| [ Index ] |
PHP Cross Reference of MyBB 1.8.39 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'modcp.php'); 13 14 $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_selectall,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit,modcp_awaitingmoderation"; 15 $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread,modcp_awaitingthreads,preview"; 16 $templatelist .= ",modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty,modcp_awaitingposts,modcp_nav_editprofile,modcp_nav_banning"; 17 $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp_modlogs_nologs,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info"; 18 $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults, modcp_nav_forums_posts"; 19 $templatelist .= ",codebuttons,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result,modcp_nav_modqueue,modcp_banuser_liftlist"; 20 $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info,modcp_nav_announcements,modcp_modqueue_post_link"; 21 $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned,modcp_modqueue_thread_link"; 22 $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,modcp_announcements_forum_nomod,modcp_announcements_announcement,usercp_profile_away,modcp_modlogs_user,modcp_editprofile_away"; 23 $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,modcp_awaitingattachments,modcp_modqueue_attachment_link"; 24 $templatelist .= ",postbit_groupimage,postbit_userstar,postbit_online,postbit_offline,postbit_away,postbit_avatar,postbit_find,postbit_pm,postbit_email,postbit_www,postbit_author_user,announcement_edit,announcement_quickdelete"; 25 $templatelist .= ",modcp_awaitingmoderation_none,modcp_banning_edit,modcp_banuser_bangroups_group,modcp_banuser_lift,modcp_modlogs_result_announcement,modcp_modlogs_result_forum,modcp_modlogs_result_post,modcp_modlogs_result_thread"; 26 $templatelist .= ",modcp_nav_warninglogs,modcp_nav_ipsearch,modcp_nav_users,modcp_announcements_day,modcp_announcements_month_start,modcp_announcements_month_end,modcp_announcements_announcement_expired,modcp_announcements_announcement_active"; 27 $templatelist .= ",modcp_modqueue_link_forum,modcp_modqueue_link_thread,usercp_profile_day,modcp_ipsearch_result_regip,modcp_ipsearch_result_lastip,modcp_ipsearch_result_post,modcp_ipsearch_results_information,usercp_profile_profilefields_text"; 28 $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,postbit"; 29 $templatelist .= ",modcp_banning_remaining,postmodcp_nav_announcements,modcp_nav_reportcenter,modcp_nav_modlogs,modcp_latestfivemodactions,modcp_banuser_bangroups_hidden,modcp_banuser_bangroups,usercp_profile_profilefields_checkbox"; 30 31 require_once "./global.php"; 32 require_once MYBB_ROOT."inc/functions_user.php"; 33 require_once MYBB_ROOT."inc/functions_upload.php"; 34 require_once MYBB_ROOT."inc/functions_modcp.php"; 35 require_once MYBB_ROOT."inc/class_parser.php"; 36 $parser = new postParser; 37 38 // Set up the array of ban times. 39 $bantimes = fetch_ban_times(); 40 41 // Load global language phrases 42 $lang->load("modcp"); 43 $lang->load("announcements"); 44 45 if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) 46 { 47 error_no_permission(); 48 } 49 50 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 51 { 52 $mybb->settings['threadsperpage'] = 20; 53 } 54 55 $tflist = $flist = $tflist_queue_threads = $flist_queue_threads = $tflist_queue_posts = $flist_queue_posts = $tflist_queue_attach = 56 $flist_queue_attach = $wflist_reports = $tflist_reports = $flist_reports = $tflist_modlog = $flist_modlog = $errors = ''; 57 // SQL for fetching items only related to forums this user moderates 58 $moderated_forums = array(); 59 $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0; 60 if($mybb->usergroup['issupermod'] != 1) 61 { 62 $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id IN ({$mybb->usergroup['all_usergroups']}) AND isgroup = '1')"); 63 while($forum = $db->fetch_array($query)) 64 { 65 $moderated_forums[] = $forum['fid']; 66 $children = get_child_list($forum['fid']); 67 if(is_array($children)) 68 { 69 $moderated_forums = array_merge($moderated_forums, $children); 70 } 71 } 72 $moderated_forums = array_unique($moderated_forums); 73 74 $numannouncements = $nummodqueuethreads = $nummodqueueposts = $nummodqueueattach = $numreportedposts = $nummodlogs = 0; 75 foreach($moderated_forums as $moderated_forum) 76 { 77 // For Announcements 78 if(is_moderator($moderated_forum, 'canmanageannouncements')) 79 { 80 ++$numannouncements; 81 } 82 83 // For the Mod Queues 84 if(is_moderator($moderated_forum, 'canapproveunapprovethreads')) 85 { 86 $flist_queue_threads .= ",'{$moderated_forum}'"; 87 ++$nummodqueuethreads; 88 } 89 90 if(is_moderator($moderated_forum, 'canapproveunapproveposts')) 91 { 92 $flist_queue_posts .= ",'{$moderated_forum}'"; 93 ++$nummodqueueposts; 94 } 95 96 if(is_moderator($moderated_forum, 'canapproveunapproveattachs')) 97 { 98 $flist_queue_attach .= ",'{$moderated_forum}'"; 99 ++$nummodqueueattach; 100 } 101 102 // For Reported posts 103 if(is_moderator($moderated_forum, 'canmanagereportedposts')) 104 { 105 $flist_reports .= ",'{$moderated_forum}'"; 106 ++$numreportedposts; 107 } 108 109 // For the Mod Log 110 if(is_moderator($moderated_forum, 'canviewmodlog')) 111 { 112 $flist_modlog .= ",'{$moderated_forum}'"; 113 ++$nummodlogs; 114 } 115 116 $flist .= ",'{$moderated_forum}'"; 117 } 118 if($flist_queue_threads) 119 { 120 $tflist_queue_threads = " AND t.fid IN (0{$flist_queue_threads})"; 121 $flist_queue_threads = " AND fid IN (0{$flist_queue_threads})"; 122 } 123 if($flist_queue_posts) 124 { 125 $tflist_queue_posts = " AND t.fid IN (0{$flist_queue_posts})"; 126 $flist_queue_posts = " AND fid IN (0{$flist_queue_posts})"; 127 } 128 if($flist_queue_attach) 129 { 130 $tflist_queue_attach = " AND t.fid IN (0{$flist_queue_attach})"; 131 $flist_queue_attach = " AND fid IN (0{$flist_queue_attach})"; 132 } 133 if($flist_reports) 134 { 135 $wflist_reports = "WHERE r.id3 IN (0{$flist_reports})"; 136 $tflist_reports = " AND r.id3 IN (0{$flist_reports})"; 137 $flist_reports = " AND id3 IN (0{$flist_reports})"; 138 } 139 if($flist_modlog) 140 { 141 $tflist_modlog = " AND t.fid IN (0{$flist_modlog})"; 142 $flist_modlog = " AND fid IN (0{$flist_modlog})"; 143 } 144 if($flist) 145 { 146 $tflist = " AND t.fid IN (0{$flist})"; 147 $flist = " AND fid IN (0{$flist})"; 148 } 149 } 150 151 // Retrieve a list of unviewable forums 152 $unviewableforums = get_unviewable_forums(); 153 $inactiveforums = get_inactive_forums(); 154 $unviewablefids1 = $unviewablefids2 = array(); 155 156 if($unviewableforums) 157 { 158 $flist .= " AND fid NOT IN ({$unviewableforums})"; 159 $tflist .= " AND t.fid NOT IN ({$unviewableforums})"; 160 161 $unviewablefids1 = explode(',', $unviewableforums); 162 } 163 164 if($inactiveforums) 165 { 166 $flist .= " AND fid NOT IN ({$inactiveforums})"; 167 $tflist .= " AND t.fid NOT IN ({$inactiveforums})"; 168 169 $unviewablefids2 = explode(',', $inactiveforums); 170 } 171 172 $unviewableforums = array_merge($unviewablefids1, $unviewablefids2); 173 174 if(!isset($collapsedimg['modcpforums'])) 175 { 176 $collapsedimg['modcpforums'] = ''; 177 } 178 179 if(!isset($collapsed['modcpforums_e'])) 180 { 181 $collapsed['modcpforums_e'] = ''; 182 } 183 184 if(!isset($collapsedimg['modcpusers'])) 185 { 186 $collapsedimg['modcpusers'] = ''; 187 } 188 189 if(!isset($collapsed['modcpusers_e'])) 190 { 191 $collapsed['modcpusers_e'] = ''; 192 } 193 194 // Fetch the Mod CP menu 195 $nav_announcements = $nav_modqueue = $nav_reportcenter = $nav_modlogs = $nav_editprofile = $nav_banning = $nav_warninglogs = $nav_ipsearch = $nav_forums_posts = $modcp_nav_users = ''; 196 if(($numannouncements > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanageannounce'] == 1) 197 { 198 eval("\$nav_announcements = \"".$templates->get("modcp_nav_announcements")."\";"); 199 } 200 201 if(($nummodqueuethreads > 0 || $nummodqueueposts > 0 || $nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagemodqueue'] == 1) 202 { 203 eval("\$nav_modqueue = \"".$templates->get("modcp_nav_modqueue")."\";"); 204 } 205 206 if(($numreportedposts > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canmanagereportedcontent'] == 1) 207 { 208 eval("\$nav_reportcenter = \"".$templates->get("modcp_nav_reportcenter")."\";"); 209 } 210 211 if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1) 212 { 213 eval("\$nav_modlogs = \"".$templates->get("modcp_nav_modlogs")."\";"); 214 } 215 216 if($mybb->usergroup['caneditprofiles'] == 1) 217 { 218 eval("\$nav_editprofile = \"".$templates->get("modcp_nav_editprofile")."\";"); 219 } 220 221 if($mybb->usergroup['canbanusers'] == 1) 222 { 223 eval("\$nav_banning = \"".$templates->get("modcp_nav_banning")."\";"); 224 } 225 226 if($mybb->usergroup['canviewwarnlogs'] == 1) 227 { 228 eval("\$nav_warninglogs = \"".$templates->get("modcp_nav_warninglogs")."\";"); 229 } 230 231 if($mybb->usergroup['canuseipsearch'] == 1) 232 { 233 eval("\$nav_ipsearch = \"".$templates->get("modcp_nav_ipsearch")."\";"); 234 } 235 236 $plugins->run_hooks("modcp_nav"); 237 238 if(!empty($nav_announcements) || !empty($nav_modqueue) || !empty($nav_reportcenter) || !empty($nav_modlogs)) 239 { 240 $expaltext = (in_array("modcpforums", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 241 eval("\$modcp_nav_forums_posts = \"".$templates->get("modcp_nav_forums_posts")."\";"); 242 } 243 244 if(!empty($nav_editprofile) || !empty($nav_banning) || !empty($nav_warninglogs) || !empty($nav_ipsearch)) 245 { 246 $expaltext = (in_array("modcpusers", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 247 eval("\$modcp_nav_users = \"".$templates->get("modcp_nav_users")."\";"); 248 } 249 250 eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";"); 251 252 $plugins->run_hooks("modcp_start"); 253 254 // Make navigation 255 add_breadcrumb($lang->nav_modcp, "modcp.php"); 256 257 $mybb->input['action'] = $mybb->get_input('action'); 258 if($mybb->input['action'] == "do_reports") 259 { 260 // Verify incoming POST request 261 verify_post_check($mybb->get_input('my_post_key')); 262 263 $mybb->input['reports'] = $mybb->get_input('reports', MyBB::INPUT_ARRAY); 264 if(empty($mybb->input['reports']) && empty($mybb->cookies['inlinereports'])) 265 { 266 error($lang->error_noselected_reports); 267 } 268 269 $message = $lang->redirect_reportsmarked; 270 271 if(isset($mybb->cookies['inlinereports'])) 272 { 273 if($mybb->cookies['inlinereports'] == '|ALL|') { 274 $message = $lang->redirect_allreportsmarked; 275 $sql = "1=1"; 276 if(isset($mybb->cookies['inlinereports_removed'])) 277 { 278 $inlinereportremovedlist = explode("|", $mybb->cookies['inlinereports_removed']); 279 $reports = array_map("intval", $inlinereportremovedlist); 280 $rids = implode("','", $reports); 281 $sql = "rid NOT IN ('0','{$rids}')"; 282 } 283 } 284 else 285 { 286 $inlinereportlist = explode("|", $mybb->cookies['inlinereports']); 287 $reports = array_map("intval", $inlinereportlist); 288 289 if(!count($reports)) 290 { 291 error($lang->error_noselected_reports); 292 } 293 294 $rids = implode("','", $reports); 295 296 $sql = "rid IN ('0','{$rids}')"; 297 } 298 } 299 else 300 { 301 $mybb->input['reports'] = array_map("intval", $mybb->input['reports']); 302 $rids = implode("','", $mybb->input['reports']); 303 304 $sql = "rid IN ('0','{$rids}')"; 305 } 306 307 $plugins->run_hooks("modcp_do_reports"); 308 309 $db->update_query("reportedcontent", array('reportstatus' => 1), "{$sql}{$flist_reports}"); 310 $cache->update_reportedcontent(); 311 312 my_unsetcookie('inlinereports'); 313 my_unsetcookie('inlinereports_removed'); 314 315 $page = $mybb->get_input('page', MyBB::INPUT_INT); 316 317 redirect("modcp.php?action=reports&page={$page}", $message); 318 } 319 320 if($mybb->input['action'] == "reports") 321 { 322 if($mybb->usergroup['canmanagereportedcontent'] == 0) 323 { 324 error_no_permission(); 325 } 326 327 if($numreportedposts == 0 && $mybb->usergroup['issupermod'] != 1) 328 { 329 error($lang->you_cannot_view_reported_posts); 330 } 331 332 $lang->load('report'); 333 add_breadcrumb($lang->mcp_nav_report_center, "modcp.php?action=reports"); 334 335 $perpage = $mybb->settings['threadsperpage']; 336 if(!$perpage) 337 { 338 $perpage = 20; 339 } 340 341 // Multipage 342 if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod']) 343 { 344 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "reportstatus ='0'"); 345 $report_count = $db->fetch_field($query, "count"); 346 } 347 else 348 { 349 $query = $db->simple_select('reportedcontent', 'id3', "reportstatus='0' AND (type = 'post' OR type = '')"); 350 351 $report_count = 0; 352 while($fid = $db->fetch_field($query, 'id3')) 353 { 354 if(is_moderator($fid, "canmanagereportedposts")) 355 { 356 ++$report_count; 357 } 358 } 359 unset($fid); 360 } 361 362 $page = $mybb->get_input('page', MyBB::INPUT_INT); 363 364 $postcount = (int)$report_count; 365 $pages = $postcount / $perpage; 366 $pages = ceil($pages); 367 368 if($page > $pages || $page <= 0) 369 { 370 $page = 1; 371 } 372 373 if($page && $page > 0) 374 { 375 $start = ($page-1) * $perpage; 376 } 377 else 378 { 379 $start = 0; 380 $page = 1; 381 } 382 383 $multipage = $reportspages = ''; 384 if($postcount > $perpage) 385 { 386 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports"); 387 eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 388 } 389 390 $plugins->run_hooks("modcp_reports_start"); 391 392 // Reports 393 $reports = $selectall = ''; 394 $inlinecount = 0; 395 396 $query = $db->query(" 397 SELECT r.*, u.username, rr.title 398 FROM ".TABLE_PREFIX."reportedcontent r 399 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid = u.uid) 400 LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid) 401 WHERE r.reportstatus = '0'{$tflist_reports} 402 ORDER BY r.reports DESC 403 LIMIT {$start}, {$perpage} 404 "); 405 406 if(!$db->num_rows($query)) 407 { 408 // No unread reports 409 eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";"); 410 } 411 else 412 { 413 $reportedcontent = $cache->read("reportedcontent"); 414 $reportcache = $usercache = $postcache = array(); 415 416 while($report = $db->fetch_array($query)) 417 { 418 if($report['type'] == 'profile' || $report['type'] == 'reputation') 419 { 420 // Profile UID is in ID 421 if(!isset($usercache[$report['id']])) 422 { 423 $usercache[$report['id']] = $report['id']; 424 } 425 426 // Reputation comment? The offender is the ID2 427 if($report['type'] == 'reputation') 428 { 429 if(!isset($usercache[$report['id2']])) 430 { 431 $usercache[$report['id2']] = $report['id2']; 432 } 433 if(!isset($usercache[$report['id3']])) 434 { 435 // The user who was offended 436 $usercache[$report['id3']] = $report['id3']; 437 } 438 } 439 } 440 else if(!$report['type'] || $report['type'] == 'post') 441 { 442 // This (should) be a post 443 $postcache[$report['id']] = $report['id']; 444 } 445 446 // Lastpost info - is it missing (pre-1.8)? 447 $lastposter = $report['uid']; 448 if(!$report['lastreport']) 449 { 450 // Last reporter is our first reporter 451 $report['lastreport'] = $report['dateline']; 452 } 453 454 if($report['reporters']) 455 { 456 $reporters = my_unserialize($report['reporters']); 457 458 if(is_array($reporters)) 459 { 460 $lastposter = end($reporters); 461 } 462 } 463 464 if(!isset($usercache[$lastposter])) 465 { 466 $usercache[$lastposter] = $lastposter; 467 } 468 469 $report['lastreporter'] = $lastposter; 470 $reportcache[] = $report; 471 } 472 473 // Report Center gets messy 474 // Find information about our users (because we don't log it when they file a report) 475 if(!empty($usercache)) 476 { 477 $sql = implode(',', array_keys($usercache)); 478 $query = $db->simple_select("users", "uid, username", "uid IN ({$sql})"); 479 480 while($user = $db->fetch_array($query)) 481 { 482 $usercache[$user['uid']] = $user; 483 } 484 } 485 486 // Messy * 2 487 // Find out post information for our reported posts 488 if(!empty($postcache)) 489 { 490 $sql = implode(',', array_keys($postcache)); 491 $query = $db->query(" 492 SELECT p.pid, p.uid, p.username, p.tid, t.subject 493 FROM ".TABLE_PREFIX."posts p 494 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid = t.tid) 495 WHERE p.pid IN ({$sql}) 496 "); 497 498 while($post = $db->fetch_array($query)) 499 { 500 $postcache[$post['pid']] = $post; 501 } 502 } 503 504 $lang->page_selected = $lang->sprintf($lang->page_selected, count($reportcache)); 505 $lang->select_all = $lang->sprintf($lang->select_all, (int)$report_count); 506 $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$report_count); 507 eval("\$selectall = \"".$templates->get("modcp_reports_selectall")."\";"); 508 509 $plugins->run_hooks('modcp_reports_intermediate'); 510 511 // Now that we have all of the information needed, display the reports 512 foreach($reportcache as $report) 513 { 514 $trow = alt_trow(); 515 516 if(!$report['type']) 517 { 518 // Assume a post 519 $report['type'] = 'post'; 520 } 521 522 // Report Information 523 $report_data = array(); 524 525 switch($report['type']) 526 { 527 case 'post': 528 $post = get_post_link($report['id'])."#pid{$report['id']}"; 529 $user = build_profile_link(htmlspecialchars_uni($postcache[$report['id']]['username']), $postcache[$report['id']]['uid']); 530 $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user); 531 532 $thread_link = get_thread_link($postcache[$report['id']]['tid']); 533 $thread_subject = htmlspecialchars_uni($parser->parse_badwords($postcache[$report['id']]['subject'])); 534 $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject); 535 536 break; 537 case 'profile': 538 $user = build_profile_link(htmlspecialchars_uni($usercache[$report['id']]['username']), $usercache[$report['id']]['uid']); 539 $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user); 540 break; 541 case 'reputation': 542 $reputation_link = "reputation.php?uid={$usercache[$report['id3']]['uid']}#rid{$report['id']}"; 543 $bad_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id2']]['username']), $usercache[$report['id2']]['uid']); 544 $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $bad_user); 545 546 $good_user = build_profile_link(htmlspecialchars_uni($usercache[$report['id3']]['username']), $usercache[$report['id3']]['uid']); 547 $report_data['content'] .= $lang->sprintf($lang->report_info_rep_profile, $good_user); 548 break; 549 } 550 551 // Report reason and comment 552 if($report['reasonid'] > 0) 553 { 554 $reason = htmlspecialchars_uni($lang->parse($report['title'])); 555 556 if(empty($report['reason'])) 557 { 558 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";"); 559 } 560 else 561 { 562 $comment = htmlspecialchars_uni($report['reason']); 563 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";"); 564 } 565 } 566 else 567 { 568 $report_data['comment'] = $lang->na; 569 } 570 571 $report_reports = 1; 572 if($report['reports']) 573 { 574 $report_data['reports'] = my_number_format($report['reports']); 575 } 576 577 if($report['lastreporter']) 578 { 579 if(is_array($usercache[$report['lastreporter']])) 580 { 581 $lastreport_user = build_profile_link(htmlspecialchars_uni($usercache[$report['lastreporter']]['username']), $report['lastreporter']); 582 } 583 elseif($usercache[$report['lastreporter']] > 0) 584 { 585 $lastreport_user = htmlspecialchars_uni($lang->na_deleted); 586 } 587 588 $lastreport_date = my_date('relative', $report['lastreport']); 589 $report_data['lastreporter'] = $lang->sprintf($lang->report_info_lastreporter, $lastreport_date, $lastreport_user); 590 } 591 592 $inlinecheck = ''; 593 if(isset($mybb->cookies['inlinereports']) && my_strpos($mybb->cookies['inlinereports'], "|{$report['rid']}|") !== false) 594 { 595 $inlinecheck = " checked=\"checked\""; 596 ++$inlinecount; 597 } 598 599 $plugins->run_hooks("modcp_reports_report"); 600 eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";"); 601 } 602 } 603 604 $plugins->run_hooks("modcp_reports_end"); 605 606 eval("\$reportedcontent = \"".$templates->get("modcp_reports")."\";"); 607 output_page($reportedcontent); 608 } 609 610 if($mybb->input['action'] == "allreports") 611 { 612 if($mybb->usergroup['canmanagereportedcontent'] == 0) 613 { 614 error_no_permission(); 615 } 616 617 $lang->load('report'); 618 619 add_breadcrumb($lang->report_center, "modcp.php?action=reports"); 620 add_breadcrumb($lang->all_reports, "modcp.php?action=allreports"); 621 622 if(!$mybb->settings['threadsperpage']) 623 { 624 $mybb->settings['threadsperpage'] = 20; 625 } 626 627 // Figure out if we need to display multiple pages. 628 $perpage = $mybb->settings['threadsperpage']; 629 if($mybb->get_input('page') != "last") 630 { 631 $page = $mybb->get_input('page', MyBB::INPUT_INT); 632 } 633 634 if($mybb->usergroup['cancp'] || $mybb->usergroup['issupermod']) 635 { 636 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count"); 637 $report_count = $db->fetch_field($query, "count"); 638 } 639 else 640 { 641 $query = $db->simple_select('reportedcontent', 'id3', "type = 'post' OR type = ''"); 642 643 $report_count = 0; 644 while($fid = $db->fetch_field($query, 'id3')) 645 { 646 if(is_moderator($fid, "canmanagereportedposts")) 647 { 648 ++$report_count; 649 } 650 } 651 unset($fid); 652 } 653 654 if(isset($mybb->input['rid'])) 655 { 656 $mybb->input['rid'] = $mybb->get_input('rid', MyBB::INPUT_INT); 657 $query = $db->simple_select("reportedcontent", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'"); 658 $result = $db->fetch_field($query, "count"); 659 if(($result % $perpage) == 0) 660 { 661 $page = $result / $perpage; 662 } 663 else 664 { 665 $page = (int)$result / $perpage + 1; 666 } 667 } 668 $postcount = (int)$report_count; 669 $pages = $postcount / $perpage; 670 $pages = ceil($pages); 671 672 if($mybb->get_input('page') == "last") 673 { 674 $page = $pages; 675 } 676 677 if($page > $pages || $page <= 0) 678 { 679 $page = 1; 680 } 681 682 if($page) 683 { 684 $start = ($page-1) * $perpage; 685 } 686 else 687 { 688 $start = 0; 689 $page = 1; 690 } 691 $upper = $start+$perpage; 692 693 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports"); 694 $allreportspages = ''; 695 if($postcount > $perpage) 696 { 697 eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";"); 698 } 699 700 $plugins->run_hooks("modcp_allreports_start"); 701 702 $query = $db->query(" 703 SELECT r.*, u.username, p.username AS postusername, up.uid AS postuid, t.subject AS threadsubject, prrep.username AS repusername, pr.username AS profileusername, rr.title 704 FROM ".TABLE_PREFIX."reportedcontent r 705 LEFT JOIN ".TABLE_PREFIX."posts p ON (r.id=p.pid) 706 LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid) 707 LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid) 708 LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid) 709 LEFT JOIN ".TABLE_PREFIX."users pr ON (pr.uid=r.id) 710 LEFT JOIN ".TABLE_PREFIX."users prrep ON (prrep.uid=r.id2) 711 LEFT JOIN ".TABLE_PREFIX."reportreasons rr ON (r.reasonid = rr.rid) 712 {$wflist_reports} 713 ORDER BY r.dateline DESC 714 LIMIT {$start}, {$perpage} 715 "); 716 717 $allreports = ''; 718 if(!$db->num_rows($query)) 719 { 720 eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";"); 721 } 722 else 723 { 724 while($report = $db->fetch_array($query)) 725 { 726 $trow = alt_trow(); 727 728 if($report['type'] == 'post') 729 { 730 $post = get_post_link($report['id'])."#pid{$report['id']}"; 731 $user = build_profile_link(htmlspecialchars_uni($report['postusername']), $report['postuid']); 732 $report_data['content'] = $lang->sprintf($lang->report_info_post, $post, $user); 733 734 $thread_link = get_thread_link($report['id2']); 735 $thread_subject = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject'])); 736 $report_data['content'] .= $lang->sprintf($lang->report_info_post_thread, $thread_link, $thread_subject); 737 } 738 else if($report['type'] == 'profile') 739 { 740 $user = build_profile_link(htmlspecialchars_uni($report['profileusername']), $report['id']); 741 $report_data['content'] = $lang->sprintf($lang->report_info_profile, $user); 742 } 743 else if($report['type'] == 'reputation') 744 { 745 $user = build_profile_link(htmlspecialchars_uni($report['repusername']), $report['id2']); 746 $reputation_link = "reputation.php?uid={$report['id3']}#rid{$report['id']}"; 747 $report_data['content'] = $lang->sprintf($lang->report_info_reputation, $reputation_link, $user); 748 } 749 750 // Report reason and comment 751 if($report['reasonid'] > 0) 752 { 753 $reason = htmlspecialchars_uni($lang->parse($report['title'])); 754 755 if(empty($report['reason'])) 756 { 757 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment")."\";"); 758 } 759 else 760 { 761 $comment = htmlspecialchars_uni($report['reason']); 762 eval("\$report_data['comment'] = \"".$templates->get("modcp_reports_report_comment_extra")."\";"); 763 } 764 } 765 else 766 { 767 $report_data['comment'] = $lang->na; 768 } 769 770 $report['reporterlink'] = get_profile_link($report['uid']); 771 if(!$report['username']) 772 { 773 $report['username'] = $lang->na_deleted; 774 $report['reporterlink'] = $post; 775 } 776 $report['username'] = htmlspecialchars_uni($report['username']); 777 778 $report_data['reports'] = my_number_format($report['reports']); 779 $report_data['time'] = my_date('relative', $report['dateline']); 780 781 $plugins->run_hooks("modcp_allreports_report"); 782 eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";"); 783 } 784 } 785 786 $plugins->run_hooks("modcp_allreports_end"); 787 788 eval("\$allreportedcontent = \"".$templates->get("modcp_reports_allreports")."\";"); 789 output_page($allreportedcontent); 790 } 791 792 if($mybb->input['action'] == "modlogs") 793 { 794 if($mybb->usergroup['canviewmodlogs'] == 0) 795 { 796 error_no_permission(); 797 } 798 799 if($nummodlogs == 0 && $mybb->usergroup['issupermod'] != 1) 800 { 801 error($lang->you_cannot_view_mod_logs); 802 } 803 804 add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs"); 805 806 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 807 if(!$perpage || $perpage <= 0) 808 { 809 $perpage = $mybb->settings['threadsperpage']; 810 } 811 812 $where = ''; 813 814 // Searching for entries by a particular user 815 if($mybb->get_input('uid', MyBB::INPUT_INT)) 816 { 817 $where .= " AND l.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"; 818 } 819 820 // Searching for entries in a specific forum 821 if($mybb->get_input('fid', MyBB::INPUT_INT)) 822 { 823 $where .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'"; 824 } 825 826 $mybb->input['sortby'] = $mybb->get_input('sortby'); 827 828 // Order? 829 switch($mybb->input['sortby']) 830 { 831 case "username": 832 $sortby = "u.username"; 833 break; 834 case "forum": 835 $sortby = "f.name"; 836 break; 837 case "thread": 838 $sortby = "t.subject"; 839 break; 840 default: 841 $sortby = "l.dateline"; 842 } 843 $order = $mybb->get_input('order'); 844 if($order != "asc") 845 { 846 $order = "desc"; 847 } 848 849 $plugins->run_hooks("modcp_modlogs_start"); 850 851 $query = $db->query(" 852 SELECT COUNT(l.dateline) AS count 853 FROM ".TABLE_PREFIX."moderatorlog l 854 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 855 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 856 WHERE 1=1 {$where}{$tflist_modlog} 857 "); 858 $rescount = $db->fetch_field($query, "count"); 859 860 // Figure out if we need to display multiple pages. 861 if($mybb->get_input('page') != "last") 862 { 863 $page = $mybb->get_input('page', MyBB::INPUT_INT); 864 } 865 866 $postcount = (int)$rescount; 867 $pages = $postcount / $perpage; 868 $pages = ceil($pages); 869 870 if($mybb->get_input('page') == "last") 871 { 872 $page = $pages; 873 } 874 875 if($page > $pages || $page <= 0) 876 { 877 $page = 1; 878 } 879 880 if($page) 881 { 882 $start = ($page-1) * $perpage; 883 } 884 else 885 { 886 $start = 0; 887 $page = 1; 888 } 889 890 $page_url = 'modcp.php?action=modlogs&perpage='.$perpage; 891 foreach(array('uid', 'fid') as $field) 892 { 893 $mybb->input[$field] = $mybb->get_input($field, MyBB::INPUT_INT); 894 if(!empty($mybb->input[$field])) 895 { 896 $page_url .= "&{$field}=".$mybb->input[$field]; 897 } 898 } 899 foreach(array('sortby', 'order') as $field) 900 { 901 $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 902 if(!empty($mybb->input[$field])) 903 { 904 $page_url .= "&{$field}=".$mybb->input[$field]; 905 } 906 } 907 908 $multipage = multipage($postcount, $perpage, $page, $page_url); 909 $resultspages = ''; 910 if($postcount > $perpage) 911 { 912 eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";"); 913 } 914 $query = $db->query(" 915 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 916 FROM ".TABLE_PREFIX."moderatorlog l 917 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 918 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 919 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 920 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 921 WHERE 1=1 {$where}{$tflist_modlog} 922 ORDER BY {$sortby} {$order} 923 LIMIT {$start}, {$perpage} 924 "); 925 $results = ''; 926 while($logitem = $db->fetch_array($query)) 927 { 928 $information = ''; 929 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 930 $log_date = my_date('relative', $logitem['dateline']); 931 $trow = alt_trow(); 932 if($logitem['username']) 933 { 934 $logitem['username'] = htmlspecialchars_uni($logitem['username']); 935 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 936 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 937 } 938 else 939 { 940 $username = $logitem['profilelink'] = $logitem['username'] = htmlspecialchars_uni($lang->na_deleted); 941 } 942 $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress'])); 943 944 if($logitem['tsubject']) 945 { 946 $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject'])); 947 $logitem['thread'] = get_thread_link($logitem['tid']); 948 eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";"); 949 } 950 if($logitem['fname']) 951 { 952 $logitem['forum'] = get_forum_link($logitem['fid']); 953 eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";"); 954 } 955 if($logitem['psubject']) 956 { 957 $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject'])); 958 $logitem['post'] = get_post_link($logitem['pid']); 959 eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";"); 960 } 961 962 // Edited a user or managed announcement? 963 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 964 { 965 $data = my_unserialize($logitem['data']); 966 if(!empty($data['uid'])) 967 { 968 $data['username'] = htmlspecialchars_uni($data['username']); 969 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 970 } 971 if(!empty($data['aid'])) 972 { 973 $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject'])); 974 $data['announcement'] = get_announcement_link($data['aid']); 975 eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";"); 976 } 977 } 978 979 $plugins->run_hooks("modcp_modlogs_result"); 980 981 eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";"); 982 } 983 984 if(!$results) 985 { 986 eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";"); 987 } 988 989 $plugins->run_hooks("modcp_modlogs_filter"); 990 991 // Fetch filter options 992 $sortbysel = array('username' => '', 'forum' => '', 'thread' => '', 'dateline' => ''); 993 $sortbysel[$mybb->input['sortby']] = "selected=\"selected\""; 994 $ordersel = array('asc' => '', 'desc' => ''); 995 $ordersel[$order] = "selected=\"selected\""; 996 $user_options = ''; 997 $query = $db->query(" 998 SELECT DISTINCT l.uid, u.username 999 FROM ".TABLE_PREFIX."moderatorlog l 1000 LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid) 1001 ORDER BY u.username ASC 1002 "); 1003 while($user = $db->fetch_array($query)) 1004 { 1005 // Deleted Users 1006 if(!$user['username']) 1007 { 1008 $user['username'] = $lang->na_deleted; 1009 } 1010 1011 $selected = ''; 1012 if($mybb->get_input('uid', MyBB::INPUT_INT) == $user['uid']) 1013 { 1014 $selected = " selected=\"selected\""; 1015 } 1016 1017 $user['username'] = htmlspecialchars_uni($user['username']); 1018 eval("\$user_options .= \"".$templates->get("modcp_modlogs_user")."\";"); 1019 } 1020 1021 $forum_select = build_forum_jump("", $mybb->get_input('fid', MyBB::INPUT_INT), 1, '', 0, true, '', "fid"); 1022 1023 eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";"); 1024 output_page($modlogs); 1025 } 1026 1027 if($mybb->input['action'] == "do_delete_announcement") 1028 { 1029 verify_post_check($mybb->get_input('my_post_key')); 1030 1031 if($mybb->usergroup['canmanageannounce'] == 0) 1032 { 1033 error_no_permission(); 1034 } 1035 1036 $aid = $mybb->get_input('aid'); 1037 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 1038 $announcement = $db->fetch_array($query); 1039 1040 if(!$announcement) 1041 { 1042 error($lang->error_invalid_announcement); 1043 } 1044 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1045 { 1046 error_no_permission(); 1047 } 1048 1049 $plugins->run_hooks("modcp_do_delete_announcement"); 1050 1051 $db->delete_query("announcements", "aid='{$aid}'"); 1052 log_moderator_action(array("aid" => $announcement['aid'], "subject" => $announcement['subject']), $lang->announcement_deleted); 1053 $cache->update_forumsdisplay(); 1054 1055 redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement); 1056 } 1057 1058 if($mybb->input['action'] == "delete_announcement") 1059 { 1060 if($mybb->usergroup['canmanageannounce'] == 0) 1061 { 1062 error_no_permission(); 1063 } 1064 1065 $aid = $mybb->get_input('aid'); 1066 $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'"); 1067 1068 $announcement = $db->fetch_array($query); 1069 $announcement['subject'] = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); 1070 1071 if(!$announcement) 1072 { 1073 error($lang->error_invalid_announcement); 1074 } 1075 1076 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1077 { 1078 error_no_permission(); 1079 } 1080 1081 $plugins->run_hooks("modcp_delete_announcement"); 1082 1083 eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";"); 1084 output_page($announcements); 1085 } 1086 1087 if($mybb->input['action'] == "do_new_announcement") 1088 { 1089 verify_post_check($mybb->get_input('my_post_key')); 1090 1091 if($mybb->usergroup['canmanageannounce'] == 0) 1092 { 1093 error_no_permission(); 1094 } 1095 1096 $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT); 1097 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums))) 1098 { 1099 error_no_permission(); 1100 } 1101 1102 $errors = array(); 1103 1104 $mybb->input['title'] = $mybb->get_input('title'); 1105 if(!trim($mybb->input['title'])) 1106 { 1107 $errors[] = $lang->error_missing_title; 1108 } 1109 1110 $mybb->input['message'] = $mybb->get_input('message'); 1111 if(!trim($mybb->input['message'])) 1112 { 1113 $errors[] = $lang->error_missing_message; 1114 } 1115 1116 if(!$announcement_fid) 1117 { 1118 $errors[] = $lang->error_missing_forum; 1119 } 1120 1121 $mybb->input['starttime_time'] = $mybb->get_input('starttime_time'); 1122 $mybb->input['endtime_time'] = $mybb->get_input('endtime_time'); 1123 $startdate = @explode(" ", $mybb->input['starttime_time']); 1124 $startdate = @explode(":", $startdate[0]); 1125 $enddate = @explode(" ", $mybb->input['endtime_time']); 1126 $enddate = @explode(":", $enddate[0]); 1127 1128 if(stristr($mybb->input['starttime_time'], "pm")) 1129 { 1130 $startdate[0] = 12+$startdate[0]; 1131 if($startdate[0] >= 24) 1132 { 1133 $startdate[0] = "00"; 1134 } 1135 } 1136 1137 if(stristr($mybb->input['endtime_time'], "pm")) 1138 { 1139 $enddate[0] = 12+$enddate[0]; 1140 if($enddate[0] >= 24) 1141 { 1142 $enddate[0] = "00"; 1143 } 1144 } 1145 1146 $mybb->input['starttime_month'] = $mybb->get_input('starttime_month'); 1147 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1148 if(!in_array($mybb->input['starttime_month'], $months)) 1149 { 1150 $mybb->input['starttime_month'] = '01'; 1151 } 1152 1153 $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1154 1155 $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1156 if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false) 1157 { 1158 $errors[] = $lang->error_invalid_start_date; 1159 } 1160 1161 if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) 1162 { 1163 $enddate = '0'; 1164 $mybb->input['endtime_month'] = '01'; 1165 } 1166 else 1167 { 1168 $mybb->input['endtime_month'] = $mybb->get_input('endtime_month'); 1169 if(!in_array($mybb->input['endtime_month'], $months)) 1170 { 1171 $mybb->input['endtime_month'] = '01'; 1172 } 1173 $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1174 if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false) 1175 { 1176 $errors[] = $lang->error_invalid_end_date; 1177 } 1178 1179 if($enddate <= $startdate) 1180 { 1181 $errors[] = $lang->error_end_before_start; 1182 } 1183 } 1184 1185 if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1) 1186 { 1187 $allowhtml = 1; 1188 } 1189 else 1190 { 1191 $allowhtml = 0; 1192 } 1193 if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1) 1194 { 1195 $allowmycode = 1; 1196 } 1197 else 1198 { 1199 $allowmycode = 0; 1200 } 1201 if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1) 1202 { 1203 $allowsmilies = 1; 1204 } 1205 else 1206 { 1207 $allowsmilies = 0; 1208 } 1209 1210 $plugins->run_hooks("modcp_do_new_announcement_start"); 1211 1212 if(!$errors) 1213 { 1214 if(isset($mybb->input['preview'])) 1215 { 1216 $preview = array(); 1217 $mybb->input['action'] = 'new_announcement'; 1218 } 1219 else 1220 { 1221 $insert_announcement = array( 1222 'fid' => $announcement_fid, 1223 'uid' => $mybb->user['uid'], 1224 'subject' => $db->escape_string($mybb->input['title']), 1225 'message' => $db->escape_string($mybb->input['message']), 1226 'startdate' => $startdate, 1227 'enddate' => $enddate, 1228 'allowhtml' => $allowhtml, 1229 'allowmycode' => $allowmycode, 1230 'allowsmilies' => $allowsmilies 1231 ); 1232 $aid = $db->insert_query("announcements", $insert_announcement); 1233 1234 log_moderator_action(array("aid" => $aid, "subject" => $mybb->input['title']), $lang->announcement_added); 1235 1236 $plugins->run_hooks("modcp_do_new_announcement_end"); 1237 1238 $cache->update_forumsdisplay(); 1239 redirect("modcp.php?action=announcements", $lang->redirect_add_announcement); 1240 } 1241 } 1242 else 1243 { 1244 $mybb->input['action'] = 'new_announcement'; 1245 } 1246 } 1247 1248 if($mybb->input['action'] == "new_announcement") 1249 { 1250 if($mybb->usergroup['canmanageannounce'] == 0) 1251 { 1252 error_no_permission(); 1253 } 1254 1255 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1256 add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements"); 1257 1258 $announcement_fid = $mybb->get_input('fid', MyBB::INPUT_INT); 1259 1260 if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid, "canmanageannouncements")) || ($unviewableforums && in_array($announcement_fid, $unviewableforums))) 1261 { 1262 error_no_permission(); 1263 } 1264 1265 // Deal with inline errors 1266 if(!empty($errors) || isset($preview)) 1267 { 1268 if(!empty($errors)) 1269 { 1270 $errors = inline_error($errors); 1271 } 1272 else 1273 { 1274 $errors = ''; 1275 } 1276 1277 // Set $announcement to input stuff 1278 $announcement['subject'] = $mybb->input['title']; 1279 $announcement['message'] = $mybb->input['message']; 1280 $announcement['allowhtml'] = $allowhtml; 1281 $announcement['allowmycode'] = $allowmycode; 1282 $announcement['allowsmilies'] = $allowsmilies; 1283 1284 $startmonth = $mybb->input['starttime_month']; 1285 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1286 $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT); 1287 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1288 $endmonth = $mybb->input['endtime_month']; 1289 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1290 $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT); 1291 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1292 } 1293 else 1294 { 1295 $localized_time = TIME_NOW + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1296 1297 $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time); 1298 $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time); 1299 $startday = $endday = gmdate("j", $localized_time); 1300 $startmonth = $endmonth = gmdate("m", $localized_time); 1301 $startdateyear = gmdate("Y", $localized_time); 1302 1303 $announcement = array( 1304 'subject' => '', 1305 'message' => '', 1306 'allowhtml' => 0, 1307 'allowmycode' => 1, 1308 'allowsmilies' => 1 1309 ); 1310 1311 $enddateyear = $startdateyear+1; 1312 } 1313 1314 // Generate form elements 1315 $startdateday = $enddateday = ''; 1316 for($day = 1; $day <= 31; ++$day) 1317 { 1318 if($startday == $day) 1319 { 1320 $selected = " selected=\"selected\""; 1321 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1322 } 1323 else 1324 { 1325 $selected = ''; 1326 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1327 } 1328 1329 if($endday == $day) 1330 { 1331 $selected = " selected=\"selected\""; 1332 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1333 } 1334 else 1335 { 1336 $selected = ''; 1337 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1338 } 1339 } 1340 1341 $startmonthsel = $endmonthsel = array(); 1342 foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month) 1343 { 1344 $startmonthsel[$month] = ''; 1345 $endmonthsel[$month] = ''; 1346 } 1347 $startmonthsel[$startmonth] = "selected=\"selected\""; 1348 $endmonthsel[$endmonth] = "selected=\"selected\""; 1349 1350 $startdatemonth = $enddatemonth = ''; 1351 1352 eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";"); 1353 eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";"); 1354 1355 $title = htmlspecialchars_uni($announcement['subject']); 1356 $message = htmlspecialchars_uni($announcement['message']); 1357 1358 $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => ''); 1359 1360 if($mybb->settings['announcementshtml']) 1361 { 1362 if($announcement['allowhtml']) 1363 { 1364 $html_sel['yes'] = ' checked="checked"'; 1365 } 1366 else 1367 { 1368 $html_sel['no'] = ' checked="checked"'; 1369 } 1370 1371 eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";"); 1372 } 1373 else 1374 { 1375 $allow_html = ''; 1376 } 1377 1378 if($announcement['allowmycode']) 1379 { 1380 $mycode_sel['yes'] = ' checked="checked"'; 1381 } 1382 else 1383 { 1384 $mycode_sel['no'] = ' checked="checked"'; 1385 } 1386 1387 if($announcement['allowsmilies']) 1388 { 1389 $smilies_sel['yes'] = ' checked="checked"'; 1390 } 1391 else 1392 { 1393 $smilies_sel['no'] = ' checked="checked"'; 1394 } 1395 1396 $end_type_sel = array('infinite' => '', 'finite' => ''); 1397 if(!isset($mybb->input['endtime_type']) || $mybb->input['endtime_type'] == 2) 1398 { 1399 $end_type_sel['infinite'] = ' checked="checked"'; 1400 } 1401 else 1402 { 1403 $end_type_sel['finite'] = ' checked="checked"'; 1404 } 1405 1406 // MyCode editor 1407 $codebuttons = build_mycode_inserter(); 1408 $smilieinserter = build_clickable_smilies(); 1409 1410 if(isset($preview)) 1411 { 1412 $announcementarray = array( 1413 'aid' => 0, 1414 'fid' => $announcement_fid, 1415 'uid' => $mybb->user['uid'], 1416 'subject' => $mybb->input['title'], 1417 'message' => $mybb->input['message'], 1418 'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT), 1419 'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT), 1420 'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT), 1421 'dateline' => TIME_NOW, 1422 'userusername' => $mybb->user['username'], 1423 ); 1424 1425 $array = $mybb->user; 1426 foreach($array as $key => $element) 1427 { 1428 $announcementarray[$key] = $element; 1429 } 1430 1431 // Gather usergroup data from the cache 1432 // Field => Array Key 1433 $data_key = array( 1434 'title' => 'grouptitle', 1435 'usertitle' => 'groupusertitle', 1436 'stars' => 'groupstars', 1437 'starimage' => 'groupstarimage', 1438 'image' => 'groupimage', 1439 'namestyle' => 'namestyle', 1440 'usereputationsystem' => 'usereputationsystem' 1441 ); 1442 1443 foreach($data_key as $field => $key) 1444 { 1445 $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; 1446 } 1447 1448 require_once MYBB_ROOT."inc/functions_post.php"; 1449 $postbit = build_postbit($announcementarray, 3); 1450 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1451 } 1452 else 1453 { 1454 $preview = ''; 1455 } 1456 1457 $plugins->run_hooks("modcp_new_announcement"); 1458 1459 eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";"); 1460 output_page($announcements); 1461 } 1462 1463 if($mybb->input['action'] == "do_edit_announcement") 1464 { 1465 verify_post_check($mybb->get_input('my_post_key')); 1466 1467 if($mybb->usergroup['canmanageannounce'] == 0) 1468 { 1469 error_no_permission(); 1470 } 1471 1472 // Get the announcement 1473 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 1474 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 1475 $announcement = $db->fetch_array($query); 1476 1477 // Check that it exists 1478 if(!$announcement) 1479 { 1480 error($lang->error_invalid_announcement); 1481 } 1482 1483 // Mod has permissions to edit this announcement 1484 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1485 { 1486 error_no_permission(); 1487 } 1488 1489 $errors = array(); 1490 1491 // Basic error checking 1492 $mybb->input['title'] = $mybb->get_input('title'); 1493 if(!trim($mybb->input['title'])) 1494 { 1495 $errors[] = $lang->error_missing_title; 1496 } 1497 1498 $mybb->input['message'] = $mybb->get_input('message'); 1499 if(!trim($mybb->input['message'])) 1500 { 1501 $errors[] = $lang->error_missing_message; 1502 } 1503 1504 $mybb->input['starttime_time'] = $mybb->get_input('starttime_time'); 1505 $mybb->input['endtime_time'] = $mybb->get_input('endtime_time'); 1506 $startdate = @explode(" ", $mybb->input['starttime_time']); 1507 $startdate = @explode(":", $startdate[0]); 1508 $enddate = @explode(" ", $mybb->input['endtime_time']); 1509 $enddate = @explode(":", $enddate[0]); 1510 1511 if(stristr($mybb->input['starttime_time'], "pm")) 1512 { 1513 $startdate[0] = 12+$startdate[0]; 1514 if($startdate[0] >= 24) 1515 { 1516 $startdate[0] = "00"; 1517 } 1518 } 1519 1520 if(stristr($mybb->input['endtime_time'], "pm")) 1521 { 1522 $enddate[0] = 12+$enddate[0]; 1523 if($enddate[0] >= 24) 1524 { 1525 $enddate[0] = "00"; 1526 } 1527 } 1528 1529 $mybb->input['starttime_month'] = $mybb->get_input('starttime_month'); 1530 $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'); 1531 if(!in_array($mybb->input['starttime_month'], $months)) 1532 { 1533 $mybb->input['starttime_month'] = '01'; 1534 } 1535 1536 $localized_time_offset = (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1537 1538 $startdate = gmmktime((int)$startdate[0], (int)$startdate[1], 0, $mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1539 if(!checkdate($mybb->get_input('starttime_month', MyBB::INPUT_INT), $mybb->get_input('starttime_day', MyBB::INPUT_INT), $mybb->get_input('starttime_year', MyBB::INPUT_INT)) || $startdate < 0 || $startdate == false) 1540 { 1541 $errors[] = $lang->error_invalid_start_date; 1542 } 1543 1544 if($mybb->get_input('endtime_type', MyBB::INPUT_INT) == "2") 1545 { 1546 $enddate = '0'; 1547 $mybb->input['endtime_month'] = '01'; 1548 } 1549 else 1550 { 1551 $mybb->input['endtime_month'] = $mybb->get_input('endtime_month'); 1552 if(!in_array($mybb->input['endtime_month'], $months)) 1553 { 1554 $mybb->input['endtime_month'] = '01'; 1555 } 1556 $enddate = gmmktime((int)$enddate[0], (int)$enddate[1], 0, $mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) - $localized_time_offset; 1557 if(!checkdate($mybb->get_input('endtime_month', MyBB::INPUT_INT), $mybb->get_input('endtime_day', MyBB::INPUT_INT), $mybb->get_input('endtime_year', MyBB::INPUT_INT)) || $enddate < 0 || $enddate == false) 1558 { 1559 $errors[] = $lang->error_invalid_end_date; 1560 } 1561 elseif($enddate <= $startdate) 1562 { 1563 $errors[] = $lang->error_end_before_start; 1564 } 1565 } 1566 1567 if($mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT) == 1) 1568 { 1569 $allowhtml = 1; 1570 } 1571 else 1572 { 1573 $allowhtml = 0; 1574 } 1575 if($mybb->get_input('allowmycode', MyBB::INPUT_INT) == 1) 1576 { 1577 $allowmycode = 1; 1578 } 1579 else 1580 { 1581 $allowmycode = 0; 1582 } 1583 if($mybb->get_input('allowsmilies', MyBB::INPUT_INT) == 1) 1584 { 1585 $allowsmilies = 1; 1586 } 1587 else 1588 { 1589 $allowsmilies = 0; 1590 } 1591 1592 $plugins->run_hooks("modcp_do_edit_announcement_start"); 1593 1594 // Proceed to update if no errors 1595 if(!$errors) 1596 { 1597 if(isset($mybb->input['preview'])) 1598 { 1599 $preview = array(); 1600 $mybb->input['action'] = 'edit_announcement'; 1601 } 1602 else 1603 { 1604 $update_announcement = array( 1605 'uid' => $mybb->user['uid'], 1606 'subject' => $db->escape_string($mybb->input['title']), 1607 'message' => $db->escape_string($mybb->input['message']), 1608 'startdate' => $startdate, 1609 'enddate' => $enddate, 1610 'allowhtml' => $allowhtml, 1611 'allowmycode' => $allowmycode, 1612 'allowsmilies' => $allowsmilies 1613 ); 1614 $db->update_query("announcements", $update_announcement, "aid='{$aid}'"); 1615 1616 log_moderator_action(array("aid" => $announcement['aid'], "subject" => $mybb->input['title']), $lang->announcement_edited); 1617 1618 $plugins->run_hooks("modcp_do_edit_announcement_end"); 1619 1620 $cache->update_forumsdisplay(); 1621 redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement); 1622 } 1623 } 1624 else 1625 { 1626 $mybb->input['action'] = 'edit_announcement'; 1627 } 1628 } 1629 1630 if($mybb->input['action'] == "edit_announcement") 1631 { 1632 if($mybb->usergroup['canmanageannounce'] == 0) 1633 { 1634 error_no_permission(); 1635 } 1636 1637 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 1638 1639 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1640 add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&aid={$aid}"); 1641 1642 // Get announcement 1643 if(!isset($announcement) || $mybb->request_method != 'post') 1644 { 1645 $query = $db->simple_select("announcements", "*", "aid='{$aid}'"); 1646 $announcement = $db->fetch_array($query); 1647 } 1648 1649 if(!$announcement) 1650 { 1651 error($lang->error_invalid_announcement); 1652 } 1653 if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'], "canmanageannouncements")) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums))) 1654 { 1655 error_no_permission(); 1656 } 1657 1658 if(!$announcement['startdate']) 1659 { 1660 // No start date? Make it now. 1661 $announcement['startdate'] = TIME_NOW; 1662 } 1663 1664 $makeshift_end = false; 1665 if(!$announcement['enddate']) 1666 { 1667 $makeshift_end = true; 1668 $makeshift_time = TIME_NOW; 1669 if($announcement['startdate']) 1670 { 1671 $makeshift_time = $announcement['startdate']; 1672 } 1673 1674 // No end date? Make it a year from now. 1675 $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366); 1676 } 1677 1678 // Deal with inline errors 1679 if(!empty($errors) || isset($preview)) 1680 { 1681 if(!empty($errors)) 1682 { 1683 $errors = inline_error($errors); 1684 } 1685 else 1686 { 1687 $errors = ''; 1688 } 1689 1690 // Set $announcement to input stuff 1691 $announcement['subject'] = $mybb->input['title']; 1692 $announcement['message'] = $mybb->input['message']; 1693 $announcement['allowhtml'] = $allowhtml; 1694 $announcement['allowmycode'] = $allowmycode; 1695 $announcement['allowsmilies'] = $allowsmilies; 1696 1697 $startmonth = $mybb->input['starttime_month']; 1698 $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']); 1699 $startday = $mybb->get_input('starttime_day', MyBB::INPUT_INT); 1700 $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']); 1701 $endmonth = $mybb->input['endtime_month']; 1702 $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']); 1703 $endday = $mybb->get_input('endtime_day', MyBB::INPUT_INT); 1704 $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']); 1705 1706 $errored = true; 1707 } 1708 else 1709 { 1710 $localized_time_startdate = $announcement['startdate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1711 $localized_time_enddate = $announcement['enddate'] + (float)$mybb->user['timezone']*3600 + $mybb->user['dst']*3600; 1712 1713 $starttime_time = gmdate($mybb->settings['timeformat'], $localized_time_startdate); 1714 $endtime_time = gmdate($mybb->settings['timeformat'], $localized_time_enddate); 1715 1716 $startday = gmdate('j', $localized_time_startdate); 1717 $endday = gmdate('j', $localized_time_enddate); 1718 1719 $startmonth = gmdate('m', $localized_time_startdate); 1720 $endmonth = gmdate('m', $localized_time_enddate); 1721 1722 $startdateyear = gmdate('Y', $localized_time_startdate); 1723 $enddateyear = gmdate('Y', $localized_time_enddate); 1724 1725 $errored = false; 1726 } 1727 1728 // Generate form elements 1729 $startdateday = $enddateday = ''; 1730 for($day = 1; $day <= 31; ++$day) 1731 { 1732 if($startday == $day) 1733 { 1734 $selected = " selected=\"selected\""; 1735 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1736 } 1737 else 1738 { 1739 $selected = ''; 1740 eval("\$startdateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1741 } 1742 1743 if($endday == $day) 1744 { 1745 $selected = " selected=\"selected\""; 1746 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1747 } 1748 else 1749 { 1750 $selected = ''; 1751 eval("\$enddateday .= \"".$templates->get("modcp_announcements_day")."\";"); 1752 } 1753 } 1754 1755 $startmonthsel = $endmonthsel = array(); 1756 foreach(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12') as $month) 1757 { 1758 $startmonthsel[$month] = ''; 1759 $endmonthsel[$month] = ''; 1760 } 1761 $startmonthsel[$startmonth] = "selected=\"selected\""; 1762 $endmonthsel[$endmonth] = "selected=\"selected\""; 1763 1764 $startdatemonth = $enddatemonth = ''; 1765 1766 eval("\$startdatemonth .= \"".$templates->get("modcp_announcements_month_start")."\";"); 1767 eval("\$enddatemonth .= \"".$templates->get("modcp_announcements_month_end")."\";"); 1768 1769 $title = htmlspecialchars_uni($announcement['subject']); 1770 $message = htmlspecialchars_uni($announcement['message']); 1771 1772 $html_sel = $mycode_sel = $smilies_sel = array('yes' => '', 'no' => ''); 1773 1774 if($mybb->settings['announcementshtml']) 1775 { 1776 if($announcement['allowhtml']) 1777 { 1778 $html_sel['yes'] = ' checked="checked"'; 1779 } 1780 else 1781 { 1782 $html_sel['no'] = ' checked="checked"'; 1783 } 1784 1785 eval("\$allow_html = \"".$templates->get("modcp_announcements_allowhtml")."\";"); 1786 } 1787 else 1788 { 1789 $allow_html = ''; 1790 } 1791 1792 if($announcement['allowmycode']) 1793 { 1794 $mycode_sel['yes'] = ' checked="checked"'; 1795 } 1796 else 1797 { 1798 $mycode_sel['no'] = ' checked="checked"'; 1799 } 1800 1801 if($announcement['allowsmilies']) 1802 { 1803 $smilies_sel['yes'] = ' checked="checked"'; 1804 } 1805 else 1806 { 1807 $smilies_sel['no'] = ' checked="checked"'; 1808 } 1809 1810 $end_type_sel = array('infinite' => '', 'finite' => ''); 1811 if(($errored && $mybb->get_input('endtime_type', MyBB::INPUT_INT) == 2) || (!$errored && (int)$announcement['enddate'] == 0) || $makeshift_end == true) 1812 { 1813 $end_type_sel['infinite'] = ' checked="checked"'; 1814 } 1815 else 1816 { 1817 $end_type_sel['finite'] = ' checked="checked"'; 1818 } 1819 1820 // MyCode editor 1821 $codebuttons = build_mycode_inserter(); 1822 $smilieinserter = build_clickable_smilies(); 1823 1824 if(isset($preview)) 1825 { 1826 $announcementarray = array( 1827 'aid' => $announcement['aid'], 1828 'fid' => $announcement['fid'], 1829 'uid' => $mybb->user['uid'], 1830 'subject' => $mybb->input['title'], 1831 'message' => $mybb->input['message'], 1832 'allowhtml' => $mybb->settings['announcementshtml'] && $mybb->get_input('allowhtml', MyBB::INPUT_INT), 1833 'allowmycode' => $mybb->get_input('allowmycode', MyBB::INPUT_INT), 1834 'allowsmilies' => $mybb->get_input('allowsmilies', MyBB::INPUT_INT), 1835 'dateline' => TIME_NOW, 1836 'userusername' => $mybb->user['username'], 1837 ); 1838 1839 $array = $mybb->user; 1840 foreach($array as $key => $element) 1841 { 1842 $announcementarray[$key] = $element; 1843 } 1844 1845 // Gather usergroup data from the cache 1846 // Field => Array Key 1847 $data_key = array( 1848 'title' => 'grouptitle', 1849 'usertitle' => 'groupusertitle', 1850 'stars' => 'groupstars', 1851 'starimage' => 'groupstarimage', 1852 'image' => 'groupimage', 1853 'namestyle' => 'namestyle', 1854 'usereputationsystem' => 'usereputationsystem' 1855 ); 1856 1857 foreach($data_key as $field => $key) 1858 { 1859 $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; 1860 } 1861 1862 require_once MYBB_ROOT."inc/functions_post.php"; 1863 $postbit = build_postbit($announcementarray, 3); 1864 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1865 } 1866 else 1867 { 1868 $preview = ''; 1869 } 1870 1871 $plugins->run_hooks("modcp_edit_announcement"); 1872 1873 eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";"); 1874 output_page($announcements); 1875 } 1876 1877 if($mybb->input['action'] == "announcements") 1878 { 1879 if($mybb->usergroup['canmanageannounce'] == 0) 1880 { 1881 error_no_permission(); 1882 } 1883 1884 if($numannouncements == 0 && $mybb->usergroup['issupermod'] != 1) 1885 { 1886 error($lang->you_cannot_manage_announcements); 1887 } 1888 1889 add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements"); 1890 1891 // Fetch announcements into their proper arrays 1892 $query = $db->simple_select("announcements", "aid, fid, subject, enddate"); 1893 $announcements = $global_announcements = array(); 1894 while($announcement = $db->fetch_array($query)) 1895 { 1896 if($announcement['fid'] == -1) 1897 { 1898 $global_announcements[$announcement['aid']] = $announcement; 1899 continue; 1900 } 1901 $announcements[$announcement['fid']][$announcement['aid']] = $announcement; 1902 } 1903 1904 $announcements_global = ''; 1905 if($mybb->usergroup['issupermod'] == 1) 1906 { 1907 if($global_announcements && $mybb->usergroup['issupermod'] == 1) 1908 { 1909 // Get the global announcements 1910 foreach($global_announcements as $aid => $announcement) 1911 { 1912 $trow = alt_trow(); 1913 if((isset($announcement['startdate']) && $announcement['startdate'] > TIME_NOW) || (isset($announcement['enddate']) && $announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0)) 1914 { 1915 eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";"); 1916 } 1917 else 1918 { 1919 eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";"); 1920 } 1921 1922 $subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); 1923 1924 eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";"); 1925 } 1926 } 1927 else 1928 { 1929 // No global announcements 1930 eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";"); 1931 } 1932 eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";"); 1933 } 1934 1935 $announcements_forum = ''; 1936 fetch_forum_announcements(); 1937 1938 if(!$announcements_forum) 1939 { 1940 eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";"); 1941 } 1942 1943 $plugins->run_hooks("modcp_announcements"); 1944 1945 eval("\$announcements = \"".$templates->get("modcp_announcements")."\";"); 1946 output_page($announcements); 1947 } 1948 1949 if($mybb->input['action'] == "do_modqueue") 1950 { 1951 require_once MYBB_ROOT."inc/class_moderation.php"; 1952 $moderation = new Moderation; 1953 1954 // Verify incoming POST request 1955 verify_post_check($mybb->get_input('my_post_key')); 1956 1957 if($mybb->usergroup['canmanagemodqueue'] == 0) 1958 { 1959 error_no_permission(); 1960 } 1961 1962 $plugins->run_hooks("modcp_do_modqueue_start"); 1963 1964 $mybb->input['threads'] = $mybb->get_input('threads', MyBB::INPUT_ARRAY); 1965 $mybb->input['posts'] = $mybb->get_input('posts', MyBB::INPUT_ARRAY); 1966 $mybb->input['attachments'] = $mybb->get_input('attachments', MyBB::INPUT_ARRAY); 1967 if(!empty($mybb->input['threads'])) 1968 { 1969 $threads = array_map("intval", array_keys($mybb->input['threads'])); 1970 $threads_to_approve = $threads_to_delete = array(); 1971 // Fetch threads 1972 $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", $threads)."){$flist_queue_threads}"); 1973 while($thread = $db->fetch_array($query)) 1974 { 1975 if(!isset($mybb->input['threads'][$thread['tid']])) 1976 { 1977 continue; 1978 } 1979 $action = $mybb->input['threads'][$thread['tid']]; 1980 if($action == "approve") 1981 { 1982 $threads_to_approve[] = $thread['tid']; 1983 } 1984 else if($action == "delete") 1985 { 1986 $threads_to_delete[] = $thread['tid']; 1987 } 1988 } 1989 if(!empty($threads_to_approve)) 1990 { 1991 $moderation->approve_threads($threads_to_approve); 1992 log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads); 1993 } 1994 if(!empty($threads_to_delete)) 1995 { 1996 if($mybb->settings['soft_delete'] == 1) 1997 { 1998 $moderation->soft_delete_threads($threads_to_delete); 1999 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_soft_delete_threads); 2000 } 2001 else 2002 { 2003 foreach($threads_to_delete as $tid) 2004 { 2005 $moderation->delete_thread($tid); 2006 } 2007 log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads); 2008 } 2009 } 2010 2011 $plugins->run_hooks("modcp_do_modqueue_end"); 2012 2013 redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated); 2014 } 2015 else if(!empty($mybb->input['posts'])) 2016 { 2017 $posts = array_map("intval", array_keys($mybb->input['posts'])); 2018 // Fetch posts 2019 $posts_to_approve = $posts_to_delete = array(); 2020 $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", $posts)."){$flist_queue_posts}"); 2021 while($post = $db->fetch_array($query)) 2022 { 2023 if(!isset($mybb->input['posts'][$post['pid']])) 2024 { 2025 continue; 2026 } 2027 $action = $mybb->input['posts'][$post['pid']]; 2028 if($action == "approve") 2029 { 2030 $posts_to_approve[] = $post['pid']; 2031 } 2032 else if($action == "delete" && $mybb->settings['soft_delete'] != 1) 2033 { 2034 $moderation->delete_post($post['pid']); 2035 } 2036 else if($action == "delete") 2037 { 2038 $posts_to_delete[] = $post['pid']; 2039 } 2040 } 2041 if(!empty($posts_to_approve)) 2042 { 2043 $moderation->approve_posts($posts_to_approve); 2044 log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts); 2045 } 2046 if(!empty($posts_to_delete)) 2047 { 2048 if($mybb->settings['soft_delete'] == 1) 2049 { 2050 $moderation->soft_delete_posts($posts_to_delete); 2051 log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_soft_delete_posts); 2052 } 2053 else 2054 { 2055 log_moderator_action(array('pids' => $posts_to_delete), $lang->multi_delete_posts); 2056 } 2057 } 2058 2059 $plugins->run_hooks("modcp_do_modqueue_end"); 2060 2061 redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated); 2062 } 2063 else if(!empty($mybb->input['attachments'])) 2064 { 2065 $attachments = array_map("intval", array_keys($mybb->input['attachments'])); 2066 $query = $db->query(" 2067 SELECT a.pid, a.aid, t.tid 2068 FROM ".TABLE_PREFIX."attachments a 2069 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 2070 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2071 WHERE aid IN (".implode(",", $attachments)."){$tflist_queue_attach} 2072 "); 2073 while($attachment = $db->fetch_array($query)) 2074 { 2075 if(!isset($mybb->input['attachments'][$attachment['aid']])) 2076 { 2077 continue; 2078 } 2079 $action = $mybb->input['attachments'][$attachment['aid']]; 2080 if($action == "approve") 2081 { 2082 $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'"); 2083 if(isset($attachment['tid'])) 2084 { 2085 update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "+1")); 2086 } 2087 } 2088 else if($action == "delete") 2089 { 2090 remove_attachment($attachment['pid'], '', $attachment['aid']); 2091 if(isset($attachment['tid'])) 2092 { 2093 update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "-1")); 2094 } 2095 } 2096 } 2097 2098 $plugins->run_hooks("modcp_do_modqueue_end"); 2099 2100 redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated); 2101 } 2102 } 2103 2104 if($mybb->input['action'] == "modqueue") 2105 { 2106 $navsep = ''; 2107 2108 if($mybb->usergroup['canmanagemodqueue'] == 0) 2109 { 2110 error_no_permission(); 2111 } 2112 2113 if($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) 2114 { 2115 error($lang->you_cannot_use_mod_queue); 2116 } 2117 2118 $mybb->input['type'] = $mybb->get_input('type'); 2119 $threadqueue = $postqueue = $attachmentqueue = ''; 2120 if($mybb->input['type'] == "threads" || !$mybb->input['type'] && ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1)) 2121 { 2122 if($nummodqueuethreads == 0 && $mybb->usergroup['issupermod'] != 1) 2123 { 2124 error($lang->you_cannot_moderate_threads); 2125 } 2126 2127 $forum_cache = $cache->read("forums"); 2128 2129 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}"); 2130 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 2131 2132 // Figure out if we need to display multiple pages. 2133 if($mybb->get_input('page') != "last") 2134 { 2135 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2136 } 2137 2138 $perpage = $mybb->settings['threadsperpage']; 2139 $pages = $unapproved_threads / $perpage; 2140 $pages = ceil($pages); 2141 2142 if($mybb->get_input('page') == "last") 2143 { 2144 $page = $pages; 2145 } 2146 2147 if($page > $pages || $page <= 0) 2148 { 2149 $page = 1; 2150 } 2151 2152 if($page) 2153 { 2154 $start = ($page-1) * $perpage; 2155 } 2156 else 2157 { 2158 $start = 0; 2159 $page = 1; 2160 } 2161 2162 $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads"); 2163 2164 $query = $db->query(" 2165 SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid 2166 FROM ".TABLE_PREFIX."threads t 2167 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost) 2168 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid) 2169 WHERE t.visible='0' {$tflist_queue_threads} 2170 ORDER BY t.lastpost DESC 2171 LIMIT {$start}, {$perpage} 2172 "); 2173 $threads = ''; 2174 while($thread = $db->fetch_array($query)) 2175 { 2176 $altbg = alt_trow(); 2177 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 2178 $thread['threadlink'] = get_thread_link($thread['tid']); 2179 $forum_link = get_forum_link($thread['fid']); 2180 $forum_name = $forum_cache[$thread['fid']]['name']; 2181 $threaddate = my_date('relative', $thread['dateline']); 2182 2183 if($thread['username'] == "") 2184 { 2185 if($thread['threadusername'] != "") 2186 { 2187 $thread['threadusername'] = htmlspecialchars_uni($thread['threadusername']); 2188 $profile_link = $thread['threadusername']; 2189 } 2190 else 2191 { 2192 $profile_link = $lang->guest; 2193 } 2194 } 2195 else 2196 { 2197 $thread['username'] = htmlspecialchars_uni($thread['username']); 2198 $profile_link = build_profile_link($thread['username'], $thread['uid']); 2199 } 2200 2201 $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage'])); 2202 eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";"); 2203 eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";"); 2204 } 2205 2206 if(!$threads && $mybb->input['type'] == "threads") 2207 { 2208 eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";"); 2209 } 2210 2211 if($threads) 2212 { 2213 add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&type=threads"); 2214 2215 $plugins->run_hooks("modcp_modqueue_threads_end"); 2216 2217 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 2218 { 2219 $navsep = " | "; 2220 eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";"); 2221 } 2222 2223 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 2224 { 2225 $navsep = " | "; 2226 eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";"); 2227 } 2228 2229 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2230 eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";"); 2231 output_page($threadqueue); 2232 } 2233 $type = 'threads'; 2234 } 2235 2236 if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue && ($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1))) 2237 { 2238 if($nummodqueueposts == 0 && $mybb->usergroup['issupermod'] != 1) 2239 { 2240 error($lang->you_cannot_moderate_posts); 2241 } 2242 2243 $forum_cache = $cache->read("forums"); 2244 2245 $query = $db->query(" 2246 SELECT COUNT(pid) AS unapprovedposts 2247 FROM ".TABLE_PREFIX."posts p 2248 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2249 WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid 2250 "); 2251 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 2252 2253 // Figure out if we need to display multiple pages. 2254 if($mybb->get_input('page') != "last") 2255 { 2256 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2257 } 2258 2259 $perpage = $mybb->settings['postsperpage']; 2260 $pages = $unapproved_posts / $perpage; 2261 $pages = ceil($pages); 2262 2263 if($mybb->get_input('page') == "last") 2264 { 2265 $page = $pages; 2266 } 2267 2268 if($page > $pages || $page <= 0) 2269 { 2270 $page = 1; 2271 } 2272 2273 if($page) 2274 { 2275 $start = ($page-1) * $perpage; 2276 } 2277 else 2278 { 2279 $start = 0; 2280 $page = 1; 2281 } 2282 2283 $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&type=posts"); 2284 2285 $query = $db->query(" 2286 SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline 2287 FROM ".TABLE_PREFIX."posts p 2288 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2289 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 2290 WHERE p.visible='0' {$tflist_queue_posts} AND t.firstpost != p.pid 2291 ORDER BY p.dateline DESC, p.pid DESC 2292 LIMIT {$start}, {$perpage} 2293 "); 2294 $posts = ''; 2295 while($post = $db->fetch_array($query)) 2296 { 2297 $altbg = alt_trow(); 2298 $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject'])); 2299 $post['subject'] = htmlspecialchars_uni($parser->parse_badwords($post['subject'])); 2300 $post['threadlink'] = get_thread_link($post['tid']); 2301 $post['postlink'] = get_post_link($post['pid'], $post['tid']); 2302 $forum_link = get_forum_link($post['fid']); 2303 $forum_name = $forum_cache[$post['fid']]['name']; 2304 $postdate = my_date('relative', $post['dateline']); 2305 2306 if($post['username'] == "") 2307 { 2308 if($post['postusername'] != "") 2309 { 2310 $post['postusername'] = htmlspecialchars_uni($post['postusername']); 2311 $profile_link = $post['postusername']; 2312 } 2313 else 2314 { 2315 $profile_link = $lang->guest; 2316 } 2317 } 2318 else 2319 { 2320 $post['username'] = htmlspecialchars_uni($post['username']); 2321 $profile_link = build_profile_link($post['username'], $post['uid']); 2322 } 2323 2324 eval("\$thread = \"".$templates->get("modcp_modqueue_link_thread")."\";"); 2325 eval("\$forum = \"".$templates->get("modcp_modqueue_link_forum")."\";"); 2326 $post['message'] = nl2br(htmlspecialchars_uni($post['message'])); 2327 eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";"); 2328 } 2329 2330 if(!$posts && $mybb->input['type'] == "posts") 2331 { 2332 eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";"); 2333 } 2334 2335 if($posts) 2336 { 2337 add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&type=posts"); 2338 2339 $plugins->run_hooks("modcp_modqueue_posts_end"); 2340 2341 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 2342 { 2343 $navsep = " | "; 2344 eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";"); 2345 } 2346 2347 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 2348 { 2349 $navsep = " | "; 2350 eval("\$attachment_link = \"".$templates->get("modcp_modqueue_attachment_link")."\";"); 2351 } 2352 2353 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2354 eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";"); 2355 output_page($postqueue); 2356 } 2357 } 2358 2359 if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue && $mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1))) 2360 { 2361 if($mybb->settings['enableattachments'] == 0) 2362 { 2363 error($lang->attachments_disabled); 2364 } 2365 2366 if($nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) 2367 { 2368 error($lang->you_cannot_moderate_attachments); 2369 } 2370 2371 $query = $db->query(" 2372 SELECT COUNT(aid) AS unapprovedattachments 2373 FROM ".TABLE_PREFIX."attachments a 2374 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 2375 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2376 WHERE a.visible='0'{$tflist_queue_attach} 2377 "); 2378 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 2379 2380 // Figure out if we need to display multiple pages. 2381 if($mybb->get_input('page') != "last") 2382 { 2383 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2384 } 2385 2386 $perpage = $mybb->settings['postsperpage']; 2387 $pages = $unapproved_attachments / $perpage; 2388 $pages = ceil($pages); 2389 2390 if($mybb->get_input('page') == "last") 2391 { 2392 $page = $pages; 2393 } 2394 2395 if($page > $pages || $page <= 0) 2396 { 2397 $page = 1; 2398 } 2399 2400 if($page) 2401 { 2402 $start = ($page-1) * $perpage; 2403 } 2404 else 2405 { 2406 $start = 0; 2407 $page = 1; 2408 } 2409 2410 $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&type=attachments"); 2411 2412 $query = $db->query(" 2413 SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject 2414 FROM ".TABLE_PREFIX."attachments a 2415 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 2416 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 2417 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 2418 WHERE a.visible='0'{$tflist_queue_attach} 2419 ORDER BY a.dateuploaded DESC 2420 LIMIT {$start}, {$perpage} 2421 "); 2422 $attachments = ''; 2423 while($attachment = $db->fetch_array($query)) 2424 { 2425 $altbg = alt_trow(); 2426 2427 if(!$attachment['dateuploaded']) 2428 { 2429 $attachment['dateuploaded'] = $attachment['dateline']; 2430 } 2431 2432 $attachdate = my_date('relative', $attachment['dateuploaded']); 2433 2434 $attachment['postsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['postsubject'])); 2435 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 2436 $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject'])); 2437 $attachment['filesize'] = get_friendly_size($attachment['filesize']); 2438 2439 $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}"; 2440 $thread_link = get_thread_link($attachment['tid']); 2441 $attachment['username'] = htmlspecialchars_uni($attachment['username']); 2442 $profile_link = build_profile_link($attachment['username'], $attachment['uid']); 2443 2444 eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";"); 2445 } 2446 2447 if(!$attachments && $mybb->input['type'] == "attachments") 2448 { 2449 eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";"); 2450 } 2451 2452 if($attachments) 2453 { 2454 add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&type=attachments"); 2455 2456 $plugins->run_hooks("modcp_modqueue_attachments_end"); 2457 2458 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 2459 { 2460 eval("\$thread_link = \"".$templates->get("modcp_modqueue_thread_link")."\";"); 2461 $navsep = " | "; 2462 } 2463 2464 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 2465 { 2466 eval("\$post_link = \"".$templates->get("modcp_modqueue_post_link")."\";"); 2467 $navsep = " | "; 2468 } 2469 2470 eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";"); 2471 eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";"); 2472 output_page($attachmentqueue); 2473 } 2474 } 2475 2476 // Still nothing? All queues are empty! :-D 2477 if(!$threadqueue && !$postqueue && !$attachmentqueue) 2478 { 2479 add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue"); 2480 2481 $plugins->run_hooks("modcp_modqueue_end"); 2482 2483 eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";"); 2484 output_page($queue); 2485 } 2486 } 2487 2488 if($mybb->input['action'] == "do_editprofile") 2489 { 2490 // Verify incoming POST request 2491 verify_post_check($mybb->get_input('my_post_key')); 2492 2493 if($mybb->usergroup['caneditprofiles'] == 0) 2494 { 2495 error_no_permission(); 2496 } 2497 2498 $user = get_user($mybb->input['uid']); 2499 if(!$user) 2500 { 2501 error($lang->error_nomember); 2502 } 2503 2504 // Check if the current user has permission to edit this user 2505 if(!modcp_can_manage_user($user['uid'])) 2506 { 2507 error_no_permission(); 2508 } 2509 2510 $plugins->run_hooks("modcp_do_editprofile_start"); 2511 2512 if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0) 2513 { 2514 $awaydate = TIME_NOW; 2515 if(!empty($mybb->input['awayday'])) 2516 { 2517 // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year 2518 if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT)) 2519 { 2520 $mybb->input['awaymonth'] = my_date('n', $awaydate); 2521 } 2522 if(!$mybb->get_input('awayyear', MyBB::INPUT_INT)) 2523 { 2524 $mybb->input['awayyear'] = my_date('Y', $awaydate); 2525 } 2526 2527 $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2); 2528 $return_day = (int)substr($mybb->get_input('awayday'), 0, 2); 2529 $return_year = min((int)$mybb->get_input('awayyear'), 9999); 2530 2531 // Check if return date is after the away date. 2532 $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year); 2533 $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate)); 2534 if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate))) 2535 { 2536 error($lang->error_modcp_return_date_past); 2537 } 2538 2539 $returndate = "{$return_day}-{$return_month}-{$return_year}"; 2540 } 2541 else 2542 { 2543 $returndate = ""; 2544 } 2545 $away = array( 2546 "away" => 1, 2547 "date" => $awaydate, 2548 "returndate" => $returndate, 2549 "awayreason" => $mybb->get_input('awayreason') 2550 ); 2551 } 2552 else 2553 { 2554 $away = array( 2555 "away" => 0, 2556 "date" => '', 2557 "returndate" => '', 2558 "awayreason" => '' 2559 ); 2560 } 2561 2562 // Set up user handler. 2563 require_once MYBB_ROOT."inc/datahandlers/user.php"; 2564 $userhandler = new UserDataHandler('update'); 2565 2566 // Set the data for the new user. 2567 $updated_user = array( 2568 "uid" => $user['uid'], 2569 "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY), 2570 "profile_fields_editable" => true, 2571 "website" => $mybb->get_input('website'), 2572 "skype" => $mybb->get_input('skype'), 2573 "google" => $mybb->get_input('google'), 2574 "signature" => $mybb->get_input('signature'), 2575 "usernotes" => $mybb->get_input('usernotes'), 2576 "away" => $away 2577 ); 2578 2579 $updated_user['birthday'] = array( 2580 "day" => $mybb->get_input('birthday_day', MyBB::INPUT_INT), 2581 "month" => $mybb->get_input('birthday_month', MyBB::INPUT_INT), 2582 "year" => $mybb->get_input('birthday_year', MyBB::INPUT_INT) 2583 ); 2584 2585 if(!empty($mybb->input['usertitle'])) 2586 { 2587 $updated_user['usertitle'] = $mybb->get_input('usertitle'); 2588 } 2589 else if(!empty($mybb->input['reverttitle'])) 2590 { 2591 $updated_user['usertitle'] = ''; 2592 } 2593 2594 if(!empty($mybb->input['remove_avatar'])) 2595 { 2596 $updated_user['avatarurl'] = ''; 2597 } 2598 2599 // Set the data of the user in the datahandler. 2600 $userhandler->set_data($updated_user); 2601 $errors = array(); 2602 2603 // Validate the user and get any errors that might have occurred. 2604 if(!$userhandler->validate_user()) 2605 { 2606 $errors = $userhandler->get_friendly_errors(); 2607 $mybb->input['action'] = "editprofile"; 2608 } 2609 else 2610 { 2611 // Are we removing an avatar from this user? 2612 if(!empty($mybb->input['remove_avatar'])) 2613 { 2614 $extra_user_updates = array( 2615 "avatar" => "", 2616 "avatardimensions" => "", 2617 "avatartype" => "" 2618 ); 2619 remove_avatars($user['uid']); 2620 } 2621 2622 // Moderator "Options" (suspend signature, suspend/moderate posting) 2623 $moderator_options = array( 2624 1 => array( 2625 "action" => "suspendsignature", // The moderator action we're performing 2626 "period" => "action_period", // The time period we've selected from the dropdown box 2627 "time" => "action_time", // The time we've entered 2628 "update_field" => "suspendsignature", // The field in the database to update if true 2629 "update_length" => "suspendsigtime" // The length of suspension field in the database 2630 ), 2631 2 => array( 2632 "action" => "moderateposting", 2633 "period" => "modpost_period", 2634 "time" => "modpost_time", 2635 "update_field" => "moderateposts", 2636 "update_length" => "moderationtime" 2637 ), 2638 3 => array( 2639 "action" => "suspendposting", 2640 "period" => "suspost_period", 2641 "time" => "suspost_time", 2642 "update_field" => "suspendposting", 2643 "update_length" => "suspensiontime" 2644 ) 2645 ); 2646 2647 require_once MYBB_ROOT."inc/functions_warnings.php"; 2648 foreach($moderator_options as $option) 2649 { 2650 ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT); 2651 $mybb->input[$option['period']] = $mybb->get_input($option['period']); 2652 if(empty($mybb->input[$option['action']])) 2653 { 2654 if($user[$option['update_field']] == 1) 2655 { 2656 // We're revoking the suspension 2657 $extra_user_updates[$option['update_field']] = 0; 2658 $extra_user_updates[$option['update_length']] = 0; 2659 } 2660 2661 // Skip this option if we haven't selected it 2662 continue; 2663 } 2664 2665 else 2666 { 2667 if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1) 2668 { 2669 // User has selected a type of ban, but not entered a valid time frame 2670 $string = $option['action']."_error"; 2671 $errors[] = $lang->$string; 2672 } 2673 else 2674 { 2675 $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]); 2676 2677 if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never")) 2678 { 2679 // We already have a suspension, but entered a new time 2680 if($suspend_length == "-1") 2681 { 2682 // Permanent ban on action 2683 $extra_user_updates[$option['update_length']] = 0; 2684 } 2685 elseif($suspend_length && $suspend_length != "-1") 2686 { 2687 // Temporary ban on action 2688 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 2689 } 2690 } 2691 elseif(!$user[$option['update_field']]) 2692 { 2693 // New suspension for this user... bad user! 2694 $extra_user_updates[$option['update_field']] = 1; 2695 if($suspend_length == "-1") 2696 { 2697 $extra_user_updates[$option['update_length']] = 0; 2698 } 2699 else 2700 { 2701 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length; 2702 } 2703 } 2704 } 2705 } 2706 } 2707 2708 // Those with javascript turned off will be able to select both - cheeky! 2709 // Check to make sure we're not moderating AND suspending posting 2710 if(isset($extra_user_updates) && !empty($extra_user_updates['moderateposts']) && !empty($extra_user_updates['suspendposting'])) 2711 { 2712 $errors[] = $lang->suspendmoderate_error; 2713 } 2714 2715 if(is_array($errors) && !empty($errors)) 2716 { 2717 $mybb->input['action'] = "editprofile"; 2718 } 2719 else 2720 { 2721 $plugins->run_hooks("modcp_do_editprofile_update"); 2722 2723 // Continue with the update if there is no errors 2724 $user_info = $userhandler->update_user(); 2725 if(!empty($extra_user_updates)) 2726 { 2727 $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'"); 2728 } 2729 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user); 2730 2731 $plugins->run_hooks("modcp_do_editprofile_end"); 2732 2733 redirect("modcp.php?action=finduser", $lang->redirect_user_updated); 2734 } 2735 } 2736 } 2737 2738 if($mybb->input['action'] == "editprofile") 2739 { 2740 if($mybb->usergroup['caneditprofiles'] == 0) 2741 { 2742 error_no_permission(); 2743 } 2744 2745 add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile"); 2746 2747 $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); 2748 if(!$user) 2749 { 2750 error($lang->error_nomember); 2751 } 2752 2753 // Check if the current user has permission to edit this user 2754 if(!modcp_can_manage_user($user['uid'])) 2755 { 2756 error_no_permission(); 2757 } 2758 2759 $userperms = user_permissions($user['uid']); 2760 2761 // Set display group 2762 $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image"); 2763 2764 if(!$user['displaygroup']) 2765 { 2766 $user['displaygroup'] = $user['usergroup']; 2767 } 2768 2769 $display_group = usergroup_displaygroup($user['displaygroup']); 2770 if(is_array($display_group)) 2771 { 2772 $userperms = array_merge($userperms, $display_group); 2773 } 2774 2775 if(!my_validate_url($user['website'])) 2776 { 2777 $user['website'] = ''; 2778 } 2779 2780 if(!$errors) 2781 { 2782 $mybb->input = array_merge($user, $mybb->input); 2783 $birthday = explode('-', $user['birthday']); 2784 if(!isset($birthday[1])) 2785 { 2786 $birthday[1] = ''; 2787 } 2788 if(!isset($birthday[2])) 2789 { 2790 $birthday[2] = ''; 2791 } 2792 list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = $birthday; 2793 } 2794 else 2795 { 2796 $errors = inline_error($errors); 2797 } 2798 2799 // Sanitize all input 2800 foreach(array('usertitle', 'website', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field) 2801 { 2802 $mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 2803 } 2804 2805 // Custom user title 2806 if(!empty($userperms['usertitle'])) 2807 { 2808 $defaulttitle = htmlspecialchars_uni($userperms['usertitle']); 2809 } 2810 else 2811 { 2812 // Go for post count title if a group default isn't set 2813 $usertitles = $cache->read('usertitles'); 2814 2815 foreach($usertitles as $title) 2816 { 2817 if($title['posts'] <= $user['postnum']) 2818 { 2819 $defaulttitle = htmlspecialchars_uni($title['title']); 2820 break; 2821 } 2822 } 2823 } 2824 2825 $user['usertitle'] = htmlspecialchars_uni($user['usertitle']); 2826 2827 if(empty($user['usertitle'])) 2828 { 2829 $lang->current_custom_usertitle = ''; 2830 } 2831 2832 $bdaydaysel = $selected = ''; 2833 for($day = 1; $day <= 31; ++$day) 2834 { 2835 if($mybb->input['birthday_day'] == $day) 2836 { 2837 $selected = "selected=\"selected\""; 2838 } 2839 else 2840 { 2841 $selected = ''; 2842 } 2843 2844 eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";"); 2845 } 2846 2847 $bdaymonthsel = array(); 2848 foreach(range(1, 12) as $month) 2849 { 2850 $bdaymonthsel[$month] = ''; 2851 } 2852 $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"'; 2853 2854 $awaysection = ''; 2855 2856 if($mybb->settings['allowaway'] != 0) 2857 { 2858 $awaycheck = array('', ''); 2859 if($errors) 2860 { 2861 if($user['away'] == 1) 2862 { 2863 $awaycheck[1] = "checked=\"checked\""; 2864 } 2865 else 2866 { 2867 $awaycheck[0] = "checked=\"checked\""; 2868 } 2869 $returndate = array(); 2870 $returndate[0] = $mybb->get_input('awayday'); 2871 $returndate[1] = $mybb->get_input('awaymonth'); 2872 $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT); 2873 $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason')); 2874 } 2875 else 2876 { 2877 $user['awayreason'] = htmlspecialchars_uni($user['awayreason']); 2878 if($user['away'] == 1) 2879 { 2880 $awaydate = my_date($mybb->settings['dateformat'], $user['awaydate']); 2881 $awaycheck[1] = "checked=\"checked\""; 2882 $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate); 2883 } 2884 else 2885 { 2886 $awaynotice = $lang->away_notice; 2887 $awaycheck[0] = "checked=\"checked\""; 2888 } 2889 $returndate = explode("-", $user['returndate']); 2890 } 2891 $returndatesel = $selected = ''; 2892 for($day = 1; $day <= 31; ++$day) 2893 { 2894 if($returndate[0] == $day) 2895 { 2896 $selected = "selected=\"selected\""; 2897 } 2898 else 2899 { 2900 $selected = ''; 2901 } 2902 2903 eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";"); 2904 } 2905 2906 $returndatemonthsel = array(); 2907 foreach(range(1, 12) as $month) 2908 { 2909 $returndatemonthsel[$month] = ''; 2910 } 2911 if(isset($returndate[1])) 2912 { 2913 $returndatemonthsel[$returndate[1]] = " selected=\"selected\""; 2914 } 2915 2916 if(!isset($returndate[2])) 2917 { 2918 $returndate[2] = ''; 2919 } 2920 2921 eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";"); 2922 } 2923 2924 $plugins->run_hooks("modcp_editprofile_start"); 2925 2926 // Fetch profile fields 2927 $user_fields = array(); 2928 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 2929 if($db->num_rows($query) > 0) 2930 { 2931 $user_fields = $db->fetch_array($query); 2932 } 2933 2934 $requiredfields = ''; 2935 $customfields = ''; 2936 $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY); 2937 2938 $pfcache = $cache->read('profilefields'); 2939 2940 if(is_array($pfcache)) 2941 { 2942 foreach($pfcache as $profilefield) 2943 { 2944 $userfield = $code = $select = $val = $options = $expoptions = $useropts = ''; 2945 $seloptions = array(); 2946 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 2947 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 2948 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 2949 $thing = explode("\n", $profilefield['type'], "2"); 2950 $type = $thing[0]; 2951 if(isset($thing[1])) 2952 { 2953 $options = $thing[1]; 2954 } 2955 $field = "fid{$profilefield['fid']}"; 2956 if($errors) 2957 { 2958 if(isset($mybb->input['profile_fields'][$field])) 2959 { 2960 $userfield = $mybb->input['profile_fields'][$field]; 2961 } 2962 } 2963 elseif(isset($user_fields[$field])) 2964 { 2965 $userfield = $user_fields[$field]; 2966 } 2967 if($type == "multiselect") 2968 { 2969 if($errors) 2970 { 2971 $useropts = $userfield; 2972 } 2973 else 2974 { 2975 $useropts = explode("\n", $userfield); 2976 } 2977 if(is_array($useropts)) 2978 { 2979 foreach($useropts as $key => $val) 2980 { 2981 $seloptions[$val] = $val; 2982 } 2983 } 2984 $expoptions = explode("\n", $options); 2985 if(is_array($expoptions)) 2986 { 2987 foreach($expoptions as $key => $val) 2988 { 2989 $val = trim($val); 2990 $val = str_replace("\n", "\\n", $val); 2991 2992 $sel = ""; 2993 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 2994 { 2995 $sel = " selected=\"selected\""; 2996 } 2997 2998 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 2999 } 3000 if(!$profilefield['length']) 3001 { 3002 $profilefield['length'] = 3; 3003 } 3004 3005 eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";"); 3006 } 3007 } 3008 elseif($type == "select") 3009 { 3010 $expoptions = explode("\n", $options); 3011 if(is_array($expoptions)) 3012 { 3013 foreach($expoptions as $key => $val) 3014 { 3015 $val = trim($val); 3016 $val = str_replace("\n", "\\n", $val); 3017 $sel = ""; 3018 if($val == $userfield) 3019 { 3020 $sel = " selected=\"selected\""; 3021 } 3022 3023 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 3024 } 3025 if(!$profilefield['length']) 3026 { 3027 $profilefield['length'] = 1; 3028 } 3029 3030 eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";"); 3031 } 3032 } 3033 elseif($type == "radio") 3034 { 3035 $expoptions = explode("\n", $options); 3036 if(is_array($expoptions)) 3037 { 3038 foreach($expoptions as $key => $val) 3039 { 3040 $checked = ""; 3041 if($val == $userfield) 3042 { 3043 $checked = " checked=\"checked\""; 3044 } 3045 3046 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";"); 3047 } 3048 } 3049 } 3050 elseif($type == "checkbox") 3051 { 3052 if($errors) 3053 { 3054 $useropts = $userfield; 3055 } 3056 else 3057 { 3058 $useropts = explode("\n", $userfield); 3059 } 3060 if(is_array($useropts)) 3061 { 3062 foreach($useropts as $key => $val) 3063 { 3064 $seloptions[$val] = $val; 3065 } 3066 } 3067 $expoptions = explode("\n", $options); 3068 if(is_array($expoptions)) 3069 { 3070 foreach($expoptions as $key => $val) 3071 { 3072 $checked = ""; 3073 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 3074 { 3075 $checked = " checked=\"checked\""; 3076 } 3077 3078 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";"); 3079 } 3080 } 3081 } 3082 elseif($type == "textarea") 3083 { 3084 $value = htmlspecialchars_uni($userfield); 3085 eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";"); 3086 } 3087 else 3088 { 3089 $value = htmlspecialchars_uni($userfield); 3090 $maxlength = ""; 3091 if($profilefield['maxlength'] > 0) 3092 { 3093 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 3094 } 3095 3096 eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";"); 3097 } 3098 3099 if($profilefield['required'] == 1) 3100 { 3101 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 3102 } 3103 else 3104 { 3105 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 3106 } 3107 $altbg = alt_trow(); 3108 } 3109 } 3110 if($customfields) 3111 { 3112 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 3113 } 3114 3115 $user['username'] = htmlspecialchars_uni($user['username']); 3116 $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']); 3117 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3118 3119 $user['signature'] = htmlspecialchars_uni($user['signature']); 3120 $codebuttons = build_mycode_inserter("signature"); 3121 3122 // Do we mark the suspend signature box? 3123 if($user['suspendsignature'] || ($mybb->get_input('suspendsignature', MyBB::INPUT_INT) && !empty($errors))) 3124 { 3125 $checked = 1; 3126 $checked_item = "checked=\"checked\""; 3127 } 3128 else 3129 { 3130 $checked = 0; 3131 $checked_item = ''; 3132 } 3133 3134 // Do we mark the moderate posts box? 3135 if($user['moderateposts'] || ($mybb->get_input('moderateposting', MyBB::INPUT_INT) && !empty($errors))) 3136 { 3137 $modpost_check = 1; 3138 $modpost_checked = "checked=\"checked\""; 3139 } 3140 else 3141 { 3142 $modpost_check = 0; 3143 $modpost_checked = ''; 3144 } 3145 3146 // Do we mark the suspend posts box? 3147 if($user['suspendposting'] || ($mybb->get_input('suspendposting', MyBB::INPUT_INT) && !empty($errors))) 3148 { 3149 $suspost_check = 1; 3150 $suspost_checked = "checked=\"checked\""; 3151 } 3152 else 3153 { 3154 $suspost_check = 0; 3155 $suspost_checked = ''; 3156 } 3157 3158 $moderator_options = array( 3159 1 => array( 3160 "action" => "suspendsignature", // The input action for this option 3161 "option" => "suspendsignature", // The field in the database that this option relates to 3162 "time" => "action_time", // The time we've entered 3163 "length" => "suspendsigtime", // The length of suspension field in the database 3164 "select_option" => "action" // The name of the select box of this option 3165 ), 3166 2 => array( 3167 "action" => "moderateposting", 3168 "option" => "moderateposts", 3169 "time" => "modpost_time", 3170 "length" => "moderationtime", 3171 "select_option" => "modpost" 3172 ), 3173 3 => array( 3174 "action" => "suspendposting", 3175 "option" => "suspendposting", 3176 "time" => "suspost_time", 3177 "length" => "suspensiontime", 3178 "select_option" => "suspost" 3179 ) 3180 ); 3181 3182 $periods = array( 3183 "hours" => $lang->expire_hours, 3184 "days" => $lang->expire_days, 3185 "weeks" => $lang->expire_weeks, 3186 "months" => $lang->expire_months, 3187 "never" => $lang->expire_permanent 3188 ); 3189 3190 $suspendsignature_info = $moderateposts_info = $suspendposting_info = ''; 3191 $action_options = $modpost_options = $suspost_options = ''; 3192 $modopts = array(); 3193 foreach($moderator_options as $option) 3194 { 3195 ${$option['time']} = $mybb->get_input($option['time'], MyBB::INPUT_INT); 3196 // Display the suspension info, if this user has this option suspended 3197 if($user[$option['option']]) 3198 { 3199 if($user[$option['length']] == 0) 3200 { 3201 // User has a permanent ban 3202 $string = $option['option']."_perm"; 3203 $suspension_info = $lang->$string; 3204 } 3205 else 3206 { 3207 // User has a temporary (or limited) ban 3208 $string = $option['option']."_for"; 3209 $for_date = my_date('relative', $user[$option['length']], '', 2); 3210 $suspension_info = $lang->sprintf($lang->$string, $for_date); 3211 } 3212 3213 switch($option['option']) 3214 { 3215 case "suspendsignature": 3216 eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3217 break; 3218 case "moderateposts": 3219 eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3220 break; 3221 case "suspendposting": 3222 eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";"); 3223 break; 3224 } 3225 } 3226 3227 // Generate the boxes for this option 3228 $selection_options = ''; 3229 foreach($periods as $key => $value) 3230 { 3231 $string = $option['select_option']."_period"; 3232 if($mybb->get_input($string) == $key) 3233 { 3234 $selected = "selected=\"selected\""; 3235 } 3236 else 3237 { 3238 $selected = ''; 3239 } 3240 3241 eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";"); 3242 } 3243 3244 $select_name = $option['select_option']."_period"; 3245 switch($option['option']) 3246 { 3247 case "suspendsignature": 3248 eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3249 break; 3250 case "moderateposts": 3251 eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3252 break; 3253 case "suspendposting": 3254 eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";"); 3255 break; 3256 } 3257 } 3258 3259 eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";"); 3260 3261 $user['usernotes'] = htmlspecialchars_uni($user['usernotes']); 3262 3263 if(!isset($newtitle)) 3264 { 3265 $newtitle = ''; 3266 } 3267 3268 $birthday_year = $mybb->input['birthday_year']; 3269 $user_website = $mybb->input['website']; 3270 $user_skype = $mybb->input['skype']; 3271 $user_google = $mybb->input['google']; 3272 3273 $plugins->run_hooks("modcp_editprofile_end"); 3274 3275 eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";"); 3276 output_page($edituser); 3277 } 3278 3279 if($mybb->input['action'] == "finduser") 3280 { 3281 if($mybb->usergroup['caneditprofiles'] == 0) 3282 { 3283 error_no_permission(); 3284 } 3285 3286 add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser"); 3287 3288 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 3289 if(!$perpage || $perpage <= 0) 3290 { 3291 $perpage = $mybb->settings['threadsperpage']; 3292 } 3293 $where = ''; 3294 3295 if(isset($mybb->input['username'])) 3296 { 3297 switch($db->type) 3298 { 3299 case 'mysql': 3300 case 'mysqli': 3301 $field = 'username'; 3302 break; 3303 default: 3304 $field = 'LOWER(username)'; 3305 break; 3306 } 3307 $where = " AND {$field} LIKE '%".my_strtolower($db->escape_string_like($mybb->get_input('username')))."%'"; 3308 } 3309 3310 // Sort order & direction 3311 switch($mybb->get_input('sortby')) 3312 { 3313 case "lastvisit": 3314 $sortby = "lastvisit"; 3315 break; 3316 case "postnum": 3317 $sortby = "postnum"; 3318 break; 3319 case "username": 3320 $sortby = "username"; 3321 break; 3322 default: 3323 $sortby = "regdate"; 3324 } 3325 $sortbysel = array('lastvisit' => '', 'postnum' => '', 'username' => '', 'regdate' => ''); 3326 $sortbysel[$mybb->get_input('sortby')] = " selected=\"selected\""; 3327 $order = $mybb->get_input('order'); 3328 if($order != "asc") 3329 { 3330 $order = "desc"; 3331 } 3332 $ordersel = array('asc' => '', 'desc' => ''); 3333 $ordersel[$order] = " selected=\"selected\""; 3334 3335 $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}"); 3336 $user_count = $db->fetch_field($query, "count"); 3337 3338 // Figure out if we need to display multiple pages. 3339 if($mybb->get_input('page') != "last") 3340 { 3341 $page = $mybb->get_input('page'); 3342 } 3343 3344 $pages = $user_count / $perpage; 3345 $pages = ceil($pages); 3346 3347 if($mybb->get_input('page') == "last") 3348 { 3349 $page = $pages; 3350 } 3351 3352 if($page > $pages || $page <= 0) 3353 { 3354 $page = 1; 3355 } 3356 if($page) 3357 { 3358 $start = ($page-1) * $perpage; 3359 } 3360 else 3361 { 3362 $start = 0; 3363 $page = 1; 3364 } 3365 3366 $page_url = 'modcp.php?action=finduser'; 3367 foreach(array('username', 'sortby', 'order') as $field) 3368 { 3369 if(!empty($mybb->input[$field])) 3370 { 3371 $page_url .= "&{$field}=".$mybb->input[$field]; 3372 } 3373 } 3374 3375 $multipage = multipage($user_count, $perpage, $page, $page_url); 3376 3377 $usergroups_cache = $cache->read("usergroups"); 3378 3379 $plugins->run_hooks("modcp_finduser_start"); 3380 3381 // Fetch out results 3382 $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start)); 3383 $users = ''; 3384 while($user = $db->fetch_array($query)) 3385 { 3386 $alt_row = alt_trow(); 3387 $user['username'] = htmlspecialchars_uni($user['username']); 3388 $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 3389 $user['postnum'] = my_number_format($user['postnum']); 3390 $regdate = my_date('relative', $user['regdate']); 3391 3392 if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid']) 3393 { 3394 // We have had at least some active time, hide it instead 3395 $lastdate = $lang->lastvisit_hidden; 3396 } 3397 else if($user['lastvisit']) 3398 { 3399 $lastdate = my_date('relative', $user['lastvisit']); 3400 } 3401 else 3402 { 3403 $lastdate = $lang->lastvisit_never; 3404 } 3405 3406 $usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']); 3407 eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";"); 3408 } 3409 3410 // No results? 3411 if(!$users) 3412 { 3413 eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";"); 3414 } 3415 3416 $plugins->run_hooks("modcp_finduser_end"); 3417 3418 $username = htmlspecialchars_uni($mybb->get_input('username')); 3419 eval("\$finduser = \"".$templates->get("modcp_finduser")."\";"); 3420 output_page($finduser); 3421 } 3422 3423 if($mybb->input['action'] == "warninglogs") 3424 { 3425 if($mybb->usergroup['canviewwarnlogs'] == 0) 3426 { 3427 error_no_permission(); 3428 } 3429 3430 add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs"); 3431 3432 // Filter options 3433 $where_sql = ''; 3434 $mybb->input['filter'] = $mybb->get_input('filter', MyBB::INPUT_ARRAY); 3435 $mybb->input['search'] = $mybb->get_input('search', MyBB::INPUT_ARRAY); 3436 if(!empty($mybb->input['filter']['username'])) 3437 { 3438 $search_user = get_user_by_username($mybb->input['filter']['username']); 3439 3440 $mybb->input['filter']['uid'] = (int)$search_user['uid']; 3441 $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']); 3442 } 3443 else 3444 { 3445 $mybb->input['filter']['username'] = ''; 3446 } 3447 if(!empty($mybb->input['filter']['uid'])) 3448 { 3449 $search['uid'] = (int)$mybb->input['filter']['uid']; 3450 $where_sql .= " AND w.uid='{$search['uid']}'"; 3451 if(!isset($mybb->input['search']['username'])) 3452 { 3453 $user = get_user($mybb->input['search']['uid']); 3454 $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']); 3455 } 3456 } 3457 else 3458 { 3459 $mybb->input['filter']['uid'] = ''; 3460 } 3461 if(!empty($mybb->input['filter']['mod_username'])) 3462 { 3463 $mod_user = get_user_by_username($mybb->input['filter']['mod_username']); 3464 3465 $mybb->input['filter']['mod_uid'] = (int)$mod_user['uid']; 3466 $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']); 3467 } 3468 else 3469 { 3470 $mybb->input['filter']['mod_username'] = ''; 3471 } 3472 if(!empty($mybb->input['filter']['mod_uid'])) 3473 { 3474 $search['mod_uid'] = (int)$mybb->input['filter']['mod_uid']; 3475 $where_sql .= " AND w.issuedby='{$search['mod_uid']}'"; 3476 if(!isset($mybb->input['search']['mod_username'])) 3477 { 3478 $mod_user = get_user($mybb->input['search']['uid']); 3479 $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']); 3480 } 3481 } 3482 else 3483 { 3484 $mybb->input['filter']['mod_uid'] = ''; 3485 } 3486 if(!empty($mybb->input['filter']['reason'])) 3487 { 3488 $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']); 3489 $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')"; 3490 $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']); 3491 } 3492 else 3493 { 3494 $mybb->input['filter']['reason'] = ''; 3495 } 3496 $sortbysel = array('username' => '', 'expires' => '', 'issuedby' => '', 'dateline' => ''); 3497 if(!isset($mybb->input['filter']['sortby'])) 3498 { 3499 $mybb->input['filter']['sortby'] = ''; 3500 } 3501 switch($mybb->input['filter']['sortby']) 3502 { 3503 case "username": 3504 $sortby = "u.username"; 3505 $sortbysel['username'] = ' selected="selected"'; 3506 break; 3507 case "expires": 3508 $sortby = "w.expires"; 3509 $sortbysel['expires'] = ' selected="selected"'; 3510 break; 3511 case "issuedby": 3512 $sortby = "i.username"; 3513 $sortbysel['issuedby'] = ' selected="selected"'; 3514 break; 3515 default: // "dateline" 3516 $sortby = "w.dateline"; 3517 $sortbysel['dateline'] = ' selected="selected"'; 3518 } 3519 if(!isset($mybb->input['filter']['order'])) 3520 { 3521 $mybb->input['filter']['order'] = ''; 3522 } 3523 $order = $mybb->input['filter']['order']; 3524 $ordersel = array('asc' => '', 'desc' => ''); 3525 if($order != "asc") 3526 { 3527 $order = "desc"; 3528 $ordersel['desc'] = ' selected="selected"'; 3529 } 3530 else 3531 { 3532 $ordersel['asc'] = ' selected="selected"'; 3533 } 3534 3535 $plugins->run_hooks("modcp_warninglogs_start"); 3536 3537 // Pagination stuff 3538 $sql = " 3539 SELECT COUNT(wid) as count 3540 FROM 3541 ".TABLE_PREFIX."warnings w 3542 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 3543 WHERE 1=1 3544 {$where_sql} 3545 "; 3546 $query = $db->query($sql); 3547 $total_warnings = $db->fetch_field($query, 'count'); 3548 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3549 if($page <= 0) 3550 { 3551 $page = 1; 3552 } 3553 $per_page = 20; 3554 if(isset($mybb->input['filter']['per_page']) && (int)$mybb->input['filter']['per_page'] > 0) 3555 { 3556 $per_page = (int)$mybb->input['filter']['per_page']; 3557 } 3558 $start = ($page-1) * $per_page; 3559 $pages = ceil($total_warnings / $per_page); 3560 if($page > $pages) 3561 { 3562 $start = 0; 3563 $page = 1; 3564 } 3565 // Build the base URL for pagination links 3566 $url = 'modcp.php?action=warninglogs'; 3567 if(is_array($mybb->input['filter']) && count($mybb->input['filter'])) 3568 { 3569 foreach($mybb->input['filter'] as $field => $value) 3570 { 3571 $value = urlencode($value); 3572 $url .= "&filter[{$field}]={$value}"; 3573 } 3574 } 3575 $multipage = multipage($total_warnings, $per_page, $page, $url); 3576 3577 // The actual query 3578 $sql = " 3579 SELECT 3580 w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby, 3581 t.title, 3582 u.uid, u.username, u.usergroup, u.displaygroup, 3583 i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup 3584 FROM ".TABLE_PREFIX."warnings w 3585 LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid) 3586 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid) 3587 LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby) 3588 WHERE 1=1 3589 {$where_sql} 3590 ORDER BY {$sortby} {$order} 3591 LIMIT {$start}, {$per_page} 3592 "; 3593 $query = $db->query($sql); 3594 3595 3596 $warning_list = ''; 3597 while($row = $db->fetch_array($query)) 3598 { 3599 $trow = alt_trow(); 3600 $row['username'] = htmlspecialchars_uni($row['username']); 3601 $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']); 3602 $username_link = build_profile_link($username, $row['uid']); 3603 $row['mod_username'] = htmlspecialchars_uni($row['mod_username']); 3604 $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']); 3605 $mod_username_link = build_profile_link($mod_username, $row['mod_uid']); 3606 $issued_date = my_date('normal', $row['dateline']); 3607 $revoked_text = ''; 3608 if($row['daterevoked'] > 0) 3609 { 3610 $revoked_date = my_date('relative', $row['daterevoked']); 3611 eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";"); 3612 } 3613 if($row['expires'] > 0) 3614 { 3615 $expire_date = nice_time($row['expires']-TIME_NOW); 3616 } 3617 else 3618 { 3619 $expire_date = $lang->never; 3620 } 3621 $title = $row['title']; 3622 if(empty($row['title'])) 3623 { 3624 $title = $row['custom_title']; 3625 } 3626 $title = htmlspecialchars_uni($title); 3627 if($row['points'] >= 0) 3628 { 3629 $points = '+'.$row['points']; 3630 } 3631 3632 eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";"); 3633 } 3634 3635 if(!$warning_list) 3636 { 3637 eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";"); 3638 } 3639 3640 $plugins->run_hooks("modcp_warninglogs_end"); 3641 3642 $filter_username = $mybb->input['filter']['username']; 3643 $filter_modusername = $mybb->input['filter']['mod_username']; 3644 $filter_reason = $mybb->input['filter']['reason']; 3645 3646 eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";"); 3647 output_page($warninglogs); 3648 } 3649 3650 if($mybb->input['action'] == "ipsearch") 3651 { 3652 if($mybb->usergroup['canuseipsearch'] == 0) 3653 { 3654 error_no_permission(); 3655 } 3656 3657 add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch"); 3658 3659 $ipsearch_results = $ipaddressvalue = ''; 3660 $mybb->input['ipaddress'] = $mybb->get_input('ipaddress'); 3661 if($mybb->input['ipaddress']) 3662 { 3663 if(!is_array($groupscache)) 3664 { 3665 $groupscache = $cache->read("usergroups"); 3666 } 3667 3668 $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']); 3669 3670 $ip_range = fetch_ip_range($mybb->input['ipaddress']); 3671 3672 $post_results = $user_results = 0; 3673 3674 // Searching post IP addresses 3675 if(isset($mybb->input['search_posts'])) 3676 { 3677 $post_ip_sql = ''; 3678 if($ip_range) 3679 { 3680 if(!is_array($ip_range)) 3681 { 3682 $post_ip_sql = "p.ipaddress=".$db->escape_binary($ip_range); 3683 } 3684 else 3685 { 3686 $post_ip_sql = "p.ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]); 3687 } 3688 } 3689 3690 $plugins->run_hooks("modcp_ipsearch_posts_start"); 3691 3692 if($post_ip_sql) 3693 { 3694 $where_sql = ''; 3695 3696 $unviewable_forums = get_unviewable_forums(true); 3697 3698 if($unviewable_forums) 3699 { 3700 $where_sql .= " AND p.fid NOT IN ({$unviewable_forums})"; 3701 } 3702 3703 if($inactiveforums) 3704 { 3705 $where_sql .= " AND p.fid NOT IN ({$inactiveforums})"; 3706 } 3707 3708 // Check group permissions if we can't view threads not started by us 3709 $onlyusfids = array(); 3710 $group_permissions = forum_permissions(); 3711 foreach($group_permissions as $fid => $forumpermissions) 3712 { 3713 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1) 3714 { 3715 $onlyusfids[] = $fid; 3716 } 3717 } 3718 3719 if(!empty($onlyusfids)) 3720 { 3721 $where_sql .= " AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 3722 } 3723 3724 // Moderators can view unapproved/deleted posts 3725 if($mybb->usergroup['issupermod'] != 1) 3726 { 3727 $unapprove_forums = array(); 3728 $deleted_forums = array(); 3729 $visible_sql = " AND (p.visible = 1 AND t.visible = 1)"; 3730 $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')"); 3731 while($moderator = $db->fetch_array($query)) 3732 { 3733 if($moderator['canviewunapprove'] == 1) 3734 { 3735 $unapprove_forums[] = $moderator['fid']; 3736 } 3737 3738 if($moderator['canviewdeleted'] == 1) 3739 { 3740 $deleted_forums[] = $moderator['fid']; 3741 } 3742 } 3743 3744 if(!empty($unapprove_forums)) 3745 { 3746 $visible_sql .= " OR (p.visible = 0 AND p.fid IN(".implode(',', $unapprove_forums).")) OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))"; 3747 } 3748 if(!empty($deleted_forums)) 3749 { 3750 $visible_sql .= " OR (p.visible = -1 AND p.fid IN(".implode(',', $deleted_forums).")) OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))"; 3751 } 3752 } 3753 else 3754 { 3755 // Super moderators (and admins) 3756 $visible_sql = " AND p.visible >= -1"; 3757 } 3758 3759 $query = $db->query(" 3760 SELECT COUNT(p.pid) AS count 3761 FROM ".TABLE_PREFIX."posts p 3762 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid) 3763 WHERE {$post_ip_sql}{$where_sql}{$visible_sql} 3764 "); 3765 $post_results = $db->fetch_field($query, "count"); 3766 } 3767 } 3768 3769 // Searching user IP addresses 3770 if(isset($mybb->input['search_users'])) 3771 { 3772 $user_ip_sql = ''; 3773 if($ip_range) 3774 { 3775 if(!is_array($ip_range)) 3776 { 3777 $user_ip_sql = "regip=".$db->escape_binary($ip_range)." OR lastip=".$db->escape_binary($ip_range); 3778 } 3779 else 3780 { 3781 $user_ip_sql = "regip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1])." OR lastip BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]); 3782 } 3783 } 3784 3785 $plugins->run_hooks("modcp_ipsearch_users_start"); 3786 3787 if($user_ip_sql) 3788 { 3789 $query = $db->simple_select('users', 'COUNT(uid) AS count', $user_ip_sql); 3790 3791 $user_results = $db->fetch_field($query, "count"); 3792 } 3793 } 3794 3795 $total_results = $post_results+$user_results; 3796 3797 if(!$total_results) 3798 { 3799 $total_results = 1; 3800 } 3801 3802 // Now we have the result counts, paginate 3803 $perpage = $mybb->get_input('perpage', MyBB::INPUT_INT); 3804 if(!$perpage || $perpage <= 0) 3805 { 3806 $perpage = $mybb->settings['threadsperpage']; 3807 } 3808 3809 // Figure out if we need to display multiple pages. 3810 if($mybb->get_input('page') != "last") 3811 { 3812 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3813 } 3814 3815 $pages = $total_results / $perpage; 3816 $pages = ceil($pages); 3817 3818 if($mybb->get_input('page') == "last") 3819 { 3820 $page = $pages; 3821 } 3822 3823 if($page > $pages || $page <= 0) 3824 { 3825 $page = 1; 3826 } 3827 3828 if($page) 3829 { 3830 $start = ($page-1) * $perpage; 3831 } 3832 else 3833 { 3834 $start = 0; 3835 $page = 1; 3836 } 3837 3838 $page_url = "modcp.php?action=ipsearch&perpage={$perpage}"; 3839 foreach(array('ipaddress', 'search_users', 'search_posts') as $input) 3840 { 3841 if(!empty($mybb->input[$input])) 3842 { 3843 $page_url .= "&{$input}=".urlencode($mybb->input[$input]); 3844 } 3845 } 3846 $multipage = multipage($total_results, $perpage, $page, $page_url); 3847 3848 $post_limit = $perpage; 3849 $results = ''; 3850 if(isset($mybb->input['search_users']) && $user_results && $start <= $user_results) 3851 { 3852 $query = $db->simple_select('users', 'username, uid, regip, lastip', $user_ip_sql, 3853 array('order_by' => 'regdate', 'order_dir' => 'DESC', 'limit_start' => $start, 'limit' => $perpage)); 3854 3855 while($ipaddress = $db->fetch_array($query)) 3856 { 3857 $result = false; 3858 $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']); 3859 $profile_link = build_profile_link($ipaddress['username'], $ipaddress['uid']); 3860 $trow = alt_trow(); 3861 $ip = false; 3862 if(is_array($ip_range)) 3863 { 3864 if(strcmp($ip_range[0], $ipaddress['regip']) <= 0 && strcmp($ip_range[1], $ipaddress['regip']) >= 0) 3865 { 3866 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";"); 3867 $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip'])); 3868 } 3869 elseif(strcmp($ip_range[0], $ipaddress['lastip']) <= 0 && strcmp($ip_range[1], $ipaddress['lastip']) >= 0) 3870 { 3871 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";"); 3872 $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip'])); 3873 } 3874 } 3875 elseif($ipaddress['regip'] == $ip_range) 3876 { 3877 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_regip")."\";"); 3878 $ip = my_inet_ntop($db->unescape_binary($ipaddress['regip'])); 3879 } 3880 elseif($ipaddress['lastip'] == $ip_range) 3881 { 3882 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_lastip")."\";"); 3883 $ip = my_inet_ntop($db->unescape_binary($ipaddress['lastip'])); 3884 } 3885 if($ip) 3886 { 3887 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 3888 $result = true; 3889 } 3890 if($result) 3891 { 3892 --$post_limit; 3893 } 3894 } 3895 } 3896 $post_start = 0; 3897 if($total_results > $user_results && $post_limit) 3898 { 3899 $post_start = $start-$user_results; 3900 if($post_start < 0) 3901 { 3902 $post_start = 0; 3903 } 3904 } 3905 if(isset($mybb->input['search_posts']) && $post_results && (!isset($mybb->input['search_users']) || (isset($mybb->input['search_users']) && $post_limit > 0))) 3906 { 3907 $ipaddresses = $tids = $uids = array(); 3908 3909 $query = $db->query(" 3910 SELECT p.username AS postusername, p.uid, p.subject, p.pid, p.tid, p.ipaddress 3911 FROM ".TABLE_PREFIX."posts p 3912 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = p.tid) 3913 WHERE {$post_ip_sql}{$where_sql}{$visible_sql} 3914 ORDER BY p.dateline DESC, p.pid DESC 3915 LIMIT {$post_start}, {$post_limit} 3916 "); 3917 while($ipaddress = $db->fetch_array($query)) 3918 { 3919 $tids[$ipaddress['tid']] = $ipaddress['pid']; 3920 $uids[$ipaddress['uid']] = $ipaddress['pid']; 3921 $ipaddresses[$ipaddress['pid']] = $ipaddress; 3922 } 3923 3924 if(!empty($ipaddresses)) 3925 { 3926 $query = $db->simple_select("threads", "subject, tid", "tid IN(".implode(',', array_keys($tids)).")"); 3927 while($thread = $db->fetch_array($query)) 3928 { 3929 $ipaddresses[$tids[$thread['tid']]]['threadsubject'] = $thread['subject']; 3930 } 3931 unset($tids); 3932 3933 $query = $db->simple_select("users", "username, uid", "uid IN(".implode(',', array_keys($uids)).")"); 3934 while($user = $db->fetch_array($query)) 3935 { 3936 $ipaddresses[$uids[$user['uid']]]['username'] = $user['username']; 3937 } 3938 unset($uids); 3939 3940 foreach($ipaddresses as $ipaddress) 3941 { 3942 $ip = my_inet_ntop($db->unescape_binary($ipaddress['ipaddress'])); 3943 if(empty($ipaddress['username'])) 3944 { 3945 $ipaddress['username'] = $ipaddress['postusername']; // Guest username support 3946 } 3947 $ipaddress['username'] = htmlspecialchars_uni($ipaddress['username']); 3948 $trow = alt_trow(); 3949 if(empty($ipaddress['subject'])) 3950 { 3951 $ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}"; 3952 } 3953 3954 $ipaddress['postlink'] = get_post_link($ipaddress['pid'], $ipaddress['tid']); 3955 $ipaddress['subject'] = htmlspecialchars_uni($parser->parse_badwords($ipaddress['subject'])); 3956 $ipaddress['profilelink'] = build_profile_link($ipaddress['username'], $ipaddress['uid']); 3957 3958 eval("\$subject = \"".$templates->get("modcp_ipsearch_result_post")."\";"); 3959 eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";"); 3960 } 3961 } 3962 } 3963 3964 if(!$results) 3965 { 3966 eval("\$results = \"".$templates->get("modcp_ipsearch_noresults")."\";"); 3967 } 3968 3969 if($ipaddressvalue) 3970 { 3971 $lang->ipsearch_results = $lang->sprintf($lang->ipsearch_results, $ipaddressvalue); 3972 } 3973 else 3974 { 3975 $lang->ipsearch_results = $lang->ipsearch; 3976 } 3977 3978 $ipaddress = $ipaddress_url = $misc_info_link = ''; 3979 if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], "/")) 3980 { 3981 $ipaddress = htmlspecialchars_uni($mybb->input['ipaddress']); 3982 $ipaddress_url = urlencode($mybb->input['ipaddress']); 3983 eval("\$misc_info_link = \"".$templates->get("modcp_ipsearch_results_information")."\";"); 3984 } 3985 3986 eval("\$ipsearch_results = \"".$templates->get("modcp_ipsearch_results")."\";"); 3987 } 3988 3989 // Fetch filter options 3990 if(!$mybb->input['ipaddress']) 3991 { 3992 $mybb->input['search_posts'] = 1; 3993 $mybb->input['search_users'] = 1; 3994 } 3995 $usersearchselect = $postsearchselect = ''; 3996 if(isset($mybb->input['search_posts'])) 3997 { 3998 $postsearchselect = "checked=\"checked\""; 3999 } 4000 if(isset($mybb->input['search_users'])) 4001 { 4002 $usersearchselect = "checked=\"checked\""; 4003 } 4004 4005 $plugins->run_hooks("modcp_ipsearch_end"); 4006 4007 eval("\$ipsearch = \"".$templates->get("modcp_ipsearch")."\";"); 4008 output_page($ipsearch); 4009 } 4010 4011 if($mybb->input['action'] == "iplookup") 4012 { 4013 if($mybb->usergroup['canuseipsearch'] == 0) 4014 { 4015 error_no_permission(); 4016 } 4017 4018 $mybb->input['ipaddress'] = $mybb->get_input('ipaddress'); 4019 $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress'])); 4020 $ipaddress_location = $lang->na; 4021 $ipaddress_host_name = $lang->na; 4022 $modcp_ipsearch_misc_info = ''; 4023 if(!strstr($mybb->input['ipaddress'], "*")) 4024 { 4025 // Return GeoIP information if it is available to us 4026 if(function_exists('geoip_record_by_name')) 4027 { 4028 $ip_record = @geoip_record_by_name($mybb->input['ipaddress']); 4029 if($ip_record) 4030 { 4031 $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name'])); 4032 if($ip_record['city']) 4033 { 4034 $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city'])); 4035 } 4036 } 4037 } 4038 4039 $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress'])); 4040 4041 // gethostbyaddr returns the same ip on failure 4042 if($ipaddress_host_name == $mybb->input['ipaddress']) 4043 { 4044 $ipaddress_host_name = $lang->na; 4045 } 4046 } 4047 4048 $plugins->run_hooks("modcp_iplookup_end"); 4049 4050 eval("\$iplookup = \"".$templates->get('modcp_ipsearch_misc_info', 1, 0)."\";"); 4051 echo($iplookup); 4052 exit; 4053 } 4054 4055 if($mybb->input['action'] == "banning") 4056 { 4057 if($mybb->usergroup['canbanusers'] == 0) 4058 { 4059 error_no_permission(); 4060 } 4061 4062 add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning"); 4063 4064 if(!$mybb->settings['threadsperpage']) 4065 { 4066 $mybb->settings['threadsperpage'] = 20; 4067 } 4068 4069 // Figure out if we need to display multiple pages. 4070 $perpage = $mybb->settings['threadsperpage']; 4071 if($mybb->get_input('page') != "last") 4072 { 4073 $page = $mybb->get_input('page', MyBB::INPUT_INT); 4074 } 4075 4076 $query = $db->simple_select("banned", "COUNT(uid) AS count"); 4077 $banned_count = $db->fetch_field($query, "count"); 4078 4079 $postcount = (int)$banned_count; 4080 $pages = $postcount / $perpage; 4081 $pages = ceil($pages); 4082 4083 if($mybb->get_input('page') == "last") 4084 { 4085 $page = $pages; 4086 } 4087 4088 if($page > $pages || $page <= 0) 4089 { 4090 $page = 1; 4091 } 4092 4093 if($page) 4094 { 4095 $start = ($page-1) * $perpage; 4096 } 4097 else 4098 { 4099 $start = 0; 4100 $page = 1; 4101 } 4102 $upper = $start+$perpage; 4103 4104 $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=banning"); 4105 4106 $plugins->run_hooks("modcp_banning_start"); 4107 4108 $query = $db->query(" 4109 SELECT b.*, a.username AS adminuser, u.username 4110 FROM ".TABLE_PREFIX."banned b 4111 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 4112 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 4113 ORDER BY dateline DESC 4114 LIMIT {$start}, {$perpage} 4115 "); 4116 4117 // Get the banned users 4118 $bannedusers = ''; 4119 while($banned = $db->fetch_array($query)) 4120 { 4121 $banned['username'] = htmlspecialchars_uni($banned['username']); 4122 $profile_link = build_profile_link($banned['username'], $banned['uid']); 4123 4124 // Only show the edit & lift links if current user created ban, or is super mod/admin 4125 $edit_link = ''; 4126 if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) 4127 { 4128 eval("\$edit_link = \"".$templates->get("modcp_banning_edit")."\";"); 4129 } 4130 4131 $admin_profile = build_profile_link(htmlspecialchars_uni($banned['adminuser']), $banned['admin']); 4132 4133 $trow = alt_trow(); 4134 4135 if($banned['reason']) 4136 { 4137 $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason'])); 4138 } 4139 else 4140 { 4141 $banned['reason'] = $lang->na; 4142 } 4143 4144 if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---') 4145 { 4146 $banlength = $lang->permanent; 4147 $timeremaining = $lang->na; 4148 } 4149 else 4150 { 4151 $banlength = $bantimes[$banned['bantime']]; 4152 $remaining = $banned['lifted']-TIME_NOW; 4153 4154 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 4155 4156 $banned_class = ''; 4157 $ban_remaining = "{$timeremaining} {$lang->ban_remaining}"; 4158 4159 if($remaining <= 0) 4160 { 4161 $banned_class = "imminent_banned"; 4162 $ban_remaining = $lang->ban_ending_imminently; 4163 } 4164 if($remaining < 3600) 4165 { 4166 $banned_class = "high_banned"; 4167 } 4168 else if($remaining < 86400) 4169 { 4170 $banned_class = "moderate_banned"; 4171 } 4172 else if($remaining < 604800) 4173 { 4174 $banned_class = "low_banned"; 4175 } 4176 else 4177 { 4178 $banned_class = "normal_banned"; 4179 } 4180 4181 eval('$timeremaining = "'.$templates->get('modcp_banning_remaining').'";'); 4182 } 4183 4184 eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";"); 4185 } 4186 4187 if(!$bannedusers) 4188 { 4189 eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";"); 4190 } 4191 4192 $plugins->run_hooks("modcp_banning"); 4193 4194 eval("\$bannedpage = \"".$templates->get("modcp_banning")."\";"); 4195 output_page($bannedpage); 4196 } 4197 4198 if($mybb->input['action'] == "liftban") 4199 { 4200 // Verify incoming POST request 4201 verify_post_check($mybb->get_input('my_post_key')); 4202 4203 if($mybb->usergroup['canbanusers'] == 0) 4204 { 4205 error_no_permission(); 4206 } 4207 4208 $query = $db->simple_select("banned", "*", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"); 4209 $ban = $db->fetch_array($query); 4210 4211 if(!$ban) 4212 { 4213 error($lang->error_invalidban); 4214 } 4215 4216 // Permission to edit this ban? 4217 if($mybb->user['uid'] != $ban['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 4218 { 4219 error_no_permission(); 4220 } 4221 4222 $plugins->run_hooks("modcp_liftban_start"); 4223 4224 $query = $db->simple_select("users", "username", "uid = '{$ban['uid']}'"); 4225 $username = $db->fetch_field($query, "username"); 4226 4227 $updated_group = array( 4228 'usergroup' => $ban['oldgroup'], 4229 'additionalgroups' => $db->escape_string($ban['oldadditionalgroups']), 4230 'displaygroup' => $ban['olddisplaygroup'] 4231 ); 4232 $db->update_query("users", $updated_group, "uid='{$ban['uid']}'"); 4233 $db->delete_query("banned", "uid='{$ban['uid']}'"); 4234 4235 $cache->update_moderators(); 4236 log_moderator_action(array("uid" => $ban['uid'], "username" => $username), $lang->lifted_ban); 4237 4238 $plugins->run_hooks("modcp_liftban_end"); 4239 4240 redirect("modcp.php?action=banning", $lang->redirect_banlifted); 4241 } 4242 4243 if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post") 4244 { 4245 // Verify incoming POST request 4246 verify_post_check($mybb->get_input('my_post_key')); 4247 4248 if($mybb->usergroup['canbanusers'] == 0) 4249 { 4250 error_no_permission(); 4251 } 4252 4253 // Editing an existing ban 4254 $existing_ban = false; 4255 if($mybb->get_input('uid', MyBB::INPUT_INT)) 4256 { 4257 // Get the users info from their uid 4258 $query = $db->query(" 4259 SELECT b.*, u.uid, u.username, u.usergroup, u.additionalgroups, u.displaygroup 4260 FROM ".TABLE_PREFIX."banned b 4261 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 4262 WHERE b.uid='{$mybb->input['uid']}' 4263 "); 4264 $user = $db->fetch_array($query); 4265 4266 if($user) 4267 { 4268 $existing_ban = true; 4269 } 4270 4271 // Permission to edit this ban? 4272 if($existing_ban && $mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 4273 { 4274 error_no_permission(); 4275 } 4276 } 4277 4278 $errors = array(); 4279 4280 // Creating a new ban 4281 if(!$existing_ban) 4282 { 4283 // Get the users info from their Username 4284 $options = array( 4285 'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup') 4286 ); 4287 4288 $user = get_user_by_username($mybb->input['username'], $options); 4289 4290 if(!$user) 4291 { 4292 $errors[] = $lang->invalid_username; 4293 } 4294 } 4295 4296 if($user['uid'] == $mybb->user['uid']) 4297 { 4298 $errors[] = $lang->error_cannotbanself; 4299 } 4300 4301 // Have permissions to ban this user? 4302 if(!modcp_can_manage_user($user['uid'])) 4303 { 4304 $errors[] = $lang->error_cannotbanuser; 4305 } 4306 4307 // Check for an incoming reason 4308 if(empty($mybb->input['banreason'])) 4309 { 4310 $errors[] = $lang->error_nobanreason; 4311 } 4312 4313 // Check banned group 4314 $usergroups_cache = $cache->read('usergroups'); 4315 if(isset($usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)])) 4316 { 4317 $usergroup = $usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)]; 4318 } 4319 4320 if(!isset($usergroup) || empty($usergroup['isbannedgroup'])) 4321 { 4322 $errors[] = $lang->error_nobangroup; 4323 } 4324 4325 // If this is a new ban, we check the user isn't already part of a banned group 4326 if(!$existing_ban && $user['uid']) 4327 { 4328 $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'", array('limit' => 1)); 4329 if($db->num_rows($query) > 0) 4330 { 4331 $errors[] = $lang->error_useralreadybanned; 4332 } 4333 } 4334 4335 $plugins->run_hooks("modcp_do_banuser_start"); 4336 4337 // Still no errors? Ban the user 4338 if(!$errors) 4339 { 4340 // Ban the user 4341 if($mybb->get_input('liftafter') == '---') 4342 { 4343 $lifted = 0; 4344 } 4345 else 4346 { 4347 if(!isset($user['dateline'])) 4348 { 4349 $user['dateline'] = 0; 4350 } 4351 $lifted = ban_date2timestamp($mybb->get_input('liftafter'), $user['dateline']); 4352 } 4353 4354 $banreason = my_substr($mybb->get_input('banreason'), 0, 255); 4355 4356 if($existing_ban) 4357 { 4358 $update_array = array( 4359 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 4360 'dateline' => TIME_NOW, 4361 'bantime' => $db->escape_string($mybb->get_input('liftafter')), 4362 'lifted' => $db->escape_string($lifted), 4363 'reason' => $db->escape_string($banreason) 4364 ); 4365 4366 $db->update_query('banned', $update_array, "uid='{$user['uid']}'"); 4367 } 4368 else 4369 { 4370 $insert_array = array( 4371 'uid' => $user['uid'], 4372 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 4373 'oldgroup' => (int)$user['usergroup'], 4374 'oldadditionalgroups' => $db->escape_string($user['additionalgroups']), 4375 'olddisplaygroup' => (int)$user['displaygroup'], 4376 'admin' => (int)$mybb->user['uid'], 4377 'dateline' => TIME_NOW, 4378 'bantime' => $db->escape_string($mybb->get_input('liftafter')), 4379 'lifted' => $db->escape_string($lifted), 4380 'reason' => $db->escape_string($banreason) 4381 ); 4382 4383 $db->insert_query('banned', $insert_array); 4384 } 4385 4386 // Move the user to the banned group 4387 $update_array = array( 4388 'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 4389 'displaygroup' => 0, 4390 'additionalgroups' => '', 4391 ); 4392 $db->update_query('users', $update_array, "uid = {$user['uid']}"); 4393 4394 // Log edit or add ban 4395 if($existing_ban) 4396 { 4397 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user_ban); 4398 } 4399 else 4400 { 4401 log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user); 4402 } 4403 4404 $plugins->run_hooks("modcp_do_banuser_end"); 4405 4406 if($existing_ban) 4407 { 4408 redirect("modcp.php?action=banning", $lang->redirect_banuser_updated); 4409 } 4410 else 4411 { 4412 redirect("modcp.php?action=banning", $lang->redirect_banuser); 4413 } 4414 } 4415 // Otherwise has errors, throw back to ban page 4416 else 4417 { 4418 $mybb->input['action'] = "banuser"; 4419 } 4420 } 4421 4422 if($mybb->input['action'] == "banuser") 4423 { 4424 add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning"); 4425 4426 if($mybb->usergroup['canbanusers'] == 0) 4427 { 4428 error_no_permission(); 4429 } 4430 4431 $mybb->input['uid'] = $mybb->get_input('uid', MyBB::INPUT_INT); 4432 if($mybb->input['uid']) 4433 { 4434 add_breadcrumb($lang->mcp_nav_editing_ban); 4435 } 4436 else 4437 { 4438 add_breadcrumb($lang->mcp_nav_ban_user); 4439 } 4440 4441 $plugins->run_hooks("modcp_banuser_start"); 4442 4443 $banuser_username = ''; 4444 $banreason = ''; 4445 4446 // If incoming user ID, we are editing a ban 4447 if($mybb->input['uid']) 4448 { 4449 $query = $db->query(" 4450 SELECT b.*, u.username, u.uid 4451 FROM ".TABLE_PREFIX."banned b 4452 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 4453 WHERE b.uid='{$mybb->input['uid']}' 4454 "); 4455 $banned = $db->fetch_array($query); 4456 if(!empty($banned['username'])) 4457 { 4458 $username = $banned['username'] = htmlspecialchars_uni($banned['username']); 4459 $banreason = htmlspecialchars_uni($banned['reason']); 4460 $uid = $mybb->input['uid']; 4461 $user = get_user($banned['uid']); 4462 $lang->ban_user = $lang->edit_ban; // Swap over lang variables 4463 eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";"); 4464 } 4465 } 4466 4467 // Permission to edit this ban? 4468 if(!empty($banned) && $banned['uid'] && $mybb->user['uid'] != $banned['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1) 4469 { 4470 error_no_permission(); 4471 } 4472 4473 // New ban! 4474 if(!$banuser_username) 4475 { 4476 if($mybb->input['uid']) 4477 { 4478 $user = get_user($mybb->input['uid']); 4479 $user['username'] = htmlspecialchars_uni($user['username']); 4480 $username = $user['username']; 4481 } 4482 else 4483 { 4484 $username = htmlspecialchars_uni($mybb->get_input('username')); 4485 } 4486 eval("\$banuser_username = \"".$templates->get("modcp_banuser_addusername")."\";"); 4487 } 4488 4489 // Coming back to this page from an error? 4490 if($errors) 4491 { 4492 $errors = inline_error($errors); 4493 $banned = array( 4494 "bantime" => $mybb->get_input('liftafter'), 4495 "reason" => $mybb->get_input('reason'), 4496 "gid" => $mybb->get_input('gid', MyBB::INPUT_INT) 4497 ); 4498 $banreason = htmlspecialchars_uni($mybb->get_input('banreason')); 4499 } 4500 4501 // Generate the banned times dropdown 4502 $liftlist = ''; 4503 foreach($bantimes as $time => $title) 4504 { 4505 $selected = ''; 4506 if(isset($banned['bantime']) && $banned['bantime'] == $time) 4507 { 4508 $selected = " selected=\"selected\""; 4509 } 4510 4511 $thattime = ''; 4512 if($time != '---') 4513 { 4514 $dateline = TIME_NOW; 4515 if(isset($banned['dateline'])) 4516 { 4517 $dateline = $banned['dateline']; 4518 } 4519 4520 $thatime = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time, $dateline)); 4521 $thattime = " ({$thatime})"; 4522 } 4523 4524 eval("\$liftlist .= \"".$templates->get("modcp_banuser_liftlist")."\";"); 4525 } 4526 4527 $bangroup_option = $bangroups = ''; 4528 $numgroups = $banned_group = 0; 4529 $groupscache = $cache->read("usergroups"); 4530 4531 foreach($groupscache as $key => $group) 4532 { 4533 if($group['isbannedgroup']) 4534 { 4535 $selected = ""; 4536 if(isset($banned['gid']) && $banned['gid'] == $group['gid']) 4537 { 4538 $selected = " selected=\"selected\""; 4539 } 4540 4541 $group['title'] = htmlspecialchars_uni($group['title']); 4542 eval("\$bangroup_option .= \"".$templates->get("modcp_banuser_bangroups_group")."\";"); 4543 $banned_group = $group['gid']; 4544 ++$numgroups; 4545 } 4546 } 4547 4548 if($numgroups == 0) 4549 { 4550 error($lang->no_banned_group); 4551 } 4552 elseif($numgroups > 1) 4553 { 4554 eval("\$bangroups = \"".$templates->get("modcp_banuser_bangroups")."\";"); 4555 } 4556 else 4557 { 4558 eval("\$bangroups = \"".$templates->get("modcp_banuser_bangroups_hidden")."\";"); 4559 } 4560 4561 if(!empty($banned['uid'])) 4562 { 4563 eval("\$lift_link = \"".$templates->get("modcp_banuser_lift")."\";"); 4564 $uid = $banned['uid']; 4565 } 4566 else 4567 { 4568 $lift_link = ''; 4569 $uid = 0; 4570 } 4571 4572 $plugins->run_hooks("modcp_banuser_end"); 4573 4574 eval("\$banuser = \"".$templates->get("modcp_banuser")."\";"); 4575 output_page($banuser); 4576 } 4577 4578 if($mybb->input['action'] == "do_modnotes") 4579 { 4580 // Verify incoming POST request 4581 verify_post_check($mybb->get_input('my_post_key')); 4582 4583 $plugins->run_hooks("modcp_do_modnotes_start"); 4584 4585 // Update Moderator Notes cache 4586 $update_cache = array( 4587 "modmessage" => $mybb->get_input('modnotes') 4588 ); 4589 $cache->update("modnotes", $update_cache); 4590 4591 $plugins->run_hooks("modcp_do_modnotes_end"); 4592 4593 redirect("modcp.php", $lang->redirect_modnotes); 4594 } 4595 4596 if(!$mybb->input['action']) 4597 { 4598 $awaitingattachments = $awaitingposts = $awaitingthreads = $awaitingmoderation = ''; 4599 4600 if($mybb->usergroup['canmanagemodqueue'] == 1) 4601 { 4602 if($mybb->settings['enableattachments'] == 1 && ($nummodqueueattach > 0 || $mybb->usergroup['issupermod'] == 1)) 4603 { 4604 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 4605 { 4606 $bgcolor = "trow1"; 4607 } 4608 else 4609 { 4610 $bgcolor = "trow2"; 4611 } 4612 4613 $query = $db->query(" 4614 SELECT COUNT(aid) AS unapprovedattachments 4615 FROM ".TABLE_PREFIX."attachments a 4616 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 4617 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4618 WHERE a.visible='0' {$tflist} 4619 "); 4620 $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments"); 4621 4622 if($unapproved_attachments > 0) 4623 { 4624 $query = $db->query(" 4625 SELECT t.tid, p.pid, p.uid, t.username, a.filename, a.dateuploaded 4626 FROM ".TABLE_PREFIX."attachments a 4627 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid) 4628 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4629 WHERE a.visible='0' {$tflist} 4630 ORDER BY a.dateuploaded DESC 4631 LIMIT 1 4632 "); 4633 $attachment = $db->fetch_array($query); 4634 $attachment['date'] = my_date('relative', $attachment['dateuploaded']); 4635 $attachment['username'] = htmlspecialchars_uni($attachment['username']); 4636 $attachment['profilelink'] = build_profile_link($attachment['username'], $attachment['uid']); 4637 $attachment['link'] = get_post_link($attachment['pid'], $attachment['tid']); 4638 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 4639 $unapproved_attachments = my_number_format($unapproved_attachments); 4640 4641 eval("\$latest_attachment = \"".$templates->get("modcp_lastattachment")."\";"); 4642 } 4643 else 4644 { 4645 eval("\$latest_attachment = \"".$templates->get("modcp_awaitingmoderation_none")."\";"); 4646 } 4647 4648 eval("\$awaitingattachments = \"".$templates->get("modcp_awaitingattachments")."\";"); 4649 } 4650 4651 if($nummodqueueposts > 0 || $mybb->usergroup['issupermod'] == 1) 4652 { 4653 $query = $db->query(" 4654 SELECT COUNT(pid) AS unapprovedposts 4655 FROM ".TABLE_PREFIX."posts p 4656 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4657 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 4658 "); 4659 $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); 4660 4661 if($unapproved_posts > 0) 4662 { 4663 $query = $db->query(" 4664 SELECT p.pid, p.tid, p.subject, p.uid, p.username, p.dateline 4665 FROM ".TABLE_PREFIX."posts p 4666 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4667 WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid 4668 ORDER BY p.dateline DESC, p.pid DESC 4669 LIMIT 1 4670 "); 4671 $post = $db->fetch_array($query); 4672 $post['date'] = my_date('relative', $post['dateline']); 4673 $post['username'] = htmlspecialchars_uni($post['username']); 4674 $post['profilelink'] = build_profile_link($post['username'], $post['uid']); 4675 $post['link'] = get_post_link($post['pid'], $post['tid']); 4676 $post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']); 4677 if(my_strlen($post['subject']) > 25) 4678 { 4679 $post['subject'] = my_substr($post['subject'], 0, 25)."..."; 4680 } 4681 $post['subject'] = htmlspecialchars_uni($post['subject']); 4682 $post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']); 4683 $unapproved_posts = my_number_format($unapproved_posts); 4684 4685 eval("\$latest_post = \"".$templates->get("modcp_lastpost")."\";"); 4686 } 4687 else 4688 { 4689 eval("\$latest_post = \"".$templates->get("modcp_awaitingmoderation_none")."\";"); 4690 } 4691 4692 eval("\$awaitingposts = \"".$templates->get("modcp_awaitingposts")."\";"); 4693 } 4694 4695 if($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) 4696 { 4697 $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}"); 4698 $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); 4699 4700 if($unapproved_threads > 0) 4701 { 4702 $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible='0' {$flist_queue_threads}", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => 1)); 4703 $thread = $db->fetch_array($query); 4704 $thread['date'] = my_date('relative', $thread['dateline']); 4705 $thread['username'] = htmlspecialchars_uni($thread['username']); 4706 $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']); 4707 $thread['link'] = get_thread_link($thread['tid']); 4708 $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']); 4709 if(my_strlen($thread['subject']) > 25) 4710 { 4711 $post['subject'] = my_substr($thread['subject'], 0, 25)."..."; 4712 } 4713 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 4714 $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']); 4715 $unapproved_threads = my_number_format($unapproved_threads); 4716 4717 eval("\$latest_thread = \"".$templates->get("modcp_lastthread")."\";"); 4718 } 4719 else 4720 { 4721 eval("\$latest_thread = \"".$templates->get("modcp_awaitingmoderation_none")."\";"); 4722 } 4723 4724 eval("\$awaitingthreads = \"".$templates->get("modcp_awaitingthreads")."\";"); 4725 } 4726 4727 if(!empty($awaitingattachments) || !empty($awaitingposts) || !empty($awaitingthreads)) 4728 { 4729 eval("\$awaitingmoderation = \"".$templates->get("modcp_awaitingmoderation")."\";"); 4730 } 4731 } 4732 4733 $latestfivemodactions = ''; 4734 if(($nummodlogs > 0 || $mybb->usergroup['issupermod'] == 1) && $mybb->usergroup['canviewmodlogs'] == 1) 4735 { 4736 $where = ''; 4737 if($tflist_modlog) 4738 { 4739 $where = "WHERE (t.fid <> 0 {$tflist_modlog}) OR (l.fid <> 0)"; 4740 } 4741 4742 $query = $db->query(" 4743 SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject 4744 FROM ".TABLE_PREFIX."moderatorlog l 4745 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid) 4746 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid) 4747 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid) 4748 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid) 4749 {$where} 4750 ORDER BY l.dateline DESC 4751 LIMIT 5 4752 "); 4753 4754 $modlogresults = ''; 4755 while($logitem = $db->fetch_array($query)) 4756 { 4757 $information = ''; 4758 $logitem['action'] = htmlspecialchars_uni($logitem['action']); 4759 $log_date = my_date('relative', $logitem['dateline']); 4760 $trow = alt_trow(); 4761 $logitem['username'] = htmlspecialchars_uni($logitem['username']); 4762 $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']); 4763 $logitem['profilelink'] = build_profile_link($username, $logitem['uid']); 4764 $logitem['ipaddress'] = my_inet_ntop($db->unescape_binary($logitem['ipaddress'])); 4765 4766 if($logitem['tsubject']) 4767 { 4768 $logitem['tsubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['tsubject'])); 4769 $logitem['thread'] = get_thread_link($logitem['tid']); 4770 eval("\$information .= \"".$templates->get("modcp_modlogs_result_thread")."\";"); 4771 } 4772 if($logitem['fname']) 4773 { 4774 $logitem['forum'] = get_forum_link($logitem['fid']); 4775 eval("\$information .= \"".$templates->get("modcp_modlogs_result_forum")."\";"); 4776 } 4777 if($logitem['psubject']) 4778 { 4779 $logitem['psubject'] = htmlspecialchars_uni($parser->parse_badwords($logitem['psubject'])); 4780 $logitem['post'] = get_post_link($logitem['pid']); 4781 eval("\$information .= \"".$templates->get("modcp_modlogs_result_post")."\";"); 4782 } 4783 4784 // Edited a user or managed announcement? 4785 if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject']) 4786 { 4787 $data = my_unserialize($logitem['data']); 4788 if(isset($data['uid'])) 4789 { 4790 $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid'])); 4791 } 4792 if(isset($data['aid'])) 4793 { 4794 $data['subject'] = htmlspecialchars_uni($parser->parse_badwords($data['subject'])); 4795 $data['announcement'] = get_announcement_link($data['aid']); 4796 eval("\$information .= \"".$templates->get("modcp_modlogs_result_announcement")."\";"); 4797 } 4798 } 4799 4800 $plugins->run_hooks("modcp_modlogs_result"); 4801 4802 eval("\$modlogresults .= \"".$templates->get("modcp_modlogs_result")."\";"); 4803 } 4804 4805 if(!$modlogresults) 4806 { 4807 eval("\$modlogresults = \"".$templates->get("modcp_modlogs_nologs")."\";"); 4808 } 4809 4810 eval("\$latestfivemodactions = \"".$templates->get("modcp_latestfivemodactions")."\";"); 4811 } 4812 4813 $query = $db->query(" 4814 SELECT b.*, a.username AS adminuser, u.username 4815 FROM ".TABLE_PREFIX."banned b 4816 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 4817 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 4818 WHERE b.bantime != '---' AND b.bantime != 'perm' 4819 ORDER BY lifted ASC 4820 LIMIT 5 4821 "); 4822 4823 $banned_cache = array(); 4824 while($banned = $db->fetch_array($query)) 4825 { 4826 $banned['remaining'] = $banned['lifted']-TIME_NOW; 4827 $banned_cache[$banned['remaining'].$banned['uid']] = $banned; 4828 4829 unset($banned); 4830 } 4831 4832 // Get the banned users 4833 $bannedusers = ''; 4834 foreach($banned_cache as $banned) 4835 { 4836 $banned['username'] = htmlspecialchars_uni($banned['username']); 4837 $profile_link = build_profile_link($banned['username'], $banned['uid']); 4838 4839 // Only show the edit & lift links if current user created ban, or is super mod/admin 4840 $edit_link = ''; 4841 if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1) 4842 { 4843 eval("\$edit_link = \"".$templates->get("modcp_banning_edit")."\";"); 4844 } 4845 4846 $admin_profile = build_profile_link(htmlspecialchars_uni($banned['adminuser']), $banned['admin']); 4847 4848 $trow = alt_trow(); 4849 4850 if($banned['reason']) 4851 { 4852 $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason'])); 4853 } 4854 else 4855 { 4856 $banned['reason'] = $lang->na; 4857 } 4858 4859 if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---') 4860 { 4861 $banlength = $lang->permanent; 4862 $timeremaining = $lang->na; 4863 } 4864 else 4865 { 4866 $banlength = $bantimes[$banned['bantime']]; 4867 $remaining = $banned['remaining']; 4868 4869 $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 4870 4871 $banned_class = ''; 4872 $ban_remaining = "{$timeremaining} {$lang->ban_remaining}"; 4873 4874 if($remaining <= 0) 4875 { 4876 $banned_class = "imminent_banned"; 4877 $ban_remaining = $lang->ban_ending_imminently; 4878 } 4879 else if($remaining < 3600) 4880 { 4881 $banned_class = "high_banned"; 4882 } 4883 else if($remaining < 86400) 4884 { 4885 $banned_class = "moderate_banned"; 4886 } 4887 else if($remaining < 604800) 4888 { 4889 $banned_class = "low_banned"; 4890 } 4891 else 4892 { 4893 $banned_class = "normal_banned"; 4894 } 4895 4896 eval('$timeremaining = "'.$templates->get('modcp_banning_remaining').'";'); 4897 } 4898 4899 eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";"); 4900 } 4901 4902 if(!$bannedusers) 4903 { 4904 eval("\$bannedusers = \"".$templates->get("modcp_nobanned")."\";"); 4905 } 4906 4907 $modnotes = ''; 4908 $modnotes_cache = $cache->read("modnotes"); 4909 if($modnotes_cache !== false) 4910 { 4911 $modnotes = htmlspecialchars_uni($modnotes_cache['modmessage']); 4912 } 4913 4914 $plugins->run_hooks("modcp_end"); 4915 4916 eval("\$modcp = \"".$templates->get("modcp")."\";"); 4917 output_page($modcp); 4918 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |