[Summary view] [Print] [Text view]

   1  <?php
   2  /** 
   3  *
   4  * @package acp
   5  * @version $Id: acp_users.php,v 1.79 2006/11/12 14:29:31 naderman Exp $
   6  * @copyright (c) 2005 phpBB Group 
   7  * @license http://opensource.org/licenses/gpl-license.php GNU Public License 
   8  *
   9  */
  10  
  11  /**
  12  * @package acp
  13  */
  14  class acp_users
  15  {
  16      var $u_action;
  17      var $p_master;
  18  
  19  	function acp_users(&$p_master)
  20      {
  21          $this->p_master = &$p_master;
  22      }
  23  
  24  	function main($id, $mode)
  25      {
  26          global $config, $db, $user, $auth, $template, $cache;
  27          global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
  28  
  29          $user->add_lang(array('posting', 'ucp', 'acp/users'));
  30          $this->tpl_name = 'acp_users';
  31          $this->page_title = 'ACP_USER_' . strtoupper($mode);
  32  
  33          include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
  34          include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
  35  
  36          $error        = array();
  37          $username    = request_var('username', '', true);
  38          $user_id    = request_var('u', 0);
  39          $action        = request_var('action', '');
  40  
  41          $submit        = (isset($_POST['update'])) ? true : false;
  42  
  43          // Whois (special case)
  44          if ($action == 'whois')
  45          {
  46              $this->page_title = 'WHOIS';
  47              $this->tpl_name = 'simple_body';
  48  
  49              $user_ip = request_var('user_ip', '');
  50              $domain = gethostbyaddr($user_ip);
  51              $ipwhois = '';
  52  
  53              if ($ipwhois = user_ipwhois($user_ip))
  54              {
  55                  $ipwhois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1<a href="mailto:\2">\2</a>\3', $ipwhois);
  56                  $ipwhois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2">\2</a>\3', $ipwhois);
  57              }
  58  
  59              $template->assign_vars(array(
  60                  'MESSAGE_TITLE'        => sprintf($user->lang['IP_WHOIS_FOR'], $domain),
  61                  'MESSAGE_TEXT'        => nl2br($ipwhois))
  62              );
  63  
  64              return;
  65          }
  66  
  67          // Show user selection mask
  68          if (!$username && !$user_id)
  69          {
  70              $this->page_title = 'SELECT_USER';
  71  
  72              $template->assign_vars(array(
  73                  'U_ACTION'            => $this->u_action,
  74                  'ANONYMOUS_USER_ID'    => ANONYMOUS,
  75  
  76                  'S_SELECT_USER'        => true,
  77                  'U_FIND_USERNAME'    => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=select_user&amp;field=username'),
  78                  'UA_FIND_USERNAME'    => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username', false),
  79                  )
  80              );
  81  
  82              return;
  83          }
  84  
  85          if (!$user_id)
  86          {
  87              $sql = 'SELECT user_id
  88                  FROM ' . USERS_TABLE . "
  89                  WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
  90              $result = $db->sql_query($sql);
  91              $user_id = (int) $db->sql_fetchfield('user_id');
  92              $db->sql_freeresult($result);
  93  
  94              if (!$user_id)
  95              {
  96                  trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
  97              }
  98          }
  99  
 100          // Generate content for all modes
 101          $sql = 'SELECT u.*, s.*
 102              FROM ' . USERS_TABLE . ' u
 103                  LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
 104              WHERE u.user_id = ' . $user_id . '
 105              ORDER BY s.session_time DESC';
 106          $result = $db->sql_query($sql);
 107          $user_row = $db->sql_fetchrow($result);
 108          $db->sql_freeresult($result);
 109  
 110          if (!$user_row)
 111          {
 112              trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
 113          }
 114  
 115          // Generate overall "header" for user admin
 116          $s_form_options = '';
 117  
 118          // Include info file...
 119          include_once($phpbb_root_path . 'includes/acp/info/acp_users.' . $phpEx);
 120          $forms_ary = acp_users_info::module();
 121  
 122          foreach ($forms_ary['modes'] as $value => $ary)
 123          {
 124              if (!$this->p_master->module_auth($ary['auth']))
 125              {
 126                  continue;
 127              }
 128              
 129              $selected = ($mode == $value) ? ' selected="selected"' : '';
 130              $s_form_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($value)]  . '</option>';
 131          }
 132  
 133          $template->assign_vars(array(
 134              'U_BACK'            => $this->u_action,
 135              'U_MODE_SELECT'        => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;u=$user_id"),
 136              'U_ACTION'            => $this->u_action . '&amp;u=' . $user_id,
 137              'S_FORM_OPTIONS'    => $s_form_options)
 138          );
 139  
 140          // Prevent normal users/admins change/view founders if they are not a founder by themselves
 141          if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
 142          {
 143              trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 144          }
 145  
 146          switch ($mode)
 147          {
 148              case 'overview':
 149                  
 150                  $delete            = request_var('delete', 0);
 151                  $delete_type    = request_var('delete_type', '');
 152                  $ip                = request_var('ip', 'ip');
 153  
 154                  if ($submit)
 155                  {
 156                      // You can't delete the founder
 157                      if ($delete && $user_row['user_type'] != USER_FOUNDER)
 158                      {
 159                          if (!$auth->acl_get('a_userdel'))
 160                          {
 161                              trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 162                          }
 163  
 164                          // Check if the user wants to remove himself or the guest user account
 165                          if ($user_id == ANONYMOUS)
 166                          {
 167                              trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 168                          }
 169  
 170                          if ($user_id == $user->data['user_id'])
 171                          {
 172                              trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 173                          }
 174  
 175                          if (confirm_box(true))
 176                          {
 177                              user_delete($delete_type, $user_id, $user_row['username']);
 178  
 179                              add_log('admin', 'LOG_USER_DELETED', $user_row['username']);
 180                              trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action));
 181                          }
 182                          else
 183                          {
 184                              confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
 185                                  'u'                => $user_id,
 186                                  'i'                => $id,
 187                                  'mode'            => $mode,
 188                                  'action'        => $action,
 189                                  'update'        => true,
 190                                  'delete'        => 1,
 191                                  'delete_type'    => $delete_type))
 192                              );
 193                          }
 194                      }
 195  
 196                      // Handle quicktool actions
 197                      switch ($action)
 198                      {
 199                          case 'banuser':
 200                          case 'banemail':
 201                          case 'banip':
 202  
 203                              if ($user_id == $user->data['user_id'])
 204                              {
 205                                  trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 206                              }
 207  
 208                              if ($user_row['user_type'] == USER_FOUNDER)
 209                              {
 210                                  trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 211                              }
 212  
 213                              $ban = array();
 214  
 215                              switch ($action)
 216                              {
 217                                  case 'banuser':
 218                                      $ban[] = $user_row['username'];
 219                                      $reason = 'USER_ADMIN_BAN_NAME_REASON';
 220                                      $log = 'LOG_USER_BAN_USER';
 221                                  break;
 222  
 223                                  case 'banemail':
 224                                      $ban[] = $user_row['user_email'];
 225                                      $reason = 'USER_ADMIN_BAN_EMAIL_REASON';
 226                                      $log = 'LOG_USER_BAN_EMAIL';
 227                                  break;
 228  
 229                                  case 'banip':
 230                                      $ban[] = $user_row['user_ip'];
 231  
 232                                      $sql = 'SELECT DISTINCT poster_ip
 233                                          FROM ' . POSTS_TABLE . "
 234                                          WHERE poster_id = $user_id";
 235                                      $result = $db->sql_query($sql);
 236  
 237                                      while ($row = $db->sql_fetchrow($result))
 238                                      {
 239                                          $ban[] = $row['poster_ip'];
 240                                      }
 241                                      $db->sql_freeresult($result);
 242  
 243                                      $reason = 'USER_ADMIN_BAN_IP_REASON';
 244                                      $log = 'LOG_USER_BAN_IP';
 245                                  break;
 246                              }
 247  
 248                              user_ban(substr($action, 3), $ban, 0, 0, 0, $user->lang[$reason]);
 249  
 250                              add_log('admin', $log, $user->lang[$reason], implode(', ', $ban));
 251                              add_log('user', $user_id, $log, $user->lang[$reason], implode(', ', $ban));
 252  
 253                              trigger_error($user->lang['BAN_SUCCESSFUL'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 254  
 255                          break;
 256  
 257                          case 'reactivate':
 258  
 259                              if ($user_id == $user->data['user_id'])
 260                              {
 261                                  trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 262                              }
 263  
 264                              if ($user_row['user_type'] == USER_FOUNDER)
 265                              {
 266                                  trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 267                              }
 268  
 269                              if ($user_row['user_type'] == USER_IGNORE)
 270                              {
 271                                  trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 272                              }
 273  
 274                              if ($config['email_enable'])
 275                              {
 276                                  include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 277  
 278                                  $server_url = generate_board_url();
 279  
 280                                  $user_actkey = gen_rand_string(10);
 281                                  $key_len = 54 - (strlen($server_url));
 282                                  $key_len = ($key_len > 6) ? $key_len : 6;
 283                                  $user_actkey = substr($user_actkey, 0, $key_len);
 284  
 285                                  if ($user_row['user_type'] == USER_NORMAL)
 286                                  {
 287                                      user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
 288  
 289                                      $sql = 'UPDATE ' . USERS_TABLE . "
 290                                          SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
 291                                          WHERE user_id = $user_id";
 292                                      $db->sql_query($sql);
 293                                  }
 294  
 295                                  $messenger = new messenger(false);
 296  
 297                                  $messenger->template('user_resend_inactive', $user_row['user_lang']);
 298  
 299                                  $messenger->replyto($config['board_contact']);
 300                                  $messenger->to($user_row['user_email'], $user_row['username']);
 301  
 302                                  $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
 303                                  $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
 304                                  $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
 305                                  $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
 306  
 307                                  $messenger->assign_vars(array(
 308                                      'WELCOME_MSG'    => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
 309                                      'USERNAME'        => htmlspecialchars_decode($user_row['username']),
 310                                      'U_ACTIVATE'    => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
 311                                  );
 312  
 313                                  $messenger->send(NOTIFY_EMAIL);
 314  
 315                                  add_log('admin', 'LOG_USER_REACTIVATE', $user_row['username']);
 316                                  add_log('user', $user_id, 'LOG_USER_REACTIVATE_USER');
 317  
 318                                  trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 319                              }
 320  
 321                          break;
 322  
 323                          case 'active':
 324  
 325                              if ($user_id == $user->data['user_id'])
 326                              {
 327                                  // It is only deactivation since the user is already activated (else he would not have reached this page)
 328                                  trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 329                              }
 330  
 331                              if ($user_row['user_type'] == USER_FOUNDER)
 332                              {
 333                                  trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 334                              }
 335  
 336                              if ($user_row['user_type'] == USER_IGNORE)
 337                              {
 338                                  trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 339                              }
 340  
 341                              user_active_flip('flip', $user_id);
 342  
 343                              $message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
 344                              $log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';
 345  
 346                              add_log('admin', $log, $user_row['username']);
 347                              add_log('user', $user_id, $log . '_USER');
 348  
 349                              trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 350  
 351                          break;
 352  
 353                          case 'delsig':
 354  
 355                              $sql_ary = array(
 356                                  'user_sig'                    => '',
 357                                  'user_sig_bbcode_uid'        => '',
 358                                  'user_sig_bbcode_bitfield'    => ''
 359                              );
 360  
 361                              $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 362                                  WHERE user_id = $user_id";
 363                              $db->sql_query($sql);
 364                          
 365                              add_log('admin', 'LOG_USER_DEL_SIG', $user_row['username']);
 366                              add_log('user', $user_id, 'LOG_USER_DEL_SIG_USER');
 367  
 368                              trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 369  
 370                          break;
 371  
 372                          case 'delavatar':
 373                              
 374                              $sql_ary = array(
 375                                  'user_avatar'            => '',
 376                                  'user_avatar_type'        => 0,
 377                                  'user_avatar_width'        => 0,
 378                                  'user_avatar_height'    => 0,
 379                              );
 380  
 381                              $sql = 'UPDATE ' . USERS_TABLE . '
 382                                  SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 383                                  WHERE user_id = $user_id";
 384                              $db->sql_query($sql);
 385  
 386                              // Delete old avatar if present
 387                              if ($user_row['user_avatar'] && $user_row['user_avatar_type'] != AVATAR_GALLERY)
 388                              {
 389                                  avatar_delete('user', $user_row);
 390                              }
 391  
 392                              add_log('admin', 'LOG_USER_DEL_AVATAR', $user_row['username']);
 393                              add_log('user', $user_id, 'LOG_USER_DEL_AVATAR_USER');
 394  
 395                              trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 396                          break;
 397  
 398                          case 'delposts':
 399  
 400                              if (confirm_box(true))
 401                              {
 402                                  $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
 403                                      FROM ' . POSTS_TABLE . "
 404                                      WHERE poster_id = $user_id
 405                                      GROUP BY topic_id";
 406                                  $result = $db->sql_query($sql);
 407  
 408                                  $topic_id_ary = array();
 409                                  while ($row = $db->sql_fetchrow($result))
 410                                  {
 411                                      $topic_id_ary[$row['topic_id']] = $row['total_posts'];
 412                                  }
 413                                  $db->sql_freeresult($result);
 414  
 415                                  if (sizeof($topic_id_ary))
 416                                  {
 417                                      $sql = 'SELECT topic_id, topic_replies, topic_replies_real
 418                                          FROM ' . TOPICS_TABLE . '
 419                                          WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
 420                                      $result = $db->sql_query($sql);
 421  
 422                                      $del_topic_ary = array();
 423                                      while ($row = $db->sql_fetchrow($result))
 424                                      {
 425                                          if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
 426                                          {
 427                                              $del_topic_ary[] = $row['topic_id'];
 428                                          }
 429                                      }
 430                                      $db->sql_freeresult($result);
 431  
 432                                      if (sizeof($del_topic_ary))
 433                                      {
 434                                          $sql = 'DELETE FROM ' . TOPICS_TABLE . '
 435                                              WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
 436                                          $db->sql_query($sql);
 437                                      }
 438                                  }
 439  
 440                                  // Delete posts, attachments, etc.
 441                                  delete_posts('poster_id', $user_id);
 442  
 443                                  add_log('admin', 'LOG_USER_DEL_POSTS', $user_row['username']);
 444                                  trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 445                              }
 446                              else
 447                              {
 448                                  confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
 449                                      'u'                => $user_id,
 450                                      'i'                => $id,
 451                                      'mode'            => $mode,
 452                                      'action'        => $action,
 453                                      'update'        => true))
 454                                  );
 455                              }
 456  
 457                          break;
 458  
 459                          case 'delattach':
 460  
 461                              if (confirm_box(true))
 462                              {
 463                                  delete_attachments('user', $user_id);
 464  
 465                                  add_log('admin', 'LOG_USER_DEL_ATTACH', $user_row['username']);
 466                                  trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 467                              }
 468                              else
 469                              {
 470                                  confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
 471                                      'u'                => $user_id,
 472                                      'i'                => $id,
 473                                      'mode'            => $mode,
 474                                      'action'        => $action,
 475                                      'update'        => true))
 476                                  );
 477                              }
 478                          
 479                          break;
 480                          
 481                          case 'moveposts':
 482                                  
 483                              $new_forum_id = request_var('new_f', 0);
 484  
 485                              if (!$new_forum_id)
 486                              {
 487                                  $this->page_title = 'USER_ADMIN_MOVE_POSTS';
 488  
 489                                  $template->assign_vars(array(
 490                                      'S_SELECT_FORUM'        => true,
 491                                      'U_ACTION'                => $this->u_action . "&amp;action=$action&amp;u=$user_id",
 492                                      'U_BACK'                => $this->u_action . "&amp;u=$user_id",
 493                                      'S_FORUM_OPTIONS'        => make_forum_select(false, false, false, true))
 494                                  );
 495  
 496                                  return;
 497                              }
 498  
 499                              // Two stage?
 500                              // Move topics comprising only posts from this user
 501                              $topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array();
 502                              $forum_id_ary = array($new_forum_id);
 503  
 504                              $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
 505                                  FROM ' . POSTS_TABLE . "
 506                                  WHERE poster_id = $user_id
 507                                      AND forum_id <> $new_forum_id
 508                                  GROUP BY topic_id";
 509                              $result = $db->sql_query($sql);
 510  
 511                              while ($row = $db->sql_fetchrow($result))
 512                              {
 513                                  $topic_id_ary[$row['topic_id']] = $row['total_posts'];
 514                              }
 515                              $db->sql_freeresult($result);
 516  
 517                              if (sizeof($topic_id_ary))
 518                              {
 519                                  $sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real
 520                                      FROM ' . TOPICS_TABLE . '
 521                                      WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
 522                                  $result = $db->sql_query($sql);
 523  
 524                                  while ($row = $db->sql_fetchrow($result))
 525                                  {
 526                                      if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
 527                                      {
 528                                          $move_topic_ary[] = $row['topic_id'];
 529                                      }
 530                                      else
 531                                      {
 532                                          $move_post_ary[$row['topic_id']]['title'] = $row['topic_title'];
 533                                          $move_post_ary[$row['topic_id']]['attach'] = ($row['attach']) ? 1 : 0;
 534                                      }
 535  
 536                                      $forum_id_ary[] = $row['forum_id'];
 537                                  }
 538                                  $db->sql_freeresult($result);
 539                              }
 540  
 541                              // Entire topic comprises posts by this user, move these topics
 542                              if (sizeof($move_topic_ary))
 543                              {
 544                                  move_topics($move_topic_ary, $new_forum_id, false);
 545                              }
 546  
 547                              if (sizeof($move_post_ary))
 548                              {
 549                                  // Create new topic
 550                                  // Update post_ids, report_ids, attachment_ids
 551                                  foreach ($move_post_ary as $topic_id => $post_ary)
 552                                  {
 553                                      // Create new topic
 554                                      $sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 555                                          'topic_poster'                => $user_id,
 556                                          'topic_time'                => time(),
 557                                          'forum_id'                     => $new_forum_id,
 558                                          'icon_id'                    => 0,
 559                                          'topic_approved'            => 1,
 560                                          'topic_title'                 => $post_ary['title'],
 561                                          'topic_first_poster_name'    => $user_row['username'],
 562                                          'topic_type'                => POST_NORMAL,
 563                                          'topic_time_limit'            => 0,
 564                                          'topic_attachment'            => $post_ary['attach'])
 565                                      );
 566                                      $db->sql_query($sql);
 567  
 568                                      $new_topic_id = $db->sql_nextid();
 569  
 570                                      // Move posts
 571                                      $sql = 'UPDATE ' . POSTS_TABLE . "
 572                                          SET forum_id = $new_forum_id, topic_id = $new_topic_id
 573                                          WHERE topic_id = $topic_id
 574                                              AND poster_id = $user_id";
 575                                      $db->sql_query($sql);
 576  
 577                                      if ($post_ary['attach'])
 578                                      {
 579                                          $sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
 580                                              SET topic_id = $new_topic_id
 581                                              WHERE topic_id = $topic_id
 582                                                  AND poster_id = $user_id";
 583                                          $db->sql_query($sql);
 584                                      }
 585  
 586                                      $new_topic_id_ary[] = $new_topic_id;
 587                                  }
 588                              }
 589  
 590                              $forum_id_ary = array_unique($forum_id_ary);
 591                              $topic_id_ary = array_unique(array_merge($topic_id_ary, $new_topic_id_ary));
 592  
 593                              if (sizeof($topic_id_ary))
 594                              {
 595                                  sync('reported', 'topic_id', $topic_id_ary);
 596                                  sync('topic', 'topic_id', $topic_id_ary);
 597                              }
 598  
 599                              if (sizeof($forum_id_ary))
 600                              {
 601                                  sync('forum', 'forum_id', $forum_id_ary);
 602                              }
 603  
 604                              $sql = 'SELECT forum_name
 605                                  FROM ' . FORUMS_TABLE . "
 606                                  WHERE forum_id = $new_forum_id";
 607                              $result = $db->sql_query($sql, 3600);
 608                              $forum_info = $db->sql_fetchrow($result);
 609                              $db->sql_freeresult($result);
 610  
 611                              add_log('admin', 'LOG_USER_MOVE_POSTS', $user_row['username'], $forum_info['forum_name']);
 612                              add_log('user', $user_id, 'LOG_USER_MOVE_POSTS_USER', $forum_info['forum_name']);
 613  
 614                              trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 615  
 616                          break;
 617                      }
 618  
 619                      // Handle registration info updates
 620                      $data = array(
 621                          'username'            => request_var('user', $user_row['username'], true),
 622                          'user_founder'        => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
 623                          'email'                => request_var('user_email', $user_row['user_email']),
 624                          'email_confirm'        => request_var('email_confirm', ''),
 625                          'user_password'        => request_var('user_password', '', true),
 626                          'password_confirm'    => request_var('password_confirm', '', true),
 627                          'warnings'            => request_var('warnings', $user_row['user_warnings']),
 628                      );
 629  
 630                      // Validation data - we do not check the password complexity setting here
 631                      $check_ary = array(
 632                          'user_password'        => array(
 633                              array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 634                              array('password')),
 635                          'password_confirm'    => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 636                          'warnings'            => array('num'),
 637                      );
 638  
 639                      // Check username if altered
 640                      if ($data['username'] != $user_row['username'])
 641                      {
 642                          $check_ary += array(
 643                              'username'            => array(
 644                                  array('string', false, $config['min_name_chars'], $config['max_name_chars']),
 645                                  array('username', $user_row['username'])),
 646                          );
 647                      }
 648  
 649                      // Check email if altered
 650                      if ($data['email'] != $user_row['user_email'])
 651                      {
 652                          $check_ary += array(
 653                              'email'                => array(
 654                                  array('string', false, 6, 60),
 655                                  array('email', $user_row['user_email'])
 656                                  ), 
 657                              'email_confirm'        => array('string', true, 6, 60)
 658                          );
 659                      }
 660  
 661                      $error = validate_data($data, $check_ary);
 662  
 663                      if ($data['user_password'] && $data['password_confirm'] != $data['user_password'])
 664                      {
 665                          $error[] = 'NEW_PASSWORD_ERROR';
 666                      }
 667  
 668                      if ($data['email'] != $user_row['user_email'] && $data['email_confirm'] != $data['email'])
 669                      {
 670                          $error[] = 'NEW_EMAIL_ERROR';
 671                      }
 672  
 673                      // Which updates do we need to do?
 674                      $update_warning = ($user_row['user_warnings'] != $data['warnings']) ? true : false;
 675                      $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
 676                      $update_password = ($data['user_password'] && $user_row['user_password'] != md5($data['user_password'])) ? true : false;
 677                      $update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
 678  
 679                      if (!sizeof($error))
 680                      {
 681                          $sql_ary = array();
 682  
 683                          if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER)
 684                          {
 685                              if ($update_warning)
 686                              {
 687                                  $sql_ary['user_warnings'] = $data['warnings'];
 688                              }
 689  
 690                              // Only allow founders updating the founder status...
 691                              if ($user->data['user_type'] == USER_FOUNDER)
 692                              {
 693                                  // Setting a normal member to be a founder
 694                                  if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
 695                                  {
 696                                      // Make sure the user is not setting an Inactive or ignored user to be a founder
 697                                      if ($user_row['user_type'] == USER_IGNORE)
 698                                      {
 699                                          trigger_error($user->lang['CANNOT_SET_FOUNDER_BOT'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 700                                      }
 701  
 702                                      if ($user_row['user_type'] == USER_INACTIVE)
 703                                      {
 704                                          trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 705                                      }
 706  
 707                                      $sql_ary['user_type'] = USER_FOUNDER;
 708                                  }
 709                                  else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
 710                                  {
 711                                      // Check if at least one founder is present
 712                                      $sql = 'SELECT user_id
 713                                          FROM ' . USERS_TABLE . '
 714                                          WHERE user_type = ' . USER_FOUNDER . '
 715                                              AND user_id <> ' . $user_id;
 716                                      $result = $db->sql_query_limit($sql, 1);
 717                                      $row = $db->sql_fetchrow($result);
 718                                      $db->sql_freeresult($result);
 719  
 720                                      if ($row)
 721                                      {
 722                                          $sql_ary['user_type'] = USER_NORMAL;
 723                                      }
 724                                      else
 725                                      {
 726                                          trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
 727                                      }
 728                                  }
 729                              }
 730                          }
 731  
 732                          if ($update_username !== false)
 733                          {
 734                              $sql_ary['username'] = $update_username;
 735                              $sql_ary['username_clean'] = utf8_clean_string($update_username);
 736  
 737                              add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
 738                          }
 739  
 740                          if ($update_email !== false)
 741                          {
 742                              $sql_ary += array(
 743                                  'user_email'        => $update_email,
 744                                  'user_email_hash'    => crc32(strtolower($update_email)) . strlen($update_email)
 745                              );
 746  
 747                              add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email);
 748                          }
 749  
 750                          if ($update_password)
 751                          {
 752                              $sql_ary += array(
 753                                  'user_password' => md5($data['user_password']),
 754                                  'user_passchg'    => time(),
 755                              );
 756  
 757                              $user->reset_login_keys($user_id);
 758                              add_log('user', $user_id, 'LOG_USER_NEW_PASSWORD', $user_row['username']);
 759                          }
 760  
 761                          if (sizeof($sql_ary))
 762                          {
 763                              $sql = 'UPDATE ' . USERS_TABLE . '
 764                                  SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 765                                  WHERE user_id = ' . $user_id;
 766                              $db->sql_query($sql);
 767                          }
 768  
 769                          /**
 770                          * @todo adjust every data based in the number of user warnings
 771                          */
 772                          if ($update_warning)
 773                          {
 774                          }
 775  
 776                          if ($update_username)
 777                          {
 778                              user_update_name($user_row['username'], $update_username);
 779                          }
 780  
 781                          // Let the users permissions being updated
 782                          $auth->acl_clear_prefetch($user_id);
 783  
 784                          add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']);
 785  
 786                          trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 787                      }
 788  
 789                      // Replace "error" strings with their real, localised form
 790                      $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 791                  }
 792  
 793                  $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
 794                  $pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
 795  
 796                  if ($user_id == $user->data['user_id'])
 797                  {
 798                      $quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
 799                  }
 800                  else
 801                  {
 802                      $quick_tool_ary = array();
 803  
 804                      if ($user_row['user_type'] != USER_FOUNDER)
 805                      {
 806                          $quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP');
 807                      }
 808  
 809                      if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE)
 810                      {
 811                          $quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
 812                      }
 813                      
 814                      $quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
 815                      
 816                      if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE))
 817                      {
 818                          $quick_tool_ary['reactivate'] = 'FORCE';
 819                      }
 820                  }
 821  
 822                  $s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
 823                  foreach ($quick_tool_ary as $value => $lang)
 824                  {
 825                      $s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang]  . '</option>';
 826                  }
 827  
 828                  if ($config['load_onlinetrack'])
 829                  {
 830                      $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
 831                          FROM ' . SESSIONS_TABLE . "
 832                          WHERE session_user_id = $user_id";
 833                      $result = $db->sql_query($sql);
 834                      $row = $db->sql_fetchrow($result);
 835                      $db->sql_freeresult($result);
 836  
 837                      $user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;
 838                      $user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
 839                      unset($row);
 840                  }
 841  
 842                  $last_visit = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit'];
 843  
 844                  $template->assign_vars(array(
 845                      'L_NAME_CHARS_EXPLAIN'        => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
 846                      'L_CHANGE_PASSWORD_EXPLAIN'    => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
 847                      'S_FOUNDER'                    => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
 848  
 849                      'S_OVERVIEW'        => true,
 850                      'S_USER_IP'            => ($user_row['user_ip']) ? true : false,
 851                      'S_USER_FOUNDER'    => ($user_row['user_type'] == USER_FOUNDER) ? true : false,
 852                      'S_ACTION_OPTIONS'    => $s_action_options,
 853                      'S_OWN_ACCOUNT'        => ($user_id == $user->data['user_id']) ? true : false,
 854                      'S_USER_INACTIVE'    => ($user_row['user_type'] == USER_INACTIVE) ? true : false,
 855  
 856                      'U_SHOW_IP'        => $this->u_action . "&amp;u=$user_id&amp;ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
 857                      'U_WHOIS'        => $this->u_action . "&amp;action=whois&amp;user_ip={$user_row['user_ip']}",
 858  
 859                      'U_SWITCH_PERMISSIONS'    => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&amp;u={$user_row['user_id']}") : '',
 860  
 861                      'USER'                => $user_row['username'],
 862                      'USER_REGISTERED'    => $user->format_date($user_row['user_regdate']),
 863                      'REGISTERED_IP'        => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
 864                      'USER_LASTACTIVE'    => ($last_visit) ? $user->format_date($last_visit) : ' - ',
 865                      'USER_EMAIL'        => $user_row['user_email'],
 866                      'USER_WARNINGS'        => $user_row['user_warnings'],
 867                      'USER_POSTS'        => $user_row['user_posts'],
 868                      )
 869                  );
 870  
 871              break;
 872  
 873              case 'feedback':
 874  
 875                  $user->add_lang('mcp');
 876                  
 877                  // Set up general vars
 878                  $start        = request_var('start', 0);
 879                  $deletemark = (isset($_POST['delmarked'])) ? true : false;
 880                  $deleteall    = (isset($_POST['delall'])) ? true : false;
 881                  $marked        = request_var('mark', array(0));
 882                  $message    = request_var('message', '', true);
 883  
 884                  // Sort keys
 885                  $sort_days    = request_var('st', 0);
 886                  $sort_key    = request_var('sk', 't');
 887                  $sort_dir    = request_var('sd', 'd');
 888  
 889                  // Delete entries if requested and able
 890                  if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
 891                  {
 892                      $where_sql = '';
 893                      if ($deletemark && $marked)
 894                      {
 895                          $sql_in = array();
 896                          foreach ($marked as $mark)
 897                          {
 898                              $sql_in[] = $mark;
 899                          }
 900                          $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 901                          unset($sql_in);
 902                      }
 903  
 904                      if ($where_sql || $deleteall)
 905                      {
 906                          $sql = 'DELETE FROM ' . LOG_TABLE . '
 907                              WHERE log_type = ' . LOG_USERS . "
 908                              $where_sql";
 909                          $db->sql_query($sql);
 910  
 911                          add_log('admin', 'LOG_CLEAR_USER', $user_row['username']);
 912                      }
 913                  }
 914  
 915                  if ($submit && $message)
 916                  {
 917                      add_log('admin', 'LOG_USER_FEEDBACK', $user_row['username']);
 918                      add_log('user', $user_id, 'LOG_USER_GENERAL', $message);
 919  
 920                      trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 921                  }
 922                  
 923                  // Sorting
 924                  $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 925                  $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
 926                  $sort_by_sql = array('u' => 'l.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
 927  
 928                  $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 929                  gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
 930  
 931                  // Define where and sort sql for use in displaying logs
 932                  $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0;
 933                  $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
 934  
 935                  // Grab log data
 936                  $log_data = array();
 937                  $log_count = 0;
 938                  view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
 939  
 940                  $template->assign_vars(array(
 941                      'S_FEEDBACK'    => true,
 942                      'S_ON_PAGE'        => on_page($log_count, $config['topics_per_page'], $start),
 943                      'PAGINATION'    => generate_pagination($this->u_action . "&amp;u=$user_id&amp;$u_sort_param", $log_count, $config['topics_per_page'], $start, true),
 944  
 945                      'S_LIMIT_DAYS'    => $s_limit_days,
 946                      'S_SORT_KEY'    => $s_sort_key,
 947                      'S_SORT_DIR'    => $s_sort_dir,
 948                      'S_CLEARLOGS'    => $auth->acl_get('a_clearlogs'))
 949                  );
 950  
 951                  foreach ($log_data as $row)
 952                  {
 953                      $template->assign_block_vars('log', array(
 954                          'USERNAME'        => $row['username'],
 955                          'IP'            => $row['ip'],
 956                          'DATE'            => $user->format_date($row['time']),
 957                          'ACTION'        => nl2br($row['action']),
 958                          'ID'            => $row['id'])
 959                      );
 960                  }
 961  
 962              break;
 963  
 964              case 'profile':
 965  
 966                  $cp = new custom_profile();
 967  
 968                  $cp_data = $cp_error = array();
 969  
 970                  $sql = 'SELECT lang_id
 971                      FROM ' . LANG_TABLE . "
 972                      WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
 973                  $result = $db->sql_query($sql);
 974                  $row = $db->sql_fetchrow($result);
 975                  $db->sql_freeresult($result);
 976  
 977                  $user_row['iso_lang_id'] = $row['lang_id'];
 978  
 979                  $data = array(
 980                      'icq'            => request_var('icq', $user_row['user_icq']),
 981                      'aim'            => request_var('aim', $user_row['user_aim']),
 982                      'msn'            => request_var('msn', $user_row['user_msnm']),
 983                      'yim'            => request_var('yim', $user_row['user_yim']),
 984                      'jabber'        => request_var('jabber', $user_row['user_jabber']),
 985                      'website'        => request_var('website', $user_row['user_website']),
 986                      'location'        => request_var('location', $user_row['user_from'], true),
 987                      'occupation'    => request_var('occupation', $user_row['user_occ'], true),
 988                      'interests'        => request_var('interests', $user_row['user_interests'], true),
 989                      'bday_day'        => 0,
 990                      'bday_month'    => 0,
 991                      'bday_year'        => 0,
 992                  );
 993                  
 994                  utf8_normalize_nfc(array(&$data['location'], &$data['occupation'], &$data['interests']));
 995  
 996                  if ($user_row['user_birthday'])
 997                  {
 998                      list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
 999                  }
1000  
1001                  $data['bday_day'] = request_var('bday_day', $data['bday_day']);
1002                  $data['bday_month'] = request_var('bday_month', $data['bday_month']);
1003                  $data['bday_year'] = request_var('bday_year', $data['bday_year']);
1004  
1005                  if ($submit)
1006                  {
1007                      $error = validate_data($data, array(
1008                          'icq'            => array(
1009                              array('string', true, 3, 15),
1010                              array('match', true, '#^[0-9]+$#i')),
1011                          'aim'            => array('string', true, 3, 17),
1012                          'msn'            => array('string', true, 5, 255),
1013                          'jabber'        => array(
1014                              array('string', true, 5, 255),
1015                              array('match', true, '#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}(/.*)?$#i')),
1016                          'yim'            => array('string', true, 5, 255),
1017                          'website'        => array(
1018                              array('string', true, 12, 255),
1019                              array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i')),
1020                          'location'        => array('string', true, 2, 255),
1021                          'occupation'    => array('string', true, 2, 500),
1022                          'interests'        => array('string', true, 2, 500),
1023                          'bday_day'        => array('num', true, 1, 31),
1024                          'bday_month'    => array('num', true, 1, 12),
1025                          'bday_year'        => array('num', true, 1901, gmdate('Y', time())),
1026                      ));
1027  
1028                      // validate custom profile fields
1029                      $cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error);
1030  
1031                      if (sizeof($cp_error))
1032                      {
1033                          $error = array_merge($error, $cp_error);
1034                      }
1035  
1036                      if (!sizeof($error))
1037                      {
1038                          $sql_ary = array(
1039                              'user_icq'        => $data['icq'],
1040                              'user_aim'        => $data['aim'],
1041                              'user_msnm'        => $data['msn'],
1042                              'user_yim'        => $data['yim'],
1043                              'user_jabber'    => $data['jabber'],
1044                              'user_website'    => $data['website'],
1045                              'user_from'        => $data['location'],
1046                              'user_occ'        => $data['occupation'],
1047                              'user_interests'=> $data['interests'],
1048                              'user_birthday'    => sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']),
1049                          );
1050  
1051                          $sql = 'UPDATE ' . USERS_TABLE . '
1052                              SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1053                              WHERE user_id = $user_id";
1054                          $db->sql_query($sql);
1055  
1056                          // Update Custom Fields
1057                          if (sizeof($cp_data))
1058                          {
1059                              switch ($db->sql_layer)
1060                              {
1061                                  case 'oracle':
1062                                  case 'firebird':
1063                                  case 'postgres':
1064                                      $right_delim = $left_delim = '"';
1065                                  break;
1066  
1067                                  case 'sqlite':
1068                                  case 'mssql':
1069                                  case 'mssql_odbc':
1070                                      $right_delim = ']';
1071                                      $left_delim = '[';
1072                                  break;
1073  
1074                                  case 'mysql':
1075                                  case 'mysql4':
1076                                  case 'mysqli':
1077                                      $right_delim = $left_delim = '`';
1078                                  break;
1079                              }
1080  
1081                              foreach ($cp_data as $key => $value)
1082                              {
1083                                  $cp_data[$right_delim . $key . $left_delim] = $value;
1084                                  unset($cp_data[$key]);
1085                              }
1086  
1087                              $sql = 'UPDATE ' . PROFILE_FIELDS_DATA_TABLE . '
1088                                  SET ' . $db->sql_build_array('UPDATE', $cp_data) . "
1089                                  WHERE user_id = $user_id";
1090                              $db->sql_query($sql);
1091  
1092                              if (!$db->sql_affectedrows())
1093                              {
1094                                  $cp_data['user_id'] = (int) $user_id;
1095  
1096                                  $db->return_on_error = true;
1097  
1098                                  $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $cp_data);
1099                                  $db->sql_query($sql);
1100  
1101                                  $db->return_on_error = false;
1102                              }
1103                          }
1104  
1105                          trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
1106                      }
1107  
1108                      // Replace "error" strings with their real, localised form
1109                      $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
1110                  }
1111  
1112                  $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
1113                  for ($i = 1; $i < 32; $i++)
1114                  {
1115                      $selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
1116                      $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
1117                  }
1118  
1119                  $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
1120                  for ($i = 1; $i < 13; $i++)
1121                  {
1122                      $selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
1123                      $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
1124                  }
1125                  $s_birthday_year_options = '';
1126  
1127                  $now = getdate();
1128                  $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
1129                  for ($i = $now['year'] - 100; $i < $now['year']; $i++)
1130                  {
1131                      $selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
1132                      $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
1133                  }
1134                  unset($now);
1135  
1136                  $template->assign_vars(array(
1137                      'ICQ'            => $data['icq'],
1138                      'YIM'            => $data['yim'],
1139                      'AIM'            => $data['aim'],
1140                      'MSN'            => $data['msn'],
1141                      'JABBER'        => $data['jabber'],
1142                      'WEBSITE'        => $data['website'],
1143                      'LOCATION'        => $data['location'],
1144                      'OCCUPATION'    => $data['occupation'],
1145                      'INTERESTS'        => $data['interests'],
1146  
1147                      'S_BIRTHDAY_DAY_OPTIONS'    => $s_birthday_day_options,
1148                      'S_BIRTHDAY_MONTH_OPTIONS'    => $s_birthday_month_options,
1149                      'S_BIRTHDAY_YEAR_OPTIONS'    => $s_birthday_year_options,
1150                          
1151                      'S_PROFILE'        => true)
1152                  );
1153  
1154                  // Get additional profile fields and assign them to the template block var 'profile_fields'
1155                  $user->get_profile_fields($user_id);
1156  
1157                  $cp->generate_profile_fields('profile', $user_row['iso_lang_id']);
1158  
1159              break;
1160  
1161              case 'prefs':
1162  
1163                  $data = array(
1164                      'dateformat'        => request_var('dateformat', $user_row['user_dateformat']),
1165                      'lang'                => request_var('lang', $user_row['user_lang']),
1166                      'tz'                => request_var('tz', (float) $user_row['user_timezone']),
1167                      'style'                => request_var('style', $user_row['user_style']),
1168                      'dst'                => request_var('dst', $user_row['user_dst']),
1169                      'viewemail'            => request_var('viewemail', $user_row['user_allow_viewemail']),
1170                      'massemail'            => request_var('massemail', $user_row['user_allow_massemail']),
1171                      'hideonline'        => request_var('hideonline', !$user_row['user_allow_viewonline']),
1172                      'notifymethod'        => request_var('notifymethod', $user_row['user_notify_type']),
1173                      'notifypm'            => request_var('notifypm', $user_row['user_notify_pm']),
1174                      'popuppm'            => request_var('popuppm', $this->optionget($user_row, 'popuppm')),
1175                      'allowpm'            => request_var('allowpm', $user_row['user_allow_pm']),
1176  
1177                      'topic_sk'            => request_var('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'),
1178                      'topic_sd'            => request_var('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'),
1179                      'topic_st'            => request_var('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0),
1180  
1181                      'post_sk'            => request_var('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'),
1182                      'post_sd'            => request_var('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'),
1183                      'post_st'            => request_var('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0),
1184  
1185                      'view_images'        => request_var('view_images', $this->optionget($user_row, 'viewimg')),
1186                      'view_flash'        => request_var('view_flash', $this->optionget($user_row, 'viewflash')),
1187                      'view_smilies'        => request_var('view_smilies', $this->optionget($user_row, 'viewsmilies')),
1188                      'view_sigs'            => request_var('view_sigs', $this->optionget($user_row, 'viewsigs')),
1189                      'view_avatars'        => request_var('view_avatars', $this->optionget($user_row, 'viewavatars')),
1190                      'view_wordcensor'    => request_var('view_wordcensore', $this->optionget($user_row, 'viewcensors')),
1191  
1192                      'bbcode'    => request_var('bbcode', $this->optionget($user_row, 'bbcode')),
1193                      'smilies'    => request_var('smilies', $this->optionget($user_row, 'smilies')),
1194                      'sig'        => request_var('sig', $this->optionget($user_row, 'attachsig')),
1195                      'notify'    => request_var('notify', $user_row['user_notify']),
1196                  );
1197  
1198                  if ($submit)
1199                  {
1200                      $error = validate_data($data, array(
1201                          'dateformat'    => array('string', false, 3, 30),
1202                          'lang'            => array('match', false, '#^[a-z_\-]{2,}$#i'),
1203                          'tz'            => array('num', false, -14, 14),
1204  
1205                          'topic_sk'        => array('string', false, 1, 1),
1206                          'topic_sd'        => array('string', false, 1, 1),
1207                          'post_sk'        => array('string', false, 1, 1),
1208                          'post_sd'        => array('string', false, 1, 1),
1209                      ));
1210  
1211                      if (!sizeof($error))
1212                      {
1213                          $this->optionset($user_row, 'popuppm', $data['popuppm']);
1214                          $this->optionset($user_row, 'viewimg', $data['view_images']);
1215                          $this->optionset($user_row, 'viewflash', $data['view_flash']);
1216                          $this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
1217                          $this->optionset($user_row, 'viewsigs', $data['view_sigs']);
1218                          $this->optionset($user_row, 'viewavatars', $data['view_avatars']);
1219                          $this->optionset($user_row, 'viewcensors', $data['view_wordcensor']);
1220                          $this->optionset($user_row, 'bbcode', $data['bbcode']);
1221                          $this->optionset($user_row, 'smilies', $data['smilies']);
1222                          $this->optionset($user_row, 'attachsig', $data['sig']);
1223  
1224                          $sql_ary = array(
1225                              'user_options'            => $user_row['user_options'],
1226  
1227                              'user_allow_pm'            => $data['allowpm'],
1228                              'user_allow_viewemail'    => $data['viewemail'],
1229                              'user_allow_massemail'    => $data['massemail'],
1230                              'user_allow_viewonline'    => !$data['hideonline'],
1231                              'user_notify_type'        => $data['notifymethod'],
1232                              'user_notify_pm'        => $data['notifypm'],
1233  
1234                              'user_dst'                => $data['dst'],
1235                              'user_dateformat'        => $data['dateformat'],
1236                              'user_lang'                => $data['lang'],
1237                              'user_timezone'            => $data['tz'],
1238                              'user_style'            => $data['style'],
1239  
1240                              'user_topic_sortby_type'    => $data['topic_sk'],
1241                              'user_post_sortby_type'        => $data['post_sk'],
1242                              'user_topic_sortby_dir'        => $data['topic_sd'],
1243                              'user_post_sortby_dir'        => $data['post_sd'],
1244  
1245                              'user_topic_show_days'    => $data['topic_st'],
1246                              'user_post_show_days'    => $data['post_st'],
1247  
1248                              'user_notify'    => $data['notify'],
1249                          );
1250  
1251                          $sql = 'UPDATE ' . USERS_TABLE . '
1252                              SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1253                              WHERE user_id = $user_id";
1254                          $db->sql_query($sql);
1255  
1256                          trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
1257                      }
1258  
1259                      // Replace "error" strings with their real, localised form
1260                      $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
1261                  }
1262  
1263                  $dateformat_options = '';
1264                  foreach ($user->lang['dateformats'] as $format => $null)
1265                  {
1266                      $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>';
1267                      $dateformat_options .= $user->format_date(time(), $format, true) . ((strpos($format, '|') !== false) ? ' [' . $user->lang['RELATIVE_DAYS'] . ']' : '');
1268                      $dateformat_options .= '</option>';
1269                  }
1270  
1271                  $s_custom = false;
1272  
1273                  $dateformat_options .= '<option value="custom"';
1274                  if (!in_array($data['dateformat'], array_keys($user->lang['dateformats'])))
1275                  {
1276                      $dateformat_options .= ' selected="selected"';
1277                      $s_custom = true;
1278                  }
1279                  $dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
1280  
1281                  $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
1282  
1283                  // Topic ordering options
1284                  $limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1285                  $sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
1286  
1287                  // Post ordering options
1288                  $limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1289                  $sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
1290  
1291                  $_options = array('topic', 'post');
1292                  foreach ($_options as $sort_option)
1293                  {
1294                      ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
1295                      foreach (${'limit_' . $sort_option . '_days'} as $day => $text)
1296                      {
1297                          $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : '';
1298                          ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
1299                      }
1300                      ${'s_limit_' . $sort_option . '_days'} .= '</select>';
1301  
1302                      ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
1303                      foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text)
1304                      {
1305                          $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : '';
1306                          ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
1307                      }
1308                      ${'s_sort_' . $sort_option . '_key'} .= '</select>';
1309  
1310                      ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
1311                      foreach ($sort_dir_text as $key => $value)
1312                      {
1313                          $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : '';
1314                          ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1315                      }
1316                      ${'s_sort_' . $sort_option . '_dir'} .= '</select>';
1317                  }
1318  
1319                  $template->assign_vars(array(
1320                      'S_PREFS'            => true,
1321                      'S_JABBER_DISABLED'    => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
1322                      
1323                      'VIEW_EMAIL'        => $data['viewemail'],
1324                      'MASS_EMAIL'        => $data['massemail'],
1325                      'ALLOW_PM'            => $data['allowpm'],
1326                      'HIDE_ONLINE'        => $data['hideonline'],
1327                      'NOTIFY_EMAIL'        => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false,
1328                      'NOTIFY_IM'            => ($data['notifymethod'] == NOTIFY_IM) ? true : false,
1329                      'NOTIFY_BOTH'        => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
1330                      'NOTIFY_PM'            => $data['notifypm'],
1331                      'POPUP_PM'            => $data['popuppm'],
1332                      'DST'                => $data['dst'],
1333                      'BBCODE'            => $data['bbcode'],
1334                      'SMILIES'            => $data['smilies'],
1335                      'ATTACH_SIG'        => $data['sig'],
1336                      'NOTIFY'            => $data['notify'],
1337                      'VIEW_IMAGES'        => $data['view_images'],
1338                      'VIEW_FLASH'        => $data['view_flash'],
1339                      'VIEW_SMILIES'        => $data['view_smilies'],
1340                      'VIEW_SIGS'            => $data['view_sigs'],
1341                      'VIEW_AVATARS'        => $data['view_avatars'],
1342                      'VIEW_WORDCENSOR'    => $data['view_wordcensor'],
1343                      
1344                      'S_TOPIC_SORT_DAYS'        => $s_limit_topic_days,
1345                      'S_TOPIC_SORT_KEY'        => $s_sort_topic_key,
1346                      'S_TOPIC_SORT_DIR'        => $s_sort_topic_dir,
1347                      'S_POST_SORT_DAYS'        => $s_limit_post_days,
1348                      'S_POST_SORT_KEY'        => $s_sort_post_key,
1349                      'S_POST_SORT_DIR'        => $s_sort_post_dir,
1350  
1351                      'DATE_FORMAT'            => $data['dateformat'],
1352                      'S_DATEFORMAT_OPTIONS'    => $dateformat_options,
1353                      'S_CUSTOM_DATEFORMAT'    => $s_custom,
1354                      'DEFAULT_DATEFORMAT'    => $config['default_dateformat'],
1355                      'A_DEFAULT_DATEFORMAT'    => addslashes($config['default_dateformat']),
1356  
1357                      'S_LANG_OPTIONS'    => language_select($data['lang']),
1358                      'S_STYLE_OPTIONS'    => style_select($data['style']),
1359                      'S_TZ_OPTIONS'        => tz_select($data['tz'], true),
1360                      )
1361                  );
1362  
1363              break;
1364  
1365              case 'avatar':
1366  
1367                  $avatar_select = basename(request_var('avatar_select', ''));
1368                  $category = basename(request_var('category', ''));
1369                  $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
1370  
1371                  $data = array();
1372  
1373                  if ($submit)
1374                  {
1375                      $delete = request_var('delete', '');
1376  
1377                      $data = array(
1378                          'uploadurl'        => request_var('uploadurl', ''),
1379                          'remotelink'    => request_var('remotelink', ''),
1380                          'width'            => request_var('width', ''),
1381                          'height'        => request_var('height', ''),
1382                      );
1383  
1384                      $error = validate_data($data, array(
1385                          'uploadurl'        => array('string', true, 5, 255),
1386                          'remotelink'    => array('string', true, 5, 255),
1387                          'width'            => array('string', true, 1, 3),
1388                          'height'        => array('string', true, 1, 3),
1389                      ));
1390  
1391                      if (!sizeof($error))
1392                      {
1393                          $data['user_id'] = $user_id;
1394  
1395                          if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload && $config['allow_avatar_upload'])
1396                          {
1397                              list($type, $filename, $width, $height) = avatar_upload($data, $error);
1398                          }
1399                          else if ($data['remotelink'] && $config['allow_avatar_remote'])
1400                          {
1401                              list($type, $filename, $width, $height) = avatar_remote($data, $error);
1402                          }
1403                          else if ($avatar_select && $config['allow_avatar_local'])
1404                          {
1405                              $type = AVATAR_GALLERY;
1406                              $filename = $avatar_select;
1407                              
1408                              // check avatar gallery
1409                              if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
1410                              {
1411                                  $type = $width = $height = 0;
1412                                  $filename = '';
1413                              }
1414                              else
1415                              {
1416                                  list($width, $height) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $filename);
1417                                  $filename = $category . '/' . $filename;
1418                              }
1419                          }
1420                          else if ($delete)
1421                          {
1422                              $filename = '';
1423                              $type = $width = $height = 0;
1424                          }
1425                          else
1426                          {
1427                              $data = array();
1428                          }
1429                      }
1430  
1431                      if (!sizeof($error))
1432                      {
1433                          // Do we actually have any data to update?
1434                          if (sizeof($data))
1435                          {
1436                              $sql_ary = array(
1437                                  'user_avatar'            => $filename,
1438                                  'user_avatar_type'        => $type,
1439                                  'user_avatar_width'        => $width,
1440                                  'user_avatar_height'    => $height,
1441                              );
1442  
1443                              $sql = 'UPDATE ' . USERS_TABLE . '
1444                                  SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1445                                  WHERE user_id = ' . $user_id;
1446                              $db->sql_query($sql);
1447  
1448                              // Delete old avatar if present
1449                              if ($user_row['user_avatar'] && $filename != $user_row['user_avatar'] && $user_row['user_avatar_type'] != AVATAR_GALLERY)
1450                              {
1451                                  avatar_delete('user', $user_row);
1452                              }
1453                          }
1454  
1455                          trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
1456                      }
1457  
1458                      // Replace "error" strings with their real, localised form
1459                      $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
1460                  }
1461  
1462                  // Generate users avatar
1463                  if ($user_row['user_avatar'])
1464                  {
1465                      $avatar_img = '';
1466  
1467                      switch ($user_row['user_avatar_type'])
1468                      {
1469                          case AVATAR_UPLOAD:
1470                              $avatar_img = $phpbb_root_path . $config['avatar_path'] . '/';
1471                          break;
1472                  
1473                          case AVATAR_GALLERY:
1474                              $avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/';
1475                          break;
1476                      }
1477  
1478                      $avatar_img .= $user_row['user_avatar'];
1479                      $avatar_img = '<img src="' . $avatar_img . '" width="' . $user_row['user_avatar_width'] . '" height="' . $user_row['user_avatar_height'] . '" alt="" />';
1480                  }
1481                  else
1482                  {
1483                      $avatar_img = '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />';
1484                  }
1485  
1486                  $display_gallery = (isset($_POST['display_gallery'])) ? true : false;
1487  
1488                  if ($config['allow_avatar_local'] && $display_gallery)
1489                  {
1490                      avatar_gallery($category, $avatar_select, 4);
1491                  }
1492  
1493                  $template->assign_vars(array(
1494                      'S_AVATAR'            => true,
1495                      'S_CAN_UPLOAD'        => ($can_upload && $config['allow_avatar_upload']) ? true : false,
1496                      'S_ALLOW_REMOTE'    => ($config['allow_avatar_remote']) ? true : false,
1497                      'S_DISPLAY_GALLERY'    => ($config['allow_avatar_local'] && !$display_gallery) ? true : false,
1498                      'S_IN_GALLERY'        => ($config['allow_avatar_local'] && $display_gallery) ? true : false,
1499  
1500                      'AVATAR_IMAGE'            => $avatar_img,
1501                      'AVATAR_MAX_FILESIZE'    => $config['avatar_filesize'],
1502                      'USER_AVATAR_WIDTH'        => $user_row['user_avatar_width'],
1503                      'USER_AVATAR_HEIGHT'    => $user_row['user_avatar_height'],
1504  
1505                      'L_AVATAR_EXPLAIN'    => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)))
1506                  );
1507  
1508              break;
1509  
1510              case 'rank':
1511  
1512                  if ($submit)
1513                  {
1514                      $rank_id = request_var('user_rank', 0);
1515  
1516                      $sql = 'UPDATE ' . USERS_TABLE . "
1517                          SET user_rank = $rank_id
1518                          WHERE user_id = $user_id";
1519                      $db->sql_query($sql);
1520  
1521                      trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
1522                  }
1523                  
1524                  $sql = 'SELECT * 
1525                      FROM ' . RANKS_TABLE . '
1526                      WHERE rank_special = 1
1527                      ORDER BY rank_title';
1528                  $result = $db->sql_query($sql);
1529  
1530                  $s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>';
1531  
1532                  while ($row = $db->sql_fetchrow($result))
1533                  {
1534                      $selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : '';
1535                      $s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
1536                  }
1537                  $db->sql_freeresult($result);
1538  
1539                  $template->assign_vars(array(
1540                      'S_RANK'            => true,
1541                      'S_RANK_OPTIONS'    => $s_rank_options)
1542                  );
1543  
1544              break;
1545              
1546              case 'sig':
1547              
1548                  include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
1549                  include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
1550  
1551                  $enable_bbcode    = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false;
1552                  $enable_smilies    = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false;
1553                  $enable_urls    = request_var('enable_urls', true);
1554                  $signature        = request_var('signature', $user_row['user_sig'], true);
1555                  
1556                  utf8_normalize_nfc(&$signature);
1557                  
1558                  $preview        = (isset($_POST['preview'])) ? true : false;
1559  
1560                  if ($submit || $preview)
1561                  {
1562                      include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
1563  
1564                      $message_parser = new parse_message($signature);
1565  
1566                      // Allowing Quote BBCode
1567                      $message_parser->parse($enable_bbcode, ($config['allow_sig_links']) ? $enable_urls : false, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
1568                          
1569                      if (sizeof($message_parser->warn_msg))
1570                      {
1571                          $error[] = implode('<br />', $message_parser->warn_msg);
1572                      }
1573                          
1574                      if (!sizeof($error) && $submit)
1575                      {
1576                          $sql_ary = array(
1577                              'user_sig'                    => (string) $message_parser->message, 
1578                              'user_sig_bbcode_uid'        => (string) $message_parser->bbcode_uid, 
1579                              'user_sig_bbcode_bitfield'    => (string) $message_parser->bbcode_bitfield
1580                          );
1581  
1582                          $sql = 'UPDATE ' . USERS_TABLE . ' 
1583                              SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 
1584                              WHERE user_id = ' . $user_id;
1585                          $db->sql_query($sql);
1586  
1587                          trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
1588                      }
1589      
1590                      // Replace "error" strings with their real, localised form
1591                      $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
1592                  }
1593                  
1594                  $signature_preview = '';
1595                  
1596                  if ($preview)
1597                  {
1598                      // Now parse it for displaying
1599                      $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false);
1600                      unset($message_parser);
1601                  }
1602  
1603                  decode_message($signature, $user_row['user_sig_bbcode_uid']);
1604  
1605                  $template->assign_vars(array(
1606                      'S_SIGNATURE'        => true,
1607  
1608                      'SIGNATURE'            => $signature,
1609                      'SIGNATURE_PREVIEW'    => $signature_preview,
1610  
1611                      'S_BBCODE_CHECKED'        => (!$enable_bbcode) ? 'checked="checked"' : '',
1612                      'S_SMILIES_CHECKED'        => (!$enable_smilies) ? 'checked="checked"' : '',
1613                      'S_MAGIC_URL_CHECKED'    => (!$enable_urls) ? 'checked="checked"' : '',
1614  
1615                      'BBCODE_STATUS'            => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'),
1616                      'SMILIES_STATUS'        => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
1617                      'IMG_STATUS'            => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
1618                      'FLASH_STATUS'            => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
1619                      'URL_STATUS'            => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
1620  
1621                      'L_SIGNATURE_EXPLAIN'    => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']),
1622  
1623                      'S_BBCODE_ALLOWED'        => $config['allow_sig_bbcode'], 
1624                      'S_SMILIES_ALLOWED'        => $config['allow_sig_smilies'],
1625                      'S_BBCODE_IMG'            => ($config['allow_sig_img']) ? true : false,
1626                      'S_BBCODE_FLASH'        => ($config['allow_sig_flash']) ? true : false,
1627                      'S_LINKS_ALLOWED'        => ($config['allow_sig_links']) ? true : false)
1628                  );
1629  
1630                  // Assigning custom bbcodes
1631                  display_custom_bbcodes();
1632  
1633              break;
1634  
1635              case 'attach':
1636  
1637                  $start        = request_var('start', 0);
1638                  $deletemark = (isset($_POST['delmarked'])) ? true : false;
1639                  $marked        = request_var('mark', array(0));
1640  
1641                  // Sort keys
1642                  $sort_key    = request_var('sk', 'a');
1643                  $sort_dir    = request_var('sd', 'd');
1644  
1645                  if ($deletemark && sizeof($marked))
1646                  {
1647                      if (confirm_box(true))
1648                      {
1649                          $sql = 'SELECT real_filename
1650                              FROM ' . ATTACHMENTS_TABLE . '
1651                              WHERE ' . $db->sql_in_set('attach_id', $marked);
1652                          $result = $db->sql_query($sql);
1653  
1654                          $log_attachments = array();
1655                          while ($row = $db->sql_fetchrow($result))
1656                          {
1657                              $log_attachments[] = $row['real_filename'];
1658                          }
1659                          $db->sql_freeresult($result);
1660  
1661                          delete_attachments('attach', $marked);
1662  
1663                          $log = (sizeof($log_attachments) == 1) ? 'ATTACHMENT_DELETED' : 'ATTACHMENTS_DELETED';
1664                          $message = (sizeof($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
1665  
1666                          add_log('admin', $log, implode(', ', $log_attachments));
1667                          trigger_error($message . adm_back_link($this->u_action . '&amp;u=' . $user_id));
1668                      }
1669                      else
1670                      {
1671                          confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
1672                              'u'                => $user_id,
1673                              'i'                => $id,
1674                              'mode'            => $mode,
1675                              'action'        => $action,
1676                              'deletemark'    => true,
1677                              'mark'            => $marked))
1678                          );
1679                      }
1680                  }
1681  
1682                  $sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
1683                  $sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
1684  
1685                  $sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
1686  
1687                  $s_sort_key = '';
1688                  foreach ($sk_text as $key => $value)
1689                  {
1690                      $selected = ($sort_key == $key) ? ' selected="selected"' : '';
1691                      $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1692                  }
1693  
1694                  $s_sort_dir = '';
1695                  foreach ($sd_text as $key => $value)
1696                  {
1697                      $selected = ($sort_dir == $key) ? ' selected="selected"' : '';
1698                      $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1699                  }
1700  
1701                  if (!isset($sk_sql[$sort_key]))
1702                  {
1703                      $sort_key = 'a';
1704                  }
1705  
1706                  $order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
1707  
1708                  $sql = 'SELECT COUNT(attach_id) as num_attachments
1709                      FROM ' . ATTACHMENTS_TABLE . "
1710                      WHERE poster_id = $user_id";
1711                  $result = $db->sql_query_limit($sql, 1);
1712                  $num_attachments = (int) $db->sql_fetchfield('num_attachments');
1713                  $db->sql_freeresult($result);
1714  
1715                  $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
1716                      FROM ' . ATTACHMENTS_TABLE . ' a 
1717                          LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id
1718                              AND a.in_message = 0)
1719                          LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id
1720                              AND a.in_message = 1)
1721                      WHERE a.poster_id = ' . $user_id . "
1722                      ORDER BY $order_by";
1723                  $result = $db->sql_query_limit($sql, $config['posts_per_page'], $start);
1724  
1725                  while ($row = $db->sql_fetchrow($result))
1726                  {
1727                      if ($row['in_message'])
1728                      {
1729                          $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;p={$row['post_msg_id']}");
1730                      }
1731                      else
1732                      {
1733                          $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}#{$row['post_msg_id']}");
1734                      }
1735  
1736                      $template->assign_block_vars('attach', array(
1737                          'REAL_FILENAME'        => $row['real_filename'],
1738                          'COMMENT'            => nl2br($row['attach_comment']),
1739                          'EXTENSION'            => $row['extension'],
1740                          'SIZE'                => ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
1741                          'DOWNLOAD_COUNT'    => $row['download_count'],
1742                          'POST_TIME'            => $user->format_date($row['filetime']),
1743                          'TOPIC_TITLE'        => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
1744  
1745                          'ATTACH_ID'            => $row['attach_id'],
1746                          'POST_ID'            => $row['post_msg_id'],
1747                          'TOPIC_ID'            => $row['topic_id'],
1748                  
1749                          'S_IN_MESSAGE'        => $row['in_message'],
1750  
1751                          'U_DOWNLOAD'        => append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']),
1752                          'U_VIEW_TOPIC'        => $view_topic)
1753                      );
1754                  }
1755                  $db->sql_freeresult($result);
1756          
1757                  $template->assign_vars(array(
1758                      'S_ATTACHMENTS'        => true,
1759                      'S_ON_PAGE'            => on_page($num_attachments, $config['topics_per_page'], $start),
1760                      'S_SORT_KEY'        => $s_sort_key,
1761                      'S_SORT_DIR'        => $s_sort_dir,
1762  
1763                      'PAGINATION'        => generate_pagination($this->u_action . "&amp;sk=$sort_key&amp;sd=$sort_dir", $num_attachments, $config['topics_per_page'], $start, true))
1764                  );
1765  
1766              break;
1767          
1768              case 'groups':
1769  
1770                  $user->add_lang(array('groups', 'acp/groups'));
1771                  $group_id = request_var('g', 0);
1772  
1773                  switch ($action)
1774                  {
1775                      case 'demote':
1776                      case 'promote':
1777                      case 'default':
1778                          group_user_attributes($action, $group_id, $user_id);
1779  
1780                          if ($action == 'default')
1781                          {
1782                              $user_row['group_id'] = $group_id;
1783                          }
1784                      break;
1785  
1786                      case 'delete':
1787  
1788                          if (confirm_box(true))
1789                          {
1790                              if (!$group_id)
1791                              {
1792                                  trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
1793                              }
1794  
1795                              if ($error = group_user_del($group_id, $user_id))
1796                              {
1797                                  trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
1798                              }
1799                          
1800                              $error = array();
1801                          }
1802                          else
1803                          {
1804                              confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
1805                                  'u'                => $user_id,
1806                                  'i'                => $id,
1807                                  'mode'            => $mode,
1808                                  'action'        => $action,
1809                                  'g'                => $group_id))
1810                              );
1811                          }
1812      
1813                      break;
1814                  }
1815  
1816                  // Add user to group?
1817                  if ($submit)
1818                  {
1819                      if (!$group_id)
1820                      {
1821                          trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
1822                      }
1823  
1824                      // Add user/s to group
1825                      if ($error = group_user_add($group_id, $user_id))
1826                      {
1827                          trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
1828                      }
1829  
1830                      $error = array();
1831                  }
1832  
1833  
1834                  $sql = 'SELECT ug.*, g.*
1835                      FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug
1836                      WHERE ug.user_id = $user_id
1837                          AND g.group_id = ug.group_id
1838                      ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name";
1839                  $result = $db->sql_query($sql);
1840  
1841                  $i = 0;
1842                  $group_data = $id_ary = array();
1843                  while ($row = $db->sql_fetchrow($result))
1844                  {
1845                      $type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal');
1846  
1847                      $group_data[$type][$i]['group_id']        = $row['group_id'];
1848                      $group_data[$type][$i]['group_name']    = $row['group_name'];
1849                      $group_data[$type][$i]['group_leader']    = ($row['group_leader']) ? 1 : 0;
1850  
1851                      $id_ary[] = $row['group_id'];
1852  
1853                      $i++;
1854                  }
1855                  $db->sql_freeresult($result);
1856  
1857                  // Select box for other groups
1858                  $sql = 'SELECT group_id, group_name, group_type
1859                      FROM ' . GROUPS_TABLE . '
1860                      ' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
1861                      ORDER BY group_type DESC, group_name ASC';
1862                  $result = $db->sql_query($sql);
1863  
1864                  $s_group_options = '';
1865                  while ($row = $db->sql_fetchrow($result))
1866                  {
1867                      if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA')
1868                      {
1869                          continue;
1870                      }
1871  
1872                      $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
1873                  }
1874                  $db->sql_freeresult($result);
1875  
1876                  $current_type = '';
1877                  foreach ($group_data as $group_type => $data_ary)
1878                  {
1879                      if ($current_type != $group_type)
1880                      {
1881                          $template->assign_block_vars('group', array(
1882                              'S_NEW_GROUP_TYPE'        => true,
1883                              'GROUP_TYPE'            => $user->lang['USER_GROUP_' . strtoupper($group_type)])
1884                          );
1885                      }
1886  
1887                      foreach ($data_ary as $data)
1888                      {
1889                          $template->assign_block_vars('group', array(
1890                              'U_EDIT_GROUP'        => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&amp;mode=manage&amp;action=edit&amp;u=$user_id&amp;g={$data['group_id']}&amp;back_link=acp_users_groups"),
1891                              'U_DEFAULT'            => $this->u_action . "&amp;action=default&amp;u=$user_id&amp;g=" . $data['group_id'],
1892                              'U_DEMOTE_PROMOTE'    => $this->u_action . '&amp;action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&amp;u=$user_id&amp;g=" . $data['group_id'],
1893                              'U_DELETE'            => $this->u_action . "&amp;action=delete&amp;u=$user_id&amp;g=" . $data['group_id'],
1894  
1895                              'GROUP_NAME'        => ($group_type == 'special') ? $user->lang['G_' . $data['group_name']] : $data['group_name'],
1896                              'L_DEMOTE_PROMOTE'    => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],
1897  
1898                              'S_NO_DEFAULT'        => ($user_row['group_id'] != $data['group_id']) ? true : false,
1899                              'S_SPECIAL_GROUP'    => ($group_type == 'special') ? true : false,
1900                              )
1901                          );
1902                      }
1903                  }
1904  
1905                  $template->assign_vars(array(
1906                      'S_GROUPS'            => true,
1907                      'S_GROUP_OPTIONS'    => $s_group_options)
1908                  );
1909  
1910              break;
1911  
1912              case 'perm':
1913  
1914                  include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
1915  
1916                  $auth_admin = new auth_admin();
1917  
1918                  $user->add_lang('acp/permissions');
1919                  add_permission_language();
1920  
1921                  // Select auth options
1922                  $sql = 'SELECT auth_option, is_local, is_global
1923                      FROM ' . ACL_OPTIONS_TABLE . "
1924                      WHERE auth_option LIKE '%\_'";
1925  
1926                  if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc')
1927                  {
1928                      $sql .= " ESCAPE '\\'";
1929                  }
1930  
1931                  $sql .= 'AND is_global = 1
1932                      ORDER BY auth_option';
1933                  $result = $db->sql_query($sql);
1934  
1935                  while ($row = $db->sql_fetchrow($result))
1936                  {
1937                      $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
1938                      $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
1939                  }
1940                  $db->sql_freeresult($result);
1941  
1942                  $sql = 'SELECT auth_option, is_local, is_global
1943                      FROM ' . ACL_OPTIONS_TABLE . "
1944                      WHERE auth_option LIKE '%\_'";
1945  
1946                  if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc')
1947                  {
1948                      $sql .= " ESCAPE '\\'";
1949                  }
1950  
1951                  $sql .= 'AND is_local = 1
1952                      ORDER BY is_global DESC, auth_option';
1953                  $result = $db->sql_query($sql);
1954  
1955                  while ($row = $db->sql_fetchrow($result))
1956                  {
1957                      $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'local', ACL_NEVER);
1958                      $auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
1959                  }
1960                  $db->sql_freeresult($result);
1961  
1962                  $template->assign_vars(array(
1963                      'S_PERMISSIONS'                => true,
1964                      'U_USER_PERMISSIONS'        => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&amp;mode=setting_user_global&amp;user_id[]=' . $user_id),
1965                      'U_USER_FORUM_PERMISSIONS'    => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&amp;mode=setting_user_local&amp;user_id[]=' . $user_id))
1966                  );
1967              
1968              break;
1969  
1970          }
1971  
1972          // Assign general variables
1973          $template->assign_vars(array(
1974              'S_ERROR'            => (sizeof($error)) ? true : false,
1975              'ERROR_MSG'            => (sizeof($error)) ? implode('<br />', $error) : '')
1976          );
1977      }
1978  
1979      /**
1980      * Optionset replacement for this module based on $user->optionset
1981      */
1982  	function optionset(&$user_row, $key, $value, $data = false)
1983      {
1984          global $user;
1985  
1986          $var = ($data) ? $data : $user_row['user_options'];
1987  
1988          if ($value && !($var & 1 << $user->keyoptions[$key]))
1989          {
1990              $var += 1 << $user->keyoptions[$key];
1991          }
1992          else if (!$value && ($var & 1 << $user->keyoptions[$key]))
1993          {
1994              $var -= 1 << $user->keyoptions[$key];
1995          }
1996          else
1997          {
1998              return ($data) ? $var : false;
1999          }
2000  
2001          if (!$data)
2002          {
2003              $user_row['user_options'] = $var;
2004              return true;
2005          }
2006          else
2007          {
2008              return $var;
2009          }
2010      }
2011  
2012      /**
2013      * Optionget replacement for this module based on $user->optionget
2014      */
2015  	function optionget(&$user_row, $key, $data = false)
2016      {
2017          global $user;
2018  
2019          $var = ($data) ? $data : $user_row['user_options'];
2020          return ($var & 1 << $user->keyoptions[$key]) ? true : false;
2021      }
2022  }
2023  
2024  ?>