[ Index ]

PHP Cross Reference of MyBB 1.8.27

title

Body

[close]

/ -> modcp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'modcp.php');
  13  
  14  $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation";
  15  $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview";
  16  $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning";
  17  $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info";
  18  $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts";
  19  $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist";
  20  $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link";
  21  $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link";
  22  $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away";
  23  $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link";
  24  $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete";
  25  $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread";
  26  $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active";
  27  $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text";
  28  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit";
  29  $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/functions_upload.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  require_once  MYBB_ROOT."inc/class_parser.php";
  36  $parser = new postParser;
  37  
  38  // Set up the array of ban times.
  39  $bantimes = fetch_ban_times();
  40  
  41  // Load global language phrases
  42  $lang->load("modcp");
  43  $lang->load("announcements");
  44  
  45  if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
  46  {
  47      error_no_permission();
  48  }
  49  
  50  if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
  51  {
  52      $mybb->settings['threadsperpage'] = 20;
  53  }
  54  
  55  $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach =
  56  $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = '';
  57  // SQL for fetching items only related to forums this user moderates
  58  $moderated_forums = array();
  59  $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  60  if($mybb->usergroup['issupermod'] != 1)
  61  {
  62      $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')");
  63      while($forum = $db->fetch_array($query))
  64      {
  65          $moderated_forums[] = $forum['fid'];
  66          $children = get_child_list($forum['fid']);
  67          if(is_array($children))
  68          {
  69              $moderated_forums = array_merge($moderated_forums, $children);
  70          }
  71      }
  72      $moderated_forums = array_unique($moderated_forums);
  73  
  74      $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  75      foreach($moderated_forums as $moderated_forum)
  76      {
  77          // For Announcements
  78          if(is_moderator($moderated_forum, 'canmanageannouncements'))
  79          {
  80              ++$numannouncements;
  81          }
  82  
  83          // For the Mod Queues
  84          if(is_moderator($moderated_forum, 'canapproveunapprovethreads'))
  85          {
  86              $flist_queue_threads .= ",'{$moderated_forum}'";
  87              ++$nummodqueuethreads;
  88          }
  89  
  90          if(is_moderator($moderated_forum, 'canapproveunapproveposts'))
  91          {
  92              $flist_queue_posts .= ",'{$moderated_forum}'";
  93              ++$nummodqueueposts;
  94          }
  95  
  96          if(is_moderator($moderated_forum, 'canapproveunapproveattachs'))
  97          {
  98              $flist_queue_attach .= ",'{$moderated_forum}'";
  99              ++$nummodqueueattach;
 100          }
 101  
 102          // For Reported posts
 103          if(is_moderator($moderated_forum, 'canmanagereportedposts'))
 104          {
 105              $flist_reports .= ",'{$moderated_forum}'";
 106              ++$numreportedposts;
 107          }
 108  
 109          // For the Mod Log
 110          if(is_moderator($moderated_forum, 'canviewmodlog'))
 111          {
 112              $flist_modlog .= ",'{$moderated_forum}'";
 113              ++$nummodlogs;
 114          }
 115  
 116          $flist .= ",'{$moderated_forum}'";
 117      }
 118      if($flist_queue_threads)
 119      {
 120          $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})";
 121          $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})";
 122      }
 123      if($flist_queue_posts)
 124      {
 125          $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})";
 126          $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})";
 127      }
 128      if($flist_queue_attach)
 129      {
 130          $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})";
 131          $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})";
 132      }
 133      if($flist_reports)
 134      {
 135          $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})";
 136          $tflist_reports = " AND r.id3 IN (0{$flist_reports})";
 137          $flist_reports = " AND id3 IN (0{$flist_reports})";
 138      }
 139      if($flist_modlog)
 140      {
 141          $tflist_modlog = " AND t.fid IN (0{$flist_modlog})";
 142          $flist_modlog = " AND fid IN (0{$flist_modlog})";
 143      }
 144      if($flist)
 145      {
 146          $tflist = " AND t.fid IN (0{$flist})";
 147          $flist = " AND fid IN (0{$flist})";
 148      }
 149  }
 150  
 151  // Retrieve a list of unviewable forums
 152  $unviewableforums = get_unviewable_forums();
 153  $inactiveforums = get_inactive_forums();
 154  $unviewablefids1 = $unviewablefids2 = array();
 155  
 156  if($unviewableforums)
 157  {
 158      $flist .= " AND fid NOT IN ({$unviewableforums})";
 159      $tflist .= " AND t.fid NOT IN ({$unviewableforums})";
 160  
 161      $unviewablefids1 = explode(',', $unviewableforums);
 162  }
 163  
 164  if($inactiveforums)
 165  {
 166      $flist .= " AND fid NOT IN ({$inactiveforums})";
 167      $tflist .= " AND t.fid NOT IN ({$inactiveforums})";
 168  
 169      $unviewablefids2 = explode(',', $inactiveforums);
 170  }
 171  
 172  $unviewableforums = array_merge($unviewablefids1, $unviewablefids2);
 173  
 174  if(!isset($collapsedimg['modcpforums']))
 175  {
 176      $collapsedimg['modcpforums'] = '';
 177  }
 178  
 179  if(!isset($collapsed['modcpforums_e']))
 180  {
 181      $collapsed['modcpforums_e'] = '';
 182  }
 183  
 184  if(!isset($collapsedimg['modcpusers']))
 185  {
 186      $collapsedimg['modcpusers'] = '';
 187  }
 188  
 189  if(!isset($collapsed['modcpusers_e']))
 190  {
 191      $collapsed['modcpusers_e'] = '';
 192  }
 193  
 194  // Fetch the Mod CP menu
 195  $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = '';
 196  if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1)
 197  {
 198      eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";");
 199  }
 200  
 201  if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1)
 202  {
 203      eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";");
 204  }
 205  
 206  if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1)
 207  {
 208      eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";");
 209  }
 210  
 211  if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1)
 212  {
 213      eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";");
 214  }
 215  
 216  if($mybb->usergroup['caneditprofiles'] == 1)
 217  {
 218      eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";");
 219  }
 220  
 221  if($mybb->usergroup['canbanusers'] == 1)
 222  {
 223      eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";");
 224  }
 225  
 226  if($mybb->usergroup['canviewwarnlogs'] == 1)
 227  {
 228      eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";");
 229  }
 230  
 231  if($mybb->usergroup['canuseipsearch'] == 1)
 232  {
 233      eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";");
 234  }
 235  
 236  $plugins->run_hooks("modcp_nav");
 237  
 238  if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs))
 239  {
 240      $expaltext = (in_array("modcpforums", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;
 241      eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";");
 242  }
 243  
 244  if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch))
 245  {
 246      $expaltext = (in_array("modcpusers", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;
 247      eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";");
 248  }
 249  
 250  eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";");
 251  
 252  $plugins->run_hooks("modcp_start");
 253  
 254  // Make navigation
 255  add_breadcrumb($lang->nav_modcp, "modcp.php");
 256  
 257  $mybb->input['action'] = $mybb->get_input('action');
 258  if($mybb->input['action'] == "do_reports")
 259  {
 260      // Verify incoming POST request
 261      verify_post_check($mybb->get_input('my_post_key'));
 262  
 263      $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY);
 264      if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports']))
 265      {
 266          error($lang->error_noselected_reports);
 267      }
 268  
 269      $message = $lang->redirect_reportsmarked;
 270  
 271      if(isset($mybb->cookies['inlinereports']))
 272      {
 273          if($mybb->cookies['inlinereports'] == '|ALL|') {
 274              $message = $lang->redirect_allreportsmarked;
 275              $sql = "1=1";
 276              if(isset($mybb->cookies['inlinereports_removed']))
 277              {
 278                  $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']);
 279                  $reports = array_map("intval", $inlinereportremovedlist);
 280                  $rids = implode("','", $reports);
 281                  $sql = "rid NOT IN ('0','{$rids}')";
 282              }
 283          }
 284          else
 285          {
 286              $inlinereportlist = explode("|", $mybb->cookies['inlinereports']);
 287              $reports = array_map("intval", $inlinereportlist);
 288  
 289              if(!count($reports))
 290              {
 291                  error($lang->error_noselected_reports);
 292              }
 293  
 294              $rids = implode("','", $reports);
 295  
 296              $sql = "rid IN ('0','{$rids}')";
 297          }
 298      }
 299      else
 300      {
 301          $mybb->input['reports'] = array_map("intval", $mybb->input['reports']);
 302          $rids = implode("','", $mybb->input['reports']);
 303  
 304          $sql = "rid IN ('0','{$rids}')";
 305      }
 306  
 307      $plugins->run_hooks("modcp_do_reports");
 308  
 309      $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}");
 310      $cache->update_reportedcontent();
 311  
 312      my_unsetcookie('inlinereports');
 313      my_unsetcookie('inlinereports_removed');
 314  
 315      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 316  
 317      redirect("modcp.php?action=reports&page={$page}", $message);
 318  }
 319  
 320  if($mybb->input['action'] == "reports")
 321  {
 322      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 323      {
 324          error_no_permission();
 325      }
 326  
 327      if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1)
 328      {
 329          error($lang->you_cannot_view_reported_posts);
 330      }
 331  
 332      $lang->load('report');
 333      add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports");
 334  
 335      $perpage = $mybb->settings['threadsperpage'];
 336      if(!$perpage)
 337      {
 338          $perpage = 20;
 339      }
 340  
 341      // Multipage
 342      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 343      {
 344          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'");
 345          $report_count = $db->fetch_field($query, "count");
 346      }
 347      else
 348      {
 349          $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')");
 350  
 351          $report_count = 0;
 352          while($fid = $db->fetch_field($query, 'id3'))
 353          {
 354              if(is_moderator($fid, "canmanagereportedposts"))
 355              {
 356                  ++$report_count;
 357              }
 358          }
 359          unset($fid);
 360      }
 361  
 362      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 363  
 364      $postcount = (int)$report_count;
 365      $pages = $postcount / $perpage;
 366      $pages = ceil($pages);
 367  
 368      if($page > $pages || $page <= 0)
 369      {
 370          $page = 1;
 371      }
 372  
 373      if($page && $page > 0)
 374      {
 375          $start = ($page-1) * $perpage;
 376      }
 377      else
 378      {
 379          $start = 0;
 380          $page = 1;
 381      }
 382  
 383      $multipage = $reportspages = '';
 384      if($postcount > $perpage)
 385      {
 386          $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports");
 387          eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 388      }
 389  
 390      $plugins->run_hooks("modcp_reports_start");
 391  
 392      // Reports
 393      $reports = $selectall = '';
 394      $inlinecount = 0;
 395  
 396      $query = $db->query("
 397          SELECT r.*, u.username, rr.title
 398          FROM ".TABLE_PREFIX."reportedcontent r
 399          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid)
 400          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 401          WHERE r.reportstatus = '0'{$tflist_reports}
 402          ORDER BY r.reports DESC
 403          LIMIT {$start}, {$perpage}
 404      ");
 405  
 406      if(!$db->num_rows($query))
 407      {
 408          // No unread reports
 409          eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";");
 410      }
 411      else
 412      {
 413          $reportedcontent = $cache->read("reportedcontent");
 414          $reportcache = $usercache = $postcache = array();
 415  
 416          while($report = $db->fetch_array($query))
 417          {
 418              if($report['type'] == 'profile' || $report['type'] == 'reputation')
 419              {
 420                  // Profile UID is in ID
 421                  if(!isset($usercache[$report['id']]))
 422                  {
 423                      $usercache[$report['id']] = $report['id'];
 424                  }
 425  
 426                  // Reputation comment? The offender is the ID2
 427                  if($report['type'] == 'reputation')
 428                  {
 429                      if(!isset($usercache[$report['id2']]))
 430                      {
 431                          $usercache[$report['id2']] = $report['id2'];
 432                      }
 433                      if(!isset($usercache[$report['id3']]))
 434                      {
 435                          // The user who was offended
 436                          $usercache[$report['id3']] = $report['id3'];
 437                      }
 438                  }
 439              }
 440              else if(!$report['type'] || $report['type'] == 'post')
 441              {
 442                  // This (should) be a post
 443                  $postcache[$report['id']] = $report['id'];
 444              }
 445  
 446              // Lastpost info - is it missing (pre-1.8)?
