[ Index ]

PHP Cross Reference of MyBB 1.8.38

title

Body

[close]

/ -> modcp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'modcp.php');
  13  
  14  $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation";
  15  $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview";
  16  $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning";
  17  $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info";
  18  $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts";
  19  $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist";
  20  $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link";
  21  $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link";
  22  $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away";
  23  $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link";
  24  $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete";
  25  $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread";
  26  $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active";
  27  $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text";
  28  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit";
  29  $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/functions_upload.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  require_once  MYBB_ROOT."inc/class_parser.php";
  36  $parser = new postParser;
  37  
  38  // Set up the array of ban times.
  39  $bantimes = fetch_ban_times();
  40  
  41  // Load global language phrases
  42  $lang->load("modcp");
  43  $lang->load("announcements");
  44  
  45  if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
  46  {
  47      error_no_permission();
  48  }
  49  
  50  if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
  51  {
  52      $mybb->settings['threadsperpage'] = 20;
  53  }
  54  
  55  $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach =
  56  $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = '';
  57  // SQL for fetching items only related to forums this user moderates
  58  $moderated_forums = array();
  59  $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  60  if($mybb->usergroup['issupermod'] != 1)
  61  {
  62      $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')");
  63      while($forum = $db->fetch_array($query))
  64      {
  65          $moderated_forums[] = $forum['fid'];
  66          $children = get_child_list($forum['fid']);
  67          if(is_array($children))
  68          {
  69              $moderated_forums = array_merge($moderated_forums, $children);
  70          }
  71      }
  72      $moderated_forums = array_unique($moderated_forums);
  73  
  74      $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0;
  75      foreach($moderated_forums as $moderated_forum)
  76      {
  77          // For Announcements
  78          if(is_moderator($moderated_forum, 'canmanageannouncements'))
  79          {
  80              ++$numannouncements;
  81          }
  82  
  83          // For the Mod Queues
  84          if(is_moderator($moderated_forum, 'canapproveunapprovethreads'))
  85          {
  86              $flist_queue_threads .= ",'{$moderated_forum}'";
  87              ++$nummodqueuethreads;
  88          }
  89  
  90          if(is_moderator($moderated_forum, 'canapproveunapproveposts'))
  91          {
  92              $flist_queue_posts .= ",'{$moderated_forum}'";
  93              ++$nummodqueueposts;
  94          }
  95  
  96          if(is_moderator($moderated_forum, 'canapproveunapproveattachs'))
  97          {
  98              $flist_queue_attach .= ",'{$moderated_forum}'";
  99              ++$nummodqueueattach;
 100          }
 101  
 102          // For Reported posts
 103          if(is_moderator($moderated_forum, 'canmanagereportedposts'))
 104          {
 105              $flist_reports .= ",'{$moderated_forum}'";
 106              ++$numreportedposts;
 107          }
 108  
 109          // For the Mod Log
 110          if(is_moderator($moderated_forum, 'canviewmodlog'))
 111          {
 112              $flist_modlog .= ",'{$moderated_forum}'";
 113              ++$nummodlogs;
 114          }
 115  
 116          $flist .= ",'{$moderated_forum}'";
 117      }
 118      if($flist_queue_threads)
 119      {
 120          $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})";
 121          $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})";
 122      }
 123      if($flist_queue_posts)
 124      {
 125          $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})";
 126          $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})";
 127      }
 128      if($flist_queue_attach)
 129      {
 130          $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})";
 131          $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})";
 132      }
 133      if($flist_reports)
 134      {
 135          $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})";
 136          $tflist_reports = " AND r.id3 IN (0{$flist_reports})";
 137          $flist_reports = " AND id3 IN (0{$flist_reports})";
 138      }
 139      if($flist_modlog)
 140      {
 141          $tflist_modlog = " AND t.fid IN (0{$flist_modlog})";
 142          $flist_modlog = " AND fid IN (0{$flist_modlog})";
 143      }
 144      if($flist)
 145      {
 146          $tflist = " AND t.fid IN (0{$flist})";
 147          $flist = " AND fid IN (0{$flist})";
 148      }
 149  }
 150  
 151  // Retrieve a list of unviewable forums
 152  $unviewableforums = get_unviewable_forums();
 153  $inactiveforums = get_inactive_forums();
 154  $unviewablefids1 = $unviewablefids2 = array();
 155  
 156  if($unviewableforums)
 157  {
 158      $flist .= " AND fid NOT IN ({$unviewableforums})";
 159      $tflist .= " AND t.fid NOT IN ({$unviewableforums})";
 160  
 161      $unviewablefids1 = explode(',', $unviewableforums);
 162  }
 163  
 164  if($inactiveforums)
 165  {
 166      $flist .= " AND fid NOT IN ({$inactiveforums})";
 167      $tflist .= " AND t.fid NOT IN ({$inactiveforums})";
 168  
 169      $unviewablefids2 = explode(',', $inactiveforums);
 170  }
 171  
 172  $unviewableforums = array_merge($unviewablefids1, $unviewablefids2);
 173  
 174  if(!isset($collapsedimg['modcpforums']))
 175  {
 176      $collapsedimg['modcpforums'] = '';
 177  }
 178  
 179  if(!isset($collapsed['modcpforums_e']))
 180  {
 181      $collapsed['modcpforums_e'] = '';
 182  }
 183  
 184  if(!isset($collapsedimg['modcpusers']))
 185  {
 186      $collapsedimg['modcpusers'] = '';
 187  }
 188  
 189  if(!isset($collapsed['modcpusers_e']))
 190  {
 191      $collapsed['modcpusers_e'] = '';
 192  }
 193  
 194  // Fetch the Mod CP menu
 195  $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = '';
 196  if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1)
 197  {
 198      eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";");
 199  }
 200  
 201  if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1)
 202  {
 203      eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";");
 204  }
 205  
 206  if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1)
 207  {
 208      eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";");
 209  }
 210  
 211  if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1)
 212  {
 213      eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";");
 214  }
 215  
 216  if($mybb->usergroup['caneditprofiles'] == 1)
 217  {
 218      eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";");
 219  }
 220  
 221  if($mybb->usergroup['canbanusers'] == 1)
 222  {
 223      eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";");
 224  }
 225  
 226  if($mybb->usergroup['canviewwarnlogs'] == 1)
 227  {
 228      eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";");
 229  }
 230  
 231  if($mybb->usergroup['canuseipsearch'] == 1)
 232  {
 233      eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";");
 234  }
 235  
 236  $plugins->run_hooks("modcp_nav");
 237  
 238  if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs))
 239  {
 240      $expaltext = (in_array("modcpforums", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;
 241      eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";");
 242  }
 243  
 244  if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch))
 245  {
 246      $expaltext = (in_array("modcpusers", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;
 247      eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";");
 248  }
 249  
 250  eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";");
 251  
 252  $plugins->run_hooks("modcp_start");
 253  
 254  // Make navigation
 255  add_breadcrumb($lang->nav_modcp, "modcp.php");
 256  
 257  $mybb->input['action'] = $mybb->get_input('action');
 258  if($mybb->input['action'] == "do_reports")
 259  {
 260      // Verify incoming POST request
 261      verify_post_check($mybb->get_input('my_post_key'));
 262  
 263      $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY);
 264      if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports']))
 265      {
 266          error($lang->error_noselected_reports);
 267      }
 268  
 269      $message = $lang->redirect_reportsmarked;
 270  
 271      if(isset($mybb->cookies['inlinereports']))
 272      {
 273          if($mybb->cookies['inlinereports'] == '|ALL|') {
 274              $message = $lang->redirect_allreportsmarked;
 275              $sql = "1=1";
 276              if(isset($mybb->cookies['inlinereports_removed']))
 277              {
 278                  $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']);
 279                  $reports = array_map("intval", $inlinereportremovedlist);
 280                  $rids = implode("','", $reports);
 281                  $sql = "rid NOT IN ('0','{$rids}')";
 282              }
 283          }
 284          else
 285          {
 286              $inlinereportlist = explode("|", $mybb->cookies['inlinereports']);
 287              $reports = array_map("intval", $inlinereportlist);
 288  
 289              if(!count($reports))
 290              {
 291                  error($lang->error_noselected_reports);
 292              }
 293  
 294              $rids = implode("','", $reports);
 295  
 296              $sql = "rid IN ('0','{$rids}')";
 297          }
 298      }
 299      else
 300      {
 301          $mybb->input['reports'] = array_map("intval", $mybb->input['reports']);
 302          $rids = implode("','", $mybb->input['reports']);
 303  
 304          $sql = "rid IN ('0','{$rids}')";
 305      }
 306  
 307      $plugins->run_hooks("modcp_do_reports");
 308  
 309      $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}");
 310      $cache->update_reportedcontent();
 311  
 312      my_unsetcookie('inlinereports');
 313      my_unsetcookie('inlinereports_removed');
 314  
 315      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 316  
 317      redirect("modcp.php?action=reports&page={$page}", $message);
 318  }
 319  
 320  if($mybb->input['action'] == "reports")
 321  {
 322      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 323      {
 324          error_no_permission();
 325      }
 326  
 327      if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1)
 328      {
 329          error($lang->you_cannot_view_reported_posts);
 330      }
 331  
 332      $lang->load('report');
 333      add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports");
 334  
 335      $perpage = $mybb->settings['threadsperpage'];
 336      if(!$perpage)
 337      {
 338          $perpage = 20;
 339      }
 340  
 341      // Multipage
 342      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 343      {
 344          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'");
 345          $report_count = $db->fetch_field($query, "count");
 346      }
 347      else
 348      {
 349          $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')");
 350  
 351          $report_count = 0;
 352          while($fid = $db->fetch_field($query, 'id3'))
 353          {
 354              if(is_moderator($fid, "canmanagereportedposts"))
 355              {
 356                  ++$report_count;
 357              }
 358          }
 359          unset($fid);
 360      }
 361  
 362      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 363  
 364      $postcount = (int)$report_count;
 365      $pages = $postcount / $perpage;
 366      $pages = ceil($pages);
 367  
 368      if($page > $pages || $page <= 0)
 369      {
 370          $page = 1;
 371      }
 372  
 373      if($page && $page > 0)
 374      {
 375          $start = ($page-1) * $perpage;
 376      }
 377      else
 378      {
 379          $start = 0;
 380          $page = 1;
 381      }
 382  
 383      $multipage = $reportspages = '';
 384      if($postcount > $perpage)
 385      {
 386          $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports");
 387          eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 388      }
 389  
 390      $plugins->run_hooks("modcp_reports_start");
 391  
 392      // Reports
 393      $reports = $selectall = '';
 394      $inlinecount = 0;
 395  
 396      $query = $db->query("
 397          SELECT r.*, u.username, rr.title
 398          FROM ".TABLE_PREFIX."reportedcontent r
 399          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid)
 400          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 401          WHERE r.reportstatus = '0'{$tflist_reports}
 402          ORDER BY r.reports DESC
 403          LIMIT {$start}, {$perpage}
 404      ");
 405  
 406      if(!$db->num_rows($query))
 407      {
 408          // No unread reports
 409          eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";");
 410      }
 411      else
 412      {
 413          $reportedcontent = $cache->read("reportedcontent");
 414          $reportcache = $usercache = $postcache = array();
 415  
 416          while($report = $db->fetch_array($query))
 417          {
 418              if($report['type'] == 'profile' || $report['type'] == 'reputation')
 419              {
 420                  // Profile UID is in ID
 421                  if(!isset($usercache[$report['id']]))
 422                  {
 423                      $usercache[$report['id']] = $report['id'];
 424                  }
 425  
 426                  // Reputation comment? The offender is the ID2
 427                  if($report['type'] == 'reputation')
 428                  {
 429                      if(!isset($usercache[$report['id2']]))
 430                      {
 431                          $usercache[$report['id2']] = $report['id2'];
 432                      }
 433                      if(!isset($usercache[$report['id3']]))
 434                      {
 435                          // The user who was offended
 436                          $usercache[$report['id3']] = $report['id3'];
 437                      }
 438                  }
 439              }
 440              else if(!$report['type'] || $report['type'] == 'post')
 441              {
 442                  // This (should) be a post
 443                  $postcache[$report['id']] = $report['id'];
 444              }
 445  
 446              // Lastpost info - is it missing (pre-1.8)?
 447              $lastposter = $report['uid'];
 448              if(!$report['lastreport'])
 449              {
 450                  // Last reporter is our first reporter
 451                  $report['lastreport'] = $report['dateline'];
 452              }
 453  
 454              if($report['reporters'])
 455              {
 456                  $reporters = my_unserialize($report['reporters']);
 457  
 458                  if(is_array($reporters))
 459                  {
 460                      $lastposter = end($reporters);
 461                  }
 462              }
 463  
 464              if(!isset($usercache[$lastposter]))
 465              {
 466                  $usercache[$lastposter] = $lastposter;
 467              }
 468  
 469              $report['lastreporter'] = $lastposter;
 470              $reportcache[] = $report;
 471          }
 472  
 473          // Report Center gets messy
 474          // Find information about our users (because we don't log it when they file a report)
 475          if(!empty($usercache))
 476          {
 477              $sql = implode(',', array_keys($usercache));
 478              $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})");
 479  
 480              while($user = $db->fetch_array($query))
 481              {
 482                  $usercache[$user['uid']] = $user;
 483              }
 484          }
 485  
 486          // Messy * 2
 487          // Find out post information for our reported posts
 488          if(!empty($postcache))
 489          {
 490              $sql = implode(',', array_keys($postcache));
 491              $query = $db->query("
 492                  SELECT p.pid, p.uid, p.username, p.tid, t.subject
 493                  FROM ".TABLE_PREFIX."posts p
 494                  LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid)
 495                  WHERE p.pid IN ({$sql})
 496              ");
 497  
 498              while($post = $db->fetch_array($query))
 499              {
 500                  $postcache[$post['pid']] = $post;
 501              }
 502          }
 503  
 504          $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache));
 505          $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count);
 506          $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count);
 507          eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";");
 508  
 509          $plugins->run_hooks('modcp_reports_intermediate');
 510  
 511          // Now that we have all of the information needed, display the reports
 512          foreach($reportcache as $report)
 513          {
 514              $trow = alt_trow();
 515  
 516              if(!$report['type'])
 517              {
 518                  // Assume a post
 519                  $report['type'] = 'post';
 520              }
 521  
 522              // Report Information
 523              $report_data = array();
 524  
 525              switch($report['type'])
 526              {
 527                  case 'post':
 528                      $post = get_post_link($report['id'])."#pid{$report['id']}";
 529                      $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']);
 530                      $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 531  
 532                      $thread_link = get_thread_link($postcache[$report['id']]['tid']);
 533                      $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject']));
 534                      $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 535  
 536                      break;
 537                  case 'profile':
 538                      $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']);
 539                      $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 540                      break;
 541                  case 'reputation':
 542                      $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}";
 543                      $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']);
 544                      $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user);
 545  
 546                      $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']);
 547                      $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user);
 548                      break;
 549              }
 550  
 551              // Report reason and comment
 552              if($report['reasonid'] > 0)
 553              {
 554                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 555  
 556                  if(empty($report['reason']))
 557                  {
 558                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 559                  }
 560                  else
 561                  {
 562                      $comment = htmlspecialchars_uni($report['reason']);
 563                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 564                  }
 565              }
 566              else
 567              {
 568                  $report_data['comment'] = $lang->na;
 569              }
 570  
 571              $report_reports = 1;
 572              if($report['reports'])
 573              {
 574                  $report_data['reports'] = my_number_format($report['reports']);
 575              }
 576  
 577              if($report['lastreporter'])
 578              {
 579                  if(is_array($usercache[$report['lastreporter']]))
 580                  {
 581                      $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']);
 582                  }
 583                  elseif($usercache[$report['lastreporter']] > 0)
 584                  {
 585                      $lastreport_user = htmlspecialchars_uni($lang->na_deleted);
 586                  }
 587  
 588                  $lastreport_date = my_date('relative', $report['lastreport']);
 589                  $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user);
 590              }
 591  
 592              $inlinecheck = '';
 593              if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false)
 594              {
 595                  $inlinecheck = " checked=\"checked\"";
 596                  ++$inlinecount;
 597              }
 598  
 599              $plugins->run_hooks("modcp_reports_report");
 600              eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";");
 601          }
 602      }
 603  
 604      $plugins->run_hooks("modcp_reports_end");
 605  
 606      eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";");
 607      output_page($reportedcontent);
 608  }
 609  
 610  if($mybb->input['action'] == "allreports")
 611  {
 612      if($mybb->usergroup['canmanagereportedcontent'] == 0)
 613      {
 614          error_no_permission();
 615      }
 616  
 617      $lang->load('report');
 618  
 619      add_breadcrumb($lang->report_center, "modcp.php?action=reports");
 620      add_breadcrumb($lang->all_reports, "modcp.php?action=allreports");
 621  
 622      if(!$mybb->settings['threadsperpage'])
 623      {
 624          $mybb->settings['threadsperpage'] = 20;
 625      }
 626  
 627      // Figure out if we need to display multiple pages.
