Vergleich admin/modules/user/users.php - 1.6.6 - 1.6.7

 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *

 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *

 */

// Disallow direct access to this file for security reasons

 */

// Disallow direct access to this file for security reasons

	// We've selected a new avatar for this user!
	if($mybb->input['avatar'])
	{

	// We've selected a new avatar for this user!
	if($mybb->input['avatar'])
	{

		{
			echo $lang->invalid_post_verify_key2;
			exit;

		{
			echo $lang->invalid_post_verify_key2;
			exit;

	// Get a listing of avatars/directories within this gallery
	$sub_galleries = $avatars = array();
	$files = @scandir($real_path);

	// Get a listing of avatars/directories within this gallery
	$sub_galleries = $avatars = array();
	$files = @scandir($real_path);

	if(is_array($files))
	{
		foreach($files as $file)

	if(is_array($files))
	{
		foreach($files as $file)

	$db->update_query("users", $updated_user, "uid='{$user['uid']}'");
	
	$plugins->run_hooks("admin_user_users_coppa_activate_commit");

	$db->update_query("users", $updated_user, "uid='{$user['uid']}'");
	
	$plugins->run_hooks("admin_user_users_coppa_activate_commit");

	// Log admin action
	log_admin_action($user['uid'], $user['username']);

	// Log admin action
	log_admin_action($user['uid'], $user['username']);

	$form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
	$form_container->output_row($lang->password." <em>*</em>", "", $form->generate_password_box('password', $mybb->input['password'], array('id' => 'password', 'autocomplete' => 'off')), 'password');
	$form_container->output_row($lang->confirm_password." <em>*</em>", "", $form->generate_password_box('confirm_password', $mybb->input['confirm_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');

	$form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
	$form_container->output_row($lang->password." <em>*</em>", "", $form->generate_password_box('password', $mybb->input['password'], array('id' => 'password', 'autocomplete' => 'off')), 'password');
	$form_container->output_row($lang->confirm_password." <em>*</em>", "", $form->generate_password_box('confirm_password', $mybb->input['confirm_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');

	{
		$options[$usergroup['gid']] = $usergroup['title'];
		$display_group_options[$usergroup['gid']] = $usergroup['title'];

	{
		$options[$usergroup['gid']] = $usergroup['title'];
		$display_group_options[$usergroup['gid']] = $usergroup['title'];

			"aim" => $mybb->input['aim'],
			"yahoo" => $mybb->input['yahoo'],
			"msn" => $mybb->input['msn'],

			"aim" => $mybb->input['aim'],
			"yahoo" => $mybb->input['yahoo'],
			"msn" => $mybb->input['msn'],

			"style" => $mybb->input['style'],
			"signature" => $mybb->input['signature'],
			"dateformat" => intval($mybb->input['dateformat']),

			"style" => $mybb->input['style'],
			"signature" => $mybb->input['signature'],
			"dateformat" => intval($mybb->input['dateformat']),

		if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
		{
			if($user['coppauser'] == 1)

		if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
		{
			if($user['coppauser'] == 1)

				$updated_user['coppa_user'] = 0;
			}
		}
		if($mybb->input['new_password'])

				$updated_user['coppa_user'] = 0;
			}
		}
		if($mybb->input['new_password'])

			$updated_user['password'] = $mybb->input['new_password'];
			$updated_user['password2'] = $mybb->input['confirm_new_password'];
		}

			$updated_user['password'] = $mybb->input['new_password'];
			$updated_user['password2'] = $mybb->input['confirm_new_password'];
		}

		}

		if($mybb->settings['userpppoptions'])

		}

		if($mybb->settings['userpppoptions'])

			$updated_user['options']['ppp'] = intval($mybb->input['ppp']);
		}

			$updated_user['options']['ppp'] = intval($mybb->input['ppp']);
		}

		if(!$userhandler->validate_user())
		{
			$errors = $userhandler->get_friendly_errors();

		if(!$userhandler->validate_user())
		{
			$errors = $userhandler->get_friendly_errors();

		{
			// Are we removing an avatar from this user?
			if($mybb->input['remove_avatar'])

		{
			// Are we removing an avatar from this user?
			if($mybb->input['remove_avatar'])

			{
				$avatar = upload_avatar($_FILES['avatar_upload'], $user['uid']);
				if($avatar['error'])

			{
				$avatar = upload_avatar($_FILES['avatar_upload'], $user['uid']);
				if($avatar['error'])

					$errors = array($avatar['error']);
				}
				else

					$errors = array($avatar['error']);
				}
				else

				if(!$file)
				{
					$avatar_error = $lang->error_invalidavatarurl;

				if(!$file)
				{
					$avatar_error = $lang->error_invalidavatarurl;

				{
					$tmp_name = "../".$mybb->settings['avataruploadpath']."/remote_".md5(random_str());
					$fp = @fopen($tmp_name, "wb");

				{
					$tmp_name = "../".$mybb->settings['avataruploadpath']."/remote_".md5(random_str());
					$fp = @fopen($tmp_name, "wb");

			if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
			{
				$errors[] = $lang->suspendmoderate_error;

			if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
			{
				$errors[] = $lang->suspendmoderate_error;

			if(!$errors)
			{
				$user_info = $userhandler->update_user();

			if(!$errors)
			{
				$user_info = $userhandler->update_user();

				flash_message($lang->success_user_updated, 'success');
				admin_redirect("index.php?module=user-users");
			}

				flash_message($lang->success_user_updated, 'success');
				admin_redirect("index.php?module=user-users");
			}

	if(!$errors)
	{
		$user['usertitle'] = htmlspecialchars_decode($user['usertitle']);
		$mybb->input = $user;

	if(!$errors)
	{
		$user['usertitle'] = htmlspecialchars_decode($user['usertitle']);
		$mybb->input = $user;

		// We need to fetch this users profile field values
		$query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
		$mybb->input['profile_fields'] = $db->fetch_array($query);

		// We need to fetch this users profile field values
		$query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
		$mybb->input['profile_fields'] = $db->fetch_array($query);

	}

	// Fetch custom profile fields

	}

	// Fetch custom profile fields

		else
		{
			$profile_fields['optional'][] = $profile_field;

		else
		{
			$profile_fields['optional'][] = $profile_field;

	}

	$page->add_breadcrumb_item($lang->edit_user.": ".htmlspecialchars_uni($user['username']));

	}

	$page->add_breadcrumb_item($lang->edit_user.": ".htmlspecialchars_uni($user['username']));

		$warning_level = get_colored_warning_level($warning_level);
	}

		$warning_level = get_colored_warning_level($warning_level);
	}

	if($user['birthday'])
	{
		$age = get_age($user['birthday']);

	if($user['birthday'])
	{
		$age = get_age($user['birthday']);

	}

	$table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" style=\"margin-top: {$avatar_top}px\" width=\"{$scaled_dimensions['width']}\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('rowspan' => 6, 'width' => 1));

	}

	$table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" style=\"margin-top: {$avatar_top}px\" width=\"{$scaled_dimensions['width']}\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('rowspan' => 6, 'width' => 1));

	$form_container->output_row($lang->aim_handle, "", $form->generate_text_box('aim', $mybb->input['aim'], array('id' => 'aim')), 'aim');
	$form_container->output_row($lang->yahoo_messanger_handle, "", $form->generate_text_box('yahoo', $mybb->input['yahoo'], array('id' => 'yahoo')), 'yahoo');
	$form_container->output_row($lang->msn_messanger_handle, "", $form->generate_text_box('msn', $mybb->input['msn'], array('id' => 'msn')), 'msn');

	$form_container->output_row($lang->aim_handle, "", $form->generate_text_box('aim', $mybb->input['aim'], array('id' => 'aim')), 'aim');
	$form_container->output_row($lang->yahoo_messanger_handle, "", $form->generate_text_box('yahoo', $mybb->input['yahoo'], array('id' => 'yahoo')), 'yahoo');
	$form_container->output_row($lang->msn_messanger_handle, "", $form->generate_text_box('msn', $mybb->input['msn'], array('id' => 'msn')), 'msn');

	// Birthday

	// Birthday

	// Output custom profile fields - optional
	output_custom_profile_fields($profile_fields['optional'], $mybb->input['profile_fields'], $form_container, $form);

	// Output custom profile fields - optional
	output_custom_profile_fields($profile_fields['optional'], $mybb->input['profile_fields'], $form_container, $form);

		$form->generate_check_box("showcodebuttons", "1", $lang->show_code_buttons, array("checked" => $mybb->input['showcodebuttons'])),
		"<label for=\"style\">{$lang->theme}:</label><br />".build_theme_select("style", $mybb->input['style'], 0, "", true),
		"<label for=\"language\">{$lang->board_language}:</label><br />".$form->generate_select_box("language", $languages, $mybb->input['language'], array('id' => 'language'))

		$form->generate_check_box("showcodebuttons", "1", $lang->show_code_buttons, array("checked" => $mybb->input['showcodebuttons'])),
		"<label for=\"style\">{$lang->theme}:</label><br />".build_theme_select("style", $mybb->input['style'], 0, "", true),
		"<label for=\"language\">{$lang->board_language}:</label><br />".$form->generate_select_box("language", $languages, $mybb->input['language'], array('id' => 'language'))

	$form_container->output_row($lang->other_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $other_options)."</div>");

	$form_container->output_row($lang->other_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $other_options)."</div>");

	$form_container->end();
	echo "</div>\n";

	$form_container->end();
	echo "</div>\n";

	// SIGNATURE EDITOR
	//
	$signature_editor = $form->generate_text_area("signature", $mybb->input['signature'], array('id' => 'signature', 'rows' => 15, 'cols' => '70', 'style' => 'width: 95%'));
	$sig_smilies = $lang->off;
	if($mybb->settings['sigsmilies'] == 1)

	// SIGNATURE EDITOR
	//
	$signature_editor = $form->generate_text_area("signature", $mybb->input['signature'], array('id' => 'signature', 'rows' => 15, 'cols' => '70', 'style' => 'width: 95%'));
	$sig_smilies = $lang->off;
	if($mybb->settings['sigsmilies'] == 1)

		$sig_smilies = $lang->on;
	}
	$sig_mycode = $lang->off;

		$sig_smilies = $lang->on;
	}
	$sig_mycode = $lang->off;

	if($mybb->input['suspendsignature'])
	{
		$sig_checked = 1;

	if($mybb->input['suspendsignature'])
	{
		$sig_checked = 1;

		// Display how much time is left on the ban for the user to extend it
		if($user['suspendsigtime'] == "0")
		{
			// Permanent
			$lang->suspend_expire_info = $lang->suspend_sig_perm;

		// Display how much time is left on the ban for the user to extend it
		if($user['suspendsigtime'] == "0")
		{
			// Permanent
			$lang->suspend_expire_info = $lang->suspend_sig_perm;

		else
		{
			// There's a limit to the suspension!

		else
		{
			// There's a limit to the suspension!

		function toggleAction()
		{
			if($("suspend_action").visible() == true)

		function toggleAction()
		{
			if($("suspend_action").visible() == true)

				$("suspend_action").hide();
			}
			else

				$("suspend_action").hide();
			}
			else

		}
	// -->
	</script>

		}
	// -->
	</script>

	<dl style="margin-top: 0; margin-bottom: 0; width: 100%;">
		<dt>'.$form->generate_check_box("suspendsignature", 1, $lang->suspend_sig_box, array('checked' => $sig_checked, 'onclick' => 'toggleAction();')).'</dt>
		<dd style="margin-top: 4px;" id="suspend_action" class="actions">

	<dl style="margin-top: 0; margin-bottom: 0; width: 100%;">
		<dt>'.$form->generate_check_box("suspendsignature", 1, $lang->suspend_sig_box, array('checked' => $sig_checked, 'onclick' => 'toggleAction();')).'</dt>
		<dd style="margin-top: 4px;" id="suspend_action" class="actions">

	);

	echo "<div id=\"tab_modoptions\">\n";

	);

	echo "<div id=\"tab_modoptions\">\n";

	$form_container->output_row($lang->user_notes, '', $form->generate_text_area('usernotes', $mybb->input['usernotes'], array('id' => 'usernotes')), 'usernotes');

	// Mod posts

	$form_container->output_row($lang->user_notes, '', $form->generate_text_area('usernotes', $mybb->input['usernotes'], array('id' => 'usernotes')), 'usernotes');

	// Mod posts

		{
			$suspost_date = my_date($mybb->settings['dateformat'], $user['suspensiontime'])." ".my_date($mybb->settings['timeformat'], $user['suspensiontime']);
			$existing_info = $lang->sprintf($lang->suspend_length, $suspost_date);

		{
			$suspost_date = my_date($mybb->settings['dateformat'], $user['suspensiontime'])." ".my_date($mybb->settings['timeformat'], $user['suspensiontime']);
			$existing_info = $lang->sprintf($lang->suspend_length, $suspost_date);

	}

	$suspost_div = '<div id="suspost">'.$existing_info.''.$lang->suspend_for.' '.$form->generate_text_box("suspost_time", $mybb->input['suspost_time'], array('style' => 'width: 2em;')).' '.$suspost_options.'</div>';

	}

	$suspost_div = '<div id="suspost">'.$existing_info.''.$lang->suspend_for.' '.$form->generate_text_box("suspost_time", $mybb->input['suspost_time'], array('style' => 'width: 2em;')).' '.$suspost_options.'</div>';

		// Update forum stats
		update_stats(array('numusers' => '-1'));

		// Update forum stats
		update_stats(array('numusers' => '-1'));

		// Did this user have an uploaded avatar?
		if($user['avatartype'] == "upload")

		// Did this user have an uploaded avatar?
		if($user['avatartype'] == "upload")

				// Update the moderator cache...
				$cache->update_moderators();
			}

				// Update the moderator cache...
				$cache->update_moderators();
			}

			// Merging Reputation
			// First, let's change all the details over to our new user...

			// Merging Reputation
			// First, let's change all the details over to our new user...

			$admin_view['sortby'] = $mybb->input['sortby'];
		}
		

			$admin_view['sortby'] = $mybb->input['sortby'];
		}
		

		{
			$admin_view['perpage'] = $mybb->input['perpage'];
		}

		{
			$admin_view['perpage'] = $mybb->input['perpage'];
		}

								continue;
							}
							else

								continue;
							}
							else

								// Run delete queries
								$db->update_query("posts", array('uid' => 0), "uid='{$user['uid']}'");
								$db->delete_query("userfields", "ufid='{$user['uid']}'");

								// Run delete queries
								$db->update_query("posts", array('uid' => 0), "uid='{$user['uid']}'");
								$db->delete_query("userfields", "ufid='{$user['uid']}'");

					// Selected a date - check if the date the user entered is valid
					if($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year'])

					// Selected a date - check if the date the user entered is valid
					if($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year'])

						// Is the date sort of valid?
						if($day < 1 || $day > 31 || $month < 1 || $month > 12 || ($month == 2 && $day > 29))
						{

						// Is the date sort of valid?
						if($day < 1 || $day > 31 || $month < 1 || $month > 12 || ($month == 2 && $day > 29))
						{

						{
							flash_message($lang->prune_fail, 'error');
							admin_redirect("index.php?module=user-users".$vid_url);

						{
							flash_message($lang->prune_fail, 'error');
							admin_redirect("index.php?module=user-users".$vid_url);

						// Require the rebuild functions
						require_once(MYBB_ROOT.'/inc/functions.php');

						// Require the rebuild functions
						require_once(MYBB_ROOT.'/inc/functions.php');

								unset($mybb->input['additionalgroups'][$key]);
							}
						}

								unset($mybb->input['additionalgroups'][$key]);
							}
						}

					}
					else
					{

					}
					else
					{

					// Create an update array
					$update_array = array(

					// Create an update array
					$update_array = array(

						"additionalgroups" => $additionalgroups,

						"additionalgroups" => $additionalgroups,

					);

					// Do the usergroup update for all those selected

					);

					// Do the usergroup update for all those selected

	{
		$admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
		unset($admin_view['extra_sql']);

	{
		$admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
		unset($admin_view['extra_sql']);

		// Showing a specific view
		if($mybb->input['vid'])
		{

		// Showing a specific view
		if($mybb->input['vid'])
		{

			if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
			{
				unset($admin_view);

			if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
			{
				unset($admin_view);

		// Don't have a view? Fetch the default
		if(!$admin_view)
		{

		// Don't have a view? Fetch the default
		if(!$admin_view)
		{

			$query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
			$admin_view = $db->fetch_array($query);
		}

			$query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
			$admin_view = $db->fetch_array($query);
		}

	// Fetch a list of all of the views for this user
	$popup = new PopupMenu("views", $lang->views);

	// Fetch a list of all of the views for this user
	$popup = new PopupMenu("views", $lang->views);

	}
	$popup->add_item("<em>{$lang->manage_views}</em>", "index.php?module=user-users&amp;action=views");
	$admin_view['popup'] = $popup->fetch();

	}
	$popup->add_item("<em>{$lang->manage_views}</em>", "index.php?module=user-users&amp;action=views");
	$admin_view['popup'] = $popup->fetch();

	if($mybb->input['type'])
	{
		$admin_view['view_type'] = $mybb->input['type'];

	if($mybb->input['type'])
	{
		$admin_view['view_type'] = $mybb->input['type'];

	{
		// If we came from the home page and clicked on the "Activate Users" link, send them back to here
		if($admin_session['data']['from'] == "home")

	{
		// If we came from the home page and clicked on the "Activate Users" link, send them back to here
		if($admin_session['data']['from'] == "home")

			flash_message($admin_session['data']['flash_message2']['message'], $admin_session['data']['flash_message2']['type']);
			update_admin_session('flash_message2', '');
			update_admin_session('from', '');

			flash_message($admin_session['data']['flash_message2']['message'], $admin_session['data']['flash_message2']['type']);
			update_admin_session('flash_message2', '');
			update_admin_session('from', '');

	
	if(isset($view['conditions']['referrer'])){
		$view['url'] .= "&action=referrers&uid=".htmlspecialchars($view['conditions']['referrer']);

	
	if(isset($view['conditions']['referrer'])){
		$view['url'] .= "&action=referrers&uid=".htmlspecialchars($view['conditions']['referrer']);

	
	// Do we not have any views?
	if(empty($view))
	{
		return false;

	
	// Do we not have any views?
	if(empty($view))
	{
		return false;

	
	$table = new Table;

	// Build header for table based view
	if($view['view_type'] != "card")

	
	$table = new Table;

	// Build header for table based view
	if($view['view_type'] != "card")

		foreach($view['fields'] as $field)
		{
			if(!$user_view_fields[$field])
			{
				continue;

		foreach($view['fields'] as $field)
		{
			if(!$user_view_fields[$field])
			{
				continue;

			$view_field = $user_view_fields[$field];
			$field_options = array();
			if($view_field['width'])
			{
				$field_options['width'] = $view_field['width'];

			$view_field = $user_view_fields[$field];
			$field_options = array();
			if($view_field['width'])
			{
				$field_options['width'] = $view_field['width'];

			if($view_field['align'])
			{
				$field_options['class'] = "align_".$view_field['align'];
			}
			$table->construct_header($view_field['title'], $field_options);

			if($view_field['align'])
			{
				$field_options['class'] = "align_".$view_field['align'];
			}
			$table->construct_header($view_field['title'], $field_options);

		$table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />"); // Create a header for the "select" boxes
	}

		$table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />"); // Create a header for the "select" boxes
	}

			$search_sql .= " AND u.{$search_field} LIKE '%".$db->escape_string_like($view['conditions'][$search_field])."%'";
		}
		else if(isset($view['conditions'][$search_field.'_blank']))

			$search_sql .= " AND u.{$search_field} LIKE '%".$db->escape_string_like($view['conditions'][$search_field])."%'";
		}
		else if(isset($view['conditions'][$search_field.'_blank']))

			$search_sql .= " AND u.{$search_field} != ''";
		}
	}

			$search_sql .= " AND u.{$search_field} != ''";
		}
	}

					$direction = "=";
			}
			$search_sql .= " AND u.{$search_field}{$direction}'".$db->escape_string($view['conditions'][$search_field])."'";

					$direction = "=";
			}
			$search_sql .= " AND u.{$search_field}{$direction}'".$db->escape_string($view['conditions'][$search_field])."'";

	}

	// Registration searching

	}

	// Registration searching

			$threshold = TIME_NOW - (intval($view['conditions'][$search_field]) * 24 * 60 * 60);

			$search_sql .= " AND u.{$search_field} >= '{$threshold}'";

			$threshold = TIME_NOW - (intval($view['conditions'][$search_field]) * 24 * 60 * 60);

			$search_sql .= " AND u.{$search_field} >= '{$threshold}'";

	// IP searching
	$ip_fields = array("regip", "lastip");
	foreach($ip_fields as $search_field)

	// IP searching
	$ip_fields = array("regip", "lastip");
	foreach($ip_fields as $search_field)

		foreach($view['conditions']['usergroup'] as $usergroup)
		{

		foreach($view['conditions']['usergroup'] as $usergroup)
		{

			switch($db->type)
			{
				case "pgsql":

			switch($db->type)
			{
				case "pgsql":

					$additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'";
			}
		}

					$additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'";
			}
		}

	}

	// COPPA users only?

	}

	// COPPA users only?