 447              $lastposter = $report['uid'];
 448              if(!$report['lastreport'])
 449              {
 450                  // Last reporter is our first reporter
 451                  $report['lastreport'] = $report['dateline'];
 452              }
 453  
 454              if($report['reporters'])
 455              {
 456                  $reporters = my_unserialize($report['reporters']);
 457  
 458                  if(is_array($reporters))
 459                  {
 460                      $lastposter = end($reporters);
 461                  }
 462              }
 463  
 464              if(!isset($usercache[$lastposter]))
 465              {
 466                  $usercache[$lastposter] = $lastposter;
 467              }
 468  
 469              $report['lastreporter'] = $lastposter;
 470              $reportcache[] = $report;
 471          }
 472  
 473          // Report Center gets messy
 474          // Find information about our users (because we don't log it when they file a report)
 475          if(!empty($usercache))
 476          {
 477              $sql = implode(',', array_keys($usercache));
 478              $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})");
 479  
 480              while($user = $db->fetch_array($query))
 481              {
 482                  $usercache[$user['uid']] = $user;
 483              }
 484          }
 485  
 486          // Messy * 2
 487          // Find out post information for our reported posts
 488          if(!empty($postcache))
 489          {
 490              $sql = implode(',', array_keys($postcache));
 491              $query = $db->query("
 492                  SELECT p.pid, p.uid, p.username, p.tid, t.subject
 493                  FROM ".TABLE_PREFIX."posts p
 494                  LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid)
 495                  WHERE p.pid IN ({$sql})
 496              ");
 497  
 498              while($post = $db->fetch_array($query))
 499              {
 500                  $postcache[$post['pid']] = $post;
 501              }
 502          }
 503  
 504          $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache));
 505          $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count);
 506          $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count);
 507          eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";");
 508  
 509          $plugins->run_hooks('modcp_reports_intermediate');
 510  
 511          // Now that we have all of the information needed, display the reports
 512          foreach($reportcache as $report)
 513          {
 514              $trow = alt_trow();
 515  
 516              if(!$report['type'])
 517              {
 518                  // Assume a post
 519                  $report['type'] = 'post';
 520              }
 521  
 522              // Report Information
 523              $report_data = array();
 524  
 525              switch($report['type'])
 526              {
 527                  case 'post':
 528                      $post = get_post_link($report['id'])."#pid{$report['id']}";
 529                      $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']);
 530                      $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 531  
 532                      $thread_link = get_thread_link($postcache[$report['id']]['tid']);
 533                      $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject']));
 534                      $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 535  
 536                      break;
 537                  case 'profile':
 538                      $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']);
 539                      $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 540                      break;
 541                  case 'reputation':
 542                      $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}";
 543                      $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']);
 544                      $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user);
 545  
 546                      $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']);
 547                      $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user);
 548                      break;
 549              }
 550  
 551              // Report reason and comment
 552              if($report['reasonid'] > 0)
 553              {
 554                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 555  
 556                  if(empty($report['reason']))
 557                  {
 558                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 559                  }
 560                  else
 561                  {
 562                      $comment = htmlspecialchars_uni($report['reason']);
 563                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 564                  }
 565              }
 566              else
 567              {
 568                  $report_data['comment'] = $lang->na;
 569              }
 570  
 571              $report_reports = 1;
 572              if($report['reports'])
 573              {
 574                  $report_data['reports'] = my_number_format($report['reports']);
 575              }
 576  
 577              if($report['lastreporter'])
 578              {
 579                  if(is_array($usercache[$report['lastreporter']]))
 580                  {
 581                      $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']);
 582                  }
 583                  elseif($usercache[$report['lastreporter']] > 0)
 584                  {
 585                      $lastreport_user = htmlspecialchars_uni($lang->na_deleted);
 586                  }
 587  
 588                  $lastreport_date = my_date('relative', $report['lastreport']);
 589                  $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user);
 590              }
 591  
 592              $inlinecheck = '';
 593              if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false)
 594              {
 595                  $inlinecheck = " checked=\"checked\"";
 596                  ++$inlinecount;
 597              }
 598  
 599              $plugins->run_hooks("modcp_reports_report");
 600              eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";");
 601          }
 602      }
 603  
 604      $plugins->run_hooks("modcp_reports_end");
 605  
 606      eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";");
 607      output_page($reportedcontent);
 608  }
 609  
 610  if($mybb->input['action'] == "allreports")
 611  {
 612      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 613      {
 614          error_no_permission();
 615      }
 616  
 617      $lang->load('report');
 618  
 619      add_breadcrumb($lang->report_center, "modcp.php?action=reports");
 620      add_breadcrumb($lang->all_reports, "modcp.php?action=allreports");
 621  
 622      if(!$mybb->settings['threadsperpage'])
 623      {
 624          $mybb->settings['threadsperpage'] = 20;
 625      }
 626  
 627      // Figure out if we need to display multiple pages.
 628      $perpage = $mybb->settings['threadsperpage'];
 629      if($mybb->get_input('page') != "last")
 630      {
 631          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 632      }
 633  
 634      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 635      {
 636          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count");
 637          $report_count = $db->fetch_field($query, "count");
 638      }
 639      else
 640      {
 641          $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''");
 642  
 643          $report_count = 0;
 644          while($fid = $db->fetch_field($query, 'id3'))
 645          {
 646              if(is_moderator($fid, "canmanagereportedposts"))
 647              {
 648                  ++$report_count;
 649              }
 650          }
 651          unset($fid);
 652      }
 653  
 654      if(isset($mybb->input['rid']))
 655      {
 656          $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT);
 657          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'");
 658          $result = $db->fetch_field($query, "count");
 659          if(($result % $perpage) == 0)
 660          {
 661              $page = $result / $perpage;
 662          }
 663          else
 664          {
 665              $page = (int)$result / $perpage + 1;
 666          }
 667      }
 668      $postcount = (int)$report_count;
 669      $pages = $postcount / $perpage;
 670      $pages = ceil($pages);
 671  
 672      if($mybb->get_input('page') == "last")
 673      {
 674          $page = $pages;
 675      }
 676  
 677      if($page > $pages || $page <= 0)
 678      {
 679          $page = 1;
 680      }
 681  
 682      if($page)
 683      {
 684          $start = ($page-1) * $perpage;
 685      }
 686      else
 687      {
 688          $start = 0;
 689          $page = 1;
 690      }
 691      $upper = $start+$perpage;
 692  
 693      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
 694      $allreportspages = '';
 695      if($postcount > $perpage)
 696      {
 697          eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 698      }
 699  
 700      $plugins->run_hooks("modcp_allreports_start");
 701  
 702      $query = $db->query("
 703          SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title
 704          FROM ".TABLE_PREFIX."reportedcontent r
 705          LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid)
 706          LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)
 707          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
 708          LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
 709          LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id)
 710          LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2)
 711          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 712          {$wflist_reports}
 713          ORDER BY r.dateline DESC
 714          LIMIT {$start}, {$perpage}
 715      ");
 716  
 717      $allreports = '';
 718      if(!$db->num_rows($query))
 719      {
 720          eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";");
 721      }
 722      else
 723      {
 724          while($report = $db->fetch_array($query))
 725          {
 726              $trow = alt_trow();
 727  
 728              if($report['type'] == 'post')
 729              {
 730                  $post = get_post_link($report['id'])."#pid{$report['id']}";
 731                  $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']);
 732                  $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 733  
 734                  $thread_link = get_thread_link($report['id2']);
 735                  $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject']));
 736                  $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 737              }
 738              else if($report['type'] == 'profile')
 739              {
 740                  $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']);
 741                  $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 742              }
 743              else if($report['type'] == 'reputation')
 744              {
 745                  $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']);
 746                  $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}";
 747                  $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user);
 748              }
 749  
 750              // Report reason and comment
 751              if($report['reasonid'] > 0)
 752              {
 753                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 754  
 755                  if(empty($report['reason']))
 756                  {
 757                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 758                  }
 759                  else
 760                  {
 761                      $comment = htmlspecialchars_uni($report['reason']);
 762                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 763                  }
 764              }
 765              else
 766              {
 767                  $report_data['comment'] = $lang->na;
 768              }
 769  
 770              $report['reporterlink'] = get_profile_link($report['uid']);
 771              if(!$report['username'])
 772              {
 773                  $report['username'] = $lang->na_deleted;
 774                  $report['reporterlink'] = $post;
 775              }
 776              $report['username'] = htmlspecialchars_uni($report['username']);
 777  
 778              $report_data['reports'] = my_number_format($report['reports']);
 779              $report_data['time'] = my_date('relative', $report['dateline']);
 780  
 781              $plugins->run_hooks("modcp_allreports_report");
 782              eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";");
 783          }
 784      }
 785  
 786      $plugins->run_hooks("modcp_allreports_end");
 787  
 788      eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";");
 789      output_page($allreportedcontent);
 790  }
 791  
 792  if($mybb->input['action'] == "modlogs")
 793  {
 794      if($mybb->usergroup['canviewmodlogs'] == 0)
 795      {
 796          error_no_permission();
 797      }
 798  
 799      if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1)
 800      {
 801          error($lang->you_cannot_view_mod_logs);
 802      }
 803  
 804      add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");
 805  
 806      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
 807      if(!$perpage || $perpage <= 0)
 808      {
 809          $perpage = $mybb->settings['threadsperpage'];
 810      }
 811  
 812      $where = '';
 813  
 814      // Searching for entries by a particular user
 815      if($mybb->get_input('uid', MyBB::INPUT_INT))
 816      {
 817          $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
 818      }
 819  
 820      // Searching for entries in a specific forum
 821      if($mybb->get_input('fid', MyBB::INPUT_INT))
 822      {
 823          $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
 824      }
 825  
 826      $mybb->input['sortby'] = $mybb->get_input('sortby');
 827  
 828      // Order?
 829      switch($mybb->input['sortby'])
 830      {
 831          case "username":
 832              $sortby = "u.username";
 833              break;
 834          case "forum":
 835              $sortby = "f.name";
 836              break;
 837          case "thread":
 838              $sortby = "t.subject";
 839              break;
 840          default:
 841              $sortby = "l.dateline";
 842      }
 843      $order = $mybb->get_input('order');
 844      if($order != "asc")
 845      {
 846          $order = "desc";
 847      }
 848  
 849      $plugins->run_hooks("modcp_modlogs_start");
 850  
 851      $query = $db->query("
 852          SELECT COUNT(l.dateline) AS count
 853          FROM ".TABLE_PREFIX."moderatorlog l
 854          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 855          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 856          WHERE 1=1 {$where}{$tflist_modlog}
 857      ");
 858      $rescount = $db->fetch_field($query, "count");
 859  
 860      // Figure out if we need to display multiple pages.
 861      if($mybb->get_input('page') != "last")
 862      {
 863          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 864      }
 865  
 866      $postcount = (int)$rescount;
 867      $pages = $postcount / $perpage;
 868      $pages = ceil($pages);
 869  
 870      if($mybb->get_input('page') == "last")
 871      {
 872          $page = $pages;
 873      }
 874  
 875      if($page > $pages || $page <= 0)
 876      {
 877          $page = 1;
 878      }
 879  
 880      if($page)
 881      {
 882          $start = ($page-1) * $perpage;
 883      }
 884      else
 885      {
 886          $start = 0;
 887          $page = 1;
 888      }
 889  
 890      $page_url = 'modcp.php?action=modlogs&amp;perpage='.$perpage;
 891      foreach(array('uid', 'fid') as $field)
 892      {
 893          $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT);
 894          if(!empty($mybb->input[$field]))
 895          {
 896              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 897          }
 898      }
 899      foreach(array('sortby', 'order') as $field)
 900      {
 901          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
 902          if(!empty($mybb->input[$field]))
 903          {
 904              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 905          }
 906      }
 907  
 908      $multipage = multipage($postcount, $perpage, $page, $page_url);
 909      $resultspages = '';
 910      if($postcount > $perpage)
 911      {
 912          eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");
 913      }
 914      $query = $db->query("
 915          SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
 916          FROM ".TABLE_PREFIX."moderatorlog l
 917          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 918          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 919          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
 920          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
 921          WHERE 1=1 {$where}{$tflist_modlog}
 922          ORDER BY {$sortby} {$order}
 923          LIMIT {$start}, {$perpage}
 924      ");
 925      $results = '';
 926      while($logitem = $db->fetch_array($query))
 927      {
 928          $information = '';
 929          $logitem['action'] = htmlspecialchars_uni($logitem['action']);
 930          $log_date = my_date('relative', $logitem['dateline']);
 931          $trow = alt_trow();
 932          if($logitem['username'])
 933          {
 934              $logitem['username'] = htmlspecialchars_uni($logitem['username']);
 935              $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
 936              $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
 937          }
 938          else
 939          {
 940              $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted);
 941          }
 942          $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress']));
 943  
 944          if($logitem['tsubject'])
 945          {
 946              $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject']));
 947              $logitem['thread'] = get_thread_link($logitem['tid']);
 948              eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";");
 949          }
 950          if($logitem['fname'])
 951          {
 952              $logitem['forum'] = get_forum_link($logitem['fid']);
 953              eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";");
 954          }
 955          if($logitem['psubject'])
 956          {
 957              $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject']));
 958              $logitem['post'] = get_post_link($logitem['pid']);
 959              eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";");
 960          }
 961  
 962          // Edited a user or managed announcement?