 628      $perpage = $mybb->settings['threadsperpage'];
 629      if($mybb->get_input('page') != "last")
 630      {
 631          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 632      }
 633  
 634      if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod'])
 635      {
 636          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count");
 637          $report_count = $db->fetch_field($query, "count");
 638      }
 639      else
 640      {
 641          $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''");
 642  
 643          $report_count = 0;
 644          while($fid = $db->fetch_field($query, 'id3'))
 645          {
 646              if(is_moderator($fid, "canmanagereportedposts"))
 647              {
 648                  ++$report_count;
 649              }
 650          }
 651          unset($fid);
 652      }
 653  
 654      if(isset($mybb->input['rid']))
 655      {
 656          $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT);
 657          $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'");
 658          $result = $db->fetch_field($query, "count");
 659          if(($result % $perpage) == 0)
 660          {
 661              $page = $result / $perpage;
 662          }
 663          else
 664          {
 665              $page = (int)$result / $perpage + 1;
 666          }
 667      }
 668      $postcount = (int)$report_count;
 669      $pages = $postcount / $perpage;
 670      $pages = ceil($pages);
 671  
 672      if($mybb->get_input('page') == "last")
 673      {
 674          $page = $pages;
 675      }
 676  
 677      if($page > $pages || $page <= 0)
 678      {
 679          $page = 1;
 680      }
 681  
 682      if($page)
 683      {
 684          $start = ($page-1) * $perpage;
 685      }
 686      else
 687      {
 688          $start = 0;
 689          $page = 1;
 690      }
 691      $upper = $start+$perpage;
 692  
 693      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
 694      $allreportspages = '';
 695      if($postcount > $perpage)
 696      {
 697          eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 698      }
 699  
 700      $plugins->run_hooks("modcp_allreports_start");
 701  
 702      $query = $db->query("
 703          SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title
 704          FROM ".TABLE_PREFIX."reportedcontent r
 705          LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid)
 706          LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)
 707          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
 708          LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
 709          LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id)
 710          LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2)
 711          LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid)
 712          {$wflist_reports}
 713          ORDER BY r.dateline DESC
 714          LIMIT {$start}, {$perpage}
 715      ");
 716  
 717      $allreports = '';
 718      if(!$db->num_rows($query))
 719      {
 720          eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";");
 721      }
 722      else
 723      {
 724          while($report = $db->fetch_array($query))
 725          {
 726              $trow = alt_trow();
 727  
 728              if($report['type'] == 'post')
 729              {
 730                  $post = get_post_link($report['id'])."#pid{$report['id']}";
 731                  $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']);
 732                  $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user);
 733  
 734                  $thread_link = get_thread_link($report['id2']);
 735                  $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject']));
 736                  $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject);
 737              }
 738              else if($report['type'] == 'profile')
 739              {
 740                  $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']);
 741                  $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user);
 742              }
 743              else if($report['type'] == 'reputation')
 744              {
 745                  $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']);
 746                  $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}";
 747                  $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user);
 748              }
 749  
 750              // Report reason and comment
 751              if($report['reasonid'] > 0)
 752              {
 753                  $reason = htmlspecialchars_uni($lang->parse($report['title']));
 754  
 755                  if(empty($report['reason']))
 756                  {
 757                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";");
 758                  }
 759                  else
 760                  {
 761                      $comment = htmlspecialchars_uni($report['reason']);
 762                      eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";");
 763                  }
 764              }
 765              else
 766              {
 767                  $report_data['comment'] = $lang->na;
 768              }
 769  
 770              $report['reporterlink'] = get_profile_link($report['uid']);
 771              if(!$report['username'])
 772              {
 773                  $report['username'] = $lang->na_deleted;
 774                  $report['reporterlink'] = $post;
 775              }
 776              $report['username'] = htmlspecialchars_uni($report['username']);
 777  
 778              $report_data['reports'] = my_number_format($report['reports']);
 779              $report_data['time'] = my_date('relative', $report['dateline']);
 780  
 781              $plugins->run_hooks("modcp_allreports_report");
 782              eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";");
 783          }
 784      }
 785  
 786      $plugins->run_hooks("modcp_allreports_end");
 787  
 788      eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";");
 789      output_page($allreportedcontent);
 790  }
 791  
 792  if($mybb->input['action'] == "modlogs")
 793  {
 794      if($mybb->usergroup['canviewmodlogs'] == 0)
 795      {
 796          error_no_permission();
 797      }
 798  
 799      if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1)
 800      {
 801          error($lang->you_cannot_view_mod_logs);
 802      }
 803  
 804      add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");
 805  
 806      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
 807      if(!$perpage || $perpage <= 0)
 808      {
 809          $perpage = $mybb->settings['threadsperpage'];
 810      }
 811  
 812      $where = '';
 813  
 814      // Searching for entries by a particular user
 815      if($mybb->get_input('uid', MyBB::INPUT_INT))
 816      {
 817          $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
 818      }
 819  
 820      // Searching for entries in a specific forum
 821      if($mybb->get_input('fid', MyBB::INPUT_INT))
 822      {
 823          $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
 824      }
 825  
 826      $mybb->input['sortby'] = $mybb->get_input('sortby');
 827  
 828      // Order?
 829      switch($mybb->input['sortby'])
 830      {
 831          case "username":
 832              $sortby = "u.username";
 833              break;
 834          case "forum":
 835              $sortby = "f.name";
 836              break;
 837          case "thread":
 838              $sortby = "t.subject";
 839              break;
 840          default:
 841              $sortby = "l.dateline";
 842      }
 843      $order = $mybb->get_input('order');
 844      if($order != "asc")
 845      {
 846          $order = "desc";
 847      }
 848  
 849      $plugins->run_hooks("modcp_modlogs_start");
 850  
 851      $query = $db->query("
 852          SELECT COUNT(l.dateline) AS count
 853          FROM ".TABLE_PREFIX."moderatorlog l
 854          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 855          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 856          WHERE 1=1 {$where}{$tflist_modlog}
 857      ");
 858      $rescount = $db->fetch_field($query, "count");
 859  
 860      // Figure out if we need to display multiple pages.
 861      if($mybb->get_input('page') != "last")
 862      {
 863          $page = $mybb->get_input('page', MyBB::INPUT_INT);
 864      }
 865  
 866      $postcount = (int)$rescount;
 867      $pages = $postcount / $perpage;
 868      $pages = ceil($pages);
 869  
 870      if($mybb->get_input('page') == "last")
 871      {
 872          $page = $pages;
 873      }
 874  
 875      if($page > $pages || $page <= 0)
 876      {
 877          $page = 1;
 878      }
 879  
 880      if($page)
 881      {
 882          $start = ($page-1) * $perpage;
 883      }
 884      else
 885      {
 886          $start = 0;
 887          $page = 1;
 888      }
 889  
 890      $page_url = 'modcp.php?action=modlogs&amp;perpage='.$perpage;
 891      foreach(array('uid', 'fid') as $field)
 892      {
 893          $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT);
 894          if(!empty($mybb->input[$field]))
 895          {
 896              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 897          }
 898      }
 899      foreach(array('sortby', 'order') as $field)
 900      {
 901          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
 902          if(!empty($mybb->input[$field]))
 903          {
 904              $page_url .= "&amp;{$field}=".$mybb->input[$field];
 905          }
 906      }
 907  
 908      $multipage = multipage($postcount, $perpage, $page, $page_url);
 909      $resultspages = '';
 910      if($postcount > $perpage)
 911      {
 912          eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");
 913      }
 914      $query = $db->query("
 915          SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
 916          FROM ".TABLE_PREFIX."moderatorlog l
 917          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 918          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 919          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
 920          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
 921          WHERE 1=1 {$where}{$tflist_modlog}
 922          ORDER BY {$sortby} {$order}
 923          LIMIT {$start}, {$perpage}
 924      ");
 925      $results = '';
 926      while($logitem = $db->fetch_array($query))
 927      {
 928          $information = '';
 929          $logitem['action'] = htmlspecialchars_uni($logitem['action']);
 930          $log_date = my_date('relative', $logitem['dateline']);
 931          $trow = alt_trow();
 932          if($logitem['username'])
 933          {
 934              $logitem['username'] = htmlspecialchars_uni($logitem['username']);
 935              $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
 936              $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
 937          }
 938          else
 939          {
 940              $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted);
 941          }
 942          $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress']));
 943  
 944          if($logitem['tsubject'])
 945          {
 946              $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject']));
 947              $logitem['thread'] = get_thread_link($logitem['tid']);
 948              eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";");
 949          }
 950          if($logitem['fname'])
 951          {
 952              $logitem['forum'] = get_forum_link($logitem['fid']);
 953              eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";");
 954          }
 955          if($logitem['psubject'])
 956          {
 957              $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject']));
 958              $logitem['post'] = get_post_link($logitem['pid']);
 959              eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";");
 960          }
 961  
 962          // Edited a user or managed announcement?
 963          if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
 964          {
 965              $data = my_unserialize($logitem['data']);
 966              if(!empty($data['uid']))
 967              {
 968                  $data['username'] = htmlspecialchars_uni($data['username']);
 969                  $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
 970              }
 971              if(!empty($data['aid']))
 972              {
 973                  $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject']));
 974                  $data['announcement'] = get_announcement_link($data['aid']);
 975                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";");
 976              }
 977          }
 978  
 979          $plugins->run_hooks("modcp_modlogs_result");
 980  
 981          eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");
 982      }
 983  
 984      if(!$results)
 985      {
 986          eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");
 987      }
 988  
 989      $plugins->run_hooks("modcp_modlogs_filter");
 990  
 991      // Fetch filter options
 992      $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => '');
 993      $sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";
 994      $ordersel = array('asc' => '', 'desc' => '');
 995      $ordersel[$order] = "selected=\"selected\"";
 996      $user_options = '';
 997      $query = $db->query("
 998          SELECT DISTINCT l.uid, u.username
 999          FROM ".TABLE_PREFIX."moderatorlog l
1000          LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid)
1001          ORDER BY u.username ASC
1002      ");
1003      while($user = $db->fetch_array($query))
1004      {
1005          // Deleted Users
1006          if(!$user['username'])
1007          {
1008              $user['username'] = $lang->na_deleted;
1009          }
1010  
1011          $selected = '';
1012          if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid'])
1013          {
1014              $selected = " selected=\"selected\"";
1015          }
1016  
1017          $user['username'] = htmlspecialchars_uni($user['username']);
1018          eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";");
1019      }
1020  
1021      $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid");
1022  
1023      eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";");
1024      output_page($modlogs);
1025  }
1026  
1027  if($mybb->input['action'] == "do_delete_announcement")
1028  {
1029      verify_post_check($mybb->get_input('my_post_key'));
1030  
1031      if($mybb->usergroup['canmanageannounce'] == 0)
1032      {
1033          error_no_permission();
1034      }
1035  
1036      $aid = $mybb->get_input('aid');
1037      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1038      $announcement = $db->fetch_array($query);
1039  
1040      if(!$announcement)
1041      {
1042          error($lang->error_invalid_announcement);
1043      }
1044      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1045      {
1046          error_no_permission();
1047      }
1048  
1049      $plugins->run_hooks("modcp_do_delete_announcement");
1050  
1051      $db->delete_query("announcements", "aid='{$aid}'");
1052      log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted);
1053      $cache->update_forumsdisplay();
1054  
1055      redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);
1056  }
1057  
1058  if($mybb->input['action'] == "delete_announcement")
1059  {
1060      if($mybb->usergroup['canmanageannounce'] == 0)
1061      {
1062          error_no_permission();
1063      }
1064  
1065      $aid = $mybb->get_input('aid');
1066      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
1067  
1068      $announcement = $db->fetch_array($query);
1069      $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1070  
1071      if(!$announcement)
1072      {
1073          error($lang->error_invalid_announcement);
1074      }
1075  
1076      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1077      {
1078          error_no_permission();
1079      }
1080  
1081      $plugins->run_hooks("modcp_delete_announcement");
1082  
1083      eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
1084      output_page($announcements);
1085  }
1086  
1087  if($mybb->input['action'] == "do_new_announcement")
1088  {
1089      verify_post_check($mybb->get_input('my_post_key'));
1090  
1091      if($mybb->usergroup['canmanageannounce'] == 0)
1092      {
1093          error_no_permission();
1094      }
1095  
1096      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1097      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1098      {
1099          error_no_permission();
1100      }
1101  
1102      $errors = array();
1103  
1104      $mybb->input['title'] = $mybb->get_input('title');
1105      if(!trim($mybb->input['title']))
1106      {
1107          $errors[] = $lang->error_missing_title;
1108      }
1109  
1110      $mybb->input['message'] = $mybb->get_input('message');
1111      if(!trim($mybb->input['message']))
1112      {
1113          $errors[] = $lang->error_missing_message;
1114      }
1115  
1116      if(!$announcement_fid)
1117      {
1118          $errors[] = $lang->error_missing_forum;
1119      }
1120  
1121      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1122      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1123      $startdate = @explode(" ", $mybb->input['starttime_time']);
1124      $startdate = @explode(":", $startdate[0]);
1125      $enddate = @explode(" ", $mybb->input['endtime_time']);
1126      $enddate = @explode(":", $enddate[0]);
1127  
1128      if(stristr($mybb->input['starttime_time'], "pm"))
1129      {
1130          $startdate[0] = 12+$startdate[0];
1131          if($startdate[0] >= 24)
1132          {
1133              $startdate[0] = "00";
1134          }
1135      }
1136  
1137      if(stristr($mybb->input['endtime_time'], "pm"))
1138      {
1139          $enddate[0] = 12+$enddate[0];
1140          if($enddate[0] >= 24)
1141          {
1142              $enddate[0] = "00";
1143          }
1144      }
1145  
1146      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1147      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1148      if(!in_array($mybb->input['starttime_month'], $months))
1149      {
1150          $mybb->input['starttime_month'] = '01';
1151      }
1152  
1153      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1154  
1155      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1156      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1157      {
1158          $errors[] = $lang->error_invalid_start_date;
1159      }
1160  
1161      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2)
1162      {
1163          $enddate = '0';
1164          $mybb->input['endtime_month'] = '01';
1165      }
1166      else
1167      {
1168          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1169          if(!in_array($mybb->input['endtime_month'], $months))
1170          {
1171              $mybb->input['endtime_month'] = '01';
1172          }
1173          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1174          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1175          {
1176              $errors[] = $lang->error_invalid_end_date;
1177          }
1178  
1179          if($enddate <= $startdate)
1180          {
1181              $errors[] = $lang->error_end_before_start;
1182          }
1183      }
1184  
1185      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1186      {
1187          $allowhtml = 1;
1188      }
1189      else
1190      {
1191          $allowhtml = 0;
1192      }
1193      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1194      {
1195          $allowmycode = 1;
1196      }
1197      else
1198      {
1199          $allowmycode = 0;
1200      }
1201      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1202      {
1203          $allowsmilies = 1;
1204      }
1205      else
1206      {
1207          $allowsmilies = 0;
1208      }
1209  
1210      $plugins->run_hooks("modcp_do_new_announcement_start");
1211  
1212      if(!$errors)
1213      {
1214          if(isset($mybb->input['preview']))
1215          {
1216              $preview = array();
1217              $mybb->input['action'] = 'new_announcement';
1218          }
1219          else
1220          {
1221              $insert_announcement = array(
1222                  'fid' => $announcement_fid,
1223                  'uid' => $mybb->user['uid'],
1224                  'subject' => $db->escape_string($mybb->input['title']),
1225                  'message' => $db->escape_string($mybb->input['message']),
1226                  'startdate' => $startdate,
1227                  'enddate' => $enddate,
1228                  'allowhtml' => $allowhtml,
1229                  'allowmycode' => $allowmycode,
1230                  'allowsmilies' => $allowsmilies
1231              );
1232              $aid = $db->insert_query("announcements", $insert_announcement);
1233  
1234              log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added);
1235  
1236              $plugins->run_hooks("modcp_do_new_announcement_end");
1237  
1238              $cache->update_forumsdisplay();
1239              redirect("modcp.php?action=announcements", $lang->redirect_add_announcement);
1240          }
1241      }
1242      else
1243      {
1244          $mybb->input['action'] = 'new_announcement';
1245      }
1246  }
1247  
1248  if($mybb->input['action'] == "new_announcement")
1249  {
1250      if($mybb->usergroup['canmanageannounce'] == 0)
1251      {
1252          error_no_permission();
1253      }
1254  
1255      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1256      add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements");
1257  
1258      $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT);
1259  
1260      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums)))
1261      {
1262          error_no_permission();
1263      }
1264  
1265      // Deal with inline errors
1266      if(!empty($errors) || isset($preview))
1267      {
1268          if(!empty($errors))
1269          {
1270              $errors = inline_error($errors);
1271          }
1272          else
1273          {
1274              $errors = '';
1275          }
1276  
1277          // Set $announcement to input stuff
1278          $announcement['subject'] = $mybb->input['title'];
1279          $announcement['message'] = $mybb->input['message'];
1280          $announcement['allowhtml'] = $allowhtml;
1281          $announcement['allowmycode'] = $allowmycode;
1282          $announcement['allowsmilies'] = $allowsmilies;
1283  
1284          $startmonth = $mybb->input['starttime_month'];
1285          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1286          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1287          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1288          $endmonth = $mybb->input['endtime_month'];
1289          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1290          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1291          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1292      }
1293      else
1294      {
1295          $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1296  
1297          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1298          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time);
1299          $startday = $endday = gmdate("j", $localized_time);
1300          $startmonth = $endmonth = gmdate("m", $localized_time);
1301          $startdateyear = gmdate("Y", $localized_time);
1302  
1303          $announcement = array(
1304              'subject' => '',
1305              'message' => '',
1306              'allowhtml' => 0,
1307              'allowmycode' => 1,
1308              'allowsmilies' => 1
1309              );
1310  
1311          $enddateyear = $startdateyear+1;
1312      }
1313  
1314      // Generate form elements
1315      $startdateday = $enddateday = '';
1316      for($day = 1; $day <= 31; ++$day)
1317      {
1318          if($startday == $day)
1319          {
1320              $selected = " selected=\"selected\"";
1321              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1322          }
1323          else
1324          {
1325              $selected = '';
1326              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1327          }
1328  
1329          if($endday == $day)
1330          {
1331              $selected = " selected=\"selected\"";
1332              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1333          }
1334          else
1335          {
1336              $selected = '';
1337              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1338          }
1339      }
1340  
1341      $startmonthsel = $endmonthsel = array();
1342      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1343      {
1344          $startmonthsel[$month] = '';
1345          $endmonthsel[$month] = '';
1346      }
1347      $startmonthsel[$startmonth] = "selected=\"selected\"";
1348      $endmonthsel[$endmonth] = "selected=\"selected\"";
1349  
1350      $startdatemonth = $enddatemonth = '';
1351  
1352      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1353      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1354  
1355      $title = htmlspecialchars_uni($announcement['subject']);
1356      $message = htmlspecialchars_uni($announcement['message']);
1357  
1358      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1359  
1360      if($mybb->settings['announcementshtml'])
1361      {
1362          if($announcement['allowhtml'])
1363          {
1364              $html_sel['yes'] = ' checked="checked"';
1365          }
1366          else
1367          {
1368              $html_sel['no'] = ' checked="checked"';
1369          }
1370  
1371          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1372      }
1373      else
1374      {
1375          $allow_html = '';
1376      }
1377  
1378      if($announcement['allowmycode'])
1379      {
1380          $mycode_sel['yes'] = ' checked="checked"';
1381      }
1382      else
1383      {
1384          $mycode_sel['no'] = ' checked="checked"';
1385      }
1386  
1387      if($announcement['allowsmilies'])
1388      {
1389          $smilies_sel['yes'] = ' checked="checked"';
1390      }
1391      else
1392      {
1393          $smilies_sel['no'] = ' checked="checked"';
1394      }
1395  
1396      $end_type_sel = array('infinite' => '', 'finite' => '');
1397      if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2)
1398      {
1399          $end_type_sel['infinite'] = ' checked="checked"';
1400      }
1401      else
1402      {
1403          $end_type_sel['finite'] = ' checked="checked"';
1404      }
1405  
1406      // MyCode editor
1407      $codebuttons = build_mycode_inserter();
1408      $smilieinserter = build_clickable_smilies();
1409  
1410      if(isset($preview))
1411      {
1412          $announcementarray = array(
1413              'aid' => 0,
1414              'fid' => $announcement_fid,
1415              'uid' => $mybb->user['uid'],
1416              'subject' => $mybb->input['title'],
1417              'message' => $mybb->input['message'],
1418              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1419              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1420              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1421              'dateline' => TIME_NOW,
1422              'userusername' => $mybb->user['username'],
1423          );
1424  
1425          $array = $mybb->user;
1426          foreach($array as $key => $element)
1427          {
1428              $announcementarray[$key] = $element;
1429          }
1430  
1431          // Gather usergroup data from the cache
1432          // Field => Array Key
1433          $data_key = array(
1434              'title' => 'grouptitle',
1435              'usertitle' => 'groupusertitle',
1436              'stars' => 'groupstars',
1437              'starimage' => 'groupstarimage',
1438              'image' => 'groupimage',
1439              'namestyle' => 'namestyle',
1440              'usereputationsystem' => 'usereputationsystem'
1441          );
1442  
1443          foreach($data_key as $field => $key)
1444          {
1445              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1446          }
1447  
1448          require_once  MYBB_ROOT."inc/functions_post.php";
1449          $postbit = build_postbit($announcementarray, 3);
1450          eval("\$preview = \"".$templates->get("previewpost")."\";");
1451      }
1452      else
1453      {
1454          $preview = '';
1455      }
1456  
1457      $plugins->run_hooks("modcp_new_announcement");
1458  
1459      eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";");
1460      output_page($announcements);
1461  }
1462  
1463  if($mybb->input['action'] == "do_edit_announcement")
1464  {
1465      verify_post_check($mybb->get_input('my_post_key'));
1466  
1467      if($mybb->usergroup['canmanageannounce'] == 0)
1468      {
1469          error_no_permission();
1470      }
1471  
1472      // Get the announcement
1473      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1474      $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1475      $announcement = $db->fetch_array($query);
1476  
1477      // Check that it exists
1478      if(!$announcement)
1479      {
1480          error($lang->error_invalid_announcement);
1481      }
1482  
1483      // Mod has permissions to edit this announcement
1484      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1485      {
1486          error_no_permission();
1487      }
1488  
1489      $errors = array();
1490  
1491      // Basic error checking
1492      $mybb->input['title'] = $mybb->get_input('title');
1493      if(!trim($mybb->input['title']))
1494      {
1495          $errors[] = $lang->error_missing_title;
1496      }
1497  
1498      $mybb->input['message'] = $mybb->get_input('message');
1499      if(!trim($mybb->input['message']))
1500      {
1501          $errors[] = $lang->error_missing_message;
1502      }
1503  
1504      $mybb->input['starttime_time'] = $mybb->get_input('starttime_time');
1505      $mybb->input['endtime_time'] = $mybb->get_input('endtime_time');
1506      $startdate = @explode(" ", $mybb->input['starttime_time']);
1507      $startdate = @explode(":", $startdate[0]);
1508      $enddate = @explode(" ", $mybb->input['endtime_time']);
1509      $enddate = @explode(":", $enddate[0]);
1510  
1511      if(stristr($mybb->input['starttime_time'], "pm"))
1512      {
1513          $startdate[0] = 12+$startdate[0];
1514          if($startdate[0] >= 24)
1515          {
1516              $startdate[0] = "00";
1517          }
1518      }
1519  
1520      if(stristr($mybb->input['endtime_time'], "pm"))
1521      {
1522          $enddate[0] = 12+$enddate[0];
1523          if($enddate[0] >= 24)
1524          {
1525              $enddate[0] = "00";
1526          }
1527      }
1528  
1529      $mybb->input['starttime_month'] = $mybb->get_input('starttime_month');
1530      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1531      if(!in_array($mybb->input['starttime_month'], $months))
1532      {
1533          $mybb->input['starttime_month'] = '01';
1534      }
1535  
1536      $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1537  
1538      $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1539      if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false)
1540      {
1541          $errors[] = $lang->error_invalid_start_date;
1542      }
1543  
1544      if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2")
1545      {
1546          $enddate = '0';
1547          $mybb->input['endtime_month'] = '01';
1548      }
1549      else
1550      {
1551          $mybb->input['endtime_month'] = $mybb->get_input('endtime_month');
1552          if(!in_array($mybb->input['endtime_month'], $months))
1553          {
1554              $mybb->input['endtime_month'] = '01';
1555          }
1556          $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset;
1557          if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false)
1558          {
1559              $errors[] = $lang->error_invalid_end_date;
1560          }
1561          elseif($enddate <= $startdate)
1562          {
1563              $errors[] = $lang->error_end_before_start;
1564          }
1565      }
1566  
1567      if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1)
1568      {
1569          $allowhtml = 1;
1570      }
1571      else
1572      {
1573          $allowhtml = 0;
1574      }
1575      if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1)
1576      {
1577          $allowmycode = 1;
1578      }
1579      else
1580      {
1581          $allowmycode = 0;
1582      }
1583      if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1)
1584      {
1585          $allowsmilies = 1;
1586      }
1587      else
1588      {
1589          $allowsmilies = 0;
1590      }
1591  
1592      $plugins->run_hooks("modcp_do_edit_announcement_start");
1593  
1594      // Proceed to update if no errors
1595      if(!$errors)
1596      {
1597          if(isset($mybb->input['preview']))
1598          {
1599              $preview = array();
1600              $mybb->input['action'] = 'edit_announcement';
1601          }
1602          else
1603          {
1604              $update_announcement = array(
1605                  'uid' => $mybb->user['uid'],
1606                  'subject' => $db->escape_string($mybb->input['title']),
1607                  'message' => $db->escape_string($mybb->input['message']),
1608                  'startdate' => $startdate,
1609                  'enddate' => $enddate,
1610                  'allowhtml' => $allowhtml,
1611                  'allowmycode' => $allowmycode,
1612                  'allowsmilies' => $allowsmilies
1613              );
1614              $db->update_query("announcements", $update_announcement, "aid='{$aid}'");
1615  
1616              log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited);
1617  
1618              $plugins->run_hooks("modcp_do_edit_announcement_end");
1619  
1620              $cache->update_forumsdisplay();
1621              redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement);
1622          }
1623      }
1624      else
1625      {
1626          $mybb->input['action'] = 'edit_announcement';
1627      }
1628  }
1629  
1630  if($mybb->input['action'] == "edit_announcement")
1631  {
1632      if($mybb->usergroup['canmanageannounce'] == 0)
1633      {
1634          error_no_permission();
1635      }
1636  
1637      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
1638  
1639      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1640      add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&amp;aid={$aid}");
1641  
1642      // Get announcement
1643      if(!isset($announcement) || $mybb->request_method != 'post')
1644      {
1645          $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
1646          $announcement = $db->fetch_array($query);
1647      }
1648  
1649      if(!$announcement)
1650      {
1651          error($lang->error_invalid_announcement);
1652      }
1653      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1654      {
1655          error_no_permission();
1656      }
1657  
1658      if(!$announcement['startdate'])
1659      {
1660          // No start date? Make it now.
1661          $announcement['startdate'] = TIME_NOW;
1662      }
1663  
1664      $makeshift_end = false;
1665      if(!$announcement['enddate'])
1666      {
1667          $makeshift_end = true;
1668          $makeshift_time = TIME_NOW;
1669          if($announcement['startdate'])
1670          {
1671              $makeshift_time = $announcement['startdate'];
1672          }
1673  
1674          // No end date? Make it a year from now.
1675          $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366);
1676      }
1677  
1678      // Deal with inline errors
1679      if(!empty($errors) || isset($preview))
1680      {
1681          if(!empty($errors))
1682          {
1683              $errors = inline_error($errors);
1684          }
1685          else
1686          {
1687              $errors = '';
1688          }
1689  
1690          // Set $announcement to input stuff
1691          $announcement['subject'] = $mybb->input['title'];
1692          $announcement['message'] = $mybb->input['message'];
1693          $announcement['allowhtml'] = $allowhtml;
1694          $announcement['allowmycode'] = $allowmycode;
1695          $announcement['allowsmilies'] = $allowsmilies;
1696  
1697          $startmonth = $mybb->input['starttime_month'];
1698          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1699          $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT);
1700          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1701          $endmonth = $mybb->input['endtime_month'];
1702          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1703          $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT);
1704          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1705  
1706          $errored = true;
1707      }
1708      else
1709      {
1710          $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1711          $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600;
1712  
1713          $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate);
1714          $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate);
1715  
1716          $startday = gmdate('j', $localized_time_startdate);
1717          $endday = gmdate('j', $localized_time_enddate);
1718  
1719          $startmonth = gmdate('m', $localized_time_startdate);
1720          $endmonth = gmdate('m', $localized_time_enddate);
1721  
1722          $startdateyear = gmdate('Y', $localized_time_startdate);
1723          $enddateyear = gmdate('Y', $localized_time_enddate);
1724  
1725          $errored = false;
1726      }
1727  
1728      // Generate form elements
1729      $startdateday = $enddateday = '';
1730      for($day = 1; $day <= 31; ++$day)
1731      {
1732          if($startday == $day)
1733          {
1734              $selected = " selected=\"selected\"";
1735              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1736          }
1737          else
1738          {
1739              $selected = '';
1740              eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";");
1741          }
1742  
1743          if($endday == $day)
1744          {
1745              $selected = " selected=\"selected\"";
1746              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1747          }
1748          else
1749          {
1750              $selected = '';
1751              eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";");
1752          }
1753      }
1754  
1755      $startmonthsel = $endmonthsel = array();
1756      foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month)
1757      {
1758          $startmonthsel[$month] = '';
1759          $endmonthsel[$month] = '';
1760      }
1761      $startmonthsel[$startmonth] = "selected=\"selected\"";
1762      $endmonthsel[$endmonth] = "selected=\"selected\"";
1763  
1764      $startdatemonth = $enddatemonth = '';
1765  
1766      eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";");
1767      eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";");
1768  
1769      $title = htmlspecialchars_uni($announcement['subject']);
1770      $message = htmlspecialchars_uni($announcement['message']);
1771  
1772      $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => '');
1773  
1774      if($mybb->settings['announcementshtml'])
1775      {
1776          if($announcement['allowhtml'])
1777          {
1778              $html_sel['yes'] = ' checked="checked"';
1779          }
1780          else
1781          {
1782              $html_sel['no'] = ' checked="checked"';
1783          }
1784  
1785          eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";");
1786      }
1787      else
1788      {
1789          $allow_html = '';
1790      }
1791  
1792      if($announcement['allowmycode'])
1793      {
1794          $mycode_sel['yes'] = ' checked="checked"';
1795      }
1796      else
1797      {
1798          $mycode_sel['no'] = ' checked="checked"';
1799      }
1800  
1801      if($announcement['allowsmilies'])
1802      {
1803          $smilies_sel['yes'] = ' checked="checked"';
1804      }
1805      else
1806      {
1807          $smilies_sel['no'] = ' checked="checked"';
1808      }
1809  
1810      $end_type_sel = array('infinite' => '', 'finite' => '');
1811      if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true)
1812      {
1813          $end_type_sel['infinite'] = ' checked="checked"';
1814      }
1815      else
1816      {
1817          $end_type_sel['finite'] = ' checked="checked"';
1818      }
1819  
1820      // MyCode editor
1821      $codebuttons = build_mycode_inserter();
1822      $smilieinserter = build_clickable_smilies();
1823  
1824      if(isset($preview))
1825      {
1826          $announcementarray = array(
1827              'aid' => $announcement['aid'],
1828              'fid' => $announcement['fid'],
1829              'uid' => $mybb->user['uid'],
1830              'subject' => $mybb->input['title'],
1831              'message' => $mybb->input['message'],
1832              'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT),
1833              'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT),
1834              'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT),
1835              'dateline' => TIME_NOW,
1836              'userusername' => $mybb->user['username'],
1837          );
1838  
1839          $array = $mybb->user;
1840          foreach($array as $key => $element)
1841          {
1842              $announcementarray[$key] = $element;
1843          }
1844  
1845          // Gather usergroup data from the cache
1846          // Field => Array Key
1847          $data_key = array(
1848              'title' => 'grouptitle',
1849              'usertitle' => 'groupusertitle',
1850              'stars' => 'groupstars',
1851              'starimage' => 'groupstarimage',
1852              'image' => 'groupimage',
1853              'namestyle' => 'namestyle',
1854              'usereputationsystem' => 'usereputationsystem'
1855          );
1856  
1857          foreach($data_key as $field => $key)
1858          {
1859              $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
1860          }
1861  
1862          require_once  MYBB_ROOT."inc/functions_post.php";
1863          $postbit = build_postbit($announcementarray, 3);
1864          eval("\$preview = \"".$templates->get("previewpost")."\";");
1865      }
1866      else
1867      {
1868          $preview = '';
1869      }
1870  
1871      $plugins->run_hooks("modcp_edit_announcement");
1872  
1873      eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";");
1874      output_page($announcements);
1875  }
1876  
1877  if($mybb->input['action'] == "announcements")
1878  {
1879      if($mybb->usergroup['canmanageannounce'] == 0)
1880      {
1881          error_no_permission();
1882      }
1883  
1884      if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1)
1885      {
1886          error($lang->you_cannot_manage_announcements);
1887      }
1888  
1889      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1890  
1891      // Fetch announcements into their proper arrays
1892      $query = $db->simple_select("announcements", "aid, fid, subject, enddate");
1893      $announcements = $global_announcements = array();
1894      while($announcement = $db->fetch_array($query))
1895      {
1896          if($announcement['fid'] == -1)
1897          {
1898              $global_announcements[$announcement['aid']] = $announcement;
1899              continue;
1900          }
1901          $announcements[$announcement['fid']][$announcement['aid']] = $announcement;
1902      }
1903  
1904      $announcements_global = '';
1905      if($mybb->usergroup['issupermod'] == 1)
1906      {
1907          if($global_announcements && $mybb->usergroup['issupermod'] == 1)
1908          {
1909              // Get the global announcements
1910              foreach($global_announcements as $aid => $announcement)
1911              {
1912                  $trow = alt_trow();
1913                  if((isset($announcement['startdate']) && $announcement['startdate'] > TIME_NOW) || (isset($announcement['enddate']) && $announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0))
1914                  {
1915                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";");
1916                  }
1917                  else
1918                  {
1919                      eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";");
1920                  }
1921  
1922                  $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
1923  
1924                  eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";");
1925              }
1926          }
1927          else
1928          {
1929              // No global announcements
1930              eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";");
1931          }
1932          eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";");
1933      }
1934  
1935      $announcements_forum = '';
1936      fetch_forum_announcements();
1937  
1938      if(!$announcements_forum)
1939      {
1940          eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";");
1941      }
1942  
1943      $plugins->run_hooks("modcp_announcements");
1944  
1945      eval("\$announcements = \"".$templates->get("modcp_announcements")."\";");
1946      output_page($announcements);
1947  }
1948  
1949  if($mybb->input['action'] == "do_modqueue")
1950  {
1951      require_once  MYBB_ROOT."inc/class_moderation.php";
1952      $moderation = new Moderation;
1953  
1954      // Verify incoming POST request
1955      verify_post_check($mybb->get_input('my_post_key'));
1956  
1957      if($mybb->usergroup['canmanagemodqueue'] == 0)
1958      {
1959          error_no_permission();
1960      }
1961  
1962      $plugins->run_hooks("modcp_do_modqueue_start");
1963  
1964      $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY);
1965      $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY);
1966      $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY);
1967      if(!empty($mybb->input['threads']))
1968      {
1969          $threads = array_map("intval", array_keys($mybb->input['threads']));
1970          $threads_to_approve = $threads_to_delete = array();
1971          // Fetch threads
1972          $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}");
1973          while($thread = $db->fetch_array($query))
1974          {
1975              if(!isset($mybb->input['threads'][$thread['tid']]))
1976              {
1977                  continue;
1978              }
1979              $action = $mybb->input['threads'][$thread['tid']];
1980              if($action == "approve")
1981              {
1982                  $threads_to_approve[] = $thread['tid'];
1983              }
1984              else if($action == "delete")
1985              {
1986                  $threads_to_delete[] = $thread['tid'];
1987              }
1988          }
1989          if(!empty($threads_to_approve))
1990          {
1991              $moderation->approve_threads($threads_to_approve);
1992              log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads);
1993          }
1994          if(!empty($threads_to_delete))
1995          {
1996              if($mybb->settings['soft_delete'] == 1)
1997              {
1998                  $moderation->soft_delete_threads($threads_to_delete);
1999                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads);
2000              }
2001              else
2002              {
2003                  foreach($threads_to_delete as $tid)
2004                  {
2005                      $moderation->delete_thread($tid);
2006                  }
2007                  log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads);
2008              }
2009          }
2010  
2011          $plugins->run_hooks("modcp_do_modqueue_end");
2012  
2013          redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated);
2014      }
2015      else if(!empty($mybb->input['posts']))
2016      {
2017          $posts = array_map("intval", array_keys($mybb->input['posts']));
2018          // Fetch posts
2019          $posts_to_approve = $posts_to_delete = array();
2020          $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}");
2021          while($post = $db->fetch_array($query))
2022          {
2023              if(!isset($mybb->input['posts'][$post['pid']]))
2024              {
2025                  continue;
2026              }
2027              $action = $mybb->input['posts'][$post['pid']];
2028              if($action == "approve")
2029              {
2030                  $posts_to_approve[] = $post['pid'];
2031              }
2032              else if($action == "delete" && $mybb->settings['soft_delete'] != 1)
2033              {
2034                  $moderation->delete_post($post['pid']);
2035              }
2036              else if($action == "delete")
2037              {
2038                  $posts_to_delete[] = $post['pid'];
2039              }
2040          }
2041          if(!empty($posts_to_approve))
2042          {
2043              $moderation->approve_posts($posts_to_approve);
2044              log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts);
2045          }
2046          if(!empty($posts_to_delete))
2047          {
2048              if($mybb->settings['soft_delete'] == 1)
2049              {
2050                  $moderation->soft_delete_posts($posts_to_delete);
2051                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts);
2052              }
2053              else
2054              {
2055                  log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts);
2056              }
2057          }
2058  
2059          $plugins->run_hooks("modcp_do_modqueue_end");
2060  
2061          redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated);
2062      }
2063      else if(!empty($mybb->input['attachments']))
2064      {
2065          $attachments = array_map("intval", array_keys($mybb->input['attachments']));
2066          $query = $db->query("
2067              SELECT a.pid, a.aid, t.tid
2068              FROM  ".TABLE_PREFIX."attachments a
2069              LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
2070              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2071              WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach}
2072          ");
2073          while($attachment = $db->fetch_array($query))
2074          {
2075              if(!isset($mybb->input['attachments'][$attachment['aid']]))
2076              {
2077                  continue;
2078              }
2079              $action = $mybb->input['attachments'][$attachment['aid']];
2080              if($action == "approve")
2081              {
2082                  $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");
2083                  if(isset($attachment['tid']))
2084                  {
2085                      update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "+1"));
2086                  }
2087              }
2088              else if($action == "delete")
2089              {
2090                  remove_attachment($attachment['pid'], '', $attachment['aid']);
2091                  if(isset($attachment['tid']))
2092                  {
2093                      update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "-1"));
2094                  }
2095              }
2096          }
2097  
2098          $plugins->run_hooks("modcp_do_modqueue_end");
2099  
2100          redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
2101      }
2102  }
2103  
2104  if($mybb->input['action'] == "modqueue")
2105  {
2106      $navsep = '';
2107  
2108      if($mybb->usergroup['canmanagemodqueue'] == 0)
2109      {
2110          error_no_permission();
2111      }
2112  
2113      if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2114      {
2115          error($lang->you_cannot_use_mod_queue);
2116      }
2117  
2118      $mybb->input['type'] = $mybb->get_input('type');
2119      $threadqueue = $postqueue = $attachmentqueue = '';
2120      if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1))
2121      {
2122          if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1)
2123          {
2124              error($lang->you_cannot_moderate_threads);
2125          }
2126  
2127          $forum_cache = $cache->read("forums");
2128  
2129          $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
2130          $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
2131  
2132          // Figure out if we need to display multiple pages.
2133          if($mybb->get_input('page') != "last")
2134          {
2135              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2136          }
2137  
2138          $perpage = $mybb->settings['threadsperpage'];
2139          $pages = $unapproved_threads / $perpage;
2140          $pages = ceil($pages);
2141  
2142          if($mybb->get_input('page') == "last")
2143          {
2144              $page = $pages;
2145          }
2146  
2147          if($page > $pages || $page <= 0)
2148          {
2149              $page = 1;
2150          }
2151  
2152          if($page)
2153          {
2154              $start = ($page-1) * $perpage;
2155          }
2156          else
2157          {
2158              $start = 0;
2159              $page = 1;
2160          }
2161  
2162          $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads");
2163  
2164          $query = $db->query("
2165              SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid
2166              FROM ".TABLE_PREFIX."threads t
2167              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost)
2168              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
2169              WHERE t.visible='0' {$tflist_queue_threads}
2170              ORDER BY t.lastpost DESC
2171              LIMIT {$start}, {$perpage}
2172          ");
2173          $threads = '';
2174          while($thread = $db->fetch_array($query))
2175          {
2176              $altbg = alt_trow();
2177              $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
2178              $thread['threadlink'] = get_thread_link($thread['tid']);
2179              $forum_link = get_forum_link($thread['fid']);
2180              $forum_name = $forum_cache[$thread['fid']]['name'];
2181              $threaddate = my_date('relative', $thread['dateline']);
2182  
2183              if($thread['username'] == "")
2184              {
2185                  if($thread['threadusername'] != "")
2186                  {
2187                      $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']);
2188                      $profile_link = $thread['threadusername'];
2189                  }
2190                  else
2191                  {
2192                      $profile_link = $lang->guest;
2193                  }
2194              }
2195              else
2196              {
2197                  $thread['username'] = htmlspecialchars_uni($thread['username']);
2198                  $profile_link = build_profile_link($thread['username'], $thread['uid']);
2199              }
2200  
2201              $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage']));
2202              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2203              eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";");
2204          }
2205  
2206          if(!$threads && $mybb->input['type'] == "threads")
2207          {
2208              eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";");
2209          }
2210  
2211          if($threads)
2212          {
2213              add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&amp;type=threads");
2214  
2215              $plugins->run_hooks("modcp_modqueue_threads_end");
2216  
2217              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2218              {
2219                  $navsep = " | ";
2220                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2221              }
2222  
2223              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2224              {
2225                  $navsep = " | ";
2226                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2227              }
2228  
2229              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2230              eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";");
2231              output_page($threadqueue);
2232          }
2233          $type = 'threads';
2234      }
2235  
2236      if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)))
2237      {
2238          if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1)
2239          {
2240              error($lang->you_cannot_moderate_posts);
2241          }
2242  
2243          $forum_cache = $cache->read("forums");
2244  
2245          $query = $db->query("
2246              SELECT COUNT(pid) AS unapprovedposts
2247              FROM  ".TABLE_PREFIX."posts p
2248              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2249              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2250          ");
2251          $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
2252  
2253          // Figure out if we need to display multiple pages.
2254          if($mybb->get_input('page') != "last")
2255          {
2256              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2257          }
2258  
2259          $perpage = $mybb->settings['postsperpage'];
2260          $pages = $unapproved_posts / $perpage;
2261          $pages = ceil($pages);
2262  
2263          if($mybb->get_input('page') == "last")
2264          {
2265              $page = $pages;
2266          }
2267  
2268          if($page > $pages || $page <= 0)
2269          {
2270              $page = 1;
2271          }
2272  
2273          if($page)
2274          {
2275              $start = ($page-1) * $perpage;
2276          }
2277          else
2278          {
2279              $start = 0;
2280              $page = 1;
2281          }
2282  
2283          $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");
2284  
2285          $query = $db->query("
2286              SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline
2287              FROM  ".TABLE_PREFIX."posts p
2288              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2289              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2290              WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid
2291              ORDER BY p.dateline DESC, p.pid DESC
2292              LIMIT {$start}, {$perpage}
2293          ");
2294          $posts = '';
2295          while($post = $db->fetch_array($query))
2296          {
2297              $altbg = alt_trow();
2298              $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject']));
2299              $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject']));
2300              $post['threadlink'] = get_thread_link($post['tid']);
2301              $post['postlink'] = get_post_link($post['pid'], $post['tid']);
2302              $forum_link = get_forum_link($post['fid']);
2303              $forum_name = $forum_cache[$post['fid']]['name'];
2304              $postdate = my_date('relative', $post['dateline']);
2305  
2306              if($post['username'] == "")
2307              {
2308                  if($post['postusername'] != "")
2309                  {
2310                      $post['postusername'] = htmlspecialchars_uni($post['postusername']);
2311                      $profile_link = $post['postusername'];
2312                  }
2313                  else
2314                  {
2315                      $profile_link = $lang->guest;
2316                  }
2317              }
2318              else
2319              {
2320                  $post['username'] = htmlspecialchars_uni($post['username']);
2321                  $profile_link = build_profile_link($post['username'], $post['uid']);
2322              }
2323  
2324              eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";");
2325              eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";");
2326              $post['message'] = nl2br(htmlspecialchars_uni($post['message']));
2327              eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";");
2328          }
2329  
2330          if(!$posts && $mybb->input['type'] == "posts")
2331          {
2332              eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";");
2333          }
2334  
2335          if($posts)
2336          {
2337              add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&amp;type=posts");
2338  
2339              $plugins->run_hooks("modcp_modqueue_posts_end");
2340  
2341              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2342              {
2343                  $navsep = " | ";
2344                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2345              }
2346  
2347              if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
2348              {
2349                  $navsep = " | ";
2350                  eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";");
2351              }
2352  
2353              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2354              eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";");
2355              output_page($postqueue);
2356          }
2357      }
2358  
2359      if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)))
2360      {
2361          if($mybb->settings['enableattachments'] == 0)
2362          {
2363              error($lang->attachments_disabled);
2364          }
2365  
2366          if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1)
2367          {
2368              error($lang->you_cannot_moderate_attachments);
2369          }
2370  
2371          $query = $db->query("
2372              SELECT COUNT(aid) AS unapprovedattachments
2373              FROM  ".TABLE_PREFIX."attachments a
2374              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2375              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2376              WHERE a.visible='0'{$tflist_queue_attach}
2377          ");
2378          $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
2379  
2380          // Figure out if we need to display multiple pages.
2381          if($mybb->get_input('page') != "last")
2382          {
2383              $page = $mybb->get_input('page', MyBB::INPUT_INT);
2384          }
2385  
2386          $perpage = $mybb->settings['postsperpage'];
2387          $pages = $unapproved_attachments / $perpage;
2388          $pages = ceil($pages);
2389  
2390          if($mybb->get_input('page') == "last")
2391          {
2392              $page = $pages;
2393          }
2394  
2395          if($page > $pages || $page <= 0)
2396          {
2397              $page = 1;
2398          }
2399  
2400          if($page)
2401          {
2402              $start = ($page-1) * $perpage;
2403          }
2404          else
2405          {
2406              $start = 0;
2407              $page = 1;
2408          }
2409  
2410          $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");
2411  
2412          $query = $db->query("
2413              SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject
2414              FROM  ".TABLE_PREFIX."attachments a
2415              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
2416              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2417              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
2418              WHERE a.visible='0'{$tflist_queue_attach}
2419              ORDER BY a.dateuploaded DESC
2420              LIMIT {$start}, {$perpage}
2421          ");
2422          $attachments = '';
2423          while($attachment = $db->fetch_array($query))
2424          {
2425              $altbg = alt_trow();
2426  
2427              if(!$attachment['dateuploaded'])
2428              {
2429                  $attachment['dateuploaded'] = $attachment['dateline'];
2430              }
2431  
2432              $attachdate = my_date('relative', $attachment['dateuploaded']);
2433  
2434              $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject']));
2435              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
2436              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
2437              $attachment['filesize'] = get_friendly_size($attachment['filesize']);
2438  
2439              $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}";
2440              $thread_link = get_thread_link($attachment['tid']);
2441              $attachment['username'] = htmlspecialchars_uni($attachment['username']);
2442              $profile_link = build_profile_link($attachment['username'], $attachment['uid']);
2443  
2444              eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";");
2445          }
2446  
2447          if(!$attachments && $mybb->input['type'] == "attachments")
2448          {
2449              eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";");
2450          }
2451  
2452          if($attachments)
2453          {
2454              add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&amp;type=attachments");
2455  
2456              $plugins->run_hooks("modcp_modqueue_attachments_end");
2457  
2458              if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
2459              {
2460                  eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";");
2461                  $navsep = " | ";
2462              }
2463  
2464              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
2465              {
2466                  eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";");
2467                  $navsep = " | ";
2468              }
2469  
2470              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
2471              eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";");
2472              output_page($attachmentqueue);
2473          }
2474      }
2475  
2476      // Still nothing? All queues are empty! :-D
2477      if(!$threadqueue && !$postqueue && !$attachmentqueue)
2478      {
2479          add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue");
2480  
2481          $plugins->run_hooks("modcp_modqueue_end");
2482  
2483          eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";");
2484          output_page($queue);
2485      }
2486  }
2487  
2488  if($mybb->input['action'] == "do_editprofile")
2489  {
2490      // Verify incoming POST request
2491      verify_post_check($mybb->get_input('my_post_key'));
2492  
2493      if($mybb->usergroup['caneditprofiles'] == 0)
2494      {
2495          error_no_permission();
2496      }
2497  
2498      $user = get_user($mybb->input['uid']);
2499      if(!$user)
2500      {
2501          error($lang->error_nomember);
2502      }
2503  
2504      // Check if the current user has permission to edit this user
2505      if(!modcp_can_manage_user($user['uid']))
2506      {
2507          error_no_permission();
2508      }
2509  
2510      $plugins->run_hooks("modcp_do_editprofile_start");
2511  
2512      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
2513      {
2514          $awaydate = TIME_NOW;
2515          if(!empty($mybb->input['awayday']))
2516          {
2517              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
2518              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
2519              {
2520                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
2521              }
2522              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
2523              {
2524                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
2525              }
2526  
2527              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
2528              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
2529              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
2530  
2531              // Check if return date is after the away date.
2532              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
2533              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
2534              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
2535              {
2536                  error($lang->error_modcp_return_date_past);
2537              }
2538  
2539              $returndate = "{$return_day}-{$return_month}-{$return_year}";
2540          }
2541          else
2542          {
2543              $returndate = "";
2544          }
2545          $away = array(
2546              "away" => 1,
2547              "date" => $awaydate,
2548              "returndate" => $returndate,
2549              "awayreason" => $mybb->get_input('awayreason')
2550          );
2551      }
2552      else
2553      {
2554          $away = array(
2555              "away" => 0,
2556              "date" => '',
2557              "returndate" => '',
2558              "awayreason" => ''
2559          );
2560      }
2561  
2562      // Set up user handler.
2563      require_once  MYBB_ROOT."inc/datahandlers/user.php";
2564      $userhandler = new UserDataHandler('update');
2565  
2566      // Set the data for the new user.
2567      $updated_user = array(
2568          "uid" => $user['uid'],
2569          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
2570          "profile_fields_editable" => true,
2571          "website" => $mybb->get_input('website'),
2572          "icq" => $mybb->get_input('icq'),
2573          "skype" => $mybb->get_input('skype'),
2574          "google" => $mybb->get_input('google'),
2575          "signature" => $mybb->get_input('signature'),
2576          "usernotes" => $mybb->get_input('usernotes'),
2577          "away" => $away
2578      );
2579  
2580      $updated_user['birthday'] = array(
2581          "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT),
2582          "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT),
2583          "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT)
2584      );
2585  
2586      if(!empty($mybb->input['usertitle']))
2587      {
2588          $updated_user['usertitle'] = $mybb->get_input('usertitle');
2589      }
2590      else if(!empty($mybb->input['reverttitle']))
2591      {
2592          $updated_user['usertitle'] = '';
2593      }
2594  
2595      if(!empty($mybb->input['remove_avatar']))
2596      {
2597          $updated_user['avatarurl'] = '';
2598      }
2599  
2600      // Set the data of the user in the datahandler.
2601      $userhandler->set_data($updated_user);
2602      $errors = array();
2603  
2604      // Validate the user and get any errors that might have occurred.
2605      if(!$userhandler->validate_user())
2606      {
2607          $errors = $userhandler->get_friendly_errors();
2608          $mybb->input['action'] = "editprofile";
2609      }
2610      else
2611      {
2612          // Are we removing an avatar from this user?
2613          if(!empty($mybb->input['remove_avatar']))
2614          {
2615              $extra_user_updates = array(
2616                  "avatar" => "",
2617                  "avatardimensions" => "",
2618                  "avatartype" => ""
2619              );
2620              remove_avatars($user['uid']);
2621          }
2622  
2623          // Moderator "Options" (suspend signature, suspend/moderate posting)
2624          $moderator_options = array(
2625              1 => array(
2626                  "action" => "suspendsignature", // The moderator action we're performing
2627                  "period" => "action_period", // The time period we've selected from the dropdown box
2628                  "time" => "action_time", // The time we've entered
2629                  "update_field" => "suspendsignature", // The field in the database to update if true
2630                  "update_length" => "suspendsigtime" // The length of suspension field in the database
2631              ),
2632              2 => array(
2633                  "action" => "moderateposting",
2634                  "period" => "modpost_period",
2635                  "time" => "modpost_time",
2636                  "update_field" => "moderateposts",
2637                  "update_length" => "moderationtime"
2638              ),
2639              3 => array(
2640                  "action" => "suspendposting",
2641                  "period" => "suspost_period",
2642                  "time" => "suspost_time",
2643                  "update_field" => "suspendposting",
2644                  "update_length" => "suspensiontime"
2645              )
2646          );
2647  
2648          require_once  MYBB_ROOT."inc/functions_warnings.php";
2649          foreach($moderator_options as $option)
2650          {
2651              ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT);
2652              $mybb->input[$option['period']] = $mybb->get_input($option['period']);
2653              if(empty($mybb->input[$option['action']]))
2654              {
2655                  if($user[$option['update_field']] == 1)
2656                  {
2657                      // We're revoking the suspension
2658                      $extra_user_updates[$option['update_field']] = 0;
2659                      $extra_user_updates[$option['update_length']] = 0;
2660                  }
2661  
2662                  // Skip this option if we haven't selected it
2663                  continue;
2664              }
2665  
2666              else
2667              {
2668                  if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
2669                  {
2670                      // User has selected a type of ban, but not entered a valid time frame
2671                      $string = $option['action']."_error";
2672                      $errors[] = $lang->$string;
2673                  }
2674                  else
2675                  {
2676                      $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
2677  
2678                      if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
2679                      {
2680                          // We already have a suspension, but entered a new time
2681                          if($suspend_length == "-1")
2682                          {
2683                              // Permanent ban on action
2684                              $extra_user_updates[$option['update_length']] = 0;
2685                          }
2686                          elseif($suspend_length && $suspend_length != "-1")
2687                          {
2688                              // Temporary ban on action
2689                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2690                          }
2691                      }
2692                      elseif(!$user[$option['update_field']])
2693                      {
2694                          // New suspension for this user... bad user!
2695                          $extra_user_updates[$option['update_field']] = 1;
2696                          if($suspend_length == "-1")
2697                          {
2698                              $extra_user_updates[$option['update_length']] = 0;
2699                          }
2700                          else
2701                          {
2702                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
2703                          }
2704                      }
2705                  }
2706              }
2707          }
2708  
2709          // Those with javascript turned off will be able to select both - cheeky!
2710          // Check to make sure we're not moderating AND suspending posting
2711          if(isset($extra_user_updates) && !empty($extra_user_updates['moderateposts']) && !empty($extra_user_updates['suspendposting']))
2712          {
2713              $errors[] = $lang->suspendmoderate_error;
2714          }
2715  
2716          if(is_array($errors) && !empty($errors))
2717          {
2718              $mybb->input['action'] = "editprofile";
2719          }
2720          else
2721          {
2722              $plugins->run_hooks("modcp_do_editprofile_update");
2723  
2724              // Continue with the update if there is no errors
2725              $user_info = $userhandler->update_user();
2726              if(!empty($extra_user_updates))
2727              {
2728                  $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
2729              }
2730              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user);
2731  
2732              $plugins->run_hooks("modcp_do_editprofile_end");
2733  
2734              redirect("modcp.php?action=finduser", $lang->redirect_user_updated);
2735          }
2736      }
2737  }
2738  
2739  if($mybb->input['action'] == "editprofile")
2740  {
2741      if($mybb->usergroup['caneditprofiles'] == 0)
2742      {
2743          error_no_permission();
2744      }
2745  
2746      add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile");
2747  
2748      $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
2749      if(!$user)
2750      {
2751          error($lang->error_nomember);
2752      }
2753  
2754      // Check if the current user has permission to edit this user
2755      if(!modcp_can_manage_user($user['uid']))
2756      {
2757          error_no_permission();
2758      }
2759  
2760      $userperms = user_permissions($user['uid']);
2761  
2762      // Set display group
2763      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2764  
2765      if(!$user['displaygroup'])
2766      {
2767          $user['displaygroup'] = $user['usergroup'];
2768      }
2769  
2770      $display_group = usergroup_displaygroup($user['displaygroup']);
2771      if(is_array($display_group))
2772      {
2773          $userperms = array_merge($userperms, $display_group);
2774      }
2775  
2776      if(!my_validate_url($user['website']))
2777      {
2778          $user['website'] = '';
2779      }
2780  
2781      if($user['icq'] != "0")
2782      {
2783          $user['icq'] = (int)$user['icq'];
2784      }
2785  
2786      if(!$errors)
2787      {
2788          $mybb->input = array_merge($user, $mybb->input);
2789          $birthday = explode('-', $user['birthday']);
2790          if(!isset($birthday[1]))
2791          {
2792              $birthday[1] = '';
2793          }
2794          if(!isset($birthday[2]))
2795          {
2796              $birthday[2] = '';
2797          }
2798          list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday;
2799      }
2800      else
2801      {
2802          $errors = inline_error($errors);
2803      }
2804  
2805      // Sanitize all input
2806      foreach(array('usertitle', 'website', 'icq', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
2807      {
2808          $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field));
2809      }
2810  
2811      // Custom user title
2812      if(!empty($userperms['usertitle']))
2813      {
2814          $defaulttitle = htmlspecialchars_uni($userperms['usertitle']);
2815      }
2816      else
2817      {
2818          // Go for post count title if a group default isn't set
2819          $usertitles = $cache->read('usertitles');
2820  
2821          foreach($usertitles as $title)
2822          {
2823              if($title['posts'] <= $user['postnum'])
2824              {
2825                  $defaulttitle = htmlspecialchars_uni($title['title']);
2826                  break;
2827              }
2828          }
2829      }
2830  
2831      $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
2832  
2833      if(empty($user['usertitle']))
2834      {
2835          $lang->current_custom_usertitle = '';
2836      }
2837  
2838      $bdaydaysel = $selected = '';
2839      for($day = 1; $day <= 31; ++$day)
2840      {
2841          if($mybb->input['birthday_day'] == $day)
2842          {
2843              $selected = "selected=\"selected\"";
2844          }
2845          else
2846          {
2847              $selected = '';
2848          }
2849  
2850          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
2851      }
2852  
2853      $bdaymonthsel = array();
2854      foreach(range(1, 12) as $month)
2855      {
2856          $bdaymonthsel[$month] = '';
2857      }
2858      $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"';
2859  
2860      $awaysection = '';
2861  
2862      if($mybb->settings['allowaway'] != 0)
2863      {
2864          $awaycheck = array('', '');
2865          if($errors)
2866          {
2867              if($user['away'] == 1)
2868              {
2869                  $awaycheck[1] = "checked=\"checked\"";
2870              }
2871              else
2872              {
2873                  $awaycheck[0] = "checked=\"checked\"";
2874              }
2875              $returndate = array();
2876              $returndate[0] = $mybb->get_input('awayday');
2877              $returndate[1] = $mybb->get_input('awaymonth');
2878              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
2879              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
2880          }
2881          else
2882          {
2883              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
2884              if($user['away'] == 1)
2885              {
2886                  $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']);
2887                  $awaycheck[1] = "checked=\"checked\"";
2888                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
2889              }
2890              else
2891              {
2892                  $awaynotice = $lang->away_notice;
2893                  $awaycheck[0] = "checked=\"checked\"";
2894              }
2895              $returndate = explode("-", $user['returndate']);
2896          }
2897          $returndatesel = $selected = '';
2898          for($day = 1; $day <= 31; ++$day)
2899          {
2900              if($returndate[0] == $day)
2901              {
2902                  $selected = "selected=\"selected\"";
2903              }
2904              else
2905              {
2906                  $selected = '';
2907              }
2908  
2909              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
2910          }
2911  
2912          $returndatemonthsel = array();
2913          foreach(range(1, 12) as $month)
2914          {
2915              $returndatemonthsel[$month] = '';
2916          }
2917          if(isset($returndate[1]))
2918          {
2919              $returndatemonthsel[$returndate[1]] = " selected=\"selected\"";
2920          }
2921  
2922          if(!isset($returndate[2]))
2923          {
2924              $returndate[2] = '';
2925          }
2926  
2927          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
2928      }
2929  
2930      $plugins->run_hooks("modcp_editprofile_start");
2931  
2932      // Fetch profile fields
2933      $user_fields = array();
2934      $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
2935      if($db->num_rows($query) > 0)
2936      {
2937          $user_fields = $db->fetch_array($query);
2938      }
2939  
2940      $requiredfields = '';
2941      $customfields = '';
2942      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
2943  
2944      $pfcache = $cache->read('profilefields');
2945  
2946      if(is_array($pfcache))
2947      {
2948          foreach($pfcache as $profilefield)
2949          {
2950              $userfield = $code = $select = $val = $options = $expoptions = $useropts = '';
2951              $seloptions = array();
2952              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
2953              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
2954              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
2955              $thing = explode("\n", $profilefield['type'], "2");
2956              $type = $thing[0];
2957              if(isset($thing[1]))
2958              {
2959                  $options = $thing[1];
2960              }
2961              $field = "fid{$profilefield['fid']}";
2962              if($errors)
2963              {
2964                  if(isset($mybb->input['profile_fields'][$field]))
2965                  {
2966                      $userfield = $mybb->input['profile_fields'][$field];
2967                  }
2968              }
2969              elseif(isset($user_fields[$field]))
2970              {
2971                  $userfield = $user_fields[$field];
2972              }
2973              if($type == "multiselect")
2974              {
2975                  if($errors)
2976                  {
2977                      $useropts = $userfield;
2978                  }
2979                  else
2980                  {
2981                      $useropts = explode("\n", $userfield);
2982                  }
2983                  if(is_array($useropts))
2984                  {
2985                      foreach($useropts as $key => $val)
2986                      {
2987                          $seloptions[$val] = $val;
2988                      }
2989                  }
2990                  $expoptions = explode("\n", $options);
2991                  if(is_array($expoptions))
2992                  {
2993                      foreach($expoptions as $key => $val)
2994                      {
2995                          $val = trim($val);
2996                          $val = str_replace("\n", "\\n", $val);
2997  
2998                          $sel = "";
2999                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3000                          {
3001                              $sel = " selected=\"selected\"";
3002                          }
3003  
3004                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
3005                      }
3006                      if(!$profilefield['length'])
3007                      {
3008                          $profilefield['length'] = 3;
3009                      }
3010  
3011                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
3012                  }
3013              }
3014              elseif($type == "select")
3015              {
3016                  $expoptions = explode("\n", $options);
3017                  if(is_array($expoptions))
3018                  {
3019                      foreach($expoptions as $key => $val)
3020                      {
3021                          $val = trim($val);
3022                          $val = str_replace("\n", "\\n", $val);
3023                          $sel = "";
3024                          if($val == $userfield)
3025                          {
3026                              $sel = " selected=\"selected\"";
3027                          }
3028  
3029                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
3030                      }
3031                      if(!$profilefield['length'])
3032                      {
3033                          $profilefield['length'] = 1;
3034                      }
3035  
3036                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
3037                  }
3038              }
3039              elseif($type == "radio")
3040              {
3041                  $expoptions = explode("\n", $options);
3042                  if(is_array($expoptions))
3043                  {
3044                      foreach($expoptions as $key => $val)
3045                      {
3046                          $checked = "";
3047                          if($val == $userfield)
3048                          {
3049                              $checked = " checked=\"checked\"";
3050                          }
3051  
3052                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
3053                      }
3054                  }
3055              }
3056              elseif($type == "checkbox")
3057              {
3058                  if($errors)
3059                  {
3060                      $useropts = $userfield;
3061                  }
3062                  else
3063                  {
3064                      $useropts = explode("\n", $userfield);
3065                  }
3066                  if(is_array($useropts))
3067                  {
3068                      foreach($useropts as $key => $val)
3069                      {
3070                          $seloptions[$val] = $val;
3071                      }
3072                  }
3073                  $expoptions = explode("\n", $options);
3074                  if(is_array($expoptions))
3075                  {
3076                      foreach($expoptions as $key => $val)
3077                      {
3078                          $checked = "";
3079                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
3080                          {
3081                              $checked = " checked=\"checked\"";
3082                          }
3083  
3084                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
3085                      }
3086                  }
3087              }
3088              elseif($type == "textarea")
3089              {
3090                  $value = htmlspecialchars_uni($userfield);
3091                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
3092              }
3093              else
3094              {
3095                  $value = htmlspecialchars_uni($userfield);
3096                  $maxlength = "";
3097                  if($profilefield['maxlength'] > 0)
3098                  {
3099                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
3100                  }
3101  
3102                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
3103              }
3104  
3105              if($profilefield['required'] == 1)
3106              {
3107                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3108              }
3109              else
3110              {
3111                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
3112              }
3113              $altbg = alt_trow();
3114          }
3115      }
3116      if($customfields)
3117      {
3118          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
3119      }
3120  
3121      $user['username'] = htmlspecialchars_uni($user['username']);
3122      $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']);
3123      $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3124  
3125      $user['signature'] = htmlspecialchars_uni($user['signature']);
3126      $codebuttons = build_mycode_inserter("signature");
3127  
3128      // Do we mark the suspend signature box?
3129      if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors)))
3130      {
3131          $checked = 1;
3132          $checked_item = "checked=\"checked\"";
3133      }
3134      else
3135      {
3136          $checked = 0;
3137          $checked_item = '';
3138      }
3139  
3140      // Do we mark the moderate posts box?
3141      if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors)))
3142      {
3143          $modpost_check = 1;
3144          $modpost_checked = "checked=\"checked\"";
3145      }
3146      else
3147      {
3148          $modpost_check = 0;
3149          $modpost_checked = '';
3150      }
3151  
3152      // Do we mark the suspend posts box?
3153      if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors)))
3154      {
3155          $suspost_check = 1;
3156          $suspost_checked = "checked=\"checked\"";
3157      }
3158      else
3159      {
3160          $suspost_check = 0;
3161          $suspost_checked = '';
3162      }
3163  
3164      $moderator_options = array(
3165          1 => array(
3166              "action" => "suspendsignature", // The input action for this option
3167              "option" => "suspendsignature", // The field in the database that this option relates to
3168              "time" => "action_time", // The time we've entered
3169              "length" => "suspendsigtime", // The length of suspension field in the database
3170              "select_option" => "action" // The name of the select box of this option
3171          ),
3172          2 => array(
3173              "action" => "moderateposting",
3174              "option" => "moderateposts",
3175              "time" => "modpost_time",
3176              "length" => "moderationtime",
3177              "select_option" => "modpost"
3178          ),
3179          3 => array(
3180              "action" => "suspendposting",
3181              "option" => "suspendposting",
3182              "time" => "suspost_time",
3183              "length" => "suspensiontime",
3184              "select_option" => "suspost"
3185          )
3186      );
3187  
3188      $periods = array(
3189          "hours" => $lang->expire_hours,
3190          "days" => $lang->expire_days,
3191          "weeks" => $lang->expire_weeks,
3192          "months" => $lang->expire_months,
3193          "never" => $lang->expire_permanent
3194      );
3195  
3196      $suspendsignature_info = $moderateposts_info = $suspendposting_info = '';
3197      $action_options = $modpost_options = $suspost_options = '';
3198      $modopts = array();
3199      foreach($moderator_options as $option)
3200      {
3201          ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT);
3202          // Display the suspension info, if this user has this option suspended
3203          if($user[$option['option']])
3204          {
3205              if($user[$option['length']] == 0)
3206              {
3207                  // User has a permanent ban
3208                  $string = $option['option']."_perm";
3209                  $suspension_info = $lang->$string;
3210              }
3211              else
3212              {
3213                  // User has a temporary (or limited) ban
3214                  $string = $option['option']."_for";
3215                  $for_date = my_date('relative', $user[$option['length']], '', 2);
3216                  $suspension_info = $lang->sprintf($lang->$string, $for_date);
3217              }
3218  
3219              switch($option['option'])
3220              {
3221                  case "suspendsignature":
3222                      eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3223                      break;
3224                  case "moderateposts":
3225                      eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3226                      break;
3227                  case "suspendposting":
3228                      eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
3229                      break;
3230              }
3231          }
3232  
3233          // Generate the boxes for this option
3234          $selection_options = '';
3235          foreach($periods as $key => $value)
3236          {
3237              $string = $option['select_option']."_period";
3238              if($mybb->get_input($string) == $key)
3239              {
3240                  $selected = "selected=\"selected\"";
3241              }
3242              else
3243              {
3244                  $selected = '';
3245              }
3246  
3247              eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";");
3248          }
3249  
3250          $select_name = $option['select_option']."_period";
3251          switch($option['option'])
3252          {
3253              case "suspendsignature":
3254                  eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";");
3255                  break;
3256              case "moderateposts":
3257                  eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3258                  break;
3259              case "suspendposting":
3260                  eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";");
3261                  break;
3262          }
3263      }
3264  
3265      eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";");
3266  
3267      $user['usernotes'] = htmlspecialchars_uni($user['usernotes']);
3268  
3269      if(!isset($newtitle))
3270      {
3271          $newtitle = '';
3272      }
3273  
3274      $birthday_year = $mybb->input['birthday_year'];
3275      $user_website = $mybb->input['website'];
3276      $user_icq = $mybb->input['icq'];
3277      $user_skype = $mybb->input['skype'];
3278      $user_google = $mybb->input['google'];
3279  
3280      $plugins->run_hooks("modcp_editprofile_end");
3281  
3282      eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";");
3283      output_page($edituser);
3284  }
3285  
3286  if($mybb->input['action'] == "finduser")
3287  {
3288      if($mybb->usergroup['caneditprofiles'] == 0)
3289      {
3290          error_no_permission();
3291      }
3292  
3293      add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser");
3294  
3295      $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3296      if(!$perpage || $perpage <= 0)
3297      {
3298          $perpage = $mybb->settings['threadsperpage'];
3299      }
3300      $where = '';
3301  
3302      if(isset($mybb->input['username']))
3303      {
3304          switch($db->type)
3305          {
3306              case 'mysql':
3307              case 'mysqli':
3308                  $field = 'username';
3309                  break;
3310              default:
3311                  $field = 'LOWER(username)';
3312                  break;
3313          }
3314          $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'";
3315      }
3316  
3317      // Sort order & direction
3318      switch($mybb->get_input('sortby'))
3319      {
3320          case "lastvisit":
3321              $sortby = "lastvisit";
3322              break;
3323          case "postnum":
3324              $sortby = "postnum";
3325              break;
3326          case "username":
3327              $sortby = "username";
3328              break;
3329          default:
3330              $sortby = "regdate";
3331      }
3332      $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => '');
3333      $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\"";
3334      $order = $mybb->get_input('order');
3335      if($order != "asc")
3336      {
3337          $order = "desc";
3338      }
3339      $ordersel = array('asc' => '', 'desc' => '');
3340      $ordersel[$order] = " selected=\"selected\"";
3341  
3342      $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}");
3343      $user_count = $db->fetch_field($query, "count");
3344  
3345      // Figure out if we need to display multiple pages.
3346      if($mybb->get_input('page') != "last")
3347      {
3348          $page = $mybb->get_input('page');
3349      }
3350  
3351      $pages = $user_count / $perpage;
3352      $pages = ceil($pages);
3353  
3354      if($mybb->get_input('page') == "last")
3355      {
3356          $page = $pages;
3357      }
3358  
3359      if($page > $pages || $page <= 0)
3360      {
3361          $page = 1;
3362      }
3363      if($page)
3364      {
3365          $start = ($page-1) * $perpage;
3366      }
3367      else
3368      {
3369          $start = 0;
3370          $page = 1;
3371      }
3372  
3373      $page_url = 'modcp.php?action=finduser';
3374      foreach(array('username', 'sortby', 'order') as $field)
3375      {
3376          if(!empty($mybb->input[$field]))
3377          {
3378              $page_url .= "&amp;{$field}=".$mybb->input[$field];
3379          }
3380      }
3381  
3382      $multipage = multipage($user_count, $perpage, $page, $page_url);
3383  
3384      $usergroups_cache = $cache->read("usergroups");
3385  
3386      $plugins->run_hooks("modcp_finduser_start");
3387  
3388      // Fetch out results
3389      $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start));
3390      $users = '';
3391      while($user = $db->fetch_array($query))
3392      {
3393          $alt_row = alt_trow();
3394          $user['username'] = htmlspecialchars_uni($user['username']);
3395          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
3396          $user['postnum'] = my_number_format($user['postnum']);
3397          $regdate = my_date('relative', $user['regdate']);
3398  
3399          if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])
3400          {
3401              $lastdate = $lang->lastvisit_never;
3402  
3403              if($user['lastvisit'])
3404              {
3405                  // We have had at least some active time, hide it instead
3406                  $lastdate = $lang->lastvisit_hidden;
3407              }
3408          }
3409          else
3410          {
3411              $lastdate = my_date('relative', $user['lastvisit']);
3412          }
3413  
3414          $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']);
3415          eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";");
3416      }
3417  
3418      // No results?
3419      if(!$users)
3420      {
3421          eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";");
3422      }
3423  
3424      $plugins->run_hooks("modcp_finduser_end");
3425  
3426      $username = htmlspecialchars_uni($mybb->get_input('username'));
3427      eval("\$finduser = \"".$templates->get("modcp_finduser")."\";");
3428      output_page($finduser);
3429  }
3430  
3431  if($mybb->input['action'] == "warninglogs")
3432  {
3433      if($mybb->usergroup['canviewwarnlogs'] == 0)
3434      {
3435          error_no_permission();
3436      }
3437  
3438      add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs");
3439  
3440      // Filter options
3441      $where_sql = '';
3442      $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY);
3443      $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY);
3444      if(!empty($mybb->input['filter']['username']))
3445      {
3446          $search_user = get_user_by_username($mybb->input['filter']['username']);
3447  
3448          $mybb->input['filter']['uid'] = (int)$search_user['uid'];
3449          $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']);
3450      }
3451      else
3452      {
3453          $mybb->input['filter']['username'] = '';
3454      }
3455      if(!empty($mybb->input['filter']['uid']))
3456      {
3457          $search['uid'] = (int)$mybb->input['filter']['uid'];
3458          $where_sql .= " AND w.uid='{$search['uid']}'";
3459          if(!isset($mybb->input['search']['username']))
3460          {
3461              $user = get_user($mybb->input['search']['uid']);
3462              $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']);
3463          }
3464      }
3465      else
3466      {
3467          $mybb->input['filter']['uid'] = '';
3468      }
3469      if(!empty($mybb->input['filter']['mod_username']))
3470      {
3471          $mod_user = get_user_by_username($mybb->input['filter']['mod_username']);
3472  
3473          $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid'];
3474          $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']);
3475      }
3476      else
3477      {
3478          $mybb->input['filter']['mod_username'] = '';
3479      }
3480      if(!empty($mybb->input['filter']['mod_uid']))
3481      {
3482          $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid'];
3483          $where_sql .= " AND w.issuedby='{$search['mod_uid']}'";
3484          if(!isset($mybb->input['search']['mod_username']))
3485          {
3486              $mod_user = get_user($mybb->input['search']['uid']);
3487              $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']);
3488          }
3489      }
3490      else
3491      {
3492          $mybb->input['filter']['mod_uid'] = '';
3493      }
3494      if(!empty($mybb->input['filter']['reason']))
3495      {
3496          $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']);
3497          $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";
3498          $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']);
3499      }
3500      else
3501      {
3502          $mybb->input['filter']['reason'] = '';
3503      }
3504      $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => '');
3505      if(!isset($mybb->input['filter']['sortby']))
3506      {
3507          $mybb->input['filter']['sortby'] = '';
3508      }
3509      switch($mybb->input['filter']['sortby'])
3510      {
3511          case "username":
3512              $sortby = "u.username";
3513              $sortbysel['username'] = ' selected="selected"';
3514              break;
3515          case "expires":
3516              $sortby = "w.expires";
3517              $sortbysel['expires'] = ' selected="selected"';
3518              break;
3519          case "issuedby":
3520              $sortby = "i.username";
3521              $sortbysel['issuedby'] = ' selected="selected"';
3522              break;
3523          default: // "dateline"
3524              $sortby = "w.dateline";
3525              $sortbysel['dateline'] = ' selected="selected"';
3526      }
3527      if(!isset($mybb->input['filter']['order']))
3528      {
3529          $mybb->input['filter']['order'] = '';
3530      }
3531      $order = $mybb->input['filter']['order'];
3532      $ordersel = array('asc' => '', 'desc' => '');
3533      if($order != "asc")
3534      {
3535          $order = "desc";
3536          $ordersel['desc'] = ' selected="selected"';
3537      }
3538      else
3539      {
3540          $ordersel['asc'] = ' selected="selected"';
3541      }
3542  
3543      $plugins->run_hooks("modcp_warninglogs_start");
3544  
3545      // Pagination stuff
3546      $sql = "
3547          SELECT COUNT(wid) as count
3548          FROM
3549              ".TABLE_PREFIX."warnings w
3550              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3551          WHERE 1=1
3552              {$where_sql}
3553      ";
3554      $query = $db->query($sql);
3555      $total_warnings = $db->fetch_field($query, 'count');
3556      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3557      if($page <= 0)
3558      {
3559          $page = 1;
3560      }
3561      $per_page = 20;
3562      if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0)
3563      {
3564          $per_page = (int)$mybb->input['filter']['per_page'];
3565      }
3566      $start = ($page-1) * $per_page;
3567      $pages = ceil($total_warnings / $per_page);
3568      if($page > $pages)
3569      {
3570          $start = 0;
3571          $page = 1;
3572      }
3573      // Build the base URL for pagination links
3574      $url = 'modcp.php?action=warninglogs';
3575      if(is_array($mybb->input['filter']) && count($mybb->input['filter']))
3576      {
3577          foreach($mybb->input['filter'] as $field => $value)
3578          {
3579              $value = urlencode($value);
3580              $url .= "&amp;filter[{$field}]={$value}";
3581          }
3582      }
3583      $multipage = multipage($total_warnings, $per_page, $page, $url);
3584  
3585      // The actual query
3586      $sql = "
3587          SELECT
3588              w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby,
3589              t.title,
3590              u.uid, u.username, u.usergroup, u.displaygroup,
3591              i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup
3592          FROM ".TABLE_PREFIX."warnings w
3593              LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid)
3594              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
3595              LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby)
3596          WHERE 1=1
3597              {$where_sql}
3598          ORDER BY {$sortby} {$order}
3599          LIMIT {$start}, {$per_page}
3600      ";
3601      $query = $db->query($sql);
3602  
3603  
3604      $warning_list = '';
3605      while($row = $db->fetch_array($query))
3606      {
3607          $trow = alt_trow();
3608          $row['username'] = htmlspecialchars_uni($row['username']);
3609          $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']);
3610          $username_link = build_profile_link($username, $row['uid']);
3611          $row['mod_username'] = htmlspecialchars_uni($row['mod_username']);
3612          $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']);
3613          $mod_username_link = build_profile_link($mod_username, $row['mod_uid']);
3614          $issued_date = my_date('normal', $row['dateline']);
3615          $revoked_text = '';
3616          if($row['daterevoked'] > 0)
3617          {
3618              $revoked_date = my_date('relative', $row['daterevoked']);
3619              eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";");
3620          }
3621          if($row['expires'] > 0)
3622          {
3623              $expire_date = nice_time($row['expires']-TIME_NOW);
3624          }
3625          else
3626          {
3627              $expire_date = $lang->never;
3628          }
3629          $title = $row['title'];
3630          if(empty($row['title']))
3631          {
3632              $title = $row['custom_title'];
3633          }
3634          $title = htmlspecialchars_uni($title);
3635          if($row['points'] >= 0)
3636          {
3637              $points = '+'.$row['points'];
3638          }
3639  
3640          eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";");
3641      }
3642  
3643      if(!$warning_list)
3644      {
3645          eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";");
3646      }
3647  
3648      $plugins->run_hooks("modcp_warninglogs_end");
3649  
3650      $filter_username = $mybb->input['filter']['username'];
3651      $filter_modusername = $mybb->input['filter']['mod_username'];
3652      $filter_reason = $mybb->input['filter']['reason'];
3653  
3654      eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";");
3655      output_page($warninglogs);
3656  }
3657  
3658  if($mybb->input['action'] == "ipsearch")
3659  {
3660      if($mybb->usergroup['canuseipsearch'] == 0)
3661      {
3662          error_no_permission();
3663      }
3664  
3665      add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch");
3666  
3667      $ipsearch_results = $ipaddressvalue = '';
3668      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
3669      if($mybb->input['ipaddress'])
3670      {
3671          if(!is_array($groupscache))
3672          {
3673              $groupscache = $cache->read("usergroups");
3674          }
3675  
3676          $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']);
3677  
3678          $ip_range = fetch_ip_range($mybb->input['ipaddress']);
3679  
3680          $post_results = $user_results = 0;
3681  
3682          // Searching post IP addresses
3683          if(isset($mybb->input['search_posts']))
3684          {
3685              $post_ip_sql = '';
3686              if($ip_range)
3687              {
3688                  if(!is_array($ip_range))
3689                  {
3690                      $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range);
3691                  }
3692                  else
3693                  {
3694                      $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3695                  }
3696              }
3697  
3698              $plugins->run_hooks("modcp_ipsearch_posts_start");
3699  
3700              if($post_ip_sql)
3701              {
3702                  $where_sql = '';
3703  
3704                  $unviewable_forums = get_unviewable_forums(true);
3705  
3706                  if($unviewable_forums)
3707                  {
3708                      $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})";
3709                  }
3710  
3711                  if($inactiveforums)
3712                  {
3713                      $where_sql .= " AND p.fid NOT IN ({$inactiveforums})";
3714                  }
3715  
3716                  // Check group permissions if we can't view threads not started by us
3717                  $onlyusfids = array();
3718                  $group_permissions = forum_permissions();
3719                  foreach($group_permissions as $fid => $forumpermissions)
3720                  {
3721                      if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1)
3722                      {
3723                          $onlyusfids[] = $fid;
3724                      }
3725                  }
3726  
3727                  if(!empty($onlyusfids))
3728                  {
3729                      $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
3730                  }
3731  
3732                  // Moderators can view unapproved/deleted posts
3733                  if($mybb->usergroup['issupermod'] != 1)
3734                  {
3735                      $unapprove_forums = array();
3736                      $deleted_forums = array();
3737                      $visible_sql = " AND (p.visible = 1 AND t.visible = 1)";
3738                      $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
3739                      while($moderator = $db->fetch_array($query))
3740                      {
3741                          if($moderator['canviewunapprove'] == 1)
3742                          {
3743                              $unapprove_forums[] = $moderator['fid'];
3744                          }
3745  
3746                          if($moderator['canviewdeleted'] == 1)
3747                          {
3748                              $deleted_forums[] = $moderator['fid'];
3749                          }
3750                      }
3751  
3752                      if(!empty($unapprove_forums))
3753                      {
3754                          $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
3755                      }
3756                      if(!empty($deleted_forums))
3757                      {
3758                          $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
3759                      }
3760                  }
3761                  else
3762                  {
3763                      // Super moderators (and admins)
3764                      $visible_sql = " AND p.visible >= -1";
3765                  }
3766  
3767                  $query = $db->query("
3768                      SELECT COUNT(p.pid) AS count
3769                      FROM ".TABLE_PREFIX."posts p
3770                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3771                      WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3772                  ");
3773                  $post_results = $db->fetch_field($query, "count");
3774              }
3775          }
3776  
3777          // Searching user IP addresses
3778          if(isset($mybb->input['search_users']))
3779          {
3780              $user_ip_sql = '';
3781              if($ip_range)
3782              {
3783                  if(!is_array($ip_range))
3784                  {
3785                      $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range);
3786                  }
3787                  else
3788                  {
3789                      $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
3790                  }
3791              }
3792  
3793              $plugins->run_hooks("modcp_ipsearch_users_start");
3794  
3795              if($user_ip_sql)
3796              {
3797                  $query = $db->simple_select('users', 'COUNT(uid) AS count', $user_ip_sql);
3798  
3799                  $user_results = $db->fetch_field($query, "count");
3800              }
3801          }
3802  
3803          $total_results = $post_results+$user_results;
3804  
3805          if(!$total_results)
3806          {
3807              $total_results = 1;
3808          }
3809  
3810          // Now we have the result counts, paginate
3811          $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT);
3812          if(!$perpage || $perpage <= 0)
3813          {
3814              $perpage = $mybb->settings['threadsperpage'];
3815          }
3816  
3817          // Figure out if we need to display multiple pages.
3818          if($mybb->get_input('page') != "last")
3819          {
3820              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3821          }
3822  
3823          $pages = $total_results / $perpage;
3824          $pages = ceil($pages);
3825  
3826          if($mybb->get_input('page') == "last")
3827          {
3828              $page = $pages;
3829          }
3830  
3831          if($page > $pages || $page <= 0)
3832          {
3833              $page = 1;
3834          }
3835  
3836          if($page)
3837          {
3838              $start = ($page-1) * $perpage;
3839          }
3840          else
3841          {
3842              $start = 0;
3843              $page = 1;
3844          }
3845  
3846          $page_url = "modcp.php?action=ipsearch&amp;perpage={$perpage}";
3847          foreach(array('ipaddress', 'search_users', 'search_posts') as $input)
3848          {
3849              if(!empty($mybb->input[$input]))
3850              {
3851                  $page_url .= "&amp;{$input}=".urlencode($mybb->input[$input]);
3852              }
3853          }
3854          $multipage = multipage($total_results, $perpage, $page, $page_url);
3855  
3856          $post_limit = $perpage;
3857          $results = '';
3858          if(isset($mybb->input['search_users']) && $user_results && $start <= $user_results)
3859          {
3860              $query = $db->simple_select('users', 'username, uid, regip, lastip', $user_ip_sql,
3861                      array('order_by' => 'regdate', 'order_dir' => 'DESC', 'limit_start' => $start, 'limit' => $perpage));
3862  
3863              while($ipaddress = $db->fetch_array($query))
3864              {
3865                  $result = false;
3866                  $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']);
3867                  $profile_link = build_profile_link($ipaddress['username'], $ipaddress['uid']);
3868                  $trow = alt_trow();
3869                  $ip = false;
3870                  if(is_array($ip_range))
3871                  {
3872                      if(strcmp($ip_range[0], $ipaddress['regip']) <= 0 && strcmp($ip_range[1], $ipaddress['regip']) >= 0)
3873                      {
3874                          eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";");
3875                          $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip']));
3876                      }
3877                      elseif(strcmp($ip_range[0], $ipaddress['lastip']) <= 0 && strcmp($ip_range[1], $ipaddress['lastip']) >= 0)
3878                      {
3879                          eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";");
3880                          $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip']));
3881                      }
3882                  }
3883                  elseif($ipaddress['regip'] == $ip_range)
3884                  {
3885                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";");
3886                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip']));
3887                  }
3888                  elseif($ipaddress['lastip'] == $ip_range)
3889                  {
3890                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";");
3891                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip']));
3892                  }
3893                  if($ip)
3894                  {
3895                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
3896                      $result = true;
3897                  }
3898                  if($result)
3899                  {
3900                      --$post_limit;
3901                  }
3902              }
3903          }
3904          $post_start = 0;
3905          if($total_results > $user_results && $post_limit)
3906          {
3907              $post_start = $start-$user_results;
3908              if($post_start < 0)
3909              {
3910                  $post_start = 0;
3911              }
3912          }
3913          if(isset($mybb->input['search_posts']) && $post_results && (!isset($mybb->input['search_users']) || (isset($mybb->input['search_users']) && $post_limit > 0)))
3914          {
3915              $ipaddresses = $tids = $uids = array();
3916  
3917              $query = $db->query("
3918                  SELECT p.username AS postusername, p.uid, p.subject, p.pid, p.tid, p.ipaddress
3919                  FROM ".TABLE_PREFIX."posts p
3920                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid)
3921                  WHERE {$post_ip_sql}{$where_sql}{$visible_sql}
3922                  ORDER BY p.dateline DESC, p.pid DESC
3923                  LIMIT {$post_start}, {$post_limit}
3924              ");
3925              while($ipaddress = $db->fetch_array($query))
3926              {
3927                  $tids[$ipaddress['tid']] = $ipaddress['pid'];
3928                  $uids[$ipaddress['uid']] = $ipaddress['pid'];
3929                  $ipaddresses[$ipaddress['pid']] = $ipaddress;
3930              }
3931  
3932              if(!empty($ipaddresses))
3933              {
3934                  $query = $db->simple_select("threads", "subject, tid", "tid IN(".implode(',', array_keys($tids)).")");
3935                  while($thread = $db->fetch_array($query))
3936                  {
3937                      $ipaddresses[$tids[$thread['tid']]]['threadsubject'] = $thread['subject'];
3938                  }
3939                  unset($tids);
3940  
3941                  $query = $db->simple_select("users", "username, uid", "uid IN(".implode(',', array_keys($uids)).")");
3942                  while($user = $db->fetch_array($query))
3943                  {
3944                      $ipaddresses[$uids[$user['uid']]]['username'] = $user['username'];
3945                  }
3946                  unset($uids);
3947  
3948                  foreach($ipaddresses as $ipaddress)
3949                  {
3950                      $ip = my_inet_ntop($db->unescape_binary($ipaddress['ipaddress']));
3951                      if(empty($ipaddress['username']))
3952                      {
3953                          $ipaddress['username'] = $ipaddress['postusername']; // Guest username support
3954                      }
3955                      $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']);
3956                      $trow = alt_trow();
3957                      if(empty($ipaddress['subject']))
3958                      {
3959                          $ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}";
3960                      }
3961  
3962                      $ipaddress['postlink'] = get_post_link($ipaddress['pid'], $ipaddress['tid']);
3963                      $ipaddress['subject'] = htmlspecialchars_uni($parser->parse_badwords($ipaddress['subject']));
3964                      $ipaddress['profilelink'] = build_profile_link($ipaddress['username'], $ipaddress['uid']);
3965  
3966                      eval("\$subject = \"".$templates->get("modcp_ipsearch_result_post")."\";");
3967                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
3968                  }
3969              }
3970          }
3971  
3972          if(!$results)
3973          {
3974              eval("\$results = \"".$templates->get("modcp_ipsearch_noresults")."\";");
3975          }
3976  
3977          if($ipaddressvalue)
3978          {
3979              $lang->ipsearch_results = $lang->sprintf($lang->ipsearch_results, $ipaddressvalue);
3980          }
3981          else
3982          {
3983              $lang->ipsearch_results = $lang->ipsearch;
3984          }
3985  
3986          $ipaddress = $ipaddress_url = $misc_info_link = '';
3987          if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], "/"))
3988          {
3989              $ipaddress = htmlspecialchars_uni($mybb->input['ipaddress']);
3990              $ipaddress_url = urlencode($mybb->input['ipaddress']);
3991              eval("\$misc_info_link = \"".$templates->get("modcp_ipsearch_results_information")."\";");
3992          }
3993  
3994          eval("\$ipsearch_results = \"".$templates->get("modcp_ipsearch_results")."\";");
3995      }
3996  
3997      // Fetch filter options
3998      if(!$mybb->input['ipaddress'])
3999      {
4000          $mybb->input['search_posts'] = 1;
4001          $mybb->input['search_users'] = 1;
4002      }
4003      $usersearchselect = $postsearchselect = '';
4004      if(isset($mybb->input['search_posts']))
4005      {
4006          $postsearchselect = "checked=\"checked\"";
4007      }
4008      if(isset($mybb->input['search_users']))
4009      {
4010          $usersearchselect = "checked=\"checked\"";
4011      }
4012  
4013      $plugins->run_hooks("modcp_ipsearch_end");
4014  
4015      eval("\$ipsearch = \"".$templates->get("modcp_ipsearch")."\";");
4016      output_page($ipsearch);
4017  }
4018  
4019  if($mybb->input['action'] == "iplookup")
4020  {
4021      if($mybb->usergroup['canuseipsearch'] == 0)
4022      {
4023          error_no_permission();
4024      }
4025  
4026      $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
4027      $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress']));
4028      $ipaddress_location = $lang->na;
4029      $ipaddress_host_name = $lang->na;
4030      $modcp_ipsearch_misc_info = '';
4031      if(!strstr($mybb->input['ipaddress'], "*"))
4032      {
4033          // Return GeoIP information if it is available to us
4034          if(function_exists('geoip_record_by_name'))
4035          {
4036              $ip_record = @geoip_record_by_name($mybb->input['ipaddress']);
4037              if($ip_record)
4038              {
4039                  $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name']));
4040                  if($ip_record['city'])
4041                  {
4042                      $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city']));
4043                  }
4044              }
4045          }
4046  
4047          $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress']));
4048  
4049          // gethostbyaddr returns the same ip on failure
4050          if($ipaddress_host_name == $mybb->input['ipaddress'])
4051          {
4052              $ipaddress_host_name = $lang->na;
4053          }
4054      }
4055  
4056      $plugins->run_hooks("modcp_iplookup_end");
4057  
4058      eval("\$iplookup = \"".$templates->get('modcp_ipsearch_misc_info', 1, 0)."\";");
4059      echo($iplookup);
4060      exit;
4061  }
4062  
4063  if($mybb->input['action'] == "banning")
4064  {
4065      if($mybb->usergroup['canbanusers'] == 0)
4066      {
4067          error_no_permission();
4068      }
4069  
4070      add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning");
4071  
4072      if(!$mybb->settings['threadsperpage'])
4073      {
4074          $mybb->settings['threadsperpage'] = 20;
4075      }
4076  
4077      // Figure out if we need to display multiple pages.
4078      $perpage = $mybb->settings['threadsperpage'];
4079      if($mybb->get_input('page') != "last")
4080      {
4081          $page = $mybb->get_input('page', MyBB::INPUT_INT);
4082      }
4083  
4084      $query = $db->simple_select("banned", "COUNT(uid) AS count");
4085      $banned_count = $db->fetch_field($query, "count");
4086  
4087      $postcount = (int)$banned_count;
4088      $pages = $postcount / $perpage;
4089      $pages = ceil($pages);
4090  
4091      if($mybb->get_input('page') == "last")
4092      {
4093          $page = $pages;
4094      }
4095  
4096      if($page > $pages || $page <= 0)
4097      {
4098          $page = 1;
4099      }
4100  
4101      if($page)
4102      {
4103          $start = ($page-1) * $perpage;
4104      }
4105      else
4106      {
4107          $start = 0;
4108          $page = 1;
4109      }
4110      $upper = $start+$perpage;
4111  
4112      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=banning");
4113  
4114      $plugins->run_hooks("modcp_banning_start");
4115  
4116      $query = $db->query("
4117          SELECT b.*, a.username AS adminuser, u.username
4118          FROM ".TABLE_PREFIX."banned b
4119          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
4120          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
4121          ORDER BY dateline DESC
4122          LIMIT {$start}, {$perpage}
4123      ");
4124  
4125      // Get the banned users
4126      $bannedusers = '';
4127      while($banned = $db->fetch_array($query))
4128      {
4129          $banned['username'] = htmlspecialchars_uni($banned['username']);
4130          $profile_link = build_profile_link($banned['username'], $banned['uid']);
4131  
4132          // Only show the edit & lift links if current user created ban, or is super mod/admin
4133          $edit_link = '';
4134          if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1)
4135          {
4136              eval("\$edit_link = \"".$templates->get("modcp_banning_edit")."\";");
4137          }
4138  
4139          $admin_profile = build_profile_link(htmlspecialchars_uni($banned['adminuser']), $banned['admin']);
4140  
4141          $trow = alt_trow();
4142  
4143          if($banned['reason'])
4144          {
4145              $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason']));
4146          }
4147          else
4148          {
4149              $banned['reason'] = $lang->na;
4150          }
4151  
4152          if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---')
4153          {
4154              $banlength = $lang->permanent;
4155              $timeremaining = $lang->na;
4156          }
4157          else
4158          {
4159              $banlength = $bantimes[$banned['bantime']];
4160              $remaining = $banned['lifted']-TIME_NOW;
4161  
4162              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
4163  
4164              $banned_class = '';
4165              $ban_remaining = "{$timeremaining} {$lang->ban_remaining}";
4166  
4167              if($remaining <= 0)
4168              {
4169                  $banned_class = "imminent_banned";
4170                  $ban_remaining = $lang->ban_ending_imminently;
4171              }
4172              if($remaining < 3600)
4173              {
4174                  $banned_class = "high_banned";
4175              }
4176              else if($remaining < 86400)
4177              {
4178                  $banned_class = "moderate_banned";
4179              }
4180              else if($remaining < 604800)
4181              {
4182                  $banned_class = "low_banned";
4183              }
4184              else
4185              {
4186                  $banned_class = "normal_banned";
4187              }
4188  
4189              eval('$timeremaining = "'.$templates->get('modcp_banning_remaining').'";');
4190          }
4191  
4192          eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";");
4193      }
4194  
4195      if(!$bannedusers)
4196      {
4197          eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";");
4198      }
4199  
4200      $plugins->run_hooks("modcp_banning");
4201  
4202      eval("\$bannedpage = \"".$templates->get("modcp_banning")."\";");
4203      output_page($bannedpage);
4204  }
4205  
4206  if($mybb->input['action'] == "liftban")
4207  {
4208      // Verify incoming POST request
4209      verify_post_check($mybb->get_input('my_post_key'));
4210  
4211      if($mybb->usergroup['canbanusers'] == 0)
4212      {
4213          error_no_permission();
4214      }
4215  
4216      $query = $db->simple_select("banned", "*", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
4217      $ban = $db->fetch_array($query);
4218  
4219      if(!$ban)
4220      {
4221          error($lang->error_invalidban);
4222      }
4223  
4224      // Permission to edit this ban?
4225      if($mybb->user['uid'] != $ban['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
4226      {
4227          error_no_permission();
4228      }
4229  
4230      $plugins->run_hooks("modcp_liftban_start");
4231  
4232      $query = $db->simple_select("users", "username", "uid = '{$ban['uid']}'");
4233      $username = $db->fetch_field($query, "username");
4234  
4235      $updated_group = array(
4236          'usergroup' => $ban['oldgroup'],
4237          'additionalgroups' => $db->escape_string($ban['oldadditionalgroups']),
4238          'displaygroup' => $ban['olddisplaygroup']
4239      );
4240      $db->update_query("users", $updated_group, "uid='{$ban['uid']}'");
4241      $db->delete_query("banned", "uid='{$ban['uid']}'");
4242  
4243      $cache->update_moderators();
4244      log_moderator_action(array("uid" => $ban['uid'], "username" => $username), $lang->lifted_ban);
4245  
4246      $plugins->run_hooks("modcp_liftban_end");
4247  
4248      redirect("modcp.php?action=banning", $lang->redirect_banlifted);
4249  }
4250  
4251  if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post")
4252  {
4253      // Verify incoming POST request
4254      verify_post_check($mybb->get_input('my_post_key'));
4255  
4256      if($mybb->usergroup['canbanusers'] == 0)
4257      {
4258          error_no_permission();
4259      }
4260  
4261      // Editing an existing ban
4262      $existing_ban = false;
4263      if($mybb->get_input('uid', MyBB::INPUT_INT))
4264      {
4265          // Get the users info from their uid
4266          $query = $db->query("
4267              SELECT b.*, u.uid, u.username, u.usergroup, u.additionalgroups, u.displaygroup
4268              FROM ".TABLE_PREFIX."banned b
4269              LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
4270              WHERE b.uid='{$mybb->input['uid']}'
4271          ");
4272          $user = $db->fetch_array($query);
4273  
4274          if($user)
4275          {
4276              $existing_ban = true;
4277          }
4278  
4279          // Permission to edit this ban?
4280          if($existing_ban && $mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
4281          {
4282              error_no_permission();
4283          }
4284      }
4285  
4286      $errors = array();
4287  
4288      // Creating a new ban
4289      if(!$existing_ban)
4290      {
4291          // Get the users info from their Username
4292          $options = array(
4293              'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup')
4294          );
4295  
4296          $user = get_user_by_username($mybb->input['username'], $options);
4297  
4298          if(!$user)
4299          {
4300              $errors[] = $lang->invalid_username;
4301          }
4302      }
4303  
4304      if($user['uid'] == $mybb->user['uid'])
4305      {
4306          $errors[] = $lang->error_cannotbanself;
4307      }
4308  
4309      // Have permissions to ban this user?
4310      if(!modcp_can_manage_user($user['uid']))
4311      {
4312          $errors[] = $lang->error_cannotbanuser;
4313      }
4314  
4315      // Check for an incoming reason
4316      if(empty($mybb->input['banreason']))
4317      {
4318          $errors[] = $lang->error_nobanreason;
4319      }
4320  
4321      // Check banned group
4322      $usergroups_cache = $cache->read('usergroups');
4323      if(isset($usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)]))
4324      {
4325          $usergroup = $usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)];
4326      }
4327  
4328      if(!isset($usergroup) || empty($usergroup['isbannedgroup']))
4329      {
4330          $errors[] = $lang->error_nobangroup;
4331      }
4332  
4333      // If this is a new ban, we check the user isn't already part of a banned group
4334      if(!$existing_ban && $user['uid'])
4335      {
4336          $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'", array('limit' => 1));
4337          if($db->num_rows($query) > 0)
4338          {
4339              $errors[] = $lang->error_useralreadybanned;
4340          }
4341      }
4342  
4343      $plugins->run_hooks("modcp_do_banuser_start");
4344  
4345      // Still no errors? Ban the user
4346      if(!$errors)
4347      {
4348          // Ban the user
4349          if($mybb->get_input('liftafter') == '---')
4350          {
4351              $lifted = 0;
4352          }
4353          else
4354          {
4355              if(!isset($user['dateline']))
4356              {
4357                  $user['dateline'] = 0;
4358              }
4359              $lifted = ban_date2timestamp($mybb->get_input('liftafter'), $user['dateline']);
4360          }
4361  
4362          $banreason = my_substr($mybb->get_input('banreason'), 0, 255);
4363  
4364          if($existing_ban)
4365          {
4366              $update_array = array(
4367                  'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
4368                  'dateline' => TIME_NOW,
4369                  'bantime' => $db->escape_string($mybb->get_input('liftafter')),
4370                  'lifted' => $db->escape_string($lifted),
4371                  'reason' => $db->escape_string($banreason)
4372              );
4373  
4374              $db->update_query('banned', $update_array, "uid='{$user['uid']}'");
4375          }
4376          else
4377          {
4378              $insert_array = array(
4379                  'uid' => $user['uid'],
4380                  'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
4381                  'oldgroup' => (int)$user['usergroup'],
4382                  'oldadditionalgroups' => $db->escape_string($user['additionalgroups']),
4383                  'olddisplaygroup' => (int)$user['displaygroup'],
4384                  'admin' => (int)$mybb->user['uid'],
4385                  'dateline' => TIME_NOW,
4386                  'bantime' => $db->escape_string($mybb->get_input('liftafter')),
4387                  'lifted' => $db->escape_string($lifted),
4388                  'reason' => $db->escape_string($banreason)
4389              );
4390  
4391              $db->insert_query('banned', $insert_array);
4392          }
4393  
4394          // Move the user to the banned group
4395          $update_array = array(
4396              'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
4397              'displaygroup' => 0,
4398              'additionalgroups' => '',
4399          );
4400          $db->update_query('users', $update_array, "uid = {$user['uid']}");
4401  
4402          // Log edit or add ban
4403          if($existing_ban)
4404          {
4405              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user_ban);
4406          }
4407          else
4408          {
4409              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user);
4410          }
4411  
4412          $plugins->run_hooks("modcp_do_banuser_end");
4413  
4414          if($existing_ban)
4415          {
4416              redirect("modcp.php?action=banning", $lang->redirect_banuser_updated);
4417          }
4418          else
4419          {
4420              redirect("modcp.php?action=banning", $lang->redirect_banuser);
4421          }
4422      }
4423      // Otherwise has errors, throw back to ban page
4424      else
4425      {
4426          $mybb->input['action'] = "banuser";
4427      }
4428  }
4429  
4430  if($mybb->input['action'] == "banuser")
4431  {
4432      add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning");
4433  
4434      if($mybb->usergroup['canbanusers'] == 0)
4435      {
4436          error_no_permission();
4437      }
4438  
4439      $mybb->input['uid'] = $mybb->get_input('uid', MyBB::INPUT_INT);
4440      if($mybb->input['uid'])
4441      {
4442          add_breadcrumb($lang->mcp_nav_editing_ban);
4443      }
4444      else
4445      {
4446          add_breadcrumb($lang->mcp_nav_ban_user);
4447      }
4448  
4449      $plugins->run_hooks("modcp_banuser_start");
4450  
4451      $banuser_username = '';
4452      $banreason = '';
4453  
4454      // If incoming user ID, we are editing a ban
4455      if($mybb->input['uid'])
4456      {
4457          $query = $db->query("
4458              SELECT b.*, u.username, u.uid
4459              FROM ".TABLE_PREFIX."banned b
4460              LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
4461              WHERE b.uid='{$mybb->input['uid']}'
4462          ");
4463          $banned = $db->fetch_array($query);
4464          if(!empty($banned['username']))
4465          {
4466              $username = $banned['username'] = htmlspecialchars_uni($banned['username']);
4467              $banreason = htmlspecialchars_uni($banned['reason']);
4468              $uid = $mybb->input['uid'];
4469              $user = get_user($banned['uid']);
4470              $lang->ban_user = $lang->edit_ban; // Swap over lang variables
4471              eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";");
4472          }
4473      }
4474  
4475      // Permission to edit this ban?
4476      if(!empty($banned) && $banned['uid'] && $mybb->user['uid'] != $banned['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
4477      {
4478          error_no_permission();
4479      }
4480  
4481      // New ban!
4482      if(!$banuser_username)
4483      {
4484          if($mybb->input['uid'])
4485          {
4486              $user = get_user($mybb->input['uid']);
4487              $user['username'] = htmlspecialchars_uni($user['username']);
4488              $username = $user['username'];
4489          }
4490          else
4491          {
4492              $username = htmlspecialchars_uni($mybb->get_input('username'));
4493          }
4494          eval("\$banuser_username = \"".$templates->get("modcp_banuser_addusername")."\";");
4495      }
4496  
4497      // Coming back to this page from an error?
4498      if($errors)
4499      {
4500          $errors = inline_error($errors);
4501          $banned = array(
4502              "bantime" => $mybb->get_input('liftafter'),
4503              "reason" => $mybb->get_input('reason'),
4504              "gid" => $mybb->get_input('gid', MyBB::INPUT_INT)
4505          );
4506          $banreason = htmlspecialchars_uni($mybb->get_input('banreason'));
4507      }
4508  
4509      // Generate the banned times dropdown
4510      $liftlist = '';
4511      foreach($bantimes as $time => $title)
4512      {
4513          $selected = '';
4514          if(isset($banned['bantime']) && $banned['bantime'] == $time)
4515          {
4516              $selected = " selected=\"selected\"";
4517          }
4518  
4519          $thattime = '';
4520          if($time != '---')
4521          {
4522              $dateline = TIME_NOW;
4523              if(isset($banned['dateline']))
4524              {
4525                  $dateline = $banned['dateline'];
4526              }
4527  
4528              $thatime = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time, $dateline));
4529              $thattime = " ({$thatime})";
4530          }
4531  
4532          eval("\$liftlist .= \"".$templates->get("modcp_banuser_liftlist")."\";");
4533      }
4534  
4535      $bangroup_option = $bangroups = '';
4536      $numgroups = $banned_group = 0;
4537      $groupscache = $cache->read("usergroups");
4538  
4539      foreach($groupscache as $key => $group)
4540      {
4541          if($group['isbannedgroup'])
4542          {
4543              $selected = "";
4544              if(isset($banned['gid']) && $banned['gid'] == $group['gid'])
4545              {
4546                  $selected = " selected=\"selected\"";
4547              }
4548  
4549              $group['title'] = htmlspecialchars_uni($group['title']);
4550              eval("\$bangroup_option .= \"".$templates->get("modcp_banuser_bangroups_group")."\";");
4551              $banned_group = $group['gid'];
4552              ++$numgroups;
4553          }
4554      }
4555  
4556      if($numgroups == 0)
4557      {
4558          error($lang->no_banned_group);
4559      }
4560      elseif($numgroups > 1)
4561      {
4562          eval("\$bangroups = \"".$templates->get("modcp_banuser_bangroups")."\";");
4563      }
4564      else
4565      {
4566          eval("\$bangroups = \"".$templates->get("modcp_banuser_bangroups_hidden")."\";");
4567      }
4568  
4569      if(!empty($banned['uid']))
4570      {
4571          eval("\$lift_link = \"".$templates->get("modcp_banuser_lift")."\";");
4572          $uid = $banned['uid'];
4573      }
4574      else
4575      {
4576          $lift_link = '';
4577          $uid = 0;
4578      }
4579  
4580      $plugins->run_hooks("modcp_banuser_end");
4581  
4582      eval("\$banuser = \"".$templates->get("modcp_banuser")."\";");
4583      output_page($banuser);
4584  }
4585  
4586  if($mybb->input['action'] == "do_modnotes")
4587  {
4588      // Verify incoming POST request
4589      verify_post_check($mybb->get_input('my_post_key'));
4590  
4591      $plugins->run_hooks("modcp_do_modnotes_start");
4592  
4593      // Update Moderator Notes cache
4594      $update_cache = array(
4595          "modmessage" => $mybb->get_input('modnotes')
4596      );
4597      $cache->update("modnotes", $update_cache);
4598  
4599      $plugins->run_hooks("modcp_do_modnotes_end");
4600  
4601      redirect("modcp.php", $lang->redirect_modnotes);
4602  }
4603  
4604  if(!$mybb->input['action'])
4605  {
4606      $awaitingattachments = $awaitingposts = $awaitingthreads = $awaitingmoderation = '';
4607  
4608      if($mybb->usergroup['canmanagemodqueue'] == 1)
4609      {
4610          if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))
4611          {
4612              if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
4613              {
4614                  $bgcolor = "trow1";
4615              }
4616              else
4617              {
4618                  $bgcolor = "trow2";
4619              }
4620  
4621              $query = $db->query("
4622                  SELECT COUNT(aid) AS unapprovedattachments
4623                  FROM  ".TABLE_PREFIX."attachments a
4624                  LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
4625                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4626                  WHERE a.visible='0' {$tflist}
4627              ");
4628              $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
4629  
4630              if($unapproved_attachments > 0)
4631              {
4632                  $query = $db->query("
4633                      SELECT t.tid, p.pid, p.uid, t.username, a.filename, a.dateuploaded
4634                      FROM  ".TABLE_PREFIX."attachments a
4635                      LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
4636                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4637                      WHERE a.visible='0' {$tflist}
4638                      ORDER BY a.dateuploaded DESC
4639                      LIMIT 1
4640                  ");
4641                  $attachment = $db->fetch_array($query);
4642                  $attachment['date'] = my_date('relative', $attachment['dateuploaded']);
4643                  $attachment['username'] = htmlspecialchars_uni($attachment['username']);
4644                  $attachment['profilelink'] = build_profile_link($attachment['username'], $attachment['uid']);
4645                  $attachment['link'] = get_post_link($attachment['pid'], $attachment['tid']);
4646                  $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
4647                  $unapproved_attachments = my_number_format($unapproved_attachments);
4648  
4649                  eval("\$latest_attachment = \"".$templates->get("modcp_lastattachment")."\";");
4650              }
4651              else
4652              {
4653                  eval("\$latest_attachment = \"".$templates->get("modcp_awaitingmoderation_none")."\";");
4654              }
4655  
4656              eval("\$awaitingattachments = \"".$templates->get("modcp_awaitingattachments")."\";");
4657          }
4658  
4659          if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1)
4660          {
4661              $query = $db->query("
4662                  SELECT COUNT(pid) AS unapprovedposts
4663                  FROM  ".TABLE_PREFIX."posts p
4664                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4665                  WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid
4666              ");
4667              $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
4668  
4669              if($unapproved_posts > 0)
4670              {
4671                  $query = $db->query("
4672                      SELECT p.pid, p.tid, p.subject, p.uid, p.username, p.dateline
4673                      FROM  ".TABLE_PREFIX."posts p
4674                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4675                      WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid
4676                      ORDER BY p.dateline DESC, p.pid DESC
4677                      LIMIT 1
4678                  ");
4679                  $post = $db->fetch_array($query);
4680                  $post['date'] = my_date('relative', $post['dateline']);
4681                  $post['username'] = htmlspecialchars_uni($post['username']);
4682                  $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
4683                  $post['link'] = get_post_link($post['pid'], $post['tid']);
4684                  $post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']);
4685                  if(my_strlen($post['subject']) > 25)
4686                  {
4687                      $post['subject'] = my_substr($post['subject'], 0, 25)."...";
4688                  }
4689                  $post['subject'] = htmlspecialchars_uni($post['subject']);
4690                  $post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']);
4691                  $unapproved_posts = my_number_format($unapproved_posts);
4692  
4693                  eval("\$latest_post = \"".$templates->get("modcp_lastpost")."\";");
4694              }
4695              else
4696              {
4697                  eval("\$latest_post = \"".$templates->get("modcp_awaitingmoderation_none")."\";");
4698              }
4699  
4700              eval("\$awaitingposts = \"".$templates->get("modcp_awaitingposts")."\";");
4701          }
4702  
4703          if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)
4704          {
4705              $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
4706              $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
4707  
4708              if($unapproved_threads > 0)
4709              {
4710                  $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible='0' {$flist_queue_threads}", array('order_by' =>  'dateline', 'order_dir' => 'DESC', 'limit' => 1));
4711                  $thread = $db->fetch_array($query);
4712                  $thread['date'] = my_date('relative', $thread['dateline']);
4713                  $thread['username'] = htmlspecialchars_uni($thread['username']);
4714                  $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
4715                  $thread['link'] = get_thread_link($thread['tid']);
4716                  $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']);
4717                  if(my_strlen($thread['subject']) > 25)
4718                  {
4719                      $post['subject'] = my_substr($thread['subject'], 0, 25)."...";
4720                  }
4721                  $thread['subject'] = htmlspecialchars_uni($thread['subject']);
4722                  $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']);
4723                  $unapproved_threads = my_number_format($unapproved_threads);
4724  
4725                  eval("\$latest_thread = \"".$templates->get("modcp_lastthread")."\";");
4726              }
4727              else
4728              {
4729                  eval("\$latest_thread = \"".$templates->get("modcp_awaitingmoderation_none")."\";");
4730              }
4731  
4732              eval("\$awaitingthreads = \"".$templates->get("modcp_awaitingthreads")."\";");
4733          }
4734  
4735          if(!empty($awaitingattachments) || !empty($awaitingposts) || !empty($awaitingthreads))
4736          {
4737              eval("\$awaitingmoderation = \"".$templates->get("modcp_awaitingmoderation")."\";");
4738          }
4739      }
4740  
4741      $latestfivemodactions = '';
4742      if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1)
4743      {
4744          $where = '';
4745          if($tflist_modlog)
4746          {
4747              $where = "WHERE (t.fid <> 0 {$tflist_modlog}) OR (l.fid <> 0)";
4748          }
4749  
4750          $query = $db->query("
4751              SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
4752              FROM ".TABLE_PREFIX."moderatorlog l
4753              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
4754              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
4755              LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
4756              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
4757              {$where}
4758              ORDER BY l.dateline DESC
4759              LIMIT 5
4760          ");
4761  
4762          $modlogresults = '';
4763          while($logitem = $db->fetch_array($query))
4764          {
4765              $information = '';
4766              $logitem['action'] = htmlspecialchars_uni($logitem['action']);
4767              $log_date = my_date('relative', $logitem['dateline']);
4768              $trow = alt_trow();
4769              $logitem['username'] = htmlspecialchars_uni($logitem['username']);
4770              $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
4771              $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
4772              $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress']));
4773  
4774              if($logitem['tsubject'])
4775              {
4776                  $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject']));
4777                  $logitem['thread'] = get_thread_link($logitem['tid']);
4778                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";");
4779              }
4780              if($logitem['fname'])
4781              {
4782                  $logitem['forum'] = get_forum_link($logitem['fid']);
4783                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";");
4784              }
4785              if($logitem['psubject'])
4786              {
4787                  $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject']));
4788                  $logitem['post'] = get_post_link($logitem['pid']);
4789                  eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";");
4790              }
4791  
4792              // Edited a user or managed announcement?
4793              if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
4794              {
4795                  $data = my_unserialize($logitem['data']);
4796                  if(isset($data['uid']))
4797                  {
4798                      $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
4799                  }
4800                  if(isset($data['aid']))
4801                  {
4802                      $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject']));
4803                      $data['announcement'] = get_announcement_link($data['aid']);
4804                      eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";");
4805                  }
4806              }
4807  
4808              $plugins->run_hooks("modcp_modlogs_result");
4809  
4810              eval("\$modlogresults .= \"".$templates->get("modcp_modlogs_result")."\";");
4811          }
4812  
4813          if(!$modlogresults)
4814          {
4815              eval("\$modlogresults = \"".$templates->get("modcp_modlogs_nologs")."\";");
4816          }
4817  
4818          eval("\$latestfivemodactions = \"".$templates->get("modcp_latestfivemodactions")."\";");
4819      }
4820  
4821      $query = $db->query("
4822          SELECT b.*, a.username AS adminuser, u.username
4823          FROM ".TABLE_PREFIX."banned b
4824          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
4825          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
4826          WHERE b.bantime != '---' AND b.bantime != 'perm'
4827          ORDER BY lifted ASC
4828          LIMIT 5
4829      ");
4830  
4831      $banned_cache = array();
4832      while($banned = $db->fetch_array($query))
4833      {
4834          $banned['remaining'] = $banned['lifted']-TIME_NOW;
4835          $banned_cache[$banned['remaining'].$banned['uid']] = $banned;
4836  
4837          unset($banned);
4838      }
4839  
4840      // Get the banned users
4841      $bannedusers = '';
4842      foreach($banned_cache as $banned)
4843      {
4844          $banned['username'] = htmlspecialchars_uni($banned['username']);
4845          $profile_link = build_profile_link($banned['username'], $banned['uid']);
4846  
4847          // Only show the edit & lift links if current user created ban, or is super mod/admin
4848          $edit_link = '';
4849          if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1)
4850          {
4851              eval("\$edit_link = \"".$templates->get("modcp_banning_edit")."\";");
4852          }
4853  
4854          $admin_profile = build_profile_link(htmlspecialchars_uni($banned['adminuser']), $banned['admin']);
4855  
4856          $trow = alt_trow();
4857  
4858          if($banned['reason'])
4859          {
4860              $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason']));
4861          }
4862          else
4863          {
4864              $banned['reason'] = $lang->na;
4865          }
4866  
4867          if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---')
4868          {
4869              $banlength = $lang->permanent;
4870              $timeremaining = $lang->na;
4871          }
4872          else
4873          {
4874              $banlength = $bantimes[$banned['bantime']];
4875              $remaining = $banned['remaining'];
4876  
4877              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
4878  
4879              $banned_class = '';
4880              $ban_remaining = "{$timeremaining} {$lang->ban_remaining}";
4881  
4882              if($remaining <= 0)
4883              {
4884                  $banned_class = "imminent_banned";
4885                  $ban_remaining = $lang->ban_ending_imminently;
4886              }
4887              else if($remaining < 3600)
4888              {
4889                  $banned_class = "high_banned";
4890              }
4891              else if($remaining < 86400)
4892              {
4893                  $banned_class = "moderate_banned";
4894              }
4895              else if($remaining < 604800)
4896              {
4897                  $banned_class = "low_banned";
4898              }
4899              else
4900              {
4901                  $banned_class = "normal_banned";
4902              }
4903  
4904              eval('$timeremaining = "'.$templates->get('modcp_banning_remaining').'";');
4905          }
4906  
4907          eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";");
4908      }
4909  
4910      if(!$bannedusers)
4911      {
4912          eval("\$bannedusers = \"".$templates->get("modcp_nobanned")."\";");
4913      }
4914  
4915      $modnotes = '';
4916      $modnotes_cache = $cache->read("modnotes");
4917      if($modnotes_cache !== false)
4918      {
4919          $modnotes = htmlspecialchars_uni($modnotes_cache['modmessage']);
4920      }
4921  
4922      $plugins->run_hooks("modcp_end");
4923  
4924      eval("\$modcp = \"".$templates->get("modcp")."\";");
4925      output_page($modcp);
4926  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref