Code Coverage for /data/phpBB/includes/acp/acp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 4	CRAP	0.00% covered (danger)	0.00%	0 / 1962
acp_users	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 4	147840	0.00% covered (danger)	0.00%	0 / 1958
__construct				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 3
main				0.00% covered (danger)	0.00%	0 / 1	142506	0.00% covered (danger)	0.00%	0 / 1929
optionset				0.00% covered (danger)	0.00%	0 / 1	20	0.00% covered (danger)	0.00%	0 / 21
optionget				0.00% covered (danger)	0.00%	0 / 1	6	0.00% covered (danger)	0.00%	0 / 5

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	class acp_users
23	{
24	var $u_action;
25	var $p_master;
26
27	function __construct($p_master)
28	{
29	$this->p_master = $p_master;
30	}
31
32	function main($id, $mode)
33	{
34	global $config, $db, $user, $auth, $template;
35	global $phpbb_root_path, $phpbb_admin_path, $phpEx;
36	global $phpbb_dispatcher, $request;
37	global $phpbb_container, $phpbb_log;
38
39	$user->add_lang(array('posting', 'ucp', 'acp/users'));
40	$this->tpl_name = 'acp_users';
41
42	$error = array();
43	$username = $request->variable('username', '', true);
44	$user_id = $request->variable('u', 0);
45	$action = $request->variable('action', '');
46
47	// Get referer to redirect user to the appropriate page after delete action
48	$redirect = $request->variable('redirect', '');
49	$redirect_tag = "redirect=$redirect";
50	$redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect");
51
52	$submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
53
54	$form_name = 'acp_users';
55	add_form_key($form_name);
56
57	// Whois (special case)
58	if ($action == 'whois')
59	{
60	if (!function_exists('user_get_id_name'))
61	{
62	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
63	}
64
65	$this->page_title = 'WHOIS';
66	$this->tpl_name = 'simple_body';
67
68	$user_ip = phpbb_ip_normalise($request->variable('user_ip', ''));
69	$domain = gethostbyaddr($user_ip);
70	$ipwhois = user_ipwhois($user_ip);
71
72	$template->assign_vars(array(
73	'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain),
74	'MESSAGE_TEXT' => nl2br($ipwhois))
75	);
76
77	return;
78	}
79
80	// Show user selection mask
81	if (!$username && !$user_id)
82	{
83	$this->page_title = 'SELECT_USER';
84
85	$template->assign_vars(array(
86	'U_ACTION' => $this->u_action,
87	'ANONYMOUS_USER_ID' => ANONYMOUS,
88
89	'S_SELECT_USER' => true,
90	'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'),
91	));
92
93	return;
94	}
95
96	if (!$user_id)
97	{
98	$sql = 'SELECT user_id
99	FROM ' . USERS_TABLE . "
100	WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
101	$result = $db->sql_query($sql);
102	$user_id = (int) $db->sql_fetchfield('user_id');
103	$db->sql_freeresult($result);
104
105	if (!$user_id)
106	{
107	trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
108	}
109	}
110
111	// Generate content for all modes
112	$sql = 'SELECT u., s.
113	FROM ' . USERS_TABLE . ' u
114	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
115	WHERE u.user_id = ' . $user_id . '
116	ORDER BY s.session_time DESC';
117	$result = $db->sql_query_limit($sql, 1);
118	$user_row = $db->sql_fetchrow($result);
119	$db->sql_freeresult($result);
120
121	if (!$user_row)
122	{
123	trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
124	}
125
126	// Generate overall "header" for user admin
127	$s_form_options = '';
128
129	// Build modes dropdown list
130	$sql = 'SELECT module_mode, module_auth
131	FROM ' . MODULES_TABLE . "
132	WHERE module_basename = 'acp_users'
133	AND module_enabled = 1
134	AND module_class = 'acp'
135	ORDER BY left_id, module_mode";
136	$result = $db->sql_query($sql);
137
138	$dropdown_modes = array();
139	while ($row = $db->sql_fetchrow($result))
140	{
141	if (!$this->p_master->module_auth_self($row['module_auth']))
142	{
143	continue;
144	}
145
146	$dropdown_modes[$row['module_mode']] = true;
147	}
148	$db->sql_freeresult($result);
149
150	foreach ($dropdown_modes as $module_mode => $null)
151	{
152	$selected = ($mode == $module_mode) ? ' selected="selected"' : '';
153	$s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>';
154	}
155
156	$template->assign_vars(array(
157	'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url,
158	'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"),
159	'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag),
160	'S_FORM_OPTIONS' => $s_form_options,
161	'MANAGED_USERNAME' => $user_row['username'])
162	);
163
164	// Prevent normal users/admins change/view founders if they are not a founder by themselves
165	if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
166	{
167	trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING);
168	}
169
170	$this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode));
171
172	switch ($mode)
173	{
174	case 'overview':
175
176	if (!function_exists('user_get_id_name'))
177	{
178	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
179	}
180
181	$user->add_lang('acp/ban');
182
183	$delete = $request->variable('delete', 0);
184	$delete_type = $request->variable('delete_type', '');
185	$ip = $request->variable('ip', 'ip');
186
187	/**
188	* Run code at beginning of ACP users overview
189	*
190	* @event core.acp_users_overview_before
191	* @var array user_row Current user data
192	* @var string mode Active module
193	* @var string action Module that should be run
194	* @var bool submit Do we display the form only
195	* or did the user press submit
196	* @var array error Array holding error messages
197	* @since 3.1.3-RC1
198	*/
199	$vars = array('user_row', 'mode', 'action', 'submit', 'error');
200	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars)));
201
202	if ($submit)
203	{
204	if ($delete)
205	{
206	if (!$auth->acl_get('a_userdel'))
207	{
208	send_status_line(403, 'Forbidden');
209	trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
210	}
211
212	// Check if the user wants to remove himself or the guest user account
213	if ($user_id == ANONYMOUS)
214	{
215	trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
216	}
217
218	// Founders can not be deleted.
219	if ($user_row['user_type'] == USER_FOUNDER)
220	{
221	trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
222	}
223
224	if ($user_id == $user->data['user_id'])
225	{
226	trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
227	}
228
229	if ($delete_type)
230	{
231	if (confirm_box(true))
232	{
233	user_delete($delete_type, $user_id, $user_row['username']);
234
235	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username']));
236	trigger_error($user->lang['USER_DELETED'] . adm_back_link(
237	(empty($redirect)) ? $this->u_action : $redirect_url
238	)
239	);
240	}
241	else
242	{
243	$delete_confirm_hidden_fields = array(
244	'u' => $user_id,
245	'i' => $id,
246	'mode' => $mode,
247	'action' => $action,
248	'update' => true,
249	'delete' => 1,
250	'delete_type' => $delete_type,
251	);
252
253	// Checks if the redirection page is specified
254	if (!empty($redirect))
255	{
256	$delete_confirm_hidden_fields['redirect'] = $redirect;
257	}
258
259	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields));
260	}
261	}
262	else
263	{
264	trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
265	}
266	}
267
268	// Handle quicktool actions
269	switch ($action)
270	{
271	case 'banuser':
272	case 'banemail':
273	case 'banip':
274
275	if ($user_id == $user->data['user_id'])
276	{
277	trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
278	}
279
280	if ($user_id == ANONYMOUS)
281	{
282	trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
283	}
284
285	if ($user_row['user_type'] == USER_FOUNDER)
286	{
287	trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
288	}
289
290	if (!check_form_key($form_name))
291	{
292	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
293	}
294
295	$ban = array();
296
297	switch ($action)
298	{
299	case 'banuser':
300	$ban[] = $user_row['username'];
301	$reason = 'USER_ADMIN_BAN_NAME_REASON';
302	break;
303
304	case 'banemail':
305	$ban[] = $user_row['user_email'];
306	$reason = 'USER_ADMIN_BAN_EMAIL_REASON';
307	break;
308
309	case 'banip':
310	$ban[] = $user_row['user_ip'];
311
312	$sql = 'SELECT DISTINCT poster_ip
313	FROM ' . POSTS_TABLE . "
314	WHERE poster_id = $user_id";
315	$result = $db->sql_query($sql);
316
317	while ($row = $db->sql_fetchrow($result))
318	{
319	$ban[] = $row['poster_ip'];
320	}
321	$db->sql_freeresult($result);
322
323	$reason = 'USER_ADMIN_BAN_IP_REASON';
324	break;
325	}
326
327	$ban_reason = $request->variable('ban_reason', $user->lang[$reason], true);
328	$ban_give_reason = $request->variable('ban_give_reason', '', true);
329
330	// Log not used at the moment, we simply utilize the ban function.
331	$result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
332
333	trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id));
334
335	break;
336
337	case 'reactivate':
338
339	if ($user_id == $user->data['user_id'])
340	{
341	trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
342	}
343
344	if (!check_form_key($form_name))
345	{
346	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
347	}
348
349	if ($user_row['user_type'] == USER_FOUNDER)
350	{
351	trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
352	}
353
354	if ($user_row['user_type'] == USER_IGNORE)
355	{
356	trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
357	}
358
359	if ($config['email_enable'])
360	{
361	if (!class_exists('messenger'))
362	{
363	include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
364	}
365
366	$server_url = generate_board_url();
367
368	$user_actkey = gen_rand_string(mt_rand(6, 10));
369	$email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';
370
371	if ($user_row['user_type'] == USER_NORMAL)
372	{
373	user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
374	}
375	else
376	{
377	// Grabbing the last confirm key - we only send a reminder
378	$sql = 'SELECT user_actkey
379	FROM ' . USERS_TABLE . '
380	WHERE user_id = ' . $user_id;
381	$result = $db->sql_query($sql);
382	$user_activation_key = (string) $db->sql_fetchfield('user_actkey');
383	$db->sql_freeresult($result);
384
385	$user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
386	}
387
388	if ($user_row['user_type'] == USER_NORMAL \|\| empty($user_activation_key))
389	{
390	$sql = 'UPDATE ' . USERS_TABLE . "
391	SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
392	WHERE user_id = $user_id";
393	$db->sql_query($sql);
394	}
395
396	$messenger = new messenger(false);
397
398	$messenger->template($email_template, $user_row['user_lang']);
399
400	$messenger->set_addresses($user_row);
401
402	$messenger->anti_abuse_headers($config, $user);
403
404	$messenger->assign_vars(array(
405	'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
406	'USERNAME' => htmlspecialchars_decode($user_row['username']),
407	'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
408	);
409
410	$messenger->send(NOTIFY_EMAIL);
411
412	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username']));
413	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array(
414	'reportee_id' => $user_id
415	));
416
417	trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id));
418	}
419
420	break;
421
422	case 'active':
423
424	if ($user_id == $user->data['user_id'])
425	{
426	// It is only deactivation since the user is already activated (else he would not have reached this page)
427	trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
428	}
429
430	if (!check_form_key($form_name))
431	{
432	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
433	}
434
435	if ($user_row['user_type'] == USER_FOUNDER)
436	{
437	trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
438	}
439
440	if ($user_row['user_type'] == USER_IGNORE)
441	{
442	trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
443	}
444
445	user_active_flip('flip', $user_id);
446
447	if ($user_row['user_type'] == USER_INACTIVE)
448	{
449	if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
450	{
451	/* @var $phpbb_notifications \phpbb\notification\manager */
452	$phpbb_notifications = $phpbb_container->get('notification_manager');
453	$phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
454
455	if (!class_exists('messenger'))
456	{
457	include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
458	}
459
460	$messenger = new messenger(false);
461
462	$messenger->template('admin_welcome_activated', $user_row['user_lang']);
463
464	$messenger->set_addresses($user_row);
465
466	$messenger->anti_abuse_headers($config, $user);
467
468	$messenger->assign_vars(array(
469	'USERNAME' => htmlspecialchars_decode($user_row['username']))
470	);
471
472	$messenger->send(NOTIFY_EMAIL);
473	}
474	}
475
476	$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
477	$log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';
478
479	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username']));
480	$phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array(
481	'reportee_id' => $user_id
482	));
483
484	trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id));
485
486	break;
487
488	case 'delsig':
489
490	if (!check_form_key($form_name))
491	{
492	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
493	}
494
495	$sql_ary = array(
496	'user_sig' => '',
497	'user_sig_bbcode_uid' => '',
498	'user_sig_bbcode_bitfield' => ''
499	);
500
501	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
502	WHERE user_id = $user_id";
503	$db->sql_query($sql);
504
505	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username']));
506	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array(
507	'reportee_id' => $user_id
508	));
509
510	trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
511
512	break;
513
514	case 'delavatar':
515
516	if (!check_form_key($form_name))
517	{
518	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
519	}
520
521	// Delete old avatar if present
522	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
523	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
524	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_');
525
526	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username']));
527	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array(
528	'reportee_id' => $user_id
529	));
530
531	trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
532	break;
533
534	case 'delposts':
535
536	if (confirm_box(true))
537	{
538	// Delete posts, attachments, etc.
539	delete_posts('poster_id', $user_id);
540
541	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username']));
542	trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id));
543	}
544	else
545	{
546	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
547	'u' => $user_id,
548	'i' => $id,
549	'mode' => $mode,
550	'action' => $action,
551	'update' => true))
552	);
553	}
554
555	break;
556
557	case 'delattach':
558
559	if (confirm_box(true))
560	{
561	/** @var \phpbb\attachment\manager $attachment_manager */
562	$attachment_manager = $phpbb_container->get('attachment.manager');
563	$attachment_manager->delete('user', $user_id);
564	unset($attachment_manager);
565
566	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username']));
567	trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
568	}
569	else
570	{
571	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
572	'u' => $user_id,
573	'i' => $id,
574	'mode' => $mode,
575	'action' => $action,
576	'update' => true))
577	);
578	}
579
580	break;
581
582	case 'deloutbox':
583
584	if (confirm_box(true))
585	{
586	$msg_ids = array();
587	$lang = 'EMPTY';
588
589	$sql = 'SELECT msg_id
590	FROM ' . PRIVMSGS_TO_TABLE . "
591	WHERE author_id = $user_id
592	AND folder_id = " . PRIVMSGS_OUTBOX;
593	$result = $db->sql_query($sql);
594
595	if ($row = $db->sql_fetchrow($result))
596	{
597	if (!function_exists('delete_pm'))
598	{
599	include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
600	}
601
602	do
603	{
604	$msg_ids[] = (int) $row['msg_id'];
605	}
606	while ($row = $db->sql_fetchrow($result));
607
608	$db->sql_freeresult($result);
609
610	delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX);
611
612	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username']));
613
614	$lang = 'EMPTIED';
615	}
616	$db->sql_freeresult($result);
617
618	trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id));
619	}
620	else
621	{
622	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
623	'u' => $user_id,
624	'i' => $id,
625	'mode' => $mode,
626	'action' => $action,
627	'update' => true))
628	);
629	}
630	break;
631
632	case 'moveposts':
633
634	if (!check_form_key($form_name))
635	{
636	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
637	}
638
639	$user->add_lang('acp/forums');
640
641	$new_forum_id = $request->variable('new_f', 0);
642
643	if (!$new_forum_id)
644	{
645	$this->page_title = 'USER_ADMIN_MOVE_POSTS';
646
647	$template->assign_vars(array(
648	'S_SELECT_FORUM' => true,
649	'U_ACTION' => $this->u_action . "&action=$action&u=$user_id",
650	'U_BACK' => $this->u_action . "&u=$user_id",
651	'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true))
652	);
653
654	return;
655	}
656
657	// Is the new forum postable to?
658	$sql = 'SELECT forum_name, forum_type
659	FROM ' . FORUMS_TABLE . "
660	WHERE forum_id = $new_forum_id";
661	$result = $db->sql_query($sql);
662	$forum_info = $db->sql_fetchrow($result);
663	$db->sql_freeresult($result);
664
665	if (!$forum_info)
666	{
667	trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
668	}
669
670	if ($forum_info['forum_type'] != FORUM_POST)
671	{
672	trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
673	}
674
675	// Two stage?
676	// Move topics comprising only posts from this user
677	$topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array();
678	$forum_id_ary = array($new_forum_id);
679
680	$sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts
681	FROM ' . POSTS_TABLE . "
682	WHERE poster_id = $user_id
683	AND forum_id <> $new_forum_id
684	GROUP BY topic_id, post_visibility";
685	$result = $db->sql_query($sql);
686
687	while ($row = $db->sql_fetchrow($result))
688	{
689	$topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts'];
690	}
691	$db->sql_freeresult($result);
692
693	if (count($topic_id_ary))
694	{
695	$sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment
696	FROM ' . TOPICS_TABLE . '
697	WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
698	$result = $db->sql_query($sql);
699
700	while ($row = $db->sql_fetchrow($result))
701	{
702	if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved']
703	&& $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved']
704	&& $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved']
705	&& $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted'])
706	{
707	$move_topic_ary[] = $row['topic_id'];
708	}
709	else
710	{
711	$move_post_ary[$row['topic_id']]['title'] = $row['topic_title'];
712	$move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0;
713	}
714
715	$forum_id_ary[] = $row['forum_id'];
716	}
717	$db->sql_freeresult($result);
718	}
719
720	// Entire topic comprises posts by this user, move these topics
721	if (count($move_topic_ary))
722	{
723	move_topics($move_topic_ary, $new_forum_id, false);
724	}
725
726	if (count($move_post_ary))
727	{
728	// Create new topic
729	// Update post_ids, report_ids, attachment_ids
730	foreach ($move_post_ary as $topic_id => $post_ary)
731	{
732	// Create new topic
733	$sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
734	'topic_poster' => $user_id,
735	'topic_time' => time(),
736	'forum_id' => $new_forum_id,
737	'icon_id' => 0,
738	'topic_visibility' => ITEM_APPROVED,
739	'topic_title' => $post_ary['title'],
740	'topic_first_poster_name' => $user_row['username'],
741	'topic_type' => POST_NORMAL,
742	'topic_time_limit' => 0,
743	'topic_attachment' => $post_ary['attach'])
744	);
745	$db->sql_query($sql);
746
747	$new_topic_id = $db->sql_nextid();
748
749	// Move posts
750	$sql = 'UPDATE ' . POSTS_TABLE . "
751	SET forum_id = $new_forum_id, topic_id = $new_topic_id
752	WHERE topic_id = $topic_id
753	AND poster_id = $user_id";
754	$db->sql_query($sql);
755
756	if ($post_ary['attach'])
757	{
758	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
759	SET topic_id = $new_topic_id
760	WHERE topic_id = $topic_id
761	AND poster_id = $user_id";
762	$db->sql_query($sql);
763	}
764
765	$new_topic_id_ary[] = $new_topic_id;
766	}
767	}
768
769	$forum_id_ary = array_unique($forum_id_ary);
770	$topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
771
772	if (count($topic_id_ary))
773	{
774	sync('topic_reported', 'topic_id', $topic_id_ary);
775	sync('topic', 'topic_id', $topic_id_ary);
776	}
777
778	if (count($forum_id_ary))
779	{
780	sync('forum', 'forum_id', $forum_id_ary, false, true);
781	}
782
783	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name']));
784	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array(
785	'reportee_id' => $user_id,
786	$forum_info['forum_name']
787	));
788
789	trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
790
791	break;
792
793	case 'leave_nr':
794
795	if (confirm_box(true))
796	{
797	remove_newly_registered($user_id, $user_row);
798
799	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username']));
800	trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id));
801	}
802	else
803	{
804	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
805	'u' => $user_id,
806	'i' => $id,
807	'mode' => $mode,
808	'action' => $action,
809	'update' => true))
810	);
811	}
812
813	break;
814
815	default:
816	$u_action = $this->u_action;
817
818	/**
819	* Run custom quicktool code
820	*
821	* @event core.acp_users_overview_run_quicktool
822	* @var string action Quick tool that should be run
823	* @var array user_row Current user data
824	* @var string u_action The u_action link
825	* @var int user_id User id of the user to manage
826	* @since 3.1.0-a1
827	* @changed 3.2.2-RC1 Added u_action
828	* @changed 3.2.10-RC1 Added user_id
829	*/
830	$vars = array('action', 'user_row', 'u_action', 'user_id');
831	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));
832
833	unset($u_action);
834	break;
835	}
836
837	// Handle registration info updates
838	$data = array(
839	'username' => $request->variable('user', $user_row['username'], true),
840	'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
841	'email' => strtolower($request->variable('user_email', $user_row['user_email'])),
842	'new_password' => $request->variable('new_password', '', true),
843	'password_confirm' => $request->variable('password_confirm', '', true),
844	);
845
846	// Validation data - we do not check the password complexity setting here
847	$check_ary = array(
848	'new_password' => array(
849	array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
850	array('password')),
851	'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
852	);
853
854	// Check username if altered
855	if ($data['username'] != $user_row['username'])
856	{
857	$check_ary += array(
858	'username' => array(
859	array('string', false, $config['min_name_chars'], $config['max_name_chars']),
860	array('username', $user_row['username'], true)
861	),
862	);
863	}
864
865	// Check email if altered
866	if ($data['email'] != $user_row['user_email'])
867	{
868	$check_ary += array(
869	'email' => array(
870	array('string', false, 6, 60),
871	array('user_email', $user_row['user_email']),
872	),
873	);
874	}
875
876	$error = validate_data($data, $check_ary);
877
878	if ($data['new_password'] && $data['password_confirm'] != $data['new_password'])
879	{
880	$error[] = 'NEW_PASSWORD_ERROR';
881	}
882
883	if (!check_form_key($form_name))
884	{
885	$error[] = 'FORM_INVALID';
886	}
887
888	// Instantiate passwords manager
889	/* @var $passwords_manager \phpbb\passwords\manager */
890	$passwords_manager = $phpbb_container->get('passwords.manager');
891
892	// Which updates do we need to do?
893	$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
894	$update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']);
895	$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
896
897	if (!count($error))
898	{
899	$sql_ary = array();
900
901	if ($user_row['user_type'] != USER_FOUNDER \|\| $user->data['user_type'] == USER_FOUNDER)
902	{
903	// Only allow founders updating the founder status...
904	if ($user->data['user_type'] == USER_FOUNDER)
905	{
906	// Setting a normal member to be a founder
907	if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
908	{
909	// Make sure the user is not setting an Inactive or ignored user to be a founder
910	if ($user_row['user_type'] == USER_IGNORE)
911	{
912	trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
913	}
914
915	if ($user_row['user_type'] == USER_INACTIVE)
916	{
917	trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
918	}
919
920	$sql_ary['user_type'] = USER_FOUNDER;
921	}
922	else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
923	{
924	// Check if at least one founder is present
925	$sql = 'SELECT user_id
926	FROM ' . USERS_TABLE . '
927	WHERE user_type = ' . USER_FOUNDER . '
928	AND user_id <> ' . $user_id;
929	$result = $db->sql_query_limit($sql, 1);
930	$row = $db->sql_fetchrow($result);
931	$db->sql_freeresult($result);
932
933	if ($row)
934	{
935	$sql_ary['user_type'] = USER_NORMAL;
936	}
937	else
938	{
939	trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
940	}
941	}
942	}
943	}
944
945	/**
946	* Modify user data before we update it
947	*
948	* @event core.acp_users_overview_modify_data
949	* @var array user_row Current user data
950	* @var array data Submitted user data
951	* @var array sql_ary User data we udpate
952	* @since 3.1.0-a1
953	*/
954	$vars = array('user_row', 'data', 'sql_ary');
955	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars)));
956
957	if ($update_username !== false)
958	{
959	$sql_ary['username'] = $update_username;
960	$sql_ary['username_clean'] = utf8_clean_string($update_username);
961
962	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
963	'reportee_id' => $user_id,
964	$user_row['username'],
965	$update_username
966	));
967	}
968
969	if ($update_email !== false)
970	{
971	$sql_ary += array(
972	'user_email' => $update_email,
973	'user_email_hash' => phpbb_email_hash($update_email),
974	);
975
976	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
977	'reportee_id' => $user_id,
978	$user_row['username'],
979	$user_row['user_email'],
980	$update_email
981	));
982	}
983
984	if ($update_password)
985	{
986	$sql_ary += array(
987	'user_password' => $passwords_manager->hash($data['new_password']),
988	'user_passchg' => time(),
989	);
990
991	$user->reset_login_keys($user_id);
992
993	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
994	'reportee_id' => $user_id,
995	$user_row['username']
996	));
997	}
998
999	if (count($sql_ary))
1000	{
1001	$sql = 'UPDATE ' . USERS_TABLE . '
1002	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1003	WHERE user_id = ' . $user_id;
1004	$db->sql_query($sql);
1005	}
1006
1007	if ($update_username)
1008	{
1009	user_update_name($user_row['username'], $update_username);
1010	}
1011
1012	// Let the users permissions being updated
1013	$auth->acl_clear_prefetch($user_id);
1014
1015	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username']));
1016
1017	trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1018	}
1019
1020	// Replace "error" strings with their real, localised form
1021	$error = array_map(array($user, 'lang'), $error);
1022	}
1023
1024	if ($user_id == $user->data['user_id'])
1025	{
1026	$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1027	if ($user_row['user_new'])
1028	{
1029	$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1030	}
1031	}
1032	else
1033	{
1034	$quick_tool_ary = array();
1035
1036	if ($user_row['user_type'] != USER_FOUNDER)
1037	{
1038	$quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP');
1039	}
1040
1041	if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE)
1042	{
1043	$quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
1044	}
1045
1046	$quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1047
1048	if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL \|\| $user_row['user_type'] == USER_INACTIVE))
1049	{
1050	$quick_tool_ary['reactivate'] = 'FORCE';
1051	}
1052
1053	if ($user_row['user_new'])
1054	{
1055	$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1056	}
1057	}
1058
1059	if ($config['load_onlinetrack'])
1060	{
1061	$sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
1062	FROM ' . SESSIONS_TABLE . "
1063	WHERE session_user_id = $user_id";
1064	$result = $db->sql_query($sql);
1065	$row = $db->sql_fetchrow($result);
1066	$db->sql_freeresult($result);
1067
1068	$user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;
1069	$user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
1070	unset($row);
1071	}
1072
1073	/**
1074	* Add additional quick tool options and overwrite user data
1075	*
1076	* @event core.acp_users_display_overview
1077	* @var array user_row Array with user data
1078	* @var array quick_tool_ary Ouick tool options
1079	* @since 3.1.0-a1
1080	*/
1081	$vars = array('user_row', 'quick_tool_ary');
1082	extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars)));
1083
1084	$s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
1085	foreach ($quick_tool_ary as $value => $lang)
1086	{
1087	$s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
1088	}
1089
1090	$last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit'];
1091
1092	$inactive_reason = '';
1093	if ($user_row['user_type'] == USER_INACTIVE)
1094	{
1095	$inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
1096
1097	switch ($user_row['user_inactive_reason'])
1098	{
1099	case INACTIVE_REGISTER:
1100	$inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
1101	break;
1102
1103	case INACTIVE_PROFILE:
1104	$inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];
1105	break;
1106
1107	case INACTIVE_MANUAL:
1108	$inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];
1109	break;
1110
1111	case INACTIVE_REMIND:
1112	$inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];
1113	break;
1114	}
1115	}
1116
1117	// Posts in Queue
1118	$sql = 'SELECT COUNT(post_id) as posts_in_queue
1119	FROM ' . POSTS_TABLE . '
1120	WHERE poster_id = ' . $user_id . '
1121	AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
1122	$result = $db->sql_query($sql);
1123	$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
1124	$db->sql_freeresult($result);
1125
1126	$sql = 'SELECT post_id
1127	FROM ' . POSTS_TABLE . '
1128	WHERE poster_id = '. $user_id;
1129	$result = $db->sql_query_limit($sql, 1);
1130	$user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
1131	$db->sql_freeresult($result);
1132
1133	$template->assign_vars(array(
1134	'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
1135	'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
1136	'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
1137	'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
1138
1139	'S_OVERVIEW' => true,
1140	'S_USER_IP' => ($user_row['user_ip']) ? true : false,
1141	'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false,
1142	'S_ACTION_OPTIONS' => $s_action_options,
1143	'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false,
1144	'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false,
1145
1146	'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
1147	'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
1148	'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
1149	'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
1150
1151	'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
1152
1153	'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
1154	'USER' => $user_row['username'],
1155	'USER_REGISTERED' => $user->format_date($user_row['user_regdate']),
1156	'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
1157	'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ',
1158	'USER_EMAIL' => $user_row['user_email'],
1159	'USER_WARNINGS' => $user_row['user_warnings'],
1160	'USER_POSTS' => $user_row['user_posts'],
1161	'USER_HAS_POSTS' => $user_row['user_has_posts'],
1162	'USER_INACTIVE_REASON' => $inactive_reason,
1163	));
1164
1165	break;
1166
1167	case 'feedback':
1168
1169	$user->add_lang('mcp');
1170
1171	// Set up general vars
1172	$start = $request->variable('start', 0);
1173	$deletemark = (isset($_POST['delmarked'])) ? true : false;
1174	$deleteall = (isset($_POST['delall'])) ? true : false;
1175	$marked = $request->variable('mark', array(0));
1176	$message = $request->variable('message', '', true);
1177
1178	/* @var $pagination \phpbb\pagination */
1179	$pagination = $phpbb_container->get('pagination');
1180
1181	// Sort keys
1182	$sort_days = $request->variable('st', 0);
1183	$sort_key = $request->variable('sk', 't');
1184	$sort_dir = $request->variable('sd', 'd');
1185
1186	// Delete entries if requested and able
1187	if (($deletemark \|\| $deleteall) && $auth->acl_get('a_clearlogs'))
1188	{
1189	if (!check_form_key($form_name))
1190	{
1191	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1192	}
1193
1194	$where_sql = '';
1195	if ($deletemark && $marked)
1196	{
1197	$sql_in = array();
1198	foreach ($marked as $mark)
1199	{
1200	$sql_in[] = $mark;
1201	}
1202	$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
1203	unset($sql_in);
1204	}
1205
1206	if ($where_sql \|\| $deleteall)
1207	{
1208	$sql = 'DELETE FROM ' . LOG_TABLE . '
1209	WHERE log_type = ' . LOG_USERS . "
1210	AND reportee_id = $user_id
1211	$where_sql";
1212	$db->sql_query($sql);
1213
1214	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username']));
1215	}
1216	}
1217
1218	if ($submit && $message)
1219	{
1220	if (!check_form_key($form_name))
1221	{
1222	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1223	}
1224
1225	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username']));
1226	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
1227	'forum_id' => 0,
1228	'topic_id' => 0,
1229	$user_row['username']
1230	));
1231	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
1232	'reportee_id' => $user_id,
1233	$message
1234	));
1235
1236	trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1237	}
1238
1239	// Sorting
1240	$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1241	$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
1242	$sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
1243
1244	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1245	gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1246
1247	// Define where and sort sql for use in displaying logs
1248	$sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0;
1249	$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
1250
1251	// Grab log data
1252	$log_data = array();
1253	$log_count = 0;
1254	$start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
1255
1256	$base_url = $this->u_action . "&u=$user_id&$u_sort_param";
1257	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start);
1258
1259	$template->assign_vars(array(
1260	'S_FEEDBACK' => true,
1261
1262	'S_LIMIT_DAYS' => $s_limit_days,
1263	'S_SORT_KEY' => $s_sort_key,
1264	'S_SORT_DIR' => $s_sort_dir,
1265	'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))
1266	);
1267
1268	foreach ($log_data as $row)
1269	{
1270	$template->assign_block_vars('log', array(
1271	'USERNAME' => $row['username_full'],
1272	'IP' => $row['ip'],
1273	'DATE' => $user->format_date($row['time']),
1274	'ACTION' => nl2br($row['action']),
1275	'ID' => $row['id'])
1276	);
1277	}
1278
1279	break;
1280
1281	case 'warnings':
1282	$user->add_lang('mcp');
1283
1284	// Set up general vars
1285	$deletemark = (isset($_POST['delmarked'])) ? true : false;
1286	$deleteall = (isset($_POST['delall'])) ? true : false;
1287	$confirm = (isset($_POST['confirm'])) ? true : false;
1288	$marked = $request->variable('mark', array(0));
1289
1290	// Delete entries if requested and able
1291	if ($deletemark \|\| $deleteall \|\| $confirm)
1292	{
1293	if (confirm_box(true))
1294	{
1295	$where_sql = '';
1296	$deletemark = $request->variable('delmarked', 0);
1297	$deleteall = $request->variable('delall', 0);
1298	if ($deletemark && $marked)
1299	{
1300	$where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
1301	}
1302
1303	if ($where_sql \|\| $deleteall)
1304	{
1305	$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
1306	WHERE user_id = $user_id
1307	$where_sql";
1308	$db->sql_query($sql);
1309
1310	if ($deleteall)
1311	{
1312	$log_warnings = $deleted_warnings = 0;
1313	}
1314	else
1315	{
1316	$num_warnings = (int) $db->sql_affectedrows();
1317	$deleted_warnings = ' user_warnings - ' . $num_warnings;
1318	$log_warnings = ($num_warnings > 2) ? 2 : $num_warnings;
1319	}
1320
1321	$sql = 'UPDATE ' . USERS_TABLE . "
1322	SET user_warnings = $deleted_warnings
1323	WHERE user_id = $user_id";
1324	$db->sql_query($sql);
1325
1326	if ($log_warnings)
1327	{
1328	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings));
1329	}
1330	else
1331	{
1332	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username']));
1333	}
1334	}
1335	}
1336	else
1337	{
1338	$s_hidden_fields = array(
1339	'i' => $id,
1340	'mode' => $mode,
1341	'u' => $user_id,
1342	'mark' => $marked,
1343	);
1344	if (isset($_POST['delmarked']))
1345	{
1346	$s_hidden_fields['delmarked'] = 1;
1347	}
1348	if (isset($_POST['delall']))
1349	{
1350	$s_hidden_fields['delall'] = 1;
1351	}
1352	if (isset($_POST['delall']) \|\| (isset($_POST['delmarked']) && count($marked)))
1353	{
1354	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
1355	}
1356	}
1357	}
1358
1359	$sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour
1360	FROM ' . WARNINGS_TABLE . ' w
1361	LEFT JOIN ' . LOG_TABLE . ' l
1362	ON (w.log_id = l.log_id)
1363	LEFT JOIN ' . USERS_TABLE . ' m
1364	ON (l.user_id = m.user_id)
1365	WHERE w.user_id = ' . $user_id . '
1366	ORDER BY w.warning_time DESC';
1367	$result = $db->sql_query($sql);
1368
1369	while ($row = $db->sql_fetchrow($result))
1370	{
1371	if (!$row['log_operation'])
1372	{
1373	// We do not have a log-entry anymore, so there is no data available
1374	$row['action'] = $user->lang['USER_WARNING_LOG_DELETED'];
1375	}
1376	else
1377	{
1378	$row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}';
1379	if (!empty($row['log_data']))
1380	{
1381	$log_data_ary = @unserialize($row['log_data']);
1382	$log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary;
1383
1384	if (isset($user->lang[$row['log_operation']]))
1385	{
1386	// Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
1387	// It doesn't matter if we add more arguments than placeholders
1388	if ((substr_count($row['action'], '%') - count($log_data_ary)) > 0)
1389	{
1390	$log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - count($log_data_ary), ''));
1391	}
1392	$row['action'] = vsprintf($row['action'], $log_data_ary);
1393	$row['action'] = bbcode_nl2br(censor_text($row['action']));
1394	}
1395	else if (!empty($log_data_ary))
1396	{
1397	$row['action'] .= '<br />' . implode('', $log_data_ary);
1398	}
1399	}
1400	}
1401
1402	$template->assign_block_vars('warn', array(
1403	'ID' => $row['warning_id'],
1404	'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-',
1405	'ACTION' => make_clickable($row['action']),
1406	'DATE' => $user->format_date($row['warning_time']),
1407	));
1408	}
1409	$db->sql_freeresult($result);
1410
1411	$template->assign_vars(array(
1412	'S_WARNINGS' => true,
1413	));
1414
1415	break;
1416
1417	case 'profile':
1418
1419	if (!function_exists('user_get_id_name'))
1420	{
1421	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1422	}
1423
1424	/* @var $cp \phpbb\profilefields\manager */
1425	$cp = $phpbb_container->get('profilefields.manager');
1426
1427	$cp_data = $cp_error = array();
1428
1429	$sql = 'SELECT lang_id
1430	FROM ' . LANG_TABLE . "
1431	WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
1432	$result = $db->sql_query($sql);
1433	$row = $db->sql_fetchrow($result);
1434	$db->sql_freeresult($result);
1435
1436	$user_row['iso_lang_id'] = $row['lang_id'];
1437
1438	$data = array(
1439	'jabber' => $request->variable('jabber', $user_row['user_jabber'], true),
1440	'bday_day' => 0,
1441	'bday_month' => 0,
1442	'bday_year' => 0,
1443	);
1444
1445	if ($user_row['user_birthday'])
1446	{
1447	list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
1448	}
1449
1450	$data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
1451	$data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
1452	$data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
1453	$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
1454
1455	/**
1456	* Modify user data on editing profile in ACP
1457	*
1458	* @event core.acp_users_modify_profile
1459	* @var array data Array with user profile data
1460	* @var bool submit Flag indicating if submit button has been pressed
1461	* @var int user_id The user id
1462	* @var array user_row Array with the full user data
1463	* @since 3.1.4-RC1
1464	*/
1465	$vars = array('data', 'submit', 'user_id', 'user_row');
1466	extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars)));
1467
1468	if ($submit)
1469	{
1470	$error = validate_data($data, array(
1471	'jabber' => array(
1472	array('string', true, 5, 255),
1473	array('jabber')),
1474	'bday_day' => array('num', true, 1, 31),
1475	'bday_month' => array('num', true, 1, 12),
1476	'bday_year' => array('num', true, 1901, gmdate('Y', time())),
1477	'user_birthday' => array('date', true),
1478	));
1479
1480	// validate custom profile fields
1481	$cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error);
1482
1483	if (count($cp_error))
1484	{
1485	$error = array_merge($error, $cp_error);
1486	}
1487	if (!check_form_key($form_name))
1488	{
1489	$error[] = 'FORM_INVALID';
1490	}
1491
1492	/**
1493	* Validate profile data in ACP before submitting to the database
1494	*
1495	* @event core.acp_users_profile_validate
1496	* @var array data Array with user profile data
1497	* @var int user_id The user id
1498	* @var array user_row Array with the full user data
1499	* @var array error Array with the form errors
1500	* @since 3.1.4-RC1
1501	* @changed 3.1.12-RC1 Removed submit, added user_id, user_row
1502	*/
1503	$vars = array('data', 'user_id', 'user_row', 'error');
1504	extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars)));
1505
1506	if (!count($error))
1507	{
1508	$sql_ary = array(
1509	'user_jabber' => $data['jabber'],
1510	'user_birthday' => $data['user_birthday'],
1511	);
1512
1513	/**
1514	* Modify profile data in ACP before submitting to the database
1515	*
1516	* @event core.acp_users_profile_modify_sql_ary
1517	* @var array cp_data Array with the user custom profile fields data
1518	* @var array data Array with user profile data
1519	* @var int user_id The user id
1520	* @var array user_row Array with the full user data
1521	* @var array sql_ary Array with sql data
1522	* @since 3.1.4-RC1
1523	*/
1524	$vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary');
1525	extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars)));
1526
1527	$sql = 'UPDATE ' . USERS_TABLE . '
1528	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1529	WHERE user_id = $user_id";
1530	$db->sql_query($sql);
1531
1532	// Update Custom Fields
1533	$cp->update_profile_field_data($user_id, $cp_data);
1534
1535	trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1536	}
1537
1538	// Replace "error" strings with their real, localised form
1539	$error = array_map(array($user, 'lang'), $error);
1540	}
1541
1542	$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
1543	for ($i = 1; $i < 32; $i++)
1544	{
1545	$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
1546	$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
1547	}
1548
1549	$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
1550	for ($i = 1; $i < 13; $i++)
1551	{
1552	$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
1553	$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
1554	}
1555
1556	$now = getdate();
1557	$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
1558	for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
1559	{
1560	$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
1561	$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
1562	}
1563	unset($now);
1564
1565	$template->assign_vars(array(
1566	'JABBER' => $data['jabber'],
1567	'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
1568	'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
1569	'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
1570
1571	'S_PROFILE' => true)
1572	);
1573
1574	// Get additional profile fields and assign them to the template block var 'profile_fields'
1575	$user->get_profile_fields($user_id);
1576
1577	$cp->generate_profile_fields('profile', $user_row['iso_lang_id']);
1578
1579	break;
1580
1581	case 'prefs':
1582
1583	if (!function_exists('user_get_id_name'))
1584	{
1585	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1586	}
1587
1588	$data = array(
1589	'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true),
1590	'lang' => basename($request->variable('lang', $user_row['user_lang'])),
1591	'tz' => $request->variable('tz', $user_row['user_timezone']),
1592	'style' => $request->variable('style', $user_row['user_style']),
1593	'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']),
1594	'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']),
1595	'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']),
1596	'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']),
1597	'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']),
1598	'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']),
1599
1600	'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'),
1601	'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'),
1602	'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0),
1603
1604	'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'),
1605	'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'),
1606	'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0),
1607
1608	'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')),
1609	'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')),
1610	'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')),
1611	'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')),
1612	'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')),
1613	'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')),
1614
1615	'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')),
1616	'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')),
1617	'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')),
1618	'notify' => $request->variable('notify', $user_row['user_notify']),
1619	);
1620
1621	/**
1622	* Modify users preferences data
1623	*
1624	* @event core.acp_users_prefs_modify_data
1625	* @var array data Array with users preferences data
1626	* @var array user_row Array with user data
1627	* @since 3.1.0-b3
1628	*/
1629	$vars = array('data', 'user_row');
1630	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars)));
1631
1632	if ($submit)
1633	{
1634	$error = validate_data($data, array(
1635	'dateformat' => array('string', false, 1, 64),
1636	'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
1637	'tz' => array('timezone'),
1638
1639	'topic_sk' => array('string', false, 1, 1),
1640	'topic_sd' => array('string', false, 1, 1),
1641	'post_sk' => array('string', false, 1, 1),
1642	'post_sd' => array('string', false, 1, 1),
1643	));
1644
1645	if (!check_form_key($form_name))
1646	{
1647	$error[] = 'FORM_INVALID';
1648	}
1649
1650	if (!count($error))
1651	{
1652	$this->optionset($user_row, 'viewimg', $data['view_images']);
1653	$this->optionset($user_row, 'viewflash', $data['view_flash']);
1654	$this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
1655	$this->optionset($user_row, 'viewsigs', $data['view_sigs']);
1656	$this->optionset($user_row, 'viewavatars', $data['view_avatars']);
1657	$this->optionset($user_row, 'viewcensors', $data['view_wordcensor']);
1658	$this->optionset($user_row, 'bbcode', $data['bbcode']);
1659	$this->optionset($user_row, 'smilies', $data['smilies']);
1660	$this->optionset($user_row, 'attachsig', $data['sig']);
1661
1662	$sql_ary = array(
1663	'user_options' => $user_row['user_options'],
1664
1665	'user_allow_pm' => $data['allowpm'],
1666	'user_allow_viewemail' => $data['viewemail'],
1667	'user_allow_massemail' => $data['massemail'],
1668	'user_allow_viewonline' => !$data['hideonline'],
1669	'user_notify_type' => $data['notifymethod'],
1670	'user_notify_pm' => $data['notifypm'],
1671
1672	'user_dateformat' => $data['dateformat'],
1673	'user_lang' => $data['lang'],
1674	'user_timezone' => $data['tz'],
1675	'user_style' => $data['style'],
1676
1677	'user_topic_sortby_type' => $data['topic_sk'],
1678	'user_post_sortby_type' => $data['post_sk'],
1679	'user_topic_sortby_dir' => $data['topic_sd'],
1680	'user_post_sortby_dir' => $data['post_sd'],
1681
1682	'user_topic_show_days' => $data['topic_st'],
1683	'user_post_show_days' => $data['post_st'],
1684
1685	'user_notify' => $data['notify'],
1686	);
1687
1688	/**
1689	* Modify SQL query before users preferences are updated
1690	*
1691	* @event core.acp_users_prefs_modify_sql
1692	* @var array data Array with users preferences data
1693	* @var array user_row Array with user data
1694	* @var array sql_ary SQL array with users preferences data to update
1695	* @var array error Array with errors data
1696	* @since 3.1.0-b3
1697	*/
1698	$vars = array('data', 'user_row', 'sql_ary', 'error');
1699	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars)));
1700
1701	if (!count($error))
1702	{
1703	$sql = 'UPDATE ' . USERS_TABLE . '
1704	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1705	WHERE user_id = $user_id";
1706	$db->sql_query($sql);
1707
1708	// Check if user has an active session
1709	if ($user_row['session_id'])
1710	{
1711	// We'll update the session if user_allow_viewonline has changed and the user is a bot
1712	// Or if it's a regular user and the admin set it to hide the session
1713	if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
1714	\|\| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
1715	{
1716	// We also need to check if the user has the permission to cloak.
1717	$user_auth = new \phpbb\auth\auth();
1718	$user_auth->acl($user_row);
1719
1720	$session_sql_ary = array(
1721	'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
1722	);
1723
1724	$sql = 'UPDATE ' . SESSIONS_TABLE . '
1725	SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
1726	WHERE session_user_id = $user_id";
1727	$db->sql_query($sql);
1728
1729	unset($user_auth);
1730	}
1731	}
1732
1733	trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1734	}
1735	}
1736
1737	// Replace "error" strings with their real, localised form
1738	$error = array_map(array($user, 'lang'), $error);
1739	}
1740
1741	$dateformat_options = '';
1742	foreach ($user->lang['dateformats'] as $format => $null)
1743	{
1744	$dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>';
1745	$dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '\|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : '');
1746	$dateformat_options .= '</option>';
1747	}
1748
1749	$s_custom = false;
1750
1751	$dateformat_options .= '<option value="custom"';
1752	if (!isset($user->lang['dateformats'][$data['dateformat']]))
1753	{
1754	$dateformat_options .= ' selected="selected"';
1755	$s_custom = true;
1756	}
1757	$dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
1758
1759	$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
1760
1761	// Topic ordering options
1762	$limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1763	$sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
1764
1765	// Post ordering options
1766	$limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1767	$sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
1768
1769	$_options = array('topic', 'post');
1770	foreach ($_options as $sort_option)
1771	{
1772	${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
1773	foreach (${'limit_' . $sort_option . '_days'} as $day => $text)
1774	{
1775	$selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : '';
1776	${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
1777	}
1778	${'s_limit_' . $sort_option . '_days'} .= '</select>';
1779
1780	${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
1781	foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text)
1782	{
1783	$selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : '';
1784	${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
1785	}
1786	${'s_sort_' . $sort_option . '_key'} .= '</select>';
1787
1788	${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
1789	foreach ($sort_dir_text as $key => $value)
1790	{
1791	$selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : '';
1792	${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1793	}
1794	${'s_sort_' . $sort_option . '_dir'} .= '</select>';
1795	}
1796
1797	phpbb_timezone_select($template, $user, $data['tz'], true);
1798	$user_prefs_data = array(
1799	'S_PREFS' => true,
1800	'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
1801
1802	'VIEW_EMAIL' => $data['viewemail'],
1803	'MASS_EMAIL' => $data['massemail'],
1804	'ALLOW_PM' => $data['allowpm'],
1805	'HIDE_ONLINE' => $data['hideonline'],
1806	'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false,
1807	'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false,
1808	'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
1809	'NOTIFY_PM' => $data['notifypm'],
1810	'BBCODE' => $data['bbcode'],
1811	'SMILIES' => $data['smilies'],
1812	'ATTACH_SIG' => $data['sig'],
1813	'NOTIFY' => $data['notify'],
1814	'VIEW_IMAGES' => $data['view_images'],
1815	'VIEW_FLASH' => $data['view_flash'],
1816	'VIEW_SMILIES' => $data['view_smilies'],
1817	'VIEW_SIGS' => $data['view_sigs'],
1818	'VIEW_AVATARS' => $data['view_avatars'],
1819	'VIEW_WORDCENSOR' => $data['view_wordcensor'],
1820
1821	'S_TOPIC_SORT_DAYS' => $s_limit_topic_days,
1822	'S_TOPIC_SORT_KEY' => $s_sort_topic_key,
1823	'S_TOPIC_SORT_DIR' => $s_sort_topic_dir,
1824	'S_POST_SORT_DAYS' => $s_limit_post_days,
1825	'S_POST_SORT_KEY' => $s_sort_post_key,
1826	'S_POST_SORT_DIR' => $s_sort_post_dir,
1827
1828	'DATE_FORMAT' => $data['dateformat'],
1829	'S_DATEFORMAT_OPTIONS' => $dateformat_options,
1830	'S_CUSTOM_DATEFORMAT' => $s_custom,
1831	'DEFAULT_DATEFORMAT' => $config['default_dateformat'],
1832	'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']),
1833
1834	'S_LANG_OPTIONS' => language_select($data['lang']),
1835	'S_STYLE_OPTIONS' => style_select($data['style']),
1836	);
1837
1838	/**
1839	* Modify users preferences data before assigning it to the template
1840	*
1841	* @event core.acp_users_prefs_modify_template_data
1842	* @var array data Array with users preferences data
1843	* @var array user_row Array with user data
1844	* @var array user_prefs_data Array with users preferences data to be assigned to the template
1845	* @since 3.1.0-b3
1846	*/
1847	$vars = array('data', 'user_row', 'user_prefs_data');
1848	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars)));
1849
1850	$template->assign_vars($user_prefs_data);
1851
1852	break;
1853
1854	case 'avatar':
1855
1856	$avatars_enabled = false;
1857	/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
1858	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
1859
1860	if ($config['allow_avatar'])
1861	{
1862	$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
1863
1864	// This is normalised data, without the user_ prefix
1865	$avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user');
1866
1867	if ($submit)
1868	{
1869	if (check_form_key($form_name))
1870	{
1871	$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
1872
1873	if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
1874	{
1875	$driver = $phpbb_avatar_manager->get_driver($driver_name);
1876	$result = $driver->process_form($request, $template, $user, $avatar_data, $error);
1877
1878	if ($result && empty($error))
1879	{
1880	// Success! Lets save the result in the database
1881	$result = array(
1882	'user_avatar_type' => $driver_name,
1883	'user_avatar' => $result['avatar'],
1884	'user_avatar_width' => $result['avatar_width'],
1885	'user_avatar_height' => $result['avatar_height'],
1886	);
1887
1888	/**
1889	* Modify users preferences data before assigning it to the template
1890	*
1891	* @event core.acp_users_avatar_sql
1892	* @var array user_row Array with user data
1893	* @var array result Array with user avatar data to be updated in the DB
1894	* @since 3.2.4-RC1
1895	*/
1896	$vars = array('user_row', 'result');
1897	extract($phpbb_dispatcher->trigger_event('core.acp_users_avatar_sql', compact($vars)));
1898
1899	$sql = 'UPDATE ' . USERS_TABLE . '
1900	SET ' . $db->sql_build_array('UPDATE', $result) . '
1901	WHERE user_id = ' . (int) $user_id;
1902
1903	$db->sql_query($sql);
1904	trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1905	}
1906	}
1907	}
1908	else
1909	{
1910	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1911	}
1912	}
1913
1914	// Handle deletion of avatars
1915	if ($request->is_set_post('avatar_delete'))
1916	{
1917	if (!confirm_box(true))
1918	{
1919	confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
1920	'avatar_delete' => true))
1921	);
1922	}
1923	else
1924	{
1925	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
1926
1927	trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1928	}
1929	}
1930
1931	$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
1932
1933	// Assign min and max values before generating avatar driver html
1934	$template->assign_vars(array(
1935	'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
1936	'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
1937	'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
1938	'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
1939	));
1940
1941	foreach ($avatar_drivers as $current_driver)
1942	{
1943	$driver = $phpbb_avatar_manager->get_driver($current_driver);
1944
1945	$avatars_enabled = true;
1946	$template->set_filenames(array(
1947	'avatar' => $driver->get_acp_template_name(),
1948	));
1949
1950	if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
1951	{
1952	$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
1953	$driver_upper = strtoupper($driver_name);
1954
1955	$template->assign_block_vars('avatar_drivers', array(
1956	'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
1957	'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
1958
1959	'DRIVER' => $driver_name,
1960	'SELECTED' => $current_driver == $selected_driver,
1961	'OUTPUT' => $template->assign_display('avatar'),
1962	));
1963	}
1964	}
1965	}
1966
1967	// Avatar manager is not initialized if avatars are disabled
1968	if (isset($phpbb_avatar_manager))
1969	{
1970	// Replace "error" strings with their real, localised form
1971	$error = $phpbb_avatar_manager->localize_errors($user, $error);
1972	}
1973
1974	$avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true);
1975
1976	$template->assign_vars(array(
1977	'S_AVATAR' => true,
1978	'ERROR' => (!empty($error)) ? implode('<br />', $error) : '',
1979	'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
1980
1981	'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
1982
1983	'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
1984
1985	'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
1986	));
1987
1988	break;
1989
1990	case 'rank':
1991
1992	if ($submit)
1993	{
1994	if (!check_form_key($form_name))
1995	{
1996	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1997	}
1998
1999	$rank_id = $request->variable('user_rank', 0);
2000
2001	$sql = 'UPDATE ' . USERS_TABLE . "
2002	SET user_rank = $rank_id
2003	WHERE user_id = $user_id";
2004	$db->sql_query($sql);
2005
2006	trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2007	}
2008
2009	$sql = 'SELECT *
2010	FROM ' . RANKS_TABLE . '
2011	WHERE rank_special = 1
2012	ORDER BY rank_title';
2013	$result = $db->sql_query($sql);
2014
2015	$s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>';
2016
2017	while ($row = $db->sql_fetchrow($result))
2018	{
2019	$selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : '';
2020	$s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
2021	}
2022	$db->sql_freeresult($result);
2023
2024	$template->assign_vars(array(
2025	'S_RANK' => true,
2026	'S_RANK_OPTIONS' => $s_rank_options)
2027	);
2028
2029	break;
2030
2031	case 'sig':
2032
2033	if (!function_exists('display_custom_bbcodes'))
2034	{
2035	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
2036	}
2037
2038	$enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false;
2039	$enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false;
2040	$enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false;
2041
2042	$bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
2043
2044	$decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags);
2045	$signature = $request->variable('signature', $decoded_message['text'], true);
2046	$signature_preview = '';
2047
2048	if ($submit \|\| $request->is_set_post('preview'))
2049	{
2050	$enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
2051	$enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
2052	$enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
2053
2054	if (!check_form_key($form_name))
2055	{
2056	$error[] = 'FORM_INVALID';
2057	}
2058	}
2059
2060	$bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
2061	$warn_msg = generate_text_for_storage(
2062	$signature,
2063	$bbcode_uid,
2064	$bbcode_bitfield,
2065	$bbcode_flags,
2066	$enable_bbcode,
2067	$enable_urls,
2068	$enable_smilies,
2069	$config['allow_sig_img'],
2070	$config['allow_sig_flash'],
2071	true,
2072	$config['allow_sig_links'],
2073	'sig'
2074	);
2075
2076	if (count($warn_msg))
2077	{
2078	$error += $warn_msg;
2079	}
2080
2081	if (!$submit)
2082	{
2083	// Parse it for displaying
2084	$signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
2085	}
2086	else
2087	{
2088	if (!count($error))
2089	{
2090	$this->optionset($user_row, 'sig_bbcode', $enable_bbcode);
2091	$this->optionset($user_row, 'sig_smilies', $enable_smilies);
2092	$this->optionset($user_row, 'sig_links', $enable_urls);
2093
2094	$sql_ary = array(
2095	'user_sig' => $signature,
2096	'user_options' => $user_row['user_options'],
2097	'user_sig_bbcode_uid' => $bbcode_uid,
2098	'user_sig_bbcode_bitfield' => $bbcode_bitfield,
2099	);
2100
2101	/**
2102	* Modify user signature before it is stored in the DB
2103	*
2104	* @event core.acp_users_modify_signature_sql_ary
2105	* @var array user_row Array with user data
2106	* @var array sql_ary Array with user signature data to be updated in the DB
2107	* @since 3.2.4-RC1
2108	*/
2109	$vars = array('user_row', 'sql_ary');
2110	extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_signature_sql_ary', compact($vars)));
2111
2112	$sql = 'UPDATE ' . USERS_TABLE . '
2113	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2114	WHERE user_id = ' . $user_id;
2115	$db->sql_query($sql);
2116
2117	trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2118	}
2119	}
2120
2121	// Replace "error" strings with their real, localised form
2122	$error = array_map(array($user, 'lang'), $error);
2123
2124	if ($request->is_set_post('preview'))
2125	{
2126	$decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
2127	}
2128
2129	/** @var \phpbb\controller\helper $controller_helper */
2130	$controller_helper = $phpbb_container->get('controller.helper');
2131
2132	$template->assign_vars(array(
2133	'S_SIGNATURE' => true,
2134
2135	'SIGNATURE' => $decoded_message['text'],
2136	'SIGNATURE_PREVIEW' => $signature_preview,
2137
2138	'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
2139	'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
2140	'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
2141
2142	'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
2143	'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
2144	'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
2145	'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
2146	'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
2147
2148	'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
2149
2150	'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
2151	'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
2152	'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
2153	'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
2154	'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
2155	);
2156
2157	// Assigning custom bbcodes
2158	display_custom_bbcodes();
2159
2160	break;
2161
2162	case 'attach':
2163	/* @var $pagination \phpbb\pagination */
2164	$pagination = $phpbb_container->get('pagination');
2165
2166	$start = $request->variable('start', 0);
2167	$deletemark = (isset($_POST['delmarked'])) ? true : false;
2168	$marked = $request->variable('mark', array(0));
2169
2170	// Sort keys
2171	$sort_key = $request->variable('sk', 'a');
2172	$sort_dir = $request->variable('sd', 'd');
2173
2174	if ($deletemark && count($marked))
2175	{
2176	$sql = 'SELECT attach_id
2177	FROM ' . ATTACHMENTS_TABLE . '
2178	WHERE poster_id = ' . $user_id . '
2179	AND is_orphan = 0
2180	AND ' . $db->sql_in_set('attach_id', $marked);
2181	$result = $db->sql_query($sql);
2182
2183	$marked = array();
2184	while ($row = $db->sql_fetchrow($result))
2185	{
2186	$marked[] = $row['attach_id'];
2187	}
2188	$db->sql_freeresult($result);
2189	}
2190
2191	if ($deletemark && count($marked))
2192	{
2193	if (confirm_box(true))
2194	{
2195	$sql = 'SELECT real_filename
2196	FROM ' . ATTACHMENTS_TABLE . '
2197	WHERE ' . $db->sql_in_set('attach_id', $marked);
2198	$result = $db->sql_query($sql);
2199
2200	$log_attachments = array();
2201	while ($row = $db->sql_fetchrow($result))
2202	{
2203	$log_attachments[] = $row['real_filename'];
2204	}
2205	$db->sql_freeresult($result);
2206
2207	/** @var \phpbb\attachment\manager $attachment_manager */
2208	$attachment_manager = $phpbb_container->get('attachment.manager');
2209	$attachment_manager->delete('attach', $marked);
2210	unset($attachment_manager);
2211
2212	$message = (count($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
2213
2214	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments)));
2215	trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id));
2216	}
2217	else
2218	{
2219	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2220	'u' => $user_id,
2221	'i' => $id,
2222	'mode' => $mode,
2223	'action' => $action,
2224	'delmarked' => true,
2225	'mark' => $marked))
2226	);
2227	}
2228	}
2229
2230	$sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
2231	$sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
2232
2233	$sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
2234
2235	$s_sort_key = '';
2236	foreach ($sk_text as $key => $value)
2237	{
2238	$selected = ($sort_key == $key) ? ' selected="selected"' : '';
2239	$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2240	}
2241
2242	$s_sort_dir = '';
2243	foreach ($sd_text as $key => $value)
2244	{
2245	$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
2246	$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2247	}
2248
2249	if (!isset($sk_sql[$sort_key]))
2250	{
2251	$sort_key = 'a';
2252	}
2253
2254	$order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
2255
2256	$sql = 'SELECT COUNT(attach_id) as num_attachments
2257	FROM ' . ATTACHMENTS_TABLE . "
2258	WHERE poster_id = $user_id
2259	AND is_orphan = 0";
2260	$result = $db->sql_query_limit($sql, 1);
2261	$num_attachments = (int) $db->sql_fetchfield('num_attachments');
2262	$db->sql_freeresult($result);
2263
2264	$sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
2265	FROM ' . ATTACHMENTS_TABLE . ' a
2266	LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id
2267	AND a.in_message = 0)
2268	LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id
2269	AND a.in_message = 1)
2270	WHERE a.poster_id = ' . $user_id . "
2271	AND a.is_orphan = 0
2272	ORDER BY $order_by";
2273	$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
2274
2275	while ($row = $db->sql_fetchrow($result))
2276	{
2277	if ($row['in_message'])
2278	{
2279	$view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}");
2280	}
2281	else
2282	{
2283	$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
2284	}
2285
2286	$template->assign_block_vars('attach', array(
2287	'REAL_FILENAME' => $row['real_filename'],
2288	'COMMENT' => nl2br($row['attach_comment']),
2289	'EXTENSION' => $row['extension'],
2290	'SIZE' => get_formatted_filesize($row['filesize']),
2291	'DOWNLOAD_COUNT' => $row['download_count'],
2292	'POST_TIME' => $user->format_date($row['filetime']),
2293	'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
2294
2295	'ATTACH_ID' => $row['attach_id'],
2296	'POST_ID' => $row['post_msg_id'],
2297	'TOPIC_ID' => $row['topic_id'],
2298
2299	'S_IN_MESSAGE' => $row['in_message'],
2300
2301	'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']),
2302	'U_VIEW_TOPIC' => $view_topic)
2303	);
2304	}
2305	$db->sql_freeresult($result);
2306
2307	$base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir";
2308	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
2309
2310	$template->assign_vars(array(
2311	'S_ATTACHMENTS' => true,
2312	'S_SORT_KEY' => $s_sort_key,
2313	'S_SORT_DIR' => $s_sort_dir,
2314	));
2315
2316	break;
2317
2318	case 'groups':
2319
2320	if (!function_exists('group_user_attributes'))
2321	{
2322	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2323	}
2324
2325	$user->add_lang(array('groups', 'acp/groups'));
2326	$group_id = $request->variable('g', 0);
2327
2328	if ($group_id)
2329	{
2330	// Check the founder only entry for this group to make sure everything is well
2331	$sql = 'SELECT group_founder_manage
2332	FROM ' . GROUPS_TABLE . '
2333	WHERE group_id = ' . $group_id;
2334	$result = $db->sql_query($sql);
2335	$founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
2336	$db->sql_freeresult($result);
2337
2338	if ($user->data['user_type'] != USER_FOUNDER && $founder_manage)
2339	{
2340	trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2341	}
2342	}
2343
2344	switch ($action)
2345	{
2346	case 'demote':
2347	case 'promote':
2348	case 'default':
2349	if (!$group_id)
2350	{
2351	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2352	}
2353
2354	if (!check_link_hash($request->variable('hash', ''), 'acp_users'))
2355	{
2356	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
2357	}
2358
2359	group_user_attributes($action, $group_id, $user_id);
2360
2361	if ($action == 'default')
2362	{
2363	$user_row['group_id'] = $group_id;
2364	}
2365	break;
2366
2367	case 'delete':
2368
2369	if (confirm_box(true))
2370	{
2371	if (!$group_id)
2372	{
2373	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2374	}
2375
2376	if ($error = group_user_del($group_id, $user_id))
2377	{
2378	trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2379	}
2380
2381	$error = array();
2382
2383	// The delete action was successful - therefore update the user row...
2384	$sql = 'SELECT u., s.
2385	FROM ' . USERS_TABLE . ' u
2386	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
2387	WHERE u.user_id = ' . $user_id . '
2388	ORDER BY s.session_time DESC';
2389	$result = $db->sql_query_limit($sql, 1);
2390	$user_row = $db->sql_fetchrow($result);
2391	$db->sql_freeresult($result);
2392	}
2393	else
2394	{
2395	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2396	'u' => $user_id,
2397	'i' => $id,
2398	'mode' => $mode,
2399	'action' => $action,
2400	'g' => $group_id))
2401	);
2402	}
2403
2404	break;
2405
2406	case 'approve':
2407
2408	if (confirm_box(true))
2409	{
2410	if (!$group_id)
2411	{
2412	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2413	}
2414	group_user_attributes($action, $group_id, $user_id);
2415	}
2416	else
2417	{
2418	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2419	'u' => $user_id,
2420	'i' => $id,
2421	'mode' => $mode,
2422	'action' => $action,
2423	'g' => $group_id))
2424	);
2425	}
2426
2427	break;
2428	}
2429
2430	// Add user to group?
2431	if ($submit)
2432	{
2433
2434	if (!check_form_key($form_name))
2435	{
2436	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2437	}
2438
2439	if (!$group_id)
2440	{
2441	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2442	}
2443
2444	// Add user/s to group
2445	if ($error = group_user_add($group_id, $user_id))
2446	{
2447	trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2448	}
2449
2450	$error = array();
2451	}
2452
2453	/** @var \phpbb\group\helper $group_helper */
2454	$group_helper = $phpbb_container->get('group_helper');
2455
2456	$sql = 'SELECT ug., g.
2457	FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug
2458	WHERE ug.user_id = $user_id
2459	AND g.group_id = ug.group_id
2460	ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name";
2461	$result = $db->sql_query($sql);
2462
2463	$i = 0;
2464	$group_data = $id_ary = array();
2465	while ($row = $db->sql_fetchrow($result))
2466	{
2467	$type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal');
2468
2469	$group_data[$type][$i]['group_id'] = $row['group_id'];
2470	$group_data[$type][$i]['group_name'] = $row['group_name'];
2471	$group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0;
2472
2473	$id_ary[] = $row['group_id'];
2474
2475	$i++;
2476	}
2477	$db->sql_freeresult($result);
2478
2479	// Select box for other groups
2480	$sql = 'SELECT group_id, group_name, group_type, group_founder_manage
2481	FROM ' . GROUPS_TABLE . '
2482	' . ((count($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
2483	ORDER BY group_type DESC, group_name ASC';
2484	$result = $db->sql_query($sql);
2485
2486	$s_group_options = '';
2487	while ($row = $db->sql_fetchrow($result))
2488	{
2489	if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA')
2490	{
2491	continue;
2492	}
2493
2494	// Do not display those groups not allowed to be managed
2495	if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage'])
2496	{
2497	continue;
2498	}
2499
2500	$s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>';
2501	}
2502	$db->sql_freeresult($result);
2503
2504	$current_type = '';
2505	foreach ($group_data as $group_type => $data_ary)
2506	{
2507	if ($current_type != $group_type)
2508	{
2509	$template->assign_block_vars('group', array(
2510	'S_NEW_GROUP_TYPE' => true,
2511	'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)])
2512	);
2513	}
2514
2515	foreach ($data_ary as $data)
2516	{
2517	$template->assign_block_vars('group', array(
2518	'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
2519	'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2520	'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2521	'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'],
2522	'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
2523
2524	'GROUP_NAME' => $group_helper->get_name($data['group_name']),
2525	'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],
2526
2527	'S_IS_MEMBER' => ($group_type != 'pending') ? true : false,
2528	'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false,
2529	'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false,
2530	)
2531	);
2532	}
2533	}
2534
2535	$template->assign_vars(array(
2536	'S_GROUPS' => true,
2537	'S_GROUP_OPTIONS' => $s_group_options)
2538	);
2539
2540	break;
2541
2542	case 'perm':
2543
2544	if (!class_exists('auth_admin'))
2545	{
2546	include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
2547	}
2548
2549	$auth_admin = new auth_admin();
2550
2551	$user->add_lang('acp/permissions');
2552	add_permission_language();
2553
2554	$forum_id = $request->variable('f', 0);
2555
2556	// Global Permissions
2557	if (!$forum_id)
2558	{
2559	// Select auth options
2560	$sql = 'SELECT auth_option, is_local, is_global
2561	FROM ' . ACL_OPTIONS_TABLE . '
2562	WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . '
2563	AND is_global = 1
2564	ORDER BY auth_option';
2565	$result = $db->sql_query($sql);
2566
2567	$hold_ary = array();
2568
2569	while ($row = $db->sql_fetchrow($result))
2570	{
2571	$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
2572	$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
2573	}
2574	$db->sql_freeresult($result);
2575
2576	unset($hold_ary);
2577	}
2578	else
2579	{
2580	$sql = 'SELECT auth_option, is_local, is_global
2581	FROM ' . ACL_OPTIONS_TABLE . "
2582	WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . "
2583	AND is_local = 1
2584	ORDER BY is_global DESC, auth_option";
2585	$result = $db->sql_query($sql);
2586
2587	while ($row = $db->sql_fetchrow($result))
2588	{
2589	$hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER);
2590	$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
2591	}
2592	$db->sql_freeresult($result);
2593	}
2594
2595	$s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>';
2596	$s_forum_options .= make_forum_select($forum_id, false, true, false, false, false);
2597
2598	$template->assign_vars(array(
2599	'S_PERMISSIONS' => true,
2600
2601	'S_GLOBAL' => (!$forum_id) ? true : false,
2602	'S_FORUM_OPTIONS' => $s_forum_options,
2603
2604	'U_ACTION' => $this->u_action . '&u=' . $user_id,
2605	'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id),
2606	'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id))
2607	);
2608
2609	break;
2610
2611	default:
2612	$u_action = $this->u_action;
2613
2614	/**
2615	* Additional modes provided by extensions
2616	*
2617	* @event core.acp_users_mode_add
2618	* @var string mode New mode
2619	* @var int user_id User id of the user to manage
2620	* @var array user_row Array with user data
2621	* @var array error Array with errors data
2622	* @var string u_action The u_action link
2623	* @since 3.2.2-RC1
2624	* @changed 3.2.10-RC1 Added u_action
2625	*/
2626	$vars = array('mode', 'user_id', 'user_row', 'error', 'u_action');
2627	extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars)));
2628
2629	unset($u_action);
2630	break;
2631	}
2632
2633	// Assign general variables
2634	$template->assign_vars(array(
2635	'S_ERROR' => (count($error)) ? true : false,
2636	'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '')
2637	);
2638	}
2639
2640	/**
2641	* Set option bit field for user options in a user row array.
2642	*
2643	* Optionset replacement for this module based on $user->optionset.
2644	*
2645	* @param array $user_row Row from the users table.
2646	* @param int $key Option key, as defined in $user->keyoptions property.
2647	* @param bool $value True to set the option, false to clear the option.
2648	* @param int $data Current bit field value, or false to use $user_row['user_options']
2649	* @return int\|bool If $data is false, the bit field is modified and
2650	* written back to $user_row['user_options'], and
2651	* return value is true if the bit field changed and
2652	* false otherwise. If $data is not false, the new
2653	* bitfield value is returned.
2654	*/
2655	function optionset(&$user_row, $key, $value, $data = false)
2656	{
2657	global $user;
2658
2659	$var = ($data !== false) ? $data : $user_row['user_options'];
2660
2661	$new_var = phpbb_optionset($user->keyoptions[$key], $value, $var);
2662
2663	if ($data === false)
2664	{
2665	if ($new_var != $var)
2666	{
2667	$user_row['user_options'] = $new_var;
2668	return true;
2669	}
2670	else
2671	{
2672	return false;
2673	}
2674	}
2675	else
2676	{
2677	return $new_var;
2678	}
2679	}
2680
2681	/**
2682	* Get option bit field from user options in a user row array.
2683	*
2684	* Optionget replacement for this module based on $user->optionget.
2685	*
2686	* @param array $user_row Row from the users table.
2687	* @param int $key option key, as defined in $user->keyoptions property.
2688	* @param int $data bit field value to use, or false to use $user_row['user_options']
2689	* @return bool true if the option is set in the bit field, false otherwise
2690	*/
2691	function optionget(&$user_row, $key, $data = false)
2692	{
2693	global $user;
2694
2695	$var = ($data !== false) ? $data : $user_row['user_options'];
2696	return phpbb_optionget($user->keyoptions[$key], $var);
2697	}
2698	}