 963          if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
 964          {
 965              $data = my_unserialize($logitem['data']);
 966              if(!empty($data['uid']))
 967              {
 968                  $data['username'] = htmlspecialchars_uni($data['username']);
 969                  $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
 970              }
 971              if(!empty($data['aid']))
 972              {
 973                  $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject']));
 974                  $data['announcement'] = get_announcement_link($data['aid']);
 975                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";");
 976              }
 977          }
 978  
 979          $plugins->run_hooks("modcp_modlogs_result");
 980  
 981          eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");
 982      }
 983  
 984      if(!$results)
 985      {
 986          eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");
 987      }
 988  
 989      $plugins->run_hooks("modcp_modlogs_filter");
 990  
 991      // Fetch filter options
 992      $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => '');
 993      $sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";
 994      $ordersel = array('asc' => '', 'desc' => '');
 995      $ordersel[$order] = "selected=\"selected\"";
 996      $user_options = '';
 997      $query = $db->query("
 998          SELECT DISTINCT l.uid, u.username
 999          FROM ".TABLE_PREFIX."moderatorlog l
1000          LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid)
1001          ORDER BY u.username ASC
1002      ");
1003      while($user = $db->fetch_array($query))
1004      {
1005          // Deleted Users
1006          if(!$user['username'])
1007          {
1008              $user['username'] = $lang->na_deleted;
1009          }
1010  
1011          $selected = '';
1012          if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid'])
1013          {
1014              $selected = " selected=\"selected\"";
1015          }
1016  
1017          $user['username'] = htmlspecialchars_uni($user['username']);
1018          eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";");
1019      }
1020  
1021      $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid");
1022  
1023      eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";");
1024      output_page($modlogs);
1025  }
1026  
1027  if($mybb->input['action'] == "do_delete_announcement")
1028  {
1029      verify_post_check($mybb->get_input('my_post_key'));
1030  
1031      if($mybb->usergroup['canmanageannounce'] == 0)
1032      {
1033          error_no_permission();
1034      }
1035  
1036      $aid = $mybb->get_input('aid');
1037      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1038      $announcement = $db->fetch_array($query);
1039  
1040      if(!$announcement)
1041      {
1042          error($lang->error_invalid_announcement);
1043      }
1044      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1045      {
1046          error_no_permission();
1047      }
1048  
1049      $plugins->run_hooks("modcp_do_delete_announcement");
1050  
1051      $db->delete_query("announcements", "aid='{$aid}'");
1052      log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted);
1053      $cache->update_forumsdisplay();
1054  
1055      redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);
1056  }
1057  
1058  if($mybb->input['action'] == "delete_announcement")
1059  {
1060      if($mybb->usergroup['canmanageannounce'] == 0)
1061      {
1062          error_no_permission();
1063      }
1064  
1065      $aid = $mybb->get_input('aid');
1066      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1067  
1068      $announcement = $db->fetch_array($query);
1069      $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1070  
1071      if(!$announcement)
1072      {
1073          error($lang->error_invalid_announcement);
1074      }
1075  
1076      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1077      {
1078          error_no_permission();
1079      }
1080  
1081      $plugins->run_hooks("modcp_delete_announcement");
1082  
1083      eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
1084      output_page($announcements);
1085  }
1086  
1087  if($mybb->input['action'] == "do_new_announcement")
1088  {
1089      verify_post_check($mybb->get_input('my_post_key'));
1090  
1091      if($mybb->usergroup['canmanageannounce'] == 0)
1092      {
1093          error_no_permission();
1094      }
1095  
1096      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1097      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1098      {
1099          error_no_permission();
1100      }
1101  
1102      $errors = array();
1103  
1104      $mybb->input['title'] = $mybb->get_input('title');
1105      if(!trim($mybb->input['title']))
1106      {
1107          $errors[] = $lang->error_missing_title;
1108      }
1109  
1110      $mybb->input['message'] = $mybb->get_input('message');
1111      if(!trim($mybb->input['message']))
1112      {
1113          $errors[] = $lang->error_missing_message;
1114      }
1115  
1116      if(!$announcement_fid)
1117      {
1118          $errors[] = $lang->error_missing_forum;
1119      }
1120  
1121      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1122      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1123      $startdate = @explode(" ", $mybb->input['starttime_time']);
1124      $startdate = @explode(":", $startdate[0]);
1125      $enddate = @explode(" ", $mybb->input['endtime_time']);
1126      $enddate = @explode(":", $enddate[0]);
1127  
1128      if(stristr($mybb->input['starttime_time'], "pm"))
1129      {
1130          $startdate[0] = 12+$startdate[0];
1131          if($startdate[0] >= 24)
1132          {
1133              $startdate[0] = "00";
1134          }
1135      }
1136  
1137      if(stristr($mybb->input['endtime_time'], "pm"))
1138      {
1139          $enddate[0] = 12+$enddate[0];
1140          if($enddate[0] >= 24)
1141          {
1142              $enddate[0] = "00";
1143          }
1144      }
1145  
1146      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1147      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1148      if(!in_array($mybb->input['starttime_month'], $months))
1149      {
1150          $mybb->input['starttime_month'] = '01';
1151      }
1152  
1153      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1154  
1155      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1156      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1157      {
1158          $errors[] = $lang->error_invalid_start_date;
1159      }
1160  
1161      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2)
1162      {
1163          $enddate = '0';
1164          $mybb->input['endtime_month'] = '01';
1165      }
1166      else
1167      {
1168          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1169          if(!in_array($mybb->input['endtime_month'], $months))
1170          {
1171              $mybb->input['endtime_month'] = '01';
1172          }
1173          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1174          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1175          {
1176              $errors[] = $lang->error_invalid_end_date;
1177          }
1178  
1179          if($enddate <= $startdate)
1180          {
1181              $errors[] = $lang->error_end_before_start;
1182          }
1183      }
1184  
1185      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1186      {
1187          $allowhtml = 1;
1188      }
1189      else
1190      {
1191          $allowhtml = 0;
1192      }
1193      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1194      {
1195          $allowmycode = 1;
1196      }
1197      else
1198      {
1199          $allowmycode = 0;
1200      }
1201      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1202      {
1203          $allowsmilies = 1;
1204      }
1205      else
1206      {
1207          $allowsmilies = 0;
1208      }
1209  
1210      $plugins->run_hooks("modcp_do_new_announcement_start");
1211  
1212      if(!$errors)
1213      {
1214          if(isset($mybb->input['preview']))
1215          {
1216              $preview = array();
1217              $mybb->input['action'] = 'new_announcement';
1218          }
1219          else
1220          {
1221              $insert_announcement = array(
1222                  'fid' => $announcement_fid,
1223                  'uid' => $mybb->user['uid'],
1224                  'subject' => $db->escape_string($mybb->input['title']),
1225                  'message' => $db->escape_string($mybb->input['message']),
1226                  'startdate' => $startdate,
1227                  'enddate' => $enddate,
1228                  'allowhtml' => $allowhtml,
1229                  'allowmycode' => $allowmycode,
1230                  'allowsmilies' => $allowsmilies
1231              );
1232              $aid = $db->insert_query("announcements", $insert_announcement);
1233  
1234              log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added);
1235  
1236              $plugins->run_hooks("modcp_do_new_announcement_end");
1237  
1238              $cache->update_forumsdisplay();
1239              redirect("modcp.php?action=announcements", $lang->redirect_add_announcement);
1240          }
1241      }
1242      else
1243      {
1244          $mybb->input['action'] = 'new_announcement';
1245      }
1246  }
1247  
1248  if($mybb->input['action'] == "new_announcement")
1249  {
1250      if($mybb->usergroup['canmanageannounce'] == 0)
1251      {
1252          error_no_permission();
1253      }
1254  
1255      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1256      add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements");
1257  
1258      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1259  
1260      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1261      {
1262          error_no_permission();
1263      }
1264  
1265      // Deal with inline errors
1266      if(!empty($errors) || isset($preview))
1267      {
1268          if(!empty($errors))
1269          {
1270              $errors = inline_error($errors);
1271          }
1272          else
1273          {
1274              $errors = '';
1275          }
1276  
1277          // Set $announcement to input stuff
1278          $announcement['subject'] = $mybb->input['title'];
1279          $announcement['message'] = $mybb->input['message'];
1280          $announcement['allowhtml'] = $allowhtml;
1281          $announcement['allowmycode'] = $allowmycode;
1282          $announcement['allowsmilies'] = $allowsmilies;
1283  
1284          $startmonth = $mybb->input['starttime_month'];
1285          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1286          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1287          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1288          $endmonth = $mybb->input['endtime_month'];
1289          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1290          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1291          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1292      }
1293      else
1294      {
1295          $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1296  
1297          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1298          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1299          $startday = $endday = gmdate("j", $localized_time);
1300          $startmonth = $endmonth = gmdate("m", $localized_time);
1301          $startdateyear = gmdate("Y", $localized_time);
1302  
1303          $announcement = array(
1304              'subject' => '',
1305              'message' => '',
1306              'allowhtml' => 0,
1307              'allowmycode' => 1,
1308              'allowsmilies' => 1
1309              );
1310  
1311          $enddateyear = $startdateyear+1;
1312      }
1313  
1314      // Generate form elements
1315      $startdateday = $enddateday = '';
1316      for($day = 1; $day <= 31; ++$day)
1317      {
1318          if($startday == $day)
1319          {
1320              $selected = " selected=\"selected\"";
1321              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1322          }
1323          else
1324          {
1325              $selected = '';
1326              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1327          }
1328  
1329          if($endday == $day)
1330          {
1331              $selected = " selected=\"selected\"";
1332              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1333          }
1334          else
1335          {
1336              $selected = '';
1337              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1338          }
1339      }
1340  
1341      $startmonthsel = $endmonthsel = array();
1342      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1343      {
1344          $startmonthsel[$month] = '';
1345          $endmonthsel[$month] = '';
1346      }
1347      $startmonthsel[$startmonth] = "selected=\"selected\"";
1348      $endmonthsel[$endmonth] = "selected=\"selected\"";
1349  
1350      $startdatemonth = $enddatemonth = '';
1351  
1352      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1353      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1354  
1355      $title = htmlspecialchars_uni($announcement['subject']);
1356      $message = htmlspecialchars_uni($announcement['message']);
1357  
1358      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1359  
1360      if($mybb->settings['announcementshtml'])
1361      {
1362          if($announcement['allowhtml'])
1363          {
1364              $html_sel['yes'] = ' checked="checked"';
1365          }
1366          else
1367          {
1368              $html_sel['no'] = ' checked="checked"';
1369          }
1370  
1371          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1372      }
1373      else
1374      {
1375          $allow_html = '';
1376      }
1377  
1378      if($announcement['allowmycode'])
1379      {
1380          $mycode_sel['yes'] = ' checked="checked"';
1381      }
1382      else
1383      {
1384          $mycode_sel['no'] = ' checked="checked"';
1385      }
1386  
1387      if($announcement['allowsmilies'])
1388      {
1389          $smilies_sel['yes'] = ' checked="checked"';
1390      }
1391      else
1392      {
1393          $smilies_sel['no'] = ' checked="checked"';
1394      }
1395  
1396      $end_type_sel = array('infinite' => '', 'finite' => '');
1397      if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2)
1398      {
1399          $end_type_sel['infinite'] = ' checked="checked"';
1400      }
1401      else
1402      {
1403          $end_type_sel['finite'] = ' checked="checked"';
1404      }
1405  
1406      // MyCode editor
1407      $codebuttons = build_mycode_inserter();
1408      $smilieinserter = build_clickable_smilies();
1409  
1410      if(isset($preview))
1411      {
1412          $announcementarray = array(
1413              'aid' => 0,
1414              'fid' => $announcement_fid,
1415              'uid' => $mybb->user['uid'],
1416              'subject' => $mybb->input['title'],
1417              'message' => $mybb->input['message'],
1418              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1419              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1420              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1421              'dateline' => TIME_NOW,
1422              'userusername' => $mybb->user['username'],
1423          );
1424  
1425          $array = $mybb->user;
1426          foreach($array as $key => $element)
1427          {
1428              $announcementarray[$key] = $element;
1429          }
1430  
1431          // Gather usergroup data from the cache
1432          // Field => Array Key
1433          $data_key = array(
1434              'title' => 'grouptitle',
1435              'usertitle' => 'groupusertitle',
1436              'stars' => 'groupstars',
1437              'starimage' => 'groupstarimage',
1438              'image' => 'groupimage',
1439              'namestyle' => 'namestyle',
1440              'usereputationsystem' => 'usereputationsystem'
1441          );
1442  
1443          foreach($data_key as $field => $key)
1444          {
1445              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1446          }
1447  
1448          require_once  MYBB_ROOT."inc/functions_post.php";
1449          $postbit = build_postbit($announcementarray, 3);
1450          eval("\$preview = \"".$templates->get("previewpost")."\";");
1451      }
1452      else
1453      {
1454          $preview = '';
1455      }
1456  
1457      $plugins->run_hooks("modcp_new_announcement");
1458  
1459      eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";");
1460      output_page($announcements);
1461  }
1462  
1463  if($mybb->input['action'] == "do_edit_announcement")
1464  {
1465      verify_post_check($mybb->get_input('my_post_key'));
1466  
1467      if($mybb->usergroup['canmanageannounce'] == 0)
1468      {
1469          error_no_permission();
1470      }
1471  
1472      // Get the announcement
1473      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1474      $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1475      $announcement = $db->fetch_array($query);
1476  
1477      // Check that it exists
1478      if(!$announcement)
1479      {
1480          error($lang->error_invalid_announcement);
1481      }
1482  
1483      // Mod has permissions to edit this announcement
1484      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1485      {
1486          error_no_permission();
1487      }
1488  
1489      $errors = array();
1490  
1491      // Basic error checking
1492      $mybb->input['title'] = $mybb->get_input('title');
1493      if(!trim($mybb->input['title']))
1494      {
1495          $errors[] = $lang->error_missing_title;
1496      }
1497  
1498      $mybb->input['message'] = $mybb->get_input('message');
1499      if(!trim($mybb->input['message']))
1500      {
1501          $errors[] = $lang->error_missing_message;
1502      }
1503  
1504      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1505      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1506      $startdate = @explode(" ", $mybb->input['starttime_time']);
1507      $startdate = @explode(":", $startdate[0]);
1508      $enddate = @explode(" ", $mybb->input['endtime_time']);
1509      $enddate = @explode(":", $enddate[0]);
1510  
1511      if(stristr($mybb->input['starttime_time'], "pm"))
1512      {
1513          $startdate[0] = 12+$startdate[0];
1514          if($startdate[0] >= 24)
1515          {
1516              $startdate[0] = "00";
1517          }
1518      }
1519  
1520      if(stristr($mybb->input['endtime_time'], "pm"))
1521      {
1522          $enddate[0] = 12+$enddate[0];
1523          if($enddate[0] >= 24)
1524          {
1525              $enddate[0] = "00";
1526          }
1527      }
1528  
1529      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1530      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1531      if(!in_array($mybb->input['starttime_month'], $months))
1532      {
1533          $mybb->input['starttime_month'] = '01';
1534      }
1535  
1536      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1537  
1538      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1539      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1540      {
1541          $errors[] = $lang->error_invalid_start_date;
1542      }
1543  
1544      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2")
1545      {
1546          $enddate = '0';
1547          $mybb->input['endtime_month'] = '01';
1548      }
1549      else
1550      {
1551          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1552          if(!in_array($mybb->input['endtime_month'], $months))
1553          {
1554              $mybb->input['endtime_month'] = '01';
1555          }
1556          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1557          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1558          {
1559              $errors[] = $lang->error_invalid_end_date;
1560          }
1561          elseif($enddate <= $startdate)
1562          {
1563              $errors[] = $lang->error_end_before_start;
1564          }
1565      }
1566  
1567      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1568      {
1569          $allowhtml = 1;
1570      }
1571      else
1572      {
1573          $allowhtml = 0;
1574      }
1575      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1576      {
1577          $allowmycode = 1;
1578      }
1579      else
1580      {
1581          $allowmycode = 0;
1582      }
1583      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1584      {
1585          $allowsmilies = 1;
1586      }
1587      else
1588      {
1589          $allowsmilies = 0;
1590      }
1591  
1592      $plugins->run_hooks("modcp_do_edit_announcement_start");
1593  
1594      // Proceed to update if no errors
1595      if(!$errors)
1596      {
1597          if(isset($mybb->input['preview']))
1598          {
1599              $preview = array();
1600              $mybb->input['action'] = 'edit_announcement';
1601          }
1602          else
1603          {
1604              $update_announcement = array(
1605                  'uid' => $mybb->user['uid'],
1606                  'subject' => $db->escape_string($mybb->input['title']),
1607                  'message' => $db->escape_string($mybb->input['message']),
1608                  'startdate' => $startdate,
1609                  'enddate' => $enddate,
1610                  'allowhtml' => $allowhtml,
1611                  'allowmycode' => $allowmycode,
1612                  'allowsmilies' => $allowsmilies
1613              );
1614              $db->update_query("announcements", $update_announcement, "aid='{$aid}'");
1615  
1616              log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited);
1617  
1618              $plugins->run_hooks("modcp_do_edit_announcement_end");
1619  
1620              $cache->update_forumsdisplay();
1621              redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement);
1622          }
1623      }
1624      else
1625      {
1626          $mybb->input['action'] = 'edit_announcement';
1627      }
1628  }
1629  
1630  if($mybb->input['action'] == "edit_announcement")
1631  {
1632      if($mybb->usergroup['canmanageannounce'] == 0)
1633      {
1634          error_no_permission();
1635      }
1636  
1637      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1638  
1639      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1640      add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&amp;aid={$aid}");
1641  
1642      // Get announcement
1643      if(!isset($announcement) || $mybb->request_method != 'post')
1644      {
1645          $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1646          $announcement = $db->fetch_array($query);
1647      }
1648  
1649      if(!$announcement)
1650      {
1651          error($lang->error_invalid_announcement);
1652      }
1653      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1654      {
1655          error_no_permission();
1656      }
1657  
1658      if(!$announcement['startdate'])
1659      {
1660          // No start date? Make it now.
1661          $announcement['startdate'] = TIME_NOW;
1662      }
1663  
1664      $makeshift_end = false;
1665      if(!$announcement['enddate'])
1666      {
1667          $makeshift_end = true;
1668          $makeshift_time = TIME_NOW;
1669          if($announcement['startdate'])
1670          {
1671              $makeshift_time = $announcement['startdate'];
1672          }
1673  
1674          // No end date? Make it a year from now.
1675          $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366);
1676      }
1677  
1678      // Deal with inline errors
1679      if(!empty($errors) || isset($preview))
1680      {
1681          if(!empty($errors))
1682          {
1683              $errors = inline_error($errors);
1684          }
1685          else
1686          {
1687              $errors = '';
1688          }
1689  
1690          // Set $announcement to input stuff
1691          $announcement['subject'] = $mybb->input['title'];
1692          $announcement['message'] = $mybb->input['message'];
1693          $announcement['allowhtml'] = $allowhtml;
1694          $announcement['allowmycode'] = $allowmycode;
1695          $announcement['allowsmilies'] = $allowsmilies;
1696  
1697          $startmonth = $mybb->input['starttime_month'];
1698          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1699          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1700          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1701          $endmonth = $mybb->input['endtime_month'];
1702          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1703          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1704          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1705  
1706          $errored = true;
1707      }
1708      else
1709      {
1710          $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1711          $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1712  
1713          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate);
1714          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate);
1715  
1716          $startday = gmdate('j', $localized_time_startdate);
1717          $endday = gmdate('j', $localized_time_enddate);
1718  
1719          $startmonth = gmdate('m', $localized_time_startdate);
1720          $endmonth = gmdate('m', $localized_time_enddate);
1721  
1722          $startdateyear = gmdate('Y', $localized_time_startdate);
1723          $enddateyear = gmdate('Y', $localized_time_enddate);
1724  
1725          $errored = false;
1726      }
1727  
1728      // Generate form elements
1729      $startdateday = $enddateday = '';
1730      for($day = 1; $day <= 31; ++$day)
1731      {
1732          if($startday == $day)
1733          {
1734              $selected = " selected=\"selected\"";
1735              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1736          }
1737          else
1738          {
1739              $selected = '';
1740              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1741          }
1742  
1743          if($endday == $day)
1744          {
1745              $selected = " selected=\"selected\"";
1746              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1747          }
1748          else
1749          {
1750              $selected = '';
1751              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1752          }
1753      }
1754  
1755      $startmonthsel = $endmonthsel = array();
1756      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1757      {
1758          $startmonthsel[$month] = '';
1759          $endmonthsel[$month] = '';
1760      }
1761      $startmonthsel[$startmonth] = "selected=\"selected\"";
1762      $endmonthsel[$endmonth] = "selected=\"selected\"";
1763  
1764      $startdatemonth = $enddatemonth = '';
1765  
1766      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1767      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1768  
1769      $title = htmlspecialchars_uni($announcement['subject']);
1770      $message = htmlspecialchars_uni($announcement['message']);
1771  
1772      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1773  
1774      if($mybb->settings['announcementshtml'])
1775      {
1776          if($announcement['allowhtml'])
1777          {
1778              $html_sel['yes'] = ' checked="checked"';
1779          }
1780          else
1781          {
1782              $html_sel['no'] = ' checked="checked"';
1783          }
1784  
1785          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1786      }
1787      else
1788      {
1789          $allow_html = '';
1790      }
1791  
1792      if($announcement['allowmycode'])
1793      {
1794          $mycode_sel['yes'] = ' checked="checked"';
1795      }
1796      else
1797      {
1798          $mycode_sel['no'] = ' checked="checked"';
1799      }
1800  
1801      if($announcement['allowsmilies'])
1802      {
1803          $smilies_sel['yes'] = ' checked="checked"';
1804      }
1805      else
1806      {
1807          $smilies_sel['no'] = ' checked="checked"';
1808      }
1809  
1810      $end_type_sel = array('infinite' => '', 'finite' => '');
1811      if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true)
1812      {
1813          $end_type_sel['infinite'] = ' checked="checked"';
1814      }
1815      else
1816      {
1817          $end_type_sel['finite'] = ' checked="checked"';
1818      }
1819  
1820      // MyCode editor
1821      $codebuttons = build_mycode_inserter();
1822      $smilieinserter = build_clickable_smilies();
1823  
1824      if(isset($preview))
1825      {
1826          $announcementarray = array(
1827              'aid' => $announcement['aid'],
1828              'fid' => $announcement['fid'],
1829              'uid' => $mybb->user['uid'],
1830              'subject' => $mybb->input['title'],
1831              'message' => $mybb->input['message'],
1832              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1833              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1834              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1835              'dateline' => TIME_NOW,
1836              'userusername' => $mybb->user['username'],
1837          );
1838  
1839          $array = $mybb->user;
1840          foreach($array as $key => $element)
1841          {
1842              $announcementarray[$key] = $element;
1843          }
1844  
1845          // Gather usergroup data from the cache
1846          // Field => Array Key
1847          $data_key = array(
1848              'title' => 'grouptitle',
1849              'usertitle' => 'groupusertitle',
1850              'stars' => 'groupstars',
1851              'starimage' => 'groupstarimage',
1852              'image' => 'groupimage',
1853              'namestyle' => 'namestyle',
1854              'usereputationsystem' => 'usereputationsystem'
1855          );
1856  
1857          foreach($data_key as $field => $key)
1858          {
1859              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1860          }
1861  
1862          require_once  MYBB_ROOT."inc/functions_post.php";
1863          $postbit = build_postbit($announcementarray, 3);
1864          eval("\$preview = \"".$templates->get("previewpost")."\";");
1865      }
1866      else
1867      {
1868          $preview = '';
1869      }
1870  
1871      $plugins->run_hooks("modcp_edit_announcement");
1872  
1873      eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";");
1874      output_page($announcements);
1875  }
1876  
1877  if($mybb->input['action'] == "announcements")
1878  {
1879      if($mybb->usergroup['canmanageannounce'] == 0)
1880      {
1881          error_no_permission();
1882      }
1883  
1884      if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1)
1885      {
1886          error($lang->you_cannot_manage_announcements);
1887      }
1888  
1889      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1890  
1891      // Fetch announcements into their proper arrays
1892      $query = $db->simple_select("announcements", "aid, fid, subject, enddate");
1893      $announcements = $global_announcements = array();
1894      while($announcement = $db->fetch_array($query))
1895      {
1896          if($announcement['fid'] == -1)
1897          {
1898              $global_announcements[$announcement['aid']] = $announcement;
1899              continue;
1900          }
1901          $announcements[$announcement['fid']][$announcement['aid']] = $announcement;
1902      }
1903  
1904      $announcements_global = '';
1905      if($mybb->usergroup['issupermod'] == 1)
1906      {
1907          if($global_announcements && $mybb->usergroup['issupermod'] == 1)
1908          {
1909              // Get the global announcements
1910              foreach($global_announcements as $aid => $announcement)
1911              {
1912                  $trow = alt_trow();
1913                  if((isset($announcement['startdate']) && $announcement['startdate'] > TIME_NOW) || (isset($announcement['enddate']) && $announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0))
1914                  {
1915                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";");
1916                  }
1917                  else
1918                  {
1919                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";");
1920                  }
1921  
1922                  $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1923  
1924                  eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";");
1925              }
1926          }
1927          else
1928          {
1929              // No global announcements
1930              eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";");
1931          }
1932          eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";");
1933      }
1934  
1935      $announcements_forum = '';
1936      fetch_forum_announcements();
1937  
1938      if(!$announcements_forum)
1939      {
1940          eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";");
1941      }
1942  
1943      $plugins->run_hooks("modcp_announcements");
1944  
1945      eval("\$announcements = \"".$templates->get("modcp_announcements")."\";");
1946      output_page($announcements);
1947  }
1948  
1949  if($mybb->input['action'] == "do_modqueue")
1950  {
1951      require_once  MYBB_ROOT."inc/class_moderation.php";
1952      $moderation = new Moderation;
1953  
1954      // Verify incoming POST request
1955      verify_post_check($mybb->get_input('my_post_key'));
1956  
1957      if($mybb->usergroup['canmanagemodqueue'] == 0)
1958      {
1959          error_no_permission();
1960      }
1961  
1962      $plugins->run_hooks("modcp_do_modqueue_start");
1963  
1964      $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY);
1965      $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY);
1966      $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY);
1967      if(!empty($mybb->input['threads']))
1968      {
1969          $threads = array_map("intval", array_keys($mybb->input['threads']));
1970          $threads_to_approve = $threads_to_delete = array();
1971          // Fetch threads
1972          $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}");
1973          while($thread = $db->fetch_array($query))
1974          {
1975              if(!isset($mybb->input['threads'][$thread['tid']]))
1976              {
1977                  continue;
1978              }
1979              $action = $mybb->input['threads'][$thread['tid']];
1980              if($action == "approve")
1981              {
1982                  $threads_to_approve[] = $thread['tid'];
1983              }
1984              else if($action == "delete")
1985              {
1986                  $threads_to_delete[] = $thread['tid'];
1987              }
1988          }
1989          if(!empty($threads_to_approve))
1990          {
1991              $moderation->approve_threads($threads_to_approve);
1992              log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads);
1993          }
1994          if(!empty($threads_to_delete))
1995          {
1996              if($mybb->settings['soft_delete'] == 1)
1997              {
1998                  $moderation->soft_delete_threads($threads_to_delete);
1999                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads);
2000              }
2001              else
2002              {
2003                  foreach($threads_to_delete as $tid)
2004                  {
2005                      $moderation->delete_thread($tid);
2006                  }
2007                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads);
2008              }
2009          }
2010  
2011          $plugins->run_hooks("modcp_do_modqueue_end");
2012  
2013          redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated);
2014      }
2015      else if(!empty($mybb->input['posts']))
2016      {
2017          $posts = array_map("intval", array_keys($mybb->input['posts']));
2018          // Fetch posts
2019          $posts_to_approve = $posts_to_delete = array();
2020          $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}");
2021          while($post = $db->fetch_array($query))
2022          {
2023              if(!isset($mybb->input['posts'][$post['pid']]))
2024              {
2025                  continue;
2026              }
2027              $action = $mybb->input['posts'][$post['pid']];
2028              if($action == "approve")
2029              {
2030                  $posts_to_approve[] = $post['pid'];
2031              }
2032              else if($action == "delete" && $mybb->settings['soft_delete'] != 1)
2033              {
2034                  $moderation->delete_post($post['pid']);
2035              }
2036              else if($action == "delete")
2037              {
2038                  $posts_to_delete[] = $post['pid'];
2039              }
2040          }
2041          if(!empty($posts_to_approve))
2042          {
2043              $moderation->approve_posts($posts_to_approve);
2044              log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts);
2045          }
2046          if(!empty($posts_to_delete))
2047          {
2048              if($mybb->settings['soft_delete'] == 1)
2049              {
2050                  $moderation->soft_delete_posts($posts_to_delete);
2051                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts);
2052              }
2053              else
2054              {
2055                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts);
2056              }
2057          }
2058  
2059          $plugins->run_hooks("modcp_do_modqueue_end");
2060  
2061          redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated);
2062      }
2063      else if(!empty($mybb->input['attachments']))
2064      {
2065          $attachments = array_map("intval", array_keys($mybb->input['attachments']));
2066          $query = $db->query("
2067              SELECT a.pid, a.aid
2068              FROM  ".TABLE_PREFIX."attachments a
2069              LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
2070              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2071              WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach}
2072          ");
2073          while($attachment = $db->fetch_array($query))
2074          {
2075              if(!isset($mybb->input['attachments'][$attachment['aid']]))
2076              {
2077                  continue;
2078              }
2079              $action = $mybb->input['attachments'][$attachment['aid']];
2080              if($action == "approve")
2081              {
2082                  $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");
2083              }
2084              else if($action == "delete")
2085              {
2086                  remove_attachment($attachment['pid'], '', $attachment['aid']);
2087              }
2088          }
2089  
2090          $plugins->run_hooks("modcp_do_modqueue_end");
2091  
2092          redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
2093      }
2094  }
2095  
2096  if($mybb->input['action'] == "modqueue")
2097  {
2098      $navsep = '';
2099  
2100      if($mybb->usergroup['canmanagemodqueue'] == 0)
2101      {
2102          error_no_permission();
2103      }
2104  
2105      if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2106      {
2107          error($lang->you_cannot_use_mod_queue);
2108      }
2109  
2110      $mybb->input['type'] = $mybb->get_input('type');
2111      $threadqueue = $postqueue = $attachmentqueue = '';
2112      if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1))
2113      {
2114          if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1)
2115          {
2116              error($lang->you_cannot_moderate_threads);
2117          }
2118  
2119          $forum_cache = $cache->read("forums");
2120  
2121          $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
2122          $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
2123  
2124          // Figure out if we need to display multiple pages.
2125          if($mybb->get_input('page') != "last")
2126          {
2127              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2128          }
2129  
2130          $perpage = $mybb->settings['threadsperpage'];
2131          $pages = $unapproved_threads / $perpage;
2132          $pages = ceil($pages);
2133  
2134          if($mybb->get_input('page') == "last")
2135          {
2136              $page = $pages;
2137          }
2138  
2139          if($page > $pages || $page <= 0)
2140          {
2141              $page = 1;
2142          }
2143  
2144          if($page)
2145          {
2146              $start = ($page-1) * $perpage;
2147          }
2148          else
2149          {
2150              $start = 0;
2151              $page = 1;
2152          }
2153  
2154          $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads");
2155  
2156          $query = $db->query("
2157              SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid
2158              FROM ".TABLE_PREFIX."threads t
2159              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost)
2160              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
2161              WHERE t.visible='0' {$tflist_queue_threads}
2162              ORDER BY t.lastpost DESC
2163              LIMIT {$start}, {$perpage}
2164          ");
2165          $threads = '';
2166          while($thread = $db->fetch_array($query))
2167          {
2168              $altbg = alt_trow();
2169              $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
2170              $thread['threadlink'] = get_thread_link($thread['tid']);
2171              $forum_link = get_forum_link($thread['fid']);
2172              $forum_name = $forum_cache[$thread['fid']]['name'];
2173              $threaddate = my_date('relative', $thread['dateline']);
2174  
2175              if($thread['username'] == "")
2176              {
2177                  if($thread['threadusername'] != "")
2178                  {
2179                      $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']);
2180                      $profile_link = $thread['threadusername'];
2181                  }
2182                  else
2183                  {
2184                      $profile_link = $lang->guest;
2185                  }
2186              }
2187              else
2188              {
2189                  $thread['username'] = htmlspecialchars_uni($thread['username']);
2190                  $profile_link = build_profile_link($thread['username'], $thread['uid']);
2191              }
2192  
2193              $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage']));
2194              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2195              eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";");
2196          }
2197  
2198          if(!$threads && $mybb->input['type'] == "threads")
2199          {
2200              eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";");
2201          }
2202  
2203          if($threads)
2204          {
2205              add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&amp;type=threads");
2206  
2207              $plugins->run_hooks("modcp_modqueue_threads_end");
2208  
2209              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2210              {
2211                  $navsep = " | ";
2212                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2213              }
2214  
2215              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2216              {
2217                  $navsep = " | ";
2218                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2219              }
2220  
2221              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2222              eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";");
2223              output_page($threadqueue);
2224          }
2225          $type = 'threads';
2226      }
2227  
2228      if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)))
2229      {
2230          if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1)
2231          {
2232              error($lang->you_cannot_moderate_posts);
2233          }
2234  
2235          $forum_cache = $cache->read("forums");
2236  
2237          $query = $db->query("
2238              SELECT COUNT(pid) AS unapprovedposts
2239              FROM  ".TABLE_PREFIX."posts p
2240              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2241              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2242          ");
2243          $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
2244  
2245          // Figure out if we need to display multiple pages.
2246          if($mybb->get_input('page') != "last")
2247          {
2248              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2249          }
2250  
2251          $perpage = $mybb->settings['postsperpage'];
2252          $pages = $unapproved_posts / $perpage;
2253          $pages = ceil($pages);
2254  
2255          if($mybb->get_input('page') == "last")
2256          {
2257              $page = $pages;
2258          }
2259  
2260          if($page > $pages || $page <= 0)
2261          {
2262              $page = 1;
2263          }
2264  
2265          if($page)
2266          {
2267              $start = ($page-1) * $perpage;
2268          }
2269          else
2270          {
2271              $start = 0;
2272              $page = 1;
2273          }
2274  
2275          $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");
2276  
2277          $query = $db->query("
2278              SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline
2279              FROM  ".TABLE_PREFIX."posts p
2280              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2281              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2282              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2283              ORDER BY p.dateline DESC, p.pid DESC
2284              LIMIT {$start}, {$perpage}
2285          ");
2286          $posts = '';
2287          while($post = $db->fetch_array($query))
2288          {
2289              $altbg = alt_trow();
2290              $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject']));
2291              $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject']));
2292              $post['threadlink'] = get_thread_link($post['tid']);
2293              $post['postlink'] = get_post_link($post['pid'], $post['tid']);
2294              $forum_link = get_forum_link($post['fid']);
2295              $forum_name = $forum_cache[$post['fid']]['name'];
2296              $postdate = my_date('relative', $post['dateline']);
2297  
2298              if($post['username'] == "")
2299              {
2300                  if($post['postusername'] != "")
2301                  {
2302                      $post['postusername'] = htmlspecialchars_uni($post['postusername']);
2303                      $profile_link = $post['postusername'];
2304                  }
2305                  else
2306                  {
2307                      $profile_link = $lang->guest;
2308                  }
2309              }
2310              else
2311              {
2312                  $post['username'] = htmlspecialchars_uni($post['username']);
2313                  $profile_link = build_profile_link($post['username'], $post['uid']);
2314              }
2315  
2316              eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";");
2317              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2318              $post['message'] = nl2br(htmlspecialchars_uni($post['message']));
2319              eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";");
2320          }
2321  
2322          if(!$posts && $mybb->input['type'] == "posts")
2323          {
2324              eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";");
2325          }
2326  
2327          if($posts)
2328          {
2329              add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&amp;type=posts");
2330  
2331              $plugins->run_hooks("modcp_modqueue_posts_end");
2332  
2333              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2334              {
2335                  $navsep = " | ";
2336                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2337              }
2338  
2339              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2340              {
2341                  $navsep = " | ";
2342                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2343              }
2344  
2345              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2346              eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";");
2347              output_page($postqueue);
2348          }
2349      }
2350  
2351      if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)))
2352      {
2353          if($mybb->settings['enableattachments'] == 0)
2354          {
2355              error($lang->attachments_disabled);
2356          }
2357  
2358          if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2359          {
2360              error($lang->you_cannot_moderate_attachments);
2361          }
2362  
2363          $query = $db->query("
2364              SELECT COUNT(aid) AS unapprovedattachments
2365              FROM  ".TABLE_PREFIX."attachments a
2366              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2367              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2368              WHERE a.visible='0'{$tflist_queue_attach}
2369          ");
2370          $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
2371  
2372          // Figure out if we need to display multiple pages.
2373          if($mybb->get_input('page') != "last")
2374          {
2375              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2376          }
2377  
2378          $perpage = $mybb->settings['postsperpage'];
2379          $pages = $unapproved_attachments / $perpage;
2380          $pages = ceil($pages);
2381  
2382          if($mybb->get_input('page') == "last")
2383          {
2384              $page = $pages;
2385          }
2386  
2387          if($page > $pages || $page <= 0)
2388          {
2389              $page = 1;
2390          }
2391  
2392          if($page)
2393          {
2394              $start = ($page-1) * $perpage;
2395          }
2396          else
2397          {
2398              $start = 0;
2399              $page = 1;
2400          }
2401  
2402          $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");
2403  
2404          $query = $db->query("
2405              SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject
2406              FROM  ".TABLE_PREFIX."attachments a
2407              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2408              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2409              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2410              WHERE a.visible='0'{$tflist_queue_attach}
2411              ORDER BY a.dateuploaded DESC
2412              LIMIT {$start}, {$perpage}
2413          ");
2414          $attachments = '';
2415          while($attachment = $db->fetch_array($query))
2416          {
2417              $altbg = alt_trow();
2418  
2419              if(!$attachment['dateuploaded'])
2420              {
2421                  $attachment['dateuploaded'] = $attachment['dateline'];
2422              }
2423  
2424              $attachdate = my_date('relative', $attachment['dateuploaded']);
2425  
2426              $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject']));
2427              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
2428              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
2429              $attachment['filesize'] = get_friendly_size($attachment['filesize']);
2430  
2431              $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}";
2432              $thread_link = get_thread_link($attachment['tid']);
2433              $attachment['username'] = htmlspecialchars_uni($attachment['username']);
2434              $profile_link = build_profile_link($attachment['username'], $attachment['uid']);
2435  
2436              eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";");
2437          }
2438  
2439          if(!$attachments && $mybb->input['type'] == "attachments")
2440          {
2441              eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";");
2442          }
2443  
2444          if($attachments)
2445          {
2446              add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&amp;type=attachments");
2447  
2448              $plugins->run_hooks("modcp_modqueue_attachments_end");
2449  
2450              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2451              {
2452                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2453                  $navsep = " | ";
2454              }
2455  
2456              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2457              {
2458                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2459                  $navsep = " | ";
2460              }
2461  
2462              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2463              eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";");
2464              output_page($attachmentqueue);
2465          }
2466      }
2467  
2468      // Still nothing? All queues are empty! :-D
2469      if(!$threadqueue && !$postqueue && !$attachmentqueue)
2470      {
2471          add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue");
2472  
2473          $plugins->run_hooks("modcp_modqueue_end");
2474  
2475          eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";");
2476          output_page($queue);
2477      }
2478  }
2479  
2480  if($mybb->input['action'] == "do_editprofile")
2481  {
2482      // Verify incoming POST request
2483      verify_post_check($mybb->input['my_post_key']);
2484  
2485      if($mybb->usergroup['caneditprofiles'] == 0)
2486      {
2487          error_no_permission();
2488      }
2489  
2490      $user = get_user($mybb->input['uid']);
2491      if(!$user)
2492      {
2493          error($lang->error_nomember);
2494      }
2495  
2496      // Check if the current user has permission to edit this user
2497      if(!modcp_can_manage_user($user['uid']))
2498      {
2499          error_no_permission();
2500      }
2501  
2502      $plugins->run_hooks("modcp_do_editprofile_start");
2503  
2504      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
2505      {
2506          $awaydate = TIME_NOW;
2507          if(!empty($mybb->input['awayday']))
2508          {
2509              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
2510              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
2511              {
2512                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
2513              }
2514              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
2515              {
2516                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
2517              }
2518  
2519              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
2520              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
2521              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
2522  
2523              // Check if return date is after the away date.
2524              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
2525              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
2526              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
2527              {
2528                  error($lang->error_modcp_return_date_past);
2529              }
2530  
2531              $returndate = "{$return_day}-{$return_month}-{$return_year}";
2532          }
2533          else
2534          {
2535              $returndate = "";
2536          }
2537          $away = array(
2538              "away" => 1,
2539              "date" => $awaydate,
2540              "returndate" => $returndate,
2541              "awayreason" => $mybb->get_input('awayreason')
2542          );
2543      }
2544      else
2545      {
2546          $away = array(
2547              "away" => 0,
2548              "date" => '',
2549              "returndate" => '',
2550              "awayreason" => ''
2551          );
2552      }
2553  
2554      // Set up user handler.
2555      require_once  MYBB_ROOT."inc/datahandlers/user.php";
2556      $userhandler = new UserDataHandler('update');
2557  
2558      // Set the data for the new user.
2559      $updated_user = array(
2560          "uid" => $user['uid'],
2561          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
2562          "profile_fields_editable" => true,
2563          "website" => $mybb->get_input('website'),
2564          "icq" => $mybb->get_input('icq'),
2565          "skype" => $mybb->get_input('skype'),
2566          "google" => $mybb->get_input('google'),
2567          "signature" => $mybb->get_input('signature'),
2568          "usernotes" => $mybb->get_input('usernotes'),
2569          "away" => $away
2570      );
2571  
2572      $updated_user['birthday'] = array(
2573          "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT),
2574          "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT),
2575          "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT)
2576      );
2577  
2578      if(!empty($mybb->input['usertitle']))
2579      {
2580          $updated_user['usertitle'] = $mybb->get_input('usertitle');
2581      }
2582      else if(!empty($mybb->input['reverttitle']))
2583      {
2584          $updated_user['usertitle'] = '';
2585      }
2586  
2587      if(!empty($mybb->input['remove_avatar']))
2588      {
2589          $updated_user['avatarurl'] = '';
2590      }
2591  
2592      // Set the data of the user in the datahandler.
2593      $userhandler->set_data($updated_user);
2594      $errors = array();
2595  
2596      // Validate the user and get any errors that might have occurred.
2597      if(!$userhandler->validate_user())
2598      {
2599          $errors = $userhandler->get_friendly_errors();
2600          $mybb->input['action'] = "editprofile";
2601      }
2602      else
2603      {
2604          // Are we removing an avatar from this user?
2605          if(!empty($mybb->input['remove_avatar']))
2606          {
2607              $extra_user_updates = array(
2608                  "avatar" => "",
2609                  "avatardimensions" => "",
2610                  "avatartype" => ""
2611              );
2612              remove_avatars($user['uid']);
2613          }
2614  
2615          // Moderator "Options" (suspend signature, suspend/moderate posting)
2616          $moderator_options = array(
2617              1 => array(
2618                  "action" => "suspendsignature", // The moderator action we're performing
2619                  "period" => "action_period", // The time period we've selected from the dropdown box
2620                  "time" => "action_time", // The time we've entered
2621                  "update_field" => "suspendsignature", // The field in the database to update if true
2622                  "update_length" => "suspendsigtime" // The length of suspension field in the database
2623              ),
2624              2 => array(
2625                  "action" => "moderateposting",
2626                  "period" => "modpost_period",
2627                  "time" => "modpost_time",
2628                  "update_field" => "moderateposts",
2629                  "update_length" => "moderationtime"
2630              ),
2631              3 => array(
2632                  "action" => "suspendposting",
2633                  "period" => "suspost_period",
2634                  "time" => "suspost_time",
2635                  "update_field" => "suspendposting",
2636                  "update_length" => "suspensiontime"
2637              )
2638          );
2639  
2640          require_once  MYBB_ROOT."inc/functions_warnings.php";
2641          foreach($moderator_options as $option)
2642          {
2643              ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT);
2644              $mybb->input[$option['period']] = $mybb->get_input($option['period']);
2645              if(empty($mybb->input[$option['action']]))
2646              {
2647                  if($user[$option['update_field']] == 1)
2648                  {
2649                      // We're revoking the suspension
2650                      $extra_user_updates[$option['update_field']] = 0;
2651                      $extra_user_updates[$option['update_length']] = 0;
2652                  }
2653  
2654                  // Skip this option if we haven't selected it
2655                  continue;
2656              }
2657  
2658              else
2659              {
2660                  if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
2661                  {
2662                      // User has selected a type of ban, but not entered a valid time frame
2663                      $string = $option['action']."_error";
2664                      $errors[] = $lang->$string;
2665                  }
2666                  else
2667                  {
2668                      $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
2669  
2670                      if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
2671                      {
2672                          // We already have a suspension, but entered a new time
2673                          if($suspend_length == "-1")
2674                          {
2675                              // Permanent ban on action
2676                              $extra_user_updates[$option['update_length']] = 0;
2677                          }
2678                          elseif($suspend_length && $suspend_length != "-1")
2679                          {
2680                              // Temporary ban on action
2681                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2682                          }
2683                      }
2684                      elseif(!$user[$option['update_field']])
2685                      {
2686                          // New suspension for this user... bad user!
2687                          $extra_user_updates[$option['update_field']] = 1;
2688                          if($suspend_length == "-1")
2689                          {
2690                              $extra_user_updates[$option['update_length']] = 0;
2691                          }
2692                          else
2693                          {
2694                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2695                          }
2696                      }
2697                  }
2698              }
2699          }
2700  
2701          // Those with javascript turned off will be able to select both - cheeky!
2702          // Check to make sure we're not moderating AND suspending posting
2703          if(isset($extra_user_updates) && !empty($extra_user_updates['moderateposts']) && !empty($extra_user_updates['suspendposting']))
2704          {
2705              $errors[] = $lang->suspendmoderate_error;
2706          }
2707  
2708          if(is_array($errors) && !empty($errors))
2709          {
2710              $mybb->input['action'] = "editprofile";
2711          }
2712          else
2713          {
2714              $plugins->run_hooks("modcp_do_editprofile_update");
2715  
2716              // Continue with the update if there is no errors
2717              $user_info = $userhandler->update_user();
2718              if(!empty($extra_user_updates))
2719              {
2720                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
2721              }
2722              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user);
2723  
2724              $plugins->run_hooks("modcp_do_editprofile_end");
2725  
2726              redirect("modcp.php?action=finduser", $lang->redirect_user_updated);
2727          }
2728      }
2729  }
2730  
2731  if($mybb->input['action'] == "editprofile")
2732  {
2733      if($mybb->usergroup['caneditprofiles'] == 0)
2734      {
2735          error_no_permission();
2736      }
2737  
2738      add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile");
2739  
2740      $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
2741      if(!$user)
2742      {
2743          error($lang->error_nomember);
2744      }
2745  
2746      // Check if the current user has permission to edit this user
2747      if(!modcp_can_manage_user($user['uid']))
2748      {
2749          error_no_permission();
2750      }
2751  
2752      $userperms = user_permissions($user['uid']);
2753  
2754      // Set display group
2755      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2756  
2757      if(!$user['displaygroup'])
2758      {
2759          $user['displaygroup'] = $user['usergroup'];
2760      }
2761  
2762      $display_group = usergroup_displaygroup($user['displaygroup']);
2763      if(is_array($display_group))
2764      {
2765          $userperms = array_merge($userperms, $display_group);
2766      }
2767  
2768      if(!my_validate_url($user['website']))
2769      {
2770          $user['website'] = '';
2771      }
2772  
2773      if($user['icq'] != "0")
2774      {
2775          $user['icq'] = (int)$user['icq'];
2776      }
2777  
2778      if(!$errors)
2779      {
2780          $mybb->input = array_merge($user, $mybb->input);
2781          $birthday = explode('-', $user['birthday']);
2782          if(!isset($birthday[1]))
2783          {
2784              $birthday[1] = '';
2785          }
2786          if(!isset($birthday[2]))
2787          {
2788              $birthday[2] = '';
2789          }
2790          list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday;
2791      }
2792      else
2793      {
2794          $errors = inline_error($errors);
2795      }
2796  
2797      // Sanitize all input
2798      foreach(array('usertitle', 'website', 'icq', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
2799      {
2800          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
2801      }
2802  
2803      // Custom user title
2804      if(!empty($userperms['usertitle']))
2805      {
2806          $defaulttitle = htmlspecialchars_uni($userperms['usertitle']);
2807      }
2808      else
2809      {
2810          // Go for post count title if a group default isn't set
2811          $usertitles = $cache->read('usertitles');
2812  
2813          foreach($usertitles as $title)
2814          {
2815              if($title['posts'] <= $user['postnum'])
2816              {
2817                  $defaulttitle = $title['title'];
2818                  break;
2819              }
2820          }
2821      }
2822  
2823      $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
2824  
2825      if(empty($user['usertitle']))
2826      {
2827          $lang->current_custom_usertitle = '';
2828      }
2829  
2830      $bdaydaysel = $selected = '';
2831      for($day = 1; $day <= 31; ++$day)
2832      {
2833          if($mybb->input['birthday_day'] == $day)
2834          {
2835              $selected = "selected=\"selected\"";
2836          }
2837          else
2838          {
2839              $selected = '';
2840          }
2841  
2842          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
2843      }
2844  
2845      $bdaymonthsel = array();
2846      foreach(range(1, 12) as $month)
2847      {
2848          $bdaymonthsel[$month] = '';
2849      }
2850      $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"';
2851  
2852      if($mybb->settings['allowaway'] != 0)
2853      {
2854          $awaycheck = array('', '');
2855          if($errors)
2856          {
2857              if($user['away'] == 1)
2858              {
2859                  $awaycheck[1] = "checked=\"checked\"";
2860              }
2861              else
2862              {
2863                  $awaycheck[0] = "checked=\"checked\"";
2864              }
2865              $returndate = array();
2866              $returndate[0] = $mybb->get_input('awayday');
2867              $returndate[1] = $mybb->get_input('awaymonth');
2868              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
2869              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
2870          }
2871          else
2872          {
2873              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
2874              if($user['away'] == 1)
2875              {
2876                  $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']);
2877                  $awaycheck[1] = "checked=\"checked\"";
2878                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
2879              }
2880              else
2881              {
2882                  $awaynotice = $lang->away_notice;
2883                  $awaycheck[0] = "checked=\"checked\"";
2884              }
2885              $returndate = explode("-", $user['returndate']);
2886          }
2887          $returndatesel = $selected = '';
2888          for($day = 1; $day <= 31; ++$day)
2889          {
2890              if($returndate[0] == $day)
2891              {
2892                  $selected = "selected=\"selected\"";
2893              }
2894              else
2895              {
2896                  $selected = '';
2897              }
2898  
2899              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
2900          }
2901  
2902          $returndatemonthsel = array();
2903          foreach(range(1, 12) as $month)
2904          {
2905              $returndatemonthsel[$month] = '';
2906          }
2907          if(isset($returndate[1]))
2908          {
2909              $returndatemonthsel[$returndate[1]] = " selected=\"selected\"";
2910          }
2911  
2912          if(!isset($returndate[2]))
2913          {
2914              $returndate[2] = '';
2915          }
2916  
2917          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
2918      }
2919  
2920      $plugins->run_hooks("modcp_editprofile_start");
2921  
2922      // Fetch profile fields
2923      $user_fields = array();
2924      $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
2925      if($db->num_rows($query) > 0)
2926      {
2927          $user_fields = $db->fetch_array($query);
2928      }
2929  
2930      $requiredfields = '';
2931      $customfields = '';
2932      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
2933  
2934      $pfcache = $cache->read('profilefields');
2935  
2936      if(is_array($pfcache))
2937      {
2938          foreach($pfcache as $profilefield)
2939          {
2940              $userfield = $code = $select = $val = $options = $expoptions = $useropts = '';
2941              $seloptions = array();
2942              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
2943              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
2944              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
2945              $thing = explode("\n", $profilefield['type'], "2");
2946              $type = $thing[0];
2947              if(isset($thing[1]))
2948              {
2949                  $options = $thing[1];
2950              }
2951              $field = "fid{$profilefield['fid']}";
2952              if($errors)
2953              {
2954                  if(isset($mybb->input['profile_fields'][$field]))
2955                  {
2956                      $userfield = $mybb->input['profile_fields'][$field];
2957                  }
2958              }
2959              elseif(isset($user_fields[$field]))
2960              {
2961                  $userfield = $user_fields[$field];
2962              }
2963              if($type == "multiselect")
2964              {
2965                  if($errors)
2966                  {
2967                      $useropts = $userfield;
2968                  }
2969                  else
2970                  {
2971                      $useropts = explode("\n", $userfield);
2972                  }
2973                  if(is_array($useropts))
2974                  {
2975                      foreach($useropts as $key => $val)
2976                      {
2977                          $seloptions[$val] = $val;
2978                      }
2979                  }
2980                  $expoptions = explode("\n", $options);
2981                  if(is_array($expoptions))
2982                  {
2983                      foreach($expoptions as $key => $val)
2984                      {
2985                          $val = trim($val);
2986                          $val = str_replace("\n", "\\n", $val);
2987  
2988                          $sel = "";
2989                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
2990                          {
2991                              $sel = " selected=\"selected\"";
2992                          }
2993  
2994                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
2995                      }
2996                      if(!$profilefield['length'])
2997                      {
2998                          $profilefield['length'] = 3;
2999                      }
3000  
3001                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
3002                  }
3003              }
3004              elseif($type == "select")
3005              {
3006                  $expoptions = explode("\n", $options);
3007                  if(is_array($expoptions))
3008                  {
3009                      foreach($expoptions as $key => $val)
3010                      {
3011                          $val = trim($val);
3012                          $val = str_replace("\n", "\\n", $val);
3013                          $sel = "";
3014                          if($val == $userfield)
3015                          {
3016                              $sel = " selected=\"selected\"";
3017                          }
3018  
3019                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
3020                      }
3021                      if(!$profilefield['length'])
3022                      {
3023                          $profilefield['length'] = 1;
3024                      }
3025  
3026                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
3027                  }
3028              }
3029              elseif($type == "radio")
3030              {
3031                  $expoptions = explode("\n", $options);
3032                  if(is_array($expoptions))
3033                  {
3034                      foreach($expoptions as $key => $val)
3035                      {
3036                          $checked = "";
3037                          if($val == $userfield)
3038                          {
3039                              $checked = " checked=\"checked\"";
3040                          }
3041  
3042                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
3043                      }
3044                  }
3045              }
3046              elseif($type == "checkbox")
3047              {
3048                  if($errors)
3049                  {
3050                      $useropts = $userfield;
3051                  }
3052                  else
3053                  {
3054                      $useropts = explode("\n", $userfield);
3055                  }
3056                  if(is_array($useropts))
3057                  {
3058                      foreach($useropts as $key => $val)
3059                      {
3060                          $seloptions[$val] = $val;
3061                      }
3062                  }
3063                  $expoptions = explode("\n", $options);
3064                  if(is_array($expoptions))
3065                  {
3066                      foreach($expoptions as $key => $val)
3067                      {
3068                          $checked = "";
3069                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3070                          {
3071                              $checked = " checked=\"checked\"";
3072                          }
3073  
3074                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
3075                      }
3076                  }
3077              }
3078              elseif($type == "textarea")
3079              {
3080                  $value = htmlspecialchars_uni($userfield);
3081                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
3082              }
3083              else
3084              {
3085                  $value = htmlspecialchars_uni($userfield);
3086                  $maxlength = "";
3087                  if($profilefield['maxlength'] > 0)
3088                  {
3089                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
3090                  }
3091  
3092                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
3093              }
3094  
3095              if($profilefield['required'] == 1)
3096              {
3097                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3098              }
3099              else
3100              {
3101                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3102              }
3103              $altbg = alt_trow();
3104          }
3105      }
3106      if($customfields)
3107      {
3108          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
3109      }
3110  
3111      $user['username'] = htmlspecialchars_uni($user['username']);
3112      $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']);
3113      $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3114  
3115      $user['signature'] = htmlspecialchars_uni($user['signature']);
3116      $codebuttons = build_mycode_inserter("signature");
3117  
3118      // Do we mark the suspend signature box?
3119      if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors)))
3120      {
3121          $checked = 1;
3122          $checked_item = "checked=\"checked\"";
3123      }
3124      else
3125      {
3126          $checked = 0;
3127          $checked_item = '';
3128      }
3129  
3130      // Do we mark the moderate posts box?
3131      if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors)))
3132      {
3133          $modpost_check = 1;
3134          $modpost_checked = "checked=\"checked\"";
3135      }
3136      else
3137      {
3138          $modpost_check = 0;
3139          $modpost_checked = '';
3140      }
3141  
3142      // Do we mark the suspend posts box?
3143      if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors)))
3144      {
3145          $suspost_check = 1;
3146          $suspost_checked = "checked=\"checked\"";
3147      }
3148      else
3149      {
3150          $suspost_check = 0;
3151          $suspost_checked = '';
3152      }
3153  
3154      $moderator_options = array(
3155          1 => array(
3156              "action" => "suspendsignature", // The input action for this option
3157              "option" => "suspendsignature", // The field in the database that this option relates to
3158              "time" => "action_time", // The time we've entered
3159              "length" => "suspendsigtime", // The length of suspension field in the database
3160              "select_option" => "action" // The name of the select box of this option
3161          ),
3162          2 => array(
3163              "action" => "moderateposting",
3164              "option" => "moderateposts",
3165              "time" => "modpost_time",
3166              "length" => "moderationtime",
3167              "select_option" => "modpost"
3168          ),
3169          3 => array(
3170              "action" => "suspendposting",
3171              "option" => "suspendposting",
3172              "time" => "suspost_time",
3173              "length" => "suspensiontime",
3174              "select_option" => "suspost"
3175          )
3176      );
3177  
3178      $periods = array(
3179          "hours" => $lang->expire_hours,
3180          "days" => $lang->expire_days,
3181          "weeks" => $lang->expire_weeks,
3182          "months" => $lang->expire_months,
3183          "never" => $lang->expire_permanent
3184      );
3185  
3186      $suspendsignature_info = $moderateposts_info = $suspendposting_info = '';
3187      $action_options = $modpost_options = $suspost_options = '';
3188      $modopts = array();
3189      foreach($moderator_options as $option)
3190      {
3191          ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT);
3192          // Display the suspension info, if this user has this option suspended
3193          if($user[$option['option']])
3194          {
3195              if($user[$option['length']] == 0)
3196              {
3197                  // User has a permanent ban
3198                  $string = $option['option']."_perm";
3199                  $suspension_info = $lang->$string;
3200              }
3201              else
3202              {
3203                  // User has a temporary (or limited) ban
3204                  $string = $option['option']."_for";
3205                  $for_date = my_date('relative', $user[$option['length']], '', 2);
3206                  $suspension_info = $lang->sprintf($lang->$string, $for_date);
3207              }
3208  
3209              switch($option['option'])
3210              {
3211                  case "suspendsignature":
3212                      eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3213                      break;
3214                  case "moderateposts":
3215                      eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3216                      break;
3217                  case "suspendposting":
3218                      eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3219                      break;
3220              }
3221          }
3222  
3223          // Generate the boxes for this option
3224          $selection_options = '';
3225          foreach($periods as $key => $value)
3226          {
3227              $string = $option['select_option']."_period";
3228              if($mybb->get_input($string) == $key)
3229              {
3230                  $selected = "selected=\"selected\"";
3231              }
3232              else
3233              {
3234                  $selected = '';
3235              }
3236  
3237              eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";");
3238          }
3239  
3240          $select_name = $option['select_option']."_period";
3241          switch($option['option'])
3242          {
3243              case "suspendsignature":
3244                  eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";");
3245                  break;
3246              case "moderateposts":
3247                  eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3248                  break;
3249              case "suspendposting":
3250                  eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3251                  break;
3252          }
3253      }
3254  
3255      eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";");
3256  
3257      $user['usernotes'] = htmlspecialchars_uni($user['usernotes']);
3258  
3259      if(!isset($newtitle))
3260      {
3261          $newtitle = '';
3262      }
3263  
3264      $birthday_year = $mybb->input['birthday_year'];
3265      $user_website = $mybb->input['website'];
3266      $user_icq = $mybb->input['icq'];
3267      $user_skype = $mybb->input['skype'];
3268      $user_google = $mybb->input['google'];
3269  
3270      $plugins->run_hooks("modcp_editprofile_end");
3271  
3272      eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";");
3273      output_page($edituser);
3274  }
3275  
3276  if($mybb->input['action'] == "finduser")
3277  {
3278      if($mybb->usergroup['caneditprofiles'] == 0)
3279      {
3280          error_no_permission();
3281      }
3282  
3283      add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser");
3284  
3285      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3286      if(!$perpage || $perpage <= 0)
3287      {
3288          $perpage = $mybb->settings['threadsperpage'];
3289      }
3290      $where = '';
3291  
3292      if(isset($mybb->input['username']))
3293      {
3294          switch($db->type)
3295          {
3296              case 'mysql':
3297              case 'mysqli':
3298                  $field = 'username';
3299                  break;
3300              default:
3301                  $field = 'LOWER(username)';
3302                  break;
3303          }
3304          $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'";
3305      }
3306  
3307      // Sort order & direction
3308      switch($mybb->get_input('sortby'))
3309      {
3310          case "lastvisit":
3311              $sortby = "lastvisit";
3312              break;
3313          case "postnum":
3314              $sortby = "postnum";
3315              break;
3316          case "username":
3317              $sortby = "username";
3318              break;
3319          default:
3320              $sortby = "regdate";
3321      }
3322      $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => '');
3323      $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\"";
3324      $order = $mybb->get_input('order');
3325      if($order != "asc")
3326      {
3327          $order = "desc";
3328      }
3329      $ordersel = array('asc' => '', 'desc' => '');
3330      $ordersel[$order] = " selected=\"selected\"";
3331  
3332      $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}");
3333      $user_count = $db->fetch_field($query, "count");
3334  
3335      // Figure out if we need to display multiple pages.
3336      if($mybb->get_input('page') != "last")
3337      {
3338          $page = $mybb->get_input('page');
3339      }
3340  
3341      $pages = $user_count / $perpage;
3342      $pages = ceil($pages);
3343  
3344      if($mybb->get_input('page') == "last")
3345      {
3346          $page = $pages;
3347      }
3348  
3349      if($page > $pages || $page <= 0)
3350      {
3351          $page = 1;
3352      }
3353      if($page)
3354      {
3355          $start = ($page-1) * $perpage;
3356      }
3357      else
3358      {
3359          $start = 0;
3360          $page = 1;
3361      }
3362  
3363      $page_url = 'modcp.php?action=finduser';
3364      foreach(array('username', 'sortby', 'order') as $field)
3365      {
3366          if(!empty($mybb->input[$field]))
3367          {
3368              $page_url .= "&amp;{$field}=".$mybb->input[$field];
3369          }
3370      }
3371  
3372      $multipage = multipage($user_count, $perpage, $page, $page_url);
3373  
3374      $usergroups_cache = $cache->read("usergroups");
3375  
3376      $plugins->run_hooks("modcp_finduser_start");
3377  
3378      // Fetch out results
3379      $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start));
3380      $users = '';
3381      while($user = $db->fetch_array($query))
3382      {
3383          $alt_row = alt_trow();
3384          $user['username'] = htmlspecialchars_uni($user['username']);
3385          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
3386          $user['postnum'] = my_number_format($user['postnum']);
3387          $regdate = my_date('relative', $user['regdate']);
3388  
3389          if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])
3390          {
3391              $lastdate = $lang->lastvisit_never;
3392  
3393              if($user['lastvisit'])
3394              {
3395                  // We have had at least some active time, hide it instead
3396                  $lastdate = $lang->lastvisit_hidden;
3397              }
3398          }
3399          else
3400          {
3401              $lastdate = my_date('relative', $user['lastvisit']);
3402          }
3403  
3404          $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']);
3405          eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";");
3406      }
3407  
3408      // No results?
3409      if(!$users)
3410      {
3411          eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";");
3412      }
3413  
3414      $plugins->run_hooks("modcp_finduser_end");
3415  
3416      $username = htmlspecialchars_uni($mybb->get_input('username'));
3417      eval("\$finduser = \"".$templates->get("modcp_finduser")."\";");
3418      output_page($finduser);
3419  }
3420  
3421  if($mybb->input['action'] == "warninglogs")
3422  {
3423      if($mybb->usergroup['canviewwarnlogs'] == 0)
3424      {
3425          error_no_permission();
3426      }
3427  
3428      add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs");
3429  
3430      // Filter options
3431      $where_sql = '';
3432      $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY);
3433      $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY);
3434      if(!empty($mybb->input['filter']['username']))
3435      {
3436          $search_user = get_user_by_username($mybb->input['filter']['username']);
3437  
3438          $mybb->input['filter']['uid'] = (int)$search_user['uid'];
3439          $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']);
3440      }
3441      else
3442      {
3443          $mybb->input['filter']['username'] = '';
3444      }
3445      if(!empty($mybb->input['filter']['uid']))
3446      {
3447          $search['uid'] = (int)$mybb->input['filter']['uid'];
3448          $where_sql .= " AND w.uid='{$search['uid']}'";
3449          if(!isset($mybb->input['search']['username']))
3450          {
3451              $user = get_user($mybb->input['search']['uid']);
3452              $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']);
3453          }
3454      }
3455      else
3456      {
3457          $mybb->input['filter']['uid'] = '';
3458      }
3459      if(!empty($mybb->input['filter']['mod_username']))
3460      {
3461          $mod_user = get_user_by_username($mybb->input['filter']['mod_username']);
3462  
3463          $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid'];
3464          $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']);
3465      }
3466      else
3467      {
3468          $mybb->input['filter']['mod_username'] = '';
3469      }
3470      if(!empty($mybb->input['filter']['mod_uid']))
3471      {
3472          $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid'];
3473          $where_sql .= " AND w.issuedby='{$search['mod_uid']}'";
3474          if(!isset($mybb->input['search']['mod_username']))
3475          {
3476              $mod_user = get_user($mybb->input['search']['uid']);
3477              $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']);
3478          }
3479      }
3480      else
3481      {
3482          $mybb->input['filter']['mod_uid'] = '';
3483      }
3484      if(!empty($mybb->input['filter']['reason']))
3485      {
3486          $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']);
3487          $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";
3488          $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']);
3489      }
3490      else
3491      {
3492          $mybb->input['filter']['reason'] = '';
3493      }
3494      $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => '');
3495      if(!isset($mybb->input['filter']['sortby']))
3496      {
3497          $mybb->input['filter']['sortby'] = '';
3498      }
3499      switch($mybb->input['filter']['sortby'])
3500      {
3501          case "username":
3502              $sortby = "u.username";
3503              $sortbysel['username'] = ' selected="selected"';
3504              break;
3505          case "expires":
3506              $sortby = "w.expires";
3507              $sortbysel['expires'] = ' selected="selected"';
3508              break;
3509          case "issuedby":
3510              $sortby = "i.username";
3511              $sortbysel['issuedby'] = ' selected="selected"';
3512              break;
3513          default: // "dateline"
3514              $sortby = "w.dateline";
3515              $sortbysel['dateline'] = ' selected="selected"';
3516      }
3517      if(!isset($mybb->input['filter']['order']))
3518      {
3519          $mybb->input['filter']['order'] = '';
3520      }
3521      $order = $mybb->input['filter']['order'];
3522      $ordersel = array('asc' => '', 'desc' => '');
3523      if($order != "asc")
3524      {
3525          $order = "desc";
3526          $ordersel['desc'] = ' selected="selected"';
3527      }
3528      else
3529      {
3530          $ordersel['asc'] = ' selected="selected"';
3531      }
3532  
3533      $plugins->run_hooks("modcp_warninglogs_start");
3534  
3535      // Pagination stuff
3536      $sql = "
3537          SELECT COUNT(wid) as count
3538          FROM
3539              ".TABLE_PREFIX."warnings w
3540              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3541          WHERE 1=1
3542              {$where_sql}
3543      ";
3544      $query = $db->query($sql);
3545      $total_warnings = $db->fetch_field($query, 'count');
3546      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3547      if($page <= 0)
3548      {
3549          $page = 1;
3550      }
3551      $per_page = 20;
3552      if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0)
3553      {
3554          $per_page = (int)$mybb->input['filter']['per_page'];
3555      }
3556      $start = ($page-1) * $per_page;
3557      $pages = ceil($total_warnings / $per_page);
3558      if($page > $pages)
3559      {
3560          $start = 0;
3561          $page = 1;
3562      }
3563      // Build the base URL for pagination links
3564      $url = 'modcp.php?action=warninglogs';
3565      if(is_array($mybb->input['filter']) && count($mybb->input['filter']))
3566      {
3567          foreach($mybb->input['filter'] as $field => $value)
3568          {
3569              $value = urlencode($value);
3570              $url .= "&amp;filter[{$field}]={$value}";
3571          }
3572      }
3573      $multipage = multipage($total_warnings, $per_page, $page, $url);
3574  
3575      // The actual query
3576      $sql = "
3577          SELECT
3578              w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby,
3579              t.title,
3580              u.uid, u.username, u.usergroup, u.displaygroup,
3581              i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup
3582          FROM ".TABLE_PREFIX."warnings w
3583              LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid)
3584              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3585              LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby)
3586          WHERE 1=1
3587              {$where_sql}
3588          ORDER BY {$sortby} {$order}
3589          LIMIT {$start}, {$per_page}
3590      ";
3591      $query = $db->query($sql);
3592  
3593  
3594      $warning_list = '';
3595      while($row = $db->fetch_array($query))
3596      {
3597          $trow = alt_trow();
3598          $row['username'] = htmlspecialchars_uni($row['username']);
3599          $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']);
3600          $username_link = build_profile_link($username, $row['uid']);
3601          $row['mod_username'] = htmlspecialchars_uni($row['mod_username']);
3602          $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']);
3603          $mod_username_link = build_profile_link($mod_username, $row['mod_uid']);
3604          $issued_date = my_date('normal', $row['dateline']);
3605          $revoked_text = '';
3606          if($row['daterevoked'] > 0)
3607          {
3608              $revoked_date = my_date('relative', $row['daterevoked']);
3609              eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";");
3610          }
3611          if($row['expires'] > 0)
3612          {
3613              $expire_date = nice_time($row['expires']-TIME_NOW);
3614          }
3615          else
3616          {
3617              $expire_date = $lang->never;
3618          }
3619          $title = $row['title'];
3620          if(empty($row['title']))
3621          {
3622              $title = $row['custom_title'];
3623          }
3624          $title = htmlspecialchars_uni($title);
3625          if($row['points'] >= 0)
3626          {
3627              $points = '+'.$row['points'];
3628          }
3629  
3630          eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";");
3631      }
3632  
3633      if(!$warning_list)
3634      {
3635          eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";");
3636      }
3637  
3638      $plugins->run_hooks("modcp_warninglogs_end");
3639  
3640      $filter_username = $mybb->input['filter']['username'];
3641      $filter_modusername = $mybb->input['filter']['mod_username'];
3642      $filter_reason = $mybb->input['filter']['reason'];
3643  
3644      eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";");
3645      output_page($warninglogs);
3646  }
3647  
3648  if($mybb->input['action'] == "ipsearch")
3649  {
3650      if($mybb->usergroup['canuseipsearch'] == 0)
3651      {
3652          error_no_permission();
3653      }
3654  
3655      add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch");
3656  
3657      $ipsearch_results = $ipaddressvalue = '';
3658      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
3659      if($mybb->input['ipaddress'])
3660      {
3661          if(!is_array($groupscache))
3662          {
3663              $groupscache = $cache->read("usergroups");
3664          }
3665  
3666          $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']);
3667  
3668          $ip_range = fetch_ip_range($mybb->input['ipaddress']);
3669  
3670          $post_results = $user_results = 0;
3671  
3672          // Searching post IP addresses
3673          if(isset($mybb->input['search_posts']))
3674          {
3675              if($ip_range)
3676              {
3677                  if(!is_array($ip_range))
3678                  {
3679                      $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range);
3680                  }
3681                  else
3682                  {
3683                      $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3684                  }
3685              }
3686  
3687              $plugins->run_hooks("modcp_ipsearch_posts_start");
3688  
3689              if($post_ip_sql)
3690              {
3691                  $where_sql = '';
3692  
3693                  $unviewable_forums = get_unviewable_forums(true);
3694  
3695                  if($unviewable_forums)
3696                  {
3697                      $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})";
3698                  }
3699  
3700                  if($inactiveforums)
3701                  {
3702                      $where_sql .= " AND p.fid NOT IN ({$inactiveforums})";
3703                  }
3704  
3705                  // Check group permissions if we can't view threads not started by us
3706                  $onlyusfids = array();
3707                  $group_permissions = forum_permissions();
3708                  foreach($group_permissions as $fid => $forumpermissions)
3709                  {
3710                      if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1)
3711                      {
3712                          $onlyusfids[] = $fid;
3713                      }
3714                  }
3715  
3716                  if(!empty($onlyusfids))
3717                  {
3718                      $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
3719                  }
3720  
3721                  // Moderators can view unapproved/deleted posts
3722                  if($mybb->usergroup['issupermod'] != 1)
3723                  {
3724                      $unapprove_forums = array();
3725                      $deleted_forums = array();
3726                      $visible_sql = " AND (p.visible = 1 AND t.visible = 1)";
3727                      $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
3728                      while($moderator = $db->fetch_array($query))
3729                      {
3730                          if($moderator['canviewunapprove'] == 1)
3731                          {
3732                              $unapprove_forums[] = $moderator['fid'];
3733                          }
3734  
3735                          if($moderator['canviewdeleted'] == 1)
3736                          {
3737                              $deleted_forums[] = $moderator['fid'];
3738                          }
3739                      }
3740  
3741                      if(!empty($unapprove_forums))
3742                      {
3743                          $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
3744                      }
3745                      if(!empty($deleted_forums))
3746                      {
3747                          $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
3748                      }
3749                  }
3750                  else
3751                  {
3752                      // Super moderators (and admins)
3753                      $visible_sql = " AND p.visible >= -1";
3754                  }
3755  
3756                  $query = $db->query("
3757                      SELECT COUNT(p.pid) AS count
3758                      FROM ".TABLE_PREFIX."posts p
3759                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3760                      WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3761                  ");
3762                  $post_results = $db->fetch_field($query, "count");
3763              }
3764          }
3765  
3766          // Searching user IP addresses
3767          if(isset($mybb->input['search_users']))
3768          {
3769              if($ip_range)
3770              {
3771                  if(!is_array($ip_range))
3772                  {
3773                      $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range);
3774                  }
3775                  else
3776                  {
3777                      $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3778                  }
3779              }
3780  
3781              $plugins->run_hooks("modcp_ipsearch_users_start");
3782  
3783              if($user_ip_sql)
3784              {
3785                  $query = $db->simple_select('users', 'COUNT(uid) AS count', $user_ip_sql);
3786  
3787                  $user_results = $db->fetch_field($query, "count");
3788              }
3789          }
3790  
3791