540 3541 $plugins->run_hooks("modcp_warninglogs_start"); 3542 3543 // Pagination stuff 3544 $sql = " 3545 SELECT COUNT(wid) as count 3546 FROM 3547 ".TABLE_PREFIX."warnings w 3548 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 3549 WHERE 1=1 3550 {$where_sql} 3551 "; 3552 $query = $db->query($sql); 3553 $total_warnings = $db->fetch_field($query, 'count'); 3554 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3555 if($page <= 0) 3556 { 3557 $page = 1; 3558 } 3559 $per_page = 20; 3560 if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0) 3561 { 3562 $per_page = (int)$mybb->input['filter']['per_page']; 3563 } 3564 $start = ($page-1) * $per_page; 3565 $pages = ceil($total_warnings / $per_page); 3566 if($page > $pages) 3567 { 3568 $start = 0; 3569 $page = 1; 3570 } 3571 // Build the base URL for pagination links 3572 $url = 'modcp.php?action=warninglogs'; 3573 if(is_array($mybb->input['filter']) && count($mybb->input['filter'])) 3574 { 3575 foreach($mybb->input['filter'] as $field => $value) 3576 { 3577 $value = urlencode($value); 3578 $url .= "&filter[{$field}]={$value}"; 3579 } 3580 } 3581 $multipage = multipage($total_warnings, $per_page, $page, $url); 3582 3583 // The actual query 3584 $sql = " 3585 SELECT 3586 w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby, 3587 t.title, 3588 u.uid, u.username, u.usergroup, u.displaygroup, 3589 i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup 3590 FROM ".TABLE_PREFIX."warnings w 3591 LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid) 3592 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 3593 LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby) 3594 WHERE 1=1 3595 {$where_sql} 3596 ORDER BY {$sortby} {$order} 3597 LIMIT {$start}, {$per_page} 3598 "; 3599 $query = $db->query($sql); 3600 3601 3602 $warning_list = ''; 3603 while($row = $db->fetch_array($query)) 3604 { 3605 $trow = alt_trow(); 3606 $row['username'] = htmlspecialchars_uni($row['username']); 3607 $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']); 3608 $username_link = build_profile_link($username, $row['uid']); 3609 $row['mod_username'] = htmlspecialchars_uni($row['mod_username']); 3610 $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']); 3611 $mod_username_link = build_profile_link($mod_username, $row['mod_uid']); 3612 $issued_date = my_date('normal', $row['dateline']); 3613 $revoked_text = ''; 3614 if($row['daterevoked'] > 0) 3615 { 3616 $revoked_date = my_date('relative', $row['daterevoked']); 3617 eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";"); 3618 } 3619 if($row['expires'] > 0) 3620 { 3621 $expire_date = nice_time($row['expires']-TIME_NOW); 3622 } 3623 else 3624 { 3625 $expire_date = $lang->never; 3626 } 3627 $title = $row['title']; 3628 if(empty($row['title'])) 3629 { 3630 $title = $row['custom_title']; 3631 } 3632 $title = htmlspecialchars_uni($title); 3633 if($row['points'] >= 0) 3634 { 3635 $points = '+'.$row['points']; 3636 } 3637 3638 eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";"); 3639 } 3640 3641 if(!$warning_list) 3642 { 3643 eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";"); 3644 } 3645 3646 $plugins->run_hooks("modcp_warninglogs_end"); 3647 3648 $filter_username = $mybb->input['filter']['username']; 3649 $filter_modusername = $mybb->input['filter']['mod_username']; 3650 $filter_reason = $mybb->input['filter']['reason']; 3651 3652 eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";"); 3653 output_page($warninglogs); 3654 } 3655 3656 if($mybb->input['action'] == "ipsearch") 3657 { 3658 if($mybb->usergroup['canuseipsearch'] == 0) 3659 { 3660 error_no_permission(); 3661 } 3662 3663 add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch"); 3664 3665 $ipsearch_results = $ipaddressvalue = ''; 3666 $mybb->input['ipaddress'] = $mybb->get_input('ipaddress'); 3667 if($mybb->input['ipaddress']) 3668 { 3669 if(!is_array($groupscache)) 3670 { 3671 $groupscache = $cache->read("usergroups"); 3672 } 3673 3674 $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']); 3675 3676 $ip_range = fetch_ip_range($mybb->input['ipaddress']); 3677 3678 $post_results = $user_results = 0; 3679 3680 // Searching post IP addresses 3681 if(isset($mybb->input['search_posts'])) 3682 { 3683 $post_ip_sql = ''; 3684 if($ip_range) 3685 { 3686 if(!is_array($ip_range)) 3687 { 3688 $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range); 3689 } 3690 else 3691 { 3692 $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]); 3693 } 3694 } 3695 3696 $plugins->run_hooks("modcp_ipsearch_posts_start"); 3697 3698 if($post_ip_sql) 3699 { 3700 $where_sql = ''; 3701 3702 $unviewable_forums = get_unviewable_forums(true); 3703 3704 if($unviewable_forums) 3705 { 3706 $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})"; 3707 } 3708 3709 if($inactiveforums) 3710 { 3711 $where_sql .= " AND p.fid NOT IN ({$inactiveforums})"; 3712 } 3713 3714 // Check group permissions if we can't view threads not started by us 3715 $onlyusfids = array(); 3716 $group_permissions = forum_permissions(); 3717 foreach($group_permissions as $fid => $forumpermissions) 3718 { 3719 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1) 3720 { 3721 $onlyusfids[] = $fid; 3722 } 3723 } 3724 3725 if(!empty($onlyusfids)) 3726 { 3727 $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 3728 } 3729 3730 // Moderators can view unapproved/deleted posts 3731 if($mybb->usergroup['issupermod'] != 1) 3732 { 3733 $unapprove_forums = array(); 3734 $deleted_forums = array(); 3735 $visible_sql = " AND (p.visible = 1 AND t.visible = 1)"; 3736 $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')"); 3737 while($moderator = $db->fetch_array($query)) 3738 { 3739 if($moderator['canviewunapprove'] == 1) 3740 { 3741 $unapprove_forums[] = $moderator['fid']; 3742 } 3743 3744 if($moderator['canviewdeleted'] == 1) 3745 { 3746 $deleted_forums[] = $moderator['fid']; 3747 } 3748 } 3749 3750 if(!empty($unapprove_forums)) 3751 { 3752 $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))"; 3753 } 3754 if(!empty($deleted_forums)) 3755 { 3756 $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))"; 3757 } 3758 } 3759 else 3760 { 3761 // Super moderators (and admins) 3762 $visible_sql = " AND p.visible >= -1"; 3763 } 3764 3765 $query = $db->query(" 3766 SELECT COUNT(p.pid) AS count 3767 FROM ".TABLE_PREFIX."posts p 3768 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid) 3769 WHERE {$post_ip_sql}{$where_sql}{$visible_sql} 3770 "); 3771 $post_results = $db->fetch_field($query, "count"); 3772 } 3773 } 3774 3775 // Searching user IP addresses 3776 if(isset($mybb->input['search_users'])) 3777 { 3778 $user_ip_sql = ''; 3779 if($ip_range) 3780 { 3781 if(!is_array($ip_range)) 3782 { 3783 $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range); 3784 } 3785 else 3786 { 3787 $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]); 3788 } 3789 } 3790 3791 $plugins->run_hooks("modcp_ipsearch_users_start"); 3792 3793 if($user_ip_sql) 3794 { 3795 $query = $db->simple_select('users', 'COUNT(uid) AS count', $user_ip_sql); 3796 3797 $user_results = $db->fetch_field($query, "count"); 3798 } 3799 } 3800 3801 $total_results = $post_results+$user_results; 3802 3803 if(!$total_results) 3804 { 3805 $total_results = 1; 3806 } 3807 3808 // Now we have the result counts, paginate 3809 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 3810 if(!$perpage || $perpage <= 0) 3811 { 3812 $perpage = $mybb->settings['threadsperpage']; 3813 } 3814 3815 // Figure out if we need to display multiple pages. 3816 if($mybb->get_input('page') != "last") 3817 { 3818 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3819 } 3820 3821 $pages = $total_results / $perpage; 3822 $pages = ceil($pages); 3823 3824 if($mybb->get_input('page') == "last") 3825 { 3826 $page = $pages; 3827 } 3828 3829 if($page > $pages || $page <= 0) 3830 { 3831 $page = 1; 3832 } 3833 3834 if($page) 3835 { 3836 $start = ($page-1) * $perpage; 3837 } 3838 else 3839 { 3840 $start = 0; 3841 $page = 1; 3842 } 3843 3844 $page_url = "modcp.php?action=ipsearch&perpage={$perpage}"; 3845 foreach(array('ipaddress', 'search_users', 'search_posts') as $input) 3846 { 3847 if(!empty($mybb->input[$input])) 3848 { 3849 $page_url .= "&{$input}=".urlencode($mybb->input[$input]); 3850 } 3851 } 3852 $multipage = multipage($total_results, $perpage, $page, $page_url); 3853 3854 $post_limit = $perpage; 3855 $results = ''; 3856 if(isset($mybb->input['search_users']) && $user_results && $start <= $user_results) 3857 { 3858 $query = $db->simple_select('users', 'username, uid, regip, lastip', $user_ip_sql, 3859 array('order_by' => 'regdate', 'order_dir' => 'DESC', 'limit_start' => $start, 'limit' => $perpage)); 3860 3861 while($ipaddress = $db->fetch_array($query)) 3862 { 3863 $result = false; 3864 $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']); 3865 $profile_link = build_profile_link($ipaddress['username'], $ipaddress['uid']); 3866 $trow = alt_trow(); 3867 $ip = false; 3868 if(is_array($ip_range)) 3869 { 3870 if(strcmp($ip_range[0], $ipaddress['regip']) <= 0 && strcmp($ip_range[1], $ipaddress['regip']) >= 0) 3871 { 3872 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";"); 3873 $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip'])); 3874 } 3875 elseif(strcmp($ip_range[0], $ipaddress['lastip']) <= 0 && strcmp($ip_range[1], $ipaddress['lastip']) >= 0) 3876 { 3877 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";"); 3878 $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip'])); 3879 } 3880 } 3881 elseif($ipaddress['regip'] == $ip_range) 3882 { 3883 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";"); 3884 $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip'])); 3885 } 3886 elseif($ipaddress['lastip'] == $ip_range) 3887 { 3888 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";"); 3889 $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip'])); 3890 } 3891 if($ip) 3892 { 3893 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 3894 $result = true; 3895 } 3896 if($result) 3897 { 3898 --$post_limit; 3899 } 3900 } 3901 } 3902 $post_start = 0; 3903 if($total_results > $user_results && $post_limit) 3904 { 3905 $post_start = $start-$user_results; 3906 if($post_start < 0) 3907 { 3908 $post_start = 0; 3909 } 3910 } 3911 if(isset($mybb->input['search_posts']) && $post_results && (!isset($mybb->input['search_users']) || (isset($mybb->input['search_users']) && $post_limit > 0))) 3912 { 3913 $ipaddresses = $tids = $uids = array(); 3914 3915 $query = $db->query(" 3916 SELECT p.username AS postusername, p.uid, p.subject, p.pid, p.tid, p.ipaddress 3917 FROM ".TABLE_PREFIX."posts p 3918 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid) 3919 WHERE {$post_ip_sql}{$where_sql}{$visible_sql} 3920 ORDER BY p.dateline DESC, p.pid DESC 3921 LIMIT {$post_start}, {$post_limit} 3922 "); 3923 while($ipaddress = $db->fetch_array($query)) 3924 { 3925 $tids[$ipaddress['tid']] = $ipaddress['pid']; 3926 $uids[$ipaddress['uid']] = $ipaddress['pid']; 3927 $ipaddresses[$ipaddress['pid']] = $ipaddress; 3928 } 3929 3930 if(!empty($ipaddresses)) 3931 { 3932 $query = $db->simple_select("threads", "subject, tid", "tid IN(".implode(',', array_keys($tids)).")"); 3933 while($thread = $db->fetch_array($query)) 3934 { 3935 $ipaddresses[$tids[$thread['tid']]]['threadsubject'] = $thread['subject']; 3936 } 3937 unset($tids); 3938 3939 $query = $db->simple_select("users", "username, uid", "uid IN(".implode(',', array_keys($uids)).")"); 3940 while($user = $db->fetch_array($query)) 3941 { 3942 $ipaddresses[$uids[$user['uid']]]['username'] = $user['username']; 3943 } 3944 unset($uids); 3945 3946 foreach($ipaddresses as $ipaddress) 3947 { 3948 $ip = my_inet_ntop($db->unescape_binary($ipaddress['ipaddress'])); 3949 if(empty($ipaddress['username'])) 3950 { 3951 $ipaddress['username'] = $ipaddress['postusername']; // Guest username support 3952 } 3953 $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']); 3954 $trow = alt_trow(); 3955 if(empty($ipaddress['subject'])) 3956 { 3957 $ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}"; 3958 } 3959 3960 $ipaddress['postlink'] = get_post_link($ipaddress['pid'], $ipaddress['tid']); 3961 $ipaddress['subject'] = htmlspecialchars_uni($parser->parse_badwords($ipaddress['subject'])); 3962 $ipaddress['profilelink'] = build_profile_link($ipaddress['username'], $ipaddress['uid']); 3963 3964 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_post")."\";"); 3965 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 3966 } 3967 } 3968 } 3969 3970 if(!$results) 3971 { 3972 eval("\$results = \"".$templates->get("modcp_ipsearch_noresults")."\";"); 3973 } 3974 3975 if($ipaddressvalue) 3976 { 3977 $lang->ipsearch_results = $lang->sprintf($lang->ipsearch_results, $ipaddressvalue); 3978 } 3979 else 3980 { 3981 $lang->ipsearch_results = $lang->ipsearch; 3982 } 3983 3984 $ipaddress = $ipaddress_url = $misc_info_link = ''; 3985 if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], "/")) 3986 { 3987 $ipaddress = htmlspecialchars_uni($mybb->input['ipaddress']); 3988 $ipaddress_url = urlencode($mybb->input['ipaddress']); 3989 eval("\$misc_info_link = \"".$templates->get("modcp_ipsearch_results_information")."\";"); 3990 } 3991 3992 eval("\$ipsearch_results = \"".$templates->get("modcp_ipsearch_results")."\";"); 3993 } 3994 3995 // Fetch filter options 3996 if(!$mybb->input['ipaddress']) 3997 { 3998 $mybb->input['search_posts'] = 1; 3999 $mybb->input['search_users'] = 1; 4000 } 4001 $usersearchselect = $postsearchselect = ''; 4002 if(isset($mybb->input['search_posts'])) 4003 { 4004 $postsearchselect = "checked=\"checked\""; 4005 } 4006 if(isset($mybb->input['search_users'])) 4007 { 4008 $usersearchselect = "checked=\"checked\""; 4009 } 4010 4011 $plugins->run_hooks("modcp_ipsearch_end"); 4012 4013 eval("\$ipsearch = \"".$templates->get("modcp_ipsearch")."\";"); 4014 output_page($ipsearch); 4015 } 4016 4017 if($mybb->input['action'] == "iplookup") 4018 { 4019 if($mybb->usergroup['canuseipsearch'] == 0) 4020 { 4021 error_no_permission(); 4022 } 4023 4024 $mybb->input['ipaddress'] = $mybb->get_input('ipaddress'); 4025 $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress'])); 4026 $ipaddress_location = $lang->na; 4027 $ipaddress_host_name = $lang->na; 4028 $modcp_ipsearch_misc_info = ''; 4029 if(!strstr($mybb->input['ipaddress'], "*")) 4030 { 4031 // Return GeoIP information if it is available to us 4032 if(function_exists('geoip_record_by_name')) 4033 { 4034 $ip_record = @geoip_record_by_name($mybb->input['ipaddress']); 4035 if($ip_record) 4036 { 4037 $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name'])); 4038 if($ip_record['city']) 4039 { 4040 $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city'])); 4041 } 4042 } 4043 } 4044 4045 $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress'])); 4046 4047 // gethostbyaddr returns the same ip on failure 4048 if($ipaddress_host_name == $mybb->input['ipaddress']) 4049 { 4050 $ipaddress_host_name = $lang->na; 4051 } 4052 } 4053 4054 $plugins->run_hooks("modcp_iplookup_end"); 4055 4056 eval("\$iplookup = \"".$templates->get('modcp_ipsearch_misc_info', 1, 0)."\";"); 4057 echo($iplookup); 4058 exit; 4059 } 4060 4061 if($mybb->input['action'] == "banning") 4062 { 4063 if($mybb->usergroup['canbanusers'] == 0) 4064 { 4065 error_no_permission(); 4066 } 4067 4068 add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning"); 4069 4070 if(!$mybb->settings['threadsperpage']) 4071 { 4072 $mybb->settings['threadsperpage'] = 20; 4073 } 4074 4075 // Figure out if we need to display multiple pages. 4076 $perpage = $mybb->settings['threadsperpage']; 4077 if($mybb->get_input('page') != "last") 4078 { 4079 $page = $mybb->get_input('page', MyBB::INPUT_INT); 4080 } 4081 4082 $query = $db->simple_select("banned", "COUNT(uid) AS count"); 4083 $banned_count = $db->fetch_field($query, "count"); 4084 4085 $postcount = (int)$banned_count; 4086 $pages = $postcount / $perpage; 4087 $pages = ceil($pages); 4088 4089 if($mybb->get_input('page') == "last") 4090 { 4091 $page = $pages; 4092 } 4093 4094 if($page > $pages || $page <= 0) 4095 { 4096 $page = 1; 4097 } 4098 4099 if($page) 4100 { 4101 $start = ($page-1) * $perpage; 4102 } 4103 else 4104 { 4105 $start = 0; 4106 $page = 1; 4107 } 4108 $upper = $start+$perpage; 4109 4110 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=banning"); 4111 4112 $plugins->run_hooks("modcp_banning_start"); 4113 4114 $query = $db->query(" 4115 SELECT b.*, a.username AS adminuser, u.username 4116 FROM ".TABLE_PREFIX."banned b 4117 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 4118 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 4119 ORDER BY dateline DESC 4120 LIMIT {$start}, {$perpage} 4121 "); 4122 4123 // Get the banned users 4124 $bannedusers = ''; 4125 while($banned = $db->fetch_array($query)) 4126 { 4127 $banned['username'] = htmlspecialchars_uni($banned['username']); 4128 $profile_link = build_profile_link($banned['username'], $banned['uid']); 4129 4130 // Only show the edit & lift links if current user created ban, or is super mod/admin 4131 $edit_link = ''; 4132 if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) 4133 { 4134 eval("\$edit_link = \"".$templates->get("modcp_banning_edit")."\";"); 4135 } 4136 4137 $admin_profile = build_profile_link(htmlspecialchars_uni($banned['adminuser']), $banned['admin']); 4138 4139 $trow = alt_trow(); 4140 4141 if($banned['reason']) 4142 { 4143 $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason'])); 4144 } 4145 else 4146 { 4147 $banned['reason'] = $lang->na; 4148 } 4149 4150 if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---') 4151 { 4152 $banlength = $lang->permanent; 4153 $timeremaining = $lang->na; 4154 } 4155 else 4156 { 4157 $banlength = $bantimes[$banned['bantime']]; 4158 $remaining = $banned['lifted']-TIME_NOW; 4159 4160 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 4161 4162 $banned_class = ''; 4163 $ban_remaining = "{$timeremaining} {$lang->ban_remaining}"; 4164 4165 if($remaining <= 0) 4166 { 4167 $banned_class = "imminent_banned"; 4168 $ban_remaining = $lang->ban_ending_imminently; 4169 } 4170 if($remaining < 3600) 4171 { 4172 $banned_class = "high_banned"; 4173 } 4174 else if($remaining < 86400) 4175 { 4176 $banned_class = "moderate_banned"; 4177 } 4178 else if($remaining < 604800) 4179 { 4180 $banned_class = "low_banned"; 4181 } 4182 else 4183 { 4184 $banned_class = "normal_banned"; 4185 } 4186 4187 eval('$timeremaining = "'.$templates->get('modcp_banning_remaining').'";'); 4188 } 4189 4190 eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";"); 4191 } 4192 4193 if(!$bannedusers) 4194 { 4195 eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";"); 4196 } 4197 4198 $plugins->run_hooks("modcp_banning"); 4199 4200 eval("\$bannedpage = \"".$templates->get("modcp_banning")."\";"); 4201 output_page($bannedpage); 4202 } 4203 4204 if($mybb->input['action'] == "liftban") 4205 { 4206 // Verify incoming POST request 4207 verify_post_check($mybb->get_input('my_post_key')); 4208 4209 if($mybb->usergroup['canbanusers'] == 0) 4210 { 4211 error_no_permission(); 4212 } 4213 4214 $query = $db->simple_select("banned", "*", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"); 4215 $ban = $db->fetch_array($query); 4216 4217 if(!$ban) 4218 { 4219 error($lang->error_invalidban); 4220 } 4221 4222 // Permission to edit this ban? 4223 if($mybb->user['uid'] != $ban['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 4224 { 4225 error_no_permission(); 4226 } 4227 4228 $plugins->run_hooks("modcp_liftban_start"); 4229 4230 $query = $db->simple_select("users", "username", "uid = '{$ban['uid']}'"); 4231 $username = $db->fetch_field($query, "username"); 4232 4233 $updated_group = array( 4234 'usergroup' => $ban['oldgroup'], 4235 'additionalgroups' => $db->escape_string($ban['oldadditionalgroups']), 4236 'displaygroup' => $ban['olddisplaygroup'] 4237 ); 4238 $db->update_query("users", $updated_group, "uid='{$ban['uid']}'"); 4239 $db->delete_query("banned", "uid='{$ban['uid']}'"); 4240 4241 $cache->update_moderators(); 4242 4243 $cache->update_awaitingactivation(); 4244 4245 log_moderator_action(array("uid" => $ban['uid'], "username" => $username), $lang->lifted_ban); 4246 4247 $plugins->run_hooks("modcp_liftban_end"); 4248 4249 redirect("modcp.php?action=banning", $lang->redirect_banlifted); 4250 } 4251 4252 if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post") 4253 { 4254 // Verify incoming POST request 4255 verify_post_check($mybb->get_input('my_post_key')); 4256 4257 if($mybb->usergroup['canbanusers'] == 0) 4258 { 4259 error_no_permission(); 4260 } 4261 4262 // Editing an existing ban 4263 $existing_ban = false; 4264 if($mybb->get_input('uid', MyBB::INPUT_INT)) 4265 { 4266 // Get the users info from their uid 4267 $query = $db->query(" 4268 SELECT b.*, u.uid, u.username, u.usergroup, u.additionalgroups, u.displaygroup 4269 FROM ".TABLE_PREFIX."banned b 4270 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 4271 WHERE b.uid='{$mybb->input['uid']}' 4272 "); 4273 $user = $db->fetch_array($query); 4274 4275 if($user) 4276 { 4277 $existing_ban = true; 4278 } 4279 4280 // Permission to edit this ban? 4281 if($existing_ban && $mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 4282 { 4283 error_no_permission(); 4284 } 4285 } 4286 4287 $errors = array(); 4288 4289 // Creating a new ban 4290 if(!$existing_ban) 4291 { 4292 // Get the users info from their Username 4293 $options = array( 4294 'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup') 4295 ); 4296 4297 $user = get_user_by_username($mybb->input['username'], $options); 4298 4299 if(!$user) 4300 { 4301 $errors[] = $lang->invalid_username; 4302 } 4303 } 4304 4305 if($user['uid'] == $mybb->user['uid']) 4306 { 4307 $errors[] = $lang->error_cannotbanself; 4308 } 4309 4310 // Have permissions to ban this user? 4311 if(!modcp_can_manage_user($user['uid'])) 4312 { 4313 $errors[] = $lang->error_cannotbanuser; 4314 } 4315 4316 // Check for an incoming reason 4317 if(empty($mybb->input['banreason'])) 4318 { 4319 $errors[] = $lang->error_nobanreason; 4320 } 4321 4322 // Check banned group 4323 $usergroups_cache = $cache->read('usergroups'); 4324 if(isset($usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)])) 4325 { 4326 $usergroup = $usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)]; 4327 } 4328 4329 if(!isset($usergroup) || empty($usergroup['isbannedgroup'])) 4330 { 4331 $errors[] = $lang->error_nobangroup; 4332 } 4333 4334 // If this is a new ban, we check the user isn't already part of a banned group 4335 if(!$existing_ban && $user['uid']) 4336 { 4337 $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'", array('limit' => 1)); 4338 if($db->num_rows($query) > 0) 4339 { 4340 $errors[] = $lang->error_useralreadybanned; 4341 } 4342 } 4343 4344 $plugins->run_hooks("modcp_do_banuser_start"); 4345 4346 // Still no errors? Ban the user 4347 if(!$errors) 4348 { 4349 // Ban the user 4350 if($mybb->get_input('liftafter') == '---') 4351 { 4352 $lifted = 0; 4353 } 4354 else 4355 { 4356 if(!isset($user['dateline'])) 4357 { 4358 $user['dateline'] = 0; 4359 } 4360 $lifted = ban_date2timestamp($mybb->get_input('liftafter'), $user['dateline']); 4361 } 4362 4363 $banreason = my_substr($mybb->get_input('banreason'), 0, 255); 4364 4365 if($existing_ban) 4366 { 4367 $update_array = array( 4368 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 4369 'dateline' => TIME_NOW, 4370 'bantime' => $db->escape_string($mybb->get_input('liftafter')), 4371 'lifted' => $db->escape_string($lifted), 4372 'reason' => $db->escape_string($banreason) 4373 ); 4374 4375 $db->update_query('banned', $update_array, "uid='{$user['uid']}'"); 4376 } 4377 else 4378 { 4379 $insert_array = array( 4380 'uid' => $user['uid'], 4381 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 4382 'oldgroup' => (int)$user['usergroup'], 4383 'oldadditionalgroups' => $db->escape_string($user['additionalgroups']), 4384 'olddisplaygroup' => (int)$user['displaygroup'], 4385 'admin' => (int)$mybb->user['uid'], 4386 'dateline' => TIME_NOW, 4387 'bantime' => $db->escape_string($mybb->get_input('liftafter')), 4388 'lifted' => $db->escape_string($lifted), 4389 'reason' => $db->escape_string($banreason) 4390 ); 4391 4392 $db->insert_query('banned', $insert_array); 4393 } 4394 4395 // Move the user to the banned group 4396 $update_array = array( 4397 'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 4398 'displaygroup' => 0, 4399 'additionalgroups' => '', 4400 ); 4401 $db->update_query('users', $update_array, "uid = {$user['uid']}"); 4402 4403 // Log edit or add ban 4404 if($existing_ban) 4405 { 4406 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user_ban); 4407 } 4408 else 4409 { 4410 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user); 4411 } 4412 4413 $plugins->run_hooks("modcp_do_banuser_end"); 4414 4415 $cache->update_awaitingactivation(); 4416 4417 if($existing_ban) 4418 { 4419 redirect("modcp.php?action=banning", $lang->redirect_banuser_updated); 4420 } 4421 else 4422 { 4423 redirect("modcp.php?action=banning", $lang->redirect_banuser); 4424 } 4425 } 4426 // Otherwise has errors, throw back to ban page 4427 else 4428 { 4429 $mybb->input['action'] = "banuser"; 4430 } 4431 } 4432 4433 if($mybb->input['action'] == "banuser") 4434 { 4435 add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning"); 4436 4437 if($mybb->usergroup['canbanusers'] == 0) 4438 { 4439 error_no_permission(); 4440 } 4441 4442 $mybb->input['uid'] = $mybb->get_input('uid', MyBB::INPUT_INT); 4443 if($mybb->input['uid']) 4444 { 4445 add_breadcrumb($lang->mcp_nav_editing_ban); 4446 } 4447 else 4448 { 4449 add_breadcrumb($lang->mcp_nav_ban_user); 4450 } 4451 4452 $plugins->run_hooks("modcp_banuser_start"); 4453 4454 $banuser_username = ''; 4455 $banreason = ''; 4456 4457 // If incoming user ID, we are editing a ban 4458 if($mybb->input['uid']) 4459 { 4460 $query = $db->query(" 4461 SELECT b.*, u.username, u.uid 4462 FROM ".TABLE_PREFIX."banned b 4463 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 4464 WHERE b.uid='{$mybb->input['uid']}' 4465 "); 4466 $banned = $db->fetch_array($query); 4467 if(!empty($banned['username'])) 4468 { 4469 $username = $banned['username'] = htmlspecialchars_uni($banned['username']); 4470 $banreason = htmlspecialchars_uni($banned['reason']); 4471 $uid = $mybb->input['uid']; 4472 $user = get_user($banned['uid']); 4473 $lang->ban_user = $lang->edit_ban; // Swap over lang variables 4474 eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";"); 4475 } 4476 } 4477 4478 // Permission to edit this ban? 4479 if(!empty($banned) && $banned['uid'] && $mybb->user['uid'] != $banned['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 4480 { 4481 error_no_permission(); 4482 } 4483 4484 // New ban! 4485 if(!$banuser_username) 4486 { 4487 if($mybb->input['uid']) 4488 { 4489 $user = get_user($mybb->input['uid']); 4490 $user['username'] = htmlspecialchars_uni($user['username']); 4491 $username = $user['username']; 4492 } 4493 else 4494 { 4495 $username = htmlspecialchars_uni($mybb->get_input('username')); 4496 } 4497 eval("\$banuser_username = \"".$templates->get("modcp_banuser_addusername")."\";"); 4498 } 4499 4500 // Coming back to this page from an error? 4501 if($errors) 4502 { 4503 $errors = inline_error($errors); 4504 $banned = array( 4505 "bantime" => $mybb->get_input('liftafter'), 4506 "reason" => $mybb->get_input('reason'), 4507 "gid" => $mybb->get_input('gid', MyBB::INPUT_INT) 4508 ); 4509 $banreason = htmlspecialchars_uni($mybb->get_input('banreason')); 4510 } 4511 4512 // Generate the banned times dropdown 4513 $liftlist = ''; 4514 foreach($bantimes as $time => $title) 4515 { 4516 $selected = ''; 4517 if(isset($banned['bantime']) && $banned['bantime'] == $time) 4518 { 4519 $selected = " selected=\"selected\""; 4520 } 4521 4522 $thattime = ''; 4523 if($time != '---') 4524 { 4525 $dateline = TIME_NOW; 4526 if(isset($banned['dateline'])) 4527 { 4528 $dateline = $banned['dateline']; 4529 } 4530 4531 $thatime = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time, $dateline)); 4532 $thattime = " ({$thatime})"; 4533 } 4534 4535 eval("\$liftlist .= \"".$templates->get("modcp_banuser_liftlist")."\";"); 4536 } 4537 4538 $bangroup_option = $bangroups = ''; 4539 $numgroups = $banned_group = 0; 4540 $groupscache = $cache->read("usergroups"); 4541 4542 foreach($groupscache as $key => $group) 4543 { 4544 if($group['isbannedgroup']) 4545 { 4546 $selected = ""; 4547 if(isset($banned['gid']) && $banned['gid'] == $group['gid']) 4548 { 4549 $selected = " selected=\"selected\""; 4550 } 4551 4552 $group['title'] = htmlspecialchars_uni($group['title']); 4553 eval("\$bangroup_option .= \"".$templates->get("modcp_banuser_bangroups_group")."\";"); 4554 $banned_group = $group['gid']; 4555 ++$numgroups; 4556 } 4557 } 4558 4559 if($numgroups == 0) 4560 { 4561 error($lang->no_banned_group); 4562 } 4563 elseif($numgroups > 1) 4564 { 4565 eval("\$bangroups = \"".$templates->get("modcp_banuser_bangroups")."\";"); 4566 } 4567 else 4568 { 4569 eval("\$bangroups = \"".$templates->get("modcp_banuser_bangroups_hidden")."\";"); 4570 } 4571 4572 if(!empty($banned['uid'])) 4573 { 4574 eval("\$lift_link = \"".$templates->get("modcp_banuser_lift")."\";"); 4575 $uid = $banned['uid']; 4576 } 4577 else 4578 { 4579 $lift_link = ''; 4580 $uid = 0; 4581 } 4582 4583 $plugins->run_hooks("modcp_banuser_end"); 4584 4585 eval("\$banuser = \"".$templates->get("modcp_banuser")."\";"); 4586 output_page($banuser); 4587 } 4588 4589 if($mybb->input['action'] == "do_modnotes") 4590 { 4591 // Verify incoming POST request 4592 verify_post_check($mybb->get_input('my_post_key')); 4593 4594 $plugins->run_hooks("modcp_do_modnotes_start"); 4595 4596 // Update Moderator Notes cache 4597 $update_cache = array( 4598 "modmessage" => $mybb->get_input('modnotes') 4599 ); 4600 $cache->update("modnotes", $update_cache); 4601 4602 $plugins->run_hooks("modcp_do_modnotes_end"); 4603 4604 redirect("modcp.php", $lang->redirect_modnotes); 4605 } 4606 4607 if(!$mybb->input['action']) 4608 { 4609 $awaitingattachments = $awaitingposts = $awaitingthreads = $awaitingmoderation = ''; 4610 4611 if($mybb->usergroup['canmanagemodqueue'] == 1) 4612 { 4613 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 4614 { 4615 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 4616 { 4617 $bgcolor = "trow1"; 4618 } 4619 else 4620 { 4621 $bgcolor = "trow2"; 4622 } 4623 4624 $query = $db->query(" 4625 SELECT COUNT(aid) AS unapprovedattachments 4626 FROM ".TABLE_PREFIX."attachments a 4627 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 4628 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4629 WHERE a.visible='0' {$tflist} 4630 "); 4631 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 4632 4633 if($unapproved_attachments > 0) 4634 { 4635 $query = $db->query(" 4636 SELECT t.tid, p.pid, p.uid, t.username, a.filename, a.dateuploaded 4637 FROM ".TABLE_PREFIX."attachments a 4638 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 4639 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4640 WHERE a.visible='0' {$tflist} 4641 ORDER BY a.dateuploaded DESC 4642 LIMIT 1 4643 "); 4644 $attachment = $db->fetch_array($query); 4645 $attachment['date'] = my_date('relative', $attachment['dateuploaded']); 4646 $attachment['username'] = htmlspecialchars_uni($attachment['username']); 4647 $attachment['profilelink'] = build_profile_link($attachment['username'], $attachment['uid']); 4648 $attachment['link'] = get_post_link($attachment['pid'], $attachment['tid']); 4649 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 4650 $unapproved_attachments = my_number_format($unapproved_attachments); 4651 4652 eval("\$latest_attachment = \"".$templates->get("modcp_lastattachment")."\";"); 4653 } 4654 else 4655 { 4656 eval("\$latest_attachment = \"".$templates->get("modcp_awaitingmoderation_none")."\";"); 4657 } 4658 4659 eval("\$awaitingattachments = \"".$templates->get("modcp_awaitingattachments")."\";"); 4660 } 4661 4662 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 4663 { 4664 $query = $db->query(" 4665 SELECT COUNT(pid) AS unapprovedposts 4666 FROM ".TABLE_PREFIX."posts p 4667 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4668 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 4669 "); 4670 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 4671 4672 if($unapproved_posts > 0) 4673 { 4674 $query = $db->query(" 4675 SELECT p.pid, p.tid, p.subject, p.uid, p.username, p.dateline 4676 FROM ".TABLE_PREFIX."posts p 4677 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4678 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 4679 ORDER BY p.dateline DESC, p.pid DESC 4680 LIMIT 1 4681 "); 4682 $post = $db->fetch_array($query); 4683 $post['date'] = my_date('relative', $post['dateline']); 4684 $post['username'] = htmlspecialchars_uni($post['username']); 4685 $post['profilelink'] = build_profile_link($post['username'], $post['uid']); 4686 $post['link'] = get_post_link($post['pid'], $post['tid']); 4687 $post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']); 4688 if(my_strlen($post['subject']) > 25) 4689 { 4690 $post['subject'] = my_substr($post['subject'], 0, 25)."..."; 4691 } 4692 $post['subject'] = htmlspecialchars_uni($post['subject']); 4693 $post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']); 4694 $unapproved_posts = my_number_format($unapproved_posts); 4695 4696 eval("\$latest_post = \"".$templates->get("modcp_lastpost")."\";"); 4697 } 4698 else 4699 { 4700 eval("\$latest_post = \"".$templates->get("modcp_awaitingmoderation_none")."\";"); 4701 } 4702 4703 eval("\$awaitingposts = \"".$templates->get("modcp_awaitingposts")."\";"); 4704 } 4705 4706 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 4707 { 4708 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}"); 4709 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 4710 4711 if($unapproved_threads > 0) 4712 { 4713 $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible='0' {$flist_queue_threads}", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => 1)); 4714 $thread = $db->fetch_array($query); 4715 $thread['date'] = my_date('relative', $thread['dateline']); 4716 $thread['username'] = htmlspecialchars_uni($thread['username']); 4717 $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']); 4718 $thread['link'] = get_thread_link($thread['tid']); 4719 $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']); 4720 if(my_strlen($thread['subject']) > 25) 4721 { 4722 $post['subject'] = my_substr($thread['subject'], 0, 25)."..."; 4723 } 4724 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 4725 $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']); 4726 $unapproved_threads = my_number_format($unapproved_threads); 4727 4728 eval("\$latest_thread = \"".$templates->get("modcp_lastthread")."\";"); 4729 } 4730 else 4731 { 4732 eval("\$latest_thread = \"".$templates->get("modcp_awaitingmoderation_none")."\";"); 4733 } 4734 4735 eval("\$awaitingthreads = \"".$templates->get("modcp_awaitingthreads")."\";"); 4736 } 4737 4738 if(!empty($awaitingattachments) || !empty($awaitingposts) || !empty($awaitingthreads)) 4739 { 4740 eval("\$awaitingmoderation = \"".$templates->get("modcp_awaitingmoderation")."\";"); 4741 } 4742 } 4743 4744 $latestfivemodactions = ''; 4745 if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1) 4746 { 4747 $where = ''; 4748 if($tflist_modlog) 4749 { 4750 $where = "WHERE (t.fid <> 0 {$tflist_modlog}) OR (l.fid <> 0)"; 4751 } 4752 4753 $query = $db->query(" 4754 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 4755 FROM ".TABLE_PREFIX."moderatorlog l 4756 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 4757 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 4758 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 4759 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 4760 {$where} 4761 ORDER BY l.dateline DESC 4762 LIMIT 5 4763 "); 4764 4765 $modlogresults = ''; 4766 while($logitem = $db->fetch_array($query)) 4767 { 4768 $information = ''; 4769 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 4770 $log_date = my_date('relative', $logitem['dateline']); 4771 $trow = alt_trow(); 4772 $logitem['username'] = htmlspecialchars_uni($logitem['username']); 4773 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 4774 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 4775 $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress'])); 4776 4777 if($logitem['tsubject']) 4778 { 4779 $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject'])); 4780 $logitem['thread'] = get_thread_link($logitem['tid']); 4781 eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";"); 4782 } 4783 if($logitem['fname']) 4784 { 4785 $logitem['forum'] = get_forum_link($logitem['fid']); 4786 eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";"); 4787 } 4788 if($logitem['psubject']) 4789 { 4790 $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject'])); 4791 $logitem['post'] = get_post_link($logitem['pid']); 4792 eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";"); 4793 } 4794 4795 // Edited a user or managed announcement? 4796 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 4797 { 4798 $data = my_unserialize($logitem['data']); 4799 if(isset($data['uid'])) 4800 { 4801 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 4802 } 4803 if(isset($data['aid'])) 4804 { 4805 $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject'])); 4806 $data['announcement'] = get_announcement_link($data['aid']); 4807 eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";"); 4808 } 4809 } 4810 4811 $plugins->run_hooks("modcp_modlogs_result"); 4812 4813 eval("\$modlogresults .= \"".$templates->get("modcp_modlogs_result")."\";"); 4814 } 4815 4816 if(!$modlogresults) 4817 { 4818 eval("\$modlogresults = \"".$templates->get("modcp_modlogs_nologs")."\";"); 4819 } 4820 4821 eval("\$latestfivemodactions = \"".$templates->get("modcp_latestfivemodactions")."\";"); 4822 } 4823 4824 $query = $db->query(" 4825 SELECT b.*, a.username AS adminuser, u.username 4826 FROM ".TABLE_PREFIX."banned b 4827 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 4828 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 4829 WHERE b.bantime != '---' AND b.bantime != 'perm' 4830 ORDER BY lifted ASC 4831 LIMIT 5 4832 "); 4833 4834 $banned_cache = array(); 4835 while($banned = $db->fetch_array($query)) 4836 { 4837 $banned['remaining'] = $banned['lifted']-TIME_NOW; 4838 $banned_cache[$banned['remaining'].$banned['uid']] = $banned; 4839 4840 unset($banned); 4841 } 4842 4843 // Get the banned users 4844 $bannedusers = ''; 4845 foreach($banned_cache as $banned) 4846 { 4847 $banned['username'] = htmlspecialchars_uni($banned['username']); 4848 $profile_link = build_profile_link($banned['username'], $banned['uid']); 4849 4850 // Only show the edit & lift links if current user created ban, or is super mod/admin 4851 $edit_link = ''; 4852 if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) 4853 { 4854 eval("\$edit_link = \"".$templates->get("modcp_banning_edit")."\";"); 4855 } 4856 4857 $admin_profile = build_profile_link(htmlspecialchars_uni($banned['adminuser']), $banned['admin']); 4858 4859 $trow = alt_trow(); 4860 4861 if($banned['reason']) 4862 { 4863 $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason'])); 4864 } 4865 else 4866 { 4867 $banned['reason'] = $lang->na; 4868 } 4869 4870 if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---') 4871 { 4872 $banlength = $lang->permanent; 4873 $timeremaining = $lang->na; 4874 } 4875 else 4876 { 4877 $banlength = $bantimes[$banned['bantime']]; 4878 $remaining = $banned['remaining']; 4879 4880 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 4881 4882 $banned_class = ''; 4883 $ban_remaining = "{$timeremaining} {$lang->ban_remaining}"; 4884 4885 if($remaining <= 0) 4886 { 4887 $banned_class = "imminent_banned"; 4888 $ban_remaining = $lang->ban_ending_imminently; 4889 } 4890 else if($remaining < 3600) 4891 { 4892 $banned_class = "high_banned"; 4893 } 4894 else if($remaining < 86400) 4895 { 4896 $banned_class = "moderate_banned"; 4897 } 4898 else if($remaining < 604800) 4899 { 4900 $banned_class = "low_banned"; 4901 } 4902 else 4903 { 4904 $banned_class = "normal_banned"; 4905 } 4906 4907 eval('$timeremaining = "'.$templates->get('modcp_banning_remaining').'";'); 4908 } 4909 4910 eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";"); 4911 } 4912 4913 if(!$bannedusers) 4914 { 4915 eval("\$bannedusers = \"".$templates->get("modcp_nobanned")."\";"); 4916 } 4917 4918 $modnotes = ''; 4919 $modnotes_cache = $cache->read("modnotes"); 4920 if($modnotes_cache !== false) 4921 { 4922 $modnotes = htmlspecialchars_uni($modnotes_cache['modmessage']); 4923 } 4924 4925 $plugins->run_hooks("modcp_end"); 4926 4927 eval("\$modcp = \"".$templates->get("modcp")."\";"); 4928 output_page($modcp); 4929 